This fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team. While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!
NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.
In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:
- SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Centre Environments
- SIIT-DC: Dual Translation Mode
- Explicit Address Mappings for Stateless IP/ICMP Translation
- Observations on IPv6 EH Filtering in the Real World
- Loopback Prefix for IPv6
- HTTP State Management Mechanisms with Multiple Addresses User Agents
- Considerations for Running Multiple IPv6 Prefixes
A number of those should generate good discussion.
Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet. As my colleague Karen O’Donahue wrote:
The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.
After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:
- Joe Bonneau/HSTS and HPKP in practice (30 mins)
- Adam Langley/QUIC (15 mins)
- Jan Včelák/NSEC5 (10 mins)
- Ladar Levinson/Darkmail (20 mins)
- Paul Wouters/Opportunistic IPsec update (1 minute)
- Eric Rescorla/Secure Conferencing (5 mins)
Several of these presentations tie directly into the work we are doing here. The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation. The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.
In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.
The day will end with the Bits-and-Bites reception from 1900-2100 CDT where attendees can get food and drink and also see various exhibits from sponsors and other organizations. As I wrote in my Rough Guide post:
I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE. I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.
I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)
For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:
- IETF 92: All About IPv6
- IETF 92: Routing Resilience and Security
- IETF 92: Strengthening the Internet
Relevant Working Groups:
- v6ops (IPv6 Operations) WG
Thursday, 26 March 0900-1130 CDT, Gold
- tls (Transport Layer Security) WG
Thursday, March 26, 2015, 0900-1130, Oak Room
- OPSEC (Operational Security) WG
Thursday, 26 March, 1740-1840 CDT, Far East
For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:
- Rough Guide to IETF 92: Welcome to Texas, Y’all!
- Routing Resilience and Security
- Scalability & Performance
- DNSSEC, DANE, and DNS Security
- Trust, Identity, and Privacy
- Strengthening the Internet
If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.
Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary