[jboss-jira] [JBoss JIRA] (JGRP-2273) ASYM_ENCRYPT: deprecate encrypt_entire_message
Bela Ban (Jira)
issues at jboss.org
Mon Aug 5 05:47:01 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13766852#comment-13766852 ]
Bela Ban edited comment on JGRP-2273 at 8/5/19 5:46 AM:
--------------------------------------------------------
How about we exclude GMS headers from (de-)serialization? Closing this issue for now, feel free to re-open if you have a better solution, or this solution is too kludgy for you!
was (Author: belaban):
How about we exclude GMS headers from (de-)serialization?
> ASYM_ENCRYPT: deprecate encrypt_entire_message
> ----------------------------------------------
>
> Key: JGRP-2273
> URL: https://issues.jboss.org/browse/JGRP-2273
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.1.3
>
>
> In {{ASYM_ENCRYPT}}, {{encrypt_entire_message}} encrypts not only the payload, but also metadata such as destination and sender's address, headers and flags.
> The rationale was to prevent replay attacks. However, this is not an issue, as replayed messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).
> If people still want this feature, they can write a protocol _above_ {{ASYM_ENCRYPT}}, which serializes the entire message into the payload of a new message, and this would be exactly the same as setting {{encrypt_entire_message}} to {{true}}.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list