[openstack-dev] [security] FIPS Compliance (Was: [requirements][kolla][security] pycrypto vs cryptography)

Dean Troyer dtroyer at gmail.com
Fri Nov 18 16:14:26 UTC 2016


> -----Original Message-----
> From: Luke Hinds <lhinds at redhat.com>
[...]
>> for non security related functions, but when it comes to government
>> compliance and running OpenStack on public clouds (and even private for the
>> Telcos / NFV), not meeting FIPS will in some cases block production getting
>> a green light, or at least make it a big challenge to push through.

Are there any know cases of this happening?  If so, can those be
publicly documented to quantify how much this issue is hurting
deployments?



On Fri, Nov 18, 2016 at 9:57 AM, Ian Cordasco <sigmavirus24 at gmail.com> wrote:
> Also, instead of creating bugs, I would suggest instead that we try to make this into a community goal. We would work with the TC and for P or Q, make it a goal to start migrating off of MD5 and have a goal for a cycle or two later to completely remove reliance on MD5.
>
> Doing this piecemeal via bugs will not be efficient and we'll need community buy-in.

We would also need to get a reasonable scoping of the issue (which
projects, how many instances, etc) to help decide if this is an
achievable goal (in the sense of the 'community goals').

As you noted, this will not be easy for Swift or Glance (others?), but
if the impact to deployers can be quantified it makes it easier to
spend energy here.

dt

-- 

Dean Troyer
dtroyer at gmail.com



More information about the OpenStack-dev mailing list