Bug 1041928 - [RFE][keystone]: Client preferences for encryption algorithm and key sizes should be specifiable
Summary: [RFE][keystone]: Client preferences for encryption algorithm and key sizes sh...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/keys...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 20:07 UTC by RHOS Integration
Modified: 2015-03-19 17:08 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:08:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 20:07:23 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/encryption+preferences.

Description:

Volume encryption is a candidate for Havana. While is possible to specify encryption parameters such as algorithm, key-size, keys etc via nova config file, that would be across all users. It should be possible for clients to specify and save their preferences. When not specified, these should default to strong, industry popular options.  For example aes-xts-plain64 for volume encryption. aes-256-cbc for object encryption.  The available options should be retrievable from a common openstack component. These settings should be attached to the client accounts with the most specific value used, for example if user has no specification, check any project specification, if none, then check for any domain specification, else use default.

Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.