rpsec@conference.ietf.jabber.com - 2002/11/20

[13:38] %% Olaf has arrived.
[14:07] %% jis has arrived.
[14:14] %% ietfwatch has arrived.
[14:22] %% SandyT has arrived.
[14:38] %% paul.knight has arrived.
[14:38] <paul.knight> Attack trees
[14:39] <paul.knight> For defense against attack dogs ?
[14:41] %% jis has left.
[14:41] <paul.knight> Alex Zinin: How can we make sure we exercise the "evil creativity" of authors to exercise the greatest possible set of attacks..?
[14:42] <paul.knight> Sean: We're depending on the evil creativity of all the WG and their black hats.
[14:43] %% dmarlow has arrived.
[14:44] <paul.knight> Alex: IDR WG is trying to complete a vulnerabililties assessment. Sandy's work may be included int he security considerations part of BGP... but do it quickly.
[14:45] <paul.knight> Sandy: Syntax difficulties with the attack trees: maybe use parentheses.
[14:46] <paul.knight> Sandy: Why put "impossible" attacks in the attack tree? maybe they will become possible at some time.
[14:46] <paul.knight> Sandy: the list of attack scenarios looks like the list of network damage in my document.
[14:47] <paul.knight> Sandy: Some attackers may have no goal beyond causing trouble. This makes it hard to specify the type of attack.
[14:47] <paul.knight> Q: who are consumers of this?
[14:48] <paul.knight> Q: Do you have a way of prioritizing things depending on the specific source of the weakness opening the vulnerability.. i.e. poor implementation of network or of protocol
[14:49] <paul.knight> Sean: The attack tree was partly implemented in XML to make it flexible as to representation.
[14:50] <paul.knight> Q: The more useful part of attack tree is to focus on the highest risk, on what we need to fix right now.
[14:51] <paul.knight> Sean: yes, ..
[14:52] <paul.knight> Felix Wu, UC Davis - This is good, maybe for signature analysis. It is hard to assign probability (due to evil creativity")
[14:52] <paul.knight> What do you mean by "complete"
[14:53] <paul.knight> Sean: Try to cover everything
[14:54] <paul.knight> Felix: Tree can grow to infinite size.. but this work is good, to measure implementations against a known tree.
[14:54] <paul.knight> Felix : We're doing property-oriented analysis.
[14:54] %% mrose has arrived.
[14:54] <paul.knight> Sean : We should talk about it...
[14:56] <paul.knight> General discussion of WG direction with documents..
[14:58] %% paul.knight has left.
[14:58] %% paul.knight has arrived.
[15:00] <paul.knight> Alex Zinin: I want to support generic documents as well as more detailed analysis of specific protocols.
[15:03] <paul.knight> Sean: need to get BGP attack tree and threat analysis out soon, there is widespread interest in it.
[15:04] <paul.knight> Generic attack tree needs to hold the items like "get access to router" which is currently in the BGP attack tree.
[15:05] %% ggm has arrived.
[15:05] <ggm> Olaf? did this work?
[15:06] <paul.knight> Alex: we want to make sure the BGP work is not held up waiting for the generic document... but the goal is to help implementers check their implementations.
[15:06] <paul.knight> ggm: you are seen on rpsec room
[15:07] <ggm> thx.
[15:09] <paul.knight> Tony T: We'll encourage more discussion on the list for this...
[15:12] <paul.knight> Dave cook - status of securing routing protocols with IPsec -- presentation
[15:12] %% paul.knight has left.
[15:12] %% paul.knight has arrived.
[15:13] %% mrose has left.
[15:13] %% paul.knight has left.
[15:14] %% paul.knight has arrived.
[15:14] <paul.knight> Dave Cook: presentation on routing and IPsec
[15:17] %% mrose has arrived.
[15:19] <paul.knight> NIce to have Dave citing my work in dynamic routing in IPsec....
[15:19] <paul.knight> (along with Joe Touch and others who have been working on it even longer)
[15:24] <paul.knight> conclusion: remain calm at all times ..... there is still a lot of work to do.
[15:26] <paul.knight> Tony: finally a presentation with some meat on it! We can run any protocol with encapsulation...
[15:27] <paul.knight> Alex Z: We don't need a decision on the informational document showing how to use routing protocols over IPsec.
[15:28] <paul.knight> Decison as to whetehr individual Routing protocol should work over IPsec or use internal security processes depend on the protocol
[15:28] <paul.knight> q: forward comments on OSPF to the OSPF list
[15:29] <paul.knight> Steve Bellovin: my draft is not how to secure BGP, but it should apply to any protocol.
[15:30] <paul.knight> Rich Braden (?) Telecordia: This is better than a MAC defined in different places (or other security services)
[15:31] %% paul.knight has left.
[15:31] %% paul.knight has arrived.
[15:31] <paul.knight> new presentation: Secure Origin BGP
[15:32] <paul.knight> signing off unti lI can find some power...
[15:32] %% paul.knight has left.
[15:32] %% mrose has left.
[15:46] %% ietfwatch has left.
[15:56] %% ggm has left.
[15:59] %% Olaf has left.
[16:14] %% SandyT has left.
[17:37] %% dmarlow has left.
[21:40] %% paul.knight has arrived.
[21:42] <paul.knight> It was Dave Ward, NOT Dave Cook, who was covering routing protocols and IPsec.
[21:43] <paul.knight> Sorry for the confusion...
[21:44] %% paul.knight has left.