On Tue, Oct 23, 2018 at 7:05 AM Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > All, > > Can I get a technical review for (a) appropriateness and (b) technical > implementation of the attached cluster interceptor? Let's assume for a > moment that encryption is something worth adding to clustering and not > argue that point. > Sure! But maybe you can narrow down the need/use case? ie, would just point-to-point TLS be sufficient? so that all bytes got encrypted? or do you want a WhatsApp type of security, where only sender and receiver can share the a specific data package? > > It should be straightforward. Knowing virtually nothing about the way > that Tribes works, implementing this as an interceptor seemed like the > least invasive (and easiest!) way to add encryption to clustering. > > The only question I have about what I've actually written is what to > do about the cipher IV? Both sides of the conversation need to know > the IV in order to communicate. Should I just add another member to > the class for the IV and require that users specify both the key AND > the IV? > That would be one way. I think the idea of having to share a key may be the only drawback in your implementation. Have you considered maybe using asymmetrical encryption? In that scenario, you would have MemberImpl.payload = certificate or public key Each member can broadcast their certificate, and a sender can use it to encrypt the data only the receiver can read. No sharing of keys. The encryption would still be done in an interceptor just like you have it. The Local member would hold the private key for decryption. Filip > > Thanks, > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvPKqsACgkQHPApP6U8 > pFgGSxAAy1vj8FY7uzcvstimHwUGKd6dJkFiKRxygY30Lp3bHor5O4GKoWP4eWwJ > l0rl0ojvhgLzHwPB/+Cdm1gpZD2cSSiqyz3V6eGlt8oq8mm3M4lCMqZqXckNHYG5 > cSRHXPIO0XaoCrUR2KA4NRS207OXTUYZe7ihPb0Bblev5SE/S/vIArRs+1Gybdi+ > zYXY4XwBUHRHu2PzWy6c0HFPP3hDJ85I3Mn4O/uqZgh01eRRpsfvbmros45znTfc > frKqBeT3O/+dwNOX9HhshnIW92U8dyYto70CsKdtPrsVXpY9kQH3zOc3vC+UN2qf > jJZYie32mHjg22JDrYOqFpfAhTQi9r4xUMzprMVjTk93p34SxvmZNbLBVi/Li6OA > PdthMBpHiAQp+bLVGSU4UbHdEG9t/Ixp8RodWJzxGWtduy3/GGCsifQke5H6yBf5 > Kb3Rux4u/3mKwn0PZL8HljUgEZCge3g1+KOX1qL9Uw5TCKm4YIF744C1P7piSllR > GW3UxamATH4qmZ/ccAUJVBgdQQYPjVKAc0tAvCVBZSxf6+OB8D5HfA/A8f8N7Fzj > wBVPbcW5d4OjFpjEshOtehb74q1WAGhg1+rUkPbd1Nkd/WTQN8YXXayN0+TE28gm > LPSv8RSsAEWFLzh/TiY8BNzdehEaHID6R6h5q7io9JNMbtljhgQ= > =nSgU > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org
