[openstack-dev] [openstack-ansible][security] Improving SSL/TLS in OpenStack-Ansible
major at mhtx.net
Fri Jan 15 14:18:39 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
I've attended some of the OpenStack Security Mid-Cycle meeting this week and Robert Clark was kind enough to give me a deep dive on the Anchor project. We had a good discussion around my original email thread on improving SSL/TLS certificates within OpenStack-Ansible (OSA) and we went over my proposed spec on the topic.
Jean-Philippe Evrard helped me assemble an etherpad this morning where we brainstormed some problem statements, user stories, and potential solutions for improving the certificate experience in OSA. It seems like an ephemeral PKI solution, like Anchor, might provide a better certificate experience for users while also making the revocation and issuance process easier.
I'd really like to get some feedback from the OpenStack community on our current brainstorming efforts. We've enumerated a few use cases and user stories already, but we've probably missed some other important ones. Feel free to stop by #openstack-ansible or join us in the etherpad.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the OpenStack-dev