Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 626A6200C39 for ; Thu, 16 Mar 2017 23:52:49 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 610F9160B8B; Thu, 16 Mar 2017 22:52:49 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A9EE9160B72 for ; Thu, 16 Mar 2017 23:52:48 +0100 (CET) Received: (qmail 47770 invoked by uid 500); 16 Mar 2017 22:52:46 -0000 Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list dev@zookeeper.apache.org Received: (qmail 47759 invoked by uid 99); 16 Mar 2017 22:52:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Mar 2017 22:52:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 7BE12C0FD6 for ; Thu, 16 Mar 2017 22:52:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.451 X-Spam-Level: * X-Spam-Status: No, score=1.451 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id WFMkpZ-EXR22 for ; Thu, 16 Mar 2017 22:52:44 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 087F45FDCE for ; Thu, 16 Mar 2017 22:52:44 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A7827E0B21 for ; Thu, 16 Mar 2017 22:52:42 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0E4FC254C5 for ; Thu, 16 Mar 2017 22:52:42 +0000 (UTC) Date: Thu, 16 Mar 2017 22:52:42 +0000 (UTC) From: "Abraham Fine (JIRA)" To: dev@zookeeper.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 16 Mar 2017 22:52:49 -0000 [ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15929080#comment-15929080 ] Abraham Fine commented on ZOOKEEPER-236: ---------------------------------------- Hi [~geek101]- bq. If multiple servers have certs with the same subjectAltName entry of type dNSName and that is indeed is how the CA signed them then it should be ok from TLS perspective I agree that at least one of the alt_names needs to match the host from configuration (not all of them). bq. Take a case where if someone can subvert the CA get signed by it for the same domain and subvert DNS then they might as well try few sids starting from zero before ZK lets the server connect. If the CA is subverted (certificates are being issued for servers for domains not under their control) and the name service is subverted, hostname verification of any kind can't work. Either the CA or the NS (dns or the zk config) needs to have integrity. But I think you raise an interesting issue where a client can just try multiple id's when connecting to another server until it matches the one on its (lets assume stolen) certificate. I did not consider that. Let me dig into this a little deeper and see if I can get a better idea of what is going on. bq. We should probably have it off by default and let the admin turn it on. The latest patch has this behavior. bq. Also wanted to ask you if we could make the all sockets BufferedSocket by default rather then making that conditional on port unification configuration. Why would we want to do this? I think there is a small performance hit involved. > SSL Support for Atomic Broadcast protocol > ----------------------------------------- > > Key: ZOOKEEPER-236 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236 > Project: ZooKeeper > Issue Type: New Feature > Components: quorum, server > Reporter: Benjamin Reed > Assignee: Abraham Fine > Priority: Minor > > We should have the ability to use SSL to authenticate and encrypt the traffic between ZooKeeper servers. For the most part this is a very easy change. We would probably only want to support this for TCP based leader elections. -- This message was sent by Atlassian JIRA (v6.3.15#6346)