[jboss-jira] [JBoss JIRA] (JGRP-2273) ASYM_ENCRYPT: deprecate encrypt_entire_message
Bela Ban (JIRA)
issues at jboss.org
Wed Jun 6 06:07:00 EDT 2018
[ https://issues.jboss.org/browse/JGRP-2273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13587253#comment-13587253 ]
Bela Ban edited comment on JGRP-2273 at 6/6/18 6:06 AM:
--------------------------------------------------------
A new protocol {{SERIALIZE}} has been created and can be used instead of {{encrypt_entire_message}} as follows:
{code:xml}
...
<SERIALIZE/>
<ASYM_ENCRYPT/>
...
{code}
An example is shown in {{EncryptTest.testCapturingOfMessageByNonMemberAndResending()}}
was (Author: belaban):
A new protocol {{SERIALIZE}} has been created and can be used instead of {{encrypt_entire_message}} as follows:
{code:xml}
...
<SERIALIZE/>
<ASYM_ENCRYPT/>
...
{code}
> ASYM_ENCRYPT: deprecate encrypt_entire_message
> ----------------------------------------------
>
> Key: JGRP-2273
> URL: https://issues.jboss.org/browse/JGRP-2273
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, {{encrypt_entire_message}} encrypts not only the payload, but also metadata such as destination and sender's address, headers and flags.
> The rationale was to prevent replay attacks. However, this is not an issue, as replayed messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).
> If people still want this feature, they can write a protocol _above_ {{ASYM_ENCRYPT}}, which serializes the entire message into the payload of a new message, and this would be exactly the same as setting {{encrypt_entire_message}} to {{true}}.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list