Since the nova security reviewers have been too busy to weigh in on this yet, I've added a few reviewers from the OSSG to help evaluate risk and exploitability.
If this demonstrably makes it possible to guess an HMAC token gaining unintended access/privileges in a supported release of nova and can be fixed in a stable backport, then we likely need to keep it embargoed while patches are assembled. Otherwise, I suspect this is a security hardening improvement we can discuss and develop far more efficiently in the open.
Since the nova security reviewers have been too busy to weigh in on this yet, I've added a few reviewers from the OSSG to help evaluate risk and exploitability.
If this demonstrably makes it possible to guess an HMAC token gaining unintended access/privileges in a supported release of nova and can be fixed in a stable backport, then we likely need to keep it embargoed while patches are assembled. Otherwise, I suspect this is a security hardening improvement we can discuss and develop far more efficiently in the open.