Sure, I modified the KIP to add more details https://cwiki.apache.org/confluence/display/KAFKA/KIP-235%3A+Add+DNS+alias+support+for+secured+connection
Jonathan Skrzypek -----Original Message----- From: Ismael Juma [mailto:ism...@juma.me.uk] Sent: 14 May 2018 11:53 To: dev Subject: Re: [VOTE] KIP-235 Add DNS alias support for secured connection Thanks for the KIP, Jonathan. It would be helpful to have more detail on how SSL authentication could be broken if the new behaviour is the default. I know this was discussed in the mailing list thread, but it's important to include it in the KIP since it's the main reason why a new config is needed (and configs should be avoided whenever we can just do the right thing). Ismael On Fri, Mar 23, 2018 at 12:05 PM Skrzypek, Jonathan < jonathan.skrzy...@gs.com> wrote: > Hi, > > I would like to start a vote for KIP-235 > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__cwiki.apache.org_confluence_display_KAFKA_KIP-2D235-253A-2BAdd-2BDNS-2Balias-2Bsupport-2Bfor-2Bsecured-2Bconnection&d=DwIBaQ&c=7563p3e2zaQw0AB1wrFVgyagb2IE5rTZOYPxLxfZlX4&r=nNmJlu1rR_QFAPdxGlafmDu9_r6eaCbPOM0NM1EHo-E&m=FM_uCHnnO2dqxWC0bi7_QOJKfKmQI80-Xduvb-URWOw&s=RpGkijfK-WHcU0s8ZtMXEkIr69QraJhYKaGSC9V_rnI&e= > > > This is a proposition to add an option for reverse dns lookup of > bootstrap.servers hosts, allowing the use of dns aliases on clusters using > SASL authentication. > > > >