accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire
Date Thu, 19 Sep 2013 16:42:51 GMT


Josh Elser commented on ACCUMULO-1009:

Trying to catch up on the discussion (glad to see such in-depth discussion :D)

As [~kturner] and [~_alexm] touched on, I think it may be good to take a step back and provision
out the sub-tasks here. As a general statement, my gut agrees that we don't want to be in
the "security provisioning" realm just for the monumental difficulties in doing it correctly.
That being said, I think it would be prudent to have some sort of "basic" mechanism in which
we can test things. The simplest approach to me would be to generate cert(s), keystore, local-CA,
and w/e else we need to run "securely" for MAC, document how it was done, and then bundle
that as a first go-around. A sub-task can be made to find a happy medium with what we could
do automatically and what is best left up to the integrator/sys-admin?

Testing security for the sake of "is it secure?" is likely without much gain, but there are
definitely the edge-cases like [~kturner] pointed out which need testing.

All that being said, trying to break down the larger wire encryption issue into some more
tenable pieces is a good idea (plus so the next patch doesn't break the 4k line count :D)
> Support encryption over the wire
> --------------------------------
>                 Key: ACCUMULO-1009
>                 URL:
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>         Attachments: ACCUMULO-1009_thriftSsl.patch
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message