[openstack-dev] [nova][keystone] Message Queue Security

Mark McLoughlin markmc at redhat.com
Tue Apr 30 11:03:29 UTC 2013

Hi Simo,

On Thu, 2013-04-25 at 08:37 -0400, Simo Sorce wrote:
> Hello list,
> at the Summit we had a very interesting and productive discussion about
> Message Signing/Encryption for RPC Messages sent via the Message Queue.
> I would like to present a proposal that uses symmetric keys and a
> central key server to address the problem:
> https://wiki.openstack.org/wiki/MessageSecurity
> I would really like to get feedback on the proposal, especially if there
> are corner cases I have not considered.

I admit I haven't spent much time considering all aspects of this, but
from a high level I like the idea and your diligence.

I'm working on a proposal for a redesign of the messaging API:


I don't think this will affect your design in any way, and I don't think
your proposal changes the API design ... so that's all goodness.

One thing I've just realized we haven't taken into account is
notifications. There's probably a lot of value (to ceilometer at least,
I'd imagine) in using public-key encryption to sign those messages since
they are being broadcast to the world and there's no concept of the
sender knowing who the message is being sent to.

Maybe solving the notification signing issue is orthogonal to RPC
signing and encryption, but had you any thoughts on it?


More information about the OpenStack-dev mailing list