[ https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15827893#comment-15827893 ]
Steve Loughran commented on HADOOP-13836: ----------------------------------------- I don't personally know whether that 12% would go down well or not; I presume it'd be up to the user. I do know SASL symmetric encryption has a performance hit all of its own, which is why it is underused. It might be interesting to do a test run with SASL=encrypt to see what the numbers show up there —maybe they are even worse than the SSL values. I'm not in a position to review the RPC code itself, as I'm scared of it. It's one of those critical-part pieces of code which everyone treads with caution around. I think you'll need [~daryn] [~sanjay.radia] and [~owen.omalley] to look at it there. That said, the UML doc you've added does imply that this work does include some cleanup of today's codebase ... this can only be welcome > Securing Hadoop RPC using SSL > ----------------------------- > > Key: HADOOP-13836 > URL: https://issues.apache.org/jira/browse/HADOOP-13836 > Project: Hadoop Common > Issue Type: New Feature > Components: ipc > Reporter: kartheek muthyala > Assignee: kartheek muthyala > Attachments: HADOOP-13836.patch, Secure IPC OSS Proposal-1.pdf, > SecureIPC Performance Analysis-OSS.pdf > > > Today, RPC connections in Hadoop are encrypted using Simple Authentication & > Security Layer (SASL), with the Kerberos ticket based authentication or > Digest-md5 checksum based authentication protocols. This proposal is about > enhancing this cipher suite with SSL/TLS based encryption and authentication. > SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard, that > provides data security and integrity across two different end points in a > network. This protocol has made its way to a number of applications such as > web browsing, email, internet faxing, messaging, VOIP etc. And supporting > this cipher suite at the core of Hadoop would give a good synergy with the > applications on top and also bolster industry adoption of Hadoop. > The Server and Client code in Hadoop IPC should support the following modes > of communication > 1. Plain > 2. SASL encryption with an underlying authentication > 3. SSL based encryption and authentication (x509 certificate) -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org