Thanks for the KIP Rajini. It's a good proposal. One suggestion for consideration:
1. We could print a warning if the unprefixed `ssl.client.auth` is used and there is a SASL_SSL listener. Then we could consider removing this inconsistency in Kafka 4.0 or something like that. What do you think? Ismael On Mon, Nov 9, 2020 at 3:08 AM Rajini Sivaram <rajinisiva...@gmail.com> wrote: > Hi all, > > I have submitted KIP-684 to support mTLS (TLS client authentication) for > SASL_SSL listeners: > > - > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-684+-+Support+mutual+TLS+authentication+on+SASL_SSL+listeners > > > In security-critical deployments, TLS client authentication adds an extra > layer of security in addition to SASL-based client authentication. > > Feedback and suggestions are welcome. > > Thank you... > > Regards, > > Rajini >
