[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user StephanEwen commented on the issue: https://github.com/apache/flink/pull/5966 This PR is subsumed by #6326 ---

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user StephanEwen commented on the issue: https://github.com/apache/flink/pull/5966 @EronWright Just saw this - I have concurrently reworked this PR into #6326 which does things more cleanly. I would like to get that PR in for 1.6 (got many users asking for this). I

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user EronWright commented on the issue: https://github.com/apache/flink/pull/5966 @StephanEwen I would like to work on this issue, building on your PR, would that be OK? ---

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user StephanEwen commented on the issue: https://github.com/apache/flink/pull/5966 I would move ahead with this PR as follows: - Separate internal and external SSL config - Activate SSL client auth for akka, netty, and blob server (pure internal communication)

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user EronWright commented on the issue: https://github.com/apache/flink/pull/5966 To be honest I don't see a great need to support anything other than a single trusted certificate for internal communication.We could easily build some conveniences around that, like

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user StephanEwen commented on the issue: https://github.com/apache/flink/pull/5966 I agree, we need different key/truststores for the internal/external connectivity. This PR was meant as a step in that direction, separating at least within the SSL Utils the internal and

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user EronWright commented on the issue: https://github.com/apache/flink/pull/5966 This looks great but let's please separate the intra-cluster SSL configuration options from the external-cluster options. In particular, the web/API endpoints should be governed by a different

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user GJL commented on the issue: https://github.com/apache/flink/pull/5966 This is relevant http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Discuss-FLIP-26-SSL-Mutual-Authentication-td22188.html ---

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user GJL commented on the issue: https://github.com/apache/flink/pull/5966 I will take a look at this later today. ---

[GitHub] flink issue #5966: [FLINK-9312] [security] Add mutual authentication for RPC...

Github user StephanEwen commented on the issue: https://github.com/apache/flink/pull/5966 @EronWright This might be interesting to you as well ---