From training at ripe.net Tue Aug 12 12:19:27 2003 From: training at ripe.net (RIPE NCC Training) Date: Tue, 12 Aug 2003 12:19:27 +0200 Subject: [techsec-wg] Announcement DNSSec Training Course Message-ID: <200308121019.h7CAJR3j004177@birch.ripe.net> ------- Dear Colleagues, [apologies for duplicate postings] As a service to its members the RIPE NCC offers the DNSSec Training Course. The main objective of the DNSSec Training Course is to provide LIRs with sufficient background to be able to deploy DNSSec in their own organisation as soon as the protocol is standardised. This course also explains the specific procedures set up by the RIPE NCC to to secure the in-addr.arpa zone. The Domain Name System (DNS) is one of the main parts of the Internet infrastructure. At the moment DNS lacks a mechanism to establish the authenticity and integrity of the data it provides. DNSSec is a set of extensions to provide this end-to-end authenticity and integrity. It is currently being developed within the IETF dnsnext Working Group. The protocol is about to be finalised and the code implementing the protocol is available in alpha releases. The DNSSec course consists of two parts: an "Introduction to DNSSec" and a real life demonstration. The "Introduction to DNSSec" will cover: - DNS security threats - DNSSec security mechanisms - DNSSec server protection - DNSSec data protection - Delegation issues - Key management issues - Current developments Examples are based on the BIND name server. Please note that DNSSec is an advanced course. It will: - NOT teach the basics of DNS. - NOT describe how to receive Internet resources from the RIPE NCC not describe how to operate a Local Internet Registry (LIR) The target audience of the course are technical staff of LIRs: e.g. network & system operators, engineers, etc. This course is not intended for administrative or management staff (e.g. Hostmasters). It is assumed that all attendees are familiar with common DNS terminology, have a practical knowledge in operating DNS servers and are interested in learning the concepts and mechanisms that DNSSec offers. The DNSSec course is conducted in the English language and is free of charge, since it is covered by the membership fee. More information about the DNSSec Training Course can be found at: http://www.ripe.net/training/dnssec/ REGISTRATION: You can register for a course at the following URL: http://www.ripe.net/cgi-bin/trainingform.pl.cgi Or by completing the registration form at the end of this e-mail and replying to In order to register for a DNSSec Training Course you must be an employee of an LIR and either : - be an LIR contact - be confirmed by an LIR contact. LIR contacts are those employees of an LIR who are registered with the RIPE NCC as authoritative contact persons. It is expected that most of those interested in the DNSSec Training Course will not be an authorative contact persons for their LIR, and therefore will be refused by the course registration "robot". In order to be admitted to the course, a confirmation e-mail must be sent to . Please approach the LIR contacts from your organisation personally, since the identity of LIR contacts is confidential, and the RIPE NCC is unable to divulge contact persons for any given LIR. Kind Regards, The RIPE NCC Training Team COURSE DATES AND VENUES ======================= Date: Monday 18 August 2003 Time: 0900 - 1700 Location: Dubai, United Arab Emirates AND: Date: Friday 19 September 2003 Time: 0930 - 1700 Location: Amsterdam, The Netherlands AND: Date: Friday 10 October 2003 Time: 0900 - 1700 Location: Istanbul, Turkey AND: Date: Friday 28 October 2003 Time: 0900 - 1700 Location: Rome, Italy REGISTRATION FORM ================= %START PART 1 - Registration 1) Your name Enter First name, Last name in full e.g. John Doe Mary-Beth Walton # NAME [ ] 2) Your Registry ID (format: country-code.) # REG [ ] 3) Your e-mail address # EMAIL [ ] 4) Your NIC handle (optional) # NICHANDLE [ ] 5) The course you plan to attend (date and location) # COURSE [ ] %END From ted at tednet.nl Tue Aug 12 12:35:51 2003 From: ted at tednet.nl (Ted Lindgreen) Date: Tue, 12 Aug 2003 12:35:51 +0200 Subject: [techsec-wg] Proposed agenda TechSec, RIPE 46, Amsterdam Message-ID: <200308121035.h7CAZqmu013920@omval.tednet.nl> A. Administrative Matters - scribe - list of participants - agenda - minutes B. Disi report, Olaf Kolkman - 20 minutes C. Internet draft draft-jones-opsec-00.txt, presentation and discussion, George Jones - 20 minutes D. Update on Fonkey and IETF related developments at IETF Yuri Demchenko - 15 minutes ---------------------- Comments, additions, anything else? -- ted From gmjones at mitre.org Thu Aug 14 19:05:04 2003 From: gmjones at mitre.org (George M. Jones) Date: Thu, 14 Aug 2003 13:05:04 -0400 Subject: [techsec-wg] What controls do you need to secure your network ? Message-ID: <3F3BC140.6040105@mitre.org> I will be giving brief overview of the Operational Security Requirements (opsec) IETF draft @ the techsec working group. The basic idea of the draft is to enumerate, in a requirements doc, the list of controls that are needed to operate network infrastructure securely. The second version of the draft is now available @ http://www.port111.com/opsec/draft-jones-opsec-01.txt and should be up in the IETF Internet Drafts Real Soon Now (submitted last night). I would very much like to have input from this community on the requirements. Are there critical capabilities missing ? Are there things that should be removed ? Have you ever tried to test/purchase/operate equipment and found yourself saying "I can't believe the device does not have the ability to [insert basic security feature here]...". We will have some time at the tecsec-wg, but it would also be useful to start discussing things on this list now. Your thoughts ? Thank you, ---George Jones From ted at tednet.nl Tue Aug 19 15:11:34 2003 From: ted at tednet.nl (Ted Lindgreen) Date: Tue, 19 Aug 2003 15:11:34 +0200 Subject: [techsec-wg] Agenda TechSec, RIPE 46, Amsterdam In-Reply-To: "Ted Lindgreen's message as of Aug 12, 11:36" Message-ID: <200308191311.h7JDBYiq006644@omval.tednet.nl> A. Administrative Matters - scribe - list of participants - agenda - minutes B. Disi report, Olaf Kolkman - 20 minutes C. Internet draft draft-jones-opsec-00.txt, presentation and discussion, George Jones - 20 minutes D. Update on Fonkey and IETF related developments at IETF Yuri Demchenko - 15 minutes -- ted From gmj at pobox.com Wed Aug 20 19:49:19 2003 From: gmj at pobox.com (George Jones) Date: Wed, 20 Aug 2003 13:49:19 -0400 (EDT) Subject: [techsec-wg] Agenda TechSec, RIPE 46, Amsterdam In-Reply-To: <200308191311.h7JDBYiq006644@omval.tednet.nl> References: <200308191311.h7JDBYiq006644@omval.tednet.nl> Message-ID: > C. Internet draft draft-jones-opsec-00.txt, > presentation and discussion, George Jones - 20 minutes Actually, it will be the -01 draft. Submitted to IETF, waiting posting. In the meantime: http://www.port111.com/opsec/draft-jones-opsec-01.txt ---George From demch at chello.nl Thu Aug 21 10:16:27 2003 From: demch at chello.nl (Yuri Demchenko) Date: Thu, 21 Aug 2003 10:16:27 +0200 Subject: [techsec-wg] Agenda TechSec, RIPE 46 - draft-jones-opsec-01.txt In-Reply-To: References: <200308191311.h7JDBYiq006644@omval.tednet.nl> Message-ID: <3F447FDB.6050800@chello.nl> George Jones wrote: >>C. Internet draft draft-jones-opsec-01.txt, >> presentation and discussion, George Jones - 20 minutes > > > Actually, it will be the -01 draft. Submitted to IETF, waiting > posting. In the meantime: > > http://www.port111.com/opsec/draft-jones-opsec-01.txt > George, Just to simplify your task, your draft has been published and it looks now more focused on network users and operators needs. Yuri A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Operational Security Requirements for IP Network Infrastructure Author(s) : G. Jones Filename : draft-jones-opsec-01.txt Pages : 68 Date : 2003-8-20 This document defines a list of operational security requirements for the infrastructure large IP networks (such as routers and switches). A framework is defined for specifying 'profiles', which are collections of requirements applicable to certain classes of devices. The goal is to provide consumers of network equipment a clear, concise way of communicating their security requirements to vendors of such equipment. Please send any COMMENTS TO: 'opsec-comment at ops.ietf.org'. ALSO SEE 'http://www.port111.com/ opsec/opsec-meta.txt'. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-jones-opsec-01.txt From ted at tednet.nl Wed Aug 27 10:44:21 2003 From: ted at tednet.nl (Ted Lindgreen) Date: Wed, 27 Aug 2003 10:44:21 +0200 Subject: [techsec-wg] Updated agenda TechSec, RIPE 46, Amsterdam In-Reply-To: "Ted Lindgreen's message as of Aug 19, 14:12" Message-ID: <200308270844.h7R8iMBV006402@omval.tednet.nl> Changes: draft-jones-opsec-00.txt ==> draft-jones-opsec-01.txt Item "TF-CSIRT update" inserted. A. Administrative Matters - scribe - list of participants - agenda - minutes B. Disi report, Olaf Kolkman - 20 minutes C. Internet draft draft-jones-opsec-01.txt, see http://www.ietf.org/internet-drafts/draft-jones-opsec-01.txt presentation and discussion, George Jones - 20 minutes D. TF-CSIRT update by Baiba Kaskina (TERENA) - 5 minutes E. Update on Fonkey and IETF related developments at IETF Yuri Demchenko - 15 minutes -- ted From ted at tednet.nl Wed Aug 27 11:03:21 2003 From: ted at tednet.nl (Ted Lindgreen) Date: Wed, 27 Aug 2003 11:03:21 +0200 Subject: [techsec-wg] 2nd updated agenda TechSec, RIPE 46, Amsterdam In-Reply-To: "Ted Lindgreen's message as of Aug 27, 9:45" Message-ID: <200308270903.h7R93MQx006446@omval.tednet.nl> Changes: C: draft-jones-opsec-00.txt ==> draft-jones-opsec-01.txt D: Item "TF-CSIRT update" inserted E: IETF-related ==> PKI-related A. Administrative Matters - scribe - list of participants - agenda - minutes B. Disi report, Olaf Kolkman - 20 minutes C. Internet draft draft-jones-opsec-01.txt, see http://www.ietf.org/internet-drafts/draft-jones-opsec-01.txt presentation and discussion, George Jones - 20 minutes D. TF-CSIRT update by Baiba Kaskina (TERENA) - 5 minutes E. Update on Fonkey and PKI related developments at IETF Yuri Demchenko - 15 minutes -- ted From henk at ripe.net Thu Aug 28 13:40:00 2003 From: henk at ripe.net (Henk Uijterwaal (RIPE-NCC)) Date: Thu, 28 Aug 2003 13:40:00 +0200 (CEST) Subject: [techsec-wg] Re: [ncc-services-wg] Incident Response Service (IRS) [was: Unneeded RIPE tasks] (fwd) In-Reply-To: <5.1.0.14.2.20030827213913.00aa6db0@max.att.net.il> Message-ID: Dear Hank, For your first question, please see Daniel's quote from RIPE271 and further text in his posting earlier today. > >with more details about the IS activity. This paper was discussed at > >RIPE45 and people have been invited to comment on this document on the > >tt-wg at ripe.net list. Then the proposed budget: > > The test-Traffic WG, as per its charter states: [...] Speaking as the former chair of the tt-wg: Formally speaking you are right, it is outside the charter of the TT-WG. However, after Daniel's presentation at RIPE45 and subsequent discussion, the question was raised where further comments on the topic could be posted. As the IS activity overlaps between at least 5 different WG's (tt, techsec, services, routing, DNS*) and none of them is exactly the right place for this discussion, we arbitrarily picked the tt-wg list. There haven't been that many postings on the topic as I'd hoped, but comments are still welcome. Henk ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal at ripe.net RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ That problem that we weren't having yesterday, is it better? (Big ISP NOC)