dongjoon-hyun commented on code in PR #45425: URL: https://github.com/apache/spark/pull/45425#discussion_r1552132141
########## common/network-common/src/main/java/org/apache/spark/network/crypto/README.md: ########## @@ -99,3 +103,13 @@ sessions. It would, however, allow impersonation of future sessions. In the event of a pre-shared key compromise, messages would still be confidential from a passive observer. Only active adversaries spoofing a session would be able to recover plaintext. +Security Changes & Compatibility +------------- + +The original version of this protocol, retroactively called v1.0, did not apply an HKDF to `sharedSecret` to derive +a key (i.e. `derivedKey`) and was directly using the encoded X coordinate as key material. This is atypical and +standard practice is to pass that shared coordinate through an HKDF. The current version, v2.0, adds this additional +HKDF to derive `derivedKey`. + +Consequently, older Spark versions using v1.0 of this protocol will not negotiate the same key as +Spark versions using v2.0 and will be **unable to send encrypted RPCs** across incompatible versions. Review Comment: Shall we add a sentence to describe Apache Spark sticks to `v1.0` by default due to the above reason? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
