IETF
opsec
opsec@jabber.ietf.org
Monday, 26 March 2012< ^ >
Room Configuration

GMT+0
[12:10:47] Dan York joins the room
[12:57:22] Dominik Elsbroek joins the room
[13:00:52] Dan York leaves the room
[13:11:07] steve ulrich joins the room
[13:11:07] Wes George joins the room
[13:11:44] Dan York joins the room
[13:12:22] jpc joins the room
[13:12:52] <Wes George> opsec - changing chairs, thanks to joel for being substitute Gunter
[13:13:38] Joel Jaeggli joins the room
[13:13:40] <Wes George> I'll be jabber scribing
[13:13:43] <Wes George> http://www.ietf.org/proceedings/83/agenda/agenda-83-opsec.txt
[13:13:47] <Wes George> note well/agenda bashing
[13:14:04] <Dan York> Wes - I can help, too, if you need it.
[13:14:16] <Wes George> thanks dan
[13:14:40] Dominik Elsbroek leaves the room
[13:14:53] Lorenzo Miniero joins the room
[13:14:56] <Dan York> Wes George at mic
[13:15:05] Simon Romano joins the room
[13:15:42] audio joins the room
[13:15:52] Simon Romano leaves the room
[13:16:10] <Wes George> discussing http://www.ietf.org/proceedings/83/slides/slides-83-opsec-1.pdf
[13:16:23] <Wes George> Micheal Behringer presentingg
[13:16:28] Simon Romano joins the room
[13:16:34] <Lorenzo Miniero> Slide 1: Using Only Link-Local Address in Network
[13:16:43] <Lorenzo Miniero> Slide 1: Using Only Link-Local Address in Network
[13:16:57] <Wes George> summary slide
[13:16:59] <Lorenzo Miniero> Slide 2: Summary
[13:18:10] <Wes George> slide 3
[13:18:12] <Lorenzo Miniero> Slide 3: Approach
[13:18:13] Lee Howard joins the room
[13:18:55] <Lorenzo Miniero> Slide 4: Advantages of using link locals on infra
[13:19:19] spromano76 joins the room
[13:19:55] Simon Romano leaves the room
[13:20:42] Simon Romano joins the room
[13:21:07] Gunter Van de Velde joins the room
[13:21:20] <Lorenzo Miniero> Slide 5: Caveats and Workarounds
[13:22:08] Simon Romano leaves the room
[13:23:40] Simon Romano joins the room
[13:24:17] <Wes George> summary slide
[13:24:18] <Lorenzo Miniero> Slide 6: Summary
[13:24:52] <Dan York> Wes George at mic
[13:25:19] spromano76 leaves the room
[13:25:23] Gunter Van de Velde leaves the room
[13:25:46] <Dan York> Wes doesn't see this as BCP, thinks it should be info.
[13:28:12] <Wes George> joel jaeggli talking
[13:28:16] <Dan York> Fred Baker at mic
[13:29:32] PATRICK ASHER joins the room
[13:30:49] <Lorenzo Miniero> Presentazione interrotta
[13:31:07] Mem Sandberg joins the room
[13:31:50] <Wes George> slides for next preso not uploaded yet
[13:31:58] <Lorenzo Miniero> no slide deck on the materials page, sorry :(
[13:32:21] <Wes George> is it possible to uas a traceroute to identfiy routes on a path
[13:32:57] <Wes George> icmp and other traffic from routers identifies them to equipment that doesn't need to know
[13:33:08] <Wes George> so equp subject to attacks
[13:33:17] <Wes George> "principle of least privilage"
[13:33:19] <Wes George> need to know
[13:33:23] <Wes George> possible solutions
[13:33:27] <Wes George> see previous deck
[13:33:35] <Wes George> use LLA
[13:33:46] <Wes George> send ICMP from loopback, but now loopback is attacked
[13:33:55] <Wes George> use ULA, BCP 38 issue PMTU fails
[13:34:01] Benno Overeinder joins the room
[13:34:22] <Wes George> desirements (aka requirements)
[13:34:36] <Wes George> remote netowrk identify which operqator to ask a question of
[13:34:43] <Wes George> router addresses should have reverse dns
[13:34:51] <Wes George> have a way to not attack router so identified
[13:35:11] <Wes George> passive ipv6 addresses:
[13:35:31] <Wes George> 2 attributes on an interface address, respond with ICMP? should process messages sent to it?
[13:35:50] <Wes George> for people who don't need to know, address should be used, should not be processed
[13:36:01] <Wes George> address used for management should not be used, should be processed
[13:36:24] <Wes George> end of preso
[13:36:33] <Wes George> fortunately that was reasonably easy to transcribe ;-)
[13:38:31] <Dan York> Wes George at mic
[13:39:19] <Wes George> jared mauch at mic
[13:41:23] <Wes George> lee howard at mic
[13:42:22] <Wes George> igor gashinski
[13:45:57] Dominik Elsbroek joins the room
[13:45:58] <Wes George> robert rasuk at mike
[13:46:52] <Wes George> dan york at mic
[13:47:41] <Wes George> rajiv asati
[13:48:23] <Wes George> getting ready to discuss http://www.ietf.org/proceedings/83/slides/slides-83-opsec-3.pdf
[13:49:09] <Lorenzo Miniero> Slide 1: ??
[13:49:16] <Lorenzo Miniero> Slide 2: ??
[13:50:07] <Lorenzo Miniero> Slide 3: ??
[13:50:31] <Lorenzo Miniero> Slide 4
[13:51:13] <Lorenzo Miniero> Slide 5: Example
[13:51:50] <Lorenzo Miniero> Slide 6: Properties
[13:53:08] <Lorenzo Miniero> Slide 7: Scope of applicability
[13:53:50] <Lorenzo Miniero> Slide 8: Next steps
[13:53:58] <Dan York> Yea for including sample code!
[13:54:08] <Dan York> Wes George at mic
[13:54:30] <Dan York> Wes is "pretty against this draft"
[13:55:54] <Dan York> Wes: renumbering effort is trying to make as many devices as possible use dynamic addresses so that renumbering is easier. This goes against all that.
[13:56:26] <Wes George> merike kao at mic
[13:58:51] <Wes George> jared mauch, then warren kumari
[13:59:36] <Wes George> magnus...
[13:59:39] <Wes George> martin levy
[14:00:51] Gunter VdV joins the room
[14:01:10] <Wes George> now discussing http://www.ietf.org/proceedings/83/slides/slides-83-opsec-2.pdf
[14:01:13] <Lorenzo Miniero> Slide 1
[14:01:19] <Wes George> fernando gont presenting
[14:01:41] <Wes George> slide 2
[14:03:14] PATRICK ASHER leaves the room
[14:03:38] Dominik Elsbroek leaves the room
[14:03:49] <Lorenzo Miniero> Slide 3
[14:04:29] cheevarat joins the room
[14:04:41] <Wes George> a few hands signified reading doc
[14:04:50] <Wes George> a few additional hands volunteering to read
[14:06:19] Dan York leaves the room
[14:06:19] <Wes George> friendly neighborhood ops AD
[14:06:25] <Wes George> meeting adjourned
[14:06:27] Wes George leaves the room
[14:06:32] <Simon Romano> Bye to all...See you on Meetecho, guys!
[14:06:43] Lorenzo Miniero leaves the room
[14:06:44] Simon Romano leaves the room
[14:06:59] Mem Sandberg leaves the room
[14:07:00] audio leaves the room
[14:08:40] <Gunter VdV> It worked great...
[14:09:36] <Gunter VdV> Not on my work laptop, but on personal laptop. Employer blocked some things.... fyi...
[14:10:30] Benno Overeinder leaves the room
[14:10:55] Joel Jaeggli leaves the room
[14:11:24] Benno Overeinder joins the room
[14:11:34] Gunter VdV leaves the room
[14:15:51] cheevarat leaves the room
[14:17:41] Benno Overeinder leaves the room
[14:18:56] Lee Howard leaves the room
[14:27:24] Joel Jaeggli joins the room
[14:28:35] steve ulrich leaves the room
[14:31:14] Dominik Elsbroek joins the room
[14:36:19] Joel Jaeggli leaves the room
[14:42:50] Joel Jaeggli joins the room
[14:43:31] steve ulrich joins the room
[14:45:59] jpc leaves the room
[14:48:35] Benno Overeinder joins the room
[14:51:32] jpc joins the room
[14:53:54] Benno Overeinder leaves the room
[15:00:43] steve ulrich leaves the room
[15:01:51] steve ulrich joins the room
[15:20:56] steve ulrich leaves the room
[15:58:52] jpc leaves the room
[15:59:45] Joel Jaeggli leaves the room
[16:00:09] Joel Jaeggli joins the room
[16:29:14] jpc joins the room
[16:55:56] Joel Jaeggli leaves the room
[17:00:06] Joel Jaeggli joins the room
[17:03:00] Dominik Elsbroek leaves the room
[17:17:29] Joel Jaeggli leaves the room
[17:54:47] jpc leaves the room
[17:59:41] jpc joins the room
[18:34:28] jpc leaves the room
[18:35:17] jpc joins the room
[21:27:42] Dominik Elsbroek joins the room
[21:36:40] Dominik Elsbroek leaves the room
[21:37:24] Dominik Elsbroek joins the room
[21:57:47] Dominik Elsbroek leaves the room
[22:06:52] jpc leaves the room
[22:07:03] jpc joins the room
[23:08:46] Joel Jaeggli joins the room
[23:45:32] jpc leaves the room
[23:45:38] jpc joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!