
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 08/13/2013 06:20 PM, Dolph Mathews

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAC=h7gU1WXp62S34NOViM8eP6bfUVGXpAGxyp5h8s07PVQbPBQ@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div id="magicdomid817" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px">With

          regard to: <a moz-do-not-send="true"

href="https://blueprints.launchpad.net/keystone/+spec/key-distribution-server"

            style="margin:0px;padding:0px">https://blueprints.launchpad.net/keystone/+spec/key-distribution-server</a><br>

        </div>

        <div id="magicdomid118" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br

            style="margin:0px;padding:0px">

        </div>

        <div id="magicdomid821" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">During today's

            project status meeting [1], the state of KDS was discussed

            [2]. To quote ttx directly: "we've been bitten in the past

            with late security-sensitive stuff" and "I'm a bit worried

            to ship late code with such security implications as a KDS."

            I share the same concern, especially considering the API

            only recently went up for formal review [3], and the WIP

            implementation is still failing smokestack [4].</span></div>

      </div>

    </blockquote>

    <br>

    Since KDS is a security tightening in acase where there is no

    security at all, adding it in can only improve security.<br>

    <br>

    It is a relatively simple extension from the keystone side.  THe

    corresponding change is in the client, and that has already merged.<br>

    <br>

    <blockquote

cite="mid:CAC=h7gU1WXp62S34NOViM8eP6bfUVGXpAGxyp5h8s07PVQbPBQ@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div id="magicdomid600" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br

            style="margin:0px;padding:0px">

        </div>

        <div id="magicdomid827" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">I'm happy to see

            the reviews in question continue to receive their fair share

            of attention over the next few weeks, but can (and should?)

            merging be delayed until icehouse while more

            security-focused eyes have time to review the code?</span></div>

        <div id="magicdomid829" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br

            style="margin:0px;padding:0px">

        </div>

        <div id="magicdomid1033" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">Ceilometer and

            nova would both be affected by a delay, as both have use

            cases for consuming trusted messaging [5] (a dependency of

            the bp in question).</span></div>

        <div id="magicdomid1034" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br

            style="margin:0px;padding:0px">

        </div>

        <div id="magicdomid1032" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">Thanks for you

            feedback!</span></div>

        <div id="magicdomid1007" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><br

            style="margin:0px;padding:0px">

        </div>

        <div id="magicdomid273" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">[1]: </span><span

            class="" style="margin:0px;padding:1px 0px"><a

              moz-do-not-send="true"

href="http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log"

              style="margin:0px;padding:0px">http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2013-08-13.log</a></span></div>

        <div id="magicdomid280" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">[2]: </span><span

            class="" style="margin:0px;padding:1px 0px"><a

              moz-do-not-send="true"

              href="http://paste.openstack.org/raw/44075/"

              style="margin:0px;padding:0px">http://paste.openstack.org/raw/44075/</a></span></div>

        <div id="magicdomid499" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">[3]: </span><span

            class="" style="margin:0px;padding:1px 0px"><a

              moz-do-not-send="true"

              href="https://review.openstack.org/#/c/40692/"

              style="margin:0px;padding:0px">https://review.openstack.org/#/c/40692/</a></span></div>

        <div id="magicdomid576" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">[4]: </span><span

            class="" style="margin:0px;padding:1px 0px"><a

              moz-do-not-send="true"

              href="https://review.openstack.org/#/c/37118/"

              style="margin:0px;padding:0px">https://review.openstack.org/#/c/37118/</a></span></div>

        <div id="magicdomid970" class="" style="margin:0px;padding:0px

          1px 0px

0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px;line-height:16px"><span

            class="" style="margin:0px;padding:1px 0px">[5]: </span><span

            class="" style="margin:0px;padding:1px 0px"><a

              moz-do-not-send="true"

              href="https://blueprints.launchpad.net/oslo/+spec/trusted-messaging"

              style="margin:0px;padding:0px">https://blueprints.launchpad.net/oslo/+spec/trusted-messaging</a></span></div>

        <div><br>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

OpenStack-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>

<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>