Github user tgravescs commented on the pull request:
https://github.com/apache/incubator-spark/pull/332#issuecomment-34769796
A small explanation here.
This pull request is just for authentication via a shared secret. It does
not handle encryption or qop after authentication. The idea was to add the
basics and then enhance as needed. Note that for the http/jetty and sasl we
are using DIGEST authentication mechanism so the password is not sent in plain
text. Akka remoting only gives you one option with the shared cookie and the
documentation didn't specify so I'm not sure about that. I'll try to take a
look at the code.
Also note for the sasl stuff you can set the level of protecting via the
Sasl.QOP setting. We are simply using auth, but you could support auth-int and
auth-conf. Those would require you to also wrap the messages being sent.
Akka also supports ssl and you can also configure jetty to use https. I
haven't looked at any of those in detail at this point though.
