IETF
opsec
opsec@jabber.ietf.org
Wednesday, March 21, 2018< ^ >
Brian Carpenter has set the subject to: OPSEC at IETF 100
Room Configuration
Room Occupants

GMT+0
[15:08:50] meetecho joins the room
[15:11:09] BtywnULi joins the room
[15:15:07] Efrain Ceca joins the room
[15:15:08] Cathy Aronson joins the room
[15:15:16] Torunn Narvestad joins the room
[15:15:28] Brian Monkman joins the room
[15:16:00] Warren Kumari joins the room
[15:17:07] Brian Monkman leaves the room
[15:17:09] Brian Monkman joins the room
[15:19:35] Jasminko Mulahusic joins the room
[15:20:40] Fernando Gont joins the room
[15:22:04] <Warren Kumari> Hello all -- I'm your friendly Jabber scribe today. Please SHOUT if you need me to relay anything to the mic.
[15:23:48] mardeb joins the room
[15:24:23] mardeb leaves the room
[15:26:56] Efrain Ceca leaves the room
[15:28:07] Francis Teague joins the room
[15:30:35] <Fernando Gont> Please relay: why not consider part of the bogons?
[15:38:26] sftcd joins the room
[15:39:34] Chaunoda Osego Batisani joins the room
[15:40:15] Martin Thomson joins the room
[15:43:05] Erik Kline joins the room
[15:44:39] <Fernando Gont> I volunteer to review if it helps
[15:45:04] danyork joins the room
[15:45:38] Sandra Murphy joins the room
[15:48:01] Lee joins the room
[15:48:05] William Cerveny joins the room
[15:48:19] Chunshan Xiong joins the room
[15:53:29] Martin Thomson leaves the room
[16:01:13] john heasley joins the room
[16:07:01] <Sandra Murphy> lots of background noise
[16:07:55] <Sandra Murphy> ok, stopped.
[16:12:41] Jasminko Mulahusic leaves the room
[16:15:02] Chaunoda Osego Batisani leaves the room
[16:16:52] Efrain Ceca joins the room
[16:22:12] <Sandra Murphy> hey warren.  question for the jabber scribe.
[16:22:36] <Sandra Murphy> warren?  you there?
[16:23:06] slm joins the room
[16:23:09] <sftcd> in case we're short of time, this draft is riddled with innaccuracies
[16:23:31] <slm> warren, question for jabber scribe.
[16:23:59] <slm> warren?  I have several questions for blockchain presentation
[16:24:04] <Warren Kumari> @ Sandy / SLM: Sorry, I was dealing with a puppet outage.
[16:24:15] <Warren Kumari> Still have a question?
[16:24:17] Rolf Sommerhalder joins the room
[16:24:33] <Warren Kumari> And I apologize for my absence.
[16:24:38] <slm> can I ask questions here - or would you prefer not?
[16:24:51] <Warren Kumari> Want it relayed to the mic?
[16:25:11] <Warren Kumari> (Feel free, I've beaten puppet into submission)
[16:25:54] <slm> OK.  Will paste here when the preso starts, you can wait til question time to ask.  (otherwise I usually miss the timing)
[16:27:27] William Cerveny leaves the room
[16:27:48] <Erik Kline> Documenting existing practice without judgement if no such document already exists seems reasonable to me.
[16:29:00] Naveen Lakshman joins the room
[16:31:17] Rolf Sommerhalder leaves the room
[16:31:37] <Sandra Murphy> OK about to paste.  tell me "take it to the list" if too long to recite
[16:31:40] <Sandra Murphy> Questions and comments  Questions about some parts of the draft:  6.1.2.  Multi-signature transactions     the holder of the block of    addresses must trust the owners of the keys participating in the    multi-signature transaction.  Since participants can generate their own keys, does this allow for sybil attacks - generating new “owners of the keys” in order to make a multi-signature succeed?  6.1.3.  Revocation transaction     accepting the revocation    transaction automatically when issued by the accepted authority  Does this re-introduce a centralized authority into the system?
[16:31:51] <Sandra Murphy> Comments on certain statements made in the draft, and the relationship to IP address allocation and use:  “Cannot be assigned to two entities at the same time.”  The use of IP addresses has shared authority over address space - more than one entity has authority over IP address space.  I’m not sure how that works in blockchain.  If an ISP holding a /16 sub-delegates a /20 to a customer, it does not give up the ability to announce the /16.  RIPE tells its members that they are responsible for their entire allocation, no matter if they have sub-delegated some of it to a customer.  And they carefully instruct their members how to use the authorization features of the RIPE database to ensure that they retain control over resources they have sub delegated.  And they have recently changed the authorization structure to make it possible to delete objects that were sub-delegated from resources they hold.  (Note: I’m not a part of the RIPE NCC.  RIPE NCC people present should speak up.)  “AS domains holding large blocks of IP addresses”  there are many organizations that hold IP addresses but do not hold AS numbers.  There are many organization that hold IP addresses and AS numbers, but have some other ISP originate announcements for them.  So an IP address to AS number mapping or vice versa is not possible or a fit to the way IP addresses are used.  “These parties have a reduced incentive in tampering the blockchain because they would suffer the consequences: an insecure Internet.”  I don’t see that this agrees with experience.  The Internet impact is sometimes deliberate (those who have deliberately impacted the routing of someone else’s prefix), sometimes a mistake (yesterday’s mis-origination of a Univ of Iowa’s prefix), and sometimes self-serving (spammers mis-origination of prefixes for their own gain)
[16:32:16] <Warren Kumari> @Sandy: Can you summarize? That would be a soapbox rant
[16:32:23] <Warren Kumari> s/rant/question/
[16:33:01] <Sandra Murphy> wow.  cr/lf did not transfer.  makes it hard to read.
[16:33:29] <Warren Kumari> I suspect that that is a "take to list" question - but happy to relay shorter versin of possible.
[16:34:51] <Sandra Murphy> right.  will send full text to list.
[16:34:55] Martin Thomson joins the room
[16:35:04] <Warren Kumari> and point at short bits I can ask...
[16:36:10] <Warren Kumari> We probably will only have a few minutes - should I ask the Sybil bit?
[16:36:15] sftcd leaves the room
[16:37:04] rhe joins the room
[16:37:22] <Sandra Murphy> uh. ok will send full version to the list
[16:37:31] <Sandra Murphy> here's a smaller version.  small enough?
[16:37:46] <Sandra Murphy> wonder if your revocation mechanisms introduce sybil attacks (multi-signature) or a new centralized authority (revocation transaction).  I am not certain that blockchain is a good match to the way IP address space allocations are used.  In particular, about “Cannot be assigned to two entities at the same time.” —  The use of IP addresses has shared authority over address space - more than one entity has authority over IP address space.  I’m not sure how that works in blockchain.  Will send full questions to the list.
[16:38:13] <Warren Kumari> Great! Thankyou -- and please send longer version to list.
[16:39:17] <Erik Kline> The analogy of IP prefixes to coins seems to ignore the fact that ASNs don't really *own* IP prefixes, they effectively rent them from the RIRs (AIUI).
[16:40:09] <Warren Kumari> ... well, perhaps that is solved with the "timeout" idea?
[16:40:39] <slm> ah, shucks.
[16:40:41] <Warren Kumari> @Sandy: Sorry, no time for questions
[16:41:42] Erik Kline leaves the room
[16:48:09] danyork leaves the room
[16:48:09] slm leaves the room
[16:48:21] slm joins the room
[16:50:16] Martin Thomson leaves the room
[16:51:04] rhe leaves the room
[16:51:06] Brian Monkman leaves the room
[16:51:06] Naveen Lakshman leaves the room
[16:51:06] Cathy Aronson leaves the room
[16:51:06] Efrain Ceca leaves the room
[16:51:06] Francis Teague leaves the room
[16:51:06] Warren Kumari leaves the room
[16:51:06] john heasley leaves the room
[16:51:06] Torunn Narvestad leaves the room
[16:51:06] Sandra Murphy leaves the room
[16:51:06] Chunshan Xiong leaves the room
[16:51:07] Fernando Gont leaves the room
[16:51:42] meetecho leaves the room
[17:03:36] rhe joins the room
[17:08:02] Lee leaves the room: Connection failed: connection closed
[17:14:48] Martin Thomson joins the room
[17:17:43] Lee joins the room
[17:19:05] Martin Thomson leaves the room
[17:19:20] danyork joins the room
[17:23:53] sftcd joins the room
[17:25:22] danyork leaves the room
[17:29:40] sftcd leaves the room
[17:29:41] slm leaves the room
[17:30:01] slm joins the room
[17:31:20] sftcd joins the room
[17:36:49] sftcd leaves the room
[17:36:49] slm leaves the room
[17:37:08] slm joins the room
[17:39:57] sftcd joins the room
[17:40:18] sftcd leaves the room
[17:46:20] Lee leaves the room
[17:46:20] slm leaves the room
[17:46:47] slm joins the room
[18:32:52] slm leaves the room
[18:33:04] slm joins the room
[19:26:01] slm leaves the room
[19:27:23] slm joins the room
[19:41:34] slm leaves the room
[19:41:44] slm joins the room
[19:48:44] slm leaves the room
[19:48:54] slm joins the room
[20:53:28] rhe leaves the room
[20:57:12] slm leaves the room
[20:57:41] slm joins the room
[21:01:16] slm leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!