[openstack-dev] [Security] Introducing Killick PKI

Robert Collins robertc at robertcollins.net
Sun Oct 11 22:50:23 UTC 2015


On 9 October 2015 at 06:47, Adam Young <ayoung at redhat.com> wrote:
> On 10/08/2015 12:50 PM, Chivers, Doug wrote:
>>
>> Hi All,
>>
>> At a previous OpenStack Security Project IRC meeting, we briefly discussed
>> a lightweight traditional PKI using the Anchor validation functionality, for
>> use in internal deployments, as an alternative to things like MS ADCS. To
>> take this further, I have drafted a spec, which is in the security-specs
>> repo, and would appreciate feedback:
>>
>> https://review.openstack.org/#/c/231955/
>>
>> Regards
>>
>> Doug
>
> How is this better than Dogtag/FreeIPA?

DogTag is Tomcat yeah? Thats no exactly trivial to deploy - the spec
specifically calls out the desire to have a low-admin-overhead
solution. Perhaps DogTag/FreeIPA are that in the context of a RHEL
environment? I see that the dogtag-pki packages in Debian are up to
date - perhaps more discussion w/ops is needed?

-Rob

-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud



More information about the OpenStack-dev mailing list