<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px;">
<div style="font-family: Calibri, sans-serif; font-size: 14px;"><br>
</div>
<span id="OLK_SRC_BODY_SECTION" style="font-family: Calibri, sans-serif; font-size: 14px;">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>"<a href="mailto:duncan.thomas@gmail.com">duncan.thomas@gmail.com</a>" <<a href="mailto:duncan.thomas@gmail.com">duncan.thomas@gmail.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>"<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>Monday, November 30, 2015 at 9:13 AM<br>
<span style="font-weight:bold">To: </span>"<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On 30 November 2015 at 16:04, Coffman, Joel M. <span dir="ltr">
<<a href="mailto:Joel.Coffman@jhuapl.edu" target="_blank">Joel.Coffman@jhuapl.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;font-family:Calibri,sans-serif;font-size:14px;color:rgb(0,0,0)">
<span class="">
<div></div>
<div>On 11/25/15, 11:33 AM, "Ben Swartzlander" <<a href="mailto:ben@swartzlander.org" target="_blank">ben@swartzlander.org</a>> wrote:</div>
<div><br>
</div>
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>On 11/24/2015 03:27 PM, Nathan Reller wrote:</div>
</blockquote>
</span></div>
</blockquote>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;font-family:Calibri,sans-serif;font-size:14px;color:rgb(0,0,0)">
<span class="">
<blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>Trying to design a system where we expect nova to do data encryption but</div>
<div>not cinder will not work in the long run. The eventual result will be </div>
<div>that nova will have to take on most of the functionality of cinder and </div>
<div>we'll be back to the nova-volume days.</div>
</blockquote>
</span>
<div>Could you explain further what you mean by "nova will have to take on most of the functionality of cinder"? In the current design, Nova is still passing data blocks to Cinder for storage – they're just encrypted instead of plaintext. That doesn't seem
to subvert the functionality of Cinder or reimplement it.</div>
<span class=""></span></div>
</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">The functionality of cinder is more than blindly storing blocks - in particular it has create-from/upload-to image, backup, and retype, all of which do some degree of manipulation of the data and/or volume encryption metadata.<br>
</div>
</div>
</div>
</div>
</span>
<div style="font-family: Calibri, sans-serif;"><font face="Courier">From a security perspective, it is advantageous for users to be able to upload an encrypted image, copy that image to a volume, and boot from that volume
<span style="font-weight: bold;">without</span> decrypting the image until it is booted.</font></div>
<span id="OLK_SRC_BODY_SECTION" style="font-size: 14px;">
<div dir="ltr">
<div class="gmail_extra" style="font-family: Calibri, sans-serif;"><br>
</div>
<div class="gmail_extra" style="font-family: Calibri, sans-serif;">We are suffering from somewhat incompatible requirements with encryption between those who want fully functional cinder and encryption on disk (the common case I think), and those who have enhanced
security requirements.<br>
</div>
<div class="gmail_extra"><font face="Courier">The original design supports this distinction: there is a "control-location" parameter that indicates where encryption is to be performed (see <a href="http://docs.openstack.org/user-guide-admin/dashboard_manage_volumes.html">http://docs.openstack.org/user-guide-admin/dashboard_manage_volumes.html</a>).</font></div>
</div>
</span>
</body>
</html>