Dear Colleagues,
Below you'll find a first attempt at a charter for this group:
---
Technical Security Working Group
================================
The Technical Security Working Group (techsec-wg) has been set up to
discuss all security aspects related to the Internet infrastructure. The
focus of the group will be on the practical aspects and deployment of
Internet security techniques.
At the moment, the group will focus on issues related to the deployment of
DNSsec in the RIPE area. The group will also act as the place where RIPE
NCC will report on the progress of the DISI project.
However, in the future, the scope of the group can be expanded to include
any new security techniques. This group will limit itself to technical
aspects of Internet security. The group will not discuss "user level"
security, these topics will be referred to the "anti-spam working group".
A workplan for the group will be presented and discussed at RIPE40.
---
Comments to the list please,
Henk
------------------------------------------------------------------------------
Henk Uijterwaal Email: henk.uijterwaal(a)ripe.net
RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk
Singel 258 Phone: +31.20.5354414
1016 AB Amsterdam Fax: +31.20.5354445
The Netherlands Mobile: +31.6.55861746
------------------------------------------------------------------------------
As long as you don't tell your friends how I played the hand,
then I won't tell my friends how you defended it. (Anonymous)
On Tue, 15 May 2001, Henk Uijterwaal (RIPE-NCC) wrote:
> Dear Colleagues,
>
>
>
> On Tue, 15 May 2001, Henk Uijterwaal (RIPE-NCC) wrote:
>
> > Minutes of the DISI BoF - RIPE 39, Bologna, May 2 2001, 9:15
> >
> > 6. The future
> >
> > HU asks how to go ahead with this, whether to create a new working group,
> > join an existing working group etc. [...]
>
> The consensus at the meeting was to set up a working group on the
> Technical Aspects for Security for the Infrastructure.
>
> I've meanwhile set up a mailing-list for this group:
>
> techsec(a)ripe.net
Oops, that should be
techsec-wg(a)ripe.net
Sorry,
Henk
>
> To subscribe, send a "subscribe" message to majordomo(a)ripe.net.
> In a couple of days, I'll post a first shot at a charter for the WG to
> the techsec list.
>
> Henk
>
>
>
> ------------------------------------------------------------------------------
> Henk Uijterwaal Email: henk.uijterwaal(a)ripe.net
> RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk
> Singel 258 Phone: +31.20.5354414
> 1016 AB Amsterdam Fax: +31.20.5354445
> The Netherlands Mobile: +31.6.55861746
> ------------------------------------------------------------------------------
>
> As long as you don't tell your friends how I played the hand,
> then I won't tell my friends how you defended it. (Anonymous)
>
>
------------------------------------------------------------------------------
Henk Uijterwaal Email: henk.uijterwaal(a)ripe.net
RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk
Singel 258 Phone: +31.20.5354414
1016 AB Amsterdam Fax: +31.20.5354445
The Netherlands Mobile: +31.6.55861746
------------------------------------------------------------------------------
As long as you don't tell your friends how I played the hand,
then I won't tell my friends how you defended it. (Anonymous)
Minutes of the DISI BoF - RIPE 39, Bologna, May 2 2001, 9:15
Chair: Henk Uijterwaal (HU) RIPE NCC
Scribe: Mark Santcroos
Slides are at:
http://www.ripe.net/ripencc/pub-services/np/DISI//Talks/0105_DISI
HU welcomes everyone.
Agenda:
1- What is this BoF about?
2- Administrative matters
3. DISI
4. CSIRS
5. Discussision
6. The future
7. AOB
----
3. DISI presentation: Olaf Kolkman - RIPE NCC
"DISI & DNSSEC on the reverse tree"
slides are at:
http://www.ripe.net/ripencc/pub-services/np/DISI//Talks/0105_DISI
Questions:
Q: Why don't you use IPv6?
A: Because we want to gain experience first.
Q: What about the 192.168.?
A: -XXX-
Q: What can an end user do to make his ISP secure their zone?
A: We want to convince the ISP's to deploy this.
Q: What kind of public key system used?
A: RSA is recommended, in theory all protocol can be used in parallel. But
to get real success we have to choose one. That probably will be RSA.
Q: How easily can we go to another encryption protocol, if for example one
encryption scheme gets cracked.
A: Depending on how long signatures are valid, a change of the protocol
can be done within 1 day. But this depends on a lot of parameters.
Q: Is there enough experience yet to determine how much effort it is to do
actual implementation of this.
A: Takes more CPU power for signing. Packet sizes grow.
----
4. Presentation: Yuri Demchenko - Terena
"CSIRS coordination for Europe and extended incident handling
standardization"
Slides are at:
http://www.ripe.net/ripencc/pub-services/np/DISI//Talks/0105_DISI_YD
No questions.
------
6. The future
HU asks how to go ahead with this, whether to create a new working group,
join an existing working group etc.
There are more issues related to security DoS, IPv6, Spam.
Q: [chair of Anti-Spam WG] Is a merge going on between the various
security-related WG's?
A1: Not that we are aware off.
A2: We want to keep them seperate.
HU asks for a chair.
No response.
He will setup a mailing list.
---
8. AOB
OK offers to give an experimental presentation about DNNSEC.
This presentation is still under development and will be given in the
future.
The attendees welcome that and OK gives his presentation.
---
HU thanks all the attendees and closes the WG session.
------------------------------------------------------------------------------
Henk Uijterwaal Email: henk.uijterwaal(a)ripe.net
RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk
Singel 258 Phone: +31.20.5354414
1016 AB Amsterdam Fax: +31.20.5354445
The Netherlands Mobile: +31.6.55861746
------------------------------------------------------------------------------
As long as you don't tell your friends how I played the hand,
then I won't tell my friends how you defended it. (Anonymous)
