Sounds good to me. On Wed, Jul 14, 2010 at 12:25 AM, Mike Malone <m...@simplegeo.com> wrote: > Yep, as Ben said, we're not asking for anyone to write this for us. > We've been playing with some ideas around encryption between EC2 > data-centers/regions (intra-region is already secure enough for us -- it's > all switches / dedicate lines) and the easiest solution seems to be to wrap > the inter-Cassandra-node RPC protocol with SSL and simply deploy SSL certs > along with the clients via some out-of-band mechanism (in our case, probably > Puppet). > Honestly, I think this should be a pretty trivial patch. It's just a matter > of (optionally) wrapping the sockets for RPC connections with SSL. I'm > guessing there are facilities that make this pretty easy in Java that we can > leverage. We're mostly interested in getting feedback and buy-in from the > rest of the community before writing the code. If anyone has any better > ideas in terms of pay-off / lines of code we're _definitely_ all ears. But > for our use cases this seems like a big win. > Mike > On Tue, Jul 13, 2010 at 10:14 PM, Ben Standefer <b...@simplegeo.com> wrote: >> >> Yes, possibly. We haven't written it yet, and I was putting some feelers >> out there to see if there's any interest or buy-in from committers if we did >> contribute it. >> -Ben >> >> On Tue, Jul 13, 2010 at 3:23 PM, Jonathan Ellis <jbel...@gmail.com> wrote: >>> >>> Are you interested in contributing this? >>> >>> On Tue, Jul 13, 2010 at 4:22 PM, Ben Standefer <b...@simplegeo.com> wrote: >>> > Many apps would find it realistic or feasible to failover database >>> > connections across the country (going from <1ms latency to ~90ms >>> > latency). >>> > The scheme of failing over client database connections across the >>> > country >>> > is probably the minority case. SSL between Cassandra nodes, even >>> > without >>> > encryption in the clients connecting to a Cassandra node, would still >>> > be >>> > very useful if you want to mirror infrastructure in different parts of >>> > the >>> > world to provide users with localized low-latency access. >> > >
-- Jonathan Ellis Project Chair, Apache Cassandra co-founder of Riptano, the source for professional Cassandra support http://riptano.com