<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 08/13/2013 06:20 PM, Dolph Mathews
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAC=h7gU1WXp62S34NOViM8eP6bfUVGXpAGxyp5h8s07PVQbPBQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div id="magicdomid817" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px">With
          regard to: <a moz-do-not-send="true"
href="https://blueprints.launchpad.net/keystone/+spec/key-distribution-server"
            style="margin:0px;padding:0px">https://blueprints.launchpad.net/keystone/+spec/key-distribution-server</a><br>
        </div>
        <div id="magicdomid118" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
            style="margin:0px;padding:0px">
        </div>
        <div id="magicdomid821" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">During today's
            project status meeting [1], the state of KDS was discussed
            [2]. To quote ttx directly: "we've been bitten in the past
            with late security-sensitive stuff" and "I'm a bit worried
            to ship late code with such security implications as a KDS."
            I share the same concern, especially considering the API
            only recently went up for formal review [3], and the WIP
            implementation is still failing smokestack [4].</span></div>
      </div>
    </blockquote>
    <br>
    Since KDS is a security tightening in acase where there is no
    security at all, adding it in can only improve security.<br>
    <br>
    It is a relatively simple extension from the keystone side.  THe
    corresponding change is in the client, and that has already merged.<br>
    <br>
    <blockquote
cite="mid:CAC=h7gU1WXp62S34NOViM8eP6bfUVGXpAGxyp5h8s07PVQbPBQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div id="magicdomid600" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
            style="margin:0px;padding:0px">
        </div>
        <div id="magicdomid827" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">I'm happy to see
            the reviews in question continue to receive their fair share
            of attention over the next few weeks, but can (and should?)
            merging be delayed until icehouse while more
            security-focused eyes have time to review the code?</span></div>
        <div id="magicdomid829" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
            style="margin:0px;padding:0px">
        </div>
        <div id="magicdomid1033" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">Ceilometer and
            nova would both be affected by a delay, as both have use
            cases for consuming trusted messaging [5] (a dependency of
            the bp in question).</span></div>
        <div id="magicdomid1034" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
            style="margin:0px;padding:0px">
        </div>
        <div id="magicdomid1032" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">Thanks for you
            feedback!</span></div>
        <div id="magicdomid1007" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
            style="margin:0px;padding:0px">
        </div>
        <div id="magicdomid273" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">[1]: </span><span
            class="" style="margin:0px;padding:1px 0px"><a
              moz-do-not-send="true"
href="http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log"
              style="margin:0px;padding:0px">http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log</a></span></div>
        <div id="magicdomid280" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">[2]: </span><span
            class="" style="margin:0px;padding:1px 0px"><a
              moz-do-not-send="true"
              href="http://paste.openstack.org/raw/44075/"
              style="margin:0px;padding:0px">http://paste.openstack.org/raw/44075/</a></span></div>
        <div id="magicdomid499" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">[3]: </span><span
            class="" style="margin:0px;padding:1px 0px"><a
              moz-do-not-send="true"
              href="https://review.openstack.org/#/c/40692/"
              style="margin:0px;padding:0px">https://review.openstack.org/#/c/40692/</a></span></div>
        <div id="magicdomid576" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">[4]: </span><span
            class="" style="margin:0px;padding:1px 0px"><a
              moz-do-not-send="true"
              href="https://review.openstack.org/#/c/37118/"
              style="margin:0px;padding:0px">https://review.openstack.org/#/c/37118/</a></span></div>
        <div id="magicdomid970" class="" style="margin:0px;padding:0px
          1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
            class="" style="margin:0px;padding:1px 0px">[5]: </span><span
            class="" style="margin:0px;padding:1px 0px"><a
              moz-do-not-send="true"
              href="https://blueprints.launchpad.net/oslo/+spec/trusted-messaging"
              style="margin:0px;padding:0px">https://blueprints.launchpad.net/oslo/+spec/trusted-messaging</a></span></div>
        <div><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>