[openstack-dev] [nova][keystone] Message Queue Security
eric at cloudscaling.com
Fri Apr 26 17:14:30 UTC 2013
On Friday, April 26, 2013 at 12:24 PM, Simo Sorce wrote:
> 1. A -> S [Please give me SEK for A -> B]
> 2. S -> A [Here your SEK and btw here is Eb(SEK)]
> 3. A -> B [signed message, sends along Eb(SEK)]
> now B takes Eb(SEK), unencrypts it and uses SEK to validate the message
I was thinking along these same lines.
However, the messages from S must be signed and Eb(SEK) must also be signed (using PKI). A question here becomes to do Sign-Encrypt, Encrypt-Sign, or Sign-Encrypt-Sign. This is one of those areas where attempting to roll your own cryptographically secure protocol bites designers/implementors.
There are plenty of documented reasons why encryption-alone is a bad idea. The fact this new proposal bakes in the possibility for a MITM only underlines that fact.
More information about the OpenStack-dev