Public bug reported:
Liberty is using sha1 to calculate the fingerprint returned by os-keypairs REST
API calls when the key type is x509. Unlike ssh, there is no standard hash
algorithm that should necessarily be used for X.509, which makes it necessary
to clarify what hash was used. There is also concern in simply documenting that
this is sha1 and moving on... SHA-1 is known to be flawed and everyone is
moving away from it. E.g. in Mozilla you will now see both SHA-1 and SHA-256
fingerprints when you view a certificate, and they will eventually stop showing
SHA-1. The nova API should be thinking forward and
1. allow the admin to configure one or more algorithms to use for x.509
fingerprints (as noted, browsers will generally display at least 2).
2. be clear in what hash algorithms are used, both in documentation and (for
client's sake) in the response.
Found in Liberty.
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1504598
Title:
sha1 fingerprint for x509 keypair
Status in OpenStack Compute (nova):
New
Bug description:
Liberty is using sha1 to calculate the fingerprint returned by os-keypairs
REST API calls when the key type is x509. Unlike ssh, there is no standard hash
algorithm that should necessarily be used for X.509, which makes it necessary
to clarify what hash was used. There is also concern in simply documenting that
this is sha1 and moving on... SHA-1 is known to be flawed and everyone is
moving away from it. E.g. in Mozilla you will now see both SHA-1 and SHA-256
fingerprints when you view a certificate, and they will eventually stop showing
SHA-1. The nova API should be thinking forward and
1. allow the admin to configure one or more algorithms to use for x.509
fingerprints (as noted, browsers will generally display at least 2).
2. be clear in what hash algorithms are used, both in documentation and (for
client's sake) in the response.
Found in Liberty.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1504598/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp