Salsa-CSI2 Conference Call September 28, 2006

Minutes Salsa-CSI2 Conference Call
September 28, 2006

*Attending*

Chris Misra, U. Mass (Chair)
Phil Deneault, WPI
Doug Pearson, Indiana/REN-ISAC
Brian Smith-Sweeney, NYU
Renee Frost, Internet2
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)

*Action Items*

[AI] {Chris} Send a note to relevant parties confirming that NYU is
second data source.

[AI] {Doug} Distribute NICT information.

[AI] {Chris and Doug} Connect with NoX GigaPOP folks for Arbor information.

[AI] {Chris} Plan face-to-face gathering at the security professionals
meeting in April. Try to coordinate with REN-ISAC meeting.

*Carryover Action Items*

[AI] {Phil} Develop public-quality material on RENOIR for sharing with
folks from Japan and others.

[AI] {Nick} Post documentation on noise reduction to wiki.

[AI] {Chris} Create project plan on using UMass for first data source
to shared darknet.

[AI] {Nick} Normalizing data and noise reduction -- put together
suggestions of what makes sense to be done at the end-user site and
what makes sense to do centrally (to list and to wiki).

*Discussion*

Phil will be ordering RENOIR hardware. He has a large box assigned to
RENOIR right now, so this is not a pressing issue. There is agreement
that uncooked data should not go to RENOIR, but we need to decide what
to do with the uncooked data.

UMass is sourcing data to the shared darknet. Things are going
relatively well. Doug is ready to begin working with a second data
source, which will be NYU. Chris will send a note to relevant parties
confirming that NYU is the second data source.

Doug committed to distributing NICT information. Also, several months
ago, Doug sent a schema for shared darknet data to the email list.
That information is still 90-95 percent relevant. Right now, a script
moves data received into the shared darknet.

Phil reported the IETF INCH group working on IODEF standard has run
into a snag and every deadline has slipped. The area director has
stated the group needs to meet deadlines or will be dissolved. The
IODEF document is ready to go to approval body. We should keep
plugging away with the last standard version until we see what
happens.

Doug reported that the previous interpretations on sunshine laws in
Ohio may not be accurate. The degree of openness required may not
cover the processing of data as it relates to REN-ISAC. One solution
to this confusion may be to provide access to the data – on a web
server for example – but not actually give people the data. This may
guide some approaches of CSI2 relating to data – perhaps data needs to
be centrally served rather than distributed. Chris will add a new
agenda item for next time – data processing and disclosure – to
discuss this issue.

REN-ISAC – Doug reported REN-ISAC is moving along with the registry,
but it is not fully implemented yet. Doug has talked with the CS
department at Indiana about having a senior projects team work on a
PHP/MySQL application. Also, Doug is working with Arbor GigaPOP tools
and the Indianapolis GigaPOP is up and running. Chris said he will
connect Doug with NoX GigaPOP folks.

REN-ISAC is also working on analysis of the member survey. They
received 75 responses out of 210 eligible to respond. The analysis is
complete and the technical advisory committee hopes to develop
recommendations by mid-October (although it may be as late as early
December).

Brian raised a concern about vulnerability announcements. While it is
good to have announcements of a vulnerability discovery made early and
with complete information, the affected institution may not want that
information made public. In general, people are nervous about
disclosing vulnerabilities to the public and to the vendor, but the
information needs to be shared with a network of .edu folks. What are
the standards? What constitutes a vulnerability discovery and when
should you disclose it? CSI2 will consider developing guidelines in
the future.

After a discussion of the next face-to-face, Chris will plan such an
event at the security professionals meeting in April and will try to
coordinate with the REN-ISAC meeting.

The next call is scheduled for Thursday, October 12, at 2:30 pm EDT.