Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-9899

The implication of auth-conf is not followed in optimized HDFS data transfer encryption

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.6.0
    • None
    • encryption
    • None

    Description

      HDFS-6606 provided an optimized way of HDFS data transfer encryption. The optimized encryption is build on top of SASL wrap/unwrap when auth-conf is configured.

      When user specifies auth-conf, he wants both integrity and confidential. While the current implementation of the optimization implements only confidential with AES/CTR and there is no integrity grantees, which means the implications of auth-conf were not strictly followed.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jerrychenhf Haifeng Chen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - 672h
                  672h
                  Remaining:
                  Remaining Estimate - 672h
                  672h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified