Thanks Andre for your reply. I am aware of the constraints of Akka remoting, and in fact I feel that the link you referenced actually supports an argument for two-way authentication. Communication between remoting nodes must be symmetric, which implies that authentication should be performed in both directions and there should be no specific client/server roles (as would be implied by a one-way authentication).
Consider what happens when only one-way authentication is used, and trust is only established in one direction -- say, because of improperly configured keystore/truststore on one of the nodes. In this case, connection can only be established when initiated in one direction, but not in the opposite direction, which violates the symmetric communication requirement. As a result, the peers will experience intermittent communication problems which may be hard to diagnose. On the other hand if two-way authentication were required, the setup would "fail-fast" -- no communication would be established until the trust configuration is corrected. Regards, Jim On Monday, June 1, 2015 at 2:04:12 AM UTC-10, Akka Team wrote: > > Hi Jim, > > Akka Remoting has no support for this feature (see ticket > https://github.com/akka/akka/issues/13874). While we might implement this > in the future, you should consider that Akka remoting is designed to work > intra-datacenter and not inter-datacenter. If inter-datacenter > communciation is needed then it is recommended to use normal client-server > technologies like akka io (for TCP) or spray (for HTTP), not just because > of security, but because of the underlying assumptions in remoting (see > http://doc.akka.io/docs/akka/2.3.11/general/remoting.html#Peer-to-Peer_vs__Client-Server > ) > > -Endre > > On Wed, May 27, 2015 at 12:04 AM, Jim Newsham <[email protected] > <javascript:>> wrote: > >> >> For security reasons, we would like to enable two-way ssl authentication >> for our akka remoting communication. Is this possible? >> >> Thanks, >> Jim >> >> -- >> >>>>>>>>>> Read the docs: http://akka.io/docs/ >> >>>>>>>>>> Check the FAQ: >> http://doc.akka.io/docs/akka/current/additional/faq.html >> >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user >> --- >> You received this message because you are subscribed to the Google Groups >> "Akka User List" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at http://groups.google.com/group/akka-user. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Akka Team > Typesafe - Reactive apps on the JVM > Blog: letitcrash.com > Twitter: @akkateam > -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
