[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947418#comment-13947418
]
Larry McCay commented on HADOOP-10429:
--------------------------------------
[~tucu00]] - I had given this some thought in the past as well. I think that it
is fine to add this but I don't know that we should remove the ability for the
consumer to use an arbitrary source for keying material. I would imagine a
perhaps adding a separate switch to indicate that you want to delegate it to
the provider or not.
I can imagine a usecase where a specialized hardware key generator is used but
you want to store it in a java keystore. You shouldn't necessarily have to
write a new provider for that combination.
What do you think?
> KeyStores should have methods to generate the materials themselves, KeyShell
> should use them
> --------------------------------------------------------------------------------------------
>
> Key: HADOOP-10429
> URL: https://issues.apache.org/jira/browse/HADOOP-10429
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10429.patch
>
>
> Currently, the {{KeyProvider}} API expects the caller to provide the key
> materials. And, the {{KeyShell}} generates key materials.
> For security reasons, {{KeyProvider}} implementations may want to generate
> and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
