Comment 3 for bug 1257566

At this point the fact that openstack-internal communications are not all properly encrypted is a known feature gap. Internal management traffic needs to be run over a trusted network as a result. This feature gap is being addressed (in the referenced bug). Once we reach the state where OpenStack internal management traffic can be run over a hostile network (and a release publish that deployment security as a feature), then we'll consider any regression to be a vulnerability and issue advisories for it.

As far as this bug goes, I would just open this bug and recommend dropping this untested "feature" completely.