This is an issue for existing deployments, while existing clients
require discovery V1, the registrar cannot migrate to Discovery V2.
A second node, that uses secure discovery to discover registrars and
instead of unmarshalling the proxy MarshalledInstance, converts it to a
MarshalledObject, then responds to Discovery V1 requests, sending out
the MarshalledObject.
This would allow older clients to continue participating, allowing a
transition period to adopt a secure djinn, while allowing all
Registrar's to be upgraded to Disc V2.
Because the second node answering Discovery V1 requests never
unmarshalls the registrar proxy, it is not subject to unmarshalling
attacks, only the clients are.
There is one minor catch, the clients would require their policy files
be edited to allow the registrar proxy to contact the original registrar
host, because this would be different to the actual host the proxy was
discovered from. This could be granted to the proxy CodeSource.
Is this a suitable workaround?
Regards,
Peter.
