**Salsa Call 4-Sep-08**
**Attending**
Chris Misra, U. Mass (chair)
Ken Klingenstein, Internet2
Jim Pepin, Clemson
Mike Van Norman, UCLA
Terry Gray, U. Washington
Deke Kassabian, U. Penn
Jack Suess, UMBC
Doug Pearson, REN-ISAC/Indiana U.
Joe St. Sauver, Internet2/U. Oregon
Chas DiFatta, CMU
Rodney Petersen, Educause
Renee Frost, Internet2
Steve Olshansky, Internet2 (scribe)
**Action Items**
[AI] (Ken) will contact CAIDA to see if there is existing information
available on port availability.
**Discussion**
- 2-port Internet Discussion
Multicast performance and video security are two topics that have arisen
at the AMSAC level as problems illustrating the tension between security
and performance issues.
The Campus Expectations Task Force is a logical forum in which to
communicate goals and vision, and perhaps a self-assessment mechanism,
to campuses as they work to support advanced applications.
The REN-ISAC might be a logical forum in which to address campus
expectations from the security perspective.
It was noted that if security mechanisms or policies prevent service
availability, this is in essence a DoS attack.
In general, multicast seems to be more problematic at the campus level
than it is at the regional or backbone network level.
It is expected that IPv6 multicast will increasingly be expected as a
baseline offering from the regionals.
What are the tradeoffs to be anticipated, e.g. are DNSSEC and IPv6 a
source of conflict? Are time and expertise the bottlenecks?
Are the 2-port Internet issues important enough in an advanced
networking environment that they need to be escalated in terms of
visibility and activity? Likely yes…
The NLANR multicast beacon was mentioned as a project of interest:
http://beacon.dast.nlanr.net/
Community sharing of some aspects of a campuses security profile, e.g. a
list of open and closed ports at the perimeter, was suggested as useful
information to collect, but there would likely be resistance from campus
security staff even though this information is easily discoverable
through a simple external port scan. A reference list of observed open
ports over time was also suggested as a potentially useful tool, but
would likely encounter similar resistance. Perhaps working through CIOs
would make this more palatable…
The Internet2 Detective was suggested as a tool which could be used to
collect useful relevant data, but doesn’t currently.
http://detective.internet2.edu/
[AI] (Ken) will contact CAIDA to see if there is existing information
available on network protocol and application support.
Future agenda item: what data besides multicast and IPv6 support ought
to be collected?
- DNSSEC update
With the recent announcement of .gov being mandated to support DNSSEC,
this raises its visibility considerably. Since it will likely be some
time before .edu is signed, DLV might be the appropriate temporary route
to encourage DNSSEC adoption among the higher-ed community.
FISMA may come into play to force campuses hosting government agency
(e.g. USDA) servers to implement DNSSEC.
Future agenda item: “Getting your campus ready for DNSSEC” documentation
- Fall Internet2 Member Meeting, other meetings
See the list of Middleware and Security sessions at
http://middleware.internet2.edu/calendars/2008-I2MM-Fall-MW-Sec.html
- DoJ grant update
Sub-awardees will be meeting with Ken shortly to coordinate activities
going forward.
- Security and privacy risks associated with agent software
Deke is working actively on this and will be circulating a draft for
discussion and review. There will also be a session on this topic at the
Fall Internet2 Member Meeting.
- IdM/STF discussions
The co-chairs of the Net@EDU IdM working group have initiated an
activity to inventory security and IdM activities and seek areas for
collaboration with other organizations. They will be meeting at the
Internet2 Fall Member Meeting and at the Educause Annual Meeting.
- InCommon Silver
This LoA2 service is making headway. More to come as it develops. See
https://spaces.internet2.edu/display/InCCollaborate/InCommon+Identity+Assurance