OpenStack Summit May 2015 Vancouver has ended
Monday, May 18 • 2:50pm - 3:30pm
Secure, Ephemeral PKI with the Anchor Project

Sign up or log in to save this to your schedule and see who's attending!

Ephemeral PKI, first introduced during a highly successful talk presented last year in Paris, is a novel solution to the difficult problem of TLS certificate management at scale. With the pain caused by highly publicised TLS security flaws such as Heart bleed and Poodle still fresh in the minds of many, and with the growing uptake of TLS to secure more and more cloud infrastructure this challenging problem has never been more relevant. 

Anchor is the open source project evolved from HP's own internal implementation of a stateless ephemeral CA. Designed to operate with high availability and at the scale of large cloud deployments, it neatly sidesteps the certificate revocation issues that plague most OpenStack deployments. 

This presentation will consist of three parts, first we will examine the core concepts of ephemeral PKI and its advantages over traditional approaches to certificate management. Secondly we'll present the Anchor project itself, discussing it's technical design and implementation, as well a roadmap for its future development. Finally, to cement the usefulness of this approach, we will present a dogfooding section that details how Anchor and ephemeral PKI are deployed today within HP's Helion cloud products. 


Tom Cammann

HP Nova Team Engineer
  Tom Cammann is an OpenStack engineer for HP. In this role he has been responsible for integrating Nova into Helion. Recently he has been working on HP's TripleO derivative to design and implement TLS encrypted OpenStack services inside Helion OpenStack.

Doug Chivers

HP Cloud Security Architect
Doug Chivers is a senior member of the HP Cloud Security team, with a range of architecture and operations related responsibilities.  Doug has a background in security architecture and cryptographic consultancy across various sectors, and is an active member of the OpenStack Security... Read More →

Tim Kelsey

HP Cloud Security
Tim Kelsey is a security engineer at HP Cloud with responsibilities across the Helion portfolio and an emphasis on OpenStack upstream work including ongoing contributions to Barbican, Kite, Anchor, and Bandit.  Tim is an experienced software and systems developer, with demonstrated... Read More →

Monday May 18, 2015 2:50pm - 3:30pm
Room 211

Attendees (0)