Tuesday, 2019-08-27

« Monday, 2019-08-26 Index Wednesday, 2019-08-28 »
*** jmlowe has quit IRC00:00
openstackgerrityangyong proposed openstack/barbican-tempest-plugin master: fix urls in README  https://review.opendev.org/67870801:39
*** dave-mccowan has quit IRC04:36
*** Luzi has joined #openstack-barbican05:43
*** trident has quit IRC07:00
*** trident has joined #openstack-barbican07:10
*** ivve has joined #openstack-barbican07:17
*** xek has joined #openstack-barbican07:30
*** jaosorior has quit IRC09:43
*** dpawlik has quit IRC10:04
*** dpawlik has joined #openstack-barbican11:18
*** jaosorior has joined #openstack-barbican11:20
*** dave-mccowan has joined #openstack-barbican11:35
*** ade_lee has quit IRC12:27
*** jaosorior has quit IRC12:39
*** jaosorior has joined #openstack-barbican12:39
redrobot#startmeeting barbican13:00
openstackMeeting started Tue Aug 27 13:00:08 2019 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.13:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.13:00
*** openstack changes topic to " (Meeting topic: barbican)"13:00
openstackThe meeting name has been set to 'barbican'13:00
moguimaryololo13:00
redrobot#topic Roll Call13:00
*** openstack changes topic to "Roll Call (Meeting topic: barbican)"13:00
redrobotCourtesy ping for ade_lee hrybacki jamespage Luzi lxkong raildo rm_work xek13:00
Luzio/13:00
redrobotAs usual our agenda can be found here:13:01
redrobot#link https://etherpad.openstack.org/p/barbican-weekly-meeting13:01
redrobotLuzi, moguimar, you guys are the best for always being here! :D13:01
redrobot#topic Review Past Meeting Action Items13:01
*** openstack changes topic to "Review Past Meeting Action Items (Meeting topic: barbican)"13:01
redrobot#link http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-20-13.00.html13:01
moguimar¯\_(ツ)_/¯13:02
redrobotI did not get a chance to do all the things I wanted to this week. :(13:02
redrobotSo I'm kicking the can down the road13:02
redrobotredrobot to document the feature gap between python-barbicanclient and openstacksdk (4)13:02
*** mhen has joined #openstack-barbican13:02
redrobot#action redrobot to document the feature gap between python-barbicanclient and openstacksdk (4)13:02
redrobot#action redrobot to ask boss for some time to get a barbican-ui POC (1)13:02
mheno/13:02
redrobot#action redrobot to review octavia's how-to for uploading certs13:03
redrobot#undo13:03
openstackRemoving item from minutes: #action redrobot to review octavia's how-to for uploading certs13:03
redrobot#action redrobot to review octavia's how-to for uploading certs (1)13:03
redrobot#action redrobot to check if secret types can be changed after upload (1)13:03
redrobotI use the parentheses to remind myself how many times we've bumped this.13:04
redrobotok, moving on13:04
redrobot#topic Liaison Updates13:04
*** openstack changes topic to "Liaison Updates (Meeting topic: barbican)"13:04
redrobotmoguimar, any updates from Oslo / Castellan ?13:04
moguimarnone13:04
*** jmlowe has joined #openstack-barbican13:04
redrobotcool beans13:04
redrobotmoving on13:04
redrobotI don't have anything on the agenda13:05
redrobotare there things y'all want to talk about?13:05
Luziactually just something small13:06
Luziwe discovered simple_crypto is using fernet with aes128 for kek-crypto-operations, is that right?13:07
mhen#link https://github.com/openstack/barbican/blob/bf95c37b84688c99bda0849230508d955fc62f82/barbican/plugin/crypto/simple_crypto.py#L10013:07
redrobotHmmm... not sure I haven't looked at it in a while.13:08
redrobotoh, yep, that's fernet for sure.13:08
redrobotalthough the 128 is just metadata13:08
redrobotI don't think that's actually being used in the Fernet function13:08
redrobot#topic Open Discussion13:09
*** openstack changes topic to "Open Discussion (Meeting topic: barbican)"13:09
*** jaosorior has quit IRC13:09
redrobotobviously 'AES-CBC-128' != Fernet13:09
mhen#link https://cryptography.io/en/latest/fernet/#implementation13:10
mhenBarbican uses Fernet implementation from cryptography13:10
mhenand it seems to be limited to AES12813:10
mhenthe Fernet spec doesn't include 192 or 256 actually as it seems abandoned - there is a 2 years old pull request adding those modes13:12
mhen#link https://github.com/fernet/spec/pull/1713:12
redrobotWell, that's a bummer13:14
mhenI found a quote in Keystone's presentation about their new JWS tokens:13:15
mhen"[Fernet] is not really being super supported / used that much anywhere but in Keystone and that was a warning sign [...]"13:15
rm_worko/13:15
mhen#link https://youtu.be/zxsrkABzwOg?t=50013:15
rm_workbit late but don't have anything to add really lol13:15
* redrobot waves at rm_work 13:16
mhenI understand that simple_crypto is not supposed to be used for production environments13:16
mhendoes this justify it being based on an old, abandoned crypto spec with no broad usage and open issues though ...13:18
*** ade_lee has joined #openstack-barbican13:18
redrobotmhen, you bring up a good point13:20
redrobotwe can certainly improve the simple_cyrpto plugin13:20
redrobotthe tricky part will be handling upgrades from an old simple_crypto to an enhanced one.13:20
redrobotmhen, do you want to file a bug against Barbican in storyboard13:21
redrobot?\13:21
mhensure13:21
redrobot#action mhen to file a bug about simple_crypto using an outdated encryption mechanism (Fernet)13:22
redrobotcool beans13:23
redrobotany other topics we should talk about?13:23
Luzinot from my side13:24
mhenneither from mine :)13:24
redrobotalrighty, I think we're done for today then13:24
moguimaradd comments to secret consumers review =D13:24
moguimarjust that13:24
redrobotmoguimar, you've got it!13:24
redrobotthanks for coming, everyone!13:25
redrobot#endmeeting13:25
*** openstack changes topic to "OpenStack Barbican Train Cycle Development - Weekly Meeting Agenda: https://etherpad.openstack.org/p/barbican-weekly-meeting"13:25
openstackMeeting ended Tue Aug 27 13:25:11 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)13:25
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-27-13.00.html13:25
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-27-13.00.txt13:25
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-27-13.00.log.html13:25
*** jaosorior has joined #openstack-barbican13:33
*** Luzi has quit IRC14:02
*** dpawlik has quit IRC14:35
*** jmlowe has quit IRC15:13
*** jmlowe has joined #openstack-barbican15:13
*** dpawlik has joined #openstack-barbican15:29
*** dpawlik has quit IRC15:33
*** ivve has quit IRC16:22
*** arunkant_ has quit IRC16:59
*** jaosorior has quit IRC17:16
*** ivve has joined #openstack-barbican17:25
*** ivve has quit IRC17:26
*** ivve has joined #openstack-barbican17:27
*** dpawlik has joined #openstack-barbican17:29
*** dpawlik has quit IRC17:34
*** jaosorior has joined #openstack-barbican18:00
*** dpawlik has joined #openstack-barbican18:08
openstackgerritXueFeng Liu proposed openstack/python-barbicanclient master: Revise tox-lower-constraints  bug  https://review.opendev.org/67892918:09
*** dpawlik has quit IRC18:13
openstackgerritXueFeng Liu proposed openstack/python-barbicanclient master: Revise tox-lower-constraints  bug  https://review.opendev.org/67892918:15
*** arunkant has joined #openstack-barbican18:19
*** jmlowe has quit IRC18:39
*** jmlowe has joined #openstack-barbican19:56
*** ade_lee has quit IRC20:01
*** dpawlik has joined #openstack-barbican20:09
*** dpawlik has quit IRC20:13
*** xek has quit IRC20:34
*** ade_lee has joined #openstack-barbican20:44
*** ade_lee has quit IRC20:51
*** ade_lee has joined #openstack-barbican20:51
*** ivve has quit IRC21:25
*** trident has quit IRC22:05
*** dpawlik has joined #openstack-barbican22:10
*** trident has joined #openstack-barbican22:13
*** dpawlik has quit IRC22:15
« Monday, 2019-08-26 Index Wednesday, 2019-08-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!