Logs for btns@ietf.xmpp.org, 2005-11-10

[12:12:35] --- lha has become available
[12:13:34] --- lha has left
[17:14:32] --- leifj has become available
[17:14:53] --- cabo--tzi--org has become available
[17:15:06] --- leifj has left
[17:16:18] --- andrewdmcgregor@jabber.psg.com has become available
[17:16:28] --- shep has become available
[17:16:45] --- mrichardson has become available
[17:16:55] --- PekkaNikander has become available
[17:16:57] <mrichardson> hi.
[17:17:00] --- FDupont has become available
[17:17:03] <mrichardson> first slide.
[17:17:05] --- tonyhansen has become available
[17:17:07] <mrichardson> three different groups.
[17:17:16] <mrichardson> protection against off-track attackers
[17:17:20] <mrichardson> channel bindings
[17:17:26] <mrichardson> SSH-like leap-of-faith use of IPsec
[17:17:37] --- jimsch has become available
[17:17:37] <mrichardson> WG chartered to
[17:17:45] --- raeburn has become available
[17:17:56] <mrichardson> specify extensions to IPsec so that IPsec will support creation of unauthenticated SAs.
[17:18:07] --- jimsch has left
[17:18:08] --- hartmans has become available
[17:18:11] <mrichardson> Sam: is the leap-of-faith really in scope? are the people in the room?
[17:18:18] <mrichardson> Love: that's the question here.
[17:18:44] <mrichardson> meeting goals: Problem, SPD/PAD/IKE, other, update milestones.
[17:18:51] <mrichardson> Joe's presentation.
[17:19:06] <mrichardson> Joe's slides are not yet online.
[17:19:15] <mrichardson> what's the meeting URL again?
[17:23:10] --- geoff has become available
[17:24:03] <PekkaNikander> Meeting materials tool: https://onsite.ietf.org/public/meeting_materials.cgi?meeting_num=64
[17:24:14] <PekkaNikander> (But Joe's slides are not there, yet)
[17:25:42] --- nico has become available
[17:26:13] --- kivinen has become available
[17:26:18] --- dumdidum has become available
[17:26:53] --- geoff has left
[17:30:02] --- rstory has become available
[17:30:05] <PekkaNikander> http://onsite.ietf.org/proceedings/05nov/slides/btns-1.pdf
[17:30:31] <mrichardson> Now Nico's document.
[17:30:35] <PekkaNikander> Slide titled: "Recap: PAD/SPD Changes"
[17:30:52] <mrichardson> David Black responded to Sam's questions/outstanding points, and indicated that they have a plan to address them.
[17:31:01] <PekkaNikander> Discussion between ANY/UNKNOWN
[17:31:11] <mrichardson> Kent: ANY is used for selector values, not credentials.
[17:31:31] <mrichardson> Kent: so why UNKNOWN?
[17:32:44] --- kanda has become available
[17:34:29] <mrichardson> Sam: ANY in the SPD only applies to traffic selectors, not peers?
[17:34:32] <mrichardson> Kent: no.
[17:34:38] <mrichardson> (did I get that right)
[17:39:35] <PekkaNikander> Sam asked for examples or scenarios.
[17:39:52] <PekkaNikander> (We are at slide titled 'Issues')
[17:40:36] <PekkaNikander> Sam: An example of how to configure SPD and PAD for examples that are in the applicability statement draft
[17:40:57] <mrichardson> wants to see a mix of normal IPsec and BTNS.
[17:41:13] <PekkaNikander> Issue missing from the slide: leap-of-faith
[17:41:24] <mrichardson> I don't understand why leap-of-faith is an issue.
[17:42:06] <PekkaNikander> Steve Kent: ANY is allowed for any selector values, but not for a name (if I got it correctly)
[17:43:16] <PekkaNikander> Nico: don't know what to do with leap-of-faith
[17:43:26] <PekkaNikander> Sam: Why leap-of-faith is hard
[17:43:42] <PekkaNikander> Nico: In SSH usually server's key, here the IP address may be changing
[17:44:05] --- raeburn has left: Replaced by new connection
[17:44:09] <PekkaNikander> Nico: If you create persistent entries you may do harm
[17:44:43] <PekkaNikander> Bill Sommerfelt: If I was using an address using DHCP for an hour, and that created a persistent entry, then nobody else could use that address afterwards.
[17:45:02] <PekkaNikander> Bill: If we could make the entries expiring, that might fix...
[17:45:38] <PekkaNikander> Sam: 2401bis, complicated, add a public key name form to the SPD
[17:46:12] <PekkaNikander> Sam: road warrior case today there will be an entry that allows any remote address with a named entity
[17:46:38] <PekkaNikander> Sam: You could have a same kind of entry for leap-of-waith
[17:46:53] <PekkaNikander> Michael Richardson: Correct.
[17:47:14] <PekkaNikander> Michael: Maybe existing entries can block addresses.
[17:48:01] <PekkaNikander> Michael: If there was a cert for an IP address, that could block an IP address, but since we don't have such certs, we shouldn't block IP addrs
[17:48:12] <PekkaNikander> Nico/Michael discussion
[17:48:24] <PekkaNikander> Sam: Key rollover problem
[17:48:27] --- raeburn has become available
[17:48:32] <PekkaNikander> Michael: Depends entirely on channel binding
[17:50:50] <hartmans> Well, it is not part of the SPD entry but it is part of what ike does
[17:52:39] <mrichardson> key-rollover.
[17:53:02] <PekkaNikander> Discussion about leap-of-faith, key-rollover, etc.
[17:53:09] <mrichardson> I think that the operational use of leap-of-faith is as follows:
[17:53:33] <PekkaNikander> Key rollover discussion continues, Tim Shepard
[17:53:36] <mrichardson> a) BGP administrator enables BTNS. Let's peers know that he supports it.
[17:53:55] <mrichardson> b) BGP peer says, "aha, let's turn on BTNS to node (a)"
[17:53:58] <PekkaNikander> Tim Shepard: Using an IP address as an identity sounds like a bad idea
[17:54:08] <mrichardson> c) session is now secured between (a)<->(b).
[17:54:23] <PekkaNikander> Tim: Sounds like want to get channel bindings
[17:54:28] <PekkaNikander> Nico: You don't need leap of faith for channel bindings
[17:55:00] <PekkaNikander> Bill Sommerfeld: Persisting these things indefinitely is wrong
[17:55:04] <PekkaNikander> Nico: Yes
[17:55:14] <mrichardson> d) BGP administrator on node (a) telephones administrator of node (b), and they exchange finger prints, and then "lock down" the relationship. No key-rollovers may occur, because the administrators have just used BTNS to bootstrap to IPsec.
[17:55:20] <PekkaNikander> Nico: For channel bindings you first need to find a channel, IPsec does't give you one
[17:56:09] <PekkaNikander> Jari Arkko: Leap of faith works well if you have a completely new network, and then everyone remembers the keys forever. Not good to trust the peer to tell the lifetime
[17:57:02] <PekkaNikander> Nico: Two comments: 1) Mobility, 2) dead client detection (?).
[17:57:24] <PekkaNikander> Jari: Issue is what is running above
[17:58:00] <PekkaNikander> Jari: Knowledge to upper layer connection existence (?)
[17:58:06] <PekkaNikander> Nico: Difference between AH and ESP
[17:58:15] <PekkaNikander> Nico: TCP sequence numbers etc
[17:58:55] <PekkaNikander> Sam: Generalise. What does the traffic look like than I have a name?
[17:59:04] <PekkaNikander> Stephen Kent: Depends
[17:59:10] <PekkaNikander> Sam: Example for a road warrior?
[17:59:33] <mrichardson> Kent: remote is ANY. local could be populated for packet, or subnet for enterprise.
[17:59:46] <mrichardson> IKE exchange would have an ID to select that entry.
[18:00:11] <PekkaNikander> remote=ANY
[18:00:35] <PekkaNikander> Steve: Instantiated with the real address
[18:00:45] <PekkaNikander> Sam: What happens when the SA goes away
[18:00:52] <PekkaNikander> Steve: Bound to the keying material
[18:01:10] <mrichardson> RW goes away, and then, the HQ is still sending packets to it.
[18:02:14] --- geoff has become available
[18:02:29] <PekkaNikander> Michael Richardson: SA gets killed. Current implementations. Traffic goes out in clear.
[18:02:38] <PekkaNikander> Sam: Same issue here
[18:02:51] <PekkaNikander> Michael: Right, not a new issue
[18:03:00] <PekkaNikander> Sam: All buttons
[18:03:09] --- hartmans has left: Disconnected
[18:03:13] <PekkaNikander> Nico: Latching
[18:03:24] <PekkaNikander> Sam: Issue for standalone btns
[18:03:39] <PekkaNikander> Joe: Should be in the problem statement
[18:03:46] <PekkaNikander> Sam: You should think about it
[18:04:05] <PekkaNikander> Sam: Security section of the actual protocol document
[18:04:06] --- tanupoo has become available
[18:04:18] <mrichardson> for stand-alone buttons, consider the situation that I wrote above.... what if (b) decides that BTNS sucks, and turns it off. Can it establish a new BGP session?
[18:04:54] <PekkaNikander> Kivinen: SSH leap of faith is one directional
[18:05:11] <PekkaNikander> Kivinen: Could use in the same way same way
[18:05:13] --- hartmans has become available
[18:05:50] <PekkaNikander> Nico: Well, yes. If you have a way to get user interface. You don't always can go to the user.
[18:06:16] <PekkaNikander> Love: Next steps
[18:06:23] <PekkaNikander> Love: Please look at the documents
[18:07:01] <PekkaNikander> Adopted the draft as a WG item
[18:07:11] <PekkaNikander> Love: Milestones
[18:09:02] <mrichardson> First version of IPsec interfaces draft (e) ---- Feb 06 is too soon.
[18:09:08] <mrichardson> make it POST DALLAS.
[18:09:15] --- raeburn has left
[18:09:17] --- hartmans has left
[18:09:18] --- mrichardson has left
[18:09:35] <PekkaNikander> Adjourned. Thanks
[18:09:39] --- kivinen has left
[18:10:15] --- andrewdmcgregor@jabber.psg.com has left: Logged out
[18:10:38] --- nico has left
[18:15:33] --- geoff has left
[18:16:21] --- cabo--tzi--org has left
[18:17:37] --- shep has left: Logged out
[18:23:32] --- kanda has left
[18:24:16] --- PekkaNikander has left
[18:27:23] --- dumdidum has left: Disconnected
[18:29:13] --- rstory has left: Logged out
[18:38:15] --- tanupoo has left: Disconnected
[18:53:33] --- tonyhansen has left: Replaced by new connection
[19:07:33] --- FDupont has left: Disconnected