You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Pavel Pereslegin (Jira)" <ji...@apache.org> on 2020/11/10 07:28:00 UTC

[jira] [Comment Edited] (IGNITE-13520) Сlient node with a static encrypted cache configuration can generate an encryption key when joining.

    [ https://issues.apache.org/jira/browse/IGNITE-13520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17229017#comment-17229017 ] 

Pavel Pereslegin edited comment on IGNITE-13520 at 11/10/20, 7:27 AM:
----------------------------------------------------------------------

[~nizhikov], take a look at these changes, please.


was (Author: xtern):
[~nizhikov], take a look at these changes.

> Сlient node with a static encrypted cache configuration can generate an encryption key when joining.
> ----------------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-13520
>                 URL: https://issues.apache.org/jira/browse/IGNITE-13520
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.9
>            Reporter: Pavel Pereslegin
>            Assignee: Pavel Pereslegin
>            Priority: Major
>              Labels: encryption
>             Fix For: 2.10
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Currently, when a client node joins a cluster with a static encrypted cache configuration, it generates an encryption key for that cache and sends it to the cluster (just like the server node does).
> _SpringEncryptedCacheRestartClientTest_ reproduces this behavior and it is unexpected, it happens due to IGNITE-13567 (see _GridEncryptionManager#collectJoiningNodeData_).
> The client node should not generate encryption keys and should be able to start without configuring EncryptionSPI.
> After doing some research on possible solutions, we decided to reject node joining in such a situation, because there is no clean and simple way to distribute the same encryption key between server nodes that are already in the cluster (we have to either add discovery overhead, block the exchange, or add an additional exchange to be able to distribute keys between server nodes that are already in the cluster).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)