Public bug reported: Under the page https://..../horizon/project/access_and_security/ (you get there via Project -> Compute -> Access & Security), there are several mentions of "Key Pair": "Key Pair Name", "Import Key Pair", "Delete Key Pair", "Delete Key Pairs".
Fortunately, none of these actions are really about secret keys. They are all about public keys, so all of these mentions are wrong and should be "Public Key". The one exception is "Create Key Pair". That option does generate a public and a private key. However, that is inherently insecure. Private keys must never leave the end-user's computer. They must certainly never be generated remotely. (See the recent issue about the SSL private keys which were archived by a certificate reseller, for instance at https://arstechnica.com/information-technology/2018/03/23000-https- certificates-axed-after-ceo-e-mails-private-keys/ ). Therefore this button and related functionality must be removed. ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1758007 Title: "Key pair" should be "public key" in several places Status in OpenStack Dashboard (Horizon): New Bug description: Under the page https://..../horizon/project/access_and_security/ (you get there via Project -> Compute -> Access & Security), there are several mentions of "Key Pair": "Key Pair Name", "Import Key Pair", "Delete Key Pair", "Delete Key Pairs". Fortunately, none of these actions are really about secret keys. They are all about public keys, so all of these mentions are wrong and should be "Public Key". The one exception is "Create Key Pair". That option does generate a public and a private key. However, that is inherently insecure. Private keys must never leave the end-user's computer. They must certainly never be generated remotely. (See the recent issue about the SSL private keys which were archived by a certificate reseller, for instance at https://arstechnica.com/information- technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails- private-keys/ ). Therefore this button and related functionality must be removed. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1758007/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp