<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>+1</div>
<div>I agree. Lets focus on client SSL Termination at LB for Juno release.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Vivek</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span><Eichberger>, German <<a href="mailto:german.eichberger@hp.com">german.eichberger@hp.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>"OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, May 22, 2014 at 12:53 PM<br>
<span style="font-weight:bold">To: </span>"OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication<br>
</div>
<div><br>
</div>
<div xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Sam,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I totally agree – this will definitely reduce our scope and increase the chance of getting this in.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I am still (being influenced by Unix methodology) thinking that we should explore service chaining more for that. As I said earlier, re-encryption feels more like a VPN type thing than a load balancer. Hence,
I can imagine a very degenerated VPN service which re-encrypts things with SSL. But, admittedly, I am looking at that as a software engineer and not a network engineer
</span><span style="font-family:Wingdings;color:#1F497D">J</span><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">German<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;"> Samuel Bercovici [<a href="mailto:SamuelB@Radware.com">mailto:SamuelB@Radware.com</a>]
<br>
<b>Sent:</b> Thursday, May 22, 2014 11:44 AM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> [openstack-dev] [Neutron][LBaaS]TLS API support for authentication<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif;">Hi Everone,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif;">I would like to defer addressing client authentication and back-end-server authentication for a 2<sup>nd</sup> phase – after Juno.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif;">This means that from looking on
<a href="https://etherpad.openstack.org/p/neutron-lbaas-ssl-l7">https://etherpad.openstack.org/p/neutron-lbaas-ssl-l7</a> , under the “<span style="color:black">SSL/TLS Termination capabilities”, not addressing 2.2 and 3.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;">I think that this would reduce the “effort” of storing certificates information to the actual ones used for the termination.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;">We will leave the discussion on storing the required trusted certificates and CA chains for later.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;">Any objections?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;"> -Sam.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif; color: black;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family: Cambria, serif;"><o:p> </o:p></span></p>
</div>
</div>
</div>
</span>
</body>
</html>