While we're waiting for people to review River 3.0's Release artifacts... 

I've posted some of my more contraversial work on River security and ipv6 
global discovery (internet announcement protocol) on github.  The river 
community is free to cherry pick the code if it wants.  I would have much 
preferred to have developed it collaboratively, there's room for improvement.

Features:

Updated support for tlsv1.2, removal of insecure cyphers, downgrading of all 
strong encryption cyphers and key exchanges circa 2005 to weak.  New strong 
cyphers that are strong now  Removal of non ephemeral DH key exchanges that are 
vulnerable to mim attacks.

Input validation for deserialization, DeserializationPermission.

New default method for ServiceRegistrar to help clients establish service trust 
prior to proxy codebase downloading.

Ability to make dynamic CodeSource and Certificate grants, after proxy 
authentication.  You currently can’t make ClassLoader based grants to a proxy 
before its downloaded, to grant it DownloadPermission and 
DeSerializationPermission.

You can anonymously sign your jar files, provided you have a trusted X509 
public cert for your service.  This allows you to use the free Letsencrypt.org 
service, without requiring expensive codesigner certs.

Reduced network loads on Reggie and clients.

Delayed proxy unmarshalling, much faster. (thanks Gregg, don't understand why 
it wasn't adopted).

Delayed attribute unmarshalling, or don't download them at all if you don't 
need them.

Bootstrap proxy's all have the same limited local interfaces, limiting dynamic 
proxy class generation during lookup.

Ipv6 global and site local discovery.

My goal this year is to make available a public Jini / River like lookup 
service over ipv6.

I think this should be a useful experiment.  The network protocols weren't 
ready for Jini in 1999.  With ipv6, Jini / River (should it choose to) will no 
longer be restricted to private networks.  Clients from one private subnet will 
be able to access services from another private subnet directly p2p.

A social network where users control their own data? Video links, messaging, 
file sharing?  Dynamic discovery?

You know, thinking about it, a lossless image (bytes) could be used to discover 
your friends. That is, use an image attribute, text this image to your friends, 
then they can discover you using your image attribute.

Just a thought.

Cheers,

Peter.

Sent from my Samsung device.
 

Reply via email to