Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-06-05 Thread John Wood
. From: Samuel Bercovici [samu...@radware.com] Sent: Thursday, May 29, 2014 7:47 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]TLS APIsupport for authentication +1 to Carlos

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-29 Thread Samuel Bercovici
Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication On May 27, 2014, at 9:13 PM, Stephen Balukoff sbaluk...@bluebox.net wrote: Hi y'all! I would advocate that if the user asks the front-end API for the private key

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-28 Thread Samuel Bercovici
(not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication Right so are you advocating that the front end API never return a private key back to the user once regardless if the key was generated on the back end or sent in to the API from the user? We

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-28 Thread Clark, Robert Graham
[mailto:german.eichber...@hp.com] Sent: Saturday, May 24, 2014 12:54 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication All, Susanne and I had a demonstration of life code by HP's Barbican team today for certificate

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-28 Thread Carlos Garza
On May 27, 2014, at 9:13 PM, Stephen Balukoff sbaluk...@bluebox.net wrote: Hi y'all! I would advocate that if the user asks the front-end API for the private key information (ie. GET request), what they get back is the key's modulus and nothing else. This should work to verify whether a

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-27 Thread Stephen Balukoff
Hi y'all! On Fri, May 23, 2014 at 1:24 PM, Carlos Garza carlos.ga...@rackspace.comwrote: Right so are you advocating that the front end API never return a private key back to the user once regardless if the key was generated on the back end or sent in to the API from the user? We kind of

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-23 Thread John Dennis
Using standard formats such as PEM and PKCS12 (most people don't use PKCS8 directly) is a good approach. Be mindful that some cryptographic services do not provide *any* direct access to private keys (makes sense, right?). Private keys are shielded in some hardened container and the only way to

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-23 Thread Carlos Garza
Right so are you advocating that the front end API never return a private key back to the user once regardless if the key was generated on the back end or sent in to the API from the user? We kind of are already are implying that they can refer to the key via a private key id. On May 23,

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-23 Thread Eichberger, German
: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication Right so are you advocating that the front end API never return a private key back to the user once regardless if the key was generated on the back end or sent in to the API from the user? We kind of are already are implying

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-23 Thread Kyle Mestery
[mailto:carlos.ga...@rackspace.com] Sent: Friday, May 23, 2014 1:25 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication Right so are you advocating that the front end API never return a private key

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-22 Thread Eichberger, German
To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication Hi Everone, I would like to defer addressing client authentication and back-end-server authentication for a 2nd phase - after Juno. This means that from looking

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-22 Thread Jain, Vivek
@lists.openstack.org Date: Thursday, May 22, 2014 at 12:53 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication Hi Sam, I totally