.
-Original Message-
From: Carlos Garza [mailto:carlos.ga...@rackspace.com]
Sent: Saturday, April 19, 2014 2:47 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario
question
On Apr 18, 2014, at 10:21 AM
en Balukoff [mailto:sbaluk...@bluebox.net<http://bluebox.net>]
Sent: Friday, April 18, 2014 9:07 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario
question
Hi y'all!
Carlos: When I say 'client cer
ff [mailto:sbaluk...@bluebox.net]
> *Sent:* Friday, April 18, 2014 9:07 PM
>
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption
> scenario question
>
>
>
> Hi y'all!
>
>
>
>
Excerpts from Eichberger, German's message of 2014-04-21 11:51:05 -0700:
> Hi,
>
> Despite there are some good use cases for the re-encryption I think it’s out
> of scope for a Load Balancer. We can defer that functionality to the VPN – as
> long as we have a mechanism to insert a LoadBalancer a
, 2014 9:07 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario
question
Hi y'all!
Carlos: When I say 'client cert' I'm talking about the certificate / key
combination the load balan
On 04/18/2014 11:21 AM, Stephen Balukoff wrote:
Howdy, folks!
Could someone explain to me the SSL usage scenario where it makes
sense to re-encrypt traffic traffic destined for members of a back-end
pool? SSL termination on the load balancer makes sense to me, but I'm
having trouble understa
On Apr 18, 2014, at 11:06 PM, Stephen Balukoff
mailto:sbaluk...@bluebox.net>>
wrote:
Hi y'all!
Carlos: When I say 'client cert' I'm talking about the certificate / key
combination the load balancer will be using to initiate the SSL connection to
the back-end server. The implication here is t
Hi y'all!
Carlos: When I say 'client cert' I'm talking about the certificate / key
combination the load balancer will be using to initiate the SSL connection
to the back-end server. The implication here is that if the back-end server
doesn't like the client cert, it will reject the connection (as
On Apr 18, 2014, at 12:36 PM, Stephen Balukoff
mailto:sbaluk...@bluebox.net>> wrote:
Dang. I was hoping this wasn't the case. (I personally think it's a little
silly not to trust your service provider to secure a network when they have
root access to all the machines powering your cloud... b
it doesn’t accept client certificates or CA
certificates.
Thanks,
Vijay V.
From: Stephen Balukoff [mailto:sbaluk...@bluebox.net<http://bluebox.net>]
Sent: Friday, April 18, 2014 11:06 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutr
On Apr 18, 2014, at 10:21 AM, Stephen Balukoff wrote:
> Howdy, folks!
>
> Could someone explain to me the SSL usage scenario where it makes sense to
> re-encrypt traffic traffic destined for members of a back-end pool? SSL
> termination on the load balancer makes sense to me, but I'm having
Rocky
-Original Message-
From: Jorge Miramontes [mailto:jorge.miramon...@rackspace.com]
Sent: Friday, April 18, 2014 2:13 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario
question
+1 for German&
+1 for German's use cases. We need SSL re-encryption for decisions the
load balancer needs to make at the l7 layer as well. Thanks Clint, for
your thorough explanation from a security standpoint.
Cheers,
--Jorge
On 4/18/14 1:38 PM, "Clint Byrum" wrote:
>Excerpts from Stephen Balukoff's messa
Excerpts from Stephen Balukoff's message of 2014-04-18 10:36:11 -0700:
> Dang. I was hoping this wasn't the case. (I personally think it's a
> little silly not to trust your service provider to secure a network when
> they have root access to all the machines powering your cloud... but I
> digres
accept client certificates or CA
certificates.
Thanks,
Vijay V.
From: Stephen Balukoff [mailto:sbaluk...@bluebox.net]
Sent: Friday, April 18, 2014 11:06 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario
Dang. I was hoping this wasn't the case. (I personally think it's a
little silly not to trust your service provider to secure a network when
they have root access to all the machines powering your cloud... but I
digress.)
Part of the reason I was hoping this wasn't the case, isn't just because i
Hi Stephen,
The use case is that the Load Balancer needs to look at the HTTP requests be it
to add an X-Forward field or change the timeout – but the network between the
load balancer and the nodes is not completely private and the sensitive
information needs to be again transmitted encrypted.
Hello Stephen,
One use case we have, which was actually a highly requested feature for our
service, was to ensure that traffic within the internal cloud network was not
passed in the clear. I believe this mainly stems from the customers security
requirements. I understand this reasoning to allo
18 matches
Mail list logo
