You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Dan Burkert (JIRA)" <ji...@apache.org> on 2017/08/18 20:21:00 UTC

[jira] [Commented] (KUDU-1886) TLS certificate hostname verification

    [ https://issues.apache.org/jira/browse/KUDU-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133578#comment-16133578 ] 

Dan Burkert commented on KUDU-1886:
-----------------------------------

A lot of the plumbing for getting hostnames into the handshake is being done as part of KUDU-2032.

> TLS certificate hostname verification
> -------------------------------------
>
>                 Key: KUDU-1886
>                 URL: https://issues.apache.org/jira/browse/KUDU-1886
>             Project: Kudu
>          Issue Type: Improvement
>          Components: rpc, security
>    Affects Versions: 1.2.0
>            Reporter: Dan Burkert
>              Labels: security
>
> We currently aren't correctly handling hostname verification on master-generated (ipki) certificates.  This has big consequences in terms of the security of the system, and what active attackers with access to a cert can achieve.  Couple of points that came out of discussions:
> - We currently don't plumb the remote hostname into the client negotiation, which will probably become necessary to avoid a reverse-DNS lookup when verifying the server's cert.
> - The master should be validating that the hostname in a tserver's CSR matches the Kerberos principal of the connection's authentication.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)