On 23/10/2018 18:19, Filip Hanik wrote:
On Tue, Oct 23, 2018 at 7:05 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

Can I get a technical review for (a) appropriateness and (b) technical
implementation of the attached cluster interceptor? Let's assume for a
moment that encryption is something worth adding to clustering and not
argue that point.


Sure! But maybe you can narrow down the need/use case?
ie, would just point-to-point TLS be sufficient? so that all bytes got
encrypted?
or do you want a WhatsApp type of security, where only sender and receiver
can share the a specific data package?


It should be straightforward. Knowing virtually nothing about the way
that Tribes works, implementing this as an interceptor seemed like the
least invasive (and easiest!) way to add encryption to clustering.

The only question I have about what I've actually written is what to
do about the cipher IV? Both sides of the conversation need to know
the IV in order to communicate. Should I just add another member to
the class for the IV and require that users specify both the key AND
the IV?


That would be one way. I think the idea of having to share a key may be the
only drawback in your implementation.
Have you considered maybe using asymmetrical encryption?

In that scenario, you would have
MemberImpl.payload = certificate or public key
Each member can broadcast their certificate, and a sender can use it to
encrypt the data only the receiver can read.
No sharing of keys.

The encryption would still be done in an interceptor just like you have it.
The Local member would hold the private key for decryption.

That brings you back to the full TLS style solution with trust-stores and associated certificate authority management. If you skip that, you open yourself up to MITM attacks.

I think a shared symmetric key is a reasonable solution to this use case. Requiring the user to specify the key and the iv seems reasonable to me.

Mark



Filip




Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvPKqsACgkQHPApP6U8
pFgGSxAAy1vj8FY7uzcvstimHwUGKd6dJkFiKRxygY30Lp3bHor5O4GKoWP4eWwJ
l0rl0ojvhgLzHwPB/+Cdm1gpZD2cSSiqyz3V6eGlt8oq8mm3M4lCMqZqXckNHYG5
cSRHXPIO0XaoCrUR2KA4NRS207OXTUYZe7ihPb0Bblev5SE/S/vIArRs+1Gybdi+
zYXY4XwBUHRHu2PzWy6c0HFPP3hDJ85I3Mn4O/uqZgh01eRRpsfvbmros45znTfc
frKqBeT3O/+dwNOX9HhshnIW92U8dyYto70CsKdtPrsVXpY9kQH3zOc3vC+UN2qf
jJZYie32mHjg22JDrYOqFpfAhTQi9r4xUMzprMVjTk93p34SxvmZNbLBVi/Li6OA
PdthMBpHiAQp+bLVGSU4UbHdEG9t/Ixp8RodWJzxGWtduy3/GGCsifQke5H6yBf5
Kb3Rux4u/3mKwn0PZL8HljUgEZCge3g1+KOX1qL9Uw5TCKm4YIF744C1P7piSllR
GW3UxamATH4qmZ/ccAUJVBgdQQYPjVKAc0tAvCVBZSxf6+OB8D5HfA/A8f8N7Fzj
wBVPbcW5d4OjFpjEshOtehb74q1WAGhg1+rUkPbd1Nkd/WTQN8YXXayN0+TE28gm
LPSv8RSsAEWFLzh/TiY8BNzdehEaHID6R6h5q7io9JNMbtljhgQ=
=nSgU
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to