Meeting Summary

Attendees

@Anton Arapov, @Katerina Micova, @James Bourne, @Randall Becker, @Tim Hudson, @Paul Dale, @Jeff Johnson, @Billy Brumley, @Jaroslav Reznik (excused absence).

Agenda

1. Updates on the Business Advisory Committee.

2. Discussion on the roadmap for version 3.6 and beyond.

3. Community engagement and feedback mechanisms.

Summary

The meeting focused on discussing the progress and future direction of the Business Advisory Committee, with an emphasis on community engagement and feedback. Participants expressed the need for a more structured approach to gathering input from various communities, particularly regarding the OpenSSL roadmap and priorities.

Key points

1. Community Engagement: There was a consensus on the importance of obtaining direct feedback from community members to understand their needs and priorities. Participants acknowledged that previous methods of gathering input may not have been effective and emphasized the need for a more open dialogue.

   • There is a challenge in obtaining direct feedback from the community, which has not been effectively achieved in the past.

   • The goal is to move away from a traditional list of features and instead focus on what the community feels is missing or what they would like to see prioritized.

   • Randall discussed a meeting with a major customers, expressing their interest in participating in OpenSSL committees and understanding the OpenSSL roadmap, particularly in relation to quantum computing concerns.

2. Upcoming Events: One member mentioned participation in a cybersecurity conference, indicating a desire to represent OpenSSL and promote its initiatives. There was a discussion about providing promotional materials for such events to enhance visibility.

   • James shared his upcoming participation in the Sunshine Coast Cyber Security Conference, indicating he would represent OpenSSL and requested support materials.

   • Randall mentioned the NonStop Technical Business Conference (NonStopTBC), which is scheduled to take place in Houston.

3. Roadmap Development: The conversation highlighted the necessity of developing a clear roadmap for OpenSSL, ideally spanning two years. Participants discussed the challenges of aligning this roadmap with the expectations of various stakeholders, including those from different sectors like finance and technology.

   • The need for different input from the community, compared to previous approaches, was emphasized, with a focus on identifying gaps and priorities rather than merely listing requests.

   • As an example, the disconnect between OpenSSL’s roadmap and that of the HPE NonStop community was noted, highlighting the need for improved communication and a better understanding of OpenSSL’s impact on their operations.

   • A two-year roadmap is proposed as a reasonable timeframe for planning and development.

4. Performance and Compliance: Concerns were raised about performance monitoring and compliance with standards such as FIPS. The need for better communication regarding the status of features and compliance was emphasized, particularly in relation to upcoming requirements like DTLS 1.3.

   • The discussion shifted to the potential for performance monitoring and auditing interfaces within the provider architecture.

5. Funding and Collaboration: The potential for joint funding opportunities was discussed, particularly in relation to academic partnerships. Participants recognized that collaborative projects could lead to more substantial funding and longer-term commitments, which would benefit both the academic and corporate sides.

   • Billy discussed his approach to engaging the academic community and the differences in feedback he anticipates compared to common business input.

   • He emphasized the importance of funding for longer-term projects and suggested pursuing joint funding opportunities with agencies like NSF and ERC.

   • Tim expressed openness to exploring funding proposals and collaborations with academic institutions.

6. Provider Interface: There was interest in enhancing the provider interface to facilitate better integration and performance monitoring. The idea of creating an auditing layer within the provider interface was proposed, which could help in performance measurement and compliance verification.

   • Randall highlighted the need for production-hardened APIs that could be used for ongoing transactional monitoring.

   • The provider interface is seen as a critical component for future development. Suggestions include:

     • Creating a mechanism for users to roll their own OIDs temporarily until official ones are available.

     • Developing a user-friendly way to benchmark and generate code for different cryptographic algorithms, potentially through a one-click solution.

     • The idea of an "authorized man-in-the-middle" provider for performance monitoring, which could provide insights into the operational metrics of cryptographic processes.

7. Long-Term Vision: There is a desire to build a more robust and flexible ecosystem around OpenSSL, including potential offerings such as binary providers and a repository for users to access various cryptographic implementations.

8. Future Meetings and Follow-ups: The group agreed to continue discussions in future meetings, with a focus on refining the roadmap and addressing the concerns raised. There was an acknowledgment of the need for ongoing communication and collaboration to ensure that the needs of all stakeholders are met.

Action Items

• Anton: To extract business justification slides related to post-quantum security for circulation among the committee.

• Randall: To explore the possibility of presenting OpenSSL at the upcoming conference in Houston and gather feedback from the community. Prepare a presentation proposal.

• Billy: Reach out to academic contacts to gather feedback and explore potential funding opportunities for joint projects.

• Jeff: Gather and consolidate feedback on roadmap priorities and features.

• James: Confirm details with the Sunshine Coast Cyber Security Conference organizers and request OpenSSL swag if needed.