Re: [cin] Exploratory BOF on Critical Infrastructure Networks - 7:30 PM Tonight

Eric Burger <> Mon, 30 July 2012 19:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DE67311E81F0 for <>; Mon, 30 Jul 2012 12:53:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.299
X-Spam-Status: No, score=-101.299 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Qn1TMEPXUJP9 for <>; Mon, 30 Jul 2012 12:53:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B60F611E81E9 for <>; Mon, 30 Jul 2012 12:53:52 -0700 (PDT)
Received: from ([]:56966) by with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from <>) id 1Svw2J-0006s8-8e for; Mon, 30 Jul 2012 12:53:51 -0700
From: Eric Burger <>
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/signed; boundary=Apple-Mail-124-298609543; protocol="application/pkcs7-signature"; micalg=sha1
Date: Mon, 30 Jul 2012 12:53:49 -0700
In-Reply-To: <>
References: <>
Message-Id: <>
X-Mailer: Apple Mail (2.1084)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [cin] Exploratory BOF on Critical Infrastructure Networks - 7:30 PM Tonight
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Jul 2012 19:53:54 -0000

Something to make painfully clear here:
The goal of this work is NOT to make a walled garden that happens to use IETF protocols. The goal is to create global interoperable multi-vendor, multi-jurisdiction (think AS), multi-network protocols that happen to be very difficult to hack or create effective DDoS attacks.

We understand this is an almost impossible task. However, we think there are a number of things we can do in the IETF to allow people to build systems that are good enough.

I am up for the challenge. Are you? Meet us for the BOF and a Beer(tm) to sign up.
- Eric

On Jul 30, 2012, at 11:31 AM, Terry Davis wrote:

> List members
> We are having an exploratory “birds of a feather” meeting tonight (Monday 30th) here at the Vancouver IETF after the IAB Plenary session about 7:30PM.  We will meet then and determine where we can talk; contact me if you don’t find us.
> My Interest:
> I’ve been working in critical infrastructure at some level most of my career.  About 2005 I became involved in working on the standards for the Next Generation of Air Traffic Management Networks with the International Civil Aviation Organization (ICAO), a UN sister agency to the ITU, to create the top level standards for this.
> Our current global ATM network is based on an early eighties unique version of OSI.  Since it has no cyber security capabilities, current communications with the aircraft do not carry any flight critical information or interface to flight critical systems.  The vision for the Next Generation ATM systems would like to do more (but still unlikely to interface with flight critical systems) to enhance global commercial aviation operations to both shorten flight times and increase airport capacity.  They also want to build based on Internet standards as the OSI communications systems are custom procurements and still utilize mostly very low bandwidth ( 2kiloBIT and 38 kiloBIT) links.  And of course they need IPv6.
> One of the challenges that you have probably run into is that it is difficult to find the right standards to utilize to build “secure networks” especially if you have 140+ entities (nation states in ICAO case) to interoperate with.
> CIN hopes to define at least informational RFCs on what standards to recommend to use for basic network infrastructure, services, (i.e. routing, network services, address assignment, multi-link management and mobility, etc.) and cyber security to make designing secure environments based on Internet standards easier.  And (at least I suspect) we may find in the process that some new standards or updates are needed to fill gaps in the existing Internet technology to do this.
> By definition, perfect security cannot exist and I, for one, don’t want to tackle that.   But I do think we can make designing “secure networks” much easier.
> Take care
> Terry L Davis, P.E.  |  Chief Scientist |  iJet Onboard
> c. 425-503-5511   
> This message and its attachments are the property of iJet Technologies, Inc. and are intended solely for the use of the designated recipient(s) and their appointed delegates. This email may contain information that is confidential. If you are not the intended recipient, you are prohibited from printing, copying, forwarding or saving any portion of the message or attachments. Please delete the message and attachments and notify the sender immediately. Thank you for your cooperation.
> _______________________________________________
> cin mailing list