#opnfv-sec log

14:12:36 <aripie> #startmeeting 2015-10-07
14:12:36 <collabot> Meeting started Wed Oct  7 14:12:36 2015 UTC.  The chair is aripie. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:12:36 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:12:36 <collabot> The meeting name has been set to '2015_10_07'
14:12:58 <aripie> #topic agenda bashing
14:13:30 <aripie> any topics?
14:13:38 <LukeHinds> ok back
14:13:45 <aripie> Welcome!
14:13:53 <LukeHinds> sorry, house full of flu so needed to do the school run
14:14:03 <Sona> Hi Luke
14:14:04 <aripie> understood
14:14:16 <LukeHinds> Hi Sona , Ari
14:14:58 <aripie> B_Smith also online
14:15:15 <LukeHinds> Sona, let me walk through your mail (and good job)
14:15:24 <B_Smith> Hello
14:15:28 <Sona> Ok thanks
14:15:30 <LukeHinds> 1, yes, I think we should put this up
14:16:04 <LukeHinds> 2, also good, look into bandit under the openstack security group
14:16:48 <LukeHinds> 3, we have this process written up and ready to roll, the issue is getting those on-board outside of the security group involved.
14:17:07 <LukeHinds> I have emailed the release manager (who we need on-board) twice now, and been ignored.
14:17:29 <LukeHinds> So what I plan to do is speak face to face with parties at the summit.
14:18:13 <LukeHinds> Otherwise if they don't act with it, we will get the same thing as happening in ODL, a last minute panic to fix and handle it in an unprepared way.
14:18:34 <LukeHinds> those are my 2 cents, but I am not arbiter, so I welcome others to feedback on Sona's hard work
14:18:50 <B_Smith> Is this email on the reflector?
14:19:02 <LukeHinds> reflector?
14:19:08 <B_Smith> Sorry...catching up a bit
14:19:15 <B_Smith> email list
14:19:16 <LukeHinds> Hi BTW!
14:19:37 <LukeHinds> it might not, we can forward though
14:19:48 <Sona> B_Smit: I send email with some actions to Luke and Ari, If you want I can email it to you
14:19:56 <B_Smith> please...b.smith@bell.ca
14:20:01 <Sona> or maybe Luke can forward it to you
14:20:29 <LukeHinds> done
14:20:57 <B_Smith> got it
14:21:00 <aripie> #topic opnfv-sec wiki
14:21:31 <aripie> #info discussion on Sona's collection of items for adding to wiki
14:21:35 <LukeHinds> one thing with the wiki! keep in mind we will move over to confluence
14:21:41 <LukeHinds> one thing with the wiki! keep in mind we will move over to confluence
14:21:48 <LukeHinds> #info one thing with the wiki! keep in mind we will move over to confluence
14:21:51 <aripie> very true
14:22:09 <LukeHinds> no big problem, but just to get it out there
14:22:16 <Sona> for nr 3: I have a gpg key on server: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14
14:22:38 <Sona> if you want and trust me I can be on contact list for secure email
14:22:51 <aripie> +1
14:23:21 <LukeHinds> sure, we should have two or three of us. So will put mine in the hat too,
14:23:37 <Sona> good,
14:23:55 <LukeHinds> lets get the page up with the contacts, and I will work on getting release and the TSC involved.
14:24:37 <aripie> #agree Sona and Luke opnfv-sec secure email contacts
14:24:53 <LukeHinds> #info lukes key https://pgp.mit.edu/pks/lookup?op=get&search=0xDB90C59D288259FE
14:25:36 <aripie> #info Sonas key https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14
14:25:53 <LukeHinds> #action Luke will forward the slidedeck on ovsm
14:27:22 <LukeHinds> was thinking earlier, we need some creative ways of getting involved with the other projects some how, we have set up the git review, secure coding guide etc...but they are not really aware of what we do much.
14:27:59 <LukeHinds> maybe we could do something like each of us selects a project, starts to observe what is happening, and then can feedback to the group in an informal way.
14:28:01 <Sona> yes it would be good idea :)
14:28:33 <LukeHinds> so we can choose any we like and sort of passively (or actively) read up on what they do and attend meetings etc
14:29:33 <Sona> I am with Yocto (Open embedded) project's security team but the Yocto project is not much related to OPNFV so far :)
14:29:33 <LukeHinds> trying to think if we have a concise list of projects anywhere?
14:30:09 <B_Smith> https://wiki.opnfv.org/meetings
14:30:09 <LukeHinds> my internet is awful, keeps timing out
14:30:13 <LukeHinds> thanks
14:30:18 <B_Smith> good place where the active ones are listed
14:32:05 <LukeHinds> I was going to SFC, so I will start getting into those meetings again
14:32:24 <Sona> what is SFC?
14:32:31 <LukeHinds> service forwarding chain
14:32:58 <LukeHinds> Service Function Chaining
14:33:15 <Sona> ok :)
14:33:17 <LukeHinds> Basically vnf insertion using SDN flow modifiations
14:33:23 <LukeHinds> *modifications
14:34:02 <LukeHinds> very welcome as well is any code based projects we can start, even if small.
14:37:11 <B_Smith> maybe contribution to the test group....
14:37:34 <LukeHinds> what do you have in mind?
14:39:21 <B_Smith> virtual nmap running a series of scripts to verify rules?
14:41:10 <LukeHinds> so scanning the test envs? I guess that's one, we would get port / service info...but its not a hardened env though I guess
14:41:56 <LukeHinds> which type of rules? like fw rules?
14:42:02 <B_Smith> Agreed, however does raise awareness of what people should be thinking about
14:42:52 <B_Smith> I was thinking vswitch would be useful to probe
14:43:15 <B_Smith> just browsing on line...arp-scan looks interesting
14:43:27 <B_Smith> yes...fw rules
14:43:44 <B_Smith> low hanging fruit use case is the virtual fw
14:43:50 <B_Smith> need some way to test it
14:47:03 <LukeHinds> sorry, had a call
14:47:13 <LukeHinds> yes this is very interesting
14:47:32 <aripie> anyone following networking_fwaas in openstack?
14:48:25 <B_Smith> not me...burried in ETSI and other SDOs
14:48:40 <LukeHinds> i do a little
14:49:06 <aripie> any testing related activities there?
14:49:29 <B_Smith> in ETSI?
14:49:54 <aripie> I meant _fwaas, but ETSI is interesting, too
14:53:19 <B_Smith> there is the TST group in ETSI (and SEC as well)
14:58:40 <LukeHinds> I think they have a basic test framework that kicks off each jenkins build, but its part of neutron iirc
15:00:29 <LukeHinds> I like the idea of vswitch auditing
15:01:29 <LukeHinds> it would somehow need to correlate with the ODL yang stuff
15:02:29 <B_Smith> Hmmm...yes that would be good...is there any work in the IETF along those lines?
15:02:47 <LukeHinds> not that I know of
15:10:09 <Sona> guys, I need to go, if there is anything you want me to do, just email me, I will read the meeting log later, bye
15:10:25 <LukeHinds> thanks Sona
15:10:30 <LukeHinds> ari, you can close now if you like
15:10:43 <aripie> right - any actions to record?
15:11:39 <aripie> #endmeeting