Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/2425
Sorry for chiming in a bit late here with this more fundamental question.
I would like to understand from a security architecture, what additional
security this shared secret gives us:
- If there is no encryption, then this shared secret is not very secure,
as it can be sniffed from the network
- When there is encryption, isn't the current assumption that all parties
have access to the server-side certificate? Would that already be a form of
shared secret, meaning that certificate-based authentication as part of the SSL
handshake already covers the mechanism of a shared secret?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
