[ClusterLabs] Corosync security of PFS or TLS/SSL support

[Venkatesh, Prashanth]

Hi,

Corosync has any plan to support PFS or TLS/SSL in there roadmap, our concern is below statement from corosync man page.

"The security in corosync does not offer perfect forward secrecy because the keys are reused. It may be possible for an intruder by capturing packets in an automated fashion to determine the shared key. No such automated attack has been published as of yet. In this scenario, the cluster is likely already compromised to allow the long-term capture of transmitted data"


Regards,
Prashanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20181207/35986d53/attachment.html>