spark-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcelo Vanzin <van...@cloudera.com>
Subject Re: Removing SSL from Spark's internal communications
Date Wed, 19 Apr 2017 16:44:53 GMT
There's no file server anymore. And both the RPC endpoint (used to
transfer files) and the block manager (broadcasts + other blocks)
support encryption without SSL.

On Wed, Apr 19, 2017 at 8:55 AM, Rostyslav Sotnychenko
<r.sotnychenko@gmail.com> wrote:
> Hi all,
>
> I am wondering what Community will say about the need of removing SSL in
> Spark's internal communication (File Server and Broadcast Server).
>
> The problems I see are the following:
> 1. Each user must have his own keystore/truststore to use for his jobs -
> sharing keystores is obviously unsecure at all.
> 2. Both keystore and truststore must be present on local FS on each node in
> cluster
>
> Lets say we have a large organization with hundreds of users and cluster
> with thousands of nodes.
> The organization will be required to create and manage its own PKI, give the
> keys for each user and on every update distribute changes across all the
> nodes. Isn't this way too complicated?
>
>
> Would it be useful to replace SSL with something else, e.g. SASL that is
> already used in different parts of Spark or just plain AES? Or is there
> something that makes those changes impossible/non-appropriate?
>
>
>
> Thanks,
> Rostyslav



-- 
Marcelo

---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org


Mime
View raw message