Wednesday, 2017-09-06

« Tuesday, 2017-09-05 Index Thursday, 2017-09-07 »
*** agrebennikov has quit IRC00:15
*** dave-mccowan has quit IRC00:49
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [8]  https://review.openstack.org/50105001:02
*** liujiong has joined #openstack-barbican01:24
*** namnh has joined #openstack-barbican01:28
*** daidv has quit IRC02:37
*** daidv has joined #openstack-barbican02:43
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [9]  https://review.openstack.org/50108603:00
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [3]  https://review.openstack.org/49941903:07
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [4]  https://review.openstack.org/50024403:07
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [5]  https://review.openstack.org/50074503:08
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [6]  https://review.openstack.org/50089003:08
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [7]  https://review.openstack.org/50089603:08
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [8]  https://review.openstack.org/50105003:09
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [8]  https://review.openstack.org/50105003:14
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [9]  https://review.openstack.org/50108603:14
openstackgerritKien Nguyen proposed openstack/barbican master: [WIP] Implemente OVO [10]  https://review.openstack.org/50110103:41
*** pcaruana has joined #openstack-barbican05:27
*** serlex has joined #openstack-barbican07:00
*** andreas_s has joined #openstack-barbican07:01
*** serlex has quit IRC07:06
*** serlex has joined #openstack-barbican07:06
*** hieulq has quit IRC07:40
*** hieulq has joined #openstack-barbican07:41
*** liujiong_lj has joined #openstack-barbican08:23
*** liujiong has quit IRC08:23
*** jaosorior has quit IRC08:27
*** openstackgerrit has quit IRC09:18
*** jaosorior has joined #openstack-barbican10:14
*** pbourke has quit IRC11:33
*** pbourke has joined #openstack-barbican11:34
*** dave-mccowan has joined #openstack-barbican11:40
*** liujiong_lj has quit IRC11:40
*** raildo has joined #openstack-barbican12:00
*** openstackgerrit has joined #openstack-barbican13:08
openstackgerritMerged openstack/castellan master: Add releasenotes for castellan  https://review.openstack.org/50066713:08
*** catintheroof has joined #openstack-barbican13:29
*** jaosorior has quit IRC13:41
*** jaosorior has joined #openstack-barbican13:58
*** jaosorior_ has joined #openstack-barbican14:09
*** aspiers has quit IRC14:21
*** agrebennikov has joined #openstack-barbican14:32
*** aspiers has joined #openstack-barbican14:33
*** andreas_s_ has joined #openstack-barbican15:02
*** andreas_s has quit IRC15:05
*** diazjf has joined #openstack-barbican15:25
*** andreas_s_ has quit IRC15:35
*** rmascena has joined #openstack-barbican15:38
*** raildo has quit IRC15:41
*** rmascena is now known as raildo15:42
*** dave-mccowan has quit IRC16:17
*** jaosorior has quit IRC16:18
*** dave-mccowan has joined #openstack-barbican16:38
openstackgerritOpenStack Proposal Bot proposed openstack/castellan master: Updated from global requirements  https://review.openstack.org/49701916:54
*** dave-mccowan has quit IRC16:56
*** dave-mccowan has joined #openstack-barbican16:56
*** jaosorior_ has quit IRC17:05
*** serlex has quit IRC17:32
*** randomhack has joined #openstack-barbican17:32
randomhackif we decide to put in an HSM later, how would this affect the keys stored using the simplecrypto plugin?  is it possible to convert the mkek to HSM storage without corrupting all of the keys?17:35
*** mriedem has joined #openstack-barbican17:43
mriedemcastellan 0.13.0 breaks cinder https://bugs.launchpad.net/castellan/+bug/171545117:43
openstackLaunchpad bug 1715451 in Cinder "Castellan 0.13.0 doesn't work with ConfKeyManager due to missing list() abstract method" [Undecided,New]17:43
randomhackI see there was a blueprint for creating a migration tool and it describes the behavior fairly well.  https://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html17:48
*** mriedem has left #openstack-barbican17:49
randomhackIt seems that a KEKDatum entry is created for each project which determines the active crypto plugin. If a project was created before an HSM was added, it is my understanding from the link that the project KEK will never be converted to use the HSM/pkcs11 crypto plugin, hence the need for that migration tool.17:54
*** randomhack has quit IRC18:18
*** randomhack has joined #openstack-barbican18:25
*** jaosorior has joined #openstack-barbican18:30
randomhackAhh it appears that you can rewrap project mkek's with the barbican-manage utility.  But it seems to be focused on rotating an existing HSM MKEK and not converting from simplecrypto to PKCS11 type crypto.18:53
*** jaosorior has quit IRC18:53
*** catinthe_ has joined #openstack-barbican19:04
*** catintheroof has quit IRC19:06
*** catintheroof has joined #openstack-barbican19:06
*** catinthe_ has quit IRC19:10
*** diazjf has quit IRC19:11
*** pcaruana has quit IRC19:34
*** diazjf has joined #openstack-barbican19:35
*** randomhack has quit IRC19:56
*** dave-mccowan has quit IRC20:11
*** tinwood has quit IRC20:22
*** tinwood has joined #openstack-barbican20:23
*** dave-mccowan has joined #openstack-barbican20:39
*** dave-mcc_ has joined #openstack-barbican21:03
*** dave-mccowan has quit IRC21:05
*** randomhack has joined #openstack-barbican21:19
*** diazjf has quit IRC21:19
*** randomhack has quit IRC21:23
*** catintheroof has quit IRC21:56
*** dave-mcc_ has quit IRC21:57
*** randomhack has joined #openstack-barbican22:52
*** randomhack has quit IRC22:57
*** raildo has quit IRC23:15
« Tuesday, 2017-09-05 Index Thursday, 2017-09-07 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!