d?
> > >
> > >
> > Same answer as above -- I don't think we're attempting to protect against
> > local root in our threat model.
> >
> > -Todd
> >
> >
> > >
> > > On Thu, Feb 9, 2017 at 10:22 PM, Todd Lipcon <t...@cloudera
protect against
> local root in our threat model.
>
> -Todd
>
>
> >
> > On Thu, Feb 9, 2017 at 10:22 PM, Todd Lipcon <t...@cloudera.com> wrote:
> >
> > > Hey folks,
> > >
> > > For those not following along, we're very close to the p
On Fri, Feb 10, 2017 at 10:29 AM, Dan Burkert wrote:
> On Fri, Feb 10, 2017 at 10:02 AM, Todd Lipcon wrote:
> >
> > Yea, but still the best number here is 685MB/sec. Assuming 2ghz, that's
> > around 3 cycles/byte (~25x slower than crc32). According to
gt; > when security features are enabled). One thing we've decided is
> important
> > > is to preserve good performance for applications like Spark and Impala
> > > which typically schedule tasks local to the data on the tablet servers,
> > and
> > > we think
one by a Kudu cluster (at least
> when security features are enabled). One thing we've decided is important
> is to preserve good performance for applications like Spark and Impala
> which typically schedule tasks local to the data on the tablet servers, and
> we think that enabling TL
we're very close to the point where we'll
> be
> > enabling TLS for all wire communication done by a Kudu cluster (at least
> > when security features are enabled). One thing we've decided is important
> > is to preserve good performance for applications like Spark and Impala
> &
cluster (at least
> when security features are enabled). One thing we've decided is important
> is to preserve good performance for applications like Spark and Impala
> which typically schedule tasks local to the data on the tablet servers, and
> we think that enabling TLS for these l
and Impala
which typically schedule tasks local to the data on the tablet servers, and
we think that enabling TLS for these localhost connections will have an
unacceptable performance hit.
Our thinking was to continue to use TLS *authentication* to prevent MITM
attacks (possible because we typically