[
https://issues.apache.org/jira/browse/MAPREDUCE-4417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13411666#comment-13411666
]
Alejandro Abdelnur commented on MAPREDUCE-4417:
-----------------------------------------------
@eric14,
The driving use case is to avoid data spoofing while on the wire.
Agree, encrypting data at both sides is the obvious follow up to this JIRA in
order to have end to end over the wire confidentiality.
In current Hadoop, as you suggest, you can use compression codecs to do
encryption on both sides.
However, you can not do that for the shuffle. Thus this JIRA to tackle the
shuffle case first.
Of course, this functionality would be disabled by default, even if Kerberos
security is enabled. You'll need to set another knob to enable shuffle
encryption.
Hope this clarifies.
> add support for encrypted shuffle
> ---------------------------------
>
> Key: MAPREDUCE-4417
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4417
> Project: Hadoop Map/Reduce
> Issue Type: New Feature
> Components: mrv2, security
> Affects Versions: 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
>
> Currently Shuffle fetches go on the clear. While Kerberos provides
> comprehensive authentication for the cluster, it does not provide
> confidentiality.
> When processing sensitive data confidentiality may be desired (at the expense
> of job performance and resources utilization for doing encryption).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
