On 9 October 2015 at 06:47, Adam Young <[email protected]> wrote: > On 10/08/2015 12:50 PM, Chivers, Doug wrote: >> >> Hi All, >> >> At a previous OpenStack Security Project IRC meeting, we briefly discussed >> a lightweight traditional PKI using the Anchor validation functionality, for >> use in internal deployments, as an alternative to things like MS ADCS. To >> take this further, I have drafted a spec, which is in the security-specs >> repo, and would appreciate feedback: >> >> https://review.openstack.org/#/c/231955/ >> >> Regards >> >> Doug > > How is this better than Dogtag/FreeIPA?
DogTag is Tomcat yeah? Thats no exactly trivial to deploy - the spec specifically calls out the desire to have a low-admin-overhead solution. Perhaps DogTag/FreeIPA are that in the context of a RHEL environment? I see that the dogtag-pki packages in Debian are up to date - perhaps more discussion w/ops is needed? -Rob -- Robert Collins <[email protected]> Distinguished Technologist HP Converged Cloud __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
