Categories
Building Trust Encryption IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 99: A Sampling of Encryption-Related Activities

Encryption is once again a hot topic, and there’s much to discuss at IETF 99 this week in Prague. This time the hottest action will definitely be in the Transport Layer Security (TLS) working group. TLS is considering everything from privacy implications for TLS1.3 to how to reduce handshake latency. As mentioned in previous Rough Guide blogs on the topic, the working group is busy on the completion of the TLS 1.3 specification. It has completed working group last call, and the working group is addressing the comments received during that process. Draft 21 was released on 3 July in anticipation of this week’s discussion. (https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/)

In addition to the TLS 1.3 effort, the TLS working group has kicked off on an update to the Datagram Layer Transport Security (DTLS) Protocol (DTLS 1.3) (https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/) and has a number of additional drafts on the agenda. In particular, based on the mailing list traffic, there will be an active discussion about a draft (https://datatracker.ietf.org/doc/draft-green-tls-static-dh-in-tls13/). This document proposes a mechanism to address the challenges associated with supporting enterprise requirements in the presence of TLS 1.3. It is a controversial draft and many have indicated that it should not be discussed in the IETF. In addition to the technical merits of the proposal, the implication of RFC 2804 (https://www.rfc-editor.org/info/rfc2804) on this draft will be discussed. A second session on Monday has been added specifically to provide enough time for all the TLS topics.

The next topic of interest for encryption is the Crypto Forum Research Group (cfrg). Always a popular session at IETF, this week the CFRG will discuss six different drafts, including Re-keying Mechanisms for Symmetric Keys (https://datatracker.ietf.org/doc/draft-irtf-cfrg-re-keying), Verifiable Random Functions (https://tools.ietf.org/html/draft-goldbe-vrf-01), Collective Edwards-Curve Digital Signature Algorithm (https://datatracker.ietf.org/doc/draft-ford-cfrg-cosi), The Transition from Classical to Post-Quantum Cryptography (https://tools.ietf.org/html/draft-hoffman-c2pq-01), Hash-Based Signatures ( https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs), and Kangaroo Twelve (https://tools.ietf.org/html/draft-viguier-kangarootwelve-00).

Three of the working groups focused on updating crypto algorithms and using TLS in IETF protocols are meeting at IETF 99. The CURves, Deprecating and a Little more Encryption (curdle) working group was chartered to add and update the cryptographic mechanisms to some IETF protocols. It will have a very short meeting to discuss key exchange method updates and recommendations for Secure Shell (SSH). There will also be some discussion about potential future work for the curdle working group.

The DKIM Crypto Update (dcrup) working group is just getting started. It will be focused on updating the cryptographic aspecs of RFC 6376 (https://www.rfc-editor.org/info/rfc6376). The new working group has a short agenda this meeting, but given the recent popularity of conversations around cryptography, this may well expand to fill available time. Drafts under discussion include Cryptographic Update to DKIM (draft-ietf-dcrup-dkim-crypto), Cryptographic Algorithm and Key Usage Update to DKIM (draft-ietf-dcrup-dkim-usage), and Defining Elliptic Curve Cryptography Algorithms for use with DKIM (draft-ietf-dcrup-dkim-ecc). Hot topics include key hashes and key sizes.

The final working group discussed in this blog is the Using TLS in Applications (UTA) working group. The uta working group has finished a number of pieces of work, and this week will be focused on a draft related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents. It will also discuss a draft on the use of TLS to provide confidentiality of email.

All in all, there is plenty to keep the encryption enthusiasts engaged here at IETF 99.

Relevant Working Groups at IETF 99

tls – Transport Layer Security
Monday, 17 July 2017, 1330-1530, Congress Hall I
Wednesday, 19 July 2017, 930-1200, Grand Hilton Ballroom
Agenda: https://www.ietf.org/proceedings/99/agenda/agenda-99-tls-01.txt
Charter: https://datatracker.ietf.org/wg/tls/about/

cfrg – Crypto Forum Research Group
Tuesday, 18 July 2017, 15:50-1750, Congress Hall I
Agenda: https://datatracker.ietf.org/meeting/99/agenda/cfrg/
Charter: https://irtf.org/cfrg

curdle – CURves, Deprecating and a Little more Encryption
Monday, 17 July 2017, 1130-1200, Congress Hall III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/curdle/
Draft: https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/

dcrup – DKIM Crypto Update
Thursday, 20 July 2017, 1100-1130, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/dcrup/
Charter: https://datatracker.ietf.org/wg/dcrup/about/

uta – Using TLS in Applications
Thursday, 20 July 2017, 1810-1910, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/uta/
Charter: https://datatracker.ietf.org/wg/uta/about/

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
Building Trust Identity IETF Privacy

Rough Guide to IETF 99: Trust, Identity, and Privacy

Trust, Identity, and Privacy continue to be topics of interest for the IETF community. Below I will highlight a few of the many activities. There is something for everyone interested in these areas here at IETF 99 in Prague this week!

The work privacy started before the IETF meeting itself actually began with the IETF 99 Hackathon. As you are reading this, the Hackathon will have already been completed. This Hackathon had the largest attendance ever and reached full capacity. It was an energetic event highlighting a number of emerging technologies. An overview of all the Hackaton projects is available on the Hackathon wiki (https://www.ietf.org/registration/MeetingWiki/wiki/99hackathon).

There are two especially relevant efforts in the Hackathon that I’d like to bring to your attention. The first one is a large collaboration of people working on DNS, DNSSEC, and DNS privacy. This is a well-established project that has been active in several recent IETF Hackathon events. The second was a team of people working on HTTP error code 451 (RFC7725). This is an error code to report legal obstacles for serving a webpage. During the hackathon they focused on implementing and measuring this status code to make censorship more transparent.

Moving onto the extensive work on trust, and identity, and privacy in the IETF, I will remind folks that the excellent work of the DNS Privacy working group (dprive) was covered in an earlier rough guide post (https://dev.internetsociety.org/blog/tech-matters/2017/07/rough-guide-ietf-99-dns-privacy-and-security-including-dnssec).

The first two working groups I’m going to highlight in this post are working on topics related to the certificate infrastructure for the Internet. The Automated Certificate Management Environment (acme) working group is specifying ways to automate certificate issuance, validation, revocation and renewal. The main order of business is to discuss the working group last call comments on the core specification Automatic Certificate Management Environment (https://datatracker.ietf.org/doc/draft-ietf-acme-acme). The working group will also be discussing working group last call comments on the CAA Record Extensions for Account URI and ACME Method Binding (https://datatracker.ietf.org/doc/draft-ietf-acme-caa) document. New drafts to be discussed include ACME Identifiers and Challenges for Telephone Numbers (https://datatracker.ietf.org/doc/draft-ietf-acme-telephone) and ACME Identifiers and Challenges for VoIP Service Providers (https://datatracker.ietf.org/doc/draft-ietf-acme-service-provider).

The second certificate related working group is the Public Notary Transparency (trans) working group. It has been working since 2014 to improve the confidence of users in the Web PKI. The underlying premise of this work is to create transparent logs of certificates so that mis-issuance can be detected. That which is transparent can be observed and monitored for unexpected behavior. The core document (https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis) is in working group last call.

Anyone with an interest in the Internet of Things (IoT), will be interested in the Authentication and Authorization for Constrained Environments (ace) working group. This working group is working to develop standardized solutions for authentication and authorization in constrained environments. They published a use cases document last year, and this week’s agenda includes discussion of existing working group documents on authentication and authorization for constrained environments, a DTLS profile for ACE, a CBOR Web Token (CWT), and an architecture for authorization in constrained environments. In addition, there will be discussion of a number of new drafts for working group consideration.

The Web Authorization Protocol (oauth) working group has been working for years on mechanisms that allow users to grant access to web resources without necessarily compromising long term credentials or even identity. It has been a very prolific working group with around 15 RFCs published to date. IETF 99 will be another busy week for those interested in this area including sessions on both Tuesday and Friday. Agenda items for these two sessions include a mutual TLS profile, security, incremental authorization, JWT best practices, device flow, token exchange, and token binding.

There are two additional working groups meeting this coming week that are related to the OAUTH work. The first is the Token Binding (TOKBIND) working group that is tasked with specifying a token binding protocol and specifying the use of that protocol with HTTPS. This working group will be discussing two key drafts: Token Binding for 0-RTT TLS 1.3 Connections (draft-ietf-tokbind-tls13-0rtt), and HTTPS Token Binding with TLS Terminating Reverse Proxies (draft-campbell-tokbind-ttrp-00). This working group works in collaboration with the TLS, HTTPbis and Oauth WGs and with the W3C webappsec WG.

Also related to oauth, the Security Events (SECEVENT) working group is working on an Event Token specification that includes a JWT extension for expressing security events and a syntax for communicating the event-specific data. This is a fairly new WG, formally chartered in January 2017. The meeting this week will discuss several topics including the token specification, token delivery, a management API, and use cases for RISC and SCIM.

More related to the identity of devices than the identity of individuals but included here for completeness, the Identity Enable Networks (ideas) BoF proposes to examine how existing protocols that separate identifiers from their location may benefit from the concept of identity. The two drafts that form the structure of the meeting are Problem Statement for Identity Enabled Networks (draft-padma-ideas-problem-statement) and Gap Analysis for Identity Enabled Networks (draft-xyz-ideas-gap-analysis). Also under discussion is Identities and Identifiers for ION and the IETF. Come along to this session if you are interested in seeing whether or not the IETF might charter work in this space.

For the security crowd, no IETF week is complete without the Security Area Advisory Group (SAAG) meeting. This meeting features a quick run through all the working groups doing security related work in the IETF across all areas, a set of short talks, and an open session to bring issues and topics forward from the community. This week the talks include Post-quantum Crypto, Pretty Easy Privacy (pEp), and a Certificate Limitation Profile.

Finally, for those with a keen interest in privacy, the W3C Privacy Interest Group (PING) will again be meeting for their regular PING and friends get-together during the lunch break on Thursday, 20 July 2017 in Rokoska. Anyone with an interest in privacy is invited to join the meeting (but it is bring your own lunch).

All in all, an action packed week for trust, identity, and privacy related topics here at IETF 99!

Relevant Working Groups at IETF 99

acme (Automated Certificate Management Environment) WG
Friday, 21 July 2017, 0930-1130, Athens/Barcelona
Agenda: https://datatracker.ietf.org/meeting/99/agenda/acme/
Charter: https://datatracker.ietf.org/wg/acme/about/

trans (Public Notary Transparency) WG
Wednesday, 19 July 2017, 1520-1650, Berlin/Brussels
Charter: https://datatracker.ietf.org/wg/trans/about/

ace (Authentication and Authorization for Constrained Environments) WG
Monday, 17 July 2017, 09:30-1200, Congress Hall I
Agenda: https://datatracker.ietf.org/meeting/99/agenda/ace/
Charter: https://datatracker.ietf.org/wg/ace/about/

oauth (Web Authorization Protocol) WG
Tuesday, 18 July 2017, 1330-1530, Berlin/Brussels
Friday, 21 July 2017, 0930-1130), Karlin III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/oauth/
Charter: https://datatracker.ietf.org/wg/oauth/about/

tokbind (Token Binding) WG
Monday, 17 July 2017, 1550-1720, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/tokbind/
Charter: https://datatracker.ietf.org/wg/tokbind/about/

secevent (Security Events) WG
Tuesday, 18 July 2017, 0930-1200, Karlin I/II
Agenda: https://datatracker.ietf.org/meeting/99/agenda/secevent/
Charter: https://datatracker.ietf.org/wg/secevent/about/

ideas (Identity Enable Networks) BOF
Wednesday, 19 July 2017, 1330-1500, Congress Hall II
Agenda: https://datatracker.ietf.org/meeting/99/agenda/ideas/
Documents: https://datatracker.ietf.org/wg/ideas/documents/

saag (Security Area open meeting)
Thursday, 20 July 2017, 1330-1530, Congress Hall III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/saag/

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
Building Trust IETF Open Internet Standards Technology

Rough Guide to IETF 99: Scalability & Performance

In this post I’ll highlight some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) groups meeting during the IETF 99 meeting in Prague next week. These groups are working to explore and address more sophisticated ways to use and share available bandwidth, improve Internet performance, and otherwise efficiently get Internet content to where it needs to be.

Monday afternoon in Prague will be the second BoF meeting for BANdwidth Aggregation for interNet Access (banana). This BoF will discuss methods to take advantage of multiple access links, provided by one or more access providers, in cases where end nodes and applications may not be multi-access aware. Use of multiple access links could provide bandwidth aggregation when multiple links are available (i.e. improved performance), and session continuation when a link becomes unavailable (i.e. increased reliability).

The tsvwg WG has many documents under discussion on topics including diffserv, ECN, and UDP options. The WG has two meetings on Tuesday and Thursday afternoons.

The mptcp WG will be meeting on Tuesday and Friday afternoons to discuss the latest developments and proposed improvements to the Multipath TCP protocol. MPTCP support in iOS11 was announced during WWDC2017.

One of the most active new IETF WGs is QUIC. QUIC is a UDP-based transport protocol that provides multiplexed streams over an encrypted transport. QUIC aims to be nearly equivalent to an independent TCP connection, but with much reduced latency and better stream multiplexing support. The quic WG is meeting on Thursday afternoon and Friday morning in Prague.

Measurement techniques and data sources that could help us to make better engineering decisions to work around some of the rigidity in the protocol stack will be the subject of the Measurement and Analysis for Protocols (maprg) research group meeting on Thursday morning.

Packet networks give rise to transient congestion by design and several groups are meeting to discuss different aspects of congestion control and avoidance. The Internet Congestion Control research group (iccrg) will meet on Monday afternoon to discuss some of the latest innovations and thinking in relation to congestion control and managing congestion on the Internet. The meeting will include an update on TCP Prague ideas and an update on the BBR congestion control algorithm from Google including experiences with deployment at YouTube. Modifications to the functioning of TCP are proposed, presented and discussed in the tcpm WG which will meet on Monday morning in Prague. Internet metrics are defined by the ippm WG and they are meeting in Prague on Wednesday morning.

And last but not least, the tsvarea open meeting will take place on Monday afternoon.

Related Working Groups and BoFs at IETF 99

banana (BANdwidth Aggregation for interNet Access) BoF
Monday, 17 July 2017, 1550-1720, Grand Hilton Ballroom
Agenda
Draft
Charter

maprg (Measurement and Analysis for Protocols) RG
Thursday, 20 July 2017, 0930-1200, Congress Hall II
Agenda
Charter

iccrg (Internet Congestion Control) RG
Monday, 17 July 2017, 1330-1530, Congress Hall III
Agenda
Charter

quic (QUIC) WG
Thursday, 20 July 2017, 1550-1750, Grand Hilton Ballroom
Friday, 21 July 2017, 0930-1130, Grand Hilton Ballroom
Agenda
Documents
Charter

tcpm (TCP Maintenance and Minor Extensions) WG
Monday, 17 July 2017, 0930-1200, Karlin I/II
Agenda
Documents
Charter

mptcp (Multipath TCP) WG
Tuesday, 18 July 2017, 1550-1750, Athens/Barcelona
Friday, 21 July 2017, 1150-1320, Congress Hall I
Agenda
Documents
Charter

ippm (IP Performance Metrics) WG
Wednesday, 19 July 2017, 0930-1200, Athens/Barcelona
Agenda
Documents
Charter

tsvarea (Transport Area Open Meeting)
Monday, 17 July 2017, 1740-1840, Grand Hilton Ballroom
Agenda

tsvwg (Transport Area Working Group)
Tuesday, 18 July 2017, 1330-1530, Congress Hall I
Thursday, 20 July 2017, 1810-1910, Congress Hall III
Agenda
Documents
Charter

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.