On Thu, Apr 26, 2012 at 9:05 AM, Matt Joyce <m...@nycresistor.com> wrote:
> >From a security stand point I am curious what you see the benefit as? I think that long-term there is the potential to have a cloud where you don't have to trust the cloud provider (e.g. Intel Trusted Compute). However, there are a huge number of steps that need to happen first, so I don't know that encrypting the qcow disk image would get you very much today. However, you could encrypt your filesystem (inside the disk image), and have it prompt for a password on boot. Then you could go in via VNC (today) and unlock your disk image. Your cloud provider can still grab memory etc. But I think that's the best you can do today. One day we may be able to automate something similar, yet still have it be secure. Virtualized I/O performance is poor compared to CPU performance, so I guess you wouldn't even notice the hit! But this is pure speculation, A little plug - one of the pieces of the big picture is figuring out how to store secrets; at the design summit I proposed storing them securely in Keystone; I just wrote up the (first draft?) of the blueprint: https://blueprints.launchpad.net/nova/+spec/secure-secret-storage Justin
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
