From: "duncan.tho...@gmail.com<mailto:duncan.tho...@gmail.com>" <duncan.tho...@gmail.com<mailto:duncan.tho...@gmail.com>> Reply-To: "openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Date: Monday, November 30, 2015 at 9:13 AM To: "openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick
On 30 November 2015 at 16:04, Coffman, Joel M. <joel.coff...@jhuapl.edu<mailto:joel.coff...@jhuapl.edu>> wrote: On 11/25/15, 11:33 AM, "Ben Swartzlander" <b...@swartzlander.org<mailto:b...@swartzlander.org>> wrote: On 11/24/2015 03:27 PM, Nathan Reller wrote: Trying to design a system where we expect nova to do data encryption but not cinder will not work in the long run. The eventual result will be that nova will have to take on most of the functionality of cinder and we'll be back to the nova-volume days. Could you explain further what you mean by "nova will have to take on most of the functionality of cinder"? In the current design, Nova is still passing data blocks to Cinder for storage – they're just encrypted instead of plaintext. That doesn't seem to subvert the functionality of Cinder or reimplement it. The functionality of cinder is more than blindly storing blocks - in particular it has create-from/upload-to image, backup, and retype, all of which do some degree of manipulation of the data and/or volume encryption metadata. From a security perspective, it is advantageous for users to be able to upload an encrypted image, copy that image to a volume, and boot from that volume without decrypting the image until it is booted. We are suffering from somewhat incompatible requirements with encryption between those who want fully functional cinder and encryption on disk (the common case I think), and those who have enhanced security requirements. The original design supports this distinction: there is a "control-location" parameter that indicates where encryption is to be performed (see http://docs.openstack.org/user-guide-admin/dashboard_manage_volumes.html).
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
