SALSA Conference Call
07 October 2004
----------------------------------------------
Table of Contents
*Action Items*
0. Administrivia
1. Discussion & follow-up on CyberTrust and DHS BAA
2. Recap from I2MM sessions
3. Additional volunteers?
4. Any whois follow-up?
5. Additional items...
*Attendees*
----------------------------------------------
*New Action Items*
[AI] {Everyone} send names of potential Netc WG members to Marty, Mark, Ken, & Charles.
[AI] {Everyone} forward your own top 5 "hard problems" to the SALSA list.
[AI] {Chris M.} will discuss the idea of a NetAuth/incident handling workshop with the NetAuth WG
and put forward a proposal to SALSA.
*Carryover Action Items*
[AI] {Mark, Chris C., Chris M., Rodney, Ken, and Charles} will revisit spyware/botnets materials/ideas.
[AI] {Ken} will continue to think about whether there is a need for a forward-thinking security list
and how that differs from a WG.
----------------------------------------------
0. Administrivia
Please review the 23 Sep minutes (sent to the list on 07 Oct) and send any comments or issues to Mark.
. {Marty} will send an email to SALSA members in order to get feedback on the proposed Netc WG and
charter. [DONE] Marty is no longer soliciting feedback on the proposed Netc WG and charter. The
SALSA-Netc WG page is now live at http://security.internet2.edu/netc/. Marty is now focused on
recruiting candidates to participate as WG members. Please send any recommendations to Marty, Mark,
Ken, and Charles.
. {Ken} will summarize the conversation about email lists. {Everyone} should review Ken's email
and provide comments, etc. [CHANGED AI TO] {Ken} will continue to think about whether there is a need
for a forward-thinking security list and how that differs from a WG.
----------------------------------------------
1. Discussion & follow-up on CyberTrust and DHS BAA
There were 2 awards made for CyberTrust. At this time, we don't see any other opportunities from NSF
to follow-up on.
Marty and Charles looked at the DHS BAA and brainstormed 4 possible submissions (one involving Alterium,
another working with Symantec on policy enforcement, a third written by Marty about internet priority
service - e.g., priority to email and VOIP traffic, and the final idea was deploying SBGP overlay over
Abilene). White papers were due 06 Oct and we submitted one on internet priority service (Marty
forwarded this to the list on 07 Oct). McAfee submitted something on 'spicy Shib'. Greg mentioned
that IU submitted 2 white papers. REN-ISAC did not submit anything this time. Anyone who submitted a
white paper should receive feedback about submitting a full proposal within the next couple of months.
----------------------------------------------
2. Recap from I2MM sessions
Email Security BoF: Mark still has some action items to follow-up on from this session. The SYMPA
folks were very happy with both the workshop and BoF.
SALSA Meeting (Closed): Ken summarized the three priorities identified during the meeting, which
include: 1) articulating, on a consistent basis to funding agencies, CIOs, vendors, etc., the bigger
visions of security approaches and performance goals; 2) identify a small number of projects that have
real deliverables (within a 1-3 year timeframe) and are of interest to a variety of people, like
NetAuth has done; and 3) determining whether SALSA should be involved in short-term operational
issues (e.g., improving incident handling tools) and changing long-term vision (there were a lot of
endorsements to do things in the short-term). An additional take-away was that we need more people
involved at the SALSA and WG levels.
During the NetAuth WG update in Austin, there was an adhoc presentation on EduRoam.edu. Are we far
enough along to experiment with something like EduRoam? This kind of experiment would be within the
1-3 year project space. Although there may not be as much of a connection with S@LS, the EduRoam idea
is fairly close to NetAuth and it would be reasonable to go forward with such an experiment.
During this call, the group also agreed that it would be reasonable to host a NetAuth workshop to
take this WG to the next level. Incident handlers would also be invited to determine what would help
improve incident handling mechanisms on campus. Chris Misra will discuss the workshop idea with the
NetAuth WG and put forward a proposal.
----------------------------------------------
3. Additional volunteers?
A few people have expressed interest in participating recently. On the next call, we will
consider specific names. If you have names to put forward, please try to describe what their
responsibilities are and how you ran across them. We will also discuss how to balance the
visionary and operational people and whether having multiple people participating from the
same institution is a concern (although it doesn't seem to be an issue at the moment).
----------------------------------------------
4. Any whois follow-up?
At this time, there's no need to discuss this topic any further.
----------------------------------------------
5. Additional items...
Ken forwarded a list of "hard problems" from the Infosec Research Council (see 28 Sep email). The
topics seem to be fairly general and everyone agreed that it would be nice to have something more
specific. Mark asked everyone to forward their own top 5 (or 8 or 10) hard problems to the SALSA list, and
we'll discuss this topic again during the next call.
Doug will provide periodic REN-ISAC updates, but this topic won't be discussed routinely during
SALSA calls. The group agreed that it's a good idea for the REN-ISAC to link back to us even though
SALSA will only serve in an advisory capacity. Ken also mentioned that Internet2 could offer
operational support for conference calls (PINs, flywheels, etc.), however REN-ISAC should not be
branded as an Internet2 or SALSA activity.
Other suggested topics for the 21 Oct call include a discussion of next steps in terms of security
at line speed, and an update by Rodney on the NCAR Cybersecurity Summit held 27-28 Sep (there was a
major focus on incident handling).
----------------------------------------------
*Attendees*
Cramer, Chris
DiFatta, Chas
Dobbins, Gary
Gray, Terry
Klingenstein, Ken
Misra, Chris
Pearson, Doug
Pepin, Jim
Petersen, Rodney
Poepping, Mark
Schulman, Marty
St. Sauver, Joe
Travis, Greg
Vogel, Valerie
----------------------------------------------
[End of minutes for 07 October 2004.]