-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 2/11/19 03:49, Mark Thomas wrote: > On 10/02/2019 14:37, Christopher Schultz wrote: >> All, >> >> I'm looking at the security of Tomcat's Clustering components, >> and I think that the following are true. Please let me know if >> anything in here is inaccurate: >> >> 1. a. Default membership uses multicast b. Multicast (UDP) can't >> be authenticated c. Therefore multicast membership cannot be >> secured on its own d. ... unless you use the "domain" attribute >> as a kind of "password" to get into a segment of the cluster >> >> 2. a. Static membership enumerates all members of the cluster on >> all nod es b. Therefore, joining a malicious node to the cluster >> is unlikely >> >> 3. a. Adding EncryptInterceptor encrypts i. TcpFailureDetector >> traffic ii. All actual content traffic b. Therefore, adding >> EncryptInterceptor effectively secures the cluster, even if the >> membership cannot be completely locked-down > > Nothing jumps out at me as wrong. > > Also, I'd expect to see a bunch of errors at the valid nodes when > they failed to decrypt messages from the invalid nodes. That should > provide a clear indication that something unexpected was going on. Yep, that's detection, though... not prevention. Thanks for the review. A follow-up to 1d above... if I try to (maliciously) join a cluster which has been separated into domains whose identities I do not know, I just end up in a (potentially unnamed) domain all by myself, right? So I'm a "member" of the cluster, but I can't meaningfully interact with any of the other legitimate members? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxhpngACgkQHPApP6U8 pFgh/A/9HCmE9xBbfLKPq7gcjsPWJlvX3zd2RomvLT0Psr+XvVwja2sd4o20enNg 68+NB60AgKq2YVa4h5vQvn3/EPOaqWLSsR/j6EvHNwnko27STg8PGpNdpGCbnrE0 EcAOxVOI3BjP2m7o8dW/uALwXaFRFJK0Ijpk6IdkMORSxr6cScoEXodHzjs/x1M+ rM/laF0tQ19W58J6bGmHw92mYFZ2aho2qhQKH6J/N4WnR5lBlrb3rwuTZgpLomxO EO2BRwPmonGsYfRG74+4jMsV9dZnlWplRrgPbbCCgOYC0nhdTNRXkXBeUfhd9m3h BRPkG+DbpysVC+6nyTqOpMJy7iGaY/cRyEJK8T5cvnQIF5ByjbXMR92qVaLCRkzA al+nRZA2GG56kWBc5vWhRg0++P7CXPKZmMe2IvUGYyBsuVBDCMTydymiA3Q8mvcc 1pV3n+or7yXQjfN1Ak/DdBAnPcI2ykwA1LJazuPOfAk6cyZy1ebBHYwPGAHDBFKz hXiL/3rmjG8E3+hK3nbJ22xhTmnAh5/B2V+pkRf6gCk3TbcsPDgc5K++1yri56EQ 4t4bGwmv3hRgy6EYpfiVZfXwLl3J/eThYeXdzbmt0eY4bDVmHxcrBxUf3yanYiY2 zFh6q7CLyjgqYuaV1QLYzP17fAWdSY+xtATNANdvYquqxREQV5o= =x0Xw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org