<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 08/13/2013 06:20 PM, Dolph Mathews
wrote:<br>
</div>
<blockquote
cite="mid:CAC=h7gU1WXp62S34NOViM8eP6bfUVGXpAGxyp5h8s07PVQbPBQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div id="magicdomid817" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px">With
regard to: <a moz-do-not-send="true"
href="https://blueprints.launchpad.net/keystone/+spec/key-distribution-server"
style="margin:0px;padding:0px">https://blueprints.launchpad.net/keystone/+spec/key-distribution-server</a><br>
</div>
<div id="magicdomid118" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
style="margin:0px;padding:0px">
</div>
<div id="magicdomid821" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">During today's
project status meeting [1], the state of KDS was discussed
[2]. To quote ttx directly: "we've been bitten in the past
with late security-sensitive stuff" and "I'm a bit worried
to ship late code with such security implications as a KDS."
I share the same concern, especially considering the API
only recently went up for formal review [3], and the WIP
implementation is still failing smokestack [4].</span></div>
</div>
</blockquote>
<br>
Since KDS is a security tightening in acase where there is no
security at all, adding it in can only improve security.<br>
<br>
It is a relatively simple extension from the keystone side. THe
corresponding change is in the client, and that has already merged.<br>
<br>
<blockquote
cite="mid:CAC=h7gU1WXp62S34NOViM8eP6bfUVGXpAGxyp5h8s07PVQbPBQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div id="magicdomid600" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
style="margin:0px;padding:0px">
</div>
<div id="magicdomid827" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">I'm happy to see
the reviews in question continue to receive their fair share
of attention over the next few weeks, but can (and should?)
merging be delayed until icehouse while more
security-focused eyes have time to review the code?</span></div>
<div id="magicdomid829" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
style="margin:0px;padding:0px">
</div>
<div id="magicdomid1033" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">Ceilometer and
nova would both be affected by a delay, as both have use
cases for consuming trusted messaging [5] (a dependency of
the bp in question).</span></div>
<div id="magicdomid1034" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
style="margin:0px;padding:0px">
</div>
<div id="magicdomid1032" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">Thanks for you
feedback!</span></div>
<div id="magicdomid1007" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br
style="margin:0px;padding:0px">
</div>
<div id="magicdomid273" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">[1]: </span><span
class="" style="margin:0px;padding:1px 0px"><a
moz-do-not-send="true"
href="http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log"
style="margin:0px;padding:0px">http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log</a></span></div>
<div id="magicdomid280" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">[2]: </span><span
class="" style="margin:0px;padding:1px 0px"><a
moz-do-not-send="true"
href="http://paste.openstack.org/raw/44075/"
style="margin:0px;padding:0px">http://paste.openstack.org/raw/44075/</a></span></div>
<div id="magicdomid499" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">[3]: </span><span
class="" style="margin:0px;padding:1px 0px"><a
moz-do-not-send="true"
href="https://review.openstack.org/#/c/40692/"
style="margin:0px;padding:0px">https://review.openstack.org/#/c/40692/</a></span></div>
<div id="magicdomid576" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">[4]: </span><span
class="" style="margin:0px;padding:1px 0px"><a
moz-do-not-send="true"
href="https://review.openstack.org/#/c/37118/"
style="margin:0px;padding:0px">https://review.openstack.org/#/c/37118/</a></span></div>
<div id="magicdomid970" class="" style="margin:0px;padding:0px
1px 0px
0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span
class="" style="margin:0px;padding:1px 0px">[5]: </span><span
class="" style="margin:0px;padding:1px 0px"><a
moz-do-not-send="true"
href="https://blueprints.launchpad.net/oslo/+spec/trusted-messaging"
style="margin:0px;padding:0px">https://blueprints.launchpad.net/oslo/+spec/trusted-messaging</a></span></div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>