20:01:24 #startmeeting barbican 20:01:25 Meeting started Mon Mar 9 20:01:24 2015 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:01:26 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 20:01:29 The meeting name has been set to 'barbican' 20:01:52 #topic Roll Call 20:02:07 yo/ 20:02:08 o/ 20:02:15 o/ 20:02:53 o/ 20:03:13 o/ 20:03:16 not many barbicaneers here 20:03:26 quality, not quantity? 20:03:29 I guess Daylight Savings Time messed up the meeting time for us 20:03:31 ;) 20:03:35 hockeynut: damn straight 20:03:38 hehe 20:03:47 as usual the agenda can be found here: 20:03:57 #link https://wiki.openstack.org/wiki/Meetings/Barbican 20:04:08 #topic Review Action Items 20:04:18 #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-03-02-20.01.html 20:04:41 arunkant hi! can you give an update on whether you think per-secret-policy can be completed by Kilo-3 20:05:10 since kilo-3 release is next week, we would ideally want the code to be up for review before the end of the week. 20:05:20 o/ 20:05:25 o/ 20:05:25 redrobot: I have implemented functionality and in process of adding tests for new functionality. Review is available at https://review.openstack.org/#/c/161620/ 20:05:53 o/ 20:06:30 arunkant awesome... I'll keep an eye on that review. If it looks like it might slip past Kilo-3 I might bump it to Liberty. 20:06:54 woodster is out on vacation this week, so i'll bump his action item to next week 20:06:54 redrobot, I will have basic test added by tomorrow..so it can be reviewed from tomorrow evening 20:07:07 #action woodster_ to reach out to Jarret about compliance concerns if we switch to hard deletes 20:07:37 arunkant, this is for per-secret? 20:07:38 o/ sorry im late 20:07:46 alee, yes 20:07:48 and the last action item from last week was for me 20:07:55 excellent 20:08:38 and I was waiting to get some code landed into Castellan before adding it to global-req. I think we may need a PyPI release before that too. So I'll have to sync up with rellerreller to see what the progress is on that 20:08:56 o/ I'm here 20:09:05 Just got here a minute ago 20:09:07 oh hi rellerreller ! 20:09:33 You're looking for progress on Castellan? 20:09:48 rellerreller yeah, I was trying to herd some cats to get some of those outstanding CRs landed 20:10:01 rellerreller I want to make a PyPI release so that we can add Castellan to global-req 20:10:11 There is only one left that I see. 20:10:41 It was the one with "Fix Oslo Deprecation Warnings" 20:11:03 I don't really know much about what this patch does, so I would need help on that one. 20:11:04 rellerreller is there anything else outstanding that you think would prevent us from doing a 0.0.1 release? 20:11:32 I will double check with the team, but I can't think of anything at the moment. 20:11:34 rellerreller looks like it's just updating oslo incubator... I can ping rm_work about rebasing 20:11:50 redrobot sounds good 20:12:02 #action redrobot and rellerreller to coordinate an initial release of Castellan so it can be added to global-requirements. 20:12:09 redrobot what is oslo incubator? 20:12:57 rellerreller oslo "managed copy paste"... it's where code lives before it gets released into a proper library. Looks like the outstanding CR is trying to update some of the "managed copied code" 20:13:46 ok, that's it for action items from last week 20:13:55 #topic Kilo-3 20:13:57 OK, that sounds good. I'll have to read more about that. 20:14:03 #link https://launchpad.net/barbican/+milestone/kilo-3 20:14:22 Kilo-3 release is just around the corner 20:14:55 So it would be good to get all the outstanding Blueprint code up for review this week. 20:15:22 if there's stuff that won't make it, it would be better to punt it to L sooner rather than later. 20:15:37 arunkant do you know if tsv has made progress in the quota blueprint? 20:16:12 redrobot, last I heard he is working on adding tests 20:16:28 arunkant awesome. hopefully he can get a CR up this week. 20:17:04 alee any updates on Common Cert API? 20:17:53 redrobot, none so far. I'll been pulled off doing pointer arithmetic for awhile. I should be back on barbican work as of tomorrow though 20:18:05 redrobot, so I'll be able to make more progress 20:18:24 alee ok, awesome. I'd really like to get that BP finished before Kilo-3 20:18:30 me too 20:18:46 rellerreller any updates on the content-types BP? 20:18:57 Yes, the CR is up and ready for review 20:19:16 https://review.openstack.org/#/c/160444/ 20:19:37 I noticed a few things while writing the CR. 20:19:42 rellerreller awesome! 20:19:52 1. All secrets should be returned in binary format. This is specified on the API page. 20:19:54 rellerreller good thins? 20:19:57 * redrobot crosses fingers 20:20:04 2. The Accept-Encoding header is not being used. I think this would be good to support in the future. 20:20:17 That way you can have base64 or raw binary 20:20:26 3. Public and private keys were being generated in PEM format in simple crypto and being returned in that format for testing. kfarr and I fixed that and added a test to make sure that Barbican Core returns in binary format. 20:20:59 There are a lot more tests now. I think this will help with standardizing the format and encodings. 20:21:17 rellerreller, how does that affect passphrase encoded private keys? 20:21:56 It should not affect them. 20:22:11 I'm sure the client will need a lot of work though 20:22:33 rellerreller I went down the rabbit hole of trying to use the Accept-Encoding header for base64 before 20:22:38 Essentially in simple crypto it generates the keys. If they are encrypted or not still a PKCS8 structure. 20:22:58 rellerreller, ok 20:23:11 rellerreller decided it would be better to do without it. Ran into problems that I can't quite remember now. 20:23:40 redrobot I think now that formats and encodings are standarized the accept encoding may not be too bad. I would like to put a CR up for that in the future. I'm curious what lessons learned you have. 20:24:44 rellerreller I'll have to think about it... I recall having problems with postman, and also with the HTTP Server in front of Barbican wanting to own the Accept-Encoding header... 20:25:13 redrobot Oh my goodness! 20:25:40 alee I'm assuming the Identify CA blueprint will be lower priority than the Common Cert one? 20:25:51 I don't think accept-encoding is meant to be used for binary vs base64 ... http://tools.ietf.org/html/rfc2616#section-14.3 20:25:56 I had so much trouble with the Accept header. The Gerrit gate kept failing. It does not accept application/pkcs8 or application/pkix-cert as Accept type. 20:26:05 redrobot, yeah - 20:26:06 there are several accept-encodings defined. 20:26:43 tranfer using base64 or binary would be content-type. 20:26:59 or accept coming from the client. 20:27:11 base64 is not a content-type 20:27:56 and RFC 2616 is obsolete now :) 20:28:26 base64 is defined for Content-Transfer-Encoding or something like that... it's definitely worth investigating 20:29:04 rellerreller I saw you added asymmetric key support to K-3 20:29:12 rellerreller do you think you can have a CR ready for review this week? 20:29:19 redrobot That is our goal 20:29:59 rellerreller awesome! 20:30:05 redrobot It should not be much code, but we need to test PyKMIP with hardware to verify this works. 20:30:12 ok, that's all I have for Kilo-3 20:30:22 any questions/comments about Kilo-3? 20:32:06 ok, that's all I have on the agenda for today 20:32:12 #topic Open Discussion 20:32:34 Any questions/comments/topics not on the agenda? 20:33:41 Bueller? 20:33:52 We all left already 20:34:17 haha, ok then, I guess we can call it an early meeting 20:34:23 thanks everyone for coming! 20:34:27 #endmeeting