headers
Sean Turner | 5 Oct 2011 18:37

Re: Call for SAAG presentation topics for IETF 82

Sending out the call again.

spt

On 9/7/11 7:59 AM, Sean Turner wrote:
> All,
>
> Stephen and I are putting together the SAAG agenda for Taipei.
>
> The agenda traditionally includes one or two invited presentations after
> the working group reports. If you believe a topic would be of interest
> to the community, then please suggest it to us.
>
> If you can identify an appropriate presenter (not necessarily yourself)
> that would be helpful.
>
> Thanks,
>
> spt
> _______________________________________________
> saag mailing list
> saag <at> ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
Permalink | Reply | 1 comment |
headers
Peter Saint-Andre | 5 Oct 2011 19:11
Favicon

Re: Call for SAAG presentation topics for IETF 82

I'm still interested in getting feedback about internationalized
passwords and draft-ietf-precis-framework.

(Marc Blanchet and I will update I-D that before IETF 82 to incorporate
feedback received on the SAAG list a while back, but I think we might
need to present about this in person to gather more feedback.)

On 10/5/11 10:37 AM, Sean Turner wrote:
> Sending out the call again.
> 
> spt
> 
> On 9/7/11 7:59 AM, Sean Turner wrote:
>> All,
>>
>> Stephen and I are putting together the SAAG agenda for Taipei.
>>
>> The agenda traditionally includes one or two invited presentations after
>> the working group reports. If you believe a topic would be of interest
>> to the community, then please suggest it to us.
>>
>> If you can identify an appropriate presenter (not necessarily yourself)
>> that would be helpful.
>>
>> Thanks,
>>
>> spt
>> _______________________________________________
>> saag mailing list
>> saag <at> ietf.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
=JeffH | 9 Oct 2011 00:04

fyi: Control System Cyber Security - State of the State

Of possible interest, this talk will be  <at> stanford, most of the time the talks 
in this series are also webcast, see <http://ee380.stanford.edu> for details...

Subject: [EE CS Colloq] Control System Cyber Security - State of the State *
	4:15PM, Wed Oct 12, 2011 in Skilling Auditorium
From: "Dennis Allison" <allison <at> stanford.edu>
Date: Thu,  6 Oct 2011 07:00:29 -0700 (PDT)
To: colloq <at> cs.stanford.edu

              Stanford EE Computer Systems Colloquium
                  4:15PM, Wednesday, Oct 12, 2011
Skilling Auditorium, Stanford Campus http://ee380.stanford.edu[1]

Topic:    Control System Cyber Security - State of the State

Speaker:  Joe Weiss
           Applied Control Solutions, LLC

About the talk:

Industrial control systems are used in electric power, water,
pipelines, etc. These systems were designed for performance and
safety considerations, not security. Traditional IT security
technologies, policies, and testing may not apply to these
systems. Moreover, there is currently no university with an
interdisciplinary program accross multiple engineering
disciplines to address control system cyber security. There have
already been more than 200 actual control system cyber incidents
to date, though most have not been identified as cyber. In the US
alone, there have been 4 control system cyber incidents that have
(Continue reading)

Permalink | Reply | 0 comments |
headers
=JeffH | 9 Oct 2011 00:10

fyi: Smart Grid Security and Privacy, and a Case Example in AMI Networks

of possible interest, this talk will be at Cal Berkeley...

Subject: [Trustseminar] TRUST Seminar: Alvaro Cardenas, (TODAY) 10/6 - 1 PM
From: "Aimee Tabor" <aimeet <at> eecs.berkeley.edu>
Date: Thu, 6 Oct 2011 11:48:00 -0700
To: <trustseminar <at> trust.eecs.berkeley.edu>,
         <trustlocal <at> trust.eecs.berkeley.edu>

Description: Alvaro Cardenas

   Smart Grid Security and Privacy, and a Case Example in AMI Networks

    Alvaro Cardenas <http://www.flacp.fujitsulabs.com/~cardenas/> , Fujitsu
Laboratories of America

    Thursday, October 6, 2011 at 1:00 PM
    Soda Hall, Wozniak Lounge

Abstract. The smart grid refers to multiple efforts around the globe to
modernize aging power grid infrastructures with new technologies, enabling a
more intelligently networked automated system. The goal of a smart grid is
to deliver energy with greater efficiency, reliability, security and provide
more transparency and choice, to electricity consumers. While the smart grid
promises many benefits, it raises many new security and privacy challenges
with its large-scale deployment of ubiquitous, remotely accessible networked
devices, and their fine-grained data collection.

The first part of this talk will give a broad view on the security and
privacy landscape of the industry and the current efforts by several groups
(like the NIST CSWG, NERC CIP, and state regulators) to secure it and some
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sean Turner | 13 Oct 2011 04:57

Fwd: WG Review: Managed Incident Lightweight Exchange (mile)

FYI ...

-------- Original Message --------
Subject: WG Review: Managed Incident Lightweight Exchange (mile)
Date: Tue, 11 Oct 2011 09:26:08 -0700 (PDT)
From: IESG Secretary <iesg-secretary <at> ietf.org>
Reply-To: iesg <at> ietf.org
To: IETF Announcement list <ietf-announce <at> ietf.org>
CC: mile <at> ietf.org

A new IETF working group has been proposed in the Security Area.  The
IESG has not made any determination as yet. The following draft charter
was submitted, and is provided for informational purposes only. Please
send your comments to the IESG mailing list (iesg <at> ietf.org) by Tuesday,
October 18, 2011.

Managed Incident Lightweight Exchange (mile)
--------------------------------------------
Status: Proposed Working Group Charter
Last Updated: 2011-09-21

Chairs:
      TBD

Security Area Directors:
      Stephen Farrell <stephen.farrell <at> cs.tcd.ie>
      Sean Turner <turners <at> ieca.com>

Security Area Advisor:
      Sean Turner <turners <at> ieca.com>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrey Jivsov | 13 Oct 2011 04:40

Standardizing NSA Suite B public key algorithms (Elliptic curve NIST curves) with OpenPGP format

Hello SAAG,

May I ask for an advice on what is the best way to advance a personal 
draft into an IETF standard?

Here is the latest version of the draft: 
http://www.ietf.org/id/draft-jivsov-openpgp-ecc-08.txt . Please refer to 
http://sites.google.com/site/brainhub/pgp for up-to-date details.

There are now two inter-operable implementation from different code base 
that implement this format, for example, GnuPG 2.1.0 beta.

The major design goal of the document was simplicity. ECDSA is 
straighforward and maps trivially to what was already defined for DSA 
over modp field. Encryption capability needed new format definitions to 
comply with NIST-blessed guidelines. As a result, the document uses ECDH 
per SP800-56A with AES WRAP. I believe that all described methods in the 
document are in public domain.

It would be great if an AD would help with sponsoring this document.

Any comment is appreciated. Thank you in advance.
Permalink | Reply | 3 comments |
headers
Yoav Nir | 14 Oct 2011 07:07
Picon
Favicon

Re: Standardizing NSA Suite B public key algorithms (Elliptic curve NIST curves) with OpenPGP format

Hi Andrey.

The best way is to contact one of the security ADs (Sean Turner or Stephen
Farrell) and ask for this to more forward as an individual submission.

Hope this helps

Yoav

On 10/13/11 4:40 AM, "Andrey Jivsov" <openpgp <at> brainhub.org> wrote:

>Hello SAAG,
>
>May I ask for an advice on what is the best way to advance a personal
>draft into an IETF standard?
>
>Here is the latest version of the draft:
>http://www.ietf.org/id/draft-jivsov-openpgp-ecc-08.txt . Please refer to
>http://sites.google.com/site/brainhub/pgp for up-to-date details.
>
>There are now two inter-operable implementation from different code base
>that implement this format, for example, GnuPG 2.1.0 beta.
>
>The major design goal of the document was simplicity. ECDSA is
>straighforward and maps trivially to what was already defined for DSA
>over modp field. Encryption capability needed new format definitions to
>comply with NIST-blessed guidelines. As a result, the document uses ECDH
>per SP800-56A with AES WRAP. I believe that all described methods in the
>document are in public domain.
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Rene Struik | 14 Oct 2011 22:55
Picon

Re: Standardizing NSA Suite B public key algorithms (Elliptic curve NIST curves) with OpenPGP format

Hi Andrey:

I had a quick look at your draft ; please see my preliminary notes
below. I hope this helps.

Best regards, Rene

==

Comments on draft-jivsov-openpgp-ecc-08:

Clause 6 (conversion routines):

(T-1) This clause suggests a fixed format for octet representation of
elliptic curve points (l. 8), thus hampering future extensibility
(suggested in the last para). Moreover, this seems to conflict the
format in SEC1 (since there if B0 = 0x00, then one has the point at
infinity). I would suggest specifying the format B0 || x || y only if
the leftmost octet B0 is the octet 0x04 (affine point representation)
and leaving other options for B0 (bar 0x00, 0x02, 0x03) for future
extensibility (the exception set corresponding to point at infinity
(0x00), resp. compressed points (0x02, 0x03), as defined in SEC1).

(T-2) The remark on extensibility (last para) seems to suggest forward
compatibility (which more or less kills extensibility prospects).
Wouldn't the proper approach be that one parses the string B0 || ....
and then simply rejects unrecognized B0 values. With the specification
here this would mean that one rejects the representation if the leftmost
octet is not equal to the string 0x04. This is a far less harsh
requirement on getting a foot in the door with potentially new
(Continue reading)

Permalink | Reply | 1 comment |
headers
Andrey Jivsov | 14 Oct 2011 13:16

Re: Standardizing NSA Suite B public key algorithms (Elliptic curve NIST curves) with OpenPGP format

Hello Rene. Thank you for your comments.

On 10/14/2011 01:55 PM, Rene Struik wrote:
> Hi Andrey:
>
> I had a quick look at your draft ; please see my preliminary notes
> below. I hope this helps.
>
> Best regards, Rene
>
> ==
>
> Comments on draft-jivsov-openpgp-ecc-08:
>
> Clause 6 (conversion routines):
>
> (T-1) This clause suggests a fixed format for octet representation of
> elliptic curve points (l. 8), thus hampering future extensibility
> (suggested in the last para). Moreover, this seems to conflict the
> format in SEC1 (since there if B0 = 0x00, then one has the point at
> infinity). I would suggest specifying the format B0 || x || y only if
> the leftmost octet B0 is the octet 0x04 (affine point representation)
> and leaving other options for B0 (bar 0x00, 0x02, 0x03) for future
> extensibility (the exception set corresponding to point at infinity
> (0x00), resp. compressed points (0x02, 0x03), as defined in SEC1).

I could not identify a conflict. The draft says to use uncompressed 
version with the tag value 0x04.

>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Peter Saint-Andre | 18 Oct 2011 19:51
Favicon

Re: internationalized passwords

On 9/6/11 10:45 PM, Mouse wrote:
>>> it's quite obvious to me that Unicode must be supported.
>> I'm happy to hear it. :)
> 
> I'm not entirely clear what the context here is, but you might want to
> at least consider that you'd be repeating the ssh mistake if you make
> this a MUST.  (ssh, as specified, is unimplementable on some Unix
> variants, and quite possibly other OSes, because some things which the
> RFCs say MUST be in UTF-8, such as usernames or passwords, exist in the
> system as octet strings rather than character strings and thus
> inherently cannot be recoded.  That ssh comes as close to working as it
> does is a testament to ASCII's ubiquity.)

As I see it, the PRECIS WG is not mandating, and could not mandate, that
any given application technology MUST support non-ASCII passwords.
Instead, it's giving protocol designers a common tool for preparing and
comparing passwords (and other strings) containing Unicode characters,
if they choose to support such things.

Peter

--

-- 
Peter Saint-Andre
https://stpeter.im/
Permalink | Reply | 0 comments |

Gmane