accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2432) MAC should have an option for creating it's own ssl certs
Date Wed, 18 Jun 2014 19:34:25 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14036239#comment-14036239
] 

Christopher Tubbs commented on ACCUMULO-2432:
---------------------------------------------

There's a tradeoff here, though.

The more "seamless" you get, the less you can actually get value from it. A "security on"
button that is very seamless is completely useless, since it doesn't actually help you test
a specific security profile (key type, certificate format, hash algorithm, CA chain, etc.).
I think a better approach than trying to make it so seamless is to make its API useful for
actually testing different scenarios/security profiles. So, rather than simply checking a
box saying "I've tested SSL on MAC", you can get actual meaningful value, like "I've tested
SSL on MAC with RSA keys in a certificate signed by VeriSign root CA stored in a PKCS12 certificate
store".

There should be *some* degree of cumbersomeness here... not because we like making things
difficult for users (I certainly don't), but because we understand that a "security on" button
has no value if the user doesn't understand what is actually being tested in MAC when they
press that button.

So, when I see "seamless", I think "seamless integration with different security profiles",
and I think we have that now. We just need to train people how to generate those different
security profiles for testing, according to their needs. The keytool-maven-plugin is one such
tool to help them do just that.

> MAC should have an option for creating it's own ssl certs
> ---------------------------------------------------------
>
>                 Key: ACCUMULO-2432
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2432
>             Project: Accumulo
>          Issue Type: Bug
>          Components: mini
>            Reporter: John Vines
>              Labels: newbie
>             Fix For: 1.7.0
>
>
> Currently ssl certs must be generated prior to starting mac, and passed in. We should
find a way to make that as seamless as possible.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message