sweisdb opened a new pull request, #45394:
URL: https://github.com/apache/spark/pull/45394
### What changes were proposed in this pull request?
The high level issue is that Apache Spark's RPC encryption is using
unauthenticated CTR. We want to switch to GCM.
The complication is Spa
mridulm commented on PR #45394:
URL: https://github.com/apache/spark/pull/45394#issuecomment-1979944365
It is not clear to me why we should be making this change, what the benefits
are and what the current limitations are.
Note that Spark 4.0 support TLS - so if this is still required in
sweisdb commented on PR #45394:
URL: https://github.com/apache/spark/pull/45394#issuecomment-1980063354
@mridulm At its core, using AES-CTR mode without authentication is insecure
because someone can change RPC contents by simply XORing the ciphertext. This
can be demonstrated by modifying
sweisdb commented on PR #45394:
URL: https://github.com/apache/spark/pull/45394#issuecomment-1986452977
Closing this for now as we decide how to proceed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
sweisdb closed pull request #45394: [Work in Progress] Experimenting to move
TransportCipher to GCM based on Google Tink
URL: https://github.com/apache/spark/pull/45394
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the