You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/09/28 13:11:27 UTC

[GitHub] [pulsar] frankjkelly opened a new issue #8152: Pulsar Authentication should support rotation of Validation keys e.g. Public keys used in JWT validation

frankjkelly opened a new issue #8152:
URL: https://github.com/apache/pulsar/issues/8152


   **Is your enhancement request related to a problem? Please describe.**
   A common practice for security is to rotate keys used in encryption as well as token validation.
   During the rotation the cryptographic functions temporarily will need to support data signed/encrypted with the
   old keys as well as those signed/encrypted with the new keys.
   
   **Describe the solution you'd like**
    Pulsar authentication methods that rely on cryptographic keys e.g. Authentication with JWT Tokens
   should support more than one cryptographic key with the ability to reload new keys "on the fly".
   
   See for example
   https://github.com/apache/pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderToken.java#L68
   
   **Describe alternatives you've considered**
   Considered (in a Kubernetes context) provisioning new brokers with a new key and gradually rolling those out - however it means that previous tokens (encrypted) with old keys won't be supported during this time.
   This could be picked up by the client and cause them to refresh their token but this seems onerous and complex to code and test.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] MathiasHaudgaard commented on issue #8152: Pulsar Authentication should support rotation of Validation keys e.g. Public keys used in JWT validation

Posted by GitBox <gi...@apache.org>.
MathiasHaudgaard commented on issue #8152:
URL: https://github.com/apache/pulsar/issues/8152#issuecomment-870426648


   +1 on this one.
   @sijie is this being worked on atm?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] maskmaster commented on issue #8152: Pulsar Authentication should support rotation of Validation keys e.g. Public keys used in JWT validation

Posted by GitBox <gi...@apache.org>.
maskmaster commented on issue #8152:
URL: https://github.com/apache/pulsar/issues/8152#issuecomment-833635449


   Related to the "Additional Consideration" header in #9679


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] alexku7 commented on issue #8152: Pulsar Authentication should support rotation of Validation keys e.g. Public keys used in JWT validation

Posted by GitBox <gi...@apache.org>.
alexku7 commented on issue #8152:
URL: https://github.com/apache/pulsar/issues/8152#issuecomment-830824159


   Hey
   Any updates about this feature?
   
   The one of the critical , in my opinion, If we want to make pulsar secure :)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] MathiasHaudgaard commented on issue #8152: Pulsar Authentication should support rotation of Validation keys e.g. Public keys used in JWT validation

Posted by GitBox <gi...@apache.org>.
MathiasHaudgaard commented on issue #8152:
URL: https://github.com/apache/pulsar/issues/8152#issuecomment-870426648


   +1 on this one.
   @sijie is this being worked on atm?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org