[jira] [Commented] (ACCUMULO-1009) Support encryption over the wire

Thu, 19 Sep 2013 09:53:10 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772018#comment-13772018
 ] 

Josh Elser commented on ACCUMULO-1009:
--------------------------------------

Trying to catch up on the discussion (glad to see such in-depth discussion :D)

As [~kturner] and [~_alexm] touched on, I think it may be good to take a step 
back and provision out the sub-tasks here. As a general statement, my gut 
agrees that we don't want to be in the "security provisioning" realm just for 
the monumental difficulties in doing it correctly. That being said, I think it 
would be prudent to have some sort of "basic" mechanism in which we can test 
things. The simplest approach to me would be to generate cert(s), keystore, 
local-CA, and w/e else we need to run "securely" for MAC, document how it was 
done, and then bundle that as a first go-around. A sub-task can be made to find 
a happy medium with what we could do automatically and what is best left up to 
the integrator/sys-admin?

Testing security for the sake of "is it secure?" is likely without much gain, 
but there are definitely the edge-cases like [~kturner] pointed out which need 
testing.

All that being said, trying to break down the larger wire encryption issue into 
some more tenable pieces is a good idea (plus so the next patch doesn't break 
the 4k line count :D)
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need 
> to encrypt communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to