Yep, as Ben said, we're not asking for anyone to write this for us.
We've been playing with some ideas around encryption between EC2 data-centers/regions (intra-region is already secure enough for us -- it's all switches / dedicate lines) and the easiest solution seems to be to wrap the inter-Cassandra-node RPC protocol with SSL and simply deploy SSL certs along with the clients via some out-of-band mechanism (in our case, probably Puppet).
Honestly, I think this should be a pretty trivial patch. It's just a matter of (optionally) wrapping the sockets for RPC connections with SSL. I'm guessing there are facilities that make this pretty easy in Java that we can leverage. We're mostly interested in getting feedback and buy-in from the rest of the community before writing the code. If anyone has any better ideas in terms of pay-off / lines of code we're _definitely_ all ears. But for our use cases this seems like a big win.
On Tue, Jul 13, 2010 at 10:14 PM, Ben Standefer <firstname.lastname@example.org>
Yes, possibly. We haven't written it yet, and I was putting some feelers out there to see if there's any interest or buy-in from committers if we did contribute it.
On Tue, Jul 13, 2010 at 3:23 PM, Jonathan Ellis <email@example.com>
Are you interested in contributing this?
On Tue, Jul 13, 2010 at 4:22 PM, Ben Standefer <firstname.lastname@example.org> wrote:
> Many apps would find it realistic or feasible to failover database
> connections across the country (going from <1ms latency to ~90ms latency).
> The scheme of failing over client database connections across the country
> is probably the minority case. SSL between Cassandra nodes, even without
> encryption in the clients connecting to a Cassandra node, would still be
> very useful if you want to mirror infrastructure in different parts of the
> world to provide users with localized low-latency access.