Details

    • Type: Enhancement
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 4.0.12
    • Labels:
      None

      Description

      In ASYM_ENCRYPT, when a new member joins, it sends a JOIN-REQ to the coordinator (unencrypted, as it does not yet have the secret key).

      The coordinator skips decryption, creates a JOIN-RSP, and sends it to the joiner unencrypted. The reason is that the joiner doesn't yet have the secret key, so it couldn't possibly decrypt the JOIN-RSP and install the view.

      (This is btw not a security issue as subsequent messages are encrypted and a rogue member would not be able to decrypt them. However, a rogue member would be able to join the cluster.

      To prevent this, the JOIN-RSP sent by the coordinator to the joiner will be encrypted. The joiner will not be able to decrypt it and simply drops it, but it also asks the keyserver (coord) for the secret key. Once the secret key has been received, the (retransmitted) JOIN-RSP will be received, decrypted with the received secret key and the view can be installed.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                belaban Bela Ban
                Reporter:
                belaban Bela Ban
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: