►
From YouTube: Istio Security Working Group Meeting 2019-04-03
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
today,
the
agenda
includes
three
items:
the
first
one
it's
going
to
be
presented
by
lay
about
our
sto
security
testing
plan.
Second,
why
it's
a
reusable
of
a
method!
Definition!
Third,
one!
It's
easy
to
see
a
key
protection
using
soft
HSM
I
think
there
are
all
very
interesting
for
the
first
one
I
want
to
emphasize
it.
This
effort
is
still
security.
Testing
plan
is
what
we
are
going
to
do
for
targeting
at
1.1.2
specifically,
but
of
course,
it
will
be
last
forever
right.
A
A
B
B
So
we
can
look
at
the
coverage
not
hurt
by
going
to
this
link
so
I'm
going
to
click
this
link
to
take
a
quick
look,
so
you
see
right
now,
it's
around
77
and
the
we
can
also
see
some
detail.
The
static
statistics
are
here
so
like
this.
We
test
the
calculator.
The
statistics
from
different
folders
for
is
a
mixer
pilot
package
security
package
and
the
77
number
is
from
you
know
it's
a
security
package
folder
so
back
to
the
planning
for
the
unit
test.
B
So
first
we
want
to
increase
the
test
coverage
for
a
unit
test,
so
our
target
certainly
is
higher
than
77
percent,
for
example.
Ideally
we
should
reach
100
percent
a
unit
test
coverage,
but
right
now
we
are
not
at
that
yet,
but
that's
our
target
so
when
implementing
a
new
feature
for
Easter
security.
B
B
B
B
The
song
test,
the
for
example,
we
I
see
some
functions
like
a
send.
The
message
right.
This
is:
send
a
message
function
right
actually,
using
a
you,
know,
a
network
port
and
the
bind
to
a
port.
We
want
to
make
sure
this,
like
a
unit
test
for
this
function,
for
example,
send
a
message
to
work
correctly
and
convento
different.
You
know
exceptional
cases,
and
we
also
want
to
you
know,
check
email
e,
the
inputs
and
because
we
are,
you
know
it's
your
security
right.
So
for
our
code,
we
should
check
a
lot.
B
We
use
a
library
that
has
the
latest
security
vulnerability
patches.
You
know,
for
example,
when
we
link
to
our
open
ssl
library.
We
want
to
make
sure
this
library
is,
for
example,
FIPS
certified,
and
we
also
want
to
make
sure
our
code
is
free
from
the
buffer,
overflow
vulnerability
and
the
different
manner
abilities.
So
we
encourage
is
the
owners
of
a
new
feature
to
add
such
a
test.
D
C
B
Yeah
I
agree:
that's
a
good
point.
Actually
a
lot
of
these
things
for
our.
When
we
save
security
code,
they
are
actually
the
security
code.
Also
in
Thailand,
some
of
the
security
policy
is
interpreted
by
Pilate,
so
this
code
will
distribute
either
to
different
folders.
Like
a
pilot
pack,
you
know
under
pilot.
A
folder
under
is
TOC
folder
and
under
the
security
package
folder.
So
since
this
is
a
security
synced
meeting
so
currently
in
this
document
we
focus
on
security
test,
but
I
agree.
B
This
should
be
applied
to
the
entire
Sto
community,
so
we
actually
have
another
document
on
Eastfield
security
test,
that's
more
general,
but
the
fear
due
to
the
time
limit.
We
focus
on
the
steel
security.
But
let's
follow
up
on
this
because
we
hope
this
can
be
applied
to
different
areas
of
East.
You
not
just
a
restrict
either
to
a
security
yeah.
B
Okay,
so
we
encourage
the
owners
to
be
responsible
for
the
unit
tests
so
right
now,
since
our
coverage
is
not
is
only
77%,
encourages
owners
of
different
security
features
to
look
their
implementation
and
found
out.
You
know
which
unit
tests
are
missing
and,
for
example,
can
created
or
github
issues,
and
we
can
track
them,
and
you
know
we
can
think
of
help
from
in
different
community
members,
or
we
can
find
as
a
resource
to
add
to
increase
the
security
per
unit
test
coverage.
A
One
thing
I
want
to
point
out
is
the
different
components
we
do
have
readers
right,
for
example,
see
there
and
say
there
are
agent
and
those
and
security
security
aspects
in
pilot
and
those
staff.
Each
of
the
leaders
can
figure
out.
What's
the
coverage
need
to
improve,
especially
with
folder
right?
Yes,.
D
A
B
Yeah
yeah
yeah,
so
next
we
proceeded
to
integration
test.
So
in
this
document,
when
we
say
integration
test,
we
use
this
term.
Interchange
always
end
to
end
test
to
represent
the
test.
That
goes
through
multiple
components,
so
we
have
actually
in
the
SEO
isseo
repository,
we
have
a
new
framework
to
implement
as
a
integration
test.
It
is
under
the
test
integration
so
compared
away
the
old
framework
this
so
I'm
opening
this
folder
actually
so
compared
with
the
previous
framework.
I
think
it's
called
a
previous
framework
is
called
tests.
It
we
e
this
new
framework.
B
Are
they
offer
better
features
to
support
the
implementation
of
for
integration
tests?
So
we
encourage,
is
a
developers
to
use
the
new
framework
and
go
back
here
so
for
the
integration
test
coverage
right
now,
I
think
of
the
it's
the
similar
story
as
a
unit
test
for
I.
Think
for
our
integration
test.
Ecology
is
not
fully
not
every
feature
is
covered
by
integration
test.
B
So
for
right
now
we
organize
the
integration
test
based
on
feature
and
when
we
say
feature,
we
basically
mean
core
user
at
journey
co-chair.
So
this
is
a
table
of
the
co-chairs.
Currently,
on
sqi
out
website,
so
Easter
either
website
has,
let
me
show
you
here
so
has
past
security
tasks,
so
this
is
security
Casca
constituted
that
has
a
set
of
our
features.
Let
me
open
this
one
task
security.
B
So,
right
now,
when
we
organized
the
integration
we
organized
based
on
these
co
J's,
so
we
have
this
table
and
the
owners
we
expect
the
owners
fulfilled
in
the,
for
example,
a
link
to
the
integration
cast
or
the
corresponding
document
to
run
the
integration
test.
So
currently
this
table
is
basically
is
a
lot
of
the
details
haven't
been
filled
yet.
B
B
You
know
state
yet
so
Oliver
have
mentioned
for
the
leaders
like
a
technical
leaders
of
different
features,
all
the
owners
of
the
features
we
encourage
them
to
look
at
as
they
are
implementation
and
found
out
the
integration
test,
such
as
that
are
missing
and
add.
These
are
the
integration
tests
and
as
a
documents,
so
yeah
I
want.
A
To
achieve
it
here,
so
we
will
probably
start
to
do
this
by
the
leaders
of
each
component,
and
then
we
create
a
series
of
issues
we
assign
them
to
all
the
members
here
and
also
if,
if
someone
from
the
community
wants
to
pick
up
some
issues
to
fix,
we
are
very
happy
to
assign
to
you.
Are
you
just
ping
us,
and
also
we
may
have
some
issues
tagged
as
I
want
it?
Then
you
can
contribute
yeah
for
those
integration
tests,
especially
there's
one
thing
that
isn't
covered
in
this
talk
is
their
documentation.
A
The
documentation
means
a
lot
of
improvement
and
I
I.
Don't
see
a
lot
of
work
on
that
in
the
past,
I
think
we
from
the
community
I
really
want
people
from
the
community
to
be
able
to
help
as
well.
For
example,
there's
one
thing
missing
here
like
setting
up
their
custom.
Trust
them
in
that
task
is
mean
still
missing
and
also
for
the
existing
tasks.
We
may
need
some
improvement.
Yes,.
D
A
B
Okay,
so
nest.
We
proceeded
to
performance
test
so
so
different
from
integration
test
and
a
unit
has
the
performance
test.
They
are
more
for
the
performance,
critical
code,
so
for
the
components
or
functions
or
modules
that
are
performance,
critical,
for
example,
authentication,
filter
authorization,
filter
and
as
a
CA
pass.
So
the
the
pass
that
issue
the
certificates
for
workload,
these
components.
B
They
are
performance,
critical
and
we
have
actually
have
our
SEO
tourists
ripple
to
other
two
hosts
Aziz
the
performance
test,
this
performance
tests,
they
measures
the
CPU
consumptions,
imagine
as
a
memory
overhead
and
as
a
latency
of
the
different
components,
and
we
encourage
these
owners
of
a
different
component,
a
tool
that
validate
whether
they're
come
as
their
code
are.
Their
functions
or
components
are
performance
critical,
if
so,
so,
please
add
a
corresponding
performance
test
under
the
East,
your
Taurus
ripple.
So
let
me
open
a
example
here
so
so
this
is
East.
B
You
east
your
Taurus
repo
and
under
the
curve.
This
is
a
performance
folder,
so
we
have
a
different
cast
over
for
the
performance.
For
example,
we
have
right
now
we
have
was
a
test
under
different
load,
so
we
create
a
different
traffic
load
and
measures
whether
our
CA
can
handle
the
unders
a
large
traffic
load.
We
also
have
what
has
two
measures:
a
CPU
consumption
and
as
a
latency,
so
we
encourage
these
developers
to
add
their
performance
test
under
this
folder
using
examples.
Here
we
have
a.
Let
me
open,
actually
I
use
uncle.
B
B
B
B
So
we
got
to
is
to
run
this
performance
test,
so
one
way
is
for
the
developers.
They
should
have
run
this
performance
test
to
make
sure
they
are
coded.
Change
doesn't
affect
the
performance,
for
example,
if
for
someone
changes
a
pilot
code-
and
this
maybe
create
a
Marty
over
hat
makers-
are
cold,
very
slow
and
make
the
memory
consumption
very
high,
so
the
developers
should
run
it
and
the
secondary's
of
developers
that
in
charge
of
release
is
to
release
creatives,
ID
still
new
Easter
releases,
they
will
run
it
as
qualification
test
I
see.
B
D
A
E
I,
my
name
is
Manju,
not
so
I
work
on
I
mean
open
software
generally,
so
I'm,
a
software
engineer
at
Intel,
so
currently
kind
of
working
on
the
networking
side,
and
especially
in
the
security
and
the
core
network,
so
I
also
work
on
another
project
called
own
app,
which
is
the
operators
are
trying
to
automate
the
network,
so
I
mean
sto
is
is
kind
of
a
very
useful
to
us.
So
we
want
to
contribute
to
sto
as
well.
E
Yeah
in
terms
of
Stevo
see
a
private
key
production,
so
an
HSM
is
now
hardware
security
module.
They
are
considered
kind
of
for
root
of
trust
entities,
they
generally
kind
of
hides
and
safeguards
and
manages
digital
certificates.
Software
Chism
is
kind
of
a
software
version
of
that.
So
it's
emulated,
then
hardware
security
modules.
So
that's
I
mean
it's
so
for
now
I'm
using
soft
HSM,
because
it's
it's,
the
software
is
readily
available
and
we
don't
have
the
license
issues
and
different
like
that.
E
There
is
no
dependency
on
the
hardware
module
itself,
so
this
is
kind
of
protecting
using
software
chisholm.
The
solution
should
work
with
any
other
hardware:
security
module
as
well,
so
that
they
come
with
their
own
libraries
and
tools
so
which,
which
kind
of
like
makes
it
Hardware
dependent.
So
if
we
can
do
this
with
software
chess
em,
it's
it's,
the
solution
should
be
applicable
to
any
hardware.
Security
module
as
well.
So
is.
C
E
Right
yeah,
so
they
all
use
in
nicosia
Slevin,
which
is
standard
and
kind
of
defines
the
platform
independent
interface
to
this
hardware,
security
modules.
They
have
to
go
through
this
pkcs
11
interface
and
all
the
major
languages
like
Go
Java,
C
C++.
They
all
provide
a
way
to
you
know
where
you
interact
with
pkcs7
interface.
E
So
is
there
any
other
questions,
yeah.
A
F
B
Don't
have
that
yet
so
so
for
the
flow
of
this,
if
this
is
go
through
the
Citadel
age
in
terms
and
invoice
through
the
SDS
request,
the
certificate
at
reach
is
a
citadel
agent
and,
as
I
say
that
the
agent
uses
a
software
GSM
to
I
mean
so.
The
the
department
is
on
the
Citadel
or
on
the
Citadel
aging.
So.
E
This
is
going
to
be
part
of
the
Citadel,
so
we
are
currently
focusing
on
protecting
the
sea,
a
private
key
itself.
So
this
is
going
to
be
the
part
of
s.
T
war
underscore
CA
the
binary
so
we'll
be
making
modification
to
that
so
which
which
kind
of
I
mean
it
this
itself.
It
creates
a
bundle
and
stores,
see
a
private
key
inside
the
bundle.
So
we
are
I
mean
the
idea
currently
is
to
protect
the
sea.
E
E
This
is,
this
is
the
diagram.
So
generally,
there
are
tools
and
utilities
pkcs7
utilities
that
are
available,
that
can
directly
talk
to
the
pkcs
11
interface
and
they
will
help
in
like
importing
the
keys,
initializing
the
device
and
maybe
slicing
the
device
itself
in
terms
of
go
apps
and
go
stack.
It
comes
with.
There
are
two
packages
right
now:
the
crypto
11
package
and
pkcs
11
package.
E
These
packages
are
available
on
github
and
the
go
crypto
11
works
in
conjunction
with
go
and
provide
and
implements
interfaces
like
sign
or
verify
the
crypto
operations
and
which,
in
turn,
uses
pkcs
11
package
to
talk
to,
because
you
have
an
interface
such
as
software
chess
a.m.
or
area
any
hardware
security
modules.
So
the
crypto
11
itself
for
kind
of
four
needs
the
description
of
the
underlying
HSM.
So
it's
it's
done
through
a
configuration
file
or
through
making
the
function
call
so
like
it
needs
like
label,
pin
and
part
of
the
library
itself.
Okay,.
B
So,
based
on
this
diagram,
actually
it
doesn't
have
to
be
the
Citadel
rack
that
they
are
ready,
because
this,
because
these
11
library
can
be
on
the
Citadel
agent
and
thus
rules
are
calling
this
pkcs
11
utilities,
all
library,
thoughts
to
our
software
at
USM
or
hardware
HSM.
To
get.
For
example,
you
mentioned
the
sign
and
signature
verification
and
basically
for
certificate
assurance
is
mostly
assignment.
Science.
E
C
B
B
A
B
C
B
G
B
It's
not
in
order
to
use
this
pkcs,
11
library,
you
don't
have
to
own
anything.
You
just
get
a
handle
to
the
to
the
hsm.
Then
you
use
the
handle
to
request
the
assignee
or
signature
verification
operation.
The
point
here
is
HSM,
not
pkcs
11,
but
the
HSM
is
deployed
somewhere
right.
It's
easy
as
well.
C
While,
while
it's
true
that
the
node
8,
like
maybe
it
needs
a
like,
it,
is
a
private
key
in
order
to
assert
itself
to
to
the
Citadel
server
for
for
the
actual
signing
of
the
certificates
that
that
get
distributed
out
to
the
on
voice
that
all
happens
centrally,
and
so
we're
talking
about
building
this
into
server
so
that
you
can
protect
that
CA.
Private
key.
G
C
F
E
Ok,
yeah
so
dump
so
for
design,
basically
based
on
these
two
packages
that
are
available
and
they
provide
the
operations
that
are
required.
So
I
mean
know.
There
are
tools,
like
I,
said
available
to
initialize,
that
you
eyes
and
kind
of
import
the
key
so
and
each
HSM
will
have
their
own
Hardware
specific
scripts.
B
E
E
B
E
E
E
B
By
in
order
to
run
this
script,
a
script
to
requires
I
input,
a
parameter
called
a
token.
That's
a
secret
I'm,
just
saying
I
mean
because
the
idea
here
is
for
security,
how
to
way
safeguard.
This
is
a
secret
or
how
do
we,
you
know,
protect
this
a
secret
from
because
we
can't
write
a
desecrater
to
the
code
or
to
the
script
itself.
So
it's.
B
E
We
created
the
right,
so
it's
it's
required
in
creating
a
token,
but
we
don't
need
it
to
actually
use
the
key
right.
All
we
need
is
a
label
or
ID
to
use
the
key.
So
it's
I
mean
if
you
want
to
kind
of
import
any
any
new
key
into
the
token,
then
you
need
the
pin
otherwise,
from
the
application
perspective,
you
just
need
the
label
so
how.
E
C
E
It's
it's.
The
label
I
mean
the
label
kind
of
is
the
one
with
users.
So
in
go
it's
kind
of
different
I.
Don't
use
this,
but
in
Java
they
kind
of
use.
You
need
that
pin
to
in
order
to
access
the
key,
but
with
go.
It
seems
like
it
works
without
pin
being
asked
so,
but
this
is
just
with
the
software
chess
em,
but
with
our
real
HSM
it
could
be
different
and
it
might
be
enforced.
A
A
E
C
A
C
C
E
A
A
B
F
A
B
B
B
E
Okay,
so
yeah,
so
basically
the
key
cert
bundle
already
have
a
crypto
private
key.
So
we
don't
need
any
data
structure,
changes
that
are
required.
So
it's
it's
existing
code
should
we
be
existing,
they
destroyed.
Our
data
structure
should
work
so
in
terms
of
so
this
will
be
kind
of
useful
in
protecting
a
plugged
as
well
as
external
CAS.
So
in
either
case
the
CI
can
be
a
key
can
be
protected
same
thing
with
the
multi
cluster,
so
we
will
have
intermediate
certificates,
intermediate
keys
and
certificates
so
that
that's
also
can
be
protected.
E
E
Soft
HSM
related
tools
like
soft,
which
SMU
TL
pkcs
11
tools
are,
they
needs
to
be
installed
and
unit
unit
test
cases
and
also
for
the
integration
test.
The
Citadel
or
test
container
has
to
be
created
and
the
vendor
dependencies
like
crypto,
lava
and
pkcs
lovin,
that
that
needs
to
be
resolved
as
well,
so
I
mean
those
are
the
changes,
I
have
and
yeah.
That's!
That's
all!
That's
the
overall
idea.
I
have
I
so.
F
I'd
like
to
just
say
that
overall
I
think
that
this
functionality
is
valuable
for
a
CI
right,
and
you
know
that
being
said,
there's
a
lot
of
different
ways
that
this
can
happen
depending
on
the
different
types
of
hardware's,
there's
also
other
kinds
of
backings
that
give
similar
levels
of
protection
like
cloud-based
HSN,
some
other
things
that
won't
be
pkcs,
11
yeah,
no,
those
are
I,
think
are
also
Melody's
cases
and,
quite
frankly,
less
expensive.
Most
the
time
yeah
I
actually.
B
Want
to
add
our
perspective
here
is
so
right
now,
East,
your
support,
vault
is
a
and
about
to
say,
is
actually
not
using
the
PSS,
but
it
doesn't
require
as
subpoena
it
just
need
as
a
community
service
counter
it
houses,
a
munagi
service,
account
authentication
Messer,
so
here
both
will
never
expose
a
private
key,
so
it
seems
we
should.
You
know,
actually
get
a
comparison
in
terms
of
which
one
is
in
terms
of
the
security
officers
to
two
different
approach.
One
is
support.
Another
use,
this
soft
HSN
I.
E
B
E
It's
an
operator
choice
right,
so
yeah
I
mean
I,
agree
that
there
are
multiple
solutions,
but
the
reality
is
people
use
different,
different
ways
of
getting
the
security.
So
it's
this
is.
We
are
not
saying
this
is
the
only
one,
but
it's
it's
an
choice
for
the
operator,
so
I
mean
yeah,
see
a
wall.
Ca
could
be
used,
but
if
somebody
has
already
as
a
deployment
and
they
want
to
use
the
existing
CA,
a
keys
right.
So
that's
this
is
one
options
they
can
use.
B
F
B
Difference
of
here
is
is
a
vault
can
be
just
a
remote
as
a
server,
so
a
lot
of
corporations
they
just
provide,
as
they
are
voting
and
pointers.
They
don't
actually
deploys
ers
EA
as
their
private
key
into
the
cluster.
They
just
provide
an
endpoint
and
the
East
you
just
integrate
with
the
Citadel
Edgington
to
be
specific
in
turn,
integrator
will
start
a
remoter
and
point
J.
F
E
F
Like
the
core
question
here
is:
do
we
want
to
continue
iterating
on
Citadel
CA
and
do
we
want
it
to
be
flexible
right?
If
we
want,
if
we're
saying
that
you
have
extra
requirements
as
a
user
use
a
different
CA
backing,
then
that's
fine,
but
if
we
want
people
to
continue
using
Citadel
server
than
I
think
you
know,
we
need
to
have
some
sort
of
story
right,
yeah,.
A
Exactly
that's.
That's
also,
my
point,
I
totally
agree
with
you,
so
we
are
not
saying
like
we.
We
want
to
go,
get
rid
of
CA
all
right.
We
want
to
be
able
to
provide
two
approaches
according
to
different
scenarios,
if
the
users
have
an
environment
that
offers
this
PKI,
we
can
easily
hook
up
with
them.
We
offer
this
flexibility
and
also,
if
they
use
for
those
you
that
they
can
deploy
this
cluster
with
their
trusted
infrastructure,
for
example,
with
HSM
became
easy
to
use
Silvia,
which
offers
better
manageability.
B
F
This
just
the
kind
of
like
you
know
on
that
on
that
kind
of
note,
to
bring
this
kind
of
back
to
what
I
was
saying
before
is
that
there
are
multiple.
There
are
multiple
use.
Cases,
for
you
know,
quote
Hardware
back
keys
and
I.
Think
pkcs
based
HSM
is
one
of
them
and
just
to
give
like
point
of
reference,
the
way
that
we
handle
this
in
spire
there's
no
designer
extensible
interface.
So
if
somebody
has
their
own
HSM
hardware
or
some
custom
foo
or
they
want
to
plug
it
into
AWS,
HR,
cloudy
trust
them.
C
But
you
don't
have
to
recompile
Citadelle,
for
example,
just
put
in
a
bit
of
config
and
say:
okay,
well,
you're
gonna
use
this
signing
this
signing
plugin
it's
going
to
talk
to
pkcs
11
and
here's
all
the
arguments
that
you
need
right,
which
which
imagine
athis
has
started
to
collect
in
this
document.
Yeah.
D
F
All
right,
sorry
about
that.
The
part
that
I
was
trying
to
say
is
that
she's.
F
Stoppable,
okay,
so
the
partner
I
was
trying
to
say
is
that
I
think
that
there,
like
some
small
variations
of
our
vendor
specific?
And
maybe
it's
someone
can
drop
in
here
and
correct
me
if
that's
not
the
case,
but
I
think
that
there
are
some
like
smart
cards,
for
instance,
I
think
has
like
a
fairly
standardized
and
well
understood,
because
that's
a
lot
of
semantics,
but
vendors
there,
like
some
vendor
specific
nuances
to
ageism,
is
that's.
C
I,
don't
think
that
we
should
get
it
in
the
business
of
doing
that.
That
kind
of
thing
right,
like
initializing,
the
hsm
and
getting
your
key
in
and
stuff
like
that,
that
can
be
done
in
in
net
containers
or
whatever
I'll
see
you
you
want
to
do
as
as
an
operator
I,
don't
think
that
needs
to
enter
into
into
into
citadels
kind
of
core
at
all,
and
so
so
I
I,
don't
like
the
interface
where
it's
like.