[openstack-dev] [nova][keystone] Message Queue Security
d.w.chadwick at kent.ac.uk
Thu Apr 25 16:04:50 UTC 2013
you dont need to negotiate algorithms on the fly. If the crypto arrives
with a clear indication of what algorithms it has used (as in S/MIME,
X.509 certs etc.) then the receiving code can automatically determine
which algorithms to use to decrypt the message. Of course, negotiation
of algorithms for point to point connections e.g. as in TLS/SSL, allows
an optimal set to be chosen from the outset
On 25/04/2013 16:51, Simo Sorce wrote:
> On Thu, 2013-04-25 at 16:38 +0100, David Chadwick wrote:
>> You answered your own question when you said
>> "The problem is that crypto is hard, and considering all the
>> implications of how algorithms interact is something few can master."
>> So if you hard code in a single (set of) algoriths, and then a
>> vulnerability is found in it (which happens all the time), then you are
>> screwed because you have no alternatives to switch to.
>> Some applications still have MD5 hard coded in, which is why many root
>> CAs with MD5 are still configured into most browsers. And that provided
>> the attack hole for APTs sending out "microsoft" updates with spoofed
>> MD5 certs.
> The thing is, unless you are asking for negotiating algorithms on the
> fly, what is the difference from changing a configuration option and
> patching a single python source file ?
> Sure we can set the HMAC and encryption scheme in a config file, but due
> to the networked nature of queues, it means you still have to manually
> change this configuration on all hosts and restart the cloud.
> I see no difference between doing that and patching all components and
> restarting the cloud. Is there ?
> I will look into making this configurable now anyway :)
More information about the OpenStack-dev