[jboss-jira] [JBoss JIRA] (JGRP-2273) ASYM_ENCRYPT: deprecate encrypt_entire_message
Bela Ban (Jira)
issues at jboss.org
Fri Jun 28 02:23:00 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13753160#comment-13753160 ]
Bela Ban commented on JGRP-2273:
--------------------------------
You're right, of course! I changed the initial comment, thanks for catching this!
> ASYM_ENCRYPT: deprecate encrypt_entire_message
> ----------------------------------------------
>
> Key: JGRP-2273
> URL: https://issues.jboss.org/browse/JGRP-2273
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, {{encrypt_entire_message}} encrypts not only the payload, but also metadata such as destination and sender's address, headers and flags.
> The rationale was to prevent replay attacks. However, this is not an issue, as replayed messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).
> If people still want this feature, they can write a protocol _above_ {{ASYM_ENCRYPT}}, which serializes the entire message into the payload of a new message, and this would be exactly the same as setting {{encrypt_entire_message}} to {{true}}.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list