Hi all, If there are no other concerns, I will start vote for this KIP tomorrow.
Regards, Rajini On Mon, Nov 9, 2020 at 5:46 PM Rajini Sivaram <rajinisiva...@gmail.com> wrote: > Hi Ron & Ismael, > > Thanks for reviewing the KIP! I have updated the KIP to include Ismael's > suggestion on printing a warning for unprefixed `ssl.client.auth` so that > we can make the configs consistent in a future major release. > > Regards, > > Rajini > > > On Mon, Nov 9, 2020 at 3:58 PM Ismael Juma <ism...@juma.me.uk> wrote: > >> Thanks for the KIP Rajini. It's a good proposal. One suggestion for >> consideration: >> >> 1. We could print a warning if the unprefixed `ssl.client.auth` is used >> and >> there is a SASL_SSL listener. Then we could consider removing this >> inconsistency in Kafka 4.0 or something like that. >> >> What do you think? >> >> Ismael >> >> On Mon, Nov 9, 2020 at 3:08 AM Rajini Sivaram <rajinisiva...@gmail.com> >> wrote: >> >> > Hi all, >> > >> > I have submitted KIP-684 to support mTLS (TLS client authentication) for >> > SASL_SSL listeners: >> > >> > - >> > >> > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-684+-+Support+mutual+TLS+authentication+on+SASL_SSL+listeners >> > >> > >> > In security-critical deployments, TLS client authentication adds an >> extra >> > layer of security in addition to SASL-based client authentication. >> > >> > Feedback and suggestions are welcome. >> > >> > Thank you... >> > >> > Regards, >> > >> > Rajini >> > >> >
