<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 14 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:Wingdings;

        panose-1:5 0 0 0 0 0 0 0 0 0;}

@font-face

        {font-family:Wingdings;

        panose-1:5 0 0 0 0 0 0 0 0 0;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:Consolas;

        panose-1:2 11 6 9 2 2 4 3 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.MsoPlainText, li.MsoPlainText, div.MsoPlainText

        {mso-style-priority:99;

        mso-style-link:"Plain Text Char";

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

p

        {mso-style-priority:99;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

p.MsoAcetate, li.MsoAcetate, div.MsoAcetate

        {mso-style-priority:99;

        mso-style-link:"Balloon Text Char";

        margin:0in;

        margin-bottom:.0001pt;

        font-size:8.0pt;

        font-family:"Tahoma","sans-serif";}

span.PlainTextChar

        {mso-style-name:"Plain Text Char";

        mso-style-priority:99;

        mso-style-link:"Plain Text";

        font-family:"Consolas","serif";}

span.BalloonTextChar

        {mso-style-name:"Balloon Text Char";

        mso-style-priority:99;

        mso-style-link:"Balloon Text";

        font-family:"Tahoma","sans-serif";}

span.EmailStyle22

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri","sans-serif";}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yes Paul, it could be stored as you suggest, but the idea behind having a separate key manager is to make things more difficult.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Say someone stole a disk with a bunch of

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Enc-obj-1,  enc(key-1, master-key><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Enc-obj-2, enc(key-2, master-key><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Enc-obj-3, enc(key-3, master-key><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The moment that master-key is cracked, obj1, 2, 3 become accessible.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Object-store/volume-store                              key-manager<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Enc-obj-1,  key-id-1                                            key-id-1:  enc(key-1, master-key><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Enc-obj-2,  key-id-2                                            key-id-2:  enc(key-2, master-key><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Enc-obj-3,  key-id-3                                            key-id-3   enc(key-3, master-key><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Even with a TPM, the master-key would be saved encrypted in the TPM storage.  Should the object host computer get stolen, and the<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Master-key extracted, the data would still be safe through a chain of actions (disabling access to the key-manager, changing master key, and<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">re-encrypting all the key-strings associated with the service with a new master) .<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">On the note of making things harder to crack, one could have another layer of protection, encrypting key-id with a master-key-id …<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Malini<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Paul Sarin-Pollet [mailto:psarpol@gmx.com]

<br>

<b>Sent:</b> Tuesday, March 12, 2013 3:44 AM<br>

<b>To:</b> OpenStack Development Mailing List<br>

<b>Subject:</b> Re: [openstack-dev] key manager proposal<o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">Hi Malini,<br>

<br>

Do you agree that instead to store the key-id and the key in a key manager, the key itself could be stored, encrypted by master key, as a metadata with the object ?<br>

<br>

Thanks<br>

<br>

Paul<br>

<br>

 <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-right:0in">

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">----- Original Message -----<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">From: Bhandaru, Malini K<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">Sent: 03/09/13 01:41 AM<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">To: Nate Reller, OpenStack Development Mailing List<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">Subject: Re: [openstack-dev] key manager proposal<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<div>

<div>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Thank you Nate for detailed comments. Please do send your UML diagrams.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">-----Original Message-----<br>

From: Nate Reller [<a href="mailto:rellerreller@yahoo.com">mailto:rellerreller@yahoo.com</a>]<br>

Sent: Friday, March 08, 2013 12:16 PM<br>

To: <a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a><br>

Subject: Re: [openstack-dev] key manager proposal<o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">Malini,<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">Sorry for the long reply, but I have a lot of thoughts on this. I like the proposal overall, but I have some concerns and suggestions.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">*** Master Key and Access for Compute Hosts ***<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">My biggest concerns are with regards to the master key and preventing access to the compute hosts. In our proposal, encrypt-cinder-volumes, the compute host is encrypting

 the cinder volume data after it leaves the VM and before it is sent to the cinder host. Clearly we would like for compute hosts to have access to the Key Manager to allow them to encrypt the data.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Yes, understand that you want compute host to do the encryption.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Just as easy to establish trust-worthiness of compute hosts as normal service hosts.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Currently VMs can be deployed on “trusted” and “untrusted” compute hosts.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Likewise volumes can be attached  to trusted and untrusted compute hosts, and the volumes themselves

</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Encrypted or plain text.  </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">==================</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Host              |  Volume</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Untrusted    |   plain</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Untrusted    |   encrypted    

</span><span style="font-size:9.0pt;font-family:Wingdings;color:#0070C0">è</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">   “Mixed Bag”</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Trusted        |    plain</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Trusted        |   encrypted</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">The issue then becomes “untrusted” compute host dealing with an encrypted volume.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">The “volume” master key only encrypts the key-string, just so key-strings are not in lying around as plain text on the key-manager node.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Having the master key without the actual key is not useful.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">A volume is attached to a VM only after establishing that they all belong to the same user/project/domain. This is standard keystone token access</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Control after establishing authorization credentials.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">The encrypted key string is only released to Cinder/Compute host, after trust is delegated from the above authorization.

</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">We could deliver the key to decrypt the volume to such a compute host encrypted with the host-PKI public-key because we do not want to</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Trust it with a master key because it has no TPM secure storage.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">May be I am missing something, and thus do not understand your concern.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Volume = V</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Key to volume V = k-v</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Master = m</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">If compute host has a/the master key == m, it still needs k-v and V (the encrypted volume) to get to the secrets.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">We are controlling access to k-v.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">The key manager holding the set of keys {k-v} will not have access to the master, and in so doing protects all the keys it  has.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">do not want to just save as plain text a symmetric key  (one of your interface related suggestions if I understand correctly)</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">The common master, versus special handling is so that</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Volume = NateV</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Compute-node-host-A    Compute-node-host-B Compute-node-host-C</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Your VM should be technically able to run on the above A, B, or C and attach volume NateV.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">If master encryption key lives only on compute-node-host-A, then you can decrypt the volume only on A.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Alternately if VM runs on compute-node-host-B, need to retrieve the master from compute-node-host-A or elsewhere.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">After retrieving master, then retrieve the volume specific key NateV-k.</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">My other concern is with the master key idea. The compute hosts will be responsible for encrypting and decrypting the data for cinder volumes. If the keys for doing this

 are encrypted by a master key then the master key must be shared by all compute hosts that will use the cinder volume. That would require copying the master key to multiple platforms and that makes me nervous. This is my biggest concern with master keys encrypting

 other keys. It forces the master key to be shared with all entities that will use the key.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">I propose changing the interface to operate on generic Key objects. Then we can have classes of Key objects for different types of keys. One Key class may be a SymmetricKey

 class for storing AES keys and the like. Another Key class may be an EncryptedSymmetricKey class that stores a symmetric key that is encrypted by a master key. This way the interface can support the use cases for master keys and plain old symmetric keys. It

 would also support split keys. I can send a UML diagram or two with my thoughts if you like. Let me know.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">*** Authroization Token ***<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#0070C0">Certainly want to pass in other information, including encryption preferences (algorithm, key-size etc)</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:black"> </span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">I like that your API takes in an authorization token. Do you have more details on what that would be? Our prototype right now takes in the context of the caller (i.e. the

 user). I would like to extend that to have the interface take in a security context that not only provides an authorization token from the user, but it may include other information as well. I am thinking about information specific to the platform. For instance,

 I may want to have the compute host provide a signed TPM quote, so the Key Manager can verify that the caller is from a particular platform. I would be interested in brainstorming more ideas on this.  I'm also not sure what the Keystone group is working on

 in this area. I also think it would be cool to integrate TNC into this, but I'm not sure how to do that.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">*** Miscellaneous Thoughts ***<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">I would like to see the Key Manager as its own service. I think many different services have a need for a Key Manager and making it its own service would be useful.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">TPM could be used to encrypt all keys on Key Manager platform. Then you could lock the keys down unless the platform is in a specific state.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">I don't think we should limit key scope. I imagine there will be many different use cases for keys, and the key scope will be different for each one. It may also be different

 per deployment.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">This topic is of interest to the OpenStack Security Group (OSSG). You may want to join the meetings on Thursdays.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">Link to encrypt-cinder-volumes blueprint:<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><a href="https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes"><span style="color:windowtext;text-decoration:none">https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes</span></a><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">-Nate<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">> When you get a chance we checkout<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">>

<a href="https://wiki.openstack.org/wiki/KeyManager"><span style="color:windowtext;text-decoration:none">https://wiki.openstack.org/wiki/KeyManager</span></a> > I hope I have captured ideas and addressed concerns we have discussed on this mailing list.<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">_______________________________________________<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif"">OpenStack-dev mailing list<o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><a href="mailto:OpenStack-dev@lists.openstack.org"><span style="color:windowtext;text-decoration:none">OpenStack-dev@lists.openstack.org</span></a><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

<p class="MsoPlainText"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><span style="color:windowtext;text-decoration:none">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</span></a><o:p></o:p></span></p>

<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif""> <o:p></o:p></span></p>

</div>

</div>

</blockquote>

</div>

</body>

</html>