[Maas-devel] State of RPC registration and security #2

Christian Reis kiko at canonical.com
Fri Oct 10 13:06:25 UTC 2014


On Fri, Oct 10, 2014 at 11:52:05AM +0100, Gavin Panella wrote:
> On 10 October 2014 11:04, Andres Rodriguez <...> wrote:
> ...
> > What was discussed this week is that the cluster page should be able
> > to generate a token and use that token to tell the cluster to register
> > to the region. We can have a show shared secret or token that will be
> > used for registration. The command line should also be there but also
> > UI.
> 
> Yeah, we discussed that earlier this week, but I've had time to think
> since then. Transmitting the secret over the network even for the web UI
> seriously diminishes the trust we can place in that secret. I think we
> should discuss this before doing it, because once it's done it can't be
> undone.

It's funny, while I was filing the bug I got the same feeling. We should
validate the idea with Dustin and James as internal experts.
-- 
Christian Robottom Reis   | [+1] 612 888 4935    | http://launchpad.net/~kiko
Canonical VP Hyperscale   | [+55 16] 9 9112 6430 | http://async.com.br/~kiko




More information about the Maas-devel mailing list