[openstack-dev] [nova][keystone] Message Queue Security
Simo Sorce
simo at redhat.com
Thu Apr 25 16:23:10 UTC 2013
On Thu, 2013-04-25 at 17:04 +0100, David Chadwick wrote:
> you dont need to negotiate algorithms on the fly. If the crypto arrives
> with a clear indication of what algorithms it has used (as in S/MIME,
> X.509 certs etc.) then the receiving code can automatically determine
> which algorithms to use to decrypt the message. Of course, negotiation
> of algorithms for point to point connections e.g. as in TLS/SSL, allows
> an optimal set to be chosen from the outset
Well, you are assuming that the keys given out by the Key server do not
need to change if you change the algorithm, and that is not necessarily
true. So you slowly but steadily end up with needing a negotiation
scheme with the key server at least and ... it is a slippery slope.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the OpenStack-dev
mailing list