Hi Joe, For #2, if brokers and clients trust a certain certificate authority (CA), you should be able to just sign a new certificate with that CA (without having to explicitly share said cert with all parties).
- Samuel On Fri, Jun 23, 2017 at 3:10 AM, Joe San <codeintheo...@gmail.com> wrote: > Dear Kafka Users, > > Would you consider it a good practice to expose the Kafka topic directly to > a 3rd party application? While doing this, I need to satisfy the following: > > 1. I will have say 10 topics and I would need to make sure that only > authorized parties are able to write into the Topic > > 2. If I use certificates (2 way trust), would this mean that when I add new > broker nodes, I need to make sure that the new certificates are shared with > all the 3rd parties and their certificates being installed on my new broker > node? > > 3. Since I'm exposing my topic directly, a naughty 3rd party could play > around and might eventually case a DoS attack? > > Thanks, > Joe >