[
https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15706026#comment-15706026
]
Arun Suresh edited comment on HADOOP-13836 at 11/29/16 6:02 PM:
----------------------------------------------------------------
Thanks for pointing out IPv6 [~steve_l]
I assume it should just work, considering this comes into play only at Socket
creation. My understanding is that SSL/TLS certificate authentication is based
on the DNS names of the entities involved, so again, I assume it should just
work, if DNS resolution works correctly.
But yes, we will try to verify it. My understanding is that the HADOOP-11890
branch had most of the IPv6 based changes. If this branch is uptodate,
[~kartheek], we can maybe test it against that branch. Any more pointers to
verifying if this would work with IPv6 is welcome. (cc: [~eclark], [~nkedel])
was (Author: asuresh):
Thanks for pointing out IPv6 [~steve_l]
I assume it should just work, considering this comes into play only at Socket
creation. My understanding is that SSL/TLS certification authentication is
based on the DNS names of the entities involved, so again, I assume it should
just work, if DNS resolution works correctly.
But yes, we will try to verify it. My understanding is that the HADOOP-11890
branch had most of the IPv6 based changes. If this branch is uptodate,
[~kartheek], we can maybe test it against that branch. Any more pointers to
verifying if this would work with IPv6 is welcome. (cc: [~eclark], [~nkedel])
> Securing Hadoop RPC using SSL
> -----------------------------
>
> Key: HADOOP-13836
> URL: https://issues.apache.org/jira/browse/HADOOP-13836
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc
> Reporter: kartheek muthyala
> Assignee: kartheek muthyala
> Attachments: HADOOP-13836.patch
>
>
> Today, RPC connections in Hadoop are encrypted using Simple Authentication &
> Security Layer (SASL), with the Kerberos ticket based authentication or
> Digest-md5 checksum based authentication protocols. This proposal is about
> enhancing this cipher suite with SSL/TLS based encryption and authentication.
> SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard, that
> provides data security and integrity across two different end points in a
> network. This protocol has made its way to a number of applications such as
> web browsing, email, internet faxing, messaging, VOIP etc. And supporting
> this cipher suite at the core of Hadoop would give a good synergy with the
> applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes
> of communication
> 1. Plain
> 2. SASL encryption with an underlying authentication
> 3. SSL based encryption and authentication (x509 certificate)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
