[openstack-dev] [Security] Introducing Killick PKI

Chivers, Doug doug.chivers at hpe.com
Thu Oct 8 20:45:40 UTC 2015


Very lightweight, automatic certificate security policy enforcement. 

Doug

> On 8 Oct 2015, at 18:48, Adam Young <ayoung at redhat.com> wrote:
> 
>> On 10/08/2015 12:50 PM, Chivers, Doug wrote:
>> Hi All,
>> 
>> At a previous OpenStack Security Project IRC meeting, we briefly discussed a lightweight traditional PKI using the Anchor validation functionality, for use in internal deployments, as an alternative to things like MS ADCS. To take this further, I have drafted a spec, which is in the security-specs repo, and would appreciate feedback:
>> 
>> https://review.openstack.org/#/c/231955/
>> 
>> Regards
>> 
>> Doug
> How is this better than Dogtag/FreeIPA?
> 
> 
>> 
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list