Security Working Group meeting - Wednesday June 10 - results
Joseph Reynolds
jrey at linux.ibm.com
Fri Jun 12 08:53:06 AEST 2020
On 6/9/20 2:53 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday June 10 at 10:00am PDT.
>
> We'll discuss current development items, and anything else that comes up.
>
> 1. Can we simplify password rules per NIST SP 800-63B?
No. Downstream projects can easily change the password rules to
whatever they prefer.
We also discussed recent code reviews about the IPMI 20 character limit
and enhancing the password change API to say why the new password was
not accepted.
>
> 2. Requesting comments on proposed new ServiceRep role and privilege
> before it goes to Redfish.
Joseph will propose this to Redfish.
>
> 3. Idea: Would using the RunBMC spec help us create our threat model?
Yes. This idea was added to the security wiki.
>
> 4. Do we have security input to the 2.8 release?
No. No input.
- Joseph
>
>
> Access, agenda, and notes are in the wiki:
>
> https://github.com/openbmc/openbmc/wiki/Security-working-group
>
> - Joseph
More information about the openbmc
mailing list