accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2432) MAC should have an option for creating it's own ssl certs
Date Wed, 18 Jun 2014 20:10:24 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14036292#comment-14036292
] 

Christopher Tubbs commented on ACCUMULO-2432:
---------------------------------------------

[~elserj], when you say:

bq. we're validating that tests operate in a secure environment.

and

bq. I, as a user, would like to run a test against MAC which is using SSL.

I think those statements are meaningless if you have not defined what "secure environment"
and "using SSL" mean. This is where the (unfortunate) cumbersome-ness comes in. We simply
cannot make these decisions for users and provide them with meaningful test results. A user
has to decide what that environment looks like themselves (by deciding which keys/certificates
to use).

I think that's a pretty minimal (and completely acceptable) amount of cumbersome-ness, and
users can already do that now. A "use SSL" flag is insufficient and largely meaningless, unless
you have the power to control the SSL options being used. That's where the MAC bloat and overlap
with existing tools comes in. Simply flipping a bit to "enable SSL" is detrimental to security
testing, because it offers no insight into the secure environment which is being tested, giving
a false sense of security that may not be appropriate to a user's environment. Users should
not be given the impression that proper security testing can be achieved without knowledge
of key/certificate management.

> MAC should have an option for creating it's own ssl certs
> ---------------------------------------------------------
>
>                 Key: ACCUMULO-2432
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2432
>             Project: Accumulo
>          Issue Type: Bug
>          Components: mini
>            Reporter: John Vines
>              Labels: newbie
>             Fix For: 1.7.0
>
>
> Currently ssl certs must be generated prior to starting mac, and passed in. We should
find a way to make that as seamless as possible.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message