Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id DEFE2200CED for ; Fri, 18 Aug 2017 16:09:55 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id DD5D616CC66; Fri, 18 Aug 2017 14:09:55 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id AEA3216CC5F for ; Fri, 18 Aug 2017 16:09:54 +0200 (CEST) Received: (qmail 90578 invoked by uid 500); 18 Aug 2017 14:09:48 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 90563 invoked by uid 99); 18 Aug 2017 14:09:48 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Aug 2017 14:09:48 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BFB8F1807E2 for ; Fri, 18 Aug 2017 14:09:47 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.978 X-Spam-Level: * X-Spam-Status: No, score=1.978 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=shapeblue.onmicrosoft.com header.b=fTD+1ydo; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=shapeblue.onmicrosoft.com header.b=LqKKkf5p Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id M9URQYq8bfVt for ; Fri, 18 Aug 2017 14:09:45 +0000 (UTC) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00110.outbound.protection.outlook.com [40.107.0.110]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5EDB75F254 for ; Fri, 18 Aug 2017 14:09:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shapeblue.onmicrosoft.com; s=selector1-shapeblue-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3DhvNu6+TXZR2MRZNwMxnYQcgXfmiyg5LWIdOrKuR4w=; b=fTD+1ydoygz1WGqZxBRuzYlQtz5EkLIug9qYzzeIzuGW6idlEVEMi1T+zt8IfuJNZpKS3xV0WnZkSnTLIn6Ere229k8plmsKhE06mk8llVxmj6qxMeVqOPVxkO3uU+iLqzFOBqcDs7m4+yplif4jGTFFTUGg62D/iYRrwxfyV6w= Received: from AM3PR07CA0128.eurprd07.prod.outlook.com (2603:10a6:207:8::14) by AM3PR07MB0758.eurprd07.prod.outlook.com (2a01:111:e400:8834::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1385.4; Fri, 18 Aug 2017 14:09:34 +0000 Received: from VE1EUR01FT058.eop-EUR01.prod.protection.outlook.com (2a01:111:f400:7e01::206) by AM3PR07CA0128.outlook.office365.com (2603:10a6:207:8::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1362.12 via Frontend Transport; Fri, 18 Aug 2017 14:09:34 +0000 Authentication-Results: spf=fail (sender IP is 104.40.179.195) smtp.mailfrom=shapeblue.com; cloudstack.apache.org; dkim=fail (body hash did not verify) header.d=shapeblue.onmicrosoft.com;cloudstack.apache.org; dmarc=none action=none header.from=shapeblue.com; Received-SPF: Fail (protection.outlook.com: domain of shapeblue.com does not designate 104.40.179.195 as permitted sender) receiver=protection.outlook.com; client-ip=104.40.179.195; helo=smtpworker-in-1.xware-eu-1.o365.crossware.co.nz; Received: from smtpworker-in-1.xware-eu-1.o365.crossware.co.nz (104.40.179.195) by VE1EUR01FT058.mail.protection.outlook.com (10.152.3.136) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.1341.15 via Frontend Transport; Fri, 18 Aug 2017 14:09:34 +0000 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (213.199.154.212) by smtpworker-in-1.xware-eu-1.o365.crossware.co.nz with Crossware for Office365; Fri, 18 Aug 2017 14:09:33 +0000 Received: from VI1PR0701MB2944.eurprd07.prod.outlook.com (10.173.72.23) by VI1PR0701MB1741.eurprd07.prod.outlook.com (10.167.196.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1385.4; Fri, 18 Aug 2017 14:09:30 +0000 Received: from VI1PR0701MB2944.eurprd07.prod.outlook.com ([fe80::64a4:1a:78d0:f4a6]) by VI1PR0701MB2944.eurprd07.prod.outlook.com ([fe80::64a4:1a:78d0:f4a6%14]) with mapi id 15.01.1385.005; Fri, 18 Aug 2017 14:09:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shapeblue.onmicrosoft.com; s=selector1-shapeblue-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=drAepmSeZ/aZpGN+xnQT2vhsE0ghqWl9u/ISkV9LsdA=; b=LqKKkf5pKU4nmmIhVTcK3P3HzQ72Hf6/wnPQL0NKQJVxnKtD0Z5ijyTBm2a96YH79RR66SnAtyOTREDI6h3LBbQBxecL6i0cykLuglkgsK47UDqDyeOmY1qGERpX7EhuBcW08PTwDIvq+vSCOpWzjuQi9NXlX49wZe7p/CPeOpQ= From: Rohit Yadav To: "dev@cloudstack.apache.org" Subject: Re: [DISCUSS][SECURITY] Feature: Secure CloudStack Communications Thread-Topic: [DISCUSS][SECURITY] Feature: Secure CloudStack Communications Thread-Index: AQHS+8cJfN5ZwVSDZUm0Nyh83bGvJaKKX4y6 Date: Fri, 18 Aug 2017 14:09:30 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US, en-IN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=rohit.yadav@shapeblue.com; x-originating-ip: [2a02:120b:2c16:f6d0:5dd5:42ee:e0fb:241e] x-ms-publictraffictype: Email X-Microsoft-Exchange-Diagnostics-untrusted: 1;VI1PR0701MB1741;6:ypBllTe/gIPvNx0tNkwR8weO0xwoq178uBvdxQ2yb+yiXiFjBXX7wEJjznkB/F/GXffdqUj5sVIVmLa3kaiUPJR8lp3Bocn4v3ia4s5qwyG82oFFmfmD2wPkqOelctlnRxsnEMsW1+hp566Ocabpuvx1dq5JJKpKolO2eRTEE25rJHqE0AsuFgmvct3Rwrr5HeebwR8stJsfWX1USsFnwob4TjvB2byd+5rc3mOGHlYLAo6CNqhmZ42NNr44e5AiNa9g+D5BJ/PVSr7pWXQJLM6XUIPfBR4hbRBOMo+FmoDHwK+Dw8ayyYwYSRicUoSMOwM4e7dG7bhToVdl6jDOog==;5:12qH5Y3wBnqwgasAe0+z5TRg9iTFXvggLQSA+IAo6Cc35TuzaAE1j1wPT6Cgq8w5SIol25pGgN0bue8Qry6SWLrMl7Xj1ILNkPpd2Q/EYqp2zvZ+UA/FBLLXjmFI2Z90mAF3n2L/zQ4ZmnmPkNRxNQ==;24:5pZ3NRu83b1YaYR0elT0D/vnRlAIZI+oWl0YgBOQMMHh2ifXE3l21DrkSsVEH35dHamM9iMlAOy/Ctnt0R5Q5omJTkuHFeIcvs5zdJzWrlI=;7:Iu79xYHY+/QcHjLdy88hYKIJwM1w8KX6UWNYcoBg+5pAwLwoZDZuL5sw881hSLnSmbMygD1+oWdbbl5PE7jmGq9Xk+UXSCV/8qU4eD5NvCccAdRARf41TmVecPAx7qUjlwjf2sm+JN/AUW6e/BxZIv8HEMk8j5QrshmQ7fmpVZlQJuLOtSjZmZl+gVlOV1sfbSDpmirGWz4tMOLyhQNALBIqGgkP82ika8TDdM2l0HM= x-ms-exchange-antispam-srfa-diagnostics: SSOS; X-MS-Office365-Filtering-Correlation-Id: b336c898-c4cd-46eb-616c-08d4e642c0c0 X-Microsoft-Antispam-Untrusted: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(2017082002075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:VI1PR0701MB1741; X-MS-TrafficTypeDiagnostic: VI1PR0701MB1741:|AM3PR07MB0758: x-exchange-antispam-report-test: UriScan:(134217032509453)(158342451672863)(166708455590820)(190461294614860)(67729699691378);UriScan:(134217032509453)(158342451672863)(166708455590820)(190461294614860)(67729699691378); X-Microsoft-Antispam-PRVS: x-exchange-antispam-report-cfa-test: =?us-ascii?Q?BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101?= =?us-ascii?Q?)(100105300095)(100000702101)(100105100095)(6040450)(601004)?= =?us-ascii?Q?(2401047)(8121501046)(5005006)(3002001)(100000703101)(100105?= =?us-ascii?Q?400095)(10201501046)(93006095)(93001095)(6041248)(2016112355?= =?us-ascii?Q?5025)(20161123562025)(20161123558100)(20161123564025)(201611?= =?us-ascii?Q?1802025)(20161123560025)(201703131423075)(201702281528075)(2?= =?us-ascii?Q?01703061421075)(201703061406153)(6043046)(6072148)(201708071?= =?us-ascii?Q?742011)(100000704101)(100105200095)(100000705101)(1001055000?= =?us-ascii?Q?95);SRVR:VI1PR0701MB1741;BCL:0;PCL:0;RULEID:(100000800101)(1?= =?us-ascii?Q?00110000095)(100000801101)(100110300095)(100000802101)(10011?= =?us-ascii?Q?0100095)(100000803101)(100110400095)(100000804101)(100110200?= =?us-ascii?Q?095)(100000805101)(100110500095);SRVR:VI1PR0701MB1741;BCL:0;?= =?us-ascii?Q?PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(1001?= =?us-ascii?Q?05300095)(100000702101)(100105100095)(6040450)(601004)(24010?= =?us-ascii?Q?47)(5005006)(13013025)(13021025)(8121501046)(93006095)(93003?= =?us-ascii?Q?095)(3002001)(100000703101)(100105400095)(10201501046)(60412?= =?us-ascii?Q?48)(20161123558100)(2016111802025)(20161123555025)(201611235?= =?us-ascii?Q?60025)(20161123564025)(20161123562025)(201703131423075)(2017?= =?us-ascii?Q?02281528075)(201703061421075)(201703061406153)(6072148)(6043?= =?us-ascii?Q?046)(201708071742011)(100000704101)(100105200095)(1000007051?= =?us-ascii?Q?01)(100105500095);SRVR:AM3PR07MB0758;BCL:0;PCL:0;RULEID:(100?= =?us-ascii?Q?000800101)(100110000095)(100000801101)(100110300095)(1000008?= =?us-ascii?Q?02101)(100110100095)(100000803101)(100110400095)(10000080410?= =?us-ascii?Q?1)(100110200095)(100000805101)(100110500095);SRVR:AM3PR07MB0?= =?us-ascii?Q?758;?= x-forefront-prvs: 040359335D X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10019020)(39830400002)(377454003)(199003)(189002)(81156014)(81166006)(53936002)(6246003)(110136004)(53386004)(2420400007)(14454004)(33656002)(2950100002)(6916009)(15650500001)(1730700003)(6506006)(1680700002)(3660700001)(3280700002)(2906002)(8936002)(50986999)(53546010)(5250100002)(229853002)(8676002)(7696004)(76176999)(2501003)(54356999)(2900100001)(10710500007)(68736007)(606006)(5660300001)(74316002)(7110500001)(97736004)(102836003)(6116002)(236005)(9686003)(101416001)(86362001)(966005)(189998001)(99286003)(6436002)(54896002)(2351001)(25786009)(55016002)(106356001)(105586002)(7736002)(478600001)(6306002)(5640700003);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0701MB1741;H:VI1PR0701MB2944.eurprd07.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:3;MX:1;LANG:en; received-spf: None (protection.outlook.com: shapeblue.com does not designate permitted sender hosts) SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-CWesigProcessed: Y X-MAIL_SIG_VERSION: 4.0.2.4148 X-MAIL_SIG_SERVER: smtpworker-in-1.xware-eu-1.o365.crossware.co.nz X-MAIL_SIG_CONFIGNAME: Plain Text for Mailing Lists etc X-MAIL_SIG_CONFIGNAMEPLIED: Plain Text for Mailing Lists etc Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB2944FC75088E4091AC59C4CDE9800VI1PR0701MB2944_" MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB1741 X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR01FT058.eop-EUR01.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:104.40.179.195;IPV:CAL;CTRY:;EFV:NLI;SFV:NSPM;SFS:(10019020)(39830400002)(2980300002)(1110001)(1109001)(339900001)(199003)(377454003)(189002)(7110500001)(956001)(2900100001)(68736007)(189998001)(2420400007)(8676002)(1730700003)(81156014)(81166006)(8936002)(15650500001)(33656002)(5660300001)(74316002)(1680700002)(2906002)(10710500007)(2351001)(86362001)(76176999)(50986999)(97736004)(15974865002)(5250100002)(2501003)(54356999)(105606002)(106466001)(99286003)(55016002)(54896002)(9686003)(236005)(6306002)(110136004)(966005)(6506006)(478600001)(61614004)(7736002)(53386004)(5640700003)(26826003)(356003)(6116002)(102836003)(85426001)(626005)(53936002)(6246003)(84326002)(25786009)(606006)(512934002)(7696004)(229853002)(14454004)(6916009)(53546010)(2950100002);DIR:OUT;SFP:1102;SCL:1;SRVR:AM3PR07MB0758;H:smtpworker-in-1.xware-eu-1.o365.crossware.co.nz;FPR:;SPF:Fail;PTR:InfoDomainNonexistent;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;VE1EUR01FT058;1:Hb0Ss33vdXxDdRK5mO9p1GpS25f0xIUmuXPf7krc0rgEslZWy0F6bHN6hpBwNT19xjMk/y8w1MEVBlC81q0uzBWE1pPixG5m+ktsZoOXC2RnTyh4b6WMbQOQlx9S5s4r X-CrossPremisesHeadersPromoted: VE1EUR01FT058.eop-EUR01.prod.protection.outlook.com X-CrossPremisesHeadersFiltered: VE1EUR01FT058.eop-EUR01.prod.protection.outlook.com X-DkimResult-Test: Failed X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(2017082002075)(3002016)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:AM3PR07MB0758; X-Microsoft-Exchange-Diagnostics: 1;AM3PR07MB0758;3:IX7F7B0KWPih0FmA8nBRXnOFY8506cjIeMDMo9gawUYd8fC7nTNcKjtYmGS/kz2cf5JusHHhq9WW42TzdpspYEpoiO+1TxqmazB5VMjY60rsKu6qE2zjltQvG5sdz0WOY7++EEA1BUbtG7RucMyZ5qYXPXmQpLMZexgyZWjORkUDcMyGBd9pjL3q4cnjS/TZqUK0V8zFmIaSjq/d5jTsvoMEHrss7una6j8uX9L3NO3OvXEgxjhDFARKxqUEjyU76+Ur2ISGyCaJC3wFqoRlX55DEJaQFIeMf9mhWHHRhEJDZJw33eEDFXExGEmN0n3FEE3nltnBkuNbFLKSohtahkCnRLS0uiP+JcMK8pxHkAI=;25:A6xi/f+9GbII7wEB9NWCSNBcJeR0cUDvr4ed/jVVQ269Z/+l98hi+ZsJjwQC7sOLpfSFrAw4Mn5J89ECQGJL/83vXVhD8a+2233XdwtT0rqECgd969XxuUt8YoIqXrr7Y8s7N8qdCaPEcKNpJA6maftrlO0TDRNFkpsntGGiD7yGJjO3LC1f1jGr2q2XnL9RujZ9hd8spyTPoa/fdus3Y2/v+VTTDmNQ8L/gfbBau+6z3NNroSQTb2dJJnkj8V2s1ri0zFJJW7cJOdF4mnZfV+G7qk17222lf43tmoNMm9smD0RfDO+pv8oNEoLksPlvPKIbZe5B0qj14X3qjCjXKg== X-Microsoft-Exchange-Diagnostics: 1;AM3PR07MB0758;31:QbsFUFZQCXg5WYp6M6w3DMiO1S3y7nWCMdKXp/SP1lTpkUnuV5KqlESTZ+kzUNAR9+GUr4vt/cy9Nb7htfOF8UM5Z8k7jdH9V+PuawNaG1DxFwldVOWQyL9TDzjyIbYWmNNpeRm8YsmcGB6LUbrhs8Fp8BA1ZQimftkz4wsgH4Cr5hThjspXHajeH6BivpEhI86bh05VIrd3TCoXA+C1bp3N9qim7Dz710IqaV99hyQ=;20:ZvxbepBPpC30+XU7FUmH2d7ZGBIZZVxCHYo7zygWibYrKllwYINaUDxD9Wo9FpUNWySLD/CU45fxAi4LNONWnnRx6wJhN7nvB1xabicXOohREehvdr/c0l6XEdupbUyFsb9OtVDNVG3hexM2iDgHXW13bUx8IbB7oba95zWbG22b43ymswpW1AqN63//dWdagSfAewz3uOPqtjA5Zp3+LBkEkp1erj9wsFN1Wu1Ztm0TA+A5J8Mr+ZTWPXtfZ/zI;4:8mkMc6y0lDx7J1R6yfBW62crHrVa6uDK8ItUmZnpbAxrTGn11C6L2Z4ohVTWvhkflrP26lqHpVi9Jp+fLqiZZUghq2WoGHGVcEeJryIbYkCUBauvMDPkdOZlWCDdQLM/YCwa+TmOoAs5YW2C7srw5NFr+brhyHrutSwF0l61gxLoTo5Rsq1DGbXARl8TiVIt02G4ly8WdOA7ToH+ZIYtls5b2TFpz4qLUfC81ON1g82rAKZPOHLS60C/SmIQj01bMMLPfUGD3qrcJ/bgMNLyFe6TMKXYb0lBMxf9+aRxGXD+Cm5BuTRxwQwe0Tx6Jjp3Br+ZyNazOZI9sJuBArMcikAfgRbJtTH/Z3GJ7jH741LE/Mb91nARCy4Wmw1FB/0YdyBuNB6SuK9//Zv4RM8NVtjuYiGkRyda1cXu9IBZAJQDYHWtCYuecKun3iJgBAVU X-Forefront-PRVS: 040359335D X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;AM3PR07MB0758;23:1MsfcjZ22EZMjlmeN64KYdUOxEijOol7qey7p5XIL?= =?us-ascii?Q?UL+bDmsEjEvv/0HQ8H+t4kZq15KMxBWNGgyhIAffSaG2Ixjw5GqHwqExekpx?= =?us-ascii?Q?yLHmVbTomhhUvAHZ8w/3h5zjTXD3fdl4Q5abO2mfm8T1njWKm5PJXSAmlms3?= =?us-ascii?Q?lvCrHId5ri5d2eDw91eCxOymng20NA3QzYg8lz+Z9DlHDK5aRb8m8F3ypZ4k?= =?us-ascii?Q?mOYcVLupgc97ApvM5yIjxpB15qLiEmmKzBC71s4SesxtctUkPtpXm2CasouZ?= =?us-ascii?Q?69NzfyGNbaZDxtNPrlclVRo83qT53IuCfH/w6vUzALBsVaBg7mZK4JRXvwA1?= =?us-ascii?Q?4utYGYu5y0trSktHOfezruRqoE1c0RG119NmnVCf34TKYooHr/sTIzoysSDL?= =?us-ascii?Q?CgbchrgY77Yepa6b9T1wZjD6pVl0iO2l7Dt6jEhIxGUBuBNe2oUCL1wubIEg?= =?us-ascii?Q?neEj56I+3OSlNqu8fak0GTVBlTqy+5hGzTrYWLQx5nHXQdx8oY6ZTvH4eM++?= =?us-ascii?Q?EbtxnZ3K9vcwxhOWQcpBhtYjFQ1jIh6Sj4y5r8cMDXkL4wRJIV6MLZNiODV5?= =?us-ascii?Q?J07HVm16Z3ABIusPZZJ4G5+8lPkH/yhnxqBgwUTbACtrh0BqZmrls/IUhEpv?= =?us-ascii?Q?eEebviFABPY8qEdHpFBV4YDhW0H0IaeUgguRMKAe+A/uZu8qzPlgb5NSDeeb?= =?us-ascii?Q?3PDUfn0x54zH2Rf00684kpRInp4xycDqHgvbwpqPD0iTDZOp0ldCdwCTVmII?= =?us-ascii?Q?Vt5zf/eS51XZaT86rYtc/ygnH7VzEX4+JqHBlQBdFWnWGYezdeJyn3AmCq9t?= =?us-ascii?Q?BM6Y4I4RdvNj/FVIAM7Rt6yz+jfo+804C+VblNeIupS1qAhjalYOE5Rx6AqZ?= =?us-ascii?Q?XAqlm+fLSRW+yK5cQEU2JBYWpE5/ijpuesbJ8SjTlFW7AGQluoubQAnItCRU?= =?us-ascii?Q?VTVMLNBWIoS4djPs1QUMWnB4i8ORnLDekhhgrvShlWagtP0ZvmsiTc9Ucxue?= =?us-ascii?Q?gCq6K8sdURgzi51fZNlPA3SKwxJ205cg+VZSahbR1+HqH8O7EtHuyfENOgF+?= =?us-ascii?Q?FWKrZFVi052UDOi9M5ALL1yp7tKiCaNmaGjgC4U2Ccdrj2nzeZuGpAfLiDd5?= =?us-ascii?Q?l3h2HX02D9agVZQW+AgRYBUv9427Sh7jMC8693ZWmAS1f/sOMOfIiWKzC5LX?= =?us-ascii?Q?FnPAyEDwty7gky0PjzSQD1BVEwut/gVggZtizxCKpY9axEwZnHdY0SgLXdYD?= =?us-ascii?Q?3RAJlvihVYaa03L5BctaV6L0h99T8nkMsv7mqmrHYp/GM3ytd0fVzYEBgNuz?= =?us-ascii?Q?IArFvP96TjGJgCCzCZ5E657Uvjhiz8tT9xUhtbikSCQ1IzisOtorbpkm4tBQ?= =?us-ascii?Q?ObapDsQCZRxa0a1w3icWbc6Hj105nutmJ00CvzDwfE/J45jaVcv6DF35Pxut?= =?us-ascii?Q?WuZazJdbCtlRxJPhaNTV4jEQNzatd1ERA1IZ7xL22rkrb5f4iFGkSkhbbq2O?= =?us-ascii?Q?ydGcop6gonDNf6cfDrggPWVbuTPwFbWEHwPBcvgxvx6dG/7llo2AvAnQIoDO?= =?us-ascii?Q?YXGujAN//EfaSrOsN4gxI5vKLayKrGDmiqodz+iW8iVbycNiCZavqJzTkEgL?= =?us-ascii?Q?xfYb4cvxkxyDZQqCdl0rg=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM3PR07MB0758;6:OjJ/kSehHdU4GiCbZ/C7SUfPb5Ua19X9bNjDl2IW3rsSbyG6JdrriisbvGjT8Z2/jN2Dx/zcdlNeRyhVM08sHayoU5gmwtf2YKKMWu7xJn6dmb78dQj/UwlYJFd+kr8JOKb2Dxv8LJ1TD/8vke1go9216/UpEtuYiYtuDJ/S9/aZ0cNZyff4ttNpEUOxvOLwhAVqBGS9zZ3cg3wDLeeJLm3ePuJPUtAsLS364aDxgu2llWno3duRIjhQLTVdS9KyBzToDVIiTMHzNncdFKF6ZrDZJ+KoNT5OKxBBQSb4M0kJWz3KZD7df8OfWob7zZaASl+bwwunqczOk3fo54j/9g==;5:15RQXAN4lfjCyfGiDt1ATk10o39nOBwdj0Jb8BQNneBvEkRAzVoiEuP79OBglwonWTLylxOTOPUrIHU8qqgi4iD8vaYHISFQMH9Gka8NKwBNHMGvorei/ytQ+IrCLaIGtWksPZXGj9HM8GFf9tJ1qA==;24:zUWGyW4Zm+ZJcnv/MBM6QATXmwWQ/bh1TeyGSfGnPOreYdPKkQf1KYPvYdYYvJQ6edetdtaKKLxJSPGCgdDPmiU+NyPTjCGXGqD8hLdHlT0=;7:fV6jU5cVhLRlciz5iNcBemSibdhmAup9WB7SkD4lYxe/jI7+83zI2/BgREVzA7me7DdLIPFWCTLLtl7hQDGcecDvvILbf7Elnp+FbCfIr8fpRRMZFITJpdx18j9xHlDGWYi+qsHV2nwFN0r9hC3ooe/oeRd/J3GlWagT+RDgm3UP/ARq4LXkkoRY+engIyQbD3vmWSffmCj3gXxfM/a9LhG5Br7KwCMaXC0OqyBHaGM= X-OriginatorOrg: shapeblue.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Aug 2017 14:09:34.1364 (UTC) X-MS-Exchange-CrossTenant-Id: fc8906f6-e50e-4dad-98a0-ec2e3abe14f5 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fc8906f6-e50e-4dad-98a0-ec2e3abe14f5;Ip=[104.40.179.195];Helo=[smtpworker-in-1.xware-eu-1.o365.crossware.co.nz] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB0758 archived-at: Fri, 18 Aug 2017 14:09:56 -0000 --_000_VI1PR0701MB2944FC75088E4091AC59C4CDE9800VI1PR0701MB2944_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable All, The feature is ready for your review, please see: https://github.com/apache/cloudstack/pull/2239 Thanks and regards. ________________________________ From: Rohit Yadav Sent: Thursday, July 13, 2017 12:59:02 PM To: dev@cloudstack.apache.org Subject: [DISCUSS][SECURITY] Feature: Secure CloudStack Communications All, With upcoming features such as the application service (container service),= and existing features such as SAML, they all need some sort of certificate= management and the idea with the proposed feature is to build a pluggable = certificate authority manager (CA Manager). I would like to kick an initial= discussion around how we can secure components of CloudStacks. A CA servic= e/manager that can create/provision/deploy certificates providing both auto= mated and semi-automated ways for deploying/setup of certificates using in-= band (ssh, command-answer pattern) and out-of-band (ssh, ansible, chef etc)= to CloudStack services (such as systemvm agents, KVM agents, possible webs= ervices running in systemvms, VRs etc). While we do have some APIs and mechanisms to secure user/external facing se= rvices where we can use custom or failsafe SSL/TLS certificates, it's far f= rom a complete solution. The present communications between CloudStack mana= gement server, its peers and agents (served on port 8250) is one way SSL ha= ndshaked connection, is not authenticated while may be secure by insecure c= ertificates. As a first step, it is proposed to create a general purpose pluggable CA se= rvice with a default plugin implementation where CloudStack becomes a Root-= CA and can issue self-signed certificates. Such certificates may be consume= d by CloudStack agents (CPVM/SSVM/KVM) and other components/services (such = as SAML, container services etc). The pluggable CA framework should allow d= evelopers to extend the functionality by implementing provider plugins that= may work with other CA providers such as LetsEncrypt, an existing/internal= CA infrastructure, or other certificate vendors. Please see an initial FS and ideas on implementation in the following FS. L= ooking forward to your feedback. FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Agent+Com= munications JIRA: https://issues.apache.org/jira/browse/CLOUDSTACK-9993 Regards. rohit.yadav@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue rohit.yadav@shapeblue.com=A0 www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue =20 =20 --_000_VI1PR0701MB2944FC75088E4091AC59C4CDE9800VI1PR0701MB2944_--