[
https://issues.apache.org/jira/browse/SPARK-13331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15600705#comment-15600705
]
Junjie Chen commented on SPARK-13331:
-------------------------------------
Hi [~vanzin]
I have updated the latest patch, Could you please help to review it?
Due to an issue (CRYPTO-125) in Common Crypto, the patch has to use two helper
channels. Once it be fixed and released, I will remove these channels.
> AES support for over-the-wire encryption
> ----------------------------------------
>
> Key: SPARK-13331
> URL: https://issues.apache.org/jira/browse/SPARK-13331
> Project: Spark
> Issue Type: Improvement
> Components: Deploy
> Reporter: Dong Chen
> Priority: Minor
>
> In network/common, SASL with DIGESTÂ-MD5 authentication is used for
> negotiating a secure communication channel. When SASL operation mode is
> "authÂ-conf", the data transferred on the network is encrypted. DIGEST-MD5
> mechanism supports following encryption: 3DES, DES, and RC4. The negotiation
> procedure will select one of them to encrypt / decrypt the data on the
> channel.
> However, 3des and rc4 are slow relatively. We could add code in the
> negotiation to make it support AES for more secure and performance.
> The proposed solution is:
> When "auth-conf" is enabled, at the end of original negotiation, the
> authentication succeeds and a secure channel is built. We could add one more
> negotiation step: Client and server negotiate whether they both support AES.
> If yes, the Key and IV used by AES will be generated by server and sent to
> client through the already secure channel. Then update the encryption /
> decryption handler to AES at both client and server side. Following data
> transfer will use AES instead of original encryption algorithm.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
