<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.yiv1290123928msoplaintext, li.yiv1290123928msoplaintext, div.yiv1290123928msoplaintext
{mso-style-name:yiv1290123928msoplaintext;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.yiv1290123928msonormal, li.yiv1290123928msonormal, div.yiv1290123928msonormal
{mso-style-name:yiv1290123928msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.yiv1290123928msochpdefault, li.yiv1290123928msochpdefault, div.yiv1290123928msochpdefault
{mso-style-name:yiv1290123928msochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.yiv1290123928msohyperlink
{mso-style-name:yiv1290123928msohyperlink;}
span.yiv1290123928msohyperlinkfollowed
{mso-style-name:yiv1290123928msohyperlinkfollowed;}
span.yiv1290123928emailstyle17
{mso-style-name:yiv1290123928emailstyle17;}
span.yiv1290123928plaintextchar
{mso-style-name:yiv1290123928plaintextchar;}
p.yiv1290123928msonormal1, li.yiv1290123928msonormal1, div.yiv1290123928msonormal1
{mso-style-name:yiv1290123928msonormal1;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.yiv1290123928msohyperlink1
{mso-style-name:yiv1290123928msohyperlink1;
color:blue;
text-decoration:underline;}
span.yiv1290123928msohyperlinkfollowed1
{mso-style-name:yiv1290123928msohyperlinkfollowed1;
color:purple;
text-decoration:underline;}
p.yiv1290123928msoplaintext1, li.yiv1290123928msoplaintext1, div.yiv1290123928msoplaintext1
{mso-style-name:yiv1290123928msoplaintext1;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.yiv1290123928emailstyle171
{mso-style-name:yiv1290123928emailstyle171;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.yiv1290123928plaintextchar1
{mso-style-name:yiv1290123928plaintextchar1;
font-family:"Calibri","sans-serif";}
p.yiv1290123928msochpdefault1, li.yiv1290123928msochpdefault1, div.yiv1290123928msochpdefault1
{mso-style-name:yiv1290123928msochpdefault1;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle33
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:960771730;
mso-list-type:hybrid;
mso-list-template-ids:1033395204 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Nate:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Supporting clone operations for encrypted volumes is logical. It is like any other volume but more secure.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Speed is of value.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">There are a few layers of protection:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Access control to the volumes via KeyStone.<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So only someone with access to the volume would be able to clone it. Typically snapshot is for archival purposes<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">To return to a past working state.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The key itself is in the key-manager, and only the key-id is associated with the volume as meta-data.<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So the user would need to authenticate themselves with the system to unlock the volume.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">3)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I am guessing your use case is handing off a clone to a third party via a url or other mechanism.<o:p></o:p></span></p>
<p class="MsoListParagraph"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This is where a level of indirection could be provided that avoids full volume decrypt and re-encrypt.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> A primary and secondary key. The primary is used to encrypt the volume.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> The secondary key is used to encrypt the primary and the meta data will refer to both.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> It would be like distributing copies of the key.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Access logs could capture which of the duplicate keys was used to unlock the volume.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> <encrypted-volume>, meta-data: {key-id: 1234, encrypted-primary-key: jsdphq89wty[14kjsdfj}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Or<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> <encrypted-volume>, meta-data: {primary-key-id: pppp, secondary-key-id: ssss}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Key-string(pppp) needs to be decrypted using key-string(ssss).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Decrypt(key-string(pppp), key-string(ssss)) to get the encryption key of the volume.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> On creating a clone.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> <encrypted-volume>, meta-data: {primary-key-id: qqqq, secondary-key-id: rrrr}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Decrypt(key-string(pppp), key-string(ssss)) == Decrypt(key-string(qqqq), key-string(rrrr)) <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Malini<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nate Reller [mailto:rellerreller@yahoo.com]
<br>
<b>Sent:</b> Thursday, February 14, 2013 8:24 AM<br>
<b>To:</b> OpenStack Development Mailing List<br>
<b>Subject:</b> Re: [openstack-dev] Volume Encryption<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">Malini, I was happy to learn about a key manager discussion at the summit. Do you know what track this would be under? I can't decide if this should be in Keystone or maybe a whole new
service. I like the idea of a whole new service myself because I think it helps to have the separation and prevent bloating of functionality for components. On the other hand, I probably don't want a dozen services.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">I like the idea of the key-id. I think we may end up using that idea. This will help us to support snapshot operations.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">One item we have yet to tackle is cloning. I think there are a few options for this.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">1) Don't support clone operations for encrypted volumes. This is easy to implement and prevents key reuse, but it limits functionality.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">2) Support clone with same key. This should be easy to implement as well. We could use the metadata key-id and set it to the same value for the clone. The drawback to this is that the key has multiple uses,
and it could be used to decrypt many different volumes. I don't like the idea of that. If the key is compromised then what do you do?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">3) Support clone with different key. You could do this by decrypting the bytes from the original volume and encrypting them with a new key. If we are going to support cloning then I think I like this approach
the best. The drawback on this is time.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">There are similar issues for snapshots, but I am not as opposed to option 2 for snapshots. Any thoughts on this?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">-Nate<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">
<hr size="1" width="100%" align="center">
</span></div>
<p class="MsoNormal" style="background:white"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"> "Bhandaru, Malini K" <<a href="mailto:malini.k.bhandaru@intel.com">malini.k.bhandaru@intel.com</a>><br>
<b>To:</b> OpenStack Development Mailing List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>>
<br>
<b>Sent:</b> Wednesday, February 13, 2013 4:32 PM<br>
<b>Subject:</b> RE: [openstack-dev] Volume Encryption</span><span style="color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="color:black"><o:p> </o:p></span></p>
<div id="yiv1290123928">
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">Oleg, just the thought I had earlier in the day!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">Suggested a session for key manager at
<a href="http://summit.openstack.org/">http://summit.openstack.org/</a>.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">To your list of blueprints, I added another one I found.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">Nate, if your volume meta data included a key-id, it could pull the key-string from the key-manager (as yet a fuzzy) entity.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">The keystone token could also capture preferences for encryption algorithm (for Cinder/Glance/Swift) and these default to<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">strong versions like Caitlin suggests.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black">Malini<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>