Can we do this with a flag (or two) and just keep regular http if the flag is not set?
Vish On May 2, 2011, at 4:34 PM, Eldar Nugaev wrote: > Hi all. > > So what is the decision? > I see three decisions: > > #1 Replace existed plain http to ssl > #2 Add additional ports for ssl (save plain http) > #3 Do nothing > > Eldar > > On Tue, Apr 26, 2011 at 11:27 AM, Dirk-Willem van Gulik > <dirk-willem.van.gu...@bbc.co.uk> wrote: >> >> On 25 Apr 2011, at 19:47, Kirill Shileev wrote: >> >>> Recently, playing with libcloud against a private openstack installation >>> we realized that 8773 and 8774 ports listened by openstack-nova-api expect >>> plain HTTP. >>> This is something that is rarely allowed in production installations. >>> ..... >>> Other option would be making this configurable, although not sure why and >>> where the plain HTTP might be justified. >>> >>> Any thoughts, comments? >> >> An important side effect of slapping SSL with client/server certs on pretty >> much all connection is that it makes all sort of governance and validation >> jobs much easier from an organisational point of view. With more 'reuse' of >> existing process and validation. >> >> The attack footprint/exposed estate now splits in three clean realms: >> issuing of client cert, security of the TCP and SSL layer - and a specific >> model for what happens within that connection. With the latter bound by the >> previous two. Furthermore client validation can be done with narly a secret >> in sight. >> >> So for those reasons alone - SSLis good. >> >> Dw. >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > > -- > Eldar > Skype: eldar.nugaev > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
