 |
 |
Well, it is not security incident, but it is clear that it violated JSPG's policy. I think other ROCs deserve to know this issue since they might experience the similar problem. Do we have a proper channel to do it? However, how other ROCs and sites handle it is up to them. But we probably should not ban the biomed vo, at least not now. Mingchao > -----Original Message----- > From: Testbed Support for GridPP member institutes > [mailto:[log in to unmask]] On Behalf Of Gordon, JC (John) > Sent: 01 November 2007 11:04 > To: [log in to unmask] > Subject: Re: Heinz' Challenge > > So this seems like an admission that this is just a single > users interpretation of what constitutes relevant work and > doesn't have VO endorsement. > > Since we have established that there is no certificate or > proxy compromise, I don't think this is a security issue. It > is a VO Trust issue. I suggest we ask jeremy to report back > when he receives an official response from biomed and then > decide how to proceed. My suggestion would be to raise it at > the weekly operations meeting. Jeremy will doubtless raise it > with GridPP PMB on Monday too. I will state our position to > ROC Managers and NA4. > > If sites wish to blacklist the user for operational reasons > then that is their right. Even if you are wrongly configred, > that is an operational reason until you fix it. They should > inform him/her via the CIC Portal. > What you shouldn't do is ban biomed now. > > 'til later, > > John > > > -----Original Message----- > > From: Testbed Support for GridPP member institutes > > [mailto:[log in to unmask]] On Behalf Of Coles, J (Jeremy) > > Sent: 01 November 2007 10:38 > > To: [log in to unmask] > > Subject: Re: Heinz' Challenge > > > > Dear All > > > > I have further information on the code use and why the user thought > > biomed an appropriate VO for it: > > > > " The main idea is to factor prime numbers in order to show > how long > > it would take to break a 768-bit code (also referred to as > > "sieving"). > > Since PKI certificates use 1024 or 2048 bit codes, and biomed has > > typically the most severe security, I thought it would be > fine to use > > the VO for that. However, if people do not agree with that > opinion, > > I'm happy to explore other solutions. > > > > Seems that some people were concerned since they thought > that there > > might be a price in USD awarded if a code is cracked. This is _not_ > > the > > > > case, and the sieving exercise is pure computer science research." > > > > For this work Heinz has been working with Proj. Lenstra > from the EPFL, > > one of the most well-known persons in the field of cryptography and > > number sieving. > > > > And on the method employed: > > > > " ... one more point on number sieving. It is not "brute > force" but it > > involves complex algorithms that reduces the actual run time of the > > overall "challenge". One result of the work can be new more > efficient > > sieving algorithms: important for PKI and GSI". > > > > The question now coming from within the biomed VO is > whether based on > > this explanation sites would re-authorise the user or whether an > > alternative route needs to be found for the activity - such as the > > setting up of a new VO. Though I can probably guess your > replies you > > should let me know your opinions. Since we are not working in > > isolation, once I've got a feel for the response here I > will push the > > matter to the ROC manager's for further discussion. > > > > Jeremy > > > > > > > > > -----Original Message----- > > > From: Testbed Support for GridPP member institutes [mailto:TB- > > > [log in to unmask]] On Behalf Of Alessandra Forti > > > Sent: 01 November 2007 09:33 > > > To: [log in to unmask] > > > Subject: Re: Heinz' Challenge > > > > > > Hi Jeremy, > > > > > > I'm not sure biomed was aware of this. I don't have those > > jobs on my > > > cluster and I was keen to give Heinz the benefit of the > > doubt as I met > > > him and seemed a reasonable guy. But this is even worst than I > > expected. > > > Since it comes from the management and violates all the > > rules of trust > > > that this grid is built upon. I mean so long for policies > and AUPs. > > They > > > couldn't do more damage. > > > > > > I also agree with Kostas that "Sorry" is not enough. > > > > > > cheers > > > alessandra > > > > > > Coles, J (Jeremy) wrote: > > > > Hi Kostas/Graeme/All > > > > > > > > I agree that this needs to be escalated and it will be. > > First though > > I > > > > would like biomed representatives and Heinz to > explain/respond - I > > can > > > > not think of a justification on their side but that > does not mean > > there > > > > isn't one. Once everyone has responded directly (or if > the ticket > > goes > > > > without a proper response) then it can be taken further. > > Tier-2s/sites > > > > are of course able to decide themselves if they wish to > take more > > > > immediate action as some have already done. > > > > > > > > Regards, > > > > Jeremy > > > > > > > > > > > > > > > >> -----Original Message----- > > > >> From: Testbed Support for GridPP member institutes [mailto:TB- > > > >> [log in to unmask]] On Behalf Of Kostas Georgiou > > > >> Sent: 01 November 2007 02:19 > > > >> To: [log in to unmask] > > > >> Subject: Re: Heinz' Challenge > > > >> > > > >> On Thu, Nov 01, 2007 at 12:19:26AM +0000, Graeme Stewart wrote: > > > >> > > > >>> From the CIC portal, biomed described itself as: > > > >>> > > > >>> "These VO covers the areas related to health sciences. > > Currently, > > it > > > >>> is divided in 3 sectors: medical imaging, > > bioinformatics and drug > > > >>> discovery." > > > >>> > > > >>> We support the VO for it to engage in _that_ work, and > > we're happy > > > > to > > > >>> have done work related to malaria, avian flu, etc. However, I > > don't > > > >>> see anything about rsa768 factorisation. > > > >>> > > > >>> So, this is, to my mind, even worse. This is not just > > Heinz being > > a > > > >>> loose cannon, but sites being conned by top level EGEE > > management > > > >>> into running jobs to which they had in no way agreed to run. > > > >>> > > > >>> The problem was then exacerbated by the way that Heinz > > wrote the > > > >>> code, which resulted in biomed being able to grab far more of > > many, > > > >>> many clusters in the UK than was reasonable. (And so > > much for EGEE > > > >>> promoting push model RBs - just send in the pilots and > > watch our > > > >>> fairsharing go all to hell.) > > > >> This is exactly what I was going to say (better worded > > and probably > > > > far > > > >> more polite though). > > > >> > > > >>> Frankly, as the UK, I think we should give them a > bloody rocket > > for > > > >>> this. They've shown huge disrespect to sites - and > how on earth > > can > > > >>> they expect other EGEE users and VOs to play by the rules when > > then > > > >>> engage in such a gross violation of our trust? > > > >> ... > > > >>> We haven't banned biomed - we've banned Heinz. And I am in no > > hurry > > > >>> to unban him. I'd expect an apology at the very least, > > as well as > > an > > > >>> assurance that this will not happen again. > > > >> People should keep in mind that we are going to have > > similar cases > > in > > > >> the future. If our responce today is going to be "a sorry is > > enough" > > > >> what is going to stop the next user doing the same thing > > tomorrow > > > >> considering how hard it is for us to spot an abuse? > > Unless there is > > > >> a strong repsonce people will think "If I am not found (quite > > likely) > > > >> great, if I am found a sorry will solve everything". > > > >> > > > >> Cheers, > > > >> Kostas > > > >> > > > >> PS> BTW if the management agrees that breaking rsa768 is > > fine then > > > > I'll > > > >> have a go as well or is it only Heinz/biomed that can > have a go? > > > > > > > > > > -- > > > *********************************** > > > * Alessandra Forti * > > > * NorthGrid Technical Coordinator * > > > * University of Manchester * > > > *********************************** > > >