[jira] [Updated] (KUDU-611) Cryptographically sign the operation timestamps returned on server responses.

David Alves (JIRA) Tue, 04 Oct 2016 14:59:19 -0700

     [ 
https://issues.apache.org/jira/browse/KUDU-611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Alves updated KUDU-611:
-----------------------------
    Issue Type: Sub-task  (was: Improvement)
        Parent: KUDU-430

> Cryptographically sign the operation timestamps returned on server responses.
> -----------------------------------------------------------------------------
>
>                 Key: KUDU-611
>                 URL: https://issues.apache.org/jira/browse/KUDU-611
>             Project: Kudu
>          Issue Type: Sub-task
>          Components: security, tserver
>    Affects Versions: M4.5
>            Reporter: David Alves
>
> We return operation timestamps along with the responses for operations which 
> are serialized by the tablet server. In certain cases those timestamps are 
> forwarded to other servers and will possibly update their clocks.
> A malicious client could choose a bad timestamp and move all the server's 
> clocks to the future.
> Crypto signing the timestamp will allow t make sure that the timestamp 
> originated from another server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KUDU-611) Cryptographically sign the operation timestamps returned on server responses.

Reply via email to