2020-09-22 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the  SECCOM meeting that was held on 22nd of September 2020.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Next week SECCOM meeting

To avoid conflict with ONES event, we decided to cancel our SECCOM meeting next week. 

done

E-mail reminder to be sent to SECCOM distribution list.

 

LFN Fall Technical Meetings October 13 - 15, 2020

Topics from SECCOM:

Service Mesh and packges upgrades.

ongoing

To propose topics by 25th of September.

 

ONAP Flow matrix - next steps

No specific updates since January'20. MVP definition (components without ONAP would  not work) is crucial to indicate which flows are more important to start with.

We keep format of yaml file.

PTLs collaboration is important.

We focus initially on RUN TIme components.

ongoing

Consultancy to be done with Architecture Subcommittee.

Feedback from DCAE PTL to be shared.

To be checked with Policy and CLAMP for flows 

 

Java version for CLAMP – open distro

Latest Open distro versions are 12 or 14 but not LTS.

We suggest to keep 11.0.1 for CLAMP.

ongoing

Comparison to be done between Java versions 11, 12 and 14. Vulnerabilities between 11.0.1 and 11.0.6 to be documented.

 

O-RAN cipher recommendations

We put reference to O-RAN documentation for SSH and TLS Cyphers. 

Test to be shared. 

SSH recommendations: ATT-2020.05.03-STG-Chapter_O-RAN-Security-CR0004.docx

TLS recommendations: ATT-2020.06.24-STG-Chapter_O-RAN-Security-CR0008-v5.docx

ongoing

SSL test to be provided by Fabian - to be shared with Morgan.

Document to be posted on the Wiki.

 

PTL update

CII Badging – Tony

Issue with Windriver lab – Azure considered as an alternative

PTLs to complete exception requests for security-related requirements for Guilin

HELMv2 EoL – Krzysztof - https://helm.sh/blog/helm-v2-deprecation-timeline/ - next step – TSC meeting (this week), suggestion to migrate in RC0 (NEW DATE: October 12th

 

 

 

CII Badging Silver Level questions

We focus on application security Must haves:

  • Crypto Weaknesses

  • Implement Secure Design

  • Crypto credentials Agility

 

 

 

Open Networking & Edge Summit North America 2020
September 28 & 29, 2020 (Virtual Event)

 

Samuli and Amy will present a topic at ONES - presentation  to be shared with SECCOM 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 6th OF OCTOBER'20. 

MVP check list.

ONES NA  testimony

 

 

 

Recording:

SECCOM presentation: