[openstack-dev] key manager proposal
Caitlin Bestler
Caitlin.Bestler at nexenta.com
Thu Mar 7 18:37:19 UTC 2013
Excellent proposal.
One item not covered yet, is the possibility of running a key scope that is a collection
of encrypted items: for example the set of volumes and snapshots that are derived from
one master.
A snapshot that used the same key-id as the volume it was a snapshot of would not
require any copying of content to take the snapshot. Similarly if a new volume was
cloned from the snapshot (especially if the volume storage system supported thin
encoding).
Swift partitions could also use the same key-id on every Swift Object Server,
allowing rsync replication without needing to re-key/re-encrypt/whatever.
The critical idea here is that the scope of a key should be motivated by the need
for efficient replication, snapshotting and cloning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130307/24ae4684/attachment.html>
More information about the OpenStack-dev
mailing list