Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5966
I agree, we need different key/truststores for the internal/external
connectivity. This PR was meant as a step in that direction, separating at
least within the SSL Utils the internal and external context setup.
In your thinking, is there ever a case for a different internal
authentication method than "single trusted certificate"? What if were not tied
to akka? (Side note: I think for internal communication, 'authentication is
authorization' is probably reasonable, because the are no different users/roles
for internal communication).
Would you assume that internally, we never do hostname verification?
---
