Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-04 Thread Caitlin Bestler
On September 4, 2013 12:28:19 PM "Coffman, Joel M." wrote: The following change provides a key manager implementation that reads a static key from the project's configuration: https://review.openstack.org/#/c/45103/ This key manager implementation naturally does not provide the same confiden

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-04 Thread Coffman, Joel M.
Stack Development Mailing List Subject: Re: [openstack-dev] [nova] key management and Cinder volume encryption External dependencies are fine, obviously. The difference is whether we actually have code to interface with those external dependencies. We have code to talk to databases and message q

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-04 Thread Bryan D. Payne
> External dependencies are fine, obviously. The difference is whether we > actually have code to interface with those external dependencies. We > have code to talk to databases and message queues. There's no code > right now to interface with anything for key management. > Ok, this makes sense

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-04 Thread Russell Bryant
On 09/03/2013 09:27 PM, Bryan D. Payne wrote: > > > How can someone use your code without a key manager? > > Some key management mechanism is required although it could be > simplistic. For example, we’ve tested our code internally with > an implementation of t

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Joe Gordon
On Tue, Sep 3, 2013 at 6:44 PM, John Griffith wrote: > > > > On Tue, Sep 3, 2013 at 7:27 PM, Bryan D. Payne wrote: > >> >> > How can someone use your code without a key manager? Some key management mechanism is required although it could be simplistic. For example, we’ve test

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread John Griffith
On Tue, Sep 3, 2013 at 7:27 PM, Bryan D. Payne wrote: > > > How can someone use your code without a key manager? >>> >>> Some key management mechanism is required although it could be >>> simplistic. For example, we’ve tested our code internally with an >>> implementation of the key manager

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Bryan D. Payne
> > How can someone use your code without a key manager? >> >> Some key management mechanism is required although it could be >> simplistic. For example, we’ve tested our code internally with an >> implementation of the key manager interface that returns a single, constant >> key. >> > That wo

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Russell Bryant
On 09/03/2013 06:26 PM, Bhandaru, Malini K wrote: > The issue here is the key manager, barbican, under development is in > incubation. > Folks can download and use barbican. The barbican team has worked deligently > to produce the system. > In fact, folks can download and use and vote for Joel's

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Russell Bryant
On 09/03/2013 05:41 PM, Coffman, Joel M. wrote: >> How can someone use your code without a key manager? > > Some key management mechanism is required although it could be > simplistic. For example, we’ve tested our code internally with an > implementation of the key manager interface that returns

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Bhandaru, Malini K
List Subject: Re: [openstack-dev] [nova] key management and Cinder volume encryption On Tue, Sep 3, 2013 at 5:41 PM, Coffman, Joel M. mailto:joel.coff...@jhuapl.edu>> wrote: > How can someone use your code without a key manager? Some key management mechanism is required althou

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Joe Gordon
t; > *From:* Joe Gordon [mailto:joe.gord...@gmail.com] > *Sent:* Tuesday, September 03, 2013 4:48 PM > *To:* OpenStack Development Mailing List > *Subject:* Re: [openstack-dev] [nova] key management and Cinder volume > encryption > > ** ** > > ** ** > > ** ** &g

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Coffman, Joel M.
tack.org/pipermail/openstack-dev/2013-April/008268.html From: Joe Gordon [mailto:joe.gord...@gmail.com] Sent: Tuesday, September 03, 2013 4:48 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [nova] key management and Cinder volume encryption On Tue, Sep 3, 2013 at

[openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Coffman, Joel M.
We have fully implemented support for transparently encrypting Cinder volumes from within Nova (see https://review.openstack.org/#/c/30976/), but the lack of a secure key manager within OpenStack currently precludes us from in

Re: [openstack-dev] [nova] key management and Cinder volume encryption

2013-09-03 Thread Joe Gordon
On Tue, Sep 3, 2013 at 4:38 PM, Coffman, Joel M. wrote: > We have fully implemented support for transparently encrypting Cinder > volumesfrom > within Nova (see > https://review.openstack.org/#/c/30976/), but the lack of a secure