[ClusterLabs] Corosync security of PFS or TLS/SSL support
Venkatesh, Prashanth
Prashanth.Venkatesh at commscope.com
Fri Dec 7 00:02:25 EST 2018
Hi,
Corosync has any plan to support PFS or TLS/SSL in there roadmap, our concern is below statement from corosync man page.
"The security in corosync does not offer perfect forward secrecy because the keys are reused. It may be possible for an intruder by capturing packets in an automated fashion to determine the shared key. No such automated attack has been published as of yet. In this scenario, the cluster is likely already compromised to allow the long-term capture of transmitted data"
Regards,
Prashanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20181207/35986d53/attachment.html>
More information about the Users
mailing list