Open Stack

On Tue, 2013-04-30 at 12:03 +0100, Mark McLoughlin wrote:
> Hi Simo,
> 
> On Thu, 2013-04-25 at 08:37 -0400, Simo Sorce wrote:
> > Hello list,
> > at the Summit we had a very interesting and productive discussion about
> > Message Signing/Encryption for RPC Messages sent via the Message Queue.
> > 
> > I would like to present a proposal that uses symmetric keys and a
> > central key server to address the problem:
> > 
> > https://wiki.openstack.org/wiki/MessageSecurity
> > 
> > I would really like to get feedback on the proposal, especially if there
> > are corner cases I have not considered.
> 
> I admit I haven't spent much time considering all aspects of this, but
> from a high level I like the idea and your diligence.
> 
> I'm working on a proposal for a redesign of the messaging API:
> 
>   https://wiki.openstack.org/wiki/Oslo/Messaging
> 
> I don't think this will affect your design in any way, and I don't think
> your proposal changes the API design ... so that's all goodness.
> 
> One thing I've just realized we haven't taken into account is
> notifications. There's probably a lot of value (to ceilometer at least,
> I'd imagine) in using public-key encryption to sign those messages since
> they are being broadcast to the world and there's no concept of the
> sender knowing who the message is being sent to.
> 
> Maybe solving the notification signing issue is orthogonal to RPC
> signing and encryption, but had you any thoughts on it?

I was under the impression that broadcasting to the world is a bad idea.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York