d we might
>>>> do that opt-out eventually. We do not need to hurry up with this. I
>>>> understand everybody's expectations and excitement but it really boils
>>>> down to one line change in yaml. People who are so much after the
>>>> performance w
>>>> might do that opt-out eventually. We do not need to hurry up with this. I
>>>>> understand everybody's expectations and excitement but it really boils
>>>>> down to one line change in yaml. People who are so much after the
>>>>>
. We do not need to hurry up with this. I
>>> understand everybody's expectations and excitement but it really boils down
>>> to one line change in yaml. People who are so much after the performance
>>> will be definitely aware of this knob to turn on to squeeze
t;> scenario to be unnecessary exercise, I am afraid that I will not be able to
>> deliver that as testing something like this is quite complicated matter.
>> There is a lot of aspects which could be tested I can not even enumerate
>> right now ... so I try to meet you somewhere
.
>
>
> From: Mick Semb Wever
> Sent: Wednesday, July 26, 2023 20:48
> To: dev@cassandra.apache.org
> Subject: Re: [DISCUSS] Using ACCP or tc-native by default
>
> NetApp Security WARNING: This is an external email. Do not click links
I think these concerns are well-intended, but they feel rooted in uncertainty rather than in factual examples of areas where risk is present. I
would appreciate elaboration on the specific areas of risk that folks imagine.I would encourage those who express skepticism to try the patch,
and I end
ly 26, 2023 20:48
To: dev@cassandra.apache.org
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING: This is an external email. Do not click links or open
attachments unless you recognize the sender and know the content is safe.
What comes to mind is how we brought
s quite complicated matter.
> There is a lot of aspects which could be tested I can not even enumerate
> right now ... so I try to meet you somewhere in the middle.
> >
> >
> > From: Mick Semb Wever
> > Sent: Wednesday, July 26
esday, July 26, 2023 17:34
> To: dev@cassandra.apache.org
> Subject: Re: [DISCUSS] Using ACCP or tc-native by default
>
> NetApp Security WARNING: This is an external email. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
>
>
&g
not even enumerate right now
... so I try to meet you somewhere in the middle.
From: Mick Semb Wever
Sent: Wednesday, July 26, 2023 17:34
To: dev@cassandra.apache.org
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING: This
We do and I’m sensitive to that 100% but there is no reason ACCP should
break upgrades afaik. The algorithms it implements are identical and for
the ones it doesn’t the JRE implementation is used — ACCP is the higher
priority implementation. Do we have any examples of it breaking anything?
Or that
Can you say more about the shape of your concern?
>
Integration testing where some nodes are running JCE and others accp, and
various configurations that are and are not accp compatible/native.
I'm not referring to (re-) unit testing accp or jce themselves, or matrix
testing over them, but our c
I left my comments on the JIRA itself but generally they mirror Scott and
Joeys thoughts.
Jordan
On Wed, Jul 26, 2023 at 07:26 C. Scott Andreas wrote:
> Peter, thanks for your message.
>
> You are receiving these emails because your address is subscribed to the
> Apache Cassandra "dev@" develop
Peter, thanks for your message.You are receiving these emails because your address is subscribed to
the Apache Cassandra "dev@" developer mailing list. You can unsubscribe from this list by
sending an email to dev-unsubscr...@cassandra.apache.org. Subscribers to the mailing list are not
able to
Can you say more about the shape of your concern?JCA/JCE conformance and correctness of the functions implemented are a responsibility of the ACCP/Corretto test suite (link). These are thoroughly exercised by Amazon and bundled into the Corretto JDK distribution Amazon ships as well.With regard to
>
> So if a service is not there it will just search where it is next. I
> completely forgot this aspect of it ... Folks from Corretto forgot to
> mention this behavior as well, interesting. It is not as we are going to
> use this _as the only provider_.
>
I'm still uncomfortable assuming upgrade
ache.org
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING: This is an external email. Do not click links or open
attachments unless you recognize the sender and know the content is safe.
I thought the crypto providers were supposed to “ask the next one down
PLEASE REMOVE ME FROM THIS EMAIL
From: "C. Scott Andreas"
Reply-To: "dev@cassandra.apache.org"
Date: Wednesday, July 26, 2023 at 6:19 AM
To: "dev@cassandra.apache.org"
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
Jeremiah, that’s my understandi
Jeremiah, that’s my understanding as well. ACCP accelerates a subset of
functions and delegates the rest.
In years of using ACCP with Cassandra, I have yet to see an issue - or any case
in which adopting ACCP was anything other than a strict benefit.
- Scott
> On Jul 26, 2023, at 5:33 AM, J. D
I thought the crypto providers were supposed to “ask the next one down the
line” if something is not supported? Have you tried some unsupported thing and
seen it break? My understanding of the providers being an ordered list was
that isn’t supposed to happen.
-Jeremiah
> On Jul 26, 2023, at
That means that if somebody is on 4.0 and they upgrade to 5.0, if they use
> some ciphers / protocols / algorithms which are not in Corretto, it might
> break their upgrade.
>
If there's any risk of breaking upgrades we have to go with (2). We
support a variation of JCE configurations, and I do
.
(1) https://github.com/corretto/amazon-corretto-crypto-provider/issues/315
(2) https://issues.apache.org/jira/browse/CASSANDRA-18624
From: Miklosovic, Stefan
Sent: Friday, July 21, 2023 18:17
To: dev@cassandra.apache.org
Subject: Re: [DISCUSS] Using ACC
__
From: Mick Semb Wever
Sent: Friday, July 21, 2023 7:18
To: dev@cassandra.apache.org
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING: This is an external email. Do not click links or open
attachments unless you recognize the sender and know the content i
>
> As I am on x86 and I wanted to simulate what would happen to users on ARM,
> I just did it other way around - I introduced the dependency with
> classifier linux-aarch_64.
>
> …
> Surprisingly, the installation step succeeded on x86 even the dependency
> was for aarch. However, the startup chec
On Fri, Jul 21, 2023 at 10:56 AM Miklosovic, Stefan <
stefan.mikloso...@netapp.com> wrote:
...
> I think this might work, if it is available, it will use it, if not, we
> emit a big fat warning.
>
...
I agree with this approach. It lets operators trap a log statement or
similar while defaulting t
a/security/DefaultCryptoProvider.java#L64-L70
From: Abe Ratnofsky
Sent: Thursday, July 20, 2023 23:59
To: dev@cassandra.apache.org
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING: This is an external email. Do not click links or open
attachments unless you
gt;> From: Joseph Lynch
>> Sent: Thursday, July 20, 2023 7:38 AM
>> To: dev@cassandra.apache.org
>> Subject: [EXTERNAL] Re: [DISCUSS] Using ACCP or tc-native by default
>>
>> Having native dependencies shouldn't make the project x86 only, it
>> should ju
h Lynch
> Sent: Thursday, July 20, 2023 7:38 AM
> To: dev@cassandra.apache.org
> Subject: [EXTERNAL] Re: [DISCUSS] Using ACCP or tc-native by default
>
> Having native dependencies shouldn't make the project x86 only, it
> should just accelerate the performance on x86 when avail
Thanks,
German
From: Joseph Lynch
Sent: Thursday, July 20, 2023 7:38 AM
To: dev@cassandra.apache.org
Subject: [EXTERNAL] Re: [DISCUSS] Using ACCP or tc-native by default
Having native dependencies shouldn't make the project x86 only, it
should just accelerate the per
3rd party extensions etc ...
> >
> > I want to be sure that everybody is aware of this change (that we plan to
> > do that in such a way that it will not be "bundled") and that everybody is
> > on board with this. Otherwise I am all ears about how to do that
> > differently.
> >
> > (1) http
do that differently.
>
> (1) https://issues.apache.org/jira/browse/CASSANDRA-18624
>
>
> From: German Eichberger via dev
> Sent: Friday, June 23, 2023 22:43
> To: dev
> Subject: Re: [DISCUSS] Using ACCP or tc-native by default
2023 22:43
To: dev
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING: This is an external email. Do not click links or open
attachments unless you recognize the sender and know the content is safe.
+1 to ACCP - we love performance.
+1 to ACCP - we love performance.
From: David Capwell
Sent: Thursday, June 22, 2023 4:21 PM
To: dev
Subject: [EXTERNAL] Re: [DISCUSS] Using ACCP or tc-native by default
+1 to ACCP
On Jun 22, 2023, at 3:05 PM, C. Scott Andreas wrote:
+1 for ACCP and can attest
Great addition! +1 (nb)
On 2023/06/23 13:37:02 Josh McKenzie wrote:
> +1 here on inclusion by default.
>
> On Fri, Jun 23, 2023, at 2:01 AM, Dinesh Joshi wrote:
> > This would be a good addition and would make Cassandra more performant out
> > of the box.
> >
> > Dinesh
> >
> >> On Jun 22, 2
+1 here on inclusion by default.
On Fri, Jun 23, 2023, at 2:01 AM, Dinesh Joshi wrote:
> This would be a good addition and would make Cassandra more performant out of
> the box.
>
> Dinesh
>
>> On Jun 22, 2023, at 9:45 PM, Jordan West wrote:
>>
>> Glad to see there is support for this! I th
n ACCP in production on 1000s of nodes across Cassandra 3.11 and 4 with great results.
Would love to see it baked into Cassandra.
Jackson
From:
David Capwell <dcapw...@apple.com>
Date: Friday, 23 June 2023 at 9:22 am
To: dev <dev@cassandra.apache.org>
Subject: Re: [DISCUSS
Jackson
>
>
>
> *From: *David Capwell
> *Date: *Friday, 23 June 2023 at 9:22 am
> *To: *dev
> *Subject: *Re: [DISCUSS] Using ACCP or tc-native by default
>
> *NetApp Security WARNING*: This is an external email. Do not click links
> or open attachments unless you rec
We run ACCP in production on 1000s of nodes across Cassandra 3.11 and 4 with
great results.
Would love to see it baked into Cassandra.
Jackson
From: David Capwell
Date: Friday, 23 June 2023 at 9:22 am
To: dev
Subject: Re: [DISCUSS] Using ACCP or tc-native by default
NetApp Security WARNING
+1 to ACCP
> On Jun 22, 2023, at 3:05 PM, C. Scott Andreas wrote:
>
> +1 for ACCP and can attest to its results. ACCP also optimizes for a range of
> hash functions and other cryptographic primitives beyond TLS acceleration for
> Netty.
>
>> On Jun 22, 2023, at 2:07 PM, Jeff Jirsa wrote:
>>
+1 for ACCP and can attest to its results. ACCP also optimizes for a range of hash
functions and other cryptographic primitives beyond TLS acceleration for Netty.On Jun 22,
2023, at 2:07 PM, Jeff Jirsa wrote:Either would be better than
today. On Thu, Jun 22, 2023 at 1:57 PM Jordan West wrote:
Either would be better than today.
On Thu, Jun 22, 2023 at 1:57 PM Jordan West wrote:
> Hi,
>
> I’m wondering if there is appetite to change the default SSL provider for
> Cassandra going forward to either ACCP [1] or tc-native in Netty? Our
> deployment as well as others I’m aware of make this
Hi,
I’m wondering if there is appetite to change the default SSL provider for
Cassandra going forward to either ACCP [1] or tc-native in Netty? Our
deployment as well as others I’m aware of make this change in their fork
and it can lead to significant performance improvement. When recently
qualify
42 matches
Mail list logo
