On Thu, May 29, 2014 at 6:57 AM, Nachi Ueno na...@ntti3.com wrote:
Hi Zang
Since, SSL-VPN for Juno bp is approved in neturon-spec,
I would like to restart this work.
Could you share your code if it is possible?
Also, Let's discuss how we can collaborate in here.
Currently We are running
To: openstack-dev
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Excerpts from Nachi Ueno's message of 2014-05-01 12:04:23 -0700:
Ah I got it now!
so even if we get stolen HDD, we can keep password safe.
However, I'm still not sure why this is more secure..
anyway, the ID/PW
From: Clint Byrum [cl...@fewbar.com]
Sent: Thursday, May 01, 2014 2:22 PM
To: openstack-dev
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Excerpts from Nachi Ueno's message of 2014-05-01 12:04:23 -0700:
Ah I got it now!
so even if we get stolen HDD, we can keep
Zang mentioned that part of the issue is that the private key has to be
stored in the OpenVPN config file. If the config files are generated and
can be stored, then storing the whole config file in Barbican protects the
private key (and any other settings) without having to try to deliver the
key
Hi Jarret
IMO, Zang point is the issue saving plain private key in the
filesystem for OpenVPN.
Isn't this same even if we use Barbican?
2014-05-01 2:56 GMT-07:00 Jarret Raim jarret.r...@rackspace.com:
Zang mentioned that part of the issue is that the private key has to be
stored in the
issues.
-Original Message-
From: Nachi Ueno [mailto:na...@ntti3.com]
Sent: 01 May 2014 17:36
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Hi Jarret
IMO, Zang point is the issue saving plain private
2014 17:36
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Hi Jarret
IMO, Zang point is the issue saving plain private key in the
filesystem for
OpenVPN.
Isn't this same even if we use Barbican?
2014-05-01
filesystem disk-residency issues.
-Original Message-
From: Nachi Ueno [mailto:na...@ntti3.com]
Sent: 01 May 2014 17:36
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Hi Jarret
IMO, Zang
List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Hi Jarret
IMO, Zang point is the issue saving plain private key in the
filesystem for
OpenVPN.
Isn't this same even if we use Barbican?
2014-05-01 2:56 GMT-07:00 Jarret Raim
-residency issues.
-Original Message-
From: Nachi Ueno [mailto:na...@ntti3.com]
Sent: 01 May 2014 17:36
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Hi Jarret
IMO, Zang point
-dev
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Excerpts from Nachi Ueno's message of 2014-05-01 12:04:23 -0700:
Ah I got it now!
so even if we get stolen HDD, we can keep password safe.
However, I'm still not sure why this is more secure..
anyway, the ID/PW to access
From: Clint Byrum [cl...@fewbar.com]
Sent: Thursday, May 01, 2014 2:22 PM
To: openstack-dev
Subject: Re: [openstack-dev] [Neutron] SSL VPN Implemenatation
Excerpts from Nachi Ueno's message of 2014-05-01 12:04:23 -0700:
Ah I got it now!
so even if we
As the PTL for Barbican, I¹m happy to discuss this more here or at the
Summit.
Not sure if this is an option, but could you store the entire OpenVPN
config file in Barbican rather than just the key? Not sure if you are
generating those on demand or not, but we¹ve had several teams inside
On Tue, Apr 29, 2014 at 6:11 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Clint
Thank you for your suggestion. Your point get taken :)
Kyle
This is also a same discussion for LBaaS
Can we discuss this in advanced service meeting?
Yes! I think we should definitely discuss this in the advanced
Jarret
Thanks!
Currently, the config will be generated on demand by the agent.
What's merit storing entire config in the Barbican?
Kyle
Thanks!
2014-04-30 7:05 GMT-07:00 Kyle Mestery mest...@noironetworks.com:
On Tue, Apr 29, 2014 at 6:11 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Clint
Hi all:
Currently I'm working on ssl vpn, based on patchsets by Nachi[1] and Rajesh[2]
There are secure issues pointed by mark, that ssl private keys are
stored plain in database and in config files of vpn-agents. As
Barbican is incubated, we can store certs and their private keys in
Barbican.
Hi Zang
Thank you for your contribution on this!
The private key management is what I want to discuss in the summit.
[1] We are depending DB security, anyway
When we get stolen the private key in the DB, it means we are also
stolen ID/PW for DB.
If we stolen the key, even if we keep the private
On Tue, Apr 29, 2014 at 12:42 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Zang
Thank you for your contribution on this!
The private key management is what I want to discuss in the summit.
Has the idea of using Barbican been discussed before? There are many
reasons why using Barbican for this may
Hi Kyle
2014-04-29 10:52 GMT-07:00 Kyle Mestery mest...@noironetworks.com:
On Tue, Apr 29, 2014 at 12:42 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Zang
Thank you for your contribution on this!
The private key management is what I want to discuss in the summit.
Has the idea of using Barbican
On Tue, Apr 29, 2014 at 12:58 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Kyle
2014-04-29 10:52 GMT-07:00 Kyle Mestery mest...@noironetworks.com:
On Tue, Apr 29, 2014 at 12:42 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Zang
Thank you for your contribution on this!
The private key management is
Excerpts from Nachi Ueno's message of 2014-04-29 10:58:53 -0700:
Hi Kyle
2014-04-29 10:52 GMT-07:00 Kyle Mestery mest...@noironetworks.com:
On Tue, Apr 29, 2014 at 12:42 PM, Nachi Ueno na...@ntti3.com wrote:
Hi Zang
Thank you for your contribution on this!
The private key management
Hi Clint
Thank you for your suggestion. Your point get taken :)
Kyle
This is also a same discussion for LBaaS
Can we discuss this in advanced service meeting?
Zang
Could you join the discussion?
2014-04-29 15:48 GMT-07:00 Clint Byrum cl...@fewbar.com:
Excerpts from Nachi Ueno's message of
22 matches
Mail list logo