[openstack-dev] Volume Encryption

Caitlin Bestler caitlin.bestler at nexenta.com
Wed Feb 13 18:32:40 UTC 2013


On 2/13/2013 9:46 AM, Nate Reller wrote:
> Our intent was not to limit which encryption algorithms to use or to 
> propose a minimum standard.  We needed to pick a default 
> implementation to use for the Grizzly release.  We did not have enough 
> time to make the algorithm configurable, so we needed to pick a 
> default for the release.
>
> In the future we would like to support many different algorithms and 
> key sizes.  We are imagining the user inputting which algorithm and 
> key size they would like to use via the dashboard.  The administrators 
> of the cloud would be responsible for configuring the dashboard and 
> other components to report which encryption algorithms are available.  
> This will depend upon their cloud, and the encryption algorithm and 
> key sizes will likely be dictated by the features supported by the 
> compute nodes.
>
> -Nate
>
Something like this should always be pluggable, even if it requires 
editing configuration files.
Dashboard selection would also be nice, but would presume providing some 
text about what
the options were.

In any case, the general rule of thumb I have followed on security 
issues is to allow the user
a great deal of flexibility, but to default high. Users who do not know 
how to configure their
security settings probably need them to be set high.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130213/f52a5f12/attachment.html>


More information about the OpenStack-dev mailing list