raft node and safety (authenticaton of nodes)

[Luo Pei'en]

Anyone knows if there is a way to prevent fake or 'bad guy' node from joining a raft node cluster? Any implementation of enhancing the safety of this kind? (e.g. by enabling authentication)?

[Oren Eini (Ayende Rahien)]

Raft is specifically non Byzantine system, that is, it assumes that all actors are honest.

There are other Byzantine algorithms that you can use, but they tend to be more complex.

What you can do is to have the admin register valid public keys and then on connection validate the connection to come from a valid key.

This way, adding a new node will require registering its key with all the others.

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

On Tue, Nov 8, 2016 at 5:31 PM, Luo Pei'en <coo...@gmail.com> wrote:

Anyone knows if there is a way to prevent fake or 'bad guy' node from joining a raft node cluster? Any implementation of enhancing the safety of this kind? (e.g. by enabling authentication)?

--
You received this message because you are subscribed to the Google Groups "raft-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to raft-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Diego Ongaro]

Or sign the keys from a trusted CA. This isn't really different in Raft than any other network service.