[
https://issues.apache.org/jira/browse/HDFS-6605?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049862#comment-14049862
]
Yi Liu commented on HDFS-6605:
------------------------------
Thanks Andrew, nice work.
It’s great to change {{CipherType}} to {{CipherSuite}}, then it’s consistent.
:)
I have gone through the patch, very good, I just have following comments:
*1.*
Could we change the name CipherSuite#algoBytes to CipherSuite#blockSize or
CipherSuite#algBlockSize, also {{getAlgorithmBlockBytes}} could be
{{getAlgorithmBlockSize}}. Since we usually use this terminology, please refer
to:
http://en.wikipedia.org/wiki/Block_size_%28cryptography%29
I think It's enough that we add whether it’s counted in bits or bytes in java
doc .
*2.*
In {{FSNamesystem#startFileInternal}}, the snippet code:
{code}
if (zone != null) {
CipherSuite chosen = null;
for (CipherSuite c : cipherSuites) {
…
…
{code}
We’d better to finish the logic, we don't have next step after getting
"chosen", I see there is no place calling
{{FSDirectory#setFileEncryptionInfo}}. I think they should work together,
right? Otherwise, {{getFileEncryptionInfo}} will always return null.
*3.*
In {{hdfs.proto}}
{code}
/**
+ * Cipher suite.
+ */
+enum CipherSuite {
+ UNKNOWN = 1;
+ AES_CTR_NOPADDING = 2;
+}
{code}
We forgot the algorithm block size?
*4.*
In {{TestEncryptionZonesAPI.java}}, I think we need test to cover
setting/getting File Encryption Info successfully.
> Client server negotiation of cipher suite
> -----------------------------------------
>
> Key: HDFS-6605
> URL: https://issues.apache.org/jira/browse/HDFS-6605
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Andrew Wang
> Assignee: Andrew Wang
> Attachments: hdfs-6605.001.patch
>
>
> For compatibility purposes, the client and server should negotiate what
> cipher suite to use based on their respective capabilities. This is also a
> way for the server to reject old clients that do not support encryption.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
