Re: community feedback on removing non-encrypted support from consul-release
Aaron Huber
The only thought I have is that for some of us that are doing network level
encryption until you guys do have everything secure by default, this would
just enforce double encrypting some things. Not necessarily the end of the
world but it would slow traffic down and increase CPU load.
Our current plan was to leave TLS disabled until everything is secure and
then switch to point-to-point security at that time and turn off IPSec.
That won't be possible until you stop sending passwords in clear text over
the wire, so at least until NATS is gone and possibly a few more things.
This isn't an argument not to make the change but just a data point for you.
Aaron Huber
Intel Corporation
--
View this message in context: http://cf-bosh.70367.x6.nabble.com/cf-bosh-community-feedback-on-removing-non-encrypted-support-from-consul-release-tp1314p1322.html
Sent from the CF BOSH mailing list archive at Nabble.com.
encryption until you guys do have everything secure by default, this would
just enforce double encrypting some things. Not necessarily the end of the
world but it would slow traffic down and increase CPU load.
Our current plan was to leave TLS disabled until everything is secure and
then switch to point-to-point security at that time and turn off IPSec.
That won't be possible until you stop sending passwords in clear text over
the wire, so at least until NATS is gone and possibly a few more things.
This isn't an argument not to make the change but just a data point for you.
Aaron Huber
Intel Corporation
--
View this message in context: http://cf-bosh.70367.x6.nabble.com/cf-bosh-community-feedback-on-removing-non-encrypted-support-from-consul-release-tp1314p1322.html
Sent from the CF BOSH mailing list archive at Nabble.com.