Categories
IETF Open Internet Standards Technology

A Newcomer's Experience at IETF 92

IETF 92 was a unique experience compared to the Association for Computing Machinery (ACM) and USENIX conferences I regularly attend. Naturally, IETF is more focused on concrete solutions and detailed specifications for working systems, as opposed to conceptual research. This practical focus appealed to my interest in “systems building” research.

By attending working and research group sessions closely related to my research–in particular, SFC, NFVRG, and SDNRG–I gained a better understanding of: (1) what problems are currently in need of solutions, (2) what problems will need to be solved in the near future, and (3) what constraints shape the space of possible solutions. For example, the SFC session had a presentation on dealing with legacy network functions, which is a problem I have attempted to address in some of my past research. This presentation affirmed the relevancy of this problem. Moreover, discussions during this session made me realize that the solution I had originally proposed–re-purposing some field in the Ethernet or IP header to serve as a tag–is not well suited for an actual deployment. It seems that making it easier to retrofit legacy functions with support for new SFC standards–e.g., using program analysis techniques–may be a more viable approach.

In the NFVRG session, there were several presentations on open source virtual network function management and orchestration (MANO) frameworks. These frameworks address some of the practical issues I have encountered in my research–e.g., high speed forwarding of packets to network function virtual machines. I plan to use some of these frameworks to conduct more realistic evaluations of the solutions/systems I have developed.

One of my favorite sessions was the plenary presentation on security in the Internet-of-Things. There has been little discussion on this topic at the networking conferences I regularly attend, so this presentation provided a great introduction to this emerging area.

In summary, attending IETF has given me new research problems to think about, and helped me identify better ways to evaluate my research. It’s also improved my teaching: I am now better equipped to teach students about Internet standards and the Internet-of-Things.

Categories
IETF Open Internet Standards

Looking Forward To Receiving The IETF In Latin America

When some of us in Latin America started to look for support to host an Internet Engineering Task Force (IETF) meeting in our region, we realized that the challenge was beyond the gathering itself. In those countries where the IETF meets, the local community has additional opportunities to participate (no travel costs, people excited locally helps with additional engagement, universities can benefit with day passes, etc). But in order to be effective, there must be a critical mass already engaged. That was the challenge for the Internet Society as soon as the event was approved by the IAOC.

We used to say that there was a chicken and egg problem. The IETF meets in places “comfortable” to the current participants and, as a side effect, attracts additional participants from those regions. But, even though we have one, we can’t take the other for granted. In 2016, the meeting will be in Buenos Aires, but the local participants must be there too, and they should be already engaged in the IETF in order to benefit with the meeting. We’re now working in the LAC region to raise awareness on the importance of the IETF, to show the value it has for students, researchers and other Internet professionals, showing that the IETF leadership is serious on trying to engage with other regions and took the first step.

The Internet Society is not alone. Alvaro Retana (Routing AD) leads a group in Lacnog (the network operators community for LAC) to help those experts in the region who can contribute to the IETF. There are other organizations doing IETF promotion, such as Lacnic, the Regional Internet Registry for Latin America, and the Caribbean and NIC.br, the Brazilian Network Information Center.

The work plan has two objectives with activities aligned with them: Create awareness and facilitate participation. The groups we would like to engage include Academia, Network Operators, NRENs, and Broad technical community (open source, government, software companies, etc). There are planned activities for those “communities” in several countries. If you live in Latin America and you’re interested in the IETF, feel free to send an email to ietf-lac@lacnog.org to know what’s going on in your country or to suggest activities we can do there to improve IETF participation in your country.

For those already participating in the IETF mailing lists, we encouraged them to meet locally during the sessions of the Working Groups they’re following. Instead of an individual remote participation, several engineers met in different locations on what we called remote Hubs. For IETF 92 there were 15 remote hubs organized in 7 different countries: In Argentina there were five hubs: two at the network operator IPLAN, two at the ISP chamber Cabase and one at Palermo University, in Bolivia it was organized by the network operator Entel Bolivia, in Brasil at the Mackenzie University, in Chile at the Diego Portal University, in Perú it was at the network operator Entel Perú, in Dominican Republic it was organized by the Internet Society chapter and IPv6-at the INTEC University and in Uruguay one was at LACNIC, the regional Internet Registry and the local network operator Antel organizing two hubs.

The Internet Society is committed to support the IETF leadership in promoting additional participation mainly from those regions not yet engaged. We really appreciate the effort that other organizations are doing and we encourage you send us suggestions for activities or projects that can help on that regard. We look forward to seeing you in Buenos Aires next year.

Note: a related post in Spanish is also available.

Categories
Deploy360 Events IETF

Operators and the IETF: Update from IETF 92

Dallas - IETF 92Another IETF meeting is in the books. And what a meeting it was! Lot’s of activity around many of our Deploy360 topics occurred all week. If you weren’t able to follow along in real-time, I encourage you to look back over our IETF 92 blog posts and check out the relevant working group meeting presentations, minutes, and recordings.

Operators and the IETF updates

My primary focus in Dallas last week, in addition to following all of the above, was to help progress the discussion around Operators and the IETF. Those of you who’ve been following this project know that it’s all about lowering barriers to entry for newcomers and practitioners with the goal of drawing in ever more feedback from operators, the emerging DevOps crowd, and anyone with knowledge and experience to contribute to the IETF process.

It turns out one of the largest barriers to participation is a lack of awareness. This makes sense; if you don’t know you can contribute, or why you should, it makes it quite hard to do so. To address this fundamental challenge, we’ve been piloting an effort to bring an IETF Help Desk to NOG meetings around the world. After hosting such help desks at NANOG 63 and APRICOT/APAN 2015 it was time to report back to the IETF. I was given the opportunity to do just that in both the IEPG meeting on Sunday and again in the OpsAWG meeting on Thursday.

IETF Help Desk Update – IETF 92 from Deploy360 Programme (Internet Society)

As you can see in the slides, I covered results and lessons learned from both IETF Help Desks as well as next steps for the help desk and other ideas for action. I’m very pleased to report that this initiative appears to be gaining traction, with several volunteers working to host IETF Help Desks and to report out on IETF activities at events around the world! If you’d like to get involved in any of these activities, have additional ideas, or just want to discuss the survey results and overall solution set; please join the synergy mailing list and jump in!

Operators presenting at IETF 92!

Suprita Sah - v6opsI’d be remiss if I didn’t also point out that on Wednesday (25 March), in the IPv6 Operations (v6ops) working group meeting, the Chairs did something a little different. Instead of filling the agenda with just Internet-Draft updates, they also brought in a few speakers to provide IPv6 deployment updates from around the world. Awesome! While all credit here goes to the v6ops working group chairs, this is exactly what we are trying to facilitate and encourage more of; operational realities being reflected back into the standards process, to help make the whole system a bit more informed.

What makes this even cooler is that one of the Internet Society fellows to IETF 92, Suprita Sah, provided one of the updates. Suprita told us much about the status of IPv6 deployment and the challenges of IPv4 exhaustion in her home country of India.

All the presentations from this week’s v6ops meeting are here.

It would be great to see more reports like this more often in all of the Operations and Management Area working groups, particularly dnsop, grow, opsec, and v6ops. If you have deployment or operations feedback on any IETF protocols or technologies, I highly encourage you to seek out the relevant working group chairs and offer up a report. Remember: Remote presentations are an excellent option if you can’t make it to the IETF meeting in person.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF

Deploy360@IETF92, Day 5: EPPEXT… and we’re done!

Face of IETFOn this  final day of IETF 92 our Deploy360 attention will be focused on only one working group, EPPEXT, that is looking at communication between registries, registrars and other entities working with domain names.   There only two blocks of working group sessions today… and then everyone heads home!  Here’s what this abbreviated day looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The sessions in the first 0900-1130 CDT block are not ones that we typically follow.  I may be monitoring CORE, as it deals with Internet of Things (IoT) issues, or perhaps MMUSIC as there is a draft dealing with IPv4 vs IPv6 connectivity.

Finally, in the very last 1150-1320 session, the Extensible Provisioning Protocol Extensions (EPPEXT) working group will be meeting in the Oak Room.  I mentioned EPPEXT in my Rough Guide to IETF 92 post but at the time the agenda was not available.  The IETF 92 agenda is now available, and it includes:

One of the existing documents of interest to us is one that helps with the automation of relaying DNSSEC key material between DNS operators.  We’re also just interested in general with steps that can help automate the communication among these various entities.

And then… with that… IETF 92 will draw to a close!

Many thanks for reading along this week… please do read our other IETF 92-related posts … and we’ll see you at IETF 93 in Prague in July!


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: some of the faces and scenes appearing in Olaf Kolkman’s collection of IETF 92 photos. Used with his permission.

Categories
Human Rights IETF

The Intersection of Human Rights…. and IETF Protocols?

Should considerations for human rights such as freedom of expression or freedom of assocation be incorporated into the development of Internet protocols and standards?

That’s the key question being asked today in a session at IETF 92 in Dallas, TX, where there is a proposal to create a “Human Rights Protocol Considerations Research Group” within the IRTF. You can tune in live from 11:50-13:20 US CDT (UTC-5) at:

http://www.meetecho.com/ietf92/hrpc

The HRPC agenda primarily focuses on draft-doria-hrpc-proposal that states as an abstract:


Work has been done on privacy issues that should be considered when creating an Internet protocol.  This draft suggests that similar considerations may apply for other human rights such as freedom of expression or freedom of association.  A proposal is made for work in the IRTF researching the possible connections between human rights and Internet standards and protocols.  The goal is to create an informational RFC concerning human rights protocol considerations.


I am guessing from the agenda that the goal today would be to formally create the HRPC research group and begin the work.  There is a mailing list for people who want to be more involved.  I expect there could be some vigorous discussion at this meeting today.

I’ve not been personally involved in this effort but I find the idea intriguing enough that I thought I’d write this post to draw attention to today’s session.

If you are interested in helping create such a document, I would encourage you to join today’s session if you can – or to join the mailing list.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF IPv6

Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

Categories
Deploy360 Events IETF IPv6

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events Internet of Things (IoT) IPv6

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

Categories
IETF Open Internet Standards

Video: IETF Newcomers Session Provides A Tutorial About The Standards Process

What is the Internet Engineering Task Force (IETF) all about?  How does it work to create the open standards that power the Internet?  What does it do specifically?  How can you participate?

At IETF 92 this week in Dallas, Texas, USA, long-time IETF participant Scott Bradner delivered a tutorial as part of the IETF 92 for Newcomers program.  His session was streamed live and is now available for viewing. In the 1.5 hour session Scott covers:

  • IETF history & overview
  • IETF Purpose
  • how work gets done
  • IETF role & scope
  • IETF structure & associated groups
  • IETF management & selection
  • IETF process & procedure
  • a working group session
  • intellectual property rights (IPR)

His slides are available for download.

You can watch the video below – or view it directly on YouTube – and then I would encourage you to visit the IETF Newcomers page to learn more.

You can view other videos that were recorded this week at IETF92 at http://www.ietf.org/live/

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF IPv6 Transport Layer Security (TLS)

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.


NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.


The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.

Categories
Building Trust Identity IETF Open Internet Standards Privacy Technology

Rough Guide to IETF 92: Trust, Identity, and Privacy

Wrapping up the series of Rough Guide to IETF 92 posts is our focus on Trust, Identity, and Privacy. ISOC has been working over the past five years in these areas, and each subsequent IETF has seen advancing work and progress being made on multiple fronts. IETF 92 in Dallas this week is no exception.

First, while there won’t be a meeting on it this time, I’d like to remind folks of the mailing list created last fall to discuss vectors of trust at https://www.ietf.org/mailman/listinfo/vot. The impetus for this mailing list came out of an ISOC-sponsored workshop this past September. It is hoped that these discussions will lead to further consensus on concepts around trust and levels of assurance. There are rumors of an informal bar BoF to further discussions on this topic. Monitor the mailing list for details. This is a great opportunity to get involved in a potential IETF activity at a very early stage.

The W3C Privacy Interest Group (PING) will again meet face-to-face alongside IETF on Thursday, 26 March. Topics for the meeting include: the WiFi Privacy Experiment at IETF; W3C Technical Advisory Group (TAG) finding “Securing the Web” through the use of cryptography; Proposed Edited Recommendation Geolocation API; as well as PING’s ongoing work on privacy reviews and guidance for Web specification authors. Please join the meeting if you have an interest in privacy on the Web and would like to help develop better privacy features in Web standards. Meeting details are provided here: https://lists.w3.org/Archives/Public/public-privacy/2015JanMar/0124.html.

And since I mentioned it above, I’d also like to highlight an experiment that will be hosted on the IETF network. As stated at the link below, the IEEE 802 EC Privacy Recommendation Study Group, in coordination with the IAB and IESG, are working on privacy enhancements for link layer technologies. As part of this effort, they are carrying out a WiFi MAC randomization trial/experiment at IETF 92. The experiment is similar to the one carried out at IETF 91, but this time it’s been upgraded with more support for operating systems (including mobile) and it will run integrated into the main IETF 92 WiFi network. If you are attending in person, you can participate in this experiment. Details on participation can be found on the IETF Meeting Wiki; there is also an article about the privacy trials in the latest issue of the IETF Journal.

As for the IETF working groups, there are several ongoing working groups addressing topics in this space.

The jose (Javascript Object Signing and Encryption) working group will have a short meeting on Tuesday evening to discuss new proposals to develop a Concise Binary Object Representation (CBOR) encoded message syntax for signatures, message authentication codes, and encryption similar to those developed for JSON. The four core jose specifications and the cookbook have both progressed to the RFC Editor and should be coming out sometime soon.

The oauth (Web Authorization Protocol) working group has a full agenda for its Monday afternoon meeting based around its continuing work on proof-of-possession security assertions, token introspection, and token exchange among others. There are several oauth documents that are currently in IESG processing or the RFC Editor queue.

The ace (Authentication and Authorization in Constrained Environments) working group is continuing to develop documents on use cases, actors, architecture comparison, and object security. There is also a side meeting organized on Monday evening to help accelerate consensus on architecture, terminology, and scope. The plan is to meet from 19:10 to 20:40 after the plenary (look to the mailing list for details). Additionally, the technical plenary on Monday evening is on Smart Object Architecture and is highly relevant to this area of work.

The scim (System for Cross-domain Identity Management) working group has successfully sent their core document to the IESG for processing. This includes use cases, an api, and core schema. The meeting this week will discuss new drafts on soft deletes and event notification.

The relatively new stir (Secure Telephone Identities Revisited) working group is looking to develop mechanisms to correctly identify where SIP requests are being originated. In a nutshell, how do you prove ownership of a telephone number on the Internet? The problem statement (RFC 7340) and threats (RFC 7375) documents were published earlier this year, and the “Authenticated Identity Management in the Session Initiation Protocol” and “Secure Telephone Identity Credentials: Certificates” documents are again on the agenda for this meeting.

The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The primary effort of the trans (Public Notary Transparency) working group is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. The primary focus of this week’s discussion will be resolution of issues on the update to RFC 6962. Additional topics for this week’s agenda include a threat analysis, client behavior, and the gossip protocol.

The httpauth (Hypertext Transfer Protocol Authentication) working group’s document for a basic http authentication scheme is in the RFC Editor queue, and the HTTP Digest Access Authentication document is with the IESG. This meeting will focus on mutual authentication, algorithms for mutual authentication, and extensions for interactive clients.

Finally, the dprive (DNS PRIVate Exchange) working group is a relatively new working group chartered to develop “mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.” They are working on a problem statement and some initial proposals. And, the kitten (Common Authentication Technology Next Generation) working group is addressing a long list of documents related to authentication.

As you can see, the IETF is devoting a significant amount of time and energy on efforts related to trust, identity, and privacy. There is plenty to follow and contribute to in this space.

Related Meetings, Working Groups, and BoFs at IETF 92:

Follow Us

There’s a lot going on in Dallas, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf92.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF IPv6 Transport Layer Security (TLS)

At IETF92 Next Week, Much Happening With IPv6, DNSSEC, DANE, TLS and more…

Dallas skylineNext week is IETF 92 in Dallas, Texas, and there will be a great amount of activity happening with the topics we cover here on Deploy360: IPv6, DNSSEC (and DANE), TLS, anti-spoofing and securing BGP.  As part of the Rough Guide to IETF 92, several of us have written posts outlining what’s happening in the various topic areas:

In each of those posts you’ll find a summary of what’s happening and a list of the relevant working groups and the associated links about how to learn more.  More information about IETF 92 in general can be found on the main Rough Guide to IETF 92 page at:

https://dev.internetsociety.org/rough-guide-ietf92

Beyond all of that, Chris Grundemann will also be talking about our “Operators and the IETF” work and discussing Best Current Operational Practices (BCOP) with people as well.

If you can’t get to Dallas next week, you can attend remotely!  Just visit the IETF 92 remote participation page or check out http://www.ietf.org/live/ for more options.

To that end, as a bit of a change both Megan Kruse and I (Dan York) will be participating in this IETF 92 remotely.  It’s very strange to not be attending an IETF meeting in person, but different circumstances have made it not possible for both of us.  Jan Žorž will also be remote having just returned from v6 World Congress in Paris and about to head off to another event.   Chris Grundemann will be there on site in Dallas, though, and so if you have any questions about Deploy360 activities or want to get more involved, please contact Chris!

We’re looking forward to the usual crazy busy blur of a week that is an IETF meeting… and we’re looking forward to learning what else we can do to help accelerate the deployment of these key Internet technologies to make the Internet work better, faster and be more secure!


An audio commentary about IETF 92 is also available from our SoundCloud account: