Comment 17 for bug 1188189

We need to move away from this pervasive assumption that private networks are secure. You only have to look at the 6 different hypervisor vulnerabilities released in the last 2ish months to understand that people are starting to come after virt tech in a big way and a full IaaS stack has a hell of an attack surface.

NSA, HP and a bunch of others all design their networks assuming some hostile actor is already inside and use various methods to try and contain an attacker. If an option to enable SSL is made available to deployers then it should provide most of the protections that you'd expect. Now we all know that SSL is actually quite the pain to configure correctly and perhaps there are areas we can help make life easier for deployers there too.

I vote for keeping this embargoed. OpenStack as-is offers SSL on some connections. Deployers who've turned on SSL for x,y,z connections will have done so to meet assurance requirements they've decided upon for their deployment. If this issue is disclosed without a fix it leaves deployers in a difficult position.

If you believe there's warrant for a wider OSSN on this issue I'd be happy to arrange for one to be drafted.