[jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol

Thu, 16 Mar 2017 15:53:16 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15929080#comment-15929080
 ] 

Abraham Fine commented on ZOOKEEPER-236:
----------------------------------------

Hi [~geek101]-

bq. If multiple servers have certs with the same subjectAltName entry of type 
dNSName and that is indeed is how the CA signed them then it should be ok from 
TLS perspective
I agree that at least one of the alt_names needs to match the host from 
configuration (not all of them). 

bq. Take a case where if someone can subvert the CA get signed by it for the 
same domain and subvert DNS then they might as well try few sids starting from 
zero before ZK lets the server connect.
If the CA is subverted (certificates are being issued for servers for domains 
not under their control) and the name service is subverted, hostname 
verification of any kind can't work. Either the CA or the NS (dns or the zk 
config) needs to have integrity. But I think you raise an interesting issue 
where a client can just try multiple id's when connecting to another server 
until it matches the one on its (lets assume stolen) certificate. I did not 
consider that. Let me dig into this a little deeper and see if I can get a 
better idea of what is going on.

bq. We should probably have it off by default and let the admin turn it on.
The latest patch has this behavior.

bq. Also wanted to ask you if we could make the all sockets BufferedSocket by 
default rather then making that conditional on port unification configuration.
Why would we want to do this? I think there is a small performance hit 
involved. 

> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>            Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic 
> between ZooKeeper servers. For the most part this is a very easy change. We 
> would probably only want to support this for TCP based leader elections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to