spark-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcelo Vanzin <>
Subject Re: Removing SSL from Spark's internal communications
Date Wed, 19 Apr 2017 16:44:53 GMT
There's no file server anymore. And both the RPC endpoint (used to
transfer files) and the block manager (broadcasts + other blocks)
support encryption without SSL.

On Wed, Apr 19, 2017 at 8:55 AM, Rostyslav Sotnychenko
<> wrote:
> Hi all,
> I am wondering what Community will say about the need of removing SSL in
> Spark's internal communication (File Server and Broadcast Server).
> The problems I see are the following:
> 1. Each user must have his own keystore/truststore to use for his jobs -
> sharing keystores is obviously unsecure at all.
> 2. Both keystore and truststore must be present on local FS on each node in
> cluster
> Lets say we have a large organization with hundreds of users and cluster
> with thousands of nodes.
> The organization will be required to create and manage its own PKI, give the
> keys for each user and on every update distribute changes across all the
> nodes. Isn't this way too complicated?
> Would it be useful to replace SSL with something else, e.g. SASL that is
> already used in different parts of Spark or just plain AES? Or is there
> something that makes those changes impossible/non-appropriate?
> Thanks,
> Rostyslav


To unsubscribe e-mail:

View raw message