[
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898820#comment-15898820
]
Abraham Fine commented on ZOOKEEPER-236:
----------------------------------------
Hi [~geek101]-
Thanks for letting me know about the work that you have done. I apologize if I
have missed it somewhere else in JIRA. Hopefully we can combine efforts here.
I wanted to discuss about the way that certificates are being handled in your
patch, which I think is a fundamental difference in our two approaches (which I
think is based on different operational assumptions).
Your patch, and please correct me if I am wrong, appears to use self signed
certs on each node and a fingerprint (passed through the configuration system)
as a mechanism of verification. This makes zookeeper self contained and easy to
manage.
My patch assumes certificates are likely not self signed and some public key
(or possibly keys) are available in the trust store that would be able to
authenticate all zk servers. I think this has the advantage of making it much
more difficult for unauthorized servers to join a quorum as they would need to
have access to the CA that was used to generate the keys in the truststore. In
addition, I needed to make minimal changes to the config system.
What do you think is the best path forward?
Abe
> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
> Key: ZOOKEEPER-236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, server
> Reporter: Benjamin Reed
> Assignee: Abraham Fine
> Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic
> between ZooKeeper servers. For the most part this is a very easy change. We
> would probably only want to support this for TCP based leader elections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
