#openstack-barbican log

12:03:36 <redrobot> #startmeeting barbican
12:03:37 <openstack> Meeting started Tue Jul 24 12:03:36 2018 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:03:38 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:03:41 <openstack> The meeting name has been set to 'barbican'
12:03:49 <redrobot> #topic Roll Call
12:03:51 <redrobot> o/
12:03:55 <namnh> o/
12:04:30 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
12:04:35 <redrobot> ^ Agenda for the day
12:04:42 <Luzi> o/
12:04:46 <redrobot> but it looks like nobody updated it...
12:05:00 <redrobot> so we'll just make it up as we go
12:06:23 <redrobot> #topic Rocky Milestone-3
12:06:42 <redrobot> This week is Rocky milestone 3 week
12:07:06 <redrobot> I know alee was mentioning we have a lot of reviews on deck
12:07:15 <redrobot> so I will review some stuff today
12:07:31 <redrobot> jaosorior is back from vacation so hopefully he'll have some time for reviews as well.
12:07:45 <redrobot> #link https://releases.openstack.org/rocky/schedule.html
12:08:11 <redrobot> Also going to look into the KMIP gate today
12:08:32 <redrobot> If worse comes to worst, then we'll try to make it a non-voting gate for now.
12:10:05 <redrobot> any questions about rocky-3 ?
12:10:11 <namnh> yeah, I am trying to understand the error
12:10:28 <namnh> but, I still don't understand the problem
12:10:29 <namnh> :)
12:11:08 <namnh> redrobot: do you have any idea to fix the gate?
12:11:39 <namnh> Some of my patch sets is being blocked by the gate
12:11:49 <namnh> s/is/are
12:11:52 <jaosorior> Sure, let me know if there are some urgent reviews and I'll check them out
12:12:22 <jaosorior> been a little swamped with bugs and reviews since I got back, but I'll make sure to give some time for any urgent ones here :)
12:12:57 <jaosorior> redrobot, namnh: The kmip gate seems to have issues with the initial certificate provisioning
12:13:09 <jaosorior> so it's not an actual barbican issue, but a setup issue
12:13:30 <redrobot> thanks jaosorior!
12:13:37 <namnh> yes, i think so
12:13:46 <jaosorior> still gotta figure out how that setup bit works
12:13:49 <redrobot> yeah, I have no idea how to fix the gate issue... but I haven't spent any time looking into it.
12:14:57 <redrobot> I may try to run the kmip gate locally in a VM to see if I can recreate that failure.
12:15:59 <namnh> redrobot: we just download the local.conf in the gate and run with devstack on local, is that right?
12:16:23 <redrobot> namnh, I _think_ so...
12:16:32 <redrobot> it's been a while since I've set up a devstack vm
12:16:54 <redrobot> so it should be a nice learning/refresher task for me :)
12:17:13 <jaosorior> redrobot: here's the issue http://logs.openstack.org/71/578071/3/check/barbican-kmip-devstack-functional/41e126e/logs/devstacklog.txt.gz#_2018-07-24_02_46_31_935
12:19:52 <redrobot> jaosorior, thanks
12:19:55 <redrobot> ok, moving on
12:20:05 <redrobot> #topic Key Length Validation
12:20:07 <redrobot> #link https://review.openstack.org/#/c/577096/
12:20:21 <redrobot> alee, is asking for feedback on that review
12:20:46 <redrobot> he is of the opinion that Barbican should/could generate keys of arbitrary length
12:20:52 <redrobot> *symmetric keys
12:21:20 <redrobot> I kinda think we should only support lengths that can be used with well defined algorithms.
12:21:28 <redrobot> your opinion is wanted :)
12:22:00 <redrobot> I think we definitely want to have a max length
12:24:14 <redrobot> #topic Any other topics?
12:24:15 <Luzi> I think it is necessary to define allowed lenghts
12:24:22 <Luzi> sorry, was late
12:24:35 <redrobot> Luzi, no worries.  Please feel free to add that to the review I linked.
12:24:47 <Luzi> I think it's also a security issue
12:25:16 <Luzi> if we allow any size, also very small lengths would be okay - and that could be used for brute force attacks
12:25:37 <Luzi> it just would make it easier to guess the right key
12:25:57 <Luzi> that's also why we wanted to increase the allowed bot length
12:26:00 <Luzi> bit
12:30:28 <redrobot> well, if we don't have any other topics to talk about we can call it a day...
12:30:42 <redrobot> thanks everyone for coming!  Please review things if you have time!
12:30:47 <redrobot> #endmeeting