Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-2273

ASYM_ENCRYPT: deprecate encrypt_entire_message

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 4.1.3
    • None
    • None

      In ASYM_ENCRYPT, encrypt_entire_message encrypts not only the payload, but also metadata such as destination and sender's address, headers and flags.

      The rationale was to prevent replay attacks. However, this is not an issue, as replayed messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).

      If people still want this feature, they can write a protocol above ASYM_ENCRYPT, which serializes the entire message into the payload of a new message, and this would be exactly the same as setting encrypt_entire_message to true.

              rhn-engineering-bban Bela Ban
              rhn-engineering-bban Bela Ban
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: