#openstack-barbican log

12:00:28 <ade_lee> #startmeeting barbican
12:00:29 <openstack> Meeting started Tue Aug  7 12:00:28 2018 UTC and is due to finish in 60 minutes.  The chair is ade_lee. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:00:32 <openstack> The meeting name has been set to 'barbican'
12:00:34 <redrobot> o/
12:00:47 <ade_lee> #topic roll call
12:00:54 <ade_lee> hey redrobot
12:00:59 <redrobot> mornin' ade_lee
12:01:23 <ade_lee> dave-mccowan, ?
12:02:37 <ade_lee> anyone else around for barbican meeting?
12:03:40 <ade_lee> we'll wait a minute or so more ..
12:04:46 <ade_lee> redrobot, looks like its just the two of us today
12:04:53 <redrobot> heh
12:05:02 <redrobot> anything on the agenda on your side?
12:05:03 <ade_lee> #topic rocky
12:05:15 <ade_lee> just rocky release
12:05:26 <ade_lee> this is rc1 prep week
12:05:36 <redrobot> when is RC1 due?
12:05:38 <ade_lee> supposed to cut an rc1 release by the end of the week
12:05:44 <redrobot> o_O
12:05:51 <ade_lee> https://releases.openstack.org/rocky/schedule.html
12:06:15 <ade_lee> which means we have a bunch of stuff we need to get reviewed and in by the end of the week
12:06:46 <ade_lee> the ideal situation would be to have most things in by the end of the week
12:07:10 <redrobot> ack, I'll get some review time scheduled in for sure.
12:07:23 <ade_lee> I've been looking at https://tinyurl.com/yctfozgh
12:08:06 <ade_lee> to keep tracvk of things, but I think we're going to need either a trello board or etherpad to getth emost important things in there.
12:08:23 <ade_lee> but -- the most important things I can see are ;;
12:08:37 <ade_lee> https://review.openstack.org/575800
12:08:53 <ade_lee> all the ovo patches
12:10:21 <ade_lee> maybe the patch you are working on redrobot to parmeterze a lot of the pkcs11 parameters
12:10:44 <ade_lee> and maybe https://review.openstack.org/588104
12:11:19 <ade_lee> there are a few random other ones - but those seem to be ones we most want to get in
12:11:33 <ade_lee> redrobot, any others you want to call out?
12:12:14 <redrobot> the one I'll be posting today/tomorrow ... :D
12:12:24 <ade_lee> yup - I mentioned that :)
12:13:02 <ade_lee> ok -- thats the most important thing right now.
12:13:28 <ade_lee> I dont have anything else on the agenda
12:14:09 <ade_lee> I 'll send the etherpad link to redrobot dave-mccowan and jaosorior later today
12:14:16 <redrobot> cool
12:14:22 <ade_lee> anything else?
12:14:38 <redrobot> Just thinking about algorithm compatibility for PKCS#11
12:14:38 <ade_lee> #topic anything else?
12:14:59 <redrobot> I really need to look at OVO, to see if that's good enough to version encrypted secrets
12:15:19 <redrobot> we'll likely need additional metadata to ensure we're using the correct algorithm for decryption
12:15:45 <redrobot> my use case is someone who changes algorithms and already had some previously encrypted data in the db
12:15:51 <ade_lee> really?  wont that just depend on the plugin?
12:16:08 <redrobot> hmm... well kinda
12:16:26 <redrobot> I'm not even sure that use case is a realistic one
12:16:27 <ade_lee> redrobot, they could always define another plugin -- remember we have multiple plugin support
12:16:45 <redrobot> can we have 2 instances of PKCS#11 plugin?
12:16:49 <redrobot> or N instances
12:17:19 <ade_lee> that I'm not sure about ..
12:17:40 <ade_lee> but we do have plugin metadata
12:18:14 <redrobot> So let's say someone has an HSM that only supports CKM_AES_CBC... but then like next year their vendor adds CKM_AES_GCM support... then they want to start using that for Barbican because it's better/faster.
12:18:20 <ade_lee> that is a metadata object that is written by the plugin to include all the details it needs to retrieve and decrypt a secret
12:19:19 <ade_lee> well - what we could do is have the pkcs11 plugin write the algorithm used in the plugin metadata for the secret
12:19:42 <ade_lee> if its there on retrieval, then we use that to decrypt.  if not, then we assume some value
12:19:50 <redrobot> yeah, that's what I was thinking that we'd need more metadata... I'll look into the plugin metadata, I think that may be sufficient.
12:19:59 * redrobot really hopes for not having to do a migration
12:20:22 <ade_lee> redrobot, I don't think we need more tables / fields
12:20:28 <redrobot> good
12:20:28 <ade_lee> metadata should be sufficient
12:20:40 <ade_lee> (thats why we put it there :))
12:20:55 <redrobot> it's been a while... ;-P
12:21:01 <ade_lee> ack :)
12:21:12 <ade_lee> ok - anything else?
12:21:16 <redrobot> that's all I've got
12:21:34 <ade_lee> cool --- laters1
12:21:42 <redrobot> peace out!
12:21:49 <ade_lee> #endmeeting