mridulm closed pull request #45425: [SPARK-47318][CORE] Adds HKDF round to
AuthEngine key derivation to follow standard KEX practices
URL: https://github.com/apache/spark/pull/45425
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub
mridulm commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050393781
Merged to master.
Thanks for fixing this @sweisdb !
Thanks for reviewing @dongjoon-hyun :-)
--
This is an automated message from the Apache Git Service.
To respond to the message,
sweisdb commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050274536
@dongjoon-hyun:
v3.5.0 backport here: https://github.com/apache/spark/pull/46014
v3.4.0 backport here: https://github.com/apache/spark/pull/46015
--
This is an automated message fr
dongjoon-hyun commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050275736
Thank you so much!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comme
dongjoon-hyun commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050146218
BTW, @sweisdb , could you make two backporting PR to `branch-3.5` and
`branch-3.4`?
I'm the release manager for Apache Spark 3.4.3 and targeting RC1 next
Monday. I want to de
dongjoon-hyun commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050144383
Hi, @mridulm . Could you switch your request change?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
dongjoon-hyun commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050143917
Ya, it looks like that, @sweisdb .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to th
sweisdb commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2050107925
Looks like the CI build is passing:
https://github.com/sweisdb/spark/actions/runs/8623329437
--
This is an automated message from the Apache Git Service.
To respond to the message, plea
sweisdb commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2046170137
> Ya, please use `dev/lint-java` script and fix the following lines,
@sweisdb .
>
> ```
> $ dev/lint-java
> Using `mvn` from path: /opt/homebrew/bin/mvn
> Using SPARK_LOCAL
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1556106453
##
docs/security.md:
##
@@ -149,30 +149,44 @@ secret file agrees with the executors' secret file.
# Network Encryption
-Spark supports two mutually exclusive forms
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1556042923
##
docs/security.md:
##
@@ -149,30 +149,44 @@ secret file agrees with the executors' secret file.
# Network Encryption
-Spark supports two mutually exclusive forms
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1556042923
##
docs/security.md:
##
@@ -149,30 +149,44 @@ secret file agrees with the executors' secret file.
# Network Encryption
-Spark supports two mutually exclusive forms
mridulm commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2040972278
Btw, we would not be able to directly merge this PR into older versions -
given the reference to SSL in the docs.
So unfortunately, we will need a follow up PR for 3.5.
--
This is an
mridulm commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2040971830
Can you please fix the linter related build errors @sweisdb ? Thx
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
mridulm commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1554526813
##
docs/security.md:
##
@@ -149,30 +149,44 @@ secret file agrees with the executors' secret file.
# Network Encryption
-Spark supports two mutually exclusive forms
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552339596
##
docs/security.md:
##
@@ -188,6 +202,11 @@ The following table describes the different options
available for configuring th
2.2.0
+
+ spark.network.crypto.
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552336712
##
common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java:
##
@@ -213,6 +213,11 @@ public boolean encryptionEnabled() {
return conf.g
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552337398
##
common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java:
##
@@ -48,15 +50,19 @@ public class AuthEngineSuite {
"fb000561
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552137285
##
docs/security.md:
##
@@ -188,6 +202,11 @@ The following table describes the different options
available for configuring th
2.2.0
+
+ spark.network.c
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552134883
##
docs/security.md:
##
@@ -149,30 +149,44 @@ secret file agrees with the executors' secret file.
# Network Encryption
-Spark supports two mutually exclusive
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552133989
##
common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java:
##
@@ -48,15 +50,19 @@ public class AuthEngineSuite {
"fb
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552132141
##
common/network-common/src/main/java/org/apache/spark/network/crypto/README.md:
##
@@ -99,3 +103,13 @@ sessions. It would, however, allow impersonation of futur
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552131042
##
common/network-common/src/main/java/org/apache/spark/network/crypto/README.md:
##
@@ -99,3 +103,13 @@ sessions. It would, however, allow impersonation of futur
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552128114
##
common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java:
##
@@ -213,6 +213,11 @@ public boolean encryptionEnabled() {
return
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552128652
##
common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java:
##
@@ -213,6 +213,11 @@ public boolean encryptionEnabled() {
return
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552042143
##
docs/security.md:
##
@@ -149,24 +149,32 @@ secret file agrees with the executors' secret file.
# Network Encryption
-Spark supports two mutually exclusive forms
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1552041848
##
common/network-common/src/main/java/org/apache/spark/network/crypto/AuthEngine.java:
##
@@ -224,7 +236,7 @@ private TransportCipher generateTransportCipher(
pri
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1548842531
##
common/network-common/src/main/java/org/apache/spark/network/crypto/AuthEngine.java:
##
@@ -224,7 +236,7 @@ private TransportCipher generateTransportCipher(
dongjoon-hyun commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1548843062
##
common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java:
##
@@ -213,6 +213,11 @@ public boolean encryptionEnabled() {
return
mridulm commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1548815203
##
common/network-common/src/main/java/org/apache/spark/network/crypto/README.md:
##
@@ -99,3 +103,13 @@ sessions. It would, however, allow impersonation of future
ses
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1546923268
##
common/network-common/src/main/java/org/apache/spark/network/crypto/AuthEngine.java:
##
@@ -213,7 +220,7 @@ private TransportCipher generateTransportCipher(
sweisdb commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2030688115
I had a bad push that pulled in a lot of other unrelated commits. Will fix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHu
sweisdb commented on code in PR #45425:
URL: https://github.com/apache/spark/pull/45425#discussion_r1546872088
##
common/network-common/src/main/java/org/apache/spark/network/crypto/README.md:
##
@@ -1,6 +1,20 @@
-Forward Secure Auth Protocol
+Forward Secure Auth Protocol v1.1
dongjoon-hyun commented on PR #45425:
URL: https://github.com/apache/spark/pull/45425#issuecomment-2000725355
Got it, @mridulm .
> For context to reviewers, the plan is to backport this to 3.x as well
given security implications - that is, we will will be making an incompatible
wire prot
34 matches
Mail list logo
