© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Yes, I agree checking time gap is a much better alternative in terms of minimizing deployment impact. However, I am not sure how reliable it will be given that
1. we don't know what that time gap should be. I could be different per protocol and version. We could make it configurable. But I suspect it may not be a trivial exercise to figure out a default value.
2. even if we enforce time gap, attacker can still take advantage of that narrow window, whatever it may be.
3. deployer will also need to worry about time skew. Though it may not be a big deal as all the controllers are expected to be running NTP.
Also, we should consider advising deployers to not to directly expose the Keystone S3 and EC2 APIs to the public. They should be used by the internal IaaS services only.