<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:#1F497D}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
-->
</style><style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1" lang="EN-GB" link="blue" vlink="purple">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">If not an OSSN a small faq of sorts as it pertains to OpenStack.<br>
<br>
-C<br>
<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF487775"><font color="#000000" face="Tahoma" size="2"><b>From:</b> Clark, Robert Graham [robert.clark@hp.com]<br>
<b>Sent:</b> Wednesday, April 09, 2014 3:24 PM<br>
<b>To:</b> Bryan D. Payne; Thierry Carrez; Nathan Kinder<br>
<b>Cc:</b> openstack-security@lists.openstack.org<br>
<b>Subject:</b> Re: [Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)<br>
</font><br>
</div>
<div></div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">I think there may be some value in us creating an OSSN that runs through the issue, it’s coming up a lot on the ML and while I agree with Bryan in principle
that it’s not completely within the realm of the OSSN process, there’s value in having one well written summary that people can refer to on the ML and elsewhere rather than having lots of add hock conversations.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Thoughts?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"" lang="EN-US"> Bryan D. Payne [mailto:bdpayne@acm.org]
<br>
<b>Sent:</b> 09 April 2014 09:35<br>
<b>To:</b> Thierry Carrez<br>
<b>Cc:</b> openstack-security@lists.openstack.org<br>
<b>Subject:</b> Re: [Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)</span></p>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0cm 0cm 0cm 6.0pt; margin-left:4.8pt; margin-right:0cm">
<div>
<p class="MsoNormal">Should we consider issuing an OSSN describing steps for heartbleed</p>
</div>
<p class="MsoNormal">mitigation in OpenStack deployments ? I know it's not very different<br>
from other affected SSL services, but I've already answered that<br>
question twice on MLs and people are apparently very confused about it<br>
so it looks like something that could use a reference official answer :)</p>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Unless we have something specifically related to OpenStack to add, I'd suggest just pointing people to <a href="http://heartbleed.com/" target="_blank">http://heartbleed.com/</a>.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">-bryan</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>