Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

No conflicts with your cross-project session as far as I can tell.

In a nutshell BYOK-Push is a model where the customer retains full
control of their cryptographic keys.  The customer is expected to
provide the necessary keys each and every time a request is made that
requires some cryptographic operation.  Amazon S3's SSE-C encryption
[1] would be a good example of this model.

In a BYOK-Pull model, the customer would grant access to their cloud
provider for some key management system inside their private
infrastructure.  For example this model could be used in a hybrid
cloud where the customer has an on-premise barbican that can provide
keys on-demand to the public cloud provider.

+1 to not spending a lot of time talking about a model that no one is
interested in implementing.  My impression at the last joint
Barbican/OSSP mid-cycle was that most people were interested in the
push model.

[1]
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCusto
merKeys.html

On 4/22/16 4:03 PM, Fox, Kevin M wrote:
> Can you please give a little more detail on what its about?
> 
> Does this have any overlap with the instance user session: 
> https://www.openstack.org/summit/austin-2016/summit-schedule/events/94
85
>
>  Thanks, Kevin
> 
> ----------------------------------------------------------------------
- --
>
> 
*From:* Rob C [hyakuhei at gmail.com]
> *Sent:* Friday, April 22, 2016 1:44 PM *To:* OpenStack Development
> Mailing List (not for usage questions) *Subject:* Re:
> [openstack-dev] [Security][Barbican][all] Bring your own key
> fishbowl sessions
> 
> So that's one vote for option A and one vote for another vote :)
> 
> On 22 Apr 2016 4:25 p.m., "Nathan Reller"
> <nathan.s.reller at gmail.com <mailto:nathan.s.reller at gmail.com>>
> wrote:
> 
>> Thoughts?
> 
> Is anyone interested in the pull model or actually implementing it?
> I say if the answer to that is no then only discuss the push
> model.
> 
> Note that I am having a talk on BYOK on Tuesday at 11:15. My talk
> will go over provider key management, the push model, and the pull
> model. There are some aspects of design in it that will likely
> interest people. You might want to take the poll after session
> because I'm not sure how many people know what the differences
> are.
> 
> -Nate
> 
> ______________________________________________________________________
____
>
> 
OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe 
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>
> 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> ______________________________________________________________________
____
>
> 
OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXGpu3AAoJEB7Z2EQgmLX7eaAQAKArxp+Pw6jl+4Xz5t9zrOZb
ENSOq049jOrymUolD/VyiicT2llG08LxHlLjfnVthJ7j5+unB6XQLRKLIDAGUCrM
IyTw9SRSjElvQVN6mct/NnePlhipjWf6inqCxpRKE0Bbv2jgOHiYOqZ04yQAxZ/1
aWevqSc2piJhlZmOjTlYbls0O0oTPGw0zkyS0Damja5OIiu45niSQvrnwlbfVTJg
R9ORk0FSNrpvgOBIAFCqLYXhmvrhHkV0+M6aQ4NHy9m05ywe7jq4J2qhcUqY3kqp
b/qNCKlJ25mSlnCcVLYR8iDkLxfLwa7dToCViacnLg2dd7T1l0OhLgbBY1ENHIuw
jvwE3vVz4HPHhk8ArybWvaOepP+cPdPB4fcX5DkatEfI2raCr18yebZ+AfI7/e/v
WtlwLUcG/GxOIQe/PpTF6Y5cRimV62u/Fk3FXZYJnFt2dk+zw9OTzrasZg/RrTVT
UEaMPZXt8AfAVEUNRh2KA1NgFhyvuLIkexSPmmuJ5dxgJ2JmB2OoLF+pNNT5xH4L
bTYuIGt39nuLT8wv9vyovoMuDG6mP8JF0b4LW/2XEfBTPq9LfDlEtmZUqlDhYG2I
FlqP1iN0O1B0X9hG6+fnD+aEga8nx060wNxsioUD2bNmJ6lqYeq8Jj0hIdsjYTAU
xwrWP8UdUfC7GU9oun1Y
=PeQa
-----END PGP SIGNATURE-----