Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events Improving Technical Security IPv6

RIPE 74 starts in Budapest next week

The RIPE 74 meeting is happening next week in Budapest, Hungary. Proceedings commence bright and early with two tutorials on peering and network automation, before the opening plenary starts at 14.00 CEST/UTC+2.

Both Jan Žorž and Kevin Meynell from Deploy360 will both be attending, and will be reporting on relevant developments as always.

In the opening plenary, there will be presentations on the DNSSEC Key Rollover in 2017 from Ed Lewis (ICANN), and the effect of the DNS on Tor’s anonymity from Laura Roberts (Princeton University). This will be followed by several lightning presentations as yet to be announced.

Jan will once again be chairing the BCOP Task Force on Monday evening starting at 18.00 UTC+2. This will discuss progress on documenting best current operational practices, with a new BCOP on IPv6 prefix assignment for end-users to be presented, as well as how to move forward with the global BCOP repository. The Task Force is still looking for volunteers to help support the task of writing other identified BCOPs in the pipeline.

Tuesday is mostly a plenary session, but looks to have some interesting talks lined-up. There are two presentations on RPKI adoption that examine how this has contributed to route security, another on the security implications of IPv6, and a report on expected IPv4 transfers. There’s also a couple of interesting IPv6 case studies being presented on IPv6 addressing in CDNs, and why Rabobank implemented IPv6.

However, be sure to catch the ‘Internet of Stupid Things’ presentation from Geoff Huston (APNIC Labs) who’s always good value for money, and whilst it’s not specifically a Deploy360 topic, it would be worth checking out the ‘Quantum Internet’ presentation from Stephanie Wehner (Delft University of Technology).

On Tuesday evening, there’s also a BoF on IoT security that will discuss stability and security issues of this ever-expanding network of devices, including how botnets pose a substantial threat to the very infrastructure those devices depend upon.

Wednesday and Thursday are set aside for Working Groups, and we’ll be following the IPv6DNS and Routing Working Groups and reporting on developments there.

The IPv6 Working Group will include a short update from Jan on active proposals for IPv6 BCOPs, and on his experiments with NAT64. There will also be an update on using 464XLAT in Residential Networks from Jordi Palet Martinez (Consulintel), and on the Sunsetting of the SixXS tunnel broker service (that we previously reported on) from Jeroen Massar.

The Routing Working Group will have a presentation on MANRS from Ben Maddison, whilst over in the DNS Working Group it would be worth catching the presentation on DNS Privacy Enhanced Services from Benno Overeinder (NLnet Labs).

Finally on Friday, along with the regular agenda items, there will be presentation on BGP Flow Specification Interoperability from Christoph Loibl (next layer).

There are again over 600 registered attendees, so it’s sure to be a busy and productive week. For those of you who cannot attend in person – there is remote participation available with audio and video streaming and also a jabber chat room, so everyone is welcome to participate!

The full programme can be found at: https://ripe74.ripe.net/programme/meeting-plan/

Categories
Deploy360 Events IPv6

RIPE 73 starts in Madrid next week

ripe-73The RIPE 73 meeting is happening next week in Madrid, Spain, kicking off with a couple of tutorials on the Monday morning, before the opening plenary starts at 15.00 CEST/UTC+2. And there’s a lot on the programme of interest if you’re following the Deploy360 technologies, as both Jan Žorž and Kevin Meynell will be.

In the opening plenary, the results of the IPv6 Deployment Survey on residential and household services undertaken by Consulintel will be presented, followed by an analysis of Carrier-Grade NAT (CGN) from Philipp Richter (TU Berlin). Then check out the state of IPv4 transfer markets with Ioana Livadariu (Simula Research Laboratory).

Jan will then be chairing the BCOP Task Force on Monday evening starting at 19.00 UTC+2. This will discuss progress on documenting best current operational practices, with three BCOP documents up for discussion including a new MANRS BCOP. As ever, the Task Force is also looking for volunteers to help support the task of writing the documents and achieve consensus within the group.

On the Tuesday morning, there’s a focus on anycast, with four presentations covering different aspects of this. The afternoon is devoted more to network security, data protection and privacy issues, although there will also be a panel chaired by Leslie Carr on the unique financial challenges of smaller IXPs

Wednesday and Thursday are traditionally devoted to Working Groups, and as usual we’ll be following the IPv6, DNS and Routing Working Groups and reporting on developments there. It’s also worth noting there’s also an open mic  session on the Internet-of-Things between 19.00 and 20.00 UTC+2, which aims to discuss what role RIPE can play in this space and whether the RIPE community’s expertise can be put to good use in safeguarding the security and stability of the Internet.

Finally on Friday, there will be an update on IPv6 performance from Geoff Huston (APNIC) which always makes for interesting listening.

There are already over 600 registered attendees, so it’s sure to be a busy and productive week. For those of you who cannot attend in person – there is remote participation available with audio and video streaming and also a jabber chat room, so everyone is welcome to participate!

The full programme can be found at https://ripe73.ripe.net/programme/meeting-plan/

Categories
Deploy360 Events Improving Technical Security IPv6

RIPE 71 – Highlights from Day 1

RIPE71_logoThe RIPE 71 meeting is happening this week in Bucharest and each day we’ll be highlighting the presentations and activities related to the Deploy360 technologies.

To kick-off, is the interesting initiative presented by Randy Bush during the opening plenary on the Automated Certificate Management Environment (ACME). Currently only between 40% and 60% of web and e-mail traffic is encrypted over TLS, but obtaining and managing digital certificates is not always straightforward, prone to error and can be expensive. ACME aims to offer a standards-based REST API for Certification Authorities (CAs) allowing system administrators to automatically obtain trusted certificates without any human intervention. This is accomplished by running a certificate agent that proves to the CA that a server controls a domain, allowing it to request, renew, and revoke certificates for that domain.

This initiative is currently supported by Let’s Encrypt, but the IETF ACME Working Group has produced an Internet Draft with the view to making ACME a common standard. There are three steps to obtaining a certificate that include generating a key pair that identifies that a server controlling one or more domains, before validating that it controls those domains through a challenge response. A Certificate Signing Request is then generated which is then sent to the CA which can then issue the certificate, all using JSON over HTTP.

Let’s Encrypt is also provisioning a free CA (supported by sponsors) which only supports automatic issuing of certificates through ACME in order to encourage uptake of the technology. This CA is already in the global root distributions, and aims to go into full production from 3 December 2015 with a beta service already being available.

It’s also worth pointing out the presentation given by Marco d’Itri on BGP Security at IXs. This reported on an experiment that was undertaken to test which networks would accept incorrect routes that a peer announced to them, demonstrating a sizeable number of vulnerable networks at major Internet Exchanges. Quite concerning results, but another good reason to point operators in the direction of the Routing Resilience Manifesto.

Last but not least, Jan Žorž was chairing the BCOP Task Force during the evening. There were five BCOP documents up for discussion in this session relating to low-cost community-owned exchanges, IPv6 in Enterprises, IPv6-only networks, network security recommendations, and MANRS Implementation. As mentioned in yesterday’s blog post, the group was looking for help to support the task of writing the documents and several volunteers put themselves forward,  but some more help is still required for the IPv6-only BCOP document if you feel you can contribute.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at https://ripe71.ripe.net/programme/meeting-plan/

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IPv6

RIPE 71 starts in Bucharest

RIPE71_logoThe RIPE 71 meeting is happening this week in Bucharest and opens with the plenary session at 14:00 UTC+2 today. If you’re following the Deploy360 technologies then it’s worth catching the presentation on BGP Security at IXs by Marco d’Itri later this afternoon, A Look Under the Hood at Devices, Networks and IPv6 by George Michaelson tomorrow, and then Todays’ Mobile Internet by Geoff Huston later on Friday.

Both Jan Žorž and Kevin Meynell from the Deploy360 team will be in Bucharest to report on proceedings, with Jan chairing the BCOP Task Force this evening starting at 18.00 UTC+2. This will discuss progress on documenting best current operational practices, with four BCOP documents up for discussion as well as the opportunity to propose new ones. As ever, the Task Force is also looking for volunteers to help support the task of writing the documents and achieve consensus within the group.

On Wednesday and Thursday, we’ll be following the IPv6, DNS and Routing Working Groups and will be reporting on developments there.

There are 523 registered attendees this time, so it’s sure to be a busy and productive week again. For those of you who cannot attend in person – there is remote participation available with audio and video streaming and also a jabber chat room, so everyone is welcome to participate!

The full programme can be found at https://ripe71.ripe.net/programme/meeting-plan/