IETF
karp@jabber.ietf.org
Monday, 5 November 2012< ^ >
Room Configuration

GMT+0
[13:19:11] bz@jabber.org joins the room
[13:26:30] bz@jabber.org leaves the room
[13:27:29] bz@jabber.org joins the room
[13:40:44] Dan York joins the room
[13:45:53] Sean Turner joins the room
[14:00:09] Melinda joins the room
[14:04:07] mjbarnes joins the room
[14:04:25] mjbarnes leaves the room
[14:04:41] Michael Barnes joins the room
[14:06:19] <Melinda> getting started
[14:06:41] <Melinda> I'm Jabber scribe this morning
[14:07:11] <Melinda> Stuart is reminding about IPR disclosure
[14:07:40] <Michael Barnes> Thanks for scribing Melinda
[14:08:23] <Melinda> agenda bashing
[14:08:36] <Melinda> threats request is back in hands of iesg after extensive rewrite
[14:08:42] You-GT joins the room
[14:08:46] andrew.chi joins the room
[14:08:52] <Melinda> routing tcp analysis in last call
[14:08:58] <Melinda> key table doc in wg last call
[14:09:47] <Melinda> ospf analysis through ietf lc
[14:10:03] Sean Turner leaves the room
[14:10:41] <Melinda> a pim draft is being updated but not ready for this meeting
[14:10:52] <Melinda> still looking for authors for rsvpp-te and lmp
[14:11:25] <Melinda> the wg may be coming to consensus for tcp-ao related automated key management
[14:11:42] <Melinda> several approaches still proposed for automated group key management
[14:12:39] <Melinda> sam hartman - karp operations model
[14:13:05] Sean Turner joins the room
[14:13:42] <Melinda> getting input and document is moving forward
[14:13:49] <Melinda> recovering from equipment failure
[14:15:04] <Melinda> talking about restoring keys
[14:15:22] <Melinda> some strategies for rekeying equipment involves changing keys on other equipment
[14:15:48] <Melinda> key recovery
[14:16:17] <Melinda> sidr document proposes keys should be stored exported from routers, could be stored in central config system or on usb keys
[14:18:48] <Melinda> Russ: has been trying to solve similar problems and concluded that it should be provisioned from central site because the time to recovery has to be considered
[14:19:51] <Melinda> Sam says Randy told him that if you've got someone sitting at a console device having someone stick in a USB key wouldn't introduce latency
[14:20:34] <Melinda> Wes Hardaker: sidr is trying to provide operators with choices
[14:21:27] <Dan York> mlshore - THANK YOU for the detailed Jabber scribing. Very helpful.
[14:22:17] <Melinda> Russ: at a very abstract level what you said is true but you have to worry about latency between number of participants.
[14:23:26] <Melinda> Russ: in the other case, where we're just trying to authenticate packet, we need to consider multicast (we don't want to stick certificate in all packets)
[14:23:53] <Melinda> Russ worries about exceeding Ethernet packet size
[14:24:18] <Melinda> Sam: discussion might make more sense to have in specific protocol discussions
[14:25:17] <Melinda> Sam: definitely want to follow sidr work, okay with something like this as one of the options (minimum best practices) but important for organizations to be abe to pick and choose
[14:25:43] <Melinda> Uma: is it that providing two options - central storage/removable media storage?
[14:25:46] <Melinda> Sam: yes
[14:26:55] <Melinda> Sam: isn't familiar with how bpg is deployed, but Wes George said implementations group configuration together bpg, peer group for igp, or for redundant connections
[14:27:56] <Melinda> this makes transition to tc-ao or akm more difficult. He would like way to do that without a flag day
[14:28:48] <Melinda> slowly move routers from one peer group to another. If there are subtle differences between peer groups you could be setting yourself up for random operational problems
[14:29:38] <Melinda> possible solutions: maintain both tcp-ao and tcp-md5 security parameters, provide ways to trigger graceful restart to set up new security session, negotiation question
[14:31:04] Sean Turner leaves the room
[14:32:12] <Melinda> acee: why is equipment failure tied to changing credentials?
[14:32:18] kivinen joins the room
[14:32:41] Sean Turner joins the room
[14:32:46] <Melinda> sam: are you taking us back to previous discussion?
[14:33:26] <Melinda> sam: maybe, probably not. There are two issues: 1) what to do about eqpt failure, and second is bpg-specific and has nothing to do with eqpt failure
[14:35:03] <Melinda> uma: in this case, does it require software upgrade (to support ao)?
[14:35:03] <Melinda> Sam: probably (ao is new feature)
[14:35:29] <Melinda> sam: two steps - upgrade router, configure to use ao
[14:35:30] <Melinda> Russ: third - add keys
[14:36:03] <Melinda> sam: authors would appreciate input on this.
[14:37:00] <Melinda> karp is-is security gap analysis (uma)
[14:38:22] <Melinda> draft summarizes current state of key usage in is-is, several previous efforts to analyze is-is
[14:39:19] <Melinda> analysis includes current state of key usage, threat analysis, requirement for manual keying, and requirements for automated keying
[14:39:57] Sean Turner leaves the room
[14:43:54] Dan York leaves the room
[14:44:15] danyork joins the room
[14:44:17] <Melinda> issues addressed in current version - comments from Les Gnsberg, comments from Sean Turner
[14:44:43] <Melinda> latter include ocncerns about threat scope and group key requirements. Have been addressed and sent for review
[14:45:14] JoelHalpern joins the room
[14:47:11] <Melinda> next step: request wg adoption
[14:47:33] <Melinda> any questions/comments? no
[14:47:39] <Melinda> call for adoption will be sent
[14:48:31] <Melinda> manav: bfd analysis
[14:48:58] <Melinda> bfd used for liveliness protocols and mpls-tp
[14:49:26] <Melinda> bfd vulnerable to replay, weak crypto, dos attacks
[14:50:00] <Melinda> existing authn mechanisms
[14:50:38] <Melinda> all have some weakness
[14:51:16] Sean Turner joins the room
[14:51:21] <Melinda> issues with inter-session - sequence numbers re-initialized, discriminators are not random
[14:51:38] Karen O'Donoghue joins the room
[14:51:55] <Melinda> limited key update, no protection for echo mode
[14:52:32] <Melinda> impacts of pfd replays - force victims to change state
[14:53:01] <Melinda> impact of new authn requirements - time interval between tx/rx in milliseconds
[14:53:12] <Melinda> hardware support for authn is not common
[14:53:25] <Melinda> performing autnentication in software has scaling issues
[14:53:36] <Melinda> recommendations:
[14:54:31] <Melinda> next step: adoption?
[14:54:49] <Melinda> note will be sent to bfd group as well
[14:55:20] <Melinda> Dacheng: tcp-ao master key typle negotiation in IKEv2
[14:56:46] <Melinda> new draft aims only to secure tcp-based pairwise routing protocol associations using ikev2 with tcp-ao
[14:57:21] <Melinda> needs new security protocol identifier in IANA registry
[14:59:27] Sean Turner leaves the room
[14:59:58] <Melinda> slide w/examples
[15:00:58] Sean Turner joins the room
[15:01:06] <Melinda> walking through protocol/message changes
[15:02:59] <Melinda> brian: does this seem reasonable to ikev2 people? Yes
[15:03:30] <Melinda> uma: karp kmp
[15:03:43] <Melinda> simplified peer authentication
[15:04:12] <Melinda> motivations: minimize use of passwords, move away from manual keying
[15:05:58] hartmans joins the room
[15:06:31] <hartmans> what draft is this presentation about?
[15:06:38] <Melinda> possible authn methods - symmetric, asymmetric, eap-based
[15:07:02] <andrew.chi> draft-chunduri-karp-kmp-router-fingerprints-01
[15:07:23] <hartmans> thanks
[15:08:20] <Melinda> using router fingerprints already specified as ysing raw rsa eys
[15:08:37] <Sean Turner> @joel: working on clearing karp-threat discusses
[15:09:54] <Melinda> generate fingerprint by hashing a x.509 certificate
[15:10:36] <Melinda> how to generate & use certificate
[15:11:00] <Melinda> tero has question about encoding formats. Thinks should be using public key format, not x.509
[15:11:07] <JoelHalpern> @Sean Turner thanks.
[15:12:58] <Melinda> how to publish. OOB for intra-domain, SLAs for inter-domain
[15:13:16] <Melinda> need to resort to oob public key validation to verify key authenticity
[15:13:39] <Melinda> RFA should only be seen as improvement over shared manual keying
[15:15:53] <Melinda> questions?
[15:16:31] metricamerica joins the room
[15:17:15] <Melinda> tero: major problem here is that keys may be completely random but they never change
[15:17:31] <Melinda> major problem with symmetric keys, that is
[15:18:01] <Melinda> brian: does operations draft discuss different keying methods?
[15:18:03] <Melinda> sam: yes
[15:18:57] <Melinda> sam: also discuss revocation issue
[15:20:11] <Melinda> we're done
[15:20:14] Karen O'Donoghue leaves the room
[15:20:22] Melinda leaves the room
[15:20:26] Michael Barnes leaves the room
[15:20:34] JoelHalpern leaves the room: offline
[15:21:21] metricamerica leaves the room
[15:22:19] andrew.chi leaves the room
[15:25:46] Karen O'Donoghue joins the room
[15:29:24] Karen O'Donoghue leaves the room
[15:31:38] danyork leaves the room
[15:36:29] You-GT leaves the room
[15:39:35] kivinen leaves the room
[15:39:50] Karen O'Donoghue joins the room
[15:46:03] Sean Turner leaves the room
[15:48:07] hartmans leaves the room
[15:56:45] bz@jabber.org leaves the room
[16:30:30] Karen O'Donoghue leaves the room
[17:18:59] Karen O'Donoghue joins the room
[17:23:08] Karen O'Donoghue leaves the room
[17:36:32] Karen O'Donoghue joins the room
[18:04:54] Karen O'Donoghue leaves the room