Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-28435

[XDCR-SSL] x509 design now sends client's private key over the wire

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Critical
    • None
    • None
    • ns_server, XDCR
    • None
    • Untriaged
    • Unknown

    Description

      Build
      5.5.0-1992 or any latest Vulcan build.

      As mentioned in the PRD, https://docs.google.com/document/d/1xk-DJj3kEHptqoTG7_9l-2CVl2qvE16W-fbWEyqPOtk/edit, setting up remote cluster reference for xdcr now asks for client private key as shown in the screenshot.

      Attaching screenshot.

      Pls help understand -
      1. if private keys are only used to decrypt data, why should they be sent to target clusters
      2. If it's secure and acceptable(for our customers) to do so over the wire(although encrypted).

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ajit.yagaty Ajit Yagaty [X] (Inactive)
            apiravi Aruna Piravi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty