►
From YouTube: ROS 2 Security Working Group, May 11 2021
Description
Discussion about adding PKCS#11 support to ROS 2
A
Being
recorded
and
yeah
two
meeting
minutes
from
our
last
two
meetings
actually
ready
to
be
approved,
I
sent
the
link
out,
there's
just
two
pull
requests.
A
Does
anybody
have
any
comments
or
any
concerns
on
that?
Or
is
anybody
willing
to
say
give
that
the
okay
to
go
ahead
and
publish
this.
A
Okay,
all
right
so
we'll
go
ahead
and
push
those
out
and
didn't
have
anything
else
on
the
agenda.
I
think
we've
got
a
great
topic
that
cali's
gonna
introduce
for
us
on
how
to
pull
potentially
pull
security
bits
for
raz
from
pkcs
uri
or
potentially
a
data
uri.
A
I
think
there's
lots
of
possibilities
in
there,
but
I
think
there
might
be
some
practical
hurdles
to
overcome,
but
with
that
I'm
going
to
hand
it
over
to
cali
to
just
introduce
your
use
case,
and
then
we
can
start
walking
walking
through
where
to
get
from
here.
A
C
Screen
yeah,
I
I
also
included
or
forwarded
this
invitation
to
two
of
our
developers,
manuel
and
tianci,
who
are
also
on
the
co-op.
So
that's
why
we
have
some
new
faces,
at
least
so.
Are
you
able
to
see
my
screen
yep?
I
can
see
yes,
sir
excellent,
so
so,
basically,
first
I
would
like
to
tell
a
little
bit
what
we
are
doing
to
give
a
little
bit
background
and
who
we
are
so
so
I
represent
tii,
which
is
the
technology
innovation
institute
located
in
uae
and
okay.
Oh
there
we
go.
C
C
We
have
like
quantum
research,
cryptography
and
so
on,
and
what
we
are
part
of
is
this
last
one
here:
secure
systems,
research
center
and
what
we
do
is
basically
we
deal
with
topics
such
as
the
hardware
hardening
software,
hardening
system,
integrity,
communication,
hardening
and
cloud
integration
and
then
secure
resilient
platforms,
which
is
very
core
of
this
project
that
we
are
doing
with
drones.
C
So
the
very
project
we
are
doing
is
autonomous
drone
drone
fleet,
and
basically
this
is
quite
a
big
big
project.
We
have
a
lot
of
university
collaboration
as
well
around
the
world,
including
europe,
u.s
and
and
uae.
C
This
is
meant
to
be
a
platform
for
further
development
and
for
different
use
cases,
enabling
research
and,
and
maybe
some
business
business
cases
as
well.
So,
but
we
are
not
productizing
this
as
this
project,
so
so
we
are
working
on
on
a
platform
and
and
doing
a
lot
of
research
on
different
related
topics
on
this.
C
Here
are
some
use
cases
that
potentially
this
drone
platform
could
be
used.
The
idea
is
that
we
have
a
ground
control
which
is
based
in
the
in
the
cloud
there.
We
can
run
some
heavy
computation,
computational
things
such
as
data
analysis
and
and
yeah
machine
learning
and
and
sort
of
things.
Then
we
have
the
middle
layer,
which
is
what
we
call
drones.
These
are
relatively
heavy
duty
drones
with
some
computing
power.
C
They
communicate
with
with
each
other
in
a
mesh
network,
but
also
4g
5t
lte
connectivity
to
the
cloud,
and
then
they
work
more
or
less
like
a
as
a
motor
ships
for
what
we
call
edge
drones,
which
are
much
more
limited,
small
drones
and
so
on.
So
this
is
the
this
is
the
high
level
concept.
C
The
idea
is
that
the
throne
system
can
do
missions
autonomously,
so
we
define
a
mission
in
the
cloud
push
it
forward
to
the
swarm
and
they
start
to
divide
the
tasks
and
and
do
what
they
are
supposed
to
do,
and
so
what
this
means
in
the
ros2
context
is
that
we
have
this
computer
on
board.
We
are
now
focusing
on
these
drones,
which
are
these
sort
of
like
a
minor
shifts
in
between
so
so
they
are.
C
These
heavy-duty
drones
with
some
comp
computing
powers,
everything
there
runs
in
ros
network,
so
so
components
inside
the
drone,
as
well
as
between
different
drones,
communicate
over
rus
rush
nodes.
C
Pump
what
else
so,
basically,
the
idea
is
that
we
have
these
virtual
environments
on
this
computer.
They
are
logically
divided
on
according
to
different
trust
zones
or
or
actual
operational
features.
C
It's
it's
like
a
moving
target,
but
the
idea
is
that
we
are
having
a
hypervisor
and
then
virtual
machines
on
top
of
this,
and
so
the
basic
beef
of
the
whole
thing
are
different.
Ros
notes,
collecting
data
controlling
sensors
controlling
the
flight
commands
all
this
mission
execution.
All
this
is
like
a
big
rush
to
network
what
we
have
had
in
mind
and
we
will
come
to
this
very
topic
soon.
C
What
I
have
also
raised
in
the
chat
in
matrix
earlier
is
that
we
are
basically
looking
to
have
this
enclave
on
the
board
of
its
its
drone,
and
this
works
as
on
the
port
87
more
or
less
it's
a
crypto
back
end
where
we
store
keys
safely.
So
it's
in
a
rush
context.
C
That
would
mean
that
we
are
storing
the
private
keys
there
like
for
sure
we
have
some
other
use
cases
for
it
as
well,
but
but
in
this
use
case
there
or
rush
context,
the
idea
is
that
all
the
esros
private
keys
for
all
these
different
environments
or
components
are
in
this
one
hard
and
isolated
crypto
packet.
C
And
then,
similarly,
we
are
looking
to
have
the
all
the
cas
in
the
cloud,
so
we
have
the
root
of
trust
of
the
root
ca
in
the
cloud
and
also
the
intermediate
cas
there
and
during
the
provisioning
of
the
system,
we
will
be
signing
this
artifacts,
like
public
artifacts,
like
acls,
as
well
as
the
identity
certificates
for
each
each
of
these
environments
in
the
cloud
and
and
moving
them
here,
as
we
are
not
productizing
it.
C
C
We,
we
basically
have
been
a
little
bit
struggling
now
to
find
the
find
the
ways
to
protect
these
private
keys.
So
so
we
would
like
to
suggest
some
kind
of
big
ss11
based
uproads
or
some
some
standard
crypto
api.
It
seems
that
dds
security
extension
includes
big
ss11
in
the
specification,
but
but
yeah
it's
imp,
implementation
that
robin
is
to
be
worked
on.
I
think
that
this
is
something
that
is
not
only
us
who
who
would
be
potentially
looking
after.
C
So
I
think
this
could
benefit
any
many
enterprise
level
or
actual
actual
other
projects
who
need
to
really
harden
the
key
management
and
similarly
to
the
to
the
ca.
C
This
is
basically
just
a
picture
that
I
already
showed
in
a
matrix
chat,
so
external
ca.
I
think
this
is
not
rocket
science.
This
is
like
how
any
any
web
server,
for
example,
would
would
be
provisioned.
So
you
have
the
ca
and
the
intermediates
in
the
cloud.
Then
the
drones
themselves
would
generate
their
own
private
keys
or
or
the
key
pair,
and
also
generate.
Then
the
csr
or
the
certificate
signing
request
that
will
be
sent
to
the
cloud
to
be
signed,
and
then
cloud
will
provide
back
to
the
drone.
C
This
signed
certificate
for
the
throne
and
a
copy
of
its
own
cas,
and
then
the
signed
permissions
file
so
very
very
basic
thing.
I
think
this
is
much
news
for
for
any
of
us
on
the
call
who
have
ever
set
up
a
dls,
for
example,.
C
Then,
similarly,
to
this
big
acs,
11
use
case,
we
would
have
this
public
components
here
on
the
local
file
system
as
they
are
today.
If
you
are
running
this
roster
security
generate
commands,
it
will
create
this
local,
local
enclave
and
local
keys.
C
So
basically,
what
we
are
looking
for
is
that
the
only
the
secrets
would
be
stored
in
the
crypto
backend,
and
these
public
components
can
still
reside
in
the
in
the
local
file
system,
and
this
would
mean
the
certificates
and
then
these
signed
artifacts,
so
basically,
whether
it's
big
s11
or
some
other
crypto
backend
end,
it
would
basically
need
to
be
able
to
take
key
creation,
requests
and
key
con
consuming
requests
such
as
sign
and
encrypt
and
decrypt.
This
is
very
basic
because
it's
11
use
case.
C
The
benefit
of
this,
I
think,
would
be
that
if
it's
pkcs11
is
that,
then
this
is
this.
Crypto
back
end
is
fully
replaceable,
so
so
you
can
use
hsms
you
can
use
whatever
pkcs11
supported
backends.
You
want
whether
on-premise
on
port
on
cloud.
What
not?
So
this
is
industry
standard
and
should
enable
a
lot
of
a
lot
of
use
cases,
and
this
is
pretty
much
it
so
I
wanted
to
keep
it
keep
it
short
so
that
we
have
some
time
to
do
discussion
as
well.
C
This
is
also
very
high
level,
so
I
can
I
want
to
emphasize
that
we
are
very
open
for
different
approaches
and
and
if
there
are
some
good
ideas
to
forward,
we
are
all
ears,
so
yeah,
that's
about
it.
Are
there
any
any
questions
about
us
or
the
use
case.
B
I
think
it's
everything's
quite
clear
when
you're
in
your
presentation,
as
you
already
know,
fast
ideas
at
this
moment
does
not
support
a
pkcs,
but
I
do
see
the
benefits
of
of
the
layout
that
you
that
you
presented.
B
B
Have
some
contact
with
you
and
and
maybe
dig
deeper
into
every
all
the
details
and
all
the
problems
that
we
you
are
facing,
so
that,
and
maybe
you
can
start
working
towards
that
so
just
for
you
to
know
that
we
are
open
to
to
start
working
on
this.
C
Okay,
this
sounds
really
good
and-
and
we
are
also
collaborating
on
different
open
source
projects
where
we
can.
Obviously,
we
also
have
limited
resources,
but
but
I
think
that
we
should
definitely
meet
up
and
talk
in
detail
and
see
if
we
could
also
maybe
help
help
with
something.
A
C
And
yeah
about
the
technologies
yeah,
we
are
definitely
using
the
fast
rtps
and
yeah.
We
are
running
the
foxy
version
of
ross2
right
now,
so
should
be
the
latest.
As
far
as
I
know,.
A
Does
anyone
have
any
other
questions
or
thoughts
about
the
design
itself,
because
this
seems
like
this
was
what
was
the
intent
of
the
original
design
of
ross
ii?
Anyone
with
any
history
can
speak
to
that.
This
does
fit
well
with
the
original
design
plans.
D
For
the
for
the
certificate,
signing
requests
is
that
something
you
foresee
would
be
online
over
ross
networks,
or
would
that
be
something
other
than.
C
That
I
think
I
think
this
would
be
out
of
bad
like
a
side
channel
thingy.
This
would
be
like
a
provisioning
phase
of
this
whole
rush
network,
so
so
it
doesn't
need
to
happen
in
the
ros
network.
What
I
I
have
personally
in
mind
is
that
maybe
there
was
esro
stools
that
could
support
support
this,
like
generating
the
csr
showing
them
on
the
screen,
copying
it
over
to
the
see
external
ca
and
then
receive
the
certificate.
C
So
I
I
think
that
implementing
this
is
probably
quite
trivial,
even
that
everything
everything
is
already
happening
there.
It's
just
like
the
flow
is
a
little
bit
different,
probably.
C
D
I
I
I
think
I
think
everything
here
is
relatively
achievable.
It's
just
the
technical
thing
is:
does
anyone
know
about
the
state
of
pk,
pk,
cs11
and
python
cryptography
library?
D
C
Yeah,
so
so,
basically,
where
these
two
different
points
come
together
is
that
when
you
initialize
this
enclave
on
the
on
the
drone
or
on
the
robot,
and
you
generate
the
key,
this
key
must
be
generated
over
big
ss11
in
the
in
the
crypto
back
end.
And
then
you
know-
and
this
is
basically
the
flow
where
you're
also
generating
the
certificate
request
and
all
this,
but
when
it
comes
to
the
actual,
once
once
you
have
the
certificate
it's
in
the
file
system.
D
What
what
would
the
the
crypto
backend
that's
interfacing,
with
the
epm
modules?
Kind
of
look
like
that's.
That's
like
an
extension
to
rmw
to
kind
of
provide
the
dds
vendors
were
to
look
or
or
is
that
some
of
the
dds
vendors
already
provided.
C
Actually,
the
crypto
back
end
is
something
that
we
will
be
creating
ourselves.
It's
like
another,
another
research
project
we
have
going
on,
and
it's
it's
not
only
for
the
trons,
it's
something
that
we
are
doing
otherwise,
so
it's
basically
like
our
own
hsn
implementation,
very
lightweight
and
versatile,
but
but
basically
the
beauty
of
this
whole
thing
is
that
it
should
not
matter
too
much
what
the
crypto
backend
is
and
how
it
looks
like
if
it's
able
to
communicate
over
peak
ss11.
C
C
C
So
if
looking
at
the
web
servers,
for
example,
you
you
can
you
can
point,
you
can
use
something
called
pkss,
11
uri,
it's
somewhat
standardized
way,
and
so
basically,
when
you
have
your
configuration
file
for
rs2
or
esros,
you
would
give
big
ss11
uri
instead
of
the
file
name
for
this
private.
A
C
Yeah-
and
I
think
that
would
be
the
most
elegant
way,
then
then
some
vendors
use
something
called
wrapper
key
files.
So
basically
you
still
have
a
key
in
the
file
system,
but
it's
just
basically
a
pointer
to
the
actual
actual
key
in
the
enclave.
So
you
this
is
more
like
a
legacy
solution
for
things
like
apache
that
doesn't
or
mod
ssl
in
apache
that
doesn't
really
understand
anything
else
than
files.
So
that's
why
some
agencies
and
vendors-
you
know,
do
this
sort
of
approach,
but
but
I
think
big
s11
uri
would
be.
B
What,
in
fact,
the
security
is
standard
does
define
the
the
pkcs
us
as
one
of
the
options
in
order
to
set
the
permissions
on
the
the
rest
of
the
files.
So,
apart
from
the
file
protocol,
we
could
use
bkscs.
A
A
B
Correct
yeah
at
this
moment
when,
when
we
are
configuring,
the
middleware
all
the
properties
referring
to
the
security
configuration
they
are
set,
or
at
least
we
are
on
only
supporting
file
your
your
eyes.
So
it
would
be
just
change
that
into
so
that
we
could
support
the
pkcs.
B
A
So
is
that
going
to
require
a
change
to
the
roster
design
dock,
just
to
specify
how
we're
going
to
locate
that
similar
to
what
we
did
last
time
when
we
reworked
how
the
enclaves
were
set
up?
Is
this
going
to
mean
that
we
just
have
to
find
a
way
to
support?
I
mean
that
it
sounds
like
that's
going
to
be.
One
of
the
early
things
is
to
figure
out
nail
down
what
the
design
is
for,
how
we
put
in
a
pkcs
uri.
A
Okay,
let
me
ask
another
question
for
you
as
you're
going
through
this,
it
looks
pretty
clear
that
you
still
have
a
file
system
on
all
the
drones
yeah.
C
A
So
so
you
still
have
the
ability
to
drop
a
permissions
of
governance
xml
file
in
a
directory
for
the
drone.
Is
that
correct?
That's
correct,
yeah,
okay!
So
there's
no
at
this
point,
there's
no
need
to
support
the
data
uri,
which
allows
you
to
work
without
a
file
system.
That's
a
completely
separate
problem
right.
C
A
I,
when
I
was
looking
at
that
beforehand,
I
did
this-
I
mean
it
makes
perfect
sense
right
permissions
and
governance.
The
permissions
of
governments,
xml
signed
piles,
still
have
to
reside
on
disk,
so
they're
still
going
to
be,
you
know,
accessed
by
a
file
uri,
so
that
still
needs
that
enclave
and
configuration
set
up
so.
C
Yeah
so
those
two
yeah
those
two
files.
They
are
basically
here
on
this
environment
next
to
dca
files.
I
think
they
are
more
or
less
public
components
by
public
I
mean
that
they
don't
need
to
be
specifically
encrypted
nor
put
to
the
enclave,
so
we
can
consume
them
directly
from
the
from
the
file
system.
Okay,.
C
D
A
Just
pause
for
a
minute
to
see
if
anybody
else
has
any
questions
or
wants
to
dig
into
it
any
further
or
if
you've
got
a
similar
use
case
I
mean
we
don't
want
to
solve
for
just
one
problem.
I
think
we
want
to
solve
for
all
of
them,
but
if
you
get
similar
use
case
for
thoughts
on
this
before
we
kind
of
figure
out
where
to
get
from
here,
does
anybody
have
any
more
comments?
Dad.
B
C
A
If
you
want
to
share
with
me
I'll
I'll
make
them
I'll,
add
them
to
the
meeting
minutes
and
then
I'll
yeah,
if
we
have
them
somewhere
I'll.
D
C
B
C
I
think
I
missed
it.
Did
you
mention
about
hypervisor
yeah?
So
in
this
this
context
it
means
at
least
with
the
current
design.
It
means
a
virtual
machine
like
a
hard
and
hardened
virtual
machine.
So,
okay,
we
have
like
a
basically
a
computer
pc
on
board
and
then
we
are
running
hypervisor
with
multiple
virtual
machines.
There.
D
The
the
hierarchical
intermittent
certificate
authorities,
I
think,
are,
are
a
good
approach
and
like
handling
the
permissions
at
scale
so
like.
If
you
have
like
a
large
deployment
of
robots.
Obviously
you
don't
want
to
have
to
start
revoking
every
identity
certificate
for
every
node.
D
D
Maybe
other
decentralized
means
of
authority,
then
these
these
networks,
I'm
thinking,
maybe
something
more
exotic
like
either
using
dlt,
distributed
ledgers
or
something
else
for
doing
the
identity
management.
C
We
have
a
lot
of
hooks
in
the
ocean
so
to
say,
and
we
are
investigating
a
lot
of
different
options,
but
yeah
right
now,
yeah.
This
is
the
way
we
are
currently
focusing,
but
we
have
like
different
layers
as
well.
Like
I
mentioned,
we
are
working
in
a
mesh
network,
for
example,
and
there
is
a
whole
another,
basically
authentication
schemes
and
and
and
identity
management
layer.
There.
C
A
In
a
question
for
eaker
on
on
dds
support,
do
you
currently
support
the
intermediate
certificates
and
certificate
revocation
so
that,
if
you
know
a
drone
were
compromised,
you
could
actually
revoke
that
certificate
and
the
rest
of
the
drones
in
this
fleet
would
know
about
that.
B
I
know
we
do
not
support
regulation
for
permissions,
I'm
not
really
sure
about
certificates,
but
I
would
say
we
don't,
but
I
I
I
would
have
to
check
that.
A
Yeah,
I
think
I
think
la
that
was
part
of
your
design
was
to
be
able
to
kick
someone
out
of
the
fleet.
If
you
will.
C
A
Yeah-
and
that
was
part
of
I
know,
marco
was
working
on
a
scenario
that
that
he
was
looking
for
that
as
well.
A
You
mentioned
you've
dug
into
a
lot
of
things.
Have
you
looked
at
all
at
just
key
management
and
key
management
protocols?
A
I
know
that
seems
like
that's
one
of
the
modern
ways
to
to
push
keys
out
to
edge
devices.
Something
like
that
is
there.
I
honestly
haven't
looked
at
that
in
the
context
of
bras.
Did
you
notice
any
fits
there
is?
Does
that
does
that
work
at
all.
C
Well,
another
interface
that
could
potentially
be
be
used
here
is
knit,
but
I
basically
when
it
comes
to
the
the
key
management
itself,
I
don't
think
we
have
a
lot
of
hierarchies
here
or
the
other
structure
is
not
very
complicated
so
and
we
are
not
pushing
keys
back
and
forth,
like
every
every
identity,
creates
their
own
keys
and
stored
them
in
their
own
local
enclaves.
C
So
we
don't
have
like
centralized
key
management
so
to
say
plant.
So
that's
why
I
consider
our
key
management
seem
very
simple.
C
But
again,
definitely
if
somebody
has
good
ideas
in
that
regard
all
years
and
about
gamep,
it
would
be
a
substitute
for
big
ss11
here,
it's
more
like
a
key
management
interface,
although
they
have
some
overlaps
with
big
sus
11
as
well.
C
A
Okay,
yeah.
We
appreciate
your
time,
I
think
we'll
follow
up
on
matrix
and
outline
some
next
steps.
I
have
a
feeling.
The
next
thing
is
probably
for
you
and
and
acre,
and
maybe
a
few
others
to
just
round
table
on
where
to
go
from
here
I
have
a
feeling,
there's
probably
some
a
little
bit
of
design
and
then
a
lot
of
implementations
might
guess.
A
Okay
yeah,
so,
let's,
let's
follow
up
on
chat
because
we
are
running
a
little
bit
over
and
we'll
we'll
do
that.
So
that
was
a
great
discussion
on
phone.
Does
anybody
else
have
anything
else
for
the
meeting
or
anything
anything
to
add
from
here.
A
Okay,
so
not
hearing
anything
I'll,
go
ahead
and
close
the
meeting
and
I'll
say
yeah,
let's
again
follow
up
icar
and
cali
I'll
leave
it
to
you
to
kind
of
drive
this
for
now
and
if
you
want
to
have
a
meeting
before
our
next
scheduled
meeting
in
a
month,
yeah
just
let
us
know
reach
out
on
matrix.