Wednesday, March 21, 2018
15:20-16:50 Afternoon Session II
Palace C
0. Administrivia (5m)
New co-chair: Eric Vyncke
Co-chair stepping down: Gunter Van de Velde
* Blue Sheets
* Note taker: Gunter Van de Velde
* Jabber scribe: Warren Kumari
* Agenda bashing
OPSEC WG Agenda accepted
1. WG Documents (20 minutes)
* WG documents update by the chairs (3 minutes).
* draft-ietf-opsec-v6, Operational Security Considerations for IPv6 Networks, Merike Kaeo or Eric Vyncke (15 minutes)
Enno Rey added as editor of the draft
Main changes:
Co-authors, will ask for WGLC
á Lorenzo Coletti: text was written long long agoÉ things as disabling SLAAC and DHCPv6 obly, and best practices say not recommended. Also v6 address on MAC is deprecated, needs to be fixed. Disabling privacy addresses is pretty silly for this purpose. The document should say something about L2 and L3 filtering. Document should say something about SAVI.(timestamp: 15:43 for list of sections to revise)
á Tim Chown: a section on address accountability would be a good thing
á Merike Kaeo: We will need to figure out what rough consensus means in this matter as there are soo many different opinions
á Ron Bonica; Who can review the text before WGLC in 2 weeks is started: Lorenzo Coletti, Tim Chown and Fernando volunteered after feeling guilty
* draft-ietf-opsec-ipv6-eh-filtering, Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers. Fernando Gont (2 minutes).
Other non WG documents
* draft-sriram-opsec-urpf-improvements, Enhanced Feasible-Path Unicast Reverse Path Filtering, Kotikalapudi Sriram (15 minutes)
Presentation of draft updates
Ruediger Volk (DT): Did you consider various anycast ruting schemes and the interaction on this
Sriram: not yet
Ruediger: worried about transcient situations in routing and this RPFmechanism
Jeff Haas (Juniper): This set of document is not to be ALL complete. Event further away from interfacewill take time. And is there a need to do things real time? How would the functional correctness be?
Igor lockhart (Akamai): BCP38 does not work for complex systems. Agrees that this is important work to address.
Jared Mauch: An algorithm like this is going to be very complex, and with the internet having shorted AS-paths (cloud-consumer) it makes this type of enhancements questionable
Jeff Haas: There are other ways on how to insert state.
Eric Vyncke: Humm to have as WG document: hum medium
Humm for not WG document: Hum low
Will be asked onlist to adopt as WG document
* draft-camwinget-tls-use-cases, TLS 1.3 Impact on Network-Based Security, Nancy Cam-Winget, Flemming Andreasen (15 minutes)
Presentation of draft
Question: Enhanced dillfie helman must be used, and the text allowsdifferently
Nancy: The text should be saying the correct thing normally
XXX: Who needs this?
Eric Rescolla: The cypher is in the clear
Nalini: Would like tohave a
Tim xxx: This document is filled with inacuraties. And has questions about the point of this document.
Nancy: Purpose of draft is to articulate how securities things are done in current networks and how network security solutions evolve in their pat to TLS1.3
Andreasen: Our purpose is to document TLS1.3 complications to implement
* draft-paillisse-sidrops-blockchain, An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings, Jordi Paillisse (15 minutes)
Presented the slides
(no time for questionsÉ overrun in time)
* draft-balarajah-bmwg-ngfw-performance, Benchmarking Methodology for Network Security Device Performance, Carsten Rossenhoevel (15 minutes)
Presented the slides
Macy (University of Essex): traffic mix construction?
Carsten: What counts is the number of URLs and a real mix
Macy: How to construct those traffic mixes and how to best make that public
Carsten: Asking
Time Chown: What is NetsecOpen?it is not mentioned in the draft. And also the high performance tests are not included in the text yet?
Carsten: good comment and we need to look into it
Jeff Haas: Which ciphers and IKE options to use? What about the traffic mixes on high and low throughput fragments
Al Morton: (co-chair of BMWG): would like to have discussion on BMWG and get this as result adopted in BMWG as a WG document.