12:02:04 #startmeeting barbican 12:02:05 Meeting started Tue Jul 10 12:02:04 2018 UTC and is due to finish in 60 minutes. The chair is alee. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:02:06 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:02:08 The meeting name has been set to 'barbican' 12:02:15 #topic roll call 12:02:43 o/ 12:02:47 o/ 12:02:53 Luzi, mhen hi 12:03:01 hi alee 12:03:24 anyone else here today? 12:04:07 there are a lot of folks that have been on holiday last week and this week 12:04:30 so not much has changed in the last week 12:04:54 I expect things will pick up more with reviews etc. this week. 12:05:46 given that - I don't really have much of an agenda today other than to remind folks about the submission requuest deadline for the summit for talks 12:06:19 Luzi, mhen -- anything you guys want to bring up? 12:07:47 ah i just wanted to ask, if there was any discussion concerning the allowed bit lengths? 12:08:12 yeah - everyone has been on holiday -- so alas no 12:08:38 okay 12:08:40 folks are coming back this week so I think we'll have discussion later this week 12:09:26 Luzi, either way - we'll definitely get a fix in in Rocky 12:09:59 alee, i just wanted to know, if i missed something :) 12:10:02 we have another question: should there be a validation of user provided secrets and their meta-data? 12:10:24 what kind of validation? 12:10:38 2 possibilities: 12:11:01 1. a validation of the combination of meta-data 12:11:25 for example: aes - private key 12:12:00 that is not a valid combination of meta-data 12:12:39 2. a check of secrets against their meta-data (maybe through validator plugins?) 12:13:33 if I recall correctly, there is some validation that is in place 12:13:49 but its rather rudimentary 12:14:15 can you point it out for us? 12:14:51 Luzi, yup -- let me check -- 12:15:21 Luzi, what I recall though is there is not a lot there -- certainly its an area that could be improved 12:16:35 besides this: it is a question, if in general barbican should do things like that or not. 12:18:25 Luzi, so looking through the code, it looks like that type of validation is not there 12:19:07 I'm not opposed to adding the validation - and having some kind of validation plugin for folks to add their own is an interesting idea 12:19:25 we just have not have had a request for that yet. 12:19:53 often there is validation that takes place in the backend plugins 12:20:19 well that's a word :) we can investigate this a little more ... 12:20:38 for instance some hsms/ kmip devices will fail to archive something if the metadata is bad 12:21:04 but it would be nice to do some basic validations in barbican before it gets to that point 12:21:24 we do validate that the fields are correct, but not perhaps the content 12:21:56 Luzi, if you guys would like to add some validation code, it will certainly be welcome 12:22:03 raildo, hiu 12:22:15 alee, o/ 12:22:16 alee, we had thought about a user wanting to upload and use a private key, but accidently providing the public key. so in that case the meta-data and the seret would differ and could not be used for encryption anymore 12:22:43 Luzi, seems like a reasonable use case 12:23:02 alee, that's a word :) 12:23:22 Luzi, need to look - I thought there was some validation for some of that 12:24:01 I 'll poke around for a bit 12:25:22 Luzi, iirc -- the code is in common/validators.py 12:26:17 alee, i take a look into this 12:26:32 Luzi, you can see what validators are in there -- that would be the place to expand on them 12:26:41 anything else? 12:27:24 Luzi, all good? 12:27:51 that was everything from my side 12:28:20 cool thanks all for attending. hopefully more will happen this week as folks come back 12:28:27 #endmeeting