On 09/07/2015 12:47 PM, Kaushal M wrote: > On Mon, Sep 7, 2015 at 8:29 PM, Jeff Darcy <jdarcy@xxxxxxxxxx> wrote: >>> - Support for SSL transports - thought we wouldn't be using this >>> initially, we would require it later on. >> >> Control-plane security is important enough that I think it has to >> be a Day One requirement. > > I did mean this, but I could have expressed it better. What I meant to > say was that though we would not be using SSL for the first planned > milestone, the RPC framework we choose would need to support SSL as we > will be using it later on. I have to ask—— Every day we hear about vulnerabilities and exploits. Have we not yet reached the point were we just start with security enabled as a matter of routine? Why aren't we using TLS (the real name, FWIW) from day one? Please? -- Kaleb _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-devel
