While we're waiting for people to review River 3.0's Release artifacts...
I've posted some of my more contraversial work on River security and ipv6 global discovery (internet announcement protocol) on github. The river community is free to cherry pick the code if it wants. I would have much preferred to have developed it collaboratively, there's room for improvement. Features: Updated support for tlsv1.2, removal of insecure cyphers, downgrading of all strong encryption cyphers and key exchanges circa 2005 to weak. New strong cyphers that are strong now Removal of non ephemeral DH key exchanges that are vulnerable to mim attacks. Input validation for deserialization, DeserializationPermission. New default method for ServiceRegistrar to help clients establish service trust prior to proxy codebase downloading. Ability to make dynamic CodeSource and Certificate grants, after proxy authentication. You currently can’t make ClassLoader based grants to a proxy before its downloaded, to grant it DownloadPermission and DeSerializationPermission. You can anonymously sign your jar files, provided you have a trusted X509 public cert for your service. This allows you to use the free Letsencrypt.org service, without requiring expensive codesigner certs. Reduced network loads on Reggie and clients. Delayed proxy unmarshalling, much faster. (thanks Gregg, don't understand why it wasn't adopted). Delayed attribute unmarshalling, or don't download them at all if you don't need them. Bootstrap proxy's all have the same limited local interfaces, limiting dynamic proxy class generation during lookup. Ipv6 global and site local discovery. My goal this year is to make available a public Jini / River like lookup service over ipv6. I think this should be a useful experiment. The network protocols weren't ready for Jini in 1999. With ipv6, Jini / River (should it choose to) will no longer be restricted to private networks. Clients from one private subnet will be able to access services from another private subnet directly p2p. A social network where users control their own data? Video links, messaging, file sharing? Dynamic discovery? You know, thinking about it, a lossless image (bytes) could be used to discover your friends. That is, use an image attribute, text this image to your friends, then they can discover you using your image attribute. Just a thought. Cheers, Peter. Sent from my Samsung device.
