►
From YouTube: ROS 2 Security Working Group (2019-11-12)
Description
Meeting notes: https://wiki.ros.org/ROS2/WorkingGroups/Security
C
A
Thanks
for
joining
us
today,
so
yeah
we
had
two
main
topics
for
the
agenda.
This
month,
the
first
one
was
desires
for
security,
tooling
and
Roz.
A
So
is
there
his
there
certain
things
we
need
to
have
I
guess
we
could
approach
this
from
two
things.
I
think
the
question
was
actually
about
things
like.
Should
we
have
an
automated
scanning
infrastructure
before
things
get
I'll
say
incorporated
in
its
sort
of
meet
a
minimum
number
of
requirements,
or
should
we
build?
Should
we
build
a
place?
That's
accessible
for
I
really
could
have
used.
A
Kaveri
they've
got
a
public
free
way
to
to
scan
your
code,
to
be
honest,
lengths
open-source
they're
cool
with
anybody
using
that,
if
that's
something
we
should
recommend
for
for
us
to
projects
any
thoughts
on
that
or.
A
A
C
So
I
was
looking
at
some
of
the
ideas.
I
think
if
it
makes
sense,
it
seems
like
syslog
is
pretty
standard.
You
know
as
far
as
event
logging,
it's
something
that
can
be
consumed
by
just
about
anything
downstream,
and
it
seems
like
from
a
security
standpoint
that
CEF
the
common
event
format
is
pretty
much
a
standard.
The
only
challenge
is
I.
Guess
I
can't
figure
out
whether
it's
a
propriety
like
how
open
it
actually
is.
C
A
B
B
A
Something
like
maybe
a
if
people
want
to
integrate
this
into
their
sim
or
their
ELQ
stack
or
Splunk.
This
be
a
way
to
know
you're.
You
know
we
need
to
know.
We
need
a
communication
path
for
the
things
in
the
field
that
to
report
any
anomalous.
Behavior
I
cannot
even
now
it's
just
regular
behavior
because
you
don't
know
what's
wrong
unless
you're
looking
at
it.
A
So
now
that
the
immune
there's
there
was
what
was
it,
but
maybe
six
months
ago
there
was
the
construction
crane
that
was
found
to
be
on
the
pumpkin
turn
and
people
were
able
to
drive
it
around.
Well,
if
you
saw
a
connection
in
at
2:00
in
the
morning,
but
your
your
crew
works
9:00
to
5:00.
Well,
then
something's
wrong
right,
and
so
you
wouldn't
be
able
to
detect
things
like
that.
So
maybe
we
start
off
with
making
making
a
recommendation
that
that
tooling,
that
programs,
you
know,
enable
syslog
functionality
so
they're
written
in
Python.
A
B
E
E
When
the
use
cases
I
was
seeing
logs
like
more
immediately
beneficial
beneficial
is
like
for
auditing
your
system
so
rather
than
let's
say,
having
to
run
your
entire
system
and
then
capture
all
the
discovery
traffic
to
consolidate.
You
know
what
is
the
minimum
spelling
policy
that
your
system
requires
the
function
we
could
just
as
well
have
every
node
kind
of
record
itself,
unlike
who
it's
interacting
with
and
who
connected
with.
So
you
could
just
record
a
single
DDS
logging
topic
that
all
the
nodes
are
published
to
and
then
that
would
self
report.
E
You
know
what
what
connection
requirements
and
then
that
would
be
your
avenue
of
auto-generating
security
policies.
So
that's
why
I
lucked
into
a
half
year
ago
and
like
I,
said
that
it,
like
you,
said
Kyle
is
kind
of
hard,
because
there's
no
other
DDS
implementation.
That
necessarily
implements
that.
Fourth
and
fifth
optional
feature
and
secure
GDS
own
G,
spec
and
I'm,
not
sure
how
that's
changed.
Since
it's
like
plastic
lenses,
yeah.
A
I'll
bet
cuz,
it's
sort
of
a
you
know,
I,
don't
think
logging
is
never
just
for
security,
so
this
is
this
is
this
is
a
really
good
if
you
could
have
everything
logging,
good
cell,
you
could
mine
those
logs
if
you
need
to
go
back
and
look
at
something
new
connect,
etc.
But
it's
just
the
more
you
know
the
more
information
you
have,
the
better
for
security,
but
also
better
for
just
setting
up
your
systems
and
troubleshooting
so
and
then
building
the
security
policies,
as
we
said,
so
that's
really
cool
on.
E
A
tangent
on
data
logging,
so
another
fewer
guys
for
a
trois
con
Gianluca
and
I
gave
a
talk
on
event:
data
recorders
for
autonomous
vehicles
and
robots.
So
the
case
where
you
want
to
retain
some
usability,
you
might
want
to
check
that
out
as
a
potential
use
case
and,
like
you
know
how
event
data
recorders
might
be
useful
for
digital
forensic
investigations.
Now
that's
valuable.
A
B
A
Cool,
okay,
I
think:
let's
say
you
have
one
cell.
Anybody
else
wants
to
talk
about
logging
move
on
to
the
second
topic
for
today
actually
live
there's
a
third
topic
too,
but
the
second
time
today
is
the
vulnerability
disclosure
method.
So
you
know
there
was
some
talk
in
the
forums
about
how
people
should
report
security
issues
against
troz,
and
so
there's
a
there's
a
few
things
we
should
talk
about
here.
So
what
is
the
best
method
for
communication?
You
know
I'll
just
speak
from
all
we've
done
here
at
canonical.
A
You
know:
we've
been
we've
been
working
with
security,
disclosures
and
embargoed
embargoed
discussions
for
you
know,
15
years
so
well
and
I
think
it's
been
working,
pretty
well
sort
of
an
industry
standard.
So
most
people
submit
their
communication
via
you
in
encrypted
email.
To
like,
let's
say,
a
disclosure
is
at
open,
robotics
at
work
or
something
like
that
and
we
published
some
GPG
keys
that
can
be
read.
Sort
of
a
newer
trend
is
is
to
use
key
base.
A
So
key
base
is
just
an
app
you
can
put
on
your
phone
or
your
laptop
and
and
use
that
it's
a
little
bit
easier
to
set
up
than
GPG
keys.
The
only
problem
is
then
you're
sort
of
you
know
we're
all
sort
of
monitoring
an
app
on
her
phone
I.
Think
most
people
here
are
used
to
monitoring
their
emails
or
closer,
but
they're.
Both
possible
methods
know
one
thing
we've
had
to
do
with
some
folks
is
just
do
both.
A
Maybe
they
report
the
issue
as
I
found
something
with
an
unencrypted
email,
and
then
we
move
it
over
to
key
base,
that's
kind
of
convoluted,
but
some
people
really
like
to
do
that.
My
recommendation
would
be
to
use
we
published
GPT
keys
on
on
the
wiki
or
on
some
webpage,
and
people
use
that
for
communication.
B
A
What
we
do
at
canonical,
if
we
publish
the
keys
for
the
people
who
should
get
emails
and
when
you
send
an
email
I
mean
let's
say
the
standard.
Now,
let's
be
honest,
it's
just
Gmail
Gmail.
You
can
just
send
encrypted
email
to
multiple
recipients.
Just
by
importing
their
keys.
It's
very
simple
to
do.
There's
even
a
plugin
called
flow.
Crypt
makes
it
so
you
don't
even
know
you're
really
important
keys,
it's
very
easy
to
use
and
that's
for
things
that
are
sensitive
and
you
want
to
worry
about.
You
know
zero
days,
etc.
A
This
said
this
is
a
great
way
to
communicate
prior
to
disclosure.
So
if
you
think
of
the
term,
most
people
use
is
the
CRD,
the
coordinated
disclosure
date
so
coordinator,
release
date,
I'm,
sorry,
so
for
the
coordinated
release
date,
you
know
we
want
to
make
sure
we
can
all
communicate
internally,
get
things
updated
and
then
go
public
with
it,
and
you
don't
want
that.
The
leaked
ahead
of
time.
You
also
want
to
make
sure
you
have
the
ability,
when
someone
last-minute
says
everything
we
did
broke.
A
You
need
to
give
us
next
a
week
and
if
you're,
you
know
and
and
that's
just
I
think
an
easier
thing
to
happen
on
an
encrypted
email,
it
could
happen
on
public
email
too,
because
but
when
kept
about
things
that
didn't
into
birthdays
or
for
everybody,
so
I
prefer
I'd
definitely
recommend
we
use
email.
Anybody
have
strong
opinions
on
that.
I.
B
B
It
make
sense
to
consider
just
an
HTTP
web
form.
I
mean
that
gives
us
a
couple
of
advantages
right,
it's
encrypted,
at
least
on
the
front
end
we
get
to
dr.
up
house,
it's
actually
disseminated,
but
second
of
all,
we
can
also
force
reports
to
follow
a
format
instead
of
just
getting
I'm
assuming
I'm,
not
a
security
expert,
but
I'm.
Assuming
any
sort
of
report
is
going
to
look
totally
different.
B
A
Love
the
idea
of
the
form
we
and
we
can
even
do
something
with
the
form
where
we
give
them
the
option,
either
community
to
follow
up
with
us
by
providing
their
key
base
ID
or
their
DB
GK,
and
that
gives
and
then
we
can
have
an
easy
wiki
button
to
go
to
probiotics,
to
figure
out
or
turn
off
the
roster
or
you
figure
out
how
to
how
to
do
a
kind
of
respond
with
those,
and
that
can
be
your
way
we
communicate
and
also
we
can
look
at
and
decide.
A
You
know
what
this
isn't
actually
serious.
This
is
working
as
designed
and
we
can
quickly
close
down.
No
that's
and
we
can
have
who,
with
that
form,
you
might
even
be
able
to
have
it.
You
know
you
can
go
to
fancy
or
as
lightweight,
if
you
want
it,
could
open
tickets
automatically
in
the
Trello
board.
There's
that
service
API
integration
and
so
people
could
be
watching
it
and
I
mean
that's
all
it
rich
2ps
need
you
have
to
see.
You
share
invite
members
to
that
board
with
and
everything,
but
it
is.
B
A
D
So
I
guess
the
question
is
guys.
This
is
Benedicta
familias,
so
we've
been
actually
exploring
this
exact
path
for
quite
a
while,
with
a
number
of
land
manufactures
privately
reporting
in
private
work
forms
and
so
on.
So
so
a
I
do.
Support
using
email,
I
think
that
that's
kind
of
like
we'll
stand
out
and
we
should
go
that
path
for
the
product
form
I'd
like
to
you
at
least
hear.
D
C
B
Good
I
think
that
the
question
is
the
same,
regardless
of
whether
it's
an
email
or
the
form
right.
It's
going
to
have
to
go
to
multiple
people.
We
haven't
discussed
exactly
who
that
would
be
I'm
operating
under
the
assumption.
It
would
be
a
combination
of
people
from
Oakland
robotics
and
this
working
group,
but
but
I
think.
Ultimately,
that
decision
is
left
up
to
to
Brian.
D
All
right,
and
regarding
the
second
point,
which
is
what
exactly
are
we
aiming
for
our
women
for
Ross
and
was
to
solely
or
any
other
yeah
related?
What
would
burn
another
leaky,
meaning
what
takes
out
coverage
we're
aiming
for?
Only
the
base
was
packages
or
any
Ross
package
that
anyone
can
just
put
together.
A
Roz
Roz
to
you,
although
this
is
the
Ross
to
screw
so
we'll
have
to
reach
out
and
I'm
sure
they
want
to
go
to
the
same
direction.
Imagine
they
would
and
anything,
basically
that
that
you
can
install
by
the
standard
methods
right
if
it's,
if
it's
just
pulling
random
package
of
the
gear
God.
Well,
maybe
we'll
help
with
that.
But
we
might
just
ask
you
to
go
upstream
if
you
can
install
it
by
this
new
instance,
broad
methodology,
and
then
it's
that
it
falls
within
a
simpler.
C
A
A
We'd
have
to
set
some
boundaries
for
how
you
you
know
how
you
can
join
us,
because
you
send
an
email
all
doesn't
mean
you
can
be
a
member
I'd
say
we
take
some
examples
from
like
that,
if
anybody's
seen
that
the
distros
list
for
from
for
it
for
security
disclosures,
they
sort
of
require
you
to
be
a
contributor
in
some
way,
shape
or
form
whether
that's
respond,
emails
or
verifying
that
you're
okay,
at
least
verifying
some
of
the
reports
are
correct.
You
know,
are
real
I
guess
we.
Obviously
we
take
that
approach.
A
So
if
you
want
to
be
a
member,
you
need
to
be
active
not
just
joining
to
not
to
joining,
to
get
notification
and
I
think
that's
fairly
tricky
to
defend
as
a
position.
B
B
We
need
to
talk
about
further,
but
I
think
what
we
really
wanted
to
accomplish
today
was
was
the
ability
to
make
a
recommendation
back
to
open
robotics
about
what
infrastructure
we
suggest
they
set
up
for
handling
this
type
of
thing,
and
then
once
we
have
that
we
can
talk
about
actually
coming
up
with
a
policy
actually
coming
back
to
methods.
Real
quick,
I
read
a
cert
guide
for
for
the
yeah
and,
let's
say
fiction,
is
this
link?
B
Let
me
show
you
this
so
Carnegie,
Mellon
sir
put
out
this
this
recommendation
and
they
they
had
a
nice.
The
c-section
for
point
two
talks
about
like
some
assumption
that
some
some
things
they've
gone
through
some
assumptions.
Assumptions
they've
made
in
the
past
that
didn't
actually
bear
out
in
the
end,
and,
and
one
of
them
was
that
actually
they
went
a
web
format
first
as
well,
and
one
of
the
things
they
realize
is
that
not
everyone
wants
to
fill
out
a
web
form
and
so
like.
B
B
A
One
thing
is
really
difficult:
I
think
having
to
recommended
methods
that
more
that
ideally,
would
go
to
the
same
place
like
an
email
will
automatically
open
the
card
and
Trello
or
something
or
it
goes
to
a
group
of
people
on
this
call,
and
we
got
a
bracket
somehow
it
that
that's
fine
I,
think
you
will
have
people
who
won't
wanna,
use
a
forum
and
y'all
people
who
just
cannot
figure
out
how
to
import
a
GP
g'kar.
So
so
that's
a
good
compromise
and
I.
B
E
A
School
and
you
okay,
so
what
we've
been
keeping
folks?
Who
might
doubt
in
late?
You
know
we're
keeping
track
of
this
in
that
in
that
shared
Google
Doc.
But
what
we've
decided
to
do
is,
after
after
a
meeting
we're
just
moving
everything
over
to
the
the
rouse
wiki.
That
way,
that's
just
an
area
where
you
can
track
things
long-term,
that's
not
as
out
of
control.
A
Google
Docs,
though
at
the
end
of
this
meeting,
will
move
all
these
notes
and
action
items
over
there
and
and
then
sort
of
reset
this
doc
as
a
that's
a
place
to
keep
agenda
items
for
each
month.
Speaking
of
that
next
month,
you
know
we
ideally
when
to
do
these
the
last
Tuesday
of
every
month,
but
Nick.
That
would
be
when
a
lot
of
folks
were
out
of
the
office
further
end
of
your
holidays,
and
this
is
shutting
down.
A
B
A
A
A
A
C
B
A
Briefs
on
our
is
on
our
our
committed
action
for
this
next
cycle
here
at
canonical,
so
we've
got
the
number
engineers
are
gonna
work
on
it:
yeah
resources,
okay!
Well,
awesome!
Everybody
thanks
for
dialing
in
and
we'll
talk
to
you
next
month.
If,
yes,
if
you
want
to
talk
about
in
between
and
remember
just
hit
that
this
horse
or
send
a
song
I
know
everybody.