Open Stack

Caitlin Bestler wrote:

> The blueprint should be clearer that this is totally transparent beyond the scope of the
> virtualization host and the entity that stores the key for the volume.

> The block server is still supporting reads and write of blocks. It does not have to know that
> the content was encrypted before it was sent or that it will be decrypted after it is read.

> Also, the justification is protection of the disks at rest. Quantum can configure virtual
> networking to support volume access in a way that makes intercepting of contents infeasible.
> But quantum cannot protect against someone removing the drive and just reading it on a
> different machine.

> It should be emphasized that the keys must not be stored on the same devices as the encrypted > volumes.


Thanks for the input.  This clarification will be very helpful for when we update the blueprint and spec in a few weeks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121221/0f2277dd/attachment.html>