You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cassandra.apache.org by Maulin Vasavada <ma...@gmail.com> on 2021/10/11 05:54:16 UTC
[DISCUSS] CEP-17: Add support for PEM based key material for SSL
Hi all,
I would like to start this discussion thread for the CEP-17
<https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL>.
I think it would be a great addition to support a commonly used format for
private keys and trusted certificates for SSL configurations.
Thank you.
Maulin
Re: [DISCUSS] CASSANDRA-17031: Add support for PEM based key material
for SSL
Posted by Derek Chen-Becker <de...@chen-becker.org>.
Sorry, I just wanted to view the JIRA ticket and comment
Thanks!
Derek
On Mon, Oct 11, 2021, 7:09 PM Maulin Vasavada <ma...@gmail.com>
wrote:
> Hi Derek
>
> I am not sure what you are trying to do. Are you trying to delete the CEP
> page OR trying to see/edit the JIRA ticket? Anybody else have a clue what
> Derek is running into?
>
> Thanks
> Maulin
>
> On Mon, Oct 11, 2021 at 2:34 PM Derek Chen-Becker <de...@chen-becker.org>
> wrote:
>
> > Hi Maulin,
> >
> > I'm getting a permission denied error when I try to access the ticket.
> What
> > do I need to do to get access?
> >
> > Thanks,
> >
> > Derek
> >
> > On Mon, Oct 11, 2021 at 1:34 PM Maulin Vasavada <
> maulin.vasavada@gmail.com
> > >
> > wrote:
> >
> > > Changing the subject for this discussion with the JIRA ticket now.
> > >
> > > Dinesh, when you say PEM and JKS formats simultaneously, do you mean
> that
> > > for client vs internnode ssl we should be able to use different formats
> > OR
> > > beyond that within particular encryption options have a combination -
> PEM
> > > based private keys and JKS based truststore?
> > >
> > > Thanks
> > > Maulin
> > >
> > > On Mon, Oct 11, 2021 at 12:02 PM Maulin Vasavada <
> > > maulin.vasavada@gmail.com>
> > > wrote:
> > >
> > > > Thanks all for your responses. So I'll give back the CEP number (if I
> > > > can).
> > > >
> > > > For Dinesh's comment, I think we can take up in the DISCUSS thread
> for
> > > the
> > > > JIRA ticket that I'll start. I will make sure I understand his
> comment
> > > and
> > > > resolve it correctly.
> > > >
> > > > Thanks
> > > > Maulin
> > > >
> > > > On Mon, Oct 11, 2021 at 8:47 AM Dinesh Joshi
> > <djoshi3@icloud.com.invalid
> > > >
> > > > wrote:
> > > >
> > > >> This could be just an enhancement jira. No need for a CEP.
> > > >>
> > > >> I think this would be a fine addition to Cassandra. Please ensure
> that
> > > we
> > > >> can support both PEM as well as the current JKS simultaneously.
> > > >>
> > > >> Dinesh
> > > >>
> > > >> > On Oct 11, 2021, at 3:06 AM, Stefan Miklosovic <
> > > >> stefan.miklosovic@instaclustr.com> wrote:
> > > >> >
> > > >> > I agree with Benedict, this does not need to have its own CEP.
> > > >> >
> > > >> > In the "approach" section to-be-discussed CEP-17, I clearly see
> this
> > > >> > is building on top of what is already in so I do not think this
> > needs
> > > >> > yet another CEP to materialize.
> > > >> >
> > > >> > Regards
> > > >> >
> > > >> >> On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <
> > > benedict@apache.org>
> > > >> wrote:
> > > >> >>
> > > >> >> Hi Maulin,
> > > >> >>
> > > >> >> This sounds fine to me, though I don’t consider myself well
> versed
> > in
> > > >> these system details.
> > > >> >>
> > > >> >> I have a meta comment though: I think this could easily have
> been a
> > > >> Jira with a DISCUSS thread brought to the list. The CEP process is
> (in
> > > my
> > > >> opinion) for complex decisions that needs broad consent from the
> > > community,
> > > >> whereas this seems like a straightforward feature we might want to
> > > >> advertise to ensure others have an opportunity to offer their
> > expertise
> > > and
> > > >> opinions on.
> > > >> >>
> > > >> >>
> > > >> >> From: Maulin Vasavada <ma...@gmail.com>
> > > >> >> Date: Monday, 11 October 2021 at 06:54
> > > >> >> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
> > > >> >> Subject: [DISCUSS] CEP-17: Add support for PEM based key material
> > for
> > > >> SSL
> > > >> >> Hi all,
> > > >> >>
> > > >> >> I would like to start this discussion thread for the CEP-17
> > > >> >> <
> > > >>
> > >
> >
> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL
> > > >> >.
> > > >> >> I think it would be a great addition to support a commonly used
> > > format
> > > >> for
> > > >> >> private keys and trusted certificates for SSL configurations.
> > > >> >>
> > > >> >> Thank you.
> > > >> >> Maulin
> > > >> >
> > > >> >
> > ---------------------------------------------------------------------
> > > >> > To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> > > >> > For additional commands, e-mail: dev-help@cassandra.apache.org
> > > >> >
> > > >>
> > > >>
> ---------------------------------------------------------------------
> > > >> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> > > >> For additional commands, e-mail: dev-help@cassandra.apache.org
> > > >>
> > > >>
> > >
> >
> >
> > --
> > +---------------------------------------------------------------+
> > | Derek Chen-Becker |
> > | GPG Key available at https://keybase.io/dchenbecker and |
> > | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org |
> > | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC |
> > +---------------------------------------------------------------+
> >
>
Re: [DISCUSS] CASSANDRA-17031: Add support for PEM based key material
for SSL
Posted by Maulin Vasavada <ma...@gmail.com>.
Hi Derek
I am not sure what you are trying to do. Are you trying to delete the CEP
page OR trying to see/edit the JIRA ticket? Anybody else have a clue what
Derek is running into?
Thanks
Maulin
On Mon, Oct 11, 2021 at 2:34 PM Derek Chen-Becker <de...@chen-becker.org>
wrote:
> Hi Maulin,
>
> I'm getting a permission denied error when I try to access the ticket. What
> do I need to do to get access?
>
> Thanks,
>
> Derek
>
> On Mon, Oct 11, 2021 at 1:34 PM Maulin Vasavada <maulin.vasavada@gmail.com
> >
> wrote:
>
> > Changing the subject for this discussion with the JIRA ticket now.
> >
> > Dinesh, when you say PEM and JKS formats simultaneously, do you mean that
> > for client vs internnode ssl we should be able to use different formats
> OR
> > beyond that within particular encryption options have a combination - PEM
> > based private keys and JKS based truststore?
> >
> > Thanks
> > Maulin
> >
> > On Mon, Oct 11, 2021 at 12:02 PM Maulin Vasavada <
> > maulin.vasavada@gmail.com>
> > wrote:
> >
> > > Thanks all for your responses. So I'll give back the CEP number (if I
> > > can).
> > >
> > > For Dinesh's comment, I think we can take up in the DISCUSS thread for
> > the
> > > JIRA ticket that I'll start. I will make sure I understand his comment
> > and
> > > resolve it correctly.
> > >
> > > Thanks
> > > Maulin
> > >
> > > On Mon, Oct 11, 2021 at 8:47 AM Dinesh Joshi
> <djoshi3@icloud.com.invalid
> > >
> > > wrote:
> > >
> > >> This could be just an enhancement jira. No need for a CEP.
> > >>
> > >> I think this would be a fine addition to Cassandra. Please ensure that
> > we
> > >> can support both PEM as well as the current JKS simultaneously.
> > >>
> > >> Dinesh
> > >>
> > >> > On Oct 11, 2021, at 3:06 AM, Stefan Miklosovic <
> > >> stefan.miklosovic@instaclustr.com> wrote:
> > >> >
> > >> > I agree with Benedict, this does not need to have its own CEP.
> > >> >
> > >> > In the "approach" section to-be-discussed CEP-17, I clearly see this
> > >> > is building on top of what is already in so I do not think this
> needs
> > >> > yet another CEP to materialize.
> > >> >
> > >> > Regards
> > >> >
> > >> >> On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <
> > benedict@apache.org>
> > >> wrote:
> > >> >>
> > >> >> Hi Maulin,
> > >> >>
> > >> >> This sounds fine to me, though I don’t consider myself well versed
> in
> > >> these system details.
> > >> >>
> > >> >> I have a meta comment though: I think this could easily have been a
> > >> Jira with a DISCUSS thread brought to the list. The CEP process is (in
> > my
> > >> opinion) for complex decisions that needs broad consent from the
> > community,
> > >> whereas this seems like a straightforward feature we might want to
> > >> advertise to ensure others have an opportunity to offer their
> expertise
> > and
> > >> opinions on.
> > >> >>
> > >> >>
> > >> >> From: Maulin Vasavada <ma...@gmail.com>
> > >> >> Date: Monday, 11 October 2021 at 06:54
> > >> >> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
> > >> >> Subject: [DISCUSS] CEP-17: Add support for PEM based key material
> for
> > >> SSL
> > >> >> Hi all,
> > >> >>
> > >> >> I would like to start this discussion thread for the CEP-17
> > >> >> <
> > >>
> >
> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL
> > >> >.
> > >> >> I think it would be a great addition to support a commonly used
> > format
> > >> for
> > >> >> private keys and trusted certificates for SSL configurations.
> > >> >>
> > >> >> Thank you.
> > >> >> Maulin
> > >> >
> > >> >
> ---------------------------------------------------------------------
> > >> > To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> > >> > For additional commands, e-mail: dev-help@cassandra.apache.org
> > >> >
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> > >> For additional commands, e-mail: dev-help@cassandra.apache.org
> > >>
> > >>
> >
>
>
> --
> +---------------------------------------------------------------+
> | Derek Chen-Becker |
> | GPG Key available at https://keybase.io/dchenbecker and |
> | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org |
> | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC |
> +---------------------------------------------------------------+
>
Re: [DISCUSS] CASSANDRA-17031: Add support for PEM based key material
for SSL
Posted by Derek Chen-Becker <de...@chen-becker.org>.
Hi Maulin,
I'm getting a permission denied error when I try to access the ticket. What
do I need to do to get access?
Thanks,
Derek
On Mon, Oct 11, 2021 at 1:34 PM Maulin Vasavada <ma...@gmail.com>
wrote:
> Changing the subject for this discussion with the JIRA ticket now.
>
> Dinesh, when you say PEM and JKS formats simultaneously, do you mean that
> for client vs internnode ssl we should be able to use different formats OR
> beyond that within particular encryption options have a combination - PEM
> based private keys and JKS based truststore?
>
> Thanks
> Maulin
>
> On Mon, Oct 11, 2021 at 12:02 PM Maulin Vasavada <
> maulin.vasavada@gmail.com>
> wrote:
>
> > Thanks all for your responses. So I'll give back the CEP number (if I
> > can).
> >
> > For Dinesh's comment, I think we can take up in the DISCUSS thread for
> the
> > JIRA ticket that I'll start. I will make sure I understand his comment
> and
> > resolve it correctly.
> >
> > Thanks
> > Maulin
> >
> > On Mon, Oct 11, 2021 at 8:47 AM Dinesh Joshi <djoshi3@icloud.com.invalid
> >
> > wrote:
> >
> >> This could be just an enhancement jira. No need for a CEP.
> >>
> >> I think this would be a fine addition to Cassandra. Please ensure that
> we
> >> can support both PEM as well as the current JKS simultaneously.
> >>
> >> Dinesh
> >>
> >> > On Oct 11, 2021, at 3:06 AM, Stefan Miklosovic <
> >> stefan.miklosovic@instaclustr.com> wrote:
> >> >
> >> > I agree with Benedict, this does not need to have its own CEP.
> >> >
> >> > In the "approach" section to-be-discussed CEP-17, I clearly see this
> >> > is building on top of what is already in so I do not think this needs
> >> > yet another CEP to materialize.
> >> >
> >> > Regards
> >> >
> >> >> On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <
> benedict@apache.org>
> >> wrote:
> >> >>
> >> >> Hi Maulin,
> >> >>
> >> >> This sounds fine to me, though I don’t consider myself well versed in
> >> these system details.
> >> >>
> >> >> I have a meta comment though: I think this could easily have been a
> >> Jira with a DISCUSS thread brought to the list. The CEP process is (in
> my
> >> opinion) for complex decisions that needs broad consent from the
> community,
> >> whereas this seems like a straightforward feature we might want to
> >> advertise to ensure others have an opportunity to offer their expertise
> and
> >> opinions on.
> >> >>
> >> >>
> >> >> From: Maulin Vasavada <ma...@gmail.com>
> >> >> Date: Monday, 11 October 2021 at 06:54
> >> >> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
> >> >> Subject: [DISCUSS] CEP-17: Add support for PEM based key material for
> >> SSL
> >> >> Hi all,
> >> >>
> >> >> I would like to start this discussion thread for the CEP-17
> >> >> <
> >>
> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL
> >> >.
> >> >> I think it would be a great addition to support a commonly used
> format
> >> for
> >> >> private keys and trusted certificates for SSL configurations.
> >> >>
> >> >> Thank you.
> >> >> Maulin
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> >> > For additional commands, e-mail: dev-help@cassandra.apache.org
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> >> For additional commands, e-mail: dev-help@cassandra.apache.org
> >>
> >>
>
--
+---------------------------------------------------------------+
| Derek Chen-Becker |
| GPG Key available at https://keybase.io/dchenbecker and |
| https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org |
| Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC |
+---------------------------------------------------------------+
Re: [DISCUSS] CASSANDRA-17031: Add support for PEM based key material
for SSL
Posted by Maulin Vasavada <ma...@gmail.com>.
+1 Dinesh. It will be like that. For client and server both encryption
options you can choose different key material types. I'll raise a PR soon
and you can check the tests I've.
Thanks
Maulin
On Tue, Oct 12, 2021 at 9:22 PM Dinesh Joshi <dj...@icloud.com.invalid>
wrote:
> On 10/11/21 12:34 PM, Maulin Vasavada wrote:
> > Dinesh, when you say PEM and JKS formats simultaneously, do you mean that
> > for client vs internnode ssl we should be able to use different formats
> OR
> > beyond that within particular encryption options have a combination - PEM
> > based private keys and JKS based truststore?
>
> Currently, Cassandra has two configuration blocks one for the client
> (client_encryption_options) and the other for the internode
> (server_encryption_options). Both blocks individually can specify a
> different type of truststore. Currently it only supports the stores that
> are supported by Java's standard stores like JKS and PKCS12. If you plan
> on adding new types, then lets make sure that we continue supporting
> these types and support PEM in addition.
>
> Dinesh
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: dev-help@cassandra.apache.org
>
>
Re: [DISCUSS] CASSANDRA-17031: Add support for PEM based key material
for SSL
Posted by Dinesh Joshi <dj...@icloud.com.INVALID>.
On 10/11/21 12:34 PM, Maulin Vasavada wrote:
> Dinesh, when you say PEM and JKS formats simultaneously, do you mean that
> for client vs internnode ssl we should be able to use different formats OR
> beyond that within particular encryption options have a combination - PEM
> based private keys and JKS based truststore?
Currently, Cassandra has two configuration blocks one for the client
(client_encryption_options) and the other for the internode
(server_encryption_options). Both blocks individually can specify a
different type of truststore. Currently it only supports the stores that
are supported by Java's standard stores like JKS and PKCS12. If you plan
on adding new types, then lets make sure that we continue supporting
these types and support PEM in addition.
Dinesh
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
[DISCUSS] CASSANDRA-17031: Add support for PEM based key material for SSL
Posted by Maulin Vasavada <ma...@gmail.com>.
Changing the subject for this discussion with the JIRA ticket now.
Dinesh, when you say PEM and JKS formats simultaneously, do you mean that
for client vs internnode ssl we should be able to use different formats OR
beyond that within particular encryption options have a combination - PEM
based private keys and JKS based truststore?
Thanks
Maulin
On Mon, Oct 11, 2021 at 12:02 PM Maulin Vasavada <ma...@gmail.com>
wrote:
> Thanks all for your responses. So I'll give back the CEP number (if I
> can).
>
> For Dinesh's comment, I think we can take up in the DISCUSS thread for the
> JIRA ticket that I'll start. I will make sure I understand his comment and
> resolve it correctly.
>
> Thanks
> Maulin
>
> On Mon, Oct 11, 2021 at 8:47 AM Dinesh Joshi <dj...@icloud.com.invalid>
> wrote:
>
>> This could be just an enhancement jira. No need for a CEP.
>>
>> I think this would be a fine addition to Cassandra. Please ensure that we
>> can support both PEM as well as the current JKS simultaneously.
>>
>> Dinesh
>>
>> > On Oct 11, 2021, at 3:06 AM, Stefan Miklosovic <
>> stefan.miklosovic@instaclustr.com> wrote:
>> >
>> > I agree with Benedict, this does not need to have its own CEP.
>> >
>> > In the "approach" section to-be-discussed CEP-17, I clearly see this
>> > is building on top of what is already in so I do not think this needs
>> > yet another CEP to materialize.
>> >
>> > Regards
>> >
>> >> On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <be...@apache.org>
>> wrote:
>> >>
>> >> Hi Maulin,
>> >>
>> >> This sounds fine to me, though I don’t consider myself well versed in
>> these system details.
>> >>
>> >> I have a meta comment though: I think this could easily have been a
>> Jira with a DISCUSS thread brought to the list. The CEP process is (in my
>> opinion) for complex decisions that needs broad consent from the community,
>> whereas this seems like a straightforward feature we might want to
>> advertise to ensure others have an opportunity to offer their expertise and
>> opinions on.
>> >>
>> >>
>> >> From: Maulin Vasavada <ma...@gmail.com>
>> >> Date: Monday, 11 October 2021 at 06:54
>> >> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
>> >> Subject: [DISCUSS] CEP-17: Add support for PEM based key material for
>> SSL
>> >> Hi all,
>> >>
>> >> I would like to start this discussion thread for the CEP-17
>> >> <
>> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL
>> >.
>> >> I think it would be a great addition to support a commonly used format
>> for
>> >> private keys and trusted certificates for SSL configurations.
>> >>
>> >> Thank you.
>> >> Maulin
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
>> > For additional commands, e-mail: dev-help@cassandra.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
>> For additional commands, e-mail: dev-help@cassandra.apache.org
>>
>>
Re: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
Posted by Maulin Vasavada <ma...@gmail.com>.
Thanks all for your responses. So I'll give back the CEP number (if I can).
For Dinesh's comment, I think we can take up in the DISCUSS thread for the
JIRA ticket that I'll start. I will make sure I understand his comment and
resolve it correctly.
Thanks
Maulin
On Mon, Oct 11, 2021 at 8:47 AM Dinesh Joshi <dj...@icloud.com.invalid>
wrote:
> This could be just an enhancement jira. No need for a CEP.
>
> I think this would be a fine addition to Cassandra. Please ensure that we
> can support both PEM as well as the current JKS simultaneously.
>
> Dinesh
>
> > On Oct 11, 2021, at 3:06 AM, Stefan Miklosovic <
> stefan.miklosovic@instaclustr.com> wrote:
> >
> > I agree with Benedict, this does not need to have its own CEP.
> >
> > In the "approach" section to-be-discussed CEP-17, I clearly see this
> > is building on top of what is already in so I do not think this needs
> > yet another CEP to materialize.
> >
> > Regards
> >
> >> On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <be...@apache.org>
> wrote:
> >>
> >> Hi Maulin,
> >>
> >> This sounds fine to me, though I don’t consider myself well versed in
> these system details.
> >>
> >> I have a meta comment though: I think this could easily have been a
> Jira with a DISCUSS thread brought to the list. The CEP process is (in my
> opinion) for complex decisions that needs broad consent from the community,
> whereas this seems like a straightforward feature we might want to
> advertise to ensure others have an opportunity to offer their expertise and
> opinions on.
> >>
> >>
> >> From: Maulin Vasavada <ma...@gmail.com>
> >> Date: Monday, 11 October 2021 at 06:54
> >> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
> >> Subject: [DISCUSS] CEP-17: Add support for PEM based key material for
> SSL
> >> Hi all,
> >>
> >> I would like to start this discussion thread for the CEP-17
> >> <
> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL
> >.
> >> I think it would be a great addition to support a commonly used format
> for
> >> private keys and trusted certificates for SSL configurations.
> >>
> >> Thank you.
> >> Maulin
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> > For additional commands, e-mail: dev-help@cassandra.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: dev-help@cassandra.apache.org
>
>
Re: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
Posted by Dinesh Joshi <dj...@icloud.com.INVALID>.
This could be just an enhancement jira. No need for a CEP.
I think this would be a fine addition to Cassandra. Please ensure that we can support both PEM as well as the current JKS simultaneously.
Dinesh
> On Oct 11, 2021, at 3:06 AM, Stefan Miklosovic <st...@instaclustr.com> wrote:
>
> I agree with Benedict, this does not need to have its own CEP.
>
> In the "approach" section to-be-discussed CEP-17, I clearly see this
> is building on top of what is already in so I do not think this needs
> yet another CEP to materialize.
>
> Regards
>
>> On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <be...@apache.org> wrote:
>>
>> Hi Maulin,
>>
>> This sounds fine to me, though I don’t consider myself well versed in these system details.
>>
>> I have a meta comment though: I think this could easily have been a Jira with a DISCUSS thread brought to the list. The CEP process is (in my opinion) for complex decisions that needs broad consent from the community, whereas this seems like a straightforward feature we might want to advertise to ensure others have an opportunity to offer their expertise and opinions on.
>>
>>
>> From: Maulin Vasavada <ma...@gmail.com>
>> Date: Monday, 11 October 2021 at 06:54
>> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
>> Subject: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
>> Hi all,
>>
>> I would like to start this discussion thread for the CEP-17
>> <https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL>.
>> I think it would be a great addition to support a commonly used format for
>> private keys and trusted certificates for SSL configurations.
>>
>> Thank you.
>> Maulin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: dev-help@cassandra.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
Posted by Stefan Miklosovic <st...@instaclustr.com>.
I agree with Benedict, this does not need to have its own CEP.
In the "approach" section to-be-discussed CEP-17, I clearly see this
is building on top of what is already in so I do not think this needs
yet another CEP to materialize.
Regards
On Mon, 11 Oct 2021 at 12:00, benedict@apache.org <be...@apache.org> wrote:
>
> Hi Maulin,
>
> This sounds fine to me, though I don’t consider myself well versed in these system details.
>
> I have a meta comment though: I think this could easily have been a Jira with a DISCUSS thread brought to the list. The CEP process is (in my opinion) for complex decisions that needs broad consent from the community, whereas this seems like a straightforward feature we might want to advertise to ensure others have an opportunity to offer their expertise and opinions on.
>
>
> From: Maulin Vasavada <ma...@gmail.com>
> Date: Monday, 11 October 2021 at 06:54
> To: dev@cassandra.apache.org <de...@cassandra.apache.org>
> Subject: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
> Hi all,
>
> I would like to start this discussion thread for the CEP-17
> <https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL>.
> I think it would be a great addition to support a commonly used format for
> private keys and trusted certificates for SSL configurations.
>
> Thank you.
> Maulin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
Posted by "benedict@apache.org" <be...@apache.org>.
Hi Maulin,
This sounds fine to me, though I don’t consider myself well versed in these system details.
I have a meta comment though: I think this could easily have been a Jira with a DISCUSS thread brought to the list. The CEP process is (in my opinion) for complex decisions that needs broad consent from the community, whereas this seems like a straightforward feature we might want to advertise to ensure others have an opportunity to offer their expertise and opinions on.
From: Maulin Vasavada <ma...@gmail.com>
Date: Monday, 11 October 2021 at 06:54
To: dev@cassandra.apache.org <de...@cassandra.apache.org>
Subject: [DISCUSS] CEP-17: Add support for PEM based key material for SSL
Hi all,
I would like to start this discussion thread for the CEP-17
<https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-17%3A+Add+support+for+PEM+based+key+material+for+SSL>.
I think it would be a great addition to support a commonly used format for
private keys and trusted certificates for SSL configurations.
Thank you.
Maulin