Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C829910E7C for ; Thu, 19 Sep 2013 01:24:51 +0000 (UTC) Received: (qmail 60715 invoked by uid 500); 19 Sep 2013 01:24:51 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 60676 invoked by uid 500); 19 Sep 2013 01:24:51 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 60667 invoked by uid 99); 19 Sep 2013 01:24:51 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Sep 2013 01:24:51 +0000 Date: Thu, 19 Sep 2013 01:24:51 +0000 (UTC) From: "Michael Berman (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13771493#comment-13771493 ] Michael Berman commented on ACCUMULO-1009: ------------------------------------------ Anyone else want to weigh in? It seems pretty clear that neither of us is going to convince the other. Just looked over the jetty and tomcat SSL howtos, btw, and both have special settings in their conf to set where to find keystores and truststores. JSSE is a nice dream, but I don't believe it's so universally supported that anything can be asserted about "any other Java application." It is true that neither provides a tool to help provision certs, but also neither of them are typically deployed in massive clusters where it makes sense for them to have their own dedicated root. Wanting to limit scope is a fair point, but I think dramatically easing setup of what I imagine to be the most common deployment pattern is worth it. We could ask people to create their own accumulo tree in HDFS (and plenty of other hadoop-based tools' first step is "run this hadoop command..."), but instead we have init do it because complicated install procedures are a huge barrier to adoption. > Support encryption over the wire > -------------------------------- > > Key: ACCUMULO-1009 > URL: https://issues.apache.org/jira/browse/ACCUMULO-1009 > Project: Accumulo > Issue Type: New Feature > Reporter: Keith Turner > Assignee: Michael Berman > Fix For: 1.6.0 > > Attachments: ACCUMULO-1009_thriftSsl.patch > > > Need to support encryption between ACCUMULO clients and servers. Also need to encrypt communications between server and servers. > Basically need to make it possible for users to enable SSL+thrift. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira