[jira] [Commented] (ACCUMULO-1009) Support encryption over the wire

Wed, 18 Sep 2013 08:44:41 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770894#comment-13770894
 ] 

Michael Allen commented on ACCUMULO-1009:
-----------------------------------------

I wanted to +1 Michael's comments above around setting up an independent set of 
roots for your cluster.  Getting "real" certificates is a pain in the <insert 
your favorite body part here>, especially when you start talking about trying 
to set up your own sub-root from which you can cut certificates.  Requiring 
someone to understand how to do all that and then set up a bunch of 
configuration properties on top of it puts up a big barrier to entry. 

Having something like Michael's suggested {{bin/accumulo init-ssl}} call do the 
certificate generation and configuration for you would be my strongly preferred 
choice, and would make setting up secure clusters much much easier.  The work 
to set up a reasonably secure SSL deployment is boilerplate, albeit complex 
boilerplate.  Unless you are extremely keen on handling this setup yourself, or 
your company has stringent requirements in this area, having a very easy to set 
up SSL configuration is a big boon.

I also agree that being able to quickly test an SSL-enabled mini-cluster is 
another huge win for making this code easily testable and maintainable.
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need 
> to encrypt communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to