Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/11/13 16:33, Clint Byrum wrote:
> Excerpts from Vijay Venkatachalam's message of 2013-11-19 05:48:43
> -0800:
>> Hi Sam, Eugene, & Avishay, etal,
>> 
>> Today I spent some time to create a write-up for SSL Termination
>> not exactly design doc. Please share your comments!
>> 
>> https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2nYTvMkMJ_inbo/edit
>>
>>
>> 
Would like comments/discussion especially on the following note:
>> 
>> SSL Termination requires certificate management. The ideal way is
>> to handle this via an independent IAM service. This would take
>> time to implement so the thought was to add the certificate
>> details in VIP resource and send them directly to device.
>> Basically don't store the certificate key in the DB there by
>> avoiding security concerns of maintaining certificates in
>> controller.
>> 
>> I would expect the certificates to become an independent resource
>> in future thereby causing backward compatibility issues.
>> 
> 
> Perhaps Barbican can be leveraged for this, it seems that it was

Indeed, the planned Libra solution for this is to use Barbican.  We
did some investigation into this when Barbican was a very new project
but unfortunately it wasn't quite ready at the time.  We will be
looking into this again in the coming months.

Kind Regards
- -- 
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSjGpOAAoJEJfFW8uxApB2VQQH/RdqegsTw5TsqIeARRwv4XPP
9VgpbuPuUmENJ2zBa9LPM1+ytY61LQRXUpLtYMxN3iefndgACvEgJ/hfVeiu7F6T
YDQyu3K6XtSJ4E1bizJQyyU0Q1bXzsb/3J/Nh3E5RRZ/vQCRAvnihiehDr8R002e
YdzOIorMP45kmHg77CCq9wKEffUDGzr/vqa+5xERSOCkt3TvB7T8BW+f9DipVH/G
9pbTvkqWsHB0ppytgTM7rv1P7ltAvSDPdC6ALh7q/oQU7QAMr1XxZSEbJCYzXLqb
WAt1QYC0EddxKArQmPA5LmMoOW02c76sJqKHeZbrZEERB4nxbZMPvjAKf4F+8Mw=
=uJGy
-----END PGP SIGNATURE-----