It's more of a theoretical concern about double-encrypting, I'd expect with
modern CPUs it should be more or less undetectable. Again, I wouldn't hold
off implementing the change because of this, we'd just have to adjust our
plans.

The most obvious example of passwords on the wire in clear text was the
staging upload username/password being sent to the DEAs via NATS. I'm
actually not sure how those credentials flow through to Diego without
digging into the code.

There were a few others we identified the last time we looked. I recall the
VARZ credentials were in NATS also. I didn't make an extensive list at the
time - as soon as we found one we had to implement network level encryption.
:-)

Aaron



--
View this message in context: http://cf-bosh.70367.x6.nabble.com/cf-bosh-community-feedback-on-removing-non-encrypted-support-from-consul-release-tp1314p1331.html
Sent from the CF BOSH mailing list archive at Nabble.com.