►
From YouTube: ROS 2 Security Working Group (09 Mar 2021)
Description
Regular meeting of the ROS 2 Security Working Group. Meeting minutes can be found at https://github.com/ros-security/community.
A
B
A
No
comments
we'll
go
ahead
and
approve
those
move.
Those
in
one
thing
just
to
think
about
we'll
come
back
to
this.
I
think,
before
the
end
of
the
meeting
is
whether
or
not
we
should
move
to
monthly.
It
seems
like
there's
just
not
a
lot
going
on
right
now
and
yeah.
It's
just
wondering
if
we're
ready
to
shift
back
to
monthly
meetings
as
opposed
to
bi-weekly
or
we
should
stay
here,
but
that's
it.
A
C
Sure
so
before
I
filed
the
error
on
the
the
security
regression
and
the
default
rmw,
I
was
revisiting
updating
the
security
working
group
demo
for
the
turbo
just
to
have
the
entire
stack
running
with
the
navigation
slam
toolbox,
gazebo
all
that
jazz
and
having
something
a
little
more
substantial
running
with
the
s
ross
security
and
the
navigation,
binaries
and
turtlebot
binaries
all
got
released
finally
into
into
foxy.
So
I
decided
to
kind
of
revisit
the
the
update.
C
C
But
I
that
was
sidelined
because
I
had
commented
out
the
entirety
of
the
enclave,
except
for
the
permissive
rule
for
the
asterisk
or
star
permission,
just
like
glob
everything
that
wasn't
working
on
cyclone
or
fast
rtps,
and
I
knew
that
rmw
connects
cpp
had
some
scalability
issues
like
it.
Wasn't
that
that
rmw
wasn't
working
even
without
security,
but
rti
released
their.
C
You
know,
version
six
and
then
they've
been
trying
to
get
their
rmw
connects
dds
implementation
out,
and
so
I
wouldn't
modify
the
the
environment
to
build
and
use
that
rmw
instead
and
it
is
working
with
and
without
security
for
the
rmw.
So
with
access
control,
disabled,
which
was
a
reasonable
baseline.
And
then,
when
I
was
able
to
add
access
control,
I
was
able
to
get
a
list
of
the
insufficient
permissions
which
allows
us
to
triage
the
minimal
span
and
policy.
C
C
C
With
its
encryption
is
working
with
rmw
connects
dds,
the
the
latest.
You
know,
we've
had
that
sros
pr
for
removing
rmw
connects,
cpp
or
deprecating
that
that
didn't
work
with
the
demo.
You
know
with
or
without
encryption,
but
at
least
the
new
rmw
from
connects
does
and
that's
what
I've
been
using
to
triage
the
access
control
to
get
the
minimum
spanning
policy.
C
C
C
I
haven't,
I
was
gonna
make
a
similar
ticket
like
I
did
with
connects
to
the
fast
dds
rmw
repo.
I
I
don't
know
which,
which
repo
you
suppose
is
the
best
one,
maybe
just
rmw
fast
tp,
fast
dds
cpp,
maybe
that's
the
best
repo
to
do
that.
I
was
gonna,
make
the
sort
of
the
same
template
of
like
this
minimal
reproducible
example
and.
A
A
I
haven't
seen
it.
I
haven't
seen
mikko
mika
lately.
No,
I
know
he
changed
jobs
not
too
long
ago
and
unfortunately,
kyle's
last
day
with
canonical
is
actually
this
friday
as
well
yeah.
So
he
is
gonna.
We
were
talking
about
the
astronauts.
Two
repo
he's
actually
gonna
stay
on
as
a
maintainer
of
that
he
probably
won't
be
in
the
working
group
meetings,
and
you
won't
see
him
a
lot,
but
you'll
be
able
to
ping
him.
B
But
at
the
same
time
I
think
that
worrying
about
that
particular
instance
coming
up
and
being
paralyzed
to
not
implement
better
tests
is
also
not
the
way
forward.
There
are
just
some
things:
you'll
never
be
able
to
plan
for
and
having
a
contingency
in
place,
for
those
is
probably
the
best
thing
to
do,
but
yes,
testing
to
make
sure
that
we
minimize
this
sort
of
thing
in
the
future
is
probably
good.
Yeah.
A
A
So
you
launch
that
and
everything
kind
of
runs
there
and
that's
the
one
that's
intended
to
be
self-contained
and
then
launch
a
second
container
where
you
just
have
arviz
up
and
running,
and
you
can
see
the
robot
movement.
You
know
it
subscribes
to
the
joint
states
and
all
that
and
and
so
they're
all
in
their
own
ecosystem.
A
So
it
creates
a
nice
thing
for
us
where
we
wanted
to
set
it
up
so
that
you
have
the
robot
running
inside
its
container
and
then
the
monitor
is
able
to
watch
it
watch
the
robot
through
arviz,
but
not
actually
control
the
robot,
so
pretty
straightforward.
I
think
permissions
use
case,
so
I
was
able
to
get
that
up
and
running
using
their
container,
which
that's
actually
running
foxy
and
I
did
not
have
any
problems
with
the
default
security.
I
actually
didn't
do
too
much
special
other
than
set
the
environment
variable
flags.
A
And
I
say
I
got
up
running,
I
know
everything's
working
they're
talking
back
and
forth,
they're
all
on
the
same
flat
network.
You
know
same
actually
host
machine
just
connected
through
the
you
know
the
lextee
networking
instance.
So,
but
as
far
as
I
can
tell,
I
definitely
see
you
know
encrypted
traffic
going
back
and
forth.
I
haven't
dug
deeply
to
make
sure
it's,
but
as
far
as
I
could
tell
like,
yeah
yeah
security's
enabled
in
there.
A
B
A
A
A
A
A
I
used
an
off-board
certificate
authority
to
create
this
with
the
idea
of
documenting
how
to
have
the
key
materials,
particularly
the
ca.
The
root
ca,
keep
materials
separate
from
the
robot
itself
and
how
to
create,
you
know,
have
a
ca
and
then
you
know
be
able
to
distribute
artifacts
to
different
hosts
or
different
places
throughout
the
whole
ecosystem.
If
you
all
and
that
actually
went
pretty
well,
so
I
have
a
document
about
how
to
create
a
raw
ca
and
distribute
the
certificates
back
out.
A
A
B
A
A
A
Then
this
goes
so
far
as
to
actually
create
the
and
sign
a
permissions
plot.
So
some
questions
I
have
for
you.
I
don't
know
how
how
many
of
these
will
get
through,
but
first
of
all
the
idea
of
having
an
offboard
certificate
of
authority,
particularly
one
that's
done
using
openssl.
Do
you
feel
that's
a
good
use
case
for
a
ros
tutorial.
C
What
what
I
would
like
to
do.
Eventually,
though,
is
here.
You
mentioned
on
the
agendas
dealing
with
external
cas
or
multiple
cas,
and
you
know,
particularly
with
x
509
certificates.
You
can
have
like
cross
signatures.
You
know
the
certificate
can
be
signed
by
multiple
cas
or
a
chain
of
cas
and
then
how
you
would
use
that
with
ross,
particularly
and
making
sure
that
whatever
certificate
authority,
pem
file
that
you're
pointing
sros
to
includes
the
entire.
A
Yeah,
so
I
was
actually
you
know
thinking
about
that.
I
want
to
get
the
simple
use
case
now,
which
is
just
simply
creating
your
own,
creating
a
certificate
structure,
that's
not
on
the
robot
right
offline
or
external
something,
and
then
you
move
the
security
artifacts
onto
the
robot
and
then
I
think
after
I
get
this
down,
then
we
can
go
to
both
certificate
revocation
lists.
I
know
marco
is
very
interested
in
that,
as
well
as
certificate
hierarchies
and
so
on.
So.
A
A
One
thing
too
in
this
document,
even
though
this
is
just
the
beginning,
this
I
tweaked
a
lot
of
settings.
I
usually
don't
like
to
tweak
settings
in
your
hello
world
example,
but
in
here,
particularly
with
certificate
authority,
I
did
because
I
really
tried
hard
to
shrink
the
certificates
as
much
as
possible
by
default.
If
you
don't
change
the
options,
you'll
get
rs
and
rsa
certificates,
which
are
two
to
three
times
as
large
as
the
elliptic
curve
certificates.
A
A
Yeah,
I
actually
mirrored
the
default
on
there
just
doing
this
by
hand
outside
of
you
know
the
existing
tool
set
so,
and
there
was
a
part
of
it
part
of
the
problem.
Just
beside
that
interesting
part
of
the
problem
is
because
the
api
change
never
landed,
so
I
would
have
to
go
deep
into
the
python
codes
in
order
to
like
rip
out
the
you
know:
python
script
for
signing
a
permission
authority
and
so
on
and
we'll
get
there.
I.
A
I
also
do
you
agree
that,
like
our
initial
use
case
doesn't
doesn't
do
anything
with
crls,
I
think
we
can
backfill
the
crl
use
case
later
on.
I
think
there's
probably
some
things
in
this
certificate
authority
configuration.
We
might
have
to
tweak
to
do
that.
Then
you're
gonna
have
to
set
up
a
crl
site
and
all
that
way
to
distribute
them.
But
if
you're,
okay
with
that,
I
just
I
want
to
table
that
for
now.
A
C
A
A
C
A
Yeah,
I
think,
there's
there
was
one
that
I
left
in
there.
That
said,
this
certificate
is
useful
for
like
the
certificate
purpose,
so
that
the
root
ca
has
the
root,
ca
purpose
and
then
the
other
any
other
things
that
are
signed
by
the
root
ca
by
default,
get
the
identity
and
encryption
permissions
on
them.
A
A
Do
you
think
it's
necessary
so
this
in
this
case
you
know,
I
recommend
using
a
standalone
ca.
That's
a
tongue
container
I
was
debating
on
whether
or
not
to
remove
all
the
other
certificate
authorities
from
that
container.
I
honestly,
I
don't
even
know
what
the
best
practice
is.
It
just
seems
like
there's.
No
reason
that
container
should
trust
anyone
else.
A
And
it's
yeah,
so
we
create
a
container
and
the
container
has
the
has.
You
know
all
the
noises,
the
ca
bundle.
I
forget
exactly
what
the
package
is,
but
the
trusts
you
know
all
the
bear,
sign
and
trust,
and
you
know
digit
whatever
else
all
those
root
cas
are
in
the
trusted
ca
store,
and
so
when
you
create
your
ca,
then
that
ca
goes
in
there
as
well,
and
I
was
actually
just
debating
about
removing
all
of
those
so
that
this
the
container
actually
trusts
no
external
certificate
authorities.
A
C
C
C
Whether
the
certificate
field
was
was
critical,
and
this
was
the
case
where
the
certificate
of
policies
were
being
where
the
extensions
were
being
used
to
house
the
access
control
as
well.
So
this
is
in
srs1
the
credentials
and
the
identification
or
the
permissions
and
the
identification
credentials
were
sort
of
one
in
the
same
document,
yeah
encoded
in
the
pin
certificate,
but
in
srs2
they're
only
linked
by
the
common
name.
C
B
A
B
A
Do
this
twice
create
two
separate
cas
or
build
out
actually
a
hierarchy
where
you
have
a
root
ca
and
then
to
support
this
one
for
identity?
One
for
permissions.
You
think,
for
our
initial
use
case
that
it's
sufficient
to
use
and
document
and
explain
that
we're
going
to
use
the
same
certificate
authority
for
post-identity,
both
identity
and
permissioning.
C
Yeah,
I
I
think
that
the
use
case
where
you
have
two
to
two
different
certificates
for
identity
and
permission
is
pretty
rare,
even
in
the
dts
field,
but
they
thought
it
was
warranted
enough
to
include
in
the
spec.
The
only
thing
that
I
think
the
sros
2
is
doing
is
it's
just
making
assembling
for
the
permissions
and
identity
certificate
to
point
to
the
same
root
ca
file
on
the
on
disk,
so
yeah,
okay,
great.
A
A
A
D
C
Evolutionary
school,
so
so
one
of
the
things
that
if
we
ever
want
to
get
deeper
into
it
is
you
can
the
security,
plugins
and
dds
are
all
plugins,
and
so
the
vendors
have
the
respective
api
for
changing
and
how
you
want
to
interpret
the
documents
that
are
shared
or
what
method
you
go
about.
Authenticating
participants
on
the
network
so
having
something,
that's
even
alternative
to
traditional
x5m9
certificates.
C
D
A
D
You
know
that
the
the
they're
running
the
right
software
and
all
that
kind
of
stuff
you
don't
want
to
let
them
be
used
in
the
next
medical
procedure
and
so
there's
sort
of
a
need
for
something
along
those
lines.
That's
what
and
it's
like
exciting
to
see
the
I
like
the
write-up
and
and
the
direction
of
it.
So
it's
this.
I
thought
this
might
be
an
if
you,
if
you're
interested
in
continuing
down
this
path.
That's
like
a
there's
a
way
to
do
it.
There's
a
community
around
it.
B
A
B
A
B
A
All
right,
so
you
guys
all
in
favor
of
moving
to
once
a
month,
45
minutes,
meaning
any
complaints
about
that
so
I'll
go
ahead
and
propose
that
that
update,
meeting
invite
and
try
that
out
on
discourse.
So
the
only
thing
I'm
wondering
is
about
time
zones
and
alternating
them,
but
I'll
figure
that
out
probably
still
alternate
them
early
and
late.