Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/17295
> Just to be clear, I would prefer if we consistently did things - either
encrypt all blocks while transferring (irrespective of sasl being enabled or
not); or depend only on sasl for channel encryption.
Not really sure what you mean here. But transferring encrypted data without
RPC encryption is not really secure, since the encryption key is transferred to
executors using an RPC. There's even a warning message if RPC encryption is not
on and you enable disk encryption.
Shuffle is a different beast - I explain why the shuffle blocks are
transferred in encrypted form in the PR description.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
