Deploy360 IETF IPv6 Transport Layer Security (TLS)

Deploy360@IETF98, Day 2: IoT, IPv6, TLS & SIDR

Chicago Skyline aerial view with road by the beach

Tuesday is another busy day at IETF 98 in Chicago with sessions related to pretty much the whole Deploy360 portfolio. Each day we’re bringing you blog posts pointing out what Deploy360 will be focusing on.

The morning session sees TLS busy with a significant update to the TLS protocol which is now in Last Call. There’s a companion update to DTLS, and also on the agenda are drafts on a DANE Record and DNSSEC Authentication Change Extension for TLS, certificate compression, and delegated credentials. So it looks to be a very significant meeting.

Running at the same time is 6TiSCH. There will be further discussions on the draft that describes the architecture for running IPv6 over TSCH networks, two drafts related to the 6top protocol that enables distributed scheduling, as well as four drafts related to security functionality. There will also be an update on IEEE 802.15.4e developments, and introduction of a draft describing a joint scheduling architecture for deterministic industrial field and backhaul networks.

NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.

It’s perhaps worth calling into the Internet Area Working Group after lunch. This acts as a forum for cross-area issues, and there’s one IPv6 related draft on the agenda concerning DHCPv6 Options for Discovery NAT64 Prefixes.

The second afternoon session sees the first meeting of the recently chartered SIDROPS. This has taken over the technology developed by SIDR and is developing guidelines for the operation of SIDR-aware networks, as well as providing operational guidance on how to deploy and operate SIDR technologies in existing and new networks.

On the agenda are two drafts outlining mitigating mechanisms for route leaks. One suggests an enhancement to BGP that would extend the route-leak detection and mitigation capability of BGPSEC, whilst the other proposes to enhance the BGP Open message to establish a relationship agreement between two BGP neighbouring speakers in order to enforce appropriate configuration on both sides.

Also running at the same time is UTA which has finished a number of pieces of work and will therefore focus on several drafts related to Strict Transport Security (STS) for mail transfer and user agents.

If all this isn’t enough, OPSEC is being held during the evening session where a draft on operational security considerations for IPv6 networks will be discussed. IPv6 presents some new security challenges, but this draft analyses the operational security issues for enterprises, service providers and residential users and proposes practical mitigation techniques.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups