zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Melissa Mahasintunan <stopp...@us.ibm.com>
Subject Re: Encryption in ZooKeeper & contrib projects
Date Wed, 29 Jun 2011 20:58:18 GMT
Hi Andy,

Thank you for your response last week!  I was hoping you could provide me 
with a little more information, specifically if the encryption 
functionality is limited to the following functions:

code limited to encryption of passwords, personal identification numbers, 
digital signatures, fixed data compression techniques, hashing
decryption (only) of radio or pay TV broadcasts, or for civilian use of 
mobile radio telephones not capable of "end to end" encryption
decryption specially designed to allow execution of copy-protected 
software and the decryption function is not user-accessible
cryptographic software specially designed and limited for use on banking 
(ATM, POS terminals)
personalized smart card software not capable of message traffic encryption 
of user-supplied or related key management functions
key management designed, restricted, and intended to support only one of 
the above functions
software designed to protect against malicious computer damage (e.g. 
Viruses, intrusion detection, etc.)
software tools and technology specifically designed for the development, 
production, or "use" of one or more of the above software (but limited to 
those listed above)

Thank you again for your help!


From:   Andrew Purtell <apurtell@apache.org>
To:     user@zookeeper.apache.org
Date:   06/23/2011 04:10 PM
Subject:        Re: Encryption in ZooKeeper & contrib projects

> From: Ted Dunning <ted.dunning@gmail.com>
> Encryption is used in authentication, but not in communications.  Of
> course, you can do magic tunnel things to provide encryption, but
> ZK doesn't do it by itself.

With ZOOKEEPER-938 applied if I'm not mistaken it would be possible to 
negotiate encryption on the connection as well as authentication (via SASL 
QoP "auth-conf"). 

  - Andy

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message