Dan Burkert created KUDU-1886:
---------------------------------
Summary: TLS certificate hostname verification
Key: KUDU-1886
URL: https://issues.apache.org/jira/browse/KUDU-1886
Project: Kudu
Issue Type: Improvement
Components: rpc, security
Affects Versions: 1.2.0
Reporter: Dan Burkert
Priority: Critical
We currently aren't correctly handling hostname verification on
master-generated (ipki) certificates. This has big consequences in terms of
the security of the system, and what active attackers with access to a cert can
achieve. Couple of points that came out of discussions:
- We currently don't plumb the remote hostname into the client negotiation,
which will probably become necessary to avoid a reverse-DNS lookup when
verifying the server's cert.
- The master should be validating that the hostname in a tserver's CSR matches
the Kerberos principal of the connection's authentication.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
