Friday, 2018-04-27

« Thursday, 2018-04-26 Index Saturday, 2018-04-28 »
*** salv-orlando has joined #openstack-security00:00
*** alex8653 has quit IRC00:02
*** alex8653 has joined #openstack-security00:04
*** salv-orlando has quit IRC00:06
*** liverpooler has joined #openstack-security00:11
*** salv-orlando has joined #openstack-security01:02
*** salv-orlando has quit IRC01:06
*** liverpooler has quit IRC01:30
*** browne1 has joined #openstack-security01:57
*** browne has quit IRC02:00
*** salv-orlando has joined #openstack-security02:02
*** salv-orlando has quit IRC02:07
*** alex8653 has quit IRC02:51
*** salv-orlando has joined #openstack-security03:03
*** salv-orlando has quit IRC03:08
*** nicolasbock has quit IRC03:32
*** salv-orlando has joined #openstack-security04:04
*** salv-orlando has quit IRC04:09
*** salv-orlando has joined #openstack-security05:05
*** salv-orlando has quit IRC05:07
*** salv-orlando has joined #openstack-security05:07
*** AlexeyAbashkin has joined #openstack-security05:46
*** Alexey_Abashkin has joined #openstack-security05:47
*** AlexeyAbashkin has quit IRC05:51
*** Alexey_Abashkin is now known as AlexeyAbashkin05:51
*** AlexeyAbashkin has quit IRC05:55
*** AlexeyAbashkin has joined #openstack-security05:55
*** vds has joined #openstack-security06:00
*** AlexeyAbashkin has quit IRC06:02
*** AlexeyAbashkin has joined #openstack-security06:03
*** dikonoor has joined #openstack-security06:26
dikonoorHI all , I am trying to understand if OpenStack works in FIPs mode.. well..I sort of know the answer to this. FIPS does not support algorithms like md5 to be used and OpenStack uses md5 and libraries that use md5 all over the place06:29
*** pcaruana has joined #openstack-security06:33
dikonoorSo the question is more of - Have there been any discussions and are these any plans on ensuring that OpenStack is FIPS compliant?06:35
*** browne1 has quit IRC06:38
*** pcaruana has quit IRC06:50
*** pcaruana has joined #openstack-security07:06
*** rcernin has quit IRC07:17
*** jaosorior has joined #openstack-security07:21
*** tesseract has joined #openstack-security07:27
*** edmondsw has joined #openstack-security07:36
*** edmondsw has quit IRC07:41
*** tesseract has quit IRC07:53
*** tesseract has joined #openstack-security07:56
*** pcaruana has quit IRC08:56
*** pcaruana has joined #openstack-security09:07
dikonoorfungi: could you respond to my above query if you get a chance?09:58
*** AlexeyAbashkin has quit IRC10:11
*** nicolasbock has joined #openstack-security10:30
*** salv-orlando has quit IRC10:33
*** salv-orlando has joined #openstack-security10:34
*** salv-orlando has quit IRC10:38
*** salv-orlando has joined #openstack-security10:40
*** AlexeyAbashkin has joined #openstack-security10:46
*** AlexeyAbashkin has quit IRC10:51
*** AlexeyAbashkin has joined #openstack-security10:52
*** v12aml has quit IRC11:18
*** v12aml has joined #openstack-security11:19
*** liverpooler has joined #openstack-security12:20
*** atoth has quit IRC12:29
*** atoth has joined #openstack-security12:29
*** liverpooler has quit IRC12:36
*** liverpooler has joined #openstack-security12:37
*** liverpooler has joined #openstack-security12:38
fungidikonoor: as far as i know the biggest "offender" is swift. it uses md5 as a means of indexing chunks of data, not in an integrity or security capacity, and so there has been some resistance to what is seen as needless "protocol worship" for lack of a nicer term12:51
fungii think there's a general lp bug covering remaining use of md5 in official projects; i'll see if i can find it real quick12:52
fungistill not turning up the blanket bug (if we ever had one)13:03
fungikeystone/horizon dropped md5-based token hashing 3-4 years ago, looks like13:07
fungiglance stopped signing image checksums (opting for signing the image content directly) over a year ago, but may still generate md5 checksums of images? regardless, signatures checking is encouraged instead of relying on comparing checksums there13:09
fungias for fips specifically, i have no idea. i've been out of the standards compliance industry for nearly a decade now, so i'll let someone else here weigh in on that. i haven't _heard_ of anyone working on documenting fips-compliant deployment/configuration options or tracking related bugs/specs but we have a lot of contributors and users at usa federal government agencies and contractors so13:14
fungipresumably there is interest in it13:14
dikonoorfungi: well..I was trying out of OpenStack on a FIPS compliant system and ran into a bunch of errors specifically around md513:38
dikonoorfungi: there are lots of places where md5 still gets used , in many cases indirectly..13:38
fungii expect a lot of those can be worked around, but documenting them all is probably the first step in documenting the various solutions for them13:39
*** edmondsw has joined #openstack-security13:51
*** dave-mccowan has joined #openstack-security13:55
*** dave-mccowan has quit IRC13:59
*** dave-mccowan has joined #openstack-security14:01
*** salv-orlando has quit IRC14:11
*** salv-orlando has joined #openstack-security14:12
*** salv-orlando has quit IRC14:16
*** atoth has quit IRC14:36
*** AlexeyAbashkin has quit IRC14:38
*** dave-mccowan has quit IRC14:42
*** dave-mccowan has joined #openstack-security14:43
*** dave-mcc_ has joined #openstack-security14:46
*** dave-mccowan has quit IRC14:48
*** atoth has joined #openstack-security14:51
*** browne has joined #openstack-security15:07
*** pcaruana has quit IRC15:11
*** salv-orlando has joined #openstack-security15:12
*** salv-orlando has quit IRC15:17
*** AlexeyAbashkin has joined #openstack-security15:29
*** jaosorior has quit IRC15:35
*** gyee has joined #openstack-security15:36
*** browne1 has joined #openstack-security15:38
*** browne has quit IRC15:40
*** salv-orlando has joined #openstack-security16:13
*** salv-orlando has quit IRC16:18
*** dikonoor has quit IRC16:22
fungiadding https://launchpad.net/bugs/1734320 to the potential ossn watchlist16:44
openstackLaunchpad bug 1734320 in neutron "Eavesdropping private traffic" [High,Triaged]16:44
*** salv-orlando has joined #openstack-security17:09
*** tesseract has quit IRC17:09
*** vds has quit IRC17:27
*** nickthetait has joined #openstack-security17:30
*** AlexeyAbashkin has quit IRC17:43
*** browne has joined #openstack-security17:52
*** browne1 has quit IRC17:55
*** salv-orlando has quit IRC17:55
*** salv-orlando has joined #openstack-security17:56
*** salv-orlando has quit IRC18:01
*** salv-orlando has joined #openstack-security18:08
*** vds has joined #openstack-security18:31
*** salv-orlando has quit IRC18:50
*** Jabb3rW00k13 has joined #openstack-security18:57
*** salv-orlando has joined #openstack-security18:59
*** Jabb3rW00k13 has left #openstack-security18:59
*** vds has quit IRC19:40
*** nickthetait has quit IRC20:59
*** salv-orlando has quit IRC21:37
*** salv-orlando has joined #openstack-security21:38
*** salv-orlando has quit IRC21:42
*** salv-orlando has joined #openstack-security21:42
*** edmondsw has quit IRC22:06
*** dave-mcc_ has quit IRC22:07
*** salv-orlando has quit IRC22:41
*** salv-orlando has joined #openstack-security22:42
*** salv-orlando has quit IRC22:46
*** liverpooler has quit IRC22:48
*** lbragstad has quit IRC22:51
*** nicolasbock has quit IRC23:25
*** edmondsw has joined #openstack-security23:40
*** salv-orlando has joined #openstack-security23:42
*** edmondsw has quit IRC23:45
*** liverpooler has joined #openstack-security23:46
*** salv-orlando has quit IRC23:46
« Thursday, 2018-04-26 Index Saturday, 2018-04-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!