Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-9899

The implication of auth-conf is not followed in optimized HDFS data transfer encryption

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.6.0
    • Fix Version/s: None
    • Component/s: encryption
    • Labels:
      None

      Description

      HDFS-6606 provided an optimized way of HDFS data transfer encryption. The optimized encryption is build on top of SASL wrap/unwrap when auth-conf is configured.

      When user specifies auth-conf, he wants both integrity and confidential. While the current implementation of the optimization implements only confidential with AES/CTR and there is no integrity grantees, which means the implications of auth-conf were not strictly followed.

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              jerrychenhf Jerry Chen
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - 672h
                672h
                Remaining:
                Remaining Estimate - 672h
                672h
                Logged:
                Time Spent - Not Specified
                Not Specified

                  Development