Hi Luke,
Fantastic! An hour would be great if the schedule allows - there are lots
of different aspects we can dive into and potential future directions the
project can take.
thanks!
Pino
On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds wrote:
>
>
> On Tue, Feb 6, 2018 at 4:21 PM, Gi
Hi Folks,
I know the request is very late, but I wasn't aware of this SIG until
recently. Would it be possible to present a new project to the Security SIG
at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the
project, sign on users and contributors and get feedback.
For the
Hi Clint,
Isn't user-data by definition available via the Metadata API, which isn't
considered secure:
https://wiki.openstack.org/wiki/OSSN/OSSN-0074
Or is there a way to specify that certain user-data should only be
available via config-drive (and not metadata api)?
Otherwise, the only differen
ub.com/mikalstill/vendordata
> 4: https://athenz.io
>
>
> On Fri, Sep 29, 2017 at 5:17 PM, Fox, Kevin M wrote:
>
>> https://review.openstack.org/#/c/93/
>> --
>> *From:* Giuseppe de Candia [giuseppe.decan...@gmail.com]
>> *Sent:* Friday, September 29, 20
Hi Folks,
I'm still processing all this information - thanks for your help!
--Pino
On Wed, Oct 4, 2017 at 7:58 AM, Jeremy Stanley wrote:
> On 2017-10-04 10:47:02 +0100 (+0100), Luke Hinds wrote:
> [...]
> > The recommendation is not to use metadata for security sensitive
> > data (its possibl
Hi Folks,
Are there any documented conventions regarding the security model for
MetaData?
Note that CloudInit allows passing user and ssh service public/private keys
via MetaData service (or ConfigDrive). One assumes it must be secure, but I
have not found a security model or documentation.
M
/introducing-the-uber-ssh-certificate-authority-4f840839c5cc
On Fri, Sep 29, 2017 at 3:05 PM, Giuseppe de Candia <
giuseppe.decan...@gmail.com> wrote:
> Ihar, thanks for pointing that out - I'll definitely take a close look.
>
> Jon, I'm not very familiar with Barbican,
;
> Ihar
>
> On Fri, Sep 29, 2017 at 12:21 PM, Giuseppe de Candia
> wrote:
> > Hi Folks,
> >
> >
> >
> > My intent in this e-mail is to solicit advice for how to inject SSH host
> > certificates into VM instances, with minimal or no burden on users.
Hi Folks,
My intent in this e-mail is to solicit advice for how to inject SSH host
certificates into VM instances, with minimal or no burden on users.
Background (skip if you're already familiar with SSH certificates): without
host certificates, when clients ssh to a host for the first time (
