[openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit

Carlos Garza carlos.garza at rackspace.com
Tue Jun 10 17:56:15 UTC 2014


 Ok but we still need input from Stephen Balukoff and Jorge to see how this will integrate with the API being proposed. I'm not sure if they were intending to use the attributes your discussing as well as which object was going to contain them.
On Jun 10, 2014, at 6:13 AM, Evgeny Fedoruk <EvgenyF at Radware.com>
wrote:

> Hi All,
> 
> Carlos, Vivek, German, thanks for reviewing the RST doc.
> There are some issues I want to pinpoint final decision on them here, in ML, before writing it down in the doc.
> Other issues will be commented on the document itself.
> 
> 1.       Support/No support in JUNO
> Referring to summit’s etherpad https://etherpad.openstack.org/p/neutron-lbaas-ssl-l7,
> a.       SNI certificates list was decided to be supported. Was decision made not to support it?
> Single certificate with multiple domains can only partly address the need for SNI, still, different applications 
> on back-end will need different certificates.
> b.      Back-end re-encryption was decided to be supported. Was decision made not to support it?
> c.       With front-end client authentication and back-end server authentication not supported, 
> Should certificate chains be supported?
> 2.       Barbican TLS containers
> a.       TLS containers are immutable.
> b.      TLS container is allowed to be deleted, always.
>                                                             i.      Even when it is used by LBaaS VIP listener (or other service).
>                                                           ii.      Meta data on TLS container will help tenant to understand that container is in use by LBaaS service/VIP listener
>                                                          iii.      If every VIP listener will “register” itself in meta-data while retrieving container, how that “registration” will be removed when VIP listener stops using the certificate?
> 
> Please comment on these points and review the document on gerrit (https://review.openstack.org/#/c/98640)
> I will update the document with decisions on above topics.
> 
> Thank you!
> Evgeny
> 
> 
> From: Evgeny Fedoruk 
> Sent: Monday, June 09, 2014 2:54 PM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit
> 
> Hi All,
> 
> A Spec. RST  document for LBaaS TLS support was added to Gerrit for review
> https://review.openstack.org/#/c/98640
> 
> You are welcome to start commenting it for any open discussions.
> I tried to address each aspect being discussed, please add comments about missing things.
> 
> Thanks,
> Evgeny
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list