Add minutes for 24 Nov 2020 meeting

[SidFaber]

Signed-off-by: Sid Faber [email protected]

[mikaelarguedas]

thanks @SidFaber for putting these together

[mikaelarguedas]

Suggested change

	Following a brief discussion, it was decided to move new meeting minutes to the [ros-security/github repo](https://github.com/ros-security/community). Existing meeting minutes in the [ROS wiki](http://wiki.ros.org/ROS2/WorkingGroups/Security) will not be ported.
	Following a brief discussion, it was decided to move new meeting minutes to the [`ros-security/community` Github repository](https://github.com/ros-security/community). Existing meeting minutes in the [ROS wiki](http://wiki.ros.org/ROS2/WorkingGroups/Security) will not be ported.

[SidFaber]

Updated in a6e2e0e

[mikaelarguedas]

We should use an homogeneous way to refer to individuals in the notes (Github handles, first name, initials...).

[SidFaber]

Agreed--I experimented with github handles, but they don't carry through to markdown. Plan on linking to github profiles in the "attendee" list, but then using first names throughout similar to the style used on the wiki site.

[mikaelarguedas]

One thing mentioned in the last meetings and that I'd like us to look into is the ability of having configurable security levels per topic, following the ones supported by DDS-Security: NONE SIGN, ENCRYPT
Currently SROS2 is all or nothing, either all topics are encrypted or no security feature is used at all. This doesn't scale well (or makes sense) for real systems. Tracking ticket and past work on the topic available at ros2/sros2#130

[SidFaber]

Added to the "reference implementation" goal in a6e2e0e--as I understood the conversation, we need a good implementation with some complexity before we can begin configuring topic-level security.

[mikaelarguedas]

Porting the past notes and replacing the content of the wiki page to point to this github repo would be preferred. although I understand it's cumbersome work

[SidFaber]

I'll leave a few breadcrumbs to cross-link the wiki and the github repo, but I think the effort to port the WG content would be better spent on updating sros2 documentation.

[mikaelarguedas]

Suggested change

	Marco also asked about revoking keys: there's a need to handle that within RMF should an individual robot in a fleet be physically compromised. @JaimeMartin provided [information on CRLs from eProsima](https://fast-dds.docs.eprosima.com/en/latest/fastdds/security/auth_plugin/auth_plugin.html#generating-the-certificate-revocation-list-crl).
	Marco also asked about revoking keys: there's a need to handle that within RMF should an individual robot in a fleet be physically compromised. Jaime provided [information on CRLs from eProsima](https://fast-dds.docs.eprosima.com/en/latest/fastdds/security/auth_plugin/auth_plugin.html#generating-the-certificate-revocation-list-crl).

[SidFaber]

Updated in a6e2e0e

[mikaelarguedas]

Suggested change

	The agrees to continue to move the discussion forward to flesh out a design, but not to perform any work on the code at this time.
	The WG agrees to continue to move the discussion forward to flesh out a design, but not to perform any work on the code at this time.

[SidFaber]

Updated in a6e2e0e

[SidFaber]

Thanks for the thorough read-though, @mikaelarguedas !

[kyrofa]

This looks good to me, but I'm curious why you made the meeting a directory with a README instead of just a dated md file. In case we have some other collatoral during a meeting? If so, can we at least rename README to something like minutes.md?

[SidFaber]

Directories so we can attache things (presentations?) to the meetings. README just to reduce clicks--the minutes render as soon as you land in the directory.

[kyrofa]

Oh fair point, okay.