I propose we deprecate Geode’s proprietary UDP message privacy algorithm based on the Diffie-Hellman key exchange protocol. This would deprecate:
ConfigurationProperties.SECURITY_UDP_DHALGO String DistributionConfig.getSecurityUDPDHAlgo() void DistributionConfig.setSecurityUDPDHAlgo(String attValue) DistributionConfig.SECURITY_UDP_DHALGO_NAME Additionally we’d have to upate documentation to reflect deprecation. >From ConfigurationProperties.java: Application can set this property to valid symmetric key algorithm, to encrypt udp messages in Geode. Geode will generate symmetric key using Diffie-Hellman key exchange algorithm between peers. That key further used by specified algorithm to encrypt the udp messages. The property (and the feature) was added mid-2016. Unfortunately it was not added as an “experimental” feature, so it cannot simply be removed. Incidentally, the corresponding property for client-server communication, SECURITY_CLIENT_DHALGO, is already deprecated. It was deprecated in Geode 1.5 in favor of SSL/TLS. I am proposing deprecating the feature because: 1. The feature has not proven popular with users. 2. At least one hard-to-reproduce bug exists in the implementation: GEODE-6448 <https://issues.apache.org/jira/browse/GEODE-6448>. We’ve burned a person-week trying to fix the problem (Bruce Schuchardt and me) and it’s not clear how much more time it will take. If we decide to deprecate the feature, fixing this problem would be de-prioritized accordingly. 3. If we decide, in the future, that UDP message security is required, it would be better to implement a standard algorithm such as DTLS <https://tools.ietf.org/html/rfc6347>: 1. Our algorithm provides only message privacy whereas DTLS provides privacy, tamper-resistance, and message forgery protection 2. DTLS is a standard 3. There is some support for DTLS in the JDK (JEP-219 <https://openjdk.java.net/jeps/219> delivered in JDK 9). It’s not a complete implementation e.g. guaranteed delivery is a do-it-yourself kit. Actually implementing DTLS is out of scope for this proposal. Adding DTLS would be a significant undertaking. So, how do you feel about me making a GEODE ticket to deprecate the SECURITY_UDP_DHALGO configuration property?
