►
From YouTube: ROS 2 Security Working Group 2021 09 14 at 06 02 GMT 7
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
folks,
so
recording
has
started.
So
anybody
on
the
call
have
any
topics
to
bring
up.
B
Not
from
my
end,
maybe
just
a
quick
update
that
this
big
ss11
support,
work
is
going
forward
and
I
think
iker
would
be
the
better
person
to
give
the
actual
update
on
the
work.
But
but
it's
it's
going
as
as
scheduled
and
and
also
as
designed
and
and
we
are
expecting
to
see
results
by
the
end
of
the
year.
But
probably
even
sooner.
A
That's
excellent:
do
you
guys
need
a
you
know,
interim
or
any
sort
of
preliminary
review
of
anything
anything
we
can
help.
B
Out
with
yeah,
maybe
I
think
it's
a
bit
early
right
now.
Still
there
is
nothing
concrete
yet,
but
I
think
yeah.
Maybe
it
would
be
actually
a
good
idea,
especially
when
it
comes
to
the
integration
with
actual
asros
on
this.
So
so
right
now
the
focus
has
been
on
the
dds
side
fully,
but
but
eventually
we
need
to
start
thinking
who
and
what
to
do
on
the
sros
site.
A
Understood
yeah,
I
certainly
love
to
help
out
as
much
as
possible.
You
know
the
security
canonical
security
teams,
so
you
know
whatever
whatever
you're
ready,
you
know
feel
free
to
reach
out
to
me
or
jeremy
and
yeah.
We
can
certainly
certainly
love
to
help
out.
B
Yeah
awesome
awesome,
yeah,
I
think
in
october
we
are
already
in
a
place
where
we
could
have
some
kind
of
early
early
version
to
at
least
test
on
our
our
premises,
but
yeah,
let's
see
I,
I
think
this
needs
also
some
discussion
with
iprosima
how
much
the
thing
is
in
october.
B
Actually,
another
side
comment
that
is
not
really
added
in
the
item,
but
I've
been
working
on
on
this
external
ca
set
up
based
on
the
document
that
sid
faber
started
before
he
left.
There's
a
drafting
google
docs.
B
B
So,
instead
of
using
the
self-signed
certificates
and
cell
science
case
that
that
esros
creates
today,
you
could
use
those
manual
steps
to
create,
so
I've
been
trying
to
create
a
setup
according
to
those
instructions,
and
it's
still
not
fully
working.
I
get
the
authentication
working
and
encryption
is
working,
but
but
for
some
reason
I'm
unable
to
sign
the
permissions
file
correctly.
So
I
was
thinking.
Maybe
if,
when
I
get
this
working,
I
could
make
some
kind
of
a
demo
and
maybe
continue
this
documentation
that
started.
C
So,
to
what
extent
does
does
that
involve
is
just
creating
your
root
certificate
authority
and
placing
it
in
the
proper
location,
the
key
store
and
using
the
rest.
C
To
populate
the
cryptographic
material.
B
Yeah
exactly
so,
the
esros
would
create
us,
the
the
node
or
or
or
the
domain
participant
key
and
certificate
request.
And
then
I
I've
been
using
google
cloud,
this
certificate
service
to
run
the
cas,
but
basically,
of
course
it
can't
be
any
any
pki
system.
So
I
don't
know
if,
like
what's
the
common
opinion
like,
I
find
it
a
bit
clumsy
that
esros
today
creates
this
whole
japan
automatically
like
it,
creates
the
local
cas
and
self-signed
certificates.
B
C
Yeah,
so
the
key
framework
I
wrote
before
we
did
worked
on
s
ross
called
the
key
mint
and
app
armor
took
a
sort
of
a
closer
approach
to
what
like
any
kind
of
build
tool
or
build
system,
might
make
you
like
intermittent
material.
C
So
it's
still
sort
of
like
this
file
system
kind
of
approach
of
of
managing
certificates,
but
it
like
generate
you
can
ask
it
to
generate
the
intermittent
material
with
like
certificate
requests
that
that
you
could
hand
to
signing
requests
that
you
could
hand
to
other
infrastructure
to
complete.
B
C
We
could
do
something
similar
in
sros,
where
maybe
we
add
additional
flags
to
to
generate
partial
key
material.
That's
then
deliverable
to
something
some
other
infrastructure.
B
Yeah
exactly
sounds
good
and
pretty
much
what
I
had
in
mind,
because
I
think
the
current
current
coach
does
already
everything
we
wanted
to
do.
It's
just
like
splitting
the
process
a
little
bit
in
pieces
of
that
the
self-signing
and
something
like
this
is
optional.
If
the
user
doesn't
want
it
to
happen,.
C
B
Yeah
yeah,
for
some
reason
when
I,
when
I
sign
the
permission
file,
I'm
using
openssl
and
doing
the
s
mine
as
mime
signing
when
I
give
this
permissions
xml
file
and
p7
file
for
the
for.
For
my
ros
note,
it
fails
to
start
it's
giving
some
kind
of
well.
I've
been
getting
different
kind
of
errors,
but
I
think
most.
C
Of
them
so
some
of
the
other
dds
vendors
like
rti
or
prosima,
they
do
have
on
their
documentation
portals
the
exact
open,
ssl
incantate
again
like
black
magic
incantations
that
you
have
to
feed
to.
C
S
mime
certificate
signing.
You
can
actually
look
at
like
the
s
rosco.
That
tells
you
the
exact
flags
that
we
had
to
force
it
to
use.
Okay,
there's
a
little
nuance
there.
My
last
idea
is
that
sometimes
we've
had
issues.
We
still
have
the
issue
with
the
certificate
max
size
limitations.
B
Okay
sounds
good,
yeah
I'll
check
the
code
yeah
when
I
have
time-
and
it
sounds
good
like
this-
is
quite
a
recent
recent
problem,
so
I
haven't
really
put
too
much
time
to
tackle
it
yet,
but
that's
why
I
haven't
also
raised
that
up
in
the
matrix
or
anything
sounds
good.
I
take
these
instructions
and
see
what
it
gets
me.
A
Excellent
yeah,
I
pasted
a
link
to
our
the
thing
you're,
referring
to
that's
drafted.
I
put
that
in
the
agenda
and
also
in
the
chat
here
so
yeah.
If
there's
any
room
for
improvement
on
there,
let
us
know
we
can
work
here
as
well.
A
Great
thanks
for
joining-
and
I
hope
you
guys
have
a
great
week
and
we'll
talk
to
you
soon,.