Greetings, I'm looking at the data-at-transit encryption implementation from the security point of view, and I'm mildly surprised with following:
1) Passwords for keystore and truststore are in clear text in cassandra.yaml (Why? If we are going into the trouble of creating keystore and truststore, we want to protect our certificates and keys in case if the intruder broke into the box. If so, why are we giving this intruder passwords?) 2) We are instructing administrator to extract content of keystore and leave all the keys and certs in clear.(Why? If we are giving it all away why we even need the keystore? And if we do, why we are giving it away?) Thanks, Oleg
