Add a meeting Rate this page

A

Hey folks, can somebody talk to make sure I've got my morning. Audio configured, hey Steve, hey there. We go.

A

And people start showing up. This is getting bad, but I want to disappear from webcam, because it's just it's some connectivity with people that thinking I start putting one of those things on my can. I get like one of those own hats and like hair things, that kind of floats on your head.

A

I'm put in oh.

A

I see some he's already got it great thanks: Aaron I'm, assuming.

A

How you feelin Justin yeah back to normal, welcome back.

A

So we have this call at 10:30 where I'm drinking coffee, then we have the later call in Wednesday's where Vincent's drinkin wine there's seems to be some combination of the two.

A

Give a couple more minutes for people to join and Justin capless I just replied to your post this morning on the feedback it's a it's probably the most meaningful conversation we might want to figure out is: how do we find the balance so.

A

Me paying I saw I, will Carmack went offline from slack.

B

And I want to apologize in advance I'm going to have to drop out of this call a bit early. So, okay.

A

Let's see what agenda.

B

Items we have maybe.

A

We can cover that topic sooner.

A

Well, we're at the five minutes: I don't see Justin Cormac online, he might have had another call I.

A

Can where Vincent said he was or wasn't coming so alright? Why don't we pull up from notes.

A

Just pop this over here.

A

Okay, so from working group status, which was the agenda item that guessing Erin popped in there. So thank you Erin by giving you credit for somebody else. No.

C

I just popped me I, just oh just get. It started, yep awesome. Thank you. Yeah.

A

And something that we were a discussion, I cameras just called the OCA Wednesday call- is being better around taking notes. This is something I've watched the home team a while ago. Do really good is they kind of a designated note-taker? And if that person is talking to somebody hey, it picks up from them, because it is hard to talk and type at the same time.

A

So I don't know how we want to start doing that any volunteers.

D

Okay, I'm.

A

Hoping we'll get a collaborative workout, certainly type when I, when I can with trying to keep up with conversation as well, so mostly for a status, a couple of things that I was going to chat about. Obviously we have this one conversation which I'll queue up. So let me just kind of indent this here and we'll talk about the scenarios update or scenarios feedback.

A

I'll call that so when we start there well, there's that actually, let's get a couple of items on here then there's a UX flow that we've been wanting to do and I'll provide a status on that and why I was thinking we wanted to start focusing on. That is any other topics. People want to cover Justin anybody else.

A

Okay, it's going to be difficult to do this without Cormac here, because I know he. You know there was this conversation with between kapos Cormac and myself. You know very kind of tagging each other.

A

On these last week we had a pretty good conversation where we were talking around I'm implying it as a scope might not be the best way to do it, but in scope isn't necessarily a bad word per se, but there's this conversation that I've been at least that I've been kind of pushing from and I just kind of put a transparent of, where the, where I've been kind of thinking, but obviously completely open to what we want to do. This is we're really trying to do that.

A

Signature on a piece of content, because if we can sign content that says this thing is what it is as long as the key that backs it up is still valid, then that enables lots of different scenarios, because then you could put lots of other documents that represent additional information, that you could then trust because there's a signature associated with it. That said, I think and I'll cue. This up for you, Justin to kind of to jump in I. Think there's a little bit of a challenge.

A

Is that signature that good enough to actually mean anything? Do we need to take it further to what you've been doing with tough to do some additional validation and I? Think that's the push and pull part that I'm just trying to get my head around?

A

We just get my head around this.

B

Is this the we're talking about the scenarios document discussion right, I just want to be 100% yeah.

A

Yeah, basically, the around some am I being too concrete in some of the technology or yeah.

B

Maybe.

A

So.

B

So yeah and and I'll just you know, because I am gonna- have to drop off soon. I'll I'll try to keep this kind of brief, just to explain this sort of problem here to people. So one one.

B

If you kind of over scope scenarios like are too precise and how you're describing things you can run into crazy situations and so I'll just give kind of an example here. So um you know, let's, let's say that you you know, rather than doing anything with notary, whatever we're just trying to move people that have had some kind of medical emergency quickly to hospitals. That's like the the kind of thing we're trying to do.

B

Then, if, if we kind of over describe this and talk about how you know like any vehicles for doing those have to have puncture resistant tires with the thinking being that you know if an ambulance is carrying someone and it runs over a you know- aboard with nails and the middle of the road and gets a flat tire than that results in deaths.

B

If you kind of over specify it in that way to say all vehicles that transfer people must have tires that are puncture resistant, then the problem you run into is: is that later, your design that you come up with may involve, for instance, copters that fly people from harder to access locations, and then those were required to be fitted with puncture resistant tires she's kind of liked. You know to continue my silly example here.

D

That's good.

B

Exempt so what I'm arguing for in to try to bring back home?

B

What I'm arguing for in the scenarios is for us to focus on the goals we're trying to achieve and to leave as much as possible of the mechanisms out so that we're not being specific, but instead of talking about the fact that you know that that, like there have to be puncture resistant tires on the ambulances. The fact that you know the goal has to be that we have to be able to transport things and have this reliability in this resistance.

B

To these types of you know, conditions and scenarios and so on, because then I think we can better ensure that what we're getting is actually a solution that that meets the goals, not just sort of like a you know, doesn't already have pre-baked into it, a bunch of design that some of which maybe doesn't doesn't fit or possibly you know, wooden, isn't justifiable.

B

No.

A

Totally fair I think I. There's no it's hard to debate that because it's a very valid point right. It's I was gonna. Make some joke about. Helicopters still have tires the big ones, but you know they can still get there. You know they skid you cross, but anyway, I think the question is so here's the larger part, one of the things that I want to circle back around to this as I think in some places, we're being so open-ended that people are having struggles on where to engage and provide more context.

A

So the example I've been using lately is, you know: we've got electricians, we've got plumbers, we've got cabinet builders if you will, and they know that task really really well. The concrete example is I have some people internally that are handle key management and they've, been hacking, notary or dr. content trust and how they could create private keys in a separate environment so that they're never actually on build machines and they're, not knowing where to plug in so the only thing they can see is the existing docker content.

A

Trust so I have some internal teams that are starting to build up solutions around something that we know doesn't work. So what I've been struggling a bit with is how can we give enough of a sketch and I'm purposely using the word sketch, as opposed to a blueprint of what this thing is? Gonna look like on this vacant lot and the vacant lot is on a hillside, not on a beach.

A

It's you know a two-story house with four bedrooms and if we can outline, you know the basics of it that it may be to your opponents like hey I've, got a family of four with two kids that are aged two and four or whatever. Is there enough details there that it gives the ability for people to bring their expertise in and know where to contribute? And you know the analogy there is like you know: the sketch shows that there's a big house so there's this big room and kitchen people coming along.

A

You know if you move the wall over four inches. I can get this thing in and then somebody else can say whatever they about keeping the roof up. High so right there is one.

D

Perspective.

A

And that's and that's what we've tried to put some things in this scenarios or in the DevOps flows that people are doing related to can containers I'm using containers but I air-quote it because I want to be more artifact ribbon but is specific into a registry. So.

B

Using yeah I just think we, you know I I, don't think there's wild disagreement, but I do think that having the scenarios be the requirements, the actual like required things in scenarios is important and having the threat model and and some other things related to that exists at a high level, including perhaps some of the you know, some of the UX slash design, work really gets kind of co-created, but I think you need to have like the threat model and you need to have the like a scenarios.

B

That's that's not at that level and then once we have that, then I think that you're absolutely right that people can step in and propose things with designs, but otherwise like how do we judge if we just baked it into scenarios, then how do we judge if a requirement is a good like if a scenario, part of a requirement, as part of the scenario is good or not? We sort of don't have that the way to really reason about it?

B

It's just well, it was written and it was agreed to- and you know that's that's not not really the you know, whereas I think the scenarios themselves we all, we could all agree on the goals in the scenarios absent the design aspects which I hope you know, but yeah I can see why, right now it would be hard for an electrician or a plumber to come in just like before. The architect is, you know, has has drawn a sketch of the building, it's hard for them to be that and salute this for architects.

B

So.

A

That would help me a little bit more. This is why I was because I haven't been disagreeing with your feedback, I just I'm, trying to figure how to make it actionable and by all means others. You know I'm looking around and I see some people that are, you know, have a lot of great contents.

A

So please, you know chime in with info I'm, trying to turn it into more concrete I mean this is where you know, I want to tap into the fact that you being a professor, have the ability to communicate this in a better way. So you can help me structure, structure, the wording a little bit better, I'm really happy to do that because I what I'm? What I'm wondering, though, is like when I look at this I?

A

Don't see I'm, not seeing you know it's always about perspective right, the concrete things that are the need to change. As an example, for instance, like there is a presumption around. We want registries. We want these DevOps flows. What is it that is there a specific thing that I could be word or restructurings in a different style? That would help you what would make it more generic and what I'm.

B

Gonna have to drop, but I think that level of specificity we could discuss and do, but but in general, there's things that aren't gonna change, I mean there's the mountains and your example. The hillside was there the size of the plot. Is there the number of people that need to do things and the fact that they need to be safe? Those don't change, but then the actual mechanisms used to accomplish those are like. Those are not forces of nature. It's not.

B

You know, of course you know they have to be wooden beams in your house example, or, of course we have to do signing in this way or of course we have to do whatever I mean.

B

We very likely will agree with a large part of what's proposed, but the you know we'll end up with a lot of that in the design, but with that baked in the into the scenarios, it becomes hard in many ways to tell if we've, like presume things that we shouldn't have as part of it and it'll, give us like a much firmer foundation.

B

So I'll I'll talk with you more about this offline, and maybe we can also include Justin Cormac, because I had a brief conversation with him and I think we're we're seeing a lot of the same kinds of things so sounds cracka. He was.

A

Right.

B

At.

A

Rather, and just to make a quick phone call with me- or you know something so I Pingdom so hopefully we'll have that to review that it scales much better. What it's written so have a good day, we'll chat later ping me we'll figure out something will bring the conversation back to the group. All right sounds.

D

Good thanks thanks Justin. Could we maybe track those suggestions as pull requests on the current specifications.

A

So the so yes but I I have matured as if, when I thought, sure somebody's pronunciation name, please correct me. That is what we were discussing. I didn't actually paste it because I was talking again. There is a PR that on the scenarios under requirements for the scenarios that markdown that Justin I've been discussing back and forth, so are you looking for more or are you? Are you looking at trying to capture these notes in.

D

Yeah, just making sure we're capturing this notes in PRS, because I I wouldn't want to have those of our discussion and then lose track of them. I think like putting in a PR makes it more concrete where we can just review it and say: yes, this makes sense to uplevel it and we can just apply it. Yeah.

A

Let me let me paste the PR in this notes and you can see what I think we are doing just what you're asking. But again this is always about perspective right. So it's let me take I'm gonna put the link to my response, because my response is right after Justin, so this way you'll capture, both so I'm, just gonna put it here on the push-pull between signing and tuff evaluation. I've highlighted that with a PR PR whoops here are number 15.

A

So take a look at that. If you don't feel like that covered, what we just did, we can always do in words. It's always a balance of the notes we're taking here versus taking notes in PRS completely.

D

um So that was one of the things I think I wanted to bring up a little bit or on process. Is that do we plan to use these meetings to go over PR requester I? Think you'd be more efficient like if they actually commented on the PRS themselves and closed them outside of the meeting.

A

I'm, sorry, you said I. This is the problem of typing and listening. You said a part of it repeat your last part of the sentence, so I.

D

Think part of the problem has been that we've been debating PRS and scenarios in the meeting itself, whereas I think the looking at the PRS and commenting on them over time and then giving people enough time to comment and then closing them out in a week would be we'd, be making I think more progress. That way, rather than trying to debate everything in the 30 minute call ya.

A

Know it's fair I think we were trying to do a combination of both because sometimes the back-and-forth in a in text gets lost where a phone call helps facilitate, but then there's a combination of both to be fair, an example: I was on a completely different project. I was going back and forth at completely missed what a person's context was.

A

Somebody pinged me offline explained to me some of their background and when I considered their background, and then we were talking through it I understood exactly what they were referring to and there was an easy change for me to make, but it only happens with that dynamic conversation, so we're not trying to do one or the other I think is the thing, and we've had a lot of good feedback on the PRS that we've gotten some stuff in.

A

So please take a look at that PR and we want to support both. We know some people think better by typing and some conversations work better by conversation. We want to capture both.

A

Anything else on that one else before we go to the next well, the threat model, update, I, don't know Sam. Were you able to look at who's here to provide an update on that I.

B

Don't have an update to provide okay.

C

Okay,.

D

um One of the last things that came out of the threat model conversation we had roughly two weeks back was that until we have more of a design in place, it's really hard to do sort of like a threat model and analysis. The one thing that we talked about a bit and that one was looking at key management from outside of a threat model perspective, I think at a high level. We understand the threats if you want to cover, but a real full detailed analysis comes after we have more.

B

Of.

D

The design in place, so we may want to look into how we want to sequence, those those parts of the project, no.

A

That's great actually, so this is, there is a threat model doc and maybe the threat model doc is not titled properly. The threat model doc was supposed to be here's the high level threats that we want to encounter and to your previous comment, this was the conversation we had in the initial scenarios, doc that Justin had provided and we actually moved some of the feedback from the scenarios into the threat model.

A

So the idea is that and again I'm open to threat model dot, markdown be renamed to something as threat model requirements or something so yeah. I think we want to make sure we're capturing that, because it did tease out some really good info on camera, which particular one it was I think it was some of the replication scenarios.

D

Yeah I think if we call this sort of, like acknowledged, threat from sort of like v1, that we're trying to address I think that that's that's a fruitful conversation and I think that's one where I'd like to talk to both Justin's and kind of figure out when we look into the threat model versus what can we get done for the key management? Now there were some interesting conversations around key management.

D

My audio was a little bit garbled last week, but I think there are sort of high-level questions around what we want the signing to attest to versus what we view as sort of like updates that are necessarily not security. Related I think Justin brought up last week that you'd always be pushing everyone to use. The latest version.

B

Of the.

D

Update and use that to make sure they're getting all the patches and everything that they need. I think would push back against that a little bit and say that not necessarily every update has a flaw and then we'd look more like the key management and how keys are revoked to track security vulnerabilities, but you should be able to roll back to a previous version of software as long as you know that doesn't have any vulnerabilities in it.

A

You know I remember that from last week, and that was there's lots of interesting conversations around the rollback concept and when does it happen and so forth. So and that's what I'd love to see written up more because I think yeah.

C

It's.

A

It's hard to digest and until you can read it to four or five times: okay, the meat I'm gonna finish my note here for a second splitting up. What did you? What did you call it? The threat model requirements yeah.

D

So this is like I would say: we call it like current threat models that we wouldn't address for an or eveyone and then a key management discussion that is separate from a threat model. Discussion of a design.

A

He-Man suffered from a threat model design right, yeah,.

A

Perfect we and we talked about having the key manager being a separate work group I think there were so many people that were overlap. We left it the same, but I think we need to split it out. I know and I'm looking I, don't see some of the Microsoft folks on, because they're actually on a conflicting call, but we've been also trying to figure out and this actually come up to the UX flow.

A

So let me just broaden back so I mentioned that we've internally been have some teams that we're working on this as with any large company, there's lots of people working on things with John Gossman. Has this gospel's rule that any good idea has at least five implementations going on? And you only know about three I'm, assuming it's the same at other companies as well.

D

So.

A

The some of these things did pop up that these other teams were working on it. So what we've been trying to figure out is how to work on a little bit of that sketch, and we realize that this will be absolutely iterative. So luckily, instead of physically building a real house, it'll be a little bit more of you know a Lego model.

A

If you will that you it's easy to kind of tear it back down, rebuild it up as we learn more but I think there's there's some contractors that want to get in and start doing, some plumbing and electrical, and only after they do some of the work will they realize some of the things are going to bubble out for requirements or more paul was you're. Really good about I think was Omar was mentioning that you know.

A

We need to make sure that key management is a pluggable model so that we're not tied to the keys being part of the registry per se that in AWS you can use their key management measure. You can use our key management and others you can use. You know. I just drew a blank hashey corpse key vault, for instance, but there's other things around keys being offline as another scenario, so to try to move some stuff forward.

A

What we've been talking about is the UX, probably being a bit of that sketch like having the scenarios written down. We'll continue. This conversation that Justin and I were just discussing because I'm not I, think I'm, not sure he's the thing that I'm trying to make sure is. Are we debating the actual content, the intention or the the goals or whatever are wrong, or we just it's the wording and the style that are making it too difficult to try to figure out how to implement.

A

So those are subtleties that we should work on, but can we continue to make a little more progress in this era of cycles? So we've been talking about having a little bit of a UX flow to help put a sketch that here's the interaction models we want to have from a usability and an experience in the sense of what we're capturing and enabling and start allowing some of the people to work on different parts of the project.

A

So we're talking about getting that done released started, will probably sketch it out for the remaining of this month. Let's just look at the calendar because we have some people that will be available beginning of May. They can start hacking at a solution, so we were gonna just sketch out some stuff with like a UX flow that you know will tease out some of these things and hopefully that'll provide. You know.

C

A.

A

Very we again very iterative on how we're thinking about all these different things, so I promised a couple weeks ago. Nothing's gonna be concrete, because we know everybody first of all, everybody's engaged. Normally, this would be something we want to make sure we capture and certainly at this time where people have to disappear first, couple of weeks for reasons of world pandemic, we want to make sure that everybody had a chance to jump back in and and take a look. So that was the main topic there.

A

Actually I just realized were actually at 11 and we are about a half an hour.

D

um That makes sense to me I think if they're also in this lock channel- and we want to look at other times to kind of look at what we understand those concerns and be one that we want to address and see if, if consensus, they're happy to set up a meeting at a different time, if you can ping me their aliases I can reach out to them and see if we can schedule a chat at a different time. Yeah.

A

We probably this is one: we talk about a lot about moving it to evening and morning, so that people in other parts of the world can contribute, and we never seem to get that done because moving is almost more difficult. But let's see what we can I, don't know what voting app is good for good times, but let's yes, the. Why don't we talk about that? Again?

A

We just talked about the slack when I say offline, it's necessary you're, always in private, let's just ping, each other on the slack channel for the node we be to and see what we can come up with and we confine to the meeting time. Yep.

D

I think there, if you for me like in the past like when we went to the strip, mall discussion and I retouched, two Cormack and capless, and we were able to figure out times and then just shared that into the regular slack Channel, so everyone else could join in. So if you have people in Microsoft that are working on key management and you ping me, their laces I can make sure that we find times that work for them. Excellent.

A

All right well, thank you. Folks. We had a small group this week. I hope everybody's doing well. I'm glad justin is back feeling good and I look forward to talk to you guys on slack in next week, thanks folks.

A

Thank.

C

You.
youtube image
From YouTube: CNCF Notary Project Meeting 2020-04-13

Description

CNCF Notary Project Meeting 2020-04-13