spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Junjie Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SPARK-13331) AES support for over-the-wire encryption
Date Wed, 26 Oct 2016 08:33:58 GMT

    [ https://issues.apache.org/jira/browse/SPARK-13331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15607851#comment-15607851
] 

Junjie Chen commented on SPARK-13331:
-------------------------------------

Hi [~vanzin]

The patch was updated according to your comments. 

> AES support for over-the-wire encryption
> ----------------------------------------
>
>                 Key: SPARK-13331
>                 URL: https://issues.apache.org/jira/browse/SPARK-13331
>             Project: Spark
>          Issue Type: Improvement
>          Components: Deploy
>            Reporter: Dong Chen
>            Priority: Minor
>
> In network/common, SASL with DIGEST­-MD5 authentication is used for negotiating a secure
communication channel. When SASL operation mode is "auth­-conf", the data transferred on
the network is encrypted. DIGEST-MD5 mechanism supports following encryption: 3DES, DES, and
RC4. The negotiation procedure will select one of them to encrypt / decrypt the data on the
channel.
> However, 3des and rc4 are slow relatively. We could add code in the negotiation to make
it support AES for more secure and performance.
> The proposed solution is:
> When "auth-conf" is enabled, at the end of original negotiation, the authentication succeeds
and a secure channel is built. We could add one more negotiation step: Client and server negotiate
whether they both support AES. If yes, the Key and IV used by AES will be generated by server
and sent to client through the already secure channel. Then update the encryption / decryption
handler to AES at both client and server side. Following data transfer will use AES instead
of original encryption algorithm.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message