Categories
Deploy360 IPv6

IAB Warns That All Networking Standards Need To Fully Support IPv6

IPv6This week the Internet Architecture Board (IAB) issued a strong statement warning that any networking standards developed by Standards Development Organizations (SDOs) need to fully support IPv6.

The Internet Engineering Task Force (IETF) is of course the major SDO developing networking standards for the Internet, but many other standards organizations base their standards on IETF standards. 

For instance, any organizations creating standards that work over the Internet rely on the underlying Internet Protocol (IP) and many other associated standards.

Noting that IPv6 deployment levels continue to increase (ex. see Google IPv6 stats), and that increasingly IPv6-only networks are being deployed, the IAB has now stated:

The IAB expects that the IETF will stop requiring IPv4 compatibility in new or extended protocols. Future IETF protocol work will then optimize for and depend on IPv6.

The IAB goes on to say:

We recommend that all networking standards assume the use of IPv6, and be written so they do not require IPv4. We recommend that existing standards be reviewed to ensure they will work with IPv6, and use IPv6 examples.

The IAB goes on to encourage the industry and others to develop strategies for systems – and standards – to work in an IPv6-only environment.

The key point here is that the IAB is saying that IPv6 deployment is at the point where organizations developing standards can no longer rely on IPv4 being available. Standards that rely on IP need to be reviewed to make sure they can work over IPv6. And new standards need to assume that IPv6 will be the default in an increasing number of networks.

This is good to see – and we certainly hope that all SDOs will take these recommendations seriously and ensure that all their standards will work over IPv6.

Please do read the full IAB statement – and then if you have not already started working with IPv6, please visit our Start Here page to get started!


P.S. There were good discussions of this news on Hacker News and Reddit for those who participate on those sites.

Categories
IPv6

IAB Warns That All Networking Standards Need To Fully Support IPv6

IPv6This week the Internet Architecture Board (IAB) issued a strong statement warning that any networking standards developed by Standards Development Organizations (SDOs) need to fully support IPv6.

The Internet Engineering Task Force (IETF) is of course the major SDO developing networking standards for the Internet, but many other standards organizations base their standards on IETF standards. 

For instance, any organizations creating standards that work over the Internet rely on the underlying Internet Protocol (IP) and many other associated standards.

Noting that IPv6 deployment levels continue to increase (ex. see Google IPv6 stats), and that increasingly IPv6-only networks are being deployed, the IAB has now stated:

The IAB expects that the IETF will stop requiring IPv4 compatibility in new or extended protocols. Future IETF protocol work will then optimize for and depend on IPv6.

The IAB goes on to say:

We recommend that all networking standards assume the use of IPv6, and be written so they do not require IPv4. We recommend that existing standards be reviewed to ensure they will work with IPv6, and use IPv6 examples.

The IAB goes on to encourage the industry and others to develop strategies for systems – and standards – to work in an IPv6-only environment.

The key point here is that the IAB is saying that IPv6 deployment is at the point where organizations developing standards can no longer rely on IPv4 being available. Standards that rely on IP need to be reviewed to make sure they can work over IPv6. And new standards need to assume that IPv6 will be the default in an increasing number of networks.

This is good to see – and we certainly hope that all SDOs will take these recommendations seriously and ensure that all their standards will work over IPv6.

Please do read the full IAB statement – and then if you have not already started working with IPv6, please visit our Start Here page to get started!


P.S. There were good discussions of this news on Hacker News and Reddit for those who participate on those sites.

Categories
Building Trust Improving Technical Security Technology

Coordinating Attack Response at Internet Scale

How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won’t survive for long as the network of networks grows ever larger. But it’s not just the technology, it’s also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create.

One such challenge is the unwanted traffic, ranging from spam and other forms of messaging-related abuse to multi-gigabit distributed denial of service attacks, that Internet users and service providers of all kinds are subject to. Numerous incident response efforts exist to mitigate the effects of these attacks. Some are focused on specific attack types, while others are closed analysis and sharing groups spanning many attack types.

In an effort to bring together operators, researchers, CSIRT team members, service providers, vendors, information sharing and analysis centre members to discuss approaches to coordinating attack response at Internet scale, the Internet Society is working with the Internet Architecture Board to develop and host a one-day “Coordinating Attack Response at Internet Scale (CARIS) Workshop” intended to help bridge the many communities working on attack response on the Internet and to foster dialogue about how we collaborate together.

In particular we will be helping to build up a shared directory of incident response organisations and other efforts to help improve information sharing with and coordination between these diverse groups. We believe that having a clearer picture of the range of efforts around the globe and the most helpful ways to share incident-related information will improve the scalability of the overall attack response effort.

The workshop will take place on June 19, 2015 at the Intercontinental Hotel in Berlin, and is hosted by the 27th annual FIRST Conference.

Workshop information including the call for papers can be found here: https://www.iab.org/activities/workshops/caris/  The deadline for submitting papers is April 3, 2015.

Categories
Deploy360 Encryption Improving Technical Security Privacy Transport Layer Security (TLS)

Make Encryption The Norm For All Internet Traffic, Says The Internet Architecture Board (IAB)

Internet Architecture Board (IAB)The Internet Architecture Board announced a new “Statement on Internet Confidentiality” yesterday that calls on “protocol designers, developers, and operators to make encryption the norm for Internet traffic“.  The statement, distributed via email by IAB Chair Russ Housely, goes further in urging those who design and develop new protocols “to design for confidential operation by default“.

The strong statement, republished below, represents the continued evolution of the thinking of the wider technical community, as represented by the IAB and the IETF,  that in light of the disclosures of massive pervasive monitoring of the Internet (see RFC 7258) the technical infrastructure of the Internet needs to be strengthened against those attacks.

As the IAB statement notes, such a move to make encryption the default will have impacts on some aspects of current network operations, but the statement represents the very public commitment by the IAB to help create the conditions under which, as it says, we can “move to an Internet where traffic is confidential by default.”

UPDATE: The Internet Society Board of Trustees published an official statement strongly supporting the IAB’s statement on Internet confidentiality.

From our perspective here at Deploy360, we definitely welcome this statement as it will help the overall security of the Internet.  Within the topics we cover here, we encourage developers to look at adding TLS to all their applications, and we encourage network operators to do all they can to help their customers use TLS-encrypted applications wherever possible.  We are also looking forward to continued discussions such as those held in the DPRIVE Working Group this week at IETF 91 that will improve the confidentiality and privacy of DNS interactions as well as those within the routing infrastructure.

Here is the full IAB Statement on Internet Confidentiality:

IAB Statement on Internet Confidentiality

In 1996, the IAB and IESG recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.

We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.

We’re looking forward to working with all of you there to bring about this Internet where traffic is encrypted by default!