Dan Burkert has posted comments on this change. Change subject: [security] make Kudu CA issue certs valid for 10 years ......................................................................
Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/5984/1/src/kudu/master/master_cert_authority.cc File src/kudu/master/master_cert_authority.cc: Line 47: DECLARE_int64(ca_server_cert_exp_seconds); > I think I like the ipki_ one better. Dan? Yah, I think if we want to standardize around calling this the "internal PKI" feature (which I'm leaning towards), ipki seems better. Also, after reading the cockroach docs that list their equivalents, I really like their briefer versions. https://www.cockroachlabs.com/docs/create-security-certificates.html#flags Not sure if y'all will be on board with the brevity, but translated to us that would be something like: ipki_ca_key_size ipki_key_size ipki_ca_cert_expiration_seconds ipki_cert_expiration_seconds -- To view, visit http://gerrit.cloudera.org:8080/5984 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4a470b59be54726818abc462e51329846fd7b015 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
