Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-14 Thread Rajini Sivaram
The vote has passed with three binding (Jun, Ismael, me) and five non-binding (Ted, Michael, Manikumar, Edoardo, Jakub) votes. I will update the KIP page. Thanks everyone! Regards, Rajini On Fri, May 11, 2018 at 2:28 PM, Rajini Sivaram wrote: > Hi Jun, > > I have updated the KIP with examples

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-11 Thread Rajini Sivaram
Hi Jun, I have updated the KIP with examples on setting ssl.endpoint.identification. algorithm to an empty string. It turns out I had to update ConfigCommand to do this for dynamic configs, I have updated the PR as well. Thanks for pointing this out! Regards, Rajini On Fri, May 11, 2018 at 12

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-10 Thread Ismael Juma
Thanks for the KIP, +1 (binding) from me. Ismael On Wed, May 9, 2018 at 8:29 AM Rajini Sivaram wrote: > Hi all, > > Since there have been no objections on this straightforward KIP, I would > like to initiate the voting process. KIP-294 proposes to use a secure > default value for endpoint ident

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-10 Thread Jun Rao
Hi, Rajini, Thanks for the KIP. +1 Could you document in the wiki how to set ssl.endpoint.identification.algorithm to empty in the server property file and through dynamic config? It's not obvious how to do that. Jun On Wed, May 9, 2018 at 8:28 AM, Rajini Sivaram wrote: > Hi all, > > Since th

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-10 Thread Jakub Scholz
+1 (non-binding) On Thu, May 10, 2018 at 11:24 AM, Edoardo Comar wrote: > +1 (non-binding) > > On 10 May 2018 at 09:36, Manikumar wrote: > > > +1 (non-binding) > > > > Thanks. > > > > On Wed, May 9, 2018 at 10:09 PM, Mickael Maison < > mickael.mai...@gmail.com> > > wrote: > > > > > +1, thanks f

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-10 Thread Edoardo Comar
+1 (non-binding) On 10 May 2018 at 09:36, Manikumar wrote: > +1 (non-binding) > > Thanks. > > On Wed, May 9, 2018 at 10:09 PM, Mickael Maison > wrote: > > > +1, thanks for the KIP! > > > > On Wed, May 9, 2018 at 4:41 PM, Ted Yu wrote: > > > +1 > > > > > > On Wed, May 9, 2018 at 8:28 AM, Rajini

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-10 Thread Manikumar
+1 (non-binding) Thanks. On Wed, May 9, 2018 at 10:09 PM, Mickael Maison wrote: > +1, thanks for the KIP! > > On Wed, May 9, 2018 at 4:41 PM, Ted Yu wrote: > > +1 > > > > On Wed, May 9, 2018 at 8:28 AM, Rajini Sivaram > > wrote: > > > >> Hi all, > >> > >> Since there have been no objections o

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-09 Thread Mickael Maison
+1, thanks for the KIP! On Wed, May 9, 2018 at 4:41 PM, Ted Yu wrote: > +1 > > On Wed, May 9, 2018 at 8:28 AM, Rajini Sivaram > wrote: > >> Hi all, >> >> Since there have been no objections on this straightforward KIP, I would >> like to initiate the voting process. KIP-294 proposes to use a sec

Re: [VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-09 Thread Ted Yu
+1 On Wed, May 9, 2018 at 8:28 AM, Rajini Sivaram wrote: > Hi all, > > Since there have been no objections on this straightforward KIP, I would > like to initiate the voting process. KIP-294 proposes to use a secure > default value for endpoint identification when using SSL as the security > pro

[VOTE] KIP-294 - Enable TLS hostname verification by default

2018-05-09 Thread Rajini Sivaram
Hi all, Since there have been no objections on this straightforward KIP, I would like to initiate the voting process. KIP-294 proposes to use a secure default value for endpoint identification when using SSL as the security protocol. The KIP Is here: https://cwiki.apache.org/confluence/display/KA