PKI Tokens are Deprecated
** Changed in: keystone
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1362343
Title:
weak digest algorithm for PKI
Status in OpenStack Identity (keystone):
Won't Fix
Status in python-keystoneclient:
Fix Released
Bug description:
The digest algorithm for PKI tokens is the openssl default of sha1.
This is a weak algorithm and some security standards require a
stronger algorithm such as sha256. Keystone should make the token
digest hash algorithm configurable so that deployments can use a
stronger algorithm.
Also, the default could be stronger.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1362343/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
