Thanks Dave for the new patch set!
I've subscribed apevec and adam_g as Nova stable maintainer. So we are looking at a RPC version bump in order to have stable properly fixed.
If this is not possible, we still have the option to triage the mitm case as a B1/B2 class of bug ( https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy ) and eventually provides a more simple patch that would make sure origin scheme is https.
Thanks Dave for the new patch set!
I've subscribed apevec and adam_g as Nova stable maintainer. So we are looking at a RPC version bump in order to have stable properly fixed.
If this is not possible, we still have the option to triage the mitm case as a B1/B2 class of bug ( https:/ /wiki.openstack .org/wiki/ Vulnerability_ Management# Incident_ report_ taxonomy ) and eventually provides a more simple patch that would make sure origin scheme is https.