qpid-proton mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: [GitHub] qpid-proton pull request: PROTON-334: SASL Implementation for Prot...
Date Wed, 15 Apr 2015 20:06:05 GMT
I've received no further feedback at all about this review request.

Do people want me to create a reviewboard item instead?

For reference, this proposed change incorporates all the discussion -
although I haven't necessarily agreed with everyone else's points!

For clarity the main issue that I haven't changed on is the default for
requiring authorisation/encryption on the server side of a proton-c
connection. I'd like to solicit some other opinion about this (other
than Robbie who has made his opinion clear at this point)

The proposed code defaults to allowing unauthorised and unencrypted
incoming connections by default. This is for ease of initial use
considerations. The opposing viewpoint is that this is insecure by
default and it would be best to be secure by default.

I'd note that the previous state is a little confused, in that
unencrypted is allowed by default, and authentication may or may not be
required depending.

I'd be reasonably happy to do either easy to use by default or secure by
default, but I'm dead set against having the authentication and
encryption defaults be different.

Andrew

On Thu, 2015-04-09 at 07:31 +0000, astitcher wrote:
> Github user astitcher commented on the pull request:
> 
>     https://github.com/apache/qpid-proton/pull/17#issuecomment-91137151
>   
>     See the wiki for more information and context:
>     https://cwiki.apache.org/confluence/x/B5cWAw
> 
> 
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastructure@apache.org or file a JIRA ticket
> with INFRA.
> ---



Mime
View raw message