Hi David, > The size issue is troublesome - by default, Apache limits headers to 8k. > We'd need to get a good idea on how big the headers will become, and > document that people will have to bump the corresponding config settings > on their servers.
My certificate is 6Kb when converted to PEM. I suppose it could be more for other regions, depending on the number of intermediate certificates that are included. I couldn't find the limit for Thin. > Yes, I agree that that seems the best route. Longer term, option 2 would > be hugely preferrable. If that is not possible, we can think about > adding some sort of 'authenticate' API call, that lets the user upload > their key material. In return they'd get a username/password for > subsequent requests. It would of course require that the key material is > stored on the DC server ... I like that third option. At least once the user has uploaded the key material (a one-time thing), they can use the API in the same way as for other providers. > > What do you think? Do you have an idea of how most users deploy their > > DeltaCloud server, locally or on a shared machine? > > Both, and it doesn't really matter: users have to trust the DC server > they talk to for all servers. Whether they trust a DC server is a matter > of whether they trust whoever is running that server, and will vary from > user to user. Well, I trust my sysadmin to host DC on his servers and keep it running. I also trust he's not interested enough in my cloud stuff to bother using my certificate. Colleagues however, may like to "borrow" mine when they don't have access to something I have access to ;) Thanks a lot, I'll proceed with option 1 for now. Regards, Dies
