12:03:36 #startmeeting barbican 12:03:37 Meeting started Tue Jul 24 12:03:36 2018 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:03:38 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:03:41 The meeting name has been set to 'barbican' 12:03:49 #topic Roll Call 12:03:51 o/ 12:03:55 o/ 12:04:30 #link https://wiki.openstack.org/wiki/Meetings/Barbican 12:04:35 ^ Agenda for the day 12:04:42 o/ 12:04:46 but it looks like nobody updated it... 12:05:00 so we'll just make it up as we go 12:06:23 #topic Rocky Milestone-3 12:06:42 This week is Rocky milestone 3 week 12:07:06 I know alee was mentioning we have a lot of reviews on deck 12:07:15 so I will review some stuff today 12:07:31 jaosorior is back from vacation so hopefully he'll have some time for reviews as well. 12:07:45 #link https://releases.openstack.org/rocky/schedule.html 12:08:11 Also going to look into the KMIP gate today 12:08:32 If worse comes to worst, then we'll try to make it a non-voting gate for now. 12:10:05 any questions about rocky-3 ? 12:10:11 yeah, I am trying to understand the error 12:10:28 but, I still don't understand the problem 12:10:29 :) 12:11:08 redrobot: do you have any idea to fix the gate? 12:11:39 Some of my patch sets is being blocked by the gate 12:11:49 s/is/are 12:11:52 Sure, let me know if there are some urgent reviews and I'll check them out 12:12:22 been a little swamped with bugs and reviews since I got back, but I'll make sure to give some time for any urgent ones here :) 12:12:57 redrobot, namnh: The kmip gate seems to have issues with the initial certificate provisioning 12:13:09 so it's not an actual barbican issue, but a setup issue 12:13:30 thanks jaosorior! 12:13:37 yes, i think so 12:13:46 still gotta figure out how that setup bit works 12:13:49 yeah, I have no idea how to fix the gate issue... but I haven't spent any time looking into it. 12:14:57 I may try to run the kmip gate locally in a VM to see if I can recreate that failure. 12:15:59 redrobot: we just download the local.conf in the gate and run with devstack on local, is that right? 12:16:23 namnh, I _think_ so... 12:16:32 it's been a while since I've set up a devstack vm 12:16:54 so it should be a nice learning/refresher task for me :) 12:17:13 redrobot: here's the issue http://logs.openstack.org/71/578071/3/check/barbican-kmip-devstack-functional/41e126e/logs/devstacklog.txt.gz#_2018-07-24_02_46_31_935 12:19:52 jaosorior, thanks 12:19:55 ok, moving on 12:20:05 #topic Key Length Validation 12:20:07 #link https://review.openstack.org/#/c/577096/ 12:20:21 alee, is asking for feedback on that review 12:20:46 he is of the opinion that Barbican should/could generate keys of arbitrary length 12:20:52 *symmetric keys 12:21:20 I kinda think we should only support lengths that can be used with well defined algorithms. 12:21:28 your opinion is wanted :) 12:22:00 I think we definitely want to have a max length 12:24:14 #topic Any other topics? 12:24:15 I think it is necessary to define allowed lenghts 12:24:22 sorry, was late 12:24:35 Luzi, no worries. Please feel free to add that to the review I linked. 12:24:47 I think it's also a security issue 12:25:16 if we allow any size, also very small lengths would be okay - and that could be used for brute force attacks 12:25:37 it just would make it easier to guess the right key 12:25:57 that's also why we wanted to increase the allowed bot length 12:26:00 bit 12:30:28 well, if we don't have any other topics to talk about we can call it a day... 12:30:42 thanks everyone for coming! Please review things if you have time! 12:30:47 #endmeeting