[ https://issues.apache.org/jira/browse/MESOS-5900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15391888#comment-15391888 ]
Till Toenshoff commented on MESOS-5900: --------------------------------------- This would also very much simplify having strict SSL encryption enabled on all connections of our agents {{LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false}}. Right now getting this covered demands a bunch of extra precautions as described in https://issues.apache.org/jira/browse/MESOS-3815. Using domain-sockets appears to be the most reliable, flexible and secure solution for the agent / executor communication. One challenge here may be getting domain-sockets to work on Windows -- Linux and OSX support them out of the box for sure. However, having regular sockets as a fallback may be a good option. > Consider supporting Unix domain socket connections in libprocess > ---------------------------------------------------------------- > > Key: MESOS-5900 > URL: https://issues.apache.org/jira/browse/MESOS-5900 > Project: Mesos > Issue Type: Improvement > Components: libprocess > Reporter: Neil Conway > Labels: mesosphere > > We should consider allowing two programs on the same host using libprocess to > communicate via Unix domain sockets rather than TCP. This has a few > advantages: > * Security: remote hosts cannot connect to the Unix socket. Domain sockets > also offer additional support for > [authentication|https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html]. > * Performance: domain sockets are marginally faster than localhost TCP. -- This message was sent by Atlassian JIRA (v6.3.4#6332)