Tracking task to list all the work to do to add encryption/authentication to Kafka Jumbo clients. The motivations are multiple:
- PII data in transit from various links should be encrypted. Cross-DC links are especially problematic since we consider them not trusted.
- Consumers should trust a Kafka topic broker using TLS, to avoid any man of the middle attack.
- Consumers of PII data should be authenticated via TLS or SASL/GSS-API/Kerberos (the latter seems the best option).