[jira] [Commented] (HADOOP-13836) Securing Hadoop RPC using SSL

[kartheek muthyala (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15833623#comment-15833623
 ] 

kartheek muthyala commented on HADOOP-13836:
--------------------------------------------

Thank you @Kai Zheng and @Steve Loughran for the initial feedback on the 
performance numbers. My focus was to find out the impact of SSL implementation 
with respect to Plain socket implementation, I restrained from configuring the 
cluster for SASL. If I get some time, I will try to get the cluster configured 
for SASL and run the same test suite again. 

[~antkou], Thank you for the feedback on the initial patch. I have included the 
changes suggested by you in version 2.
[~asuresh], [~daryn] [~sanjay.radia] [~owen.omalley], can you guys please 
review this patch.

> Securing Hadoop RPC using SSL
> -----------------------------
>
>                 Key: HADOOP-13836
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13836
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: ipc
>            Reporter: kartheek muthyala
>            Assignee: kartheek muthyala
>         Attachments: HADOOP-13836.patch, HADOOP-13836-v2.patch, Secure IPC 
> OSS Proposal-1.pdf, SecureIPC Performance Analysis-OSS.pdf
>
>
> Today, RPC connections in Hadoop are encrypted using Simple Authentication & 
> Security Layer (SASL), with the Kerberos ticket based authentication or 
> Digest-md5 checksum based authentication protocols. This proposal is about 
> enhancing this cipher suite with SSL/TLS based encryption and authentication. 
> SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard, that 
> provides data security and integrity across two different end points in a 
> network. This protocol has made its way to a number of applications such as 
> web browsing, email, internet faxing, messaging, VOIP etc. And supporting 
> this cipher suite at the core of Hadoop would give a good synergy with the 
> applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes 
> of communication
> 1.    Plain 
> 2.     SASL encryption with an underlying authentication
> 3.     SSL based encryption and authentication (x509 certificate)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org