Categories
Building Trust Deploy360 Events IETF Internet of Things (IoT) IPv6 Transport Layer Security (TLS)

IETF 103, Day 4: Trusted Systems, IoT & IPv6

This week is IETF 103 in Bangkok, Thailand, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Thursday actually represents the last day of the meeting this time, although there’s still several sessions to draw attention to.

SUIT is meeting first thing at 09.00 UTC+9. This is considering how the firmware of IoT devices can securely updated, and the architecture and information models for this will be discussed. There are three other drafts relating to manifest formats that are the meta-data describing the firmware images.


NOTE: If you are unable to attend IETF 103 in person, there are multiple ways to participate remotely.


DMM is the first of the afternoon sessions at 13.50 UTC+7, and there are several IPv6-related drafts under consideration. Proxy Mobile IPv6 extensions for Distributed Mobility Management proposes a solution whereby mobility sessions are anchored at the last IP hop router, whilst Segment Routing IPv6 for Mobile User Plane defines segment routing behaviour and applicability to the mobile user plane behaviour and defines the functions for that. There’s also three updated drafts on 5G implementations which may interest some.

To round off the week, there’s a choice of two sessions starting at 16.10 UTC+7.

ACME will be focusing on the ACME TLS ALPN extension that allows for domain control validation using TLS, and Support for Short-Term, Automatically-Renewed (STAR) Certificates. It will also consider how ACME can support TLS certificates for end-users.

Alternatively, 6TiSCH will be focusing on the specification for a combining a high speed powered backbone and subnetworks using IEEE 802.15.4 time-slotted channel hopping (TSCH). The 6top protocol that enables distributed scheduling is now heading for publication as an RFC, and there are also updates to the description of a scheduling function that defines the behavior of a node when joining a network and to define a security framework for joining a 6TiSCH network. If there’s time, a method to protect network nodes against a selective jamming attack will be discussed.

With that, IETF 103 comes to a close and we say Sà-wàd-dee to Bangkok. Many thanks for reading along this week… please do read our other IETF 103-related posts … and we’ll see you at IETF 104 which is being on 23-29 March 2019 in Prague, Czech Republic.

Relevant Working Groups

Categories
Deploy360 Events IETF Transport Layer Security (TLS)

IETF 103, Day 3: DNS Privacy, TLS & IoT

This week is IETF 103 in Bangkok, Thailand, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Wednesday is a relatively light day in this respect, although there’s some pretty important matters being discussed today.

DPRIVE kicks off the day at 09.00 UTC+9, and will mostly be discussing user perspectives with respect to the recently introduced implementations of DNS-over-TLS and DNS-over-HTTPS, as well as the issues of DNS privacy between resolvers and authoritative servers. There’s also a new draft up for discussion on DNS-over-TLS for insecure delegations that describe an alternative authentication mechanism without need for DNSSEC support.


NOTE: If you are unable to attend IETF 103 in person, there are multiple ways to participate remotely.


TLS holds its second session of the week immediately after lunch at 12.20 UTC+7. This will carry-on where it left off on Monday, although will be discussing a DANE Record and DNSSEC Authentication Chain Extension for TLS. The intention is to allow TLS clients to perform DANE authentication of a TLS server without needing to perform additional DNS record lookups.

Then at 13.50 UTC+7, Homenet will be focusing on Homenet Naming and Service Discovery Architecture. There’s also an agenda item for general security questions, and a demonstration of SecureHomeGateway, before moving into discussions on re-chartering the group.

For more background, please read the Rough Guide to IETF 103 from Olaf, DanSteve, and myself.

Relevant Working Groups

Categories
Events IETF Internet of Things (IoT) IPv6 Securing Border Gateway Protocol (BGP)

IETF 103, Day 2: IPv6, NTP, Routing Security & IoT

This week is IETF 103 in Bangkok, Thailand, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. And following on from the previous day, Tuesday also features a packed agenda.

LPWAN will be discussing whether to move to a Working Group Last Call on the Static Context Header Compression (SCHC) framework for IPv6 and UDP, that provides both header compression and fragmentation functionalities. Three other drafts describe similar schemes for SigFox,LoRaWAN and IEEE 802.15.4 type networks.


NOTE: If you are unable to attend IETF 103 in person, there are multiple ways to participate remotely.


Then at 11.20 UTC+7, IPWAVE will be focusing on updates to the specification for transmitting IPv6 Packets over IEEE 802.11 Networks in Vehicular communications, and the use cases for IP-based vehicular networks. There have also been a couple of updates to DNS Name Autoconfiguration for Internet of Things Devices and IPv6 Neighbor Discovery for Prefix and Service Discovery in Vehicular Networks, so these may also be discussed.

6MAN will be meeting at 13.50 UTC+7 and has nine drafts up for discussion. The couple of working group sponsored drafts relate to specifying a IPv6 Segment Routing Header (SRH) and how this can be used by Segment Routing capable nodes, and specifying a Router Advertisement flag to indicate to hosts that a link is IPv6-only. There are also a couple of new drafts that specify how IOAM (In-situ Operations, Administration and Maintenance) records are encapsulated in IPv6, and defining the building blocks that can be used for OAM in Segment Routing with IPv6.

The other drafts being discussed cover communicating NAT64 prefixes to clients with Router Advertisements, Updates to Requirements for IPv6 Options, Path MTU Discovery solutions, a new Path MTU Hop-by-Hop Option to record minimum Path MTU from source to destination, and IPv6 Packet Truncation procedures.

Running in parallel is SIDROPS that is discussing five drafts. RPKI Validation State Unverified proposes to introduced a new ‘Unverified’ validation state for route prefixes, whilst BGPsec Validation State Unverified proposes a similar validation states for BGPsec routes. Two other drafts introduce and define a digitally signed object into an RPKI  that provides a means of verifying that a Customer Autonomous System holder has authorised a Provider Autonomous System to be its upstream provider. That leaves a draft considering policy for dropping invalid routes – including hijacked and missing or erroneously created ROAs for route prefixes.

To conclude the day, there’s a choice of two sessions at 16.10 UTC+7.

NTP is a working group we’ve decided to cover as (amongst other things), it’s working to improve the security of the Network Time Protocol. There’s no less than 20 drafts on the agenda, although Network Time Security for the NTP specifies a mechanism for using TLS and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of NTP. Following on from this will be a review of the NTS implementations and interoperability testing.

T2TRG researches the issues of turning the IoT into reality, and will continue to discuss the State-of-the-Art and Challenges for the Internet of Things Security, the guidance for designing IoT systems using the REST architectural style, and a new data and interaction model called CoRAL (The Constrained RESTful Application Language).

For more background, please read the Rough Guide to IETF 103 from Olaf, DanSteve, and myself.

Relevant Working Groups

Categories
Deploy360 Domain Name System (DNS) Events IETF Internet of Things (IoT) IPv6 Transport Layer Security (TLS)

IETF 103, Day 1: IPv6, TLS, DNS Privacy & Other Crypto

The Working Group sessions start tomorrow at IETF 103 in Bangkok, Thailand, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Only four days have been scheduled for the working groups this time around, which means there’s a lot of pack into each day; with Monday being no exception.

V6OPS is a key group and will be meeting on Monday morning starting at 09.00 UTC+7. It’s published four RFCs since its last meeting, including Happy Eyeballs v2, and this time will kick-off with a presentation on the CERNET2 network which is an IPv6-only research and education in China.

There’s also four drafts to be discussed, including three new ones. IPv6-Ready DNS/DNSSSEC Infrastructure recommends how DNS64 should be deployed as it modifies DNS records which in some circumstances can break DNSSEC. IPv6 Address Assignment to End-Sites obsoletes RFC 6177 with best current operational practice from RIPE-690 that makes recommendations on IPv6 prefix assignments, and reiterates that assignment policy and guidelines belong to the RIR community. Pros and Cons of IPv6 Transition Technologies for IPv4aaS discusses different use case scenarios for the five most prominent IPv4-as-a-service (IPv4aaS) transitional technologies, whilst NAT64/464XLAT Deployment Guidelines in Operator and Enterprise Networks is an updated draft that describes considerations with respect to applications or devices using literal IPv4 addresses or non-IPv6 compliant APIs, as well as IPv4-only hosts on an IPv6-only network.


NOTE: If you are unable to attend IETF 103 in person, there are multiple ways to participate remotely.


Running in parallel on Monday morning is ROLL which focuses on IPv6 routing issues for low-power and lossy networks. This will be discussing an update ton the ROLL-BIER design that extends RPL to support routing based on Bit Index Explicit Replication (BIER) in environments with limited and lossy updates. There are also seven other drafts up for discussion, all related to RPL enhancements.

CFRG will be held during the late morning at 11.20 UTC+7. The group has yet to publish the agenda, but there’s a number of currently active drafts covering issues that include Public Key ExchangeThe Transition from Classical to Post-Quantum Cryptography, Randomness Improvements for Security ProtocolsRe-keying Mechanisms for Symmetric Keys, and Hash-Based Signatures.

There’s a choice of two sessions after lunch, starting at 13.50 UTC+7.

TLS holds the first of its two sessions (the second is on Wednesday afternoon) and has a number of important drafts up for discussion including the proposed DTLS 1.3 specification, and Connection Identifiers for DTLS, to avoid the need for additional handshaking upon NAT rebinding. There is also a proposal to deprecate TLS 1.0 and 1.1 as these versions lack support for current and recommended cipher suites.

Other drafts cover TLS Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates, a TLS 1.3 extension that allows a server to authenticate with a certificate while also providing a pre-shared key (PSK) as an input, and definition of universal PSKs for TLS that use an extra key derivation step to reuse the same secret for all TLS 1.3 KDF hashes. In addition, a revised working group charter has been proposed.

DNSOP meets at the same time, and there’s a couple of interesting drafts worth mentioning. One outlines how run a root server instance on the same server as a recursive resolver in order to decrease access time, and another specifies a way of resolvers telling clients what its associated DNS-over-HTTPS (DoH) servers are.

6LO concludes the day at 16.10 UTC+7. This will be discussing drafts to update RFC 6775 to support registration extensions for simplifying these operations in 6LoWPAN routers, to update Address Protected Neighbor Discovery for Low-power and Lossy Networks, to update RFC 4944 with a simple protocol to recover packet fragments over a mesh network, as well preparing the IPv6 Backbone Router draft for a Working Group Last Call. The session will be rounded-off with a performance report on fragment forwarding and recovery.

For more background, please read the Rough Guide to IETF 103 from Olaf, DanSteve, and myself.

Relevant Working Groups

Categories
Domain Name System (DNS) Domain Name System Security Extensions (DNSSEC) IETF

Rough Guide to IETF 103: DNSSEC, DNS Security and DNS Privacy

As happened earlier this year at IETF 102 in Montreal, DNS privacy will receive a large focus in the DNSOP, DPRIVE and DNSSD working groups. Given the critical role DNS plays as part of the “public core” of the Internet in linking names and identifiers to IP addresses, the DNS must have stronger security and privacy controls.  As part of our Rough Guide to IETF 103, here’s a quick view on what’s happening in the world of DNS.

Note – all times below are Indochina Time (ICT), which is UTC+7.

DNS Operations (DNSOP)

The DNS sessions at IETF 103 start on Monday afternoon from 13:50-15:50 with the DNS Operations (DNSOP) Working Group.  As per usual, DNSOP has a packed agenda. The major security/privacy-related drafts include:

  • DNS query minimisationdraft-ietf-dnsop-rfc7816bis – Back in 2016, RFC 7816 defined an experimental way to increase DNS privacy and limiting the exposure of DNS query information by simply not sending the entire query all the way up the DNS resolver chain.  This new work is to move that RFC 7816 document from being an experiment to being an actual Internet standard.
  • Running a DNS root server locallydraft-ietf-dnsop-7706bis – Another way to increase DNS privacy is to not send queries up the DNS resolver chain to the root by running your own local copy of the root DNS servers. Back in 2015, the informational RFC 7706 defined how to do this and specified running it on the “loopback” interface of your local computer. This new work broadens that to allow the local copy to run more generally on local systems. At the recent ICANN 63 meeting in Barcelona, this was discussed as “hyperlocal” copies of the root zone of DNS. Wes Hardaker at ISI also has a site about this effort: https://localroot.isi.edu/ Not only could this increase privacy, but also resiliency of the DNS system. However, it is not without its critics and so there could be a good discussion in Bangkok.
  • Serving stale data to increase DNS resiliencydraft-ietf-dnsop-serve-stale – This project is setting up the criteria for when DNS resolvers could continue to use DNS data even after the Time To Live (TTL) expires. Basically, if you can’t reach an authoritative server for some reason, under what conditions could you continue to serve the records you previously retrieved from that server?

If there is time in the session, Paul Hoffman’s draft-hoffman-resolver-associated-doh may come up for discussion. This relates to the somewhat controversial DNS Over HTTPS (DOH), now defined in RFC 8484, that lets an app such as a web browser send DNS queries over HTTPS to a DOH server where the DNS resolution can occur.  The controversy with DOH is primarily two points: 1) it lets an application bypass local DNS servers and thereby bypass local DNS filtering or restrictions; and 2) the first announced use of DOH was by Mozilla Firefox with a DOH server from Cloudflare. This second point brought concerns about centralization and potential choke points.  As more entities have stood up DOH servers, there has been a need to help DOH clients understand which DOH server to use. Paul’s draft provides one such mechanism.

If by some miracle there happens to still be time in the session and there is an open mic, I may see if I can briefly ask the group if there is interest in moving forward the draft that several of us worked on about DNSSEC cryptographic algorithm agility – draft-york-dnsop-deploying-dnssec-crypto-algs .  However, given the agenda, I highly doubt there will be an opportunity – it will need to be mailing list activity.

DNS PRIVate Exchange (DPRIVE)

[UPDATE, 4 November 2018: The DPRIVE session at IETF 103 was cancelled after the working group chairs determined they did not have enough presenters to have the discussion they were seeking to have. They plan to take the conversation back to the DPRIVE mailing list and perhaps hold a virtual interim meeting in December 2018.]

The DPRIVE working group meets Wednesday morning from 09:00-11:00 ICT.  This meeting at IETF 103 is primarily focused on the discussion about how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain.  Specifically they will spend about 30 minutes on the “user perspective” of DNS privacy and a full hour on the “authoritative and recursive perspective” as the working group looks at whether to expand its work to increase the privacy of even more elements of the DNS infrastructure.

Extensions for Scalable DNS Service Discovery (DNSSD)

Privacy will also get attention at the DNSSD Working Group on Thursday afternoon from 13:50-15:50 ICT.  DNSSD focuses on how to make device discovery easier across multiple networks. For instance, helping you find available printers on not just your own network, but also on other networks to which your network is connected. However in doing so the current mechanisms expose a great deal of information.

The working group had a lengthy discussion at IETF 102 in Montreal about DNS privacy – and are planning for a significant 50 minute discussion block here at IETF 103 in Bangkok.

DNSSEC Coordination informal breakfast meeting

As a final note, on Friday morning we may try an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. This time we are not sure yet because with the formal meetings ending on Thursday, many people may be traveling home on Firday. We’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

DANE and DNSSEC will also appear in the TLS Working Group’s meeting on Wednesday. The draft-ietf-tls-dnssec-chain-extension will be presented as a potential way to make DANE work faster by allowing both DANE and DNSSEC records to be transmitted in a single exchange, thus reducing the time involved with DANE transactions. There has been a lengthy discussion on the TLS list and the chairs are scheduling 55 minutes for this discussion.

Given the key role DNS plays in the Internet in general, you can also expect DNS to appear in other groups throughout the week.

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 103:

DNSOP (DNS Operations) WG
Monday, 5 November 2018, 13:50-15:50 ICT, Chitlada 1
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-dnsop
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

DPRIVE (DNS PRIVate Exchange) WG
Wednesday, 7 November 2018, 09:00-11:00 ICT, Meeting 1
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-dprive
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Thursday, 8 November 2018, 13:50-15:50 ICT, Meeting 2
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-dnssd
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: http://tools.ietf.org/wg/dnssd/charters/

 

Follow Us

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Follow us on the Internet Society blogTwitter, or Facebook using #IETF103 to keep up with the latest news.

Categories
IETF IPv6

Rough Guide to IETF 103: IPv6

In this post for the Internet Society Rough Guide to IETF 103, I’m reviewing what’ll be happening at the IETF in Bangkok next week.

IPv6 deployment hit another milestone recently, reaching 25% adoption globally. The almost total depletion of the pool of unallocated IPv4 addresses has seen the cost of an IPv4 address on the transfer market rise from USD 15 to 18 in just a few months, which has encouraged network operators to further step-up their deployment efforts.

There was some good news from the UK with the largest mobile operator EE and the incumbent provider of broadband Internet BT, increasing to nearly 30% and 46% respectively. Other mobile operators deploying IPv6 also saw a boost this month with the release of Apple’s iOS 12 update that adds IPv6 support for cellular data.

Belgium still leads the way, but Germany is rapidly catching up, followed by Greece, the US and India. France, Malaysia, Finland and Australia also seem to have seen a surge in deployment recently.

IPv6 is always an important focus for the IETF, and this meeting will see a lot of work with respect to deployment-related improvements and the Internet-of-Things.

The IPv6 Operations (v6ops) Working Group is a key group and will be meeting on Monday morning. It’s published four RFCs since its last meeting, including Happy Eyeballs v2, and this time will kick-off with a presentation on the CERNET2 network which is an IPv6-only research and education in China.

There’s also four drafts to be discussed, including three new ones. IPv6-Ready DNS/DNSSSEC Infrastructure recommends how DNS64 should be deployed as it modifies DNS records which in some circumstances can break DNSSEC. IPv6 Address Assignment to End-Sites obsoletes RFC 6177 with best current operational practice from RIPE-690 that makes recommendations on IPv6 prefix assignments, and reiterates that assignment policy and guidelines belong to the RIR community. Pros and Cons of IPv6 Transition Technologies for IPv4aaS discusses different use case scenarios for the five most prominent IPv4-as-a-service (IPv4aaS) transitional technologies, whilst NAT64/464XLAT Deployment Guidelines in Operator and Enterprise Networks is an updated draft that describes considerations with respect to applications or devices using literal IPv4 addresses or non-IPv6 compliant APIs, as well as IPv4-only hosts on an IPv6-only network.

The other key group is the IPv6 Maintenance (6man) Working Group that will be meeting on Tuesday afternoon. Since the last meeting this has published just the one RFC on creating an IANA registry for updating the IPv6 Neighbor Discovery Prefix Information Option Flags, but has no less than nine drafts up for discussion.

The couple of working group sponsored drafts relate to specifying a IPv6 Segment Routing Header (SRH) and how this can be used by Segment Routing capable nodes, and specifying a Router Advertisement flag to indicate to hosts that a link is IPv6-only. There are also a couple of new drafts that specify how IOAM (In-situ Operations, Administration and Maintenance) records are encapsulated in IPv6, and defining the building blocks that can be used for OAM in Segment Routing with IPv6.

That leaves five existing drafts to be discussed, covering communicating NAT64 prefixes to clients with Router Advertisements, Updates to Requirements for IPv6 Options, Path MTU Discovery solutions, a new Path MTU Hop-by-Hop Option to record minimum Path MTU from source to destination, and IPv6 Packet Truncation procedures.

On Tuesday morning, the IP Wireless Access in Vehicular Environments (ipwave) Working Group will be meeting. Most of the agenda is focusing on updates to the specification for transmitting IPv6 Packets over IEEE 802.11 Networks in Vehicular communications, and the use cases for IP-based vehicular networks, but there’s recently been a couple of updates to DNS Name Autoconfiguration for Internet of Things Devices and IPv6 Neighbor Discovery for Prefix and Service Discovery in Vehicular Networks, so these may also be discussed.

The Homenet (homenet) Working Group has previously been quite active, but appears to be focusing on the Homenet Naming and Service Discovery Architecture during its meeting on Wednesday afternoon. There’s also an agenda item for general security questions, and a demonstration of SecureHomeGateway, before moving into discussions on re-chartering the group.

There’s also two IPv6-related working groups on Monday. The Routing Over Low Power and Lossy Networks (roll) Working Group focuses on IPv6 routing issues for these networks. This has a very busy agenda commencing with an update on the ROLL-BIER design that extends RPL to support routing based on Bit Index Explicit Replication (BIER) in environments with limited and lossy updates. There are seven other drafts up for discussion on Efficient Route Invalidation, RPL protocol design issues, route discovery for symmetric and asymmetric point-to-point traffic flows, a packet transmission rate metric for parent node selection, implementing the forwarding of copies of packets over different paths to different RPL parents, a proposal to extend the RPL protocol to install centrally-computed routes, and an update to the unicast routing services in an RPL domain.

The IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group also has a busy agenda. This includes a discussion on the proposed draft that updates RFC 6775 to support registration extensions for simplifying these operations in 6LoWPAN routers, an update on Address Protected Neighbor Discovery for Low-power and Lossy Networks, an update to RFC 4944 with a simple protocol to recover packet fragments over a mesh network, and the IPv6 Backbone Router draft being prepared for a Working Group Last Call.

Other drafts up for review include transmitting IPv6 packets over Near Field Communication (NFC), a new type of 6LoWPAN routing header containing delivery deadlines for data packets, and IPv6 over Power-Line Communication Networks. The session will be rounded-off with a performance report on fragment forwarding and recovery.

Tuesday morning sees the meeting of the Low Power Wide-Area Networks (lpwan) Working Group. There will be another discussion around whether to move to a Working Group Last Call on the Static Context Header Compression (SCHC) framework for IPv6 and UDP, that provides both header compression and fragmentation functionalities. Three other drafts describe similar schemes for SigFox,LoRaWAN and IEEE 802.15.4 type networks.

Rounding off the IPv6-related sessions on Thursday afternoon, the IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group, will focus on the specification for a combining a high speed powered backbone and subnetworks using IEEE 802.15.4 time-slotted channel hopping (TSCH). The 6top protocol that enables distributed scheduling is now heading for publication as an RFC, and there are also updates to the description of a scheduling function that defines the behavior of a node when joining a network and to define a security framework for joining a 6TiSCH network. If there’s time, a method to protect network nodes against a selective jamming attack will be discussed.

At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe: http://www.worldipv6launch.org/measurements

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 103 posts.

IPv6-related Working Groups at IETF 103:

V6OPS (IPv6 Operations) Working Group
Monday, 5 November 2018 09.00-11.00 UTC+7, Meeting 1
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/

ROLL (Routing Over Low power and Lossy networks) WG
Monday, 5 November 2018 09.00-11.00 UTC+7, Boromphimarn 1/2
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-roll/
Documents: https://datatracker.ietf.org/wg/roll/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-roll/

6LO (IPv6 over Networks of Resource Constrained Nodes) WG
Monday, 5 November 2018 16.10-18.10 UTC+7, Meeting 2
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

IPWAVE (IP Wireless Access in Vehicular Environments) WG
Tuesday, 6 November 2018 09.00-11.00 UTC+7, Meeting 2
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-ipwave/
Documents: https://datatracker.ietf.org/wg/ipwave/documents/
Charter: https://datatracker.ietf.org/wg/ipwave/documents/

LPWAN (IPv6 over Low Power Wide-Area Networks) WG
Tuesday, 6 November 2018 09.00-11.00 UTC+7, Meeting 1 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-lpwan/
Documents: https://datatracker.ietf.org/wg/lpwan/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/

6MAN (IPv6 Maintenance) WG
Monday, 16 July 2018 @ 09.30-12.00 UTC-4, Laurier
Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

Homenet (Home Networking) WG
Wednesday, 7 November 2018 13.50-15.20 UTC+8, Chitlada 3
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Thursday, 8 November 2018 16.10-18.10 UTC+7, Boromphimarn 1/2
Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 103 posts, and follow us on the Internet Society blogTwitter, or Facebook using #IETF103 to keep up with the latest news.

Categories
Events IETF Internet of Things (IoT)

Rough Guide to IETF 103: Internet of Things

Not surprisingly it has been a busy 4 months in IoT, and IoT-related work in IETF has been buzzing right along. This post is intended to highlight some of these activities, and to provide a guide to relevant sessions scheduled during the upcoming IETF 103 meeting in Bangkok. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics.

The IETF Hackathon, held on the weekend preceding the main IETF meeting (November 3-4, 2018), includes several projects directly related to IoT, with the possibility of more being added. Remote participation is available. More information is on the Hackathon wiki. Projects of interest (at the time of this writing) include those relating to:

  • LPWAN CoAP/UDP/IPv6 SCHC compression and fragmentation
  • ST-COAPS (ACE WG) + ANIMA BRSK
  • WISHI (Work on IoT Semantic / Hypermedia Interoperability
  • Trusted Execution Environment Provisioning (TEEP)

The Thing-to-Thing Research Group (T2TRG), under the Internet Research Task Force (IRTF), investigates open research issues towards turning the promise of IoT into reality. The research group will be meeting on Tuesday afternoon 6 Nov 2018 16:10-18:10 (GMT+7) in Bangkok to report out on their recent activities. In addition, they will hold a working meeting on Friday 9-November from 09:00 to 13:20 (GMT+7). The agenda for the Friday work meeting can be found here. As in the past, full details and latest info on their activities can be found in GitHub.

Two recently chartered IoT-related working groups are working on very serious problems, and are making good progress:

I would like to draw your attention to some recently started activities of note:

In other contributed updates of interest:

The Lightweight Implementation Guidance (LWIG) working group is providing useful implementation guidance to IoT developers. At IETF 103, the group will have discussions to finalize the draft on lightweight TCP implementations and Efficient Neighbor Management policies for 6LoWPAN networks. The group will also discuss a draft which defines how various standard elliptic curves such as NIST P-256, Curve25519 and Ed25519 can efficiently re-use the same underlying implementation. The session is Tuesday 7 Nov 2018 11:20-12:20 (GMT+7).

Another interesting draft titled Enabling Network Access for IoT devices from the Cloud in the Thing-to-Thing Research Group (T2TRG) investigates how to overcome the perennial problem of secure bootstrapping of IoT devices. Rather than inventing another protocol, the draft describes how IoT devices can securely join a network with existing standard protocols such as EAP (RFC 3748) and RADIUS (RFC 2865). The draft received significant positive media coverage by The Register. In the latest update, the draft presents how to deal with the tricky problem of manufacturer obsolescence. It also defines new deployment modes for devices which have no identities or keys using existing EAP methods such as EAP-PSK (RFC 4764) and new EAP methods such as EAP-NOOB (Nimble out-of-band authentication for EAP).

Thanks to Mohit Sethi, Ericsson (Co-Chairing EAP Method Update (EMU) and Lightweight Implementation Guidance (LWIG))

IoT Onboarding

A lot of work is going on to figure out how to help a device with no user interface onboard to the correct network in a secure way. The basis for some of this work is the Bootstrapping Remote Secure Key Infrastructure draft (BRSKI). This work is built atop HTTP. Several other activities are now looking at how to provide the voucher that is used in BRSKI and defined in RFC 8366 for other circumstances, like 802.11 networks and for further constrained devices. There are at LEAST three drafts on this subject, that will be mentioned in the OPS Area WG (OPSAWG) meeting, as well as at the EAP Method Update (EMU) WG session. There will also be a side meeting on Tuesday night at 18:00 local time for those who are interested in Apartment 3 on the 9th floor.

Thanks to Eliot Lear, Cisco

ANIMA‘s Bootstrapping Remote Secure Key Infrastructure draft (BRSKI) protocol has passed WGLC, and by IETF103 may be through IESG review and into the RFC-EDITOR queue. Since IETF101, ANIMA has adopted a constrained version of RFC8366 + BRSKI, and ACE has adopted a constrained version of RFC7030 (Enrollment over Secure Transport – EST). Expect serious activity on these protocols at IETF103, as these variations are approaching WGLC. A variety of interoperability events are being planned around these protocols, and there may be reports on those that have get done. Interest is growing on how to do device secure device enrolment over WiFi. The draft BRSKI over IEEE 802.11 gives a review of many different ideas, and the Wifi Alliance has recently released the Device Provisioning Protocol (DPP) Specification (requires registration).

Thanks to Michael Richardson, Sandelman Software Works

The IETF motto about running code is being applied to the opsawg’s MUD internet draft. CIRALabs has been working over the summer to bring to life a MUD-driven IoT firewall called the “SecureHomeGateway.” The system uses a smartphone, an off-the-shelf OpenWRT home gateway, and a QR code to apply the MUD internet draft to common devices. The team is taking the work up to ISPs at RIPE, to ccTLD operators at ICANN and has been keeping the HOMENET and ANIMA WGs appraised of developments. The CIRAlabs team expects to make some extensions (MUD processing and extensions for Secure Home Gateway Project) to MUD to better support some operational requirements that might come out of the SUIT and ANIMA The team also has some ideas on how to bootstrap the initial trust between mobile phone and home gateway (BRSKI enrollment for Smart Pledges).The MUD authors are now also looking at ways to expand the use of MUD to bandwidth profiling, so that administrators can provision based on the devices’ needs and observe when a device is behaving outside that profile. The initial draft can be found at https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-bw-profile/.

Thanks to Michael Richardson, Sandelman Software Works, and Eliot Lear, Cisco

MUD

While we are on the subject of “Manufacturer Usage Description Specification“ (MUD), I am pleased to see that it is gaining some serious traction. Last June, the Internet Engineering Steering Group (IESG) approved it as a proposed standard.

From the abstract: This memo specifies a component-based architecture for manufacturer usage descriptions (MUD). The goal of MUD is to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects.

For more on MUD, Eliot Lear, one of the MUD authors, wrote a great article about it for the IETF Journal: Managing the Internet of Things – It’s All About Scaling.

As I have noted in previous IoT Rough Guides, MUD also plays a significant role in the project – Mitigating IoT-Based Automated Distributed Threats – being developed by the US National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). NCCoE has also taken on a proof of concept project. You can find out more about that at https://www.nccoe.nist.gov/projects/building-blocks/mitigating-iot-based-ddos.

Ongoing work includes:

Schedule and locations subject to change. Please refer to the online agenda to confirm.

If you have an interest in how the IoT is developing and being standardized in the IETF, I hope to see you in person or online at some of these meetings during IETF 103. (Note that If you know you will be unable to travel to the meeting and would like to participate remotely, you must register as a remote participant. There is currently no fee to be a remote participant at an IETF meeting but registration is required. If you do not want to register, you may opt to listen to the live audio stream of the sessions instead. The links for each session are posted in each session description in the agenda.

** All times ICT — Indochina Time (GMT+7) 

6lo (IPv6 over Networks of Resource-constrained Nodes) WG
Monday, 5 Nov 2018, 16:10-18:10
Meeting 2 Room (7th Floor)
Agenda/Materials
Documents
Charter

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Thursday, 8 Nov 2018, 16:10-18:10
Boromphimarn 3 Meeting Room (3rd Floor)
Agenda/Materials
Documents
Charter

ace (Authentication and Authorization for Constrained Environments) WG
Thursday, 8 Nov 2018, 16:10-18:10
Chitlada 1 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

core (Constrained RESTful Environments) WG
Monday, 5 Nov 2018, 13:50-15:50
Boromphimarn 1/2 Meeting Room (3rd Floor)
Thursday, 8 Nov 2018, 11:20-12:20
Chitlada 1 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

homenet (Home Networking) WG
Wednesday, 7 Nov 2018, 13:50-15:20
Chitlada 3 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

ipwave (IP Wireless Access in Vehicular Environments) WG
Tuesday, 6 Nov 2018, 11:30-12:20
Chitlada 3 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

lpwan (IPv6 over Low Power Wide-Area Networks) WG
Tuesday, 6 Nov 2018, 09:00-11:00
Meeting 1 Room (7th Floor)
Agenda/Materials
Documents
Charter

lwig (Light-Weight Implementation Guidance) WG
Wednesday, 7 Nov 2018, 11:20-12:20
Meeting 2 Room (7th Floor)
Agenda/Materials
Documents
Charter

opsawg (Operations and Management Area) WG
Tuesday, 6 Nov 2018, 16:10-18:10
Chitlada 2 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

rats (Remote ATtestation ProcedureS – aka simply Attestation) BoF
Tuesday 6 Nov 2018, 13:50-15:50
Chitlada 2 Meeting Room (2nd Floor)
RATS draft charter

roll (Routing Over Low power and Lossy networks) WG
Monday, 5 Nov 2018, 09:00-11:00
Boromphimarn 1/2 Meeting Room (3rd Floor)
Agenda/Materials
Documents
Charter

suit (Software Updates for Internet of Things) WG
Thursday, 8 Nov 2018, 09:00-11:00
Chitlada 2 Meeting Room (2nd Floor)
Agenda/Materials
Documents
Charter

t2trg (Thing-to-Thing) RG
Tuesday 6 Nov 2018, 16:10-18:10
Meeting 1 Room (7th Floor)
Agenda/Materials
Documents
Charter

teep (Trusted Execution Environment Provisioning) WG
Wednesday, 7 Nov 2018, 09:00-11:00
Meeting 2 Room (7th Floor)
Agenda/Materials
Documents
Charter

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 103 posts, and follow us on the Internet Society blogTwitter, or Facebook using #IETF103 to keep up with the latest news.

Categories
Events IETF Technology

Rough Guide to IETF 103

Starting next weekend, the Internet Engineering Task Force will be in Bangkok for IETF 103, where around 1,000 engineers will discuss open Internet standards and protocols. The week begins on Saturday, 3 November, with a Hackathon and Code Sprint. The IETF meeting itself begins on Sunday and goes through Friday. We’ll be providing our rough guides on topics of mutual interest to both the IETF and the Internet Society as follows:

For more general information about IETF 103 see:

Here are some of the activities that the Internet Society is involved in during the week.

Applied Networking Research Prize (ANRP)

Through the Applied Networking Research Prize (ANRP), supported by the Internet Society, the Internet Research Task Force (IRTF) recognizes the best new ideas in networking and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. Out of 55 submissions in 2018, six submissions will be awarded prizes. Two winners will present their work at the IRTF Open Meeting on Monday, 5 November at 4:10PM.

IETF Journal

The IETF Journal provides an easily understandable overview of what’s happening in the world of Internet standards, with a particular focus on the activities of the IETF Working Groups. Articles highlight some of the hot issues being discussed in IETF meetings and on the IETF mailing lists. You can follow IETF Journal via our Twitter and Facebook channels. If you would like to write for the Journal about your work at IETF 103, please email us at ietfjournal@isoc.org.

Other highlights of the IETF 103 meeting include:

Hackathon

Right before IETF 103, the IETF is holding another Hackathon to encourage developers to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards. The Hackathon is free to attend but has limited seats available. Technologies from past Hackathons include DNS, HTTP 2.0, NETVC, OpenDaylight, ONOS, VPP/FD.io, RiOT, SFC, TLS 1.3, WebRTC, YANG/NETCONF/RESTCONF. Details on all planned technologies will be listed on the IETF 103 Meeting Wiki.

Birds of a Feather (BoF) Sessions

Another major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. There are two BoFs happening in Bangkok:

  • Remote Attestation Procedures (rats) Tuesday, 6 November, 13:50 – 15:50. The RATS effort strives to provide evidence about a system’s health and trustworthiness via the Internet. Instead of having a separate set of protocols for each set of mechanisms, the RATS effort will define a common set of protocols that can be used inter-operably over the Internet.
  • WGs Using GitHub (wugh) Wendesday, 7 November, 13:50 – 15:20. A venue to continue discussion about ways that IETF Working Groups are using GitHub. The goal of the meeting is to determine whether there is enough support in the community to warrant more detailed discussions with the IETF Tools Team and the IETF Secretariat about functional requirements and process details to support integrating GitHub use into WG work.

Follow Us

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Follow us on the Internet Society blogTwitter, or Facebook using #IETF103 to keep up with the latest news.