accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <>
Subject [GitHub] ctubbsii commented on issue #646: Do not require a password on the truststore JKS
Date Wed, 12 Sep 2018 20:06:52 GMT
ctubbsii commented on issue #646: Do not require a password on the truststore JKS
   tl;dr I think this is a bad idea (see my case below). However, I'm open to being convinced...
Is there a some use case which cannot be satisfied with the current checks? What's driving
   While it may not be necessary to provide confidentiality of the truststore, "validation
that the JKS is the JKS that the user expects" is the very definition of integrity. Passphrases
on java keystores (including truststores) provide both confidentiality and integrity. So the
log message is incorrect: it *is* providing security value, by enforcing the use of integrity
beyond file system permissions.
   While we don't necessarily need to enforce the use of integrity measures by requiring a
passphrase (we could leave that to the user), I think it's better that we do... it encourages
good security practices, and ensures that they must take active measures to select less integrity
(by choosing a weak and well-known password like "changeit"). If we do what you propose, the
default posture for the user will be shifted from one of having integrity and needing to take
steps to reduce integrity, to one of not having integrity and needing to take action to provide
integrity. I'm inclined to prefer the former, which is what we have now.

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

View raw message