Hi Jim,
On Mon, Jun 1, 2015 at 10:20 PM, Jim Newsham <[email protected]> wrote: > > Thanks Andre for your reply. I am aware of the constraints of Akka > remoting, and in fact I feel that the link you referenced actually supports > an argument for two-way authentication. Communication between remoting > nodes must be symmetric, which implies that authentication should be > performed in both directions and there should be no specific client/server > roles (as would be implied by a one-way authentication). > > Consider what happens when only one-way authentication is used, and trust > is only established in one direction -- say, because of improperly > configured keystore/truststore on one of the nodes. In this case, > connection can only be established when initiated in one direction, but not > in the opposite direction, which violates the symmetric communication > requirement. As a result, the peers will experience intermittent > communication problems which may be hard to diagnose. On the other hand if > two-way authentication were required, the setup would "fail-fast" -- no > communication would be established until the trust configuration is > corrected. > These are good points, I will revive the ticket properly. I think it will only make into 2.4 though, but you should follow the ticket for updates. -Endre > > Regards, > Jim > > On Monday, June 1, 2015 at 2:04:12 AM UTC-10, Akka Team wrote: >> >> Hi Jim, >> >> Akka Remoting has no support for this feature (see ticket >> https://github.com/akka/akka/issues/13874). While we might implement >> this in the future, you should consider that Akka remoting is designed to >> work intra-datacenter and not inter-datacenter. If inter-datacenter >> communciation is needed then it is recommended to use normal client-server >> technologies like akka io (for TCP) or spray (for HTTP), not just because >> of security, but because of the underlying assumptions in remoting (see >> http://doc.akka.io/docs/akka/2.3.11/general/remoting.html#Peer-to-Peer_vs__Client-Server >> ) >> >> -Endre >> >> On Wed, May 27, 2015 at 12:04 AM, Jim Newsham <[email protected]> wrote: >> >>> >>> For security reasons, we would like to enable two-way ssl authentication >>> for our akka remoting communication. Is this possible? >>> >>> Thanks, >>> Jim >>> >>> -- >>> >>>>>>>>>> Read the docs: http://akka.io/docs/ >>> >>>>>>>>>> Check the FAQ: >>> http://doc.akka.io/docs/akka/current/additional/faq.html >>> >>>>>>>>>> Search the archives: >>> https://groups.google.com/group/akka-user >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Akka User List" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at http://groups.google.com/group/akka-user. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Akka Team >> Typesafe - Reactive apps on the JVM >> Blog: letitcrash.com >> Twitter: @akkateam >> > -- > >>>>>>>>>> Read the docs: http://akka.io/docs/ > >>>>>>>>>> Check the FAQ: > http://doc.akka.io/docs/akka/current/additional/faq.html > >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user > --- > You received this message because you are subscribed to the Google Groups > "Akka User List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/akka-user. > For more options, visit https://groups.google.com/d/optout. > -- Akka Team Typesafe - Reactive apps on the JVM Blog: letitcrash.com Twitter: @akkateam -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
