Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
Russell Bryant wrote: I would be good with the exception for this, assuming that: 1) Those from nova-core that have reviewed the code are still happy with it and would do a final review to get it merged. 2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. +1 I think this is sufficiently self-contained that the regression risk is extremely limited. It's also nice to have a significant hardening improvement in the Havana featurelist. I would just prefer if it landed ASAP since I would like as much usage around it as we can get, to make sure the previous audits didn't miss an obvious bug/security hole in it. -- Thierry Carrez (ttx) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
On 9/9/13 9:25 AM, Russell Bryant rbry...@redhat.com wrote: On 09/09/2013 04:57 AM, Thierry Carrez wrote: Russell Bryant wrote: I would be good with the exception for this, assuming that: 1) Those from nova-core that have reviewed the code are still happy with it and would do a final review to get it merged. 2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. +1 I think this is sufficiently self-contained that the regression risk is extremely limited. It's also nice to have a significant hardening improvement in the Havana featurelist. I would just prefer if it landed ASAP since I would like as much usage around it as we can get, to make sure the previous audits didn't miss an obvious bug/security hole in it. The response seems positive from everyone so far. I think we should approve this and try to get it merged ASAP (absolutely this week, and hopefully in the first half of the week). ACK on the FFE from me. Me as well for what it's worth. While I understand the concerns around key management, Barbican will have our 1.0 release for Havana and it should be relatively easy to integrate the proposed patches with Barbican at that time. Even so, the current version does offer some security and gives us the ability to have the code tested before we introduce another moving part. Thanks, Jarret Raim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
On Mon, Sep 9, 2013 at 1:20 PM, Jarret Raim jarret.r...@rackspace.comwrote: On 9/9/13 9:25 AM, Russell Bryant rbry...@redhat.com wrote: On 09/09/2013 04:57 AM, Thierry Carrez wrote: Russell Bryant wrote: I would be good with the exception for this, assuming that: 1) Those from nova-core that have reviewed the code are still happy with it and would do a final review to get it merged. 2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. +1 I think this is sufficiently self-contained that the regression risk is extremely limited. It's also nice to have a significant hardening improvement in the Havana featurelist. I would just prefer if it landed ASAP since I would like as much usage around it as we can get, to make sure the previous audits didn't miss an obvious bug/security hole in it. The response seems positive from everyone so far. I think we should approve this and try to get it merged ASAP (absolutely this week, and hopefully in the first half of the week). ACK on the FFE from me. Me as well for what it's worth. While I understand the concerns around key management, Barbican will have our 1.0 release for Havana and it should be relatively easy to integrate the proposed patches with Barbican at that time. Even so, the current version does offer some security and gives us the ability to have the code tested before we introduce another moving part. Thanks, Jarret Raim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Fine on the Cinder side for the related components there. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
We request that volume encryption [1] be granted an exception to the feature freeze for Havana-3. Volume encryption [2] provides a usable layer of protection to user data as it is transmitted through a network and when it is stored on disk. The main patch [2] has been under review since the end of May and had received two +2s in mid-August. Subsequently, support was requested for booting from encrypted volumes and integrating a working key manager [3][4] as a stipulation for acceptance, and both these requests have been satisfied within the past week. The risk of disruption to deployments from this exception is minimal because the volume encryption feature is unused by default. Note that the corresponding Cinder support for this feature has already been approved, so acceptance into Nova will keep this code from becoming abandoned. Thank you for your consideration. The APL Development Team [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes [2] https://review.openstack.org/#/c/30976/ [3] https://review.openstack.org/#/c/45103/ [4] https://review.openstack.org/#/c/45123/ ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
On 09/06/2013 04:14 PM, Benjamin, Bruce P. wrote: We request that volume encryption [1] be granted an exception to the feature freeze for Havana-3. Volume encryption [2] provides a usable layer of protection to user data as it is transmitted through a network and when it is stored on disk. The main patch [2] has been under review since the end of May and had received two +2s in mid-August. Subsequently, support was requested for booting from encrypted volumes and integrating a working key manager [3][4] as a stipulation for acceptance, and both these requests have been satisfied within the past week. The risk of disruption to deployments from this exception is minimal because the volume encryption feature is unused by default. Note that the corresponding Cinder support for this feature has already been approved, so acceptance into Nova will keep this code from becoming abandoned. Thank you for your consideration. The APL Development Team [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes [2] https://review.openstack.org/#/c/30976/ [3] https://review.openstack.org/#/c/45103/ [4] https://review.openstack.org/#/c/45123/ Thanks for all of your hard work on this! It sounds to me like the code was ready to go aside from the issues you mentioned above, which have now been addressed. I think the feature provides a lot of value and has fairly low risk if we get it merged ASAP, since it's off by default. The main risk is around the possibility of security vulnerabilities. Hopefully good review (both from a code and security perspective) can mitigate that risk. This feature has been in the works for a while and has very good documentation on the blueprint, so I take it that it has been vetted by a number of people already. It would be good to get ACKs on this point in this thread. I would be good with the exception for this, assuming that: 1) Those from nova-core that have reviewed the code are still happy with it and would do a final review to get it merged. 2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. Again, thank you very much for all of your work on this (both technical and non-technical)! -- Russell Bryant ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
On Fri, Sep 6, 2013 at 4:17 PM, Bryan D. Payne bdpa...@acm.org wrote: 2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. I believe that it does add value. For example, if the config is on a different disk than the volumes, then this is very useful for ensuring that data remains secure on RMA'd disks. I stand corrected. -bryan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. I believe that it does add value. For example, if the config is on a different disk than the volumes, then this is very useful for ensuring that data remains secure on RMA'd disks. -bryan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
Thank you Russell for the special consideration. +1 The positive vote is for multiple reasons, the JHU team took care of: 1) boot from encrypted volume 2) have laid the foundation for securing volumes with keys served from a strong key manager 3) blueprint and diligently addressing concerns 4) feature by default off. Regards malini -Original Message- From: Russell Bryant [mailto:rbry...@redhat.com] Sent: Friday, September 06, 2013 2:47 PM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes On 09/06/2013 04:14 PM, Benjamin, Bruce P. wrote: We request that volume encryption [1] be granted an exception to the feature freeze for Havana-3. Volume encryption [2] provides a usable layer of protection to user data as it is transmitted through a network and when it is stored on disk. The main patch [2] has been under review since the end of May and had received two +2s in mid-August. Subsequently, support was requested for booting from encrypted volumes and integrating a working key manager [3][4] as a stipulation for acceptance, and both these requests have been satisfied within the past week. The risk of disruption to deployments from this exception is minimal because the volume encryption feature is unused by default. Note that the corresponding Cinder support for this feature has already been approved, so acceptance into Nova will keep this code from becoming abandoned. Thank you for your consideration. The APL Development Team [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes [2] https://review.openstack.org/#/c/30976/ [3] https://review.openstack.org/#/c/45103/ [4] https://review.openstack.org/#/c/45123/ Thanks for all of your hard work on this! It sounds to me like the code was ready to go aside from the issues you mentioned above, which have now been addressed. I think the feature provides a lot of value and has fairly low risk if we get it merged ASAP, since it's off by default. The main risk is around the possibility of security vulnerabilities. Hopefully good review (both from a code and security perspective) can mitigate that risk. This feature has been in the works for a while and has very good documentation on the blueprint, so I take it that it has been vetted by a number of people already. It would be good to get ACKs on this point in this thread. I would be good with the exception for this, assuming that: 1) Those from nova-core that have reviewed the code are still happy with it and would do a final review to get it merged. 2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security. I believe it does, just want to make sure we're in agreement on it. Obviously we want to improve this in the future. Again, thank you very much for all of your work on this (both technical and non-technical)! -- Russell Bryant ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
Bruce - well-crafted message. Good work, looks like it is eliciting desired result. From: Benjamin, Bruce P. [mailto:bruce.benja...@jhuapl.edu] Sent: Friday, September 06, 2013 1:14 PM To: openstack-dev@lists.openstack.org Subject: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes We request that volume encryption [1] be granted an exception to the feature freeze for Havana-3. Volume encryption [2] provides a usable layer of protection to user data as it is transmitted through a network and when it is stored on disk. The main patch [2] has been under review since the end of May and had received two +2s in mid-August. Subsequently, support was requested for booting from encrypted volumes and integrating a working key manager [3][4] as a stipulation for acceptance, and both these requests have been satisfied within the past week. The risk of disruption to deployments from this exception is minimal because the volume encryption feature is unused by default. Note that the corresponding Cinder support for this feature has already been approved, so acceptance into Nova will keep this code from becoming abandoned. Thank you for your consideration. The APL Development Team [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes [2] https://review.openstack.org/#/c/30976/ [3] https://review.openstack.org/#/c/45103/ [4] https://review.openstack.org/#/c/45123/ ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev