Hi Andrew, yes the meeting took place and we plan to-do it every two weeks (same bat time, same bat channel) moving forward.
In attendance was Michael Herstine (LinkedIn), Arvind Mani (LinkedIn), Gwen Shapira (Cloudera) and myself. Gwen updated the wiki after our discussion. Basically we are thinking of using 3 ports one for plain text (so like it is now), one for SASL (implementing username/password and kerberos at least) and one for SSL and they will all be configurable on/off. Some investigation is going on now to see about how we can do this without making any wire protocol changes (ideal) or minimal changes at least. Let me know and I can add you to the invite if you would like to contribute the more help and input the better for sure. Also in regards to KAFKA-1477 I just asked Ivan to update the patch to latest trunk and we could (demand required) make a patch that works with 0.8.1.X too for folks to use... This doesn't work yet with the new producer (TBD) or any other clients so be aware it is not yet baked in and from release project perspective I don't know what in that patch will survive (hopefully all of it). /******************************************* Joe Stein Founder, Principal Consultant Big Data Open Source Security LLC http://www.stealth.ly Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop> ********************************************/ On Tue, Sep 16, 2014 at 10:17 AM, Andrew Psaltis <psaltis.and...@gmail.com> wrote: > Hi, > I was just reading the recent changes to: > https://cwiki.apache.org/confluence/display/KAFKA/Security after getting > off a call about Kafka security and how we are jumping through hoops -- > like having PGP keys on the consumers and producers to get around the lack > of SSL support. Did the meeting that Joe proposed happen for Sept 9th > happen? If not is there a plan to have it? I was also looking at: > https://issues.apache.org/jira/browse/KAFKA-1477 and it seems like there > have been no comments since 11/08/2014. I would be interested in helping > with the TLS/SSL support as we have a need for it now. > > Thanks, > Andrew >
