On Tue, Aug 14, 2018 at 10:22 AM Dan Smith <dsm...@pivotal.io> wrote:
> >
> > The current SSL implementation is also susceptible to man-in-the-middle
> as
> > well. This proposal is really independent of those proposed changes.
> >
>
> The current SSL implementation is not susceptible to man-in-the-middle
> attacks, unless someone configures their client to trust public CAs rather
> than directly trusting their gemfire servers. If you are using a public CA
> model of trust, then you need hostname verification.
1) Compromise any host, client or server, in the cluster.
2) Copy key and certificate.
3) Hide tracks.
4) Create rouge host using stolen key and certificate pair.
- Lack or hostname validation means my host with an otherwise valid
cert can join the cluster.
5) Profit.
While strictly not a CA trust man-in-the-middle, it has the same effect. It
is an attack vector that hostname verification thwarts that current
implementation does not.
-Jake
