yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1508243] Re: Store Private Key Passphrase in Neutron-LBaaS for TLS Terminations

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Wiegley <dougwig@xxxxxxxxxxx>
Date: Tue, 01 Dec 2015 17:33:48 -0000
Reply-to: Bug 1508243 <1508243@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Isn't this a failure of the global lbaas creds to barbican? Lbaas
becomes a trusted source since it has global access, and that seems the
security fail, not passwords that we'd then have to store in a db
(double security fail.)

** Changed in: neutron
       Status: Incomplete => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1508243

Title:
  Store Private Key Passphrase in Neutron-LBaaS for TLS Terminations

Status in neutron:
  Opinion

Bug description:
  The current workflow for TLS Termination on loadbalancers has a couple
  of interesting security vulnerabilities that need to be addressed
  somehow. The solution I propose is to encourage the use of passphrase
  encryption on private keys, and to store that passphrase in Neutron-
  LBaaS along with the Barbican href, instead of inside Barbican.

  Spec: https://review.openstack.org/237807

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1508243/+subscriptions

References

[Bug 1508243] [NEW] Store Private Key Passphrase in Neutron-LBaaS for TLS Terminations
From: Adam Harwell, 2015-10-20