sweisdb commented on PR #45394: URL: https://github.com/apache/spark/pull/45394#issuecomment-1980063354
@mridulm At its core, using AES-CTR mode without authentication is insecure because someone can change RPC contents by simply XORing the ciphertext. This can be demonstrated by modifying traffic between a master and worker node. It would need to use an authenticated mode of encryption to address the problem, e.g. AES-GCM mode. I would much rather ditch all the TransportCipher and AuthEngine code and just use TLS. I don't know if that is feasible, so we may need a -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org