►
From YouTube: ROS 2 Security Working Group (23 Feb 2021)
Description
Regular meeting of the ROS 2 Security Working Group. Meeting minutes can be found at https://github.com/ros-security/community
A
Okay,
yeah
so
no
comments
on
the
meeting
minutes
from
last
from
our
last
meeting,
that
was
on
the
ninth
february.
A
Go
ahead,
looks
good
to
me.
Okay,
consider
those
approved,
I'm
gonna
wait.
I
I
actually
added
an
item
on
that.
Ruffin
pointed
out
yesterday
about
the
default
rmw.
I'm
gonna
table
that
for
just
a
minute
to
see
if
he
joins
us,
we'll
come
back
to
that
so
and
also
yeah.
So
we'll
start
with
marco.
Do
you
have
an
update
on
the
use
case
that
you're
working
on
or
you
know,
using
security
for
rmf.
C
B
So
I
I
mostly
compile
a
list
of
needs
that
I
think
the
rmf
has.
Let
me
see
if
I
can
share
it.
A
B
I
can
see
it
alright,
so
basically,
as
I
I
said
last
last
time,
the
support
for
certificate
revocation-
it's,
I
would
say
it's
one
of
the
most
important
that
s
ross
should
could
help
rmf,
because
currently
I
I
only
the
only
way
I
see
it's
to
go
down
to
robots
and
change
their
certificate
manually
and
these
robots
will
be
spread
out
in
a
facility
that
is
probably
quite
big,
so
currently
we're
doing
hospitals.
B
B
Then
then
also
another
thing
that
I
realized
is
that
it's
the
the
the
common
line,
interface
tools
of
ros,
cannot
be
used
with
the
security
when
the
security
is
on,
so
that
makes
it
very
difficult
to
debug
when
you
are
deploying
a
system,
a
large
system
like
rmf,
we
also
talked
about
certificate
authorities
hierarchies.
B
I
don't
I'm
not
sure
how
how
much
I
haven't
looked
into
this
too
much.
I
just
put
it
here
because
we
talked
about
it,
so
I'm
not
sure
how
much
we
need
this
or
how
much
it
will
help,
but
I'll
just
leave
it
there
for
now.
So
we
can
keep
it
in
mind.
We
also
talked
about
a
bit
about
some
third-party
verification
ways.
At
least
one
of
my
biggest
concerns
with
rms
are
third
parties,
because
they're
they're
not
they're,
not
managed
by
the
system.
B
Integrator,
do
not
you
don't
know
how
they're
gonna
be
secured,
so
maybe
some
some
some
ways
of
of
of
verifying
that
they
have
some
level
of
security
or
or
that
you
can,
or
at
least
a
guideline
for
for
the
vendors.
Something
like
that
also
the
setup
setup
test.
That
is.
That
is
another
thing
that
I
thought
of
like
when
when
you,
when
you
run
you,
you
set
up
the
whole
security
environment,
you
run
it
and
then
there's
no
guidelines
or
tools
on
on
I
mean
there's.
B
I
guess,
there's
ways
on
on
how
to
check,
but
maybe
there's
we
should
have
some
some
guidelines
on
on
how
you
can
check
that
your
setup
is
correct.
Like
I
mean
everything
is
working
in
my
setup
and
everything,
but
how
do
I
know
the
security
is
working
right?
My
my
demo
or
my
my
whole
setup
is
working,
but
the
security-
I
don't
know
if
it's
working
right
and
and
there
might
be
like
the
you're
using
a
vendor,
dds
vendor,
underneath
that
is
in
fact
the
one
providing
the
security.
B
But
you
don't
know
if
it's
actually
working
or
it's
not
properly
done,
or
it
has
some
leaks
or
something
so
ways
to
test
and
verify
that
the
security
is
on.
The
encryption
is
being
done
and
all
that
that
that
will
be
very
interesting.
B
B
So
I
I
know
right
now:
there's
a
generation
policy
through
that
uses
the
ros
graph,
but
that
is
only
representative
of
the
communications
being
done
at
a
certain
point
of
time.
I
guess
so.
I
think
that
it
would
be
interesting
if
we
could
do
that
and
maybe
using
the
nodel
description.
B
A
Side,
a
few,
a
few
reactions
to
that.
I
think
working
from
the
bottom
up.
I
believe
the
plan
for
node
dl-
you
can
check
with
ted
when
he's
here
later
next
meeting,
but
the
plan
for
no
dl
should
be
to
actually
generate
eventually
generate
some
more
detailed
policy.
You
know
to
create
things
like
read-only
notes
and
so
on.
A
I
know
the
initial
implementation
doesn't
do
that,
but
I
think
that
is
yeah
the
plan,
so
we
just
have
to
track
those
pull
requests
in
that
project
as
a
kind
of
gross
yeah-
and
I
haven't
heard
much
about
raw's
launch
since
we
last
spoke.
Let
me
ask
for
the
setup
test
and
verification
that
actually
sounds
like
there's
a
possibility
with
logs
there.
A
D
Well
to
some
to
some
extents,
so
we
we're
working
on
enabling
one
of
the
missing
security
feature
in
dds
in
fast
dds
at
the
moment,
which
is
security
logging.
That's
not
one
of
the
three
mandatory
security
plugin
as
per
rost2.
D
When
we
are
eager
to
see
implemented
and
this,
this
plugin
will
essentially
logs
every
security
event
with
different.
You
know
granularity
of
logging
and
they
will
be
logged
in
both
in
file
and
and
over
the
dds
graph.
D
D
The
topic
name
is
using
characters
that
are
not
recognized
by
by
rost2.
We
raised
this
issue
to
well
to
open,
robotics
and,
and
at
the
moment
they
are
not
planning
on.
You
know,
supporting
those
special
characters
so
that.
D
Some
simple,
you
know
bridge
that
simply
translate
from.
B
E
B
D
Message
anyway,
the
point
here
is
that,
to
some
extent,
you
will
get
an
idea
of
what's
going
on
from
the
security
perspective
through
logs
and
we
are
aiming
at.
You
know,
integrating
that
into
the.
D
D
D
While
I'm
on
the
floor
just
a
quick
note
on
the
cli
tools,
we
are
aware
about
the
the
limitation
that
they
are
not
working
with
with
srs2
and
the
the
difficulty
here
is
that
those
tools
the
by
default,
I
mean
by
design
they
are
able
to
access
any
any
topic,
any
parameter
any
such
thing.
So
it's
very
difficult
to
set
to
set
rules,
security
rules
that
would
allow
to
use
them
while
keeping
a
secure
system.
D
D
We
have
discussed
other
ways
of
doing
that
in
the
past,
but
at
the
moment
it's
not
clear
how
that
would
integrate
with
with
dds.
So,
hopefully,
no
dl
will
alleviate
this
pain.
A
So
it
seems
like
my
prayer,
you
might
have
some
test
case
this
week-
kind
of
matures
of
the
logging
and
some
of
the
dl
stuff.
I
think
we
definitely
want
to
work
together
on
that.
Does
anybody
have
any
other
reactions,
particularly
about
the
crl?
Is
anybody
be
working
that
problem
at
all.
A
So
it
sounds
like
not
at
least
for
who
we
have
here
right
now,
so
I
think,
marco.
I
think
this
is
a
really
nice
list.
I
I
I
I'm
feeling
our
next
steps.
Probably
are.
You
know,
jeremy
you've
heard
what
mark
is
working
on
if
there's
opportunities
for
you
to
kind
of
toss,
some
stuff
over
the
fence
at
marco,
so
he
could
try
it
out
for
logging
and
whatnot.
You
know
there's
an
opportunity
there
same
with
marco.
A
You
know
if
you
have
questions
about
how
that's
working,
that's
for
the
logging,
that's
jeremy
and
then
for
for
the
node
dl.
I
know
ted
has
been
working
that
and
I
think
those
pull
requests
are
actually
still
open,
still
waiting
review,
so
yeah
yeah.
D
Just
a
quick
note
about
the
the
seventh
point:
the
generate
policy,
so
you
you
mentioned
the
the
tool
from
sros
2.
That,
indeed
captures
only
a
you
know
a
ros
graph
at
the
at
the
moment
in
time,
and
that's
precisely
why
we
we
got
started
with
no
dl.
We
needed
something
that
would
you
know
capture
the
entire
graph
at
any
time.
That
would
make
it
as
easy
and
automatic
as
possible
to
generate
those
policy
and
that
that's
yeah
precisely
why
we're
working
on
nodel
and
the
secure.
A
B
Yeah,
so
that
everything
sounds
great
I'll,
be
happy
to
to
give
it
a
try,
a
test
or
whatever
you
have
yeah
just.
Let
me
know.
A
So
it
sounds
good,
we'll
just
keep
probably
keep
you
on
the
menu
and
the
agenda
for
the
working
group
meetings,
marco,
just
to
give
us
updates
when
you're
here
and
call
out
for
any
help.
If
you
need
it
so
then
I'm
going
to
move
on
to
move
it
to
discussion,
not
as
long.
I
don't
think
I'm
going
to
present
a
slide
here
for
you
suck
in.
A
A
All
right,
hopefully,
you
can
see
just
one
slide
here,
related
to
movement,
so
this
is
from
the
discussion
I
have
with
the
folks
that
presented
to
us.
I
guess
that
was
back
last
year
now,
but
we
were
talking
about
what
our
best
initial
use
case
is
and
this.
So
this
is
a
the
typical
design
is
kind
of
like
just
a
sketchbook.
We
started
out
with
where
the
the
move
itself,
with
the
support
nodes,
the
the
green
and
the
blue.
A
A
A
So,
just
simply
to
take
those
you
know,
use
the
lxd
container
that
exists
for
the
running
robot
make
a
copy
of
it
for
that
read,
only
robot
state
and
kick
off
an
arviz
visualization
into
the
running
robot
and
then
make
sure
that
one
is
read
only
so
so
next
step
here
is
to
take
the
pre-built
container,
implement
security
on
the
container
and
then
clone
it
off
to
create
a
read-only
container
as
well.
So
we
end
up
with
two
luxe
d,
so
it
kind
of
makes
sense
so
kind
of.
A
I
don't
feel
like
I'm
explaining
that
terribly
well,
but
I
think
the
drawing
kind
of
shows
you
that
it's
a
very
simple
use
case
where
you
have
our
biz
reaching
into
a
running
robot.
That
should
have
read-only
view
of
what
the
robot
state
is.
A
So
that's
all
we're
going
to
look
at
implementing
is
if
anybody
else
is
interested
in
working
on
this
again,
I
think
all
the
setup
is
done,
because
we
can
start
with
the
pre-built
xd
container
and
it's
just
a
matter
of
applying
security
to
that
container,
one
for
the
actual
running
robot
and
then
one
for
the
read-only
view
into
the
other
robot.
A
A
No
comments
on
that.
It
sounds
like
so
I'm
gonna
move
on.
I
have
looks
like
cali.
First
of
all,
did
I
get
your
name
right.
Kelly,
yeah,
yeah.
E
A
For
joining
us,
I
think
you
had
some
questions
that
you
post
up
into
the
the
matrix
chat.
If
you
want
to
throw
them
out
here,
hopefully
somebody
will
pick
them
up.
It
doesn't
seem
like
you
got
too
much
traction
on
the
on
the
chat.
E
Yeah
yeah,
that's
right.
I
think
it's
more
just
like
a
sort
of
like
a
new
big
question.
I've
been
trying
to
educate
myself
a
little
bit
with
sros,
and
so
I
basically
work
in
a
drone
project
as
a
security
engineer,
and
we
have
like
existing
ros
2
nodes
there
and
we
use
that
for
the
different
drone
components
to
communicate
with
each
other,
but
also
the
drone
drones
communicate
with
each
other
in
the
fleet
through
rush
too,
and
basically,
we
are
now
thinking
to
add
security.
E
On
top
of
that,
and
I
have
been
trying
to
figure
out
like
what
are
the
different
encryption
and
authentication
schemas
that
are
supported
and
how
much
control
we
have
to
change
them
and
one
one
big
thing
is
also
that
we
would
like
to
have
a
centralized
key
management
for
basically
all
the
cryptography
happening
on
the
on
board
on
a
drone.
So
I
was
wondering:
is
it
possible
for
esros
to
fetch
the
keys
somewhere
else
than
than
in
this
file
system
on
that
on
the
same
same
box?
E
Basically
so
they're
like
a
bunch
of
questions-
and
I
was
just
hoping
if,
if
there
is
a
pointer
to
some
kind
of
documentation
around
it,
we
don't
need
to
go
through
all
questions,
probably
right
now,
but
I
was
unable
to
find
like
very
detailed
documentation
on
crypto
and
authentication.
I
understand
the
high
level
concept
of
all
these,
including
the
access
control
lists
and
all,
but
but
when
it
comes
to
a
little
bit
about
what
algorithms
are
used,
how
does
the
authentication
process
look
like
and
and
so
forth,.
A
C
Rmf
yeah,
I
guess
the
use
case
could
be
similar
yeah,
for
I
mean
the
authentication
and
the
encryption
happens
at
the
year's
level.
So
it
would.
It
would
be
based
on
the
dds
framework
that
you
use
in
there.
C
So
for
documentation
on
that,
you,
you
can
check
it
out
on
the
yeah
there
you
go
on
the
dds
security
specifications,
okay
got
it.
I
don't
know.
To
be
honest,
I
don't
know
personally
how
much
each
vendor
of
dds
would
support,
so
you
might
have
to
check
on
whatever
you're,
using
if
you're,
using
fast
rtbs
or
if
you're,
using
cyclone
dds.
C
C
We
haven't
defined
yet
how
we
plan
to
do
it,
but
we
also,
we
also
are
in
a
need
of
having
like
some
some
kind
of
centralized
location
or
some
some
way
to
manage
keys
from
different
robots,
and
that
is
not
supported
as
far
as
I
know,
by
esros,
and
the
only
way
that
we
have
right
now
is
basically
you
have
to
deploy
those
keys
manually,
and
that
was
my
point
with
the
revocation
of
certificates
that
we
need,
because
there's
no
way
to
if
you
have
a
one
of
these
drones,
get
the
key
is
stolen
or
someone
takes
over
there's
no
way
you
can
replicate
the
key
unless
you
you
have
to
like,
go
and
fetch
the
drone.
C
E
Yeah
yeah
yeah
exactly-
and
this
is
one
of
the
concerns
like
we-
we
are
planning
to
create
an
enclave
on
on
board
and
hoping
that
we
would
do
if
not
all
most
of
the
encryption
in
in
that
enclave
and
whatever
components
need
to
use
cryptographic.
They
just
make
requests
over
any-
let's
say
cryptographic,
interface,
maybe
pkcs11
or
or
soft.
But
I
think
this
is.
This
is
not
properly
supported.
Based
on
what
you
are
saying,
but
but
on
the
other
hand,
certificates
are
supported.
E
E
Yeah,
I
I
was
going
through
those
sample
samples
on
on
esros
in
github,
and
I
didn't
see
much
about
certificates
there
like
when
you
create
keys
and
whatnot.
I
was
like
I
thought
that
those
are
just
raw
keys
there,
but
is
there
some
kind
of
certificates
like
signed
automatically
when
I,
when
I
create
a
keystore
and
key.
D
Policies
so
that
your
wall
craft,
can,
you
know,
spawn
and
just
work,
but
nothing
prevents
you
from
you
know
creating
your
own
keys,
your
own
policy,
your
own
access
control
and
everything,
this
kind
of
granularity.
E
D
D
C
D
C
A
So
great,
hopefully
that
helped
you
out
a
little
bit
got
you
started
and
feel
free
to
you
know,
drop
in
on
the
meetings
or
try
again
out
on
the
matrix
chat
and
we'll.
A
Yeah,
because
one
of
the
things
too,
that
we're
you
know
we're
talking
about
these
use
cases
and
whatnot,
what
we're
trying
to
do
is
actually
find
those
good
use
cases
that
can
be
used
as
tutorials
and
update
our
documentation.
E
Yeah
yeah
and
maybe,
as
our
project
goes
forward,
I
can
maybe
at
some
point
prepare
a
demo
demo
for
you
guys
if
you
are
interested
to
see
how
we
ended
up
using
sros,
of
course,
now
it's
a
bit
early,
but
but
still
gonna.
If
you're
interested.
I
I
was
also
an
earlier
earlier
call
with
you
guys,
and
I
saw
saw
a
demo-
also,
maybe
something
similar.
I
could.
A
Yeah
that'd
be
great
that'd
be
great,
I
mean,
I
think
I
think
it
benefits
everybody
to
see
some
of
the
more
real-world
uses
of
the
security,
so
we
can
continue
maturing
the
offering
so
cool.
A
So
I
did
have
one
more
thing,
although
we're
running
a
little
bit
long,
there's
a
issue
that
was
just
posted
yesterday.
A
Let's
see
if
I
can
pull
that
up
the
that
the
default
rmw
no
longer
ships
with
security
features.
Did
everybody
see
that?
Does
anybody
have
any
comments
on
that.
D
A
Yeah,
so
I'll
just
leave
that
out
there
if
everybody,
if
anybody
gets
a
chance
to
make
a
comment
on
that,
that's
definitely
something
we'll
want
to
track.
I
don't
know
you
don't
have
any
more
insights
into
it.
Jeremy,
I
know
I
I
don't.
A
But
hopefully
it's
just
something
in
the
built
form:
they
can
enable
security,
but
okay,
all
right.
So
that's
all
I
have
for
today.
Does
anybody
else
have
anything
else.
A
All
right,
if
not,
then
we'll
go
ahead
and
call
it.
Thank
you
very
much
thanks
a
lot
for
the
update
marco
and
we'll
see
y'all,
and
I
think
it's
about
two
weeks.