Meetings/Minutes/2009-09-09

OpenDNSSEC > Meetings > Minutes > 2009-09-09

Present: Alex, Antoin, Jakob, Matthijs, Rick van Rein (RickVR), Rick Zijlker (RickZ), Roy, Stephen

In the absence of Rickard, Roy acted as chairman.

0. Who will write minutes?

Stephen volunteered.

1. Agree on the agenda

The agenda was agreed.

2. Introduction of Rick Zijlker

RickZ was introduced to the team.

3. Action Items of Last Meeting

Write a user guide on time durations and fixed points in time for rolling keys
This is a "to do" for the final documentation, and was assigned to Patrik.
Action: Patrik - include a guide on time durations and fixed points in time for rolling keys in the user documentation.

Make note: known issue: signer engine: a month is always 31 days
Sion and Alex have implemented it in the enforcer and auditor. Signer engine treats month as 31 days anyway. This item is now closed.
RickVR has an idea concerning testing for year intervals, and this will be explained on a mailing list.
Action: RickVR - open thread on the mailing list to explain his idea.

Write some stuff to explain to users how to do outbound AXFR
This is a documentation issue and was assigned to Patrik.
Action: Patrik - include a guide on how to do outbound AXFR in the user documentation.

Inbound hack will be provided by Matthijs
This concerned the modified to allow OpenDNSSEC to accept inbound AXFRs, and generated a lot of discussion about how this should be implemented. On the one hand it was argued that it should be part of the signer, since the signer needs to create an in-memory representation of the zone anyway, and reading the AXFR is the easiest way to do this. The opposing view wanted this as a separately scheduled program to create a zone file since (a) the auditor needs that as its input and (b) having the signer pick up a zone file allows for cases where a zone manager keeps their master zone file on the signer. It was agreed that this discussion should be continued on the mailing list.
Action: Matthijs - propose a design of this feature to the list.

Implement optional flag to turn off automatic key rollover
In the absence of Sion, it is not known if this has been implemented, so it was left open.
Action: Sion - implement optional flag to turn off automatic key rollover.

Create a simple HOWTO-description about rolling keys on a specific date
The Utrecht meeting agreed that this will be implemented by setting up a cron job. This needs to be included in the user documentation.
Action: Patrik - add to the documentation a simple "how to" description about rolling keys on a specific date.

A question was raised as to what user documentation currently exists. It is known that at present a document is in preparation that introduces OpenDNSSEC and contains a description of how to build it. At present though there is nothing describing the intended table of contents.
Action: Roy - consult with Patrik and publish an intended table of contents on the wiki.

Rickard: add configure option to SoftHSM to link Botan statically, same for LDNS
This is still unresolved.
Action: Rickard: add configure option to SoftHSM to link Botan statically, same for LDNS.

Rickard: add configure option to top level configure to disable the auditor (and thus not include Ruby)
Completed.

Roland contact undisclosed HSM vendor to talk about HSMs for testing purposes
Still open.
Action: Roland - contact undisclosed HSM vendor to talk about HSMs for testing purposes.

Rickard: will compile a reading guide for the Wiki for the testers
Still open.
Action: Rickard - compile a reading guide for the Wiki for the testers.

A comment was raised that the contents of the wiki are a bit unstructured (e.g. requirements split between project plan and signer). As this is also related to the extent of documentation for testing, it was agreed that it would be discussed during a testing teleconference.
Action: Stephen - add story to pivotal tracker outlining suggested wiki structure.
Action: Stephen - set up conference call with Antoin, RickVR, RickZ, Patrik and Roland to discuss wiki organisation and use cases etc.

Markus: send an e-mail when the testers should be put on the development mailing list
Completed.

Matthijs: check whether there is any test documentation for LDNS
Matthijs reported that there is some documentation, but not good enough for external use. It was suggested that as LDNS is used in other products (such as Unbound) which themselves have been tested, we accept it as tested software and do not test it in this project. This was agreed and the action was closed.

What testing we want to do was also raised, the following being outlined:

  • Functional testing - does the system do what the requirements say it should do?
  • Performance testing - does it do it as fast as it should?
  • Coverage testing - has all the code been tested?
  • Platform testing - does it run on all systems?
  • Maintainability testing - how easy is it to maintain and manage?

It was agreed that RickZ's efforts should be targeted towards functional and performance testing.

Regarding coverage testing, Nominet have access to the Coverity static checking tool. Stephen will organise using it to check the OpenDNSSEC code.
Action: Stephen - run OpenDNSSEC code through Coverity.

Platform testing was not as important as other types of tests; the immediate aim should be to get it working on platforms used by the TLDs in the OpenDNSSEC team, and other platforms would be targeted on a case by case basis.

Maintainability is in part how easy it is to get the system up and running (which will be tested) and in documentation (which will be reviewed by the testing group, see below).

With regards to finishing development of V1.0 and testing it, it was proposed that the team split into two smaller groups:

  • Testing: Stephen, RickVR, RickZ, Antoin, Patrik + Roland.
  • Implementation: Matthijs, Rickard, Alex, Sion

This was agreed.

Rick + Stephen: work on requirements and use cases
Although outstanding, this iwas closed as it will be part of the remit of the testing group.
Action: Roy to set up separate mailing lists for testers.

All developers: check your code against the requirements and make the documents consistent if necessary

  • Matthijs - will send them to the list
  • Alex - auditor requirements have been updated
  • Sion/Rickard - away.

The action was left open.
Action: All developers: check your code against the requirements and make the documents consistent if necessary.

Markus: check if a rough test can be performed on the beta in October
RickZ thought that October was too early to run an initial test. The action item was closed.

Stephen: write the story for the unified control program in Pivotal
An entry has been made in Pivotal but Stephen still needs to flesh out the story.
Action: Stephen - write the story for the unified control program in Pivotal.

4. Unifying the Enforcer

Unifying the key generator and communicator daemons would simplify the coding and avoid problems in startup. Jakob thought it would take half a day to combine them, although only Sion can say for sure. It was agreed to look at this in the code sprint.
Action: Sion - estimate work required to merge these components.

5. Monitor requirements

The monitor is a program to report on the status of a DNSSEC-signed zone as published by a nameserver. It complements the auditor in that it checks different things form the auditor, e.g. the auditor checks that signatures are created with the correct lifetime, the monitor will warn if signatures approach their expiration date. (It is really an enhanced version of Patrik's Perl script.) However, it is more akin to hsmbully and softHSM - not part of OpenDNSSEC, but could be useful in some installations. .uk will be using it to check their signed zone.
Action: All - look at the Signer/MonitorRequirements and feed back comments to Alex.

5a. Release of 1.0a4

Jakob asked people to review stories and accept them. Jakob aims to make a release after lunch on 10th September.

6. Testing

The testing group will update the meeting next time. Stephen will set up a doodle to organise the first testing teleconference.
Action: Stephen - organise doodle to set up testing teleconference.

7. Code Sprint Administrivia

Jakob outlined administration details for the code sprint at the end of September.

8. Auditor not enabled by default

Alex pointed out that by default, kasp.xml does not enable the auditor. This was agreed to be an oversight and Alex should correct it before the 1.0a4 release.
Action: Alex - enable the auditor in the default kasp.xml file.

9. AOB

The next teleconference will be on Wednesday 23 September at 13:00-15:00 CEST (12:00-14:00 BST).