hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6605) Client server negotiation of cipher suite
Date Wed, 02 Jul 2014 12:23:25 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6605?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049862#comment-14049862

Yi Liu commented on HDFS-6605:

Thanks Andrew, nice work.

It’s great to change {{CipherType}} to {{CipherSuite}}, then it’s consistent.  :)
I have gone through the patch, very good, I just have following comments:

Could we change the name CipherSuite#algoBytes to CipherSuite#blockSize or CipherSuite#algBlockSize,
also {{getAlgorithmBlockBytes}} could be {{getAlgorithmBlockSize}}. Since we usually use this
terminology, please refer to:
I think It's enough that we add whether it’s counted in bits or bytes in java doc .

In {{FSNamesystem#startFileInternal}}, the snippet code:

if (zone != null) {
      CipherSuite chosen = null;
      for (CipherSuite c : cipherSuites) {
We’d better to finish the logic, we don't have next step after getting "chosen", I see there
is no place calling {{FSDirectory#setFileEncryptionInfo}}. I think they should work together,
right? Otherwise, {{getFileEncryptionInfo}} will always return null.

In {{hdfs.proto}}
+ * Cipher suite.
+ */
+enum CipherSuite {
+    UNKNOWN = 1;

We forgot the algorithm block size?

In {{TestEncryptionZonesAPI.java}}, I think we need test to cover setting/getting File Encryption
Info successfully. 

> Client server negotiation of cipher suite
> -----------------------------------------
>                 Key: HDFS-6605
>                 URL: https://issues.apache.org/jira/browse/HDFS-6605
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Andrew Wang
>            Assignee: Andrew Wang
>         Attachments: hdfs-6605.001.patch
> For compatibility purposes, the client and server should negotiate what cipher suite
to use based on their respective capabilities. This is also a way for the server to reject
old clients that do not support encryption.

This message was sent by Atlassian JIRA

View raw message