Categories
Community Networks Deploy360 Domain Name System Security Extensions (DNSSEC) IETF

Deploy360@IETF94, Day 1: IPv6, DPRIVE and TRANS

HTTPBIS session at IETF 92For the first day at IETF 94 in Yokohama, the attention of the Deploy360 team is going to be on IPv6, with the important IPv6 Operations Working Group (v6ops) and also on the DNS Privacy (DPRIVE) and certificate transparency (TRANS) working groups.

v6ops has a busy agenda this time, so much so that it’s running across two sessions curiously split between the 09.00-1130 UTC+9 block, and continuing later on during 17.10-19.10 UTC+9 block. Note also that the morning session will be held in Room 501, but proceedings move to Room 502 for the evening session.


NOTE: If you are unable to attend IETF 94 in person, there are multiple ways to participate remotely.


The draft draft-jjmb-v6ops-unique-ipv6-prefix-per-host has been generating significant discussion on the v6ops mailing list recently, which aims to address certain issues related to IPv6 deployment in community wi-fi scenarios. Another interesting draft with a luminary authorship is the operational recommendations for networks to assign multiple IPv6 addresses to end hosts to support usage of virtual machines, tethering, identifier-locator addressing and privacy amongst other applications.

Also worth following are drafts related to the operational implications of extension headers in IPv6 packets and how and where such packets are being dropped.

Other drafts up for discussion include a proposal for identifier-locator IPv6 addressing to support network virtualisation, an informational draft providing advice on routing-related design choices in IPv6 networks, and a proposed update of RFC 6145. If you can make it to the end of the day though, there will be a presentation of the work of David Plonka and Arthur Berger to improve classification and measurement methods for IPv6.

The DPRIVE Working Group will be meeting on Monday afternoon to dive into what look like some lengthy discussions about DNS over TLS and DNS over DTLS.  Stateless DNS encryption will also be discussed and there will be a general discussion of how to move the DPRIVE work forward.

All of this DPRIVE work is focused on securing the connection between DNS clients and the recursive resolvers that people use (such as those typically at an Internet Service Provider (ISP) or on the edge of a network) to add a layer of confidentiality.  We see this as an important part of the overall encryption work being done by the IETF to protect against the pervasive monitoring that we’ve seen on the Internet.  Mechanisms such as what DPRIVE is developing will raise the overall amount of trust in Internet-based communication.

Another group we don’t always monitor but will this time is the TRANS WG focused on “certificate transparency” (CT), a mechanism for tracking changes in TLS certificates.  The TRANS agenda includes some potential new work on logging of DNSSEC key changes in draft-zhang-trans-ct-dnssec.

For more background, please read the Rough Guide to IETF 94 from Andrei, Mat, Karen, Dan and myself.

Relevant Working Group: