-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'm looking at the security of Tomcat's Clustering components, and I think that the following are true. Please let me know if anything in here is inaccurate: 1. a. Default membership uses multicast b. Multicast (UDP) can't be authenticated c. Therefore multicast membership cannot be secured on its own d. ... unless you use the "domain" attribute as a kind of "password" to get into a segment of the cluster 2. a. Static membership enumerates all members of the cluster on all nod es b. Therefore, joining a malicious node to the cluster is unlikely 3. a. Adding EncryptInterceptor encrypts i. TcpFailureDetector traffic ii. All actual content traffic b. Therefore, adding EncryptInterceptor effectively secures the cluster, even if the membership cannot be completely locked-down Thanks, - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxgNzsACgkQHPApP6U8 pFhNbw/9HFbP+147Nz+j5ecOo0YDAmP6i+4LUrzKzsJfS8J1CsFe1RtqejJdGTAJ mCx2lYRFyaM33UWD/9LmQ5CojUbF/Qk+AwfxcfpBii+RxXO5I8oLDc1khjL1WlDH 39a0/x2YzYHHvzqLmVZ/RzGVzsZAA4q2AMqzkZH0v+Cf2ZiDa5SBNbxoQrKnLBvf voJEd4yf3wNNABiT01uNn7jI+B1LjxHv2gtir5so/1DuXS0IOLaO1OgKE4kEvc/k o49wyKp0779Hblux9TH96GWPLTqLkmYKNK2r1c/Ek2VDutPVORH3WUVyq8dnEZM8 Lq3WpjSrpbalRHZejGZIy3yLDssTVcLDbKgZb3yAzFmPiHsbJQkJns2tgwY8YkLB LAwt8JzSjb45YFOxrSS7kZliohVO7B+LiHJ/QaABNFuslQotLJNuj247XII4FvYl EktaOhjnM+sA9Hb+Ukh/w/6MehYNfEVufQCOi/BK4T0L+LC7rrMpKUv6GB28vqVy 9lBviMNQQfYk4LHa0AmRFLHMFM6pxKW8PS+LSNSGXjt1xq1Pw4NwI4UngsNmB466 hQ5ts3uop2zgFA75267MFzHfQYZVLdWfXGFIHi4dlFIrayWOq76aKRiMJ3qdwg6K oOZQBDP755qmzxyF8g1AKaZ4a03OmVQORpi4emGJr+3TgN5HPt0= =1QA0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org