[jboss-jira] [JBoss JIRA] (JGRP-2157) KEY_EXCHANGE protocol
Bela Ban (JIRA)
issues at jboss.org
Sun Sep 23 12:27:00 EDT 2018
[ https://issues.jboss.org/browse/JGRP-2157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban updated JGRP-2157:
---------------------------
Security Sensitive Issue: This issue is security relevant
Security: (was: Security Issue)
> KEY_EXCHANGE protocol
> ---------------------
>
> Key: JGRP-2157
> URL: https://issues.jboss.org/browse/JGRP-2157
> Project: JGroups
> Issue Type: Feature Request
> Reporter: Bela Ban
> Assignee: Bela Ban
> Fix For: 4.0.5
>
>
> {{ASYM_ENCRYPT}} needs to exchange the shared key used for encrypting and decrypting messages between members, when a new member joins, when a member leaves, or on a merge.
> This is currently done by code in {{ASYM_ENCRYPT}} itself. However, I want to move this functionality into a separate protocol {{KEY_EXCHANGE}}, which supports an event {{GET_SHARED_KEY}}, called by {{ASYM_ENCRYPT}}. This event could be implemented by different protocols.
> An implementation could use certificates and SSL sockets to establish a connection from the joiner to the key server (coordinator) in order to fetch the shared (symmetric) key. The joiner would not only have to check the certificate of the keyserver, but also the user CN.
> Another implementation would be the current code, moved into a separate protocol, plus certificate handling added, e.g. checking of the certificate chain, plus use CN verification.
> The goals are:
> # Refactoring of the key exchange code to support multiple implementations
> # Prevent man-in-the-middle-attacks. Because certificates are used, checking of the certificate chain prevents MitM attacks
> # Make AUTH optional. When certificate are used, obtaining the shared symmetric encryption key authenticates the client (joiner), so {{AUTH}} is not needed in this case.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list