Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.6.0
-
None
-
None
Description
HDFS-6606 provided an optimized way of HDFS data transfer encryption. The optimized encryption is build on top of SASL wrap/unwrap when auth-conf is configured.
When user specifies auth-conf, he wants both integrity and confidential. While the current implementation of the optimization implements only confidential with AES/CTR and there is no integrity grantees, which means the implications of auth-conf were not strictly followed.