Deploy360 Domain Name System Security Extensions (DNSSEC) Encryption Events IETF

Deploy360@IETF95, Day 2: TLS, Curdle, Homenet, Security & Sunset4

John Levine at microphone

Our schedule for Day 2 at IETF 95 is a bit less hectic than yesterday, but promises to be the most interesting of the week. As well as the established Home Networking and TLS Working Groups, today also sees the debut of the new CURves, Deprecating and a Little more Encryption Working Group. There will also be a meeting of the Sunsetting of the IPv4 Working Group to discuss moving the IPv4 protocol to historic status.

NOTE: If you are unable to attend IETF 95 in person, there are multiple ways to participate remotely.

TLS holds the first of its two sessions this morning (the other being on Thursday morning). There’s really just the one item on the agenda, which is the proposed TLS version 1.3 standard that aims remove support for weaker encryption algorithms, introduce new encryption algorithms, along with requiring stronger handshaking techniques.

HOMENET has another busy agenda as it continues to develop protocols for residential networks based on IPv6. The primary focus is on autoconfiguration, naming architecture and service discovery, as well as multiple interfacing support in home-type scenarios, but two important new drafts will also be discussed. The Homenet profile of the Babel routing protocol used in conjunction with the HNCP protocol defines how Babel should be used in a Homenet scenario, whilst the Homenet Naming and Service Discovery Architecture covers how services advertise and register themselves both on the homenet and public Internet. The security aspects of this will also be covered in a presentation during the session.

OPSEC also has three IPv6-specific drafts on its agenda, including an approach for risk assessment of IPv6 transitional technologies using the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of service and Elevation of Privilege) classification, and an analysis of the different security considerations between IPv4 and IPv6 in particular parts of the network. The third draft under discussion addresses requirements for IPv6 firewalls that have not been specified or recommended in RFCs to-date.

The CURDLE Working Group may be a bit of a mouthful when its acronym is fully expanded, but improving the cryptographic security of a number of protocols is an important objective and one very relevant to Deploy360. In particular, there are two drafts up for discussion that specify new algorithms for DNSSEC, something Dan York wrote about the importance of recently.

And to round off the day there’s SUNSET4 which has just the one draft on the agenda, but a potentially very significant one as it proposes to move IPv4 (as defined by RFC 791) to historic status and thereby no longer recommended for use on the Internet. This may not reach RFC status, but it has certainly generated some interesting discussion as to the implications of the IETF no longer actively working on IPv4 technologies. Possibly a meeting to attend just in case history does indeed get made?

Relevant Working Groups:

Image credit: a photo Dan York took of ISOC Board Member John Levine making a point at the microphone in the UTA Working Group on Monday.