[openstack-dev] [nova][keystone] Message Queue Security

Simo Sorce simo at redhat.com
Fri Apr 26 20:05:27 UTC 2013

On Fri, 2013-04-26 at 13:14 -0400, Eric Windisch wrote:
> On Friday, April 26, 2013 at 12:24 PM, Simo Sorce wrote:
> > 1. A -> S [Please give me SEK for A -> B]
> > 2. S -> A [Here your SEK and btw here is Eb(SEK)]
> > 3. A -> B [signed message, sends along Eb(SEK)]
> > now B takes Eb(SEK), unencrypts it and uses SEK to validate the message
> I was thinking along these same lines.
> However, the messages from S must be signed and Eb(SEK) must also be
> signed (using PKI). A question here becomes to do Sign-Encrypt,
> Encrypt-Sign, or Sign-Encrypt-Sign. This is one of those areas where
> attempting to roll your own cryptographically secure protocol bites
> designers/implementors.

Please see 5.1, all messages are always authenticated.
Plus see 5.3.3 the SEK is returned encrypted, and the revised spec will
do the same of course, I omitted it because it seemed clear from the

The complete reply will be:

HMAC(metadata, Ea(SEK, Eb(SEK)))

This is again a simplification of course, I am going to write up the
details of the amended proposal now, so re-read the spec in the weekend
and it will contain all the details as proposed in the amendment


Simo Sorce * Red Hat, Inc * New York

More information about the OpenStack-dev mailing list