[openstack-dev] [Neutron] SSL VPN Implemenatation

Jarret Raim jarret.raim at RACKSPACE.COM
Wed Apr 30 09:35:25 UTC 2014 

As the PTL for Barbican, I¹m happy to discuss this more here or at the
Summit. 

Not sure if this is an option, but could you store the entire OpenVPN
config file in Barbican rather than just the key? Not sure if you are
generating those on demand or not, but we¹ve had several teams inside
Rackspace just storing entire config files rather than trying to separate
out individual keys or passwords.

Jarret




On 4/30/14, 12:11 AM, "Nachi Ueno" <nachi at ntti3.com> wrote:

>Hi Clint
>
>Thank you for your suggestion. Your point get taken :)
>
>> Kyle
>This is also a same discussion for LBaaS
>Can we discuss this in advanced service meeting?
>
>> Zang
>Could you join the discussion?
>
>
>
>2014-04-29 15:48 GMT-07:00 Clint Byrum <clint at fewbar.com>:
>> Excerpts from Nachi Ueno's message of 2014-04-29 10:58:53 -0700:
>>> Hi Kyle
>>>
>>> 2014-04-29 10:52 GMT-07:00 Kyle Mestery <mestery at noironetworks.com>:
>>> > On Tue, Apr 29, 2014 at 12:42 PM, Nachi Ueno <nachi at ntti3.com> wrote:
>>> >> Hi Zang
>>> >>
>>> >> Thank you for your contribution on this!
>>> >> The private key management is what I want to discuss in the summit.
>>> >>
>>> > Has the idea of using Barbican been discussed before? There are many
>>> > reasons why using Barbican for this may be better than developing key
>>> > management ourselves.
>>>
>>> No, however I'm +1 for using Barbican. Let's discuss this in
>>> certificate management topic in advanced service session.
>>>
>>
>> Just a suggestion: Don't defer that until the summit. Sounds like you've
>> already got some consensus, so you don't need the summit just to rubber
>> stamp it. I suggest discussing as much as you can right now on the
>>mailing
>> list, and using the time at the summit to resolve any complicated issues
>> including any "a or b" things that need crowd-sourced idea making. You
>> can also use the summit time to communicate your requirements to the
>> Barbican developers.
>>
>> Point is: just because you'll have face time, doesn't mean you should
>> use it for what can be done via the mailing list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5551 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140430/27bfd046/attachment.bin>

More information about the OpenStack-dev mailing list