zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abraham Fine (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol
Date Thu, 16 Mar 2017 22:52:42 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15929080#comment-15929080
] 

Abraham Fine commented on ZOOKEEPER-236:
----------------------------------------

Hi [~geek101]-

bq. If multiple servers have certs with the same subjectAltName entry of type dNSName and
that is indeed is how the CA signed them then it should be ok from TLS perspective
I agree that at least one of the alt_names needs to match the host from configuration (not
all of them). 

bq. Take a case where if someone can subvert the CA get signed by it for the same domain and
subvert DNS then they might as well try few sids starting from zero before ZK lets the server
connect.
If the CA is subverted (certificates are being issued for servers for domains not under their
control) and the name service is subverted, hostname verification of any kind can't work.
Either the CA or the NS (dns or the zk config) needs to have integrity. But I think you raise
an interesting issue where a client can just try multiple id's when connecting to another
server until it matches the one on its (lets assume stolen) certificate. I did not consider
that. Let me dig into this a little deeper and see if I can get a better idea of what is going
on.

bq. We should probably have it off by default and let the admin turn it on.
The latest patch has this behavior.

bq. Also wanted to ask you if we could make the all sockets BufferedSocket by default rather
then making that conditional on port unification configuration.
Why would we want to do this? I think there is a small performance hit involved. 

> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>            Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic between
ZooKeeper servers. For the most part this is a very easy change. We would probably only want
to support this for TCP based leader elections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message