[ https://issues.apache.org/jira/browse/HADOOP-12725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15125590#comment-15125590 ]
Kai Zheng commented on HADOOP-12725: ------------------------------------ As there isn't any JCE compliant ciphers of high performance as Chimera that's suitable for the targets, to be most flexible and get around the limitations, we may need go directly for a solution as, coming up a new Kerberos GSSAPI mechanism similar to the current one in JRE, but based on the [Kerby|https://github.com/apache/directory-kerby] Kerberos libraries. Wei, can we do the hack? I think we can first do the prototype in the Kerby codebase as you did the benchmark things, when it sounds good then we sort out the solution based on the prototype and come up a design doc for Hadoop for further discussion. Thanks. > RPC encryption benchmark and optimization prototypes > ---------------------------------------------------- > > Key: HADOOP-12725 > URL: https://issues.apache.org/jira/browse/HADOOP-12725 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Kai Zheng > Assignee: Wei Zhou > > This would implement a benchmark tool to measure and compare the performance > of Hadoop IPC/RPC call when security is enabled and different SASL > QOP(Quality of Protection) is enforced. Given the data collected by this > benchmark, it would then be able to know if any performance concern when > considering to enforce privacy, integration, or authenticy protection level, > and do optimization accordingly. -- This message was sent by Atlassian JIRA (v6.3.4#6332)