Categories
Community Projects IETF Open Internet Standards

A superlative IETF94 Yokohama

I recently attended IETF94 Yokohama and most people who participated waxed lyrical over it. This consensus says a lot as this meeting saw the largest contingent in the last 10 years in Asia, with 1,320 attendees.

And, the people attending were truly diverse. From locals to people travelling nearly 24 hours to Yokohama, IETF hosted nearly 300 first time participants and, from ten public policy leaders to 14 technical fellows to a 16-year old coder. Some were observers at some of the 123 working groups whereas, others were influencers there or at the Birds-of-a-Feather (BOF). There were individuals from small companies to the distinguished engineers from major companies. But why was it so special and how does one judge whether it was a successful meeting or not?

Being a special meeting did not come by accident. There was big picture design and follow up on the minutae. The host WIDE worked with IETF on all three meetings in Japan. They are forward looking, well organised and connected with the Japanese Internet community. WIDE worked tirelessly to obtain a long list of supporters and liaise with Yokohama City so that even the Yokohama Ferris Wheel had Wi-Fi coverage.

Most importantly, they were united with the common aim of making IETF94 a success. Committees were set up to look into direction, finance and execution. What was useful was a core that had worked on numerous events together for many years. No detail was too unimportant  and the can-do attitude was really invaluable–from helping with emergency technical translation, last minute visa applications, to looking for a missing wallet in Tokyo.   

Thanks to the outreach with the Japanese technical community, IETF94 was able to take advantage of the synergy with other technical events in Japan preceeding and post IETF94 – including other conferences for standards, developers, measurements and security. This was invaluable especially to world travellers among the IETF community.

Measuring success is not always easy. For the group of policymakers that attended ISOC’s IETF Policy programme, among their takeaways were more interest to revitalise a Computer Security Incident Response team in their home country, looking more carefully into IPv6, learning more through other technical programmes run by ISOC, and wider collaboration related discussions.

Working group participants talked about the amount of work that was done and the improvements brought to the Internet, the interesting discussions that took place within the meeting and, the wish to come back soon to a future meeting. Even the newcomers commented on the care given to them including mentoring, transparency brought about through remote participation and note taking and the audio-video system with power outlets everywhere and an incredibly functional Wi-Fi system.

A special and successful meeting is hard work – it takes co-operation, collaboration, contribution, flexibility, and determination. IETF94 was a prime example of all that.

Categories
Deploy360 Events Securing Border Gateway Protocol (BGP)

Deploy360@IETF94, Day 5: SIDR & Sayonara

Yokohama IETF 94The final day at IETF 94 will just involve the Deploy360 team in the concluding session of the sidr (Secure Inter-Domain Routing) Working Group. It’s then farewell to Yokohama.

It’s just a short session on Friday morning between 0900-10.30 UTC+9, with a couple of informational drafts on the agenda. These address two important scenarios though – if an RPKI CA or repository provider is comprised by an attacker, or a CA allocates resources in error or due to malicious operation.


NOTE: If you are unable to attend IETF 94 in person, there are multiple ways to participate remotely.


That’s then it for this IETF, although we might stay on for the grow (Global Routing Operations) Working Group that continues in the same room after sidr.

Many thanks for reading along this week… please do read our other IETF 94-related posts … and we’ll see you at IETF 95 in Buenos Aires in April!

Relevant Working Group:

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events Internet of Things (IoT) IPv6

Deploy360@IETF94, Day4: DNSSEC & IPv6-related Internet-of-Things

DNS team at IETF 93 hackathonThe fourth day at IETF 94 in Yokohama is a busy one for the Deploy360 team following DNSSEC and the IPv6 related aspects of DHCP and the Internet-of-Things. There’s unfortunately another clash between several of these sessions, so some shuttling between rooms is going to be necessary.


NOTE: If you are unable to attend IETF 94 in person, there are multiple ways to participate remotely.


The dnsop (DNS Operations) Working Group will be meeting during the 09.00-11.30 UTC+9 block, with a good amount of DNSSEC on the agenda.  First is the ongoing BCP work to document the problems that DNSSEC resolvers might run into within non-compliant infrastructure.  There’s also a proposal to introduce a new EDNS option to measure acceptance and use of new trust anchors and key signing keys. And there will be discussion on a draft about improving the communication of DS records between parent and child zones.

For those interested in the Internet-of-Things, there are several sessions related to implementing IPv6 on nodes with limited power, memory and processing resources. The 6tisch (IPv6 over Networks of Resource-Constrained Nodes) Working Group will also be meeting during the 09.00-11.30 UTC+9 block, with 6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) Working Group meeting during the 15.20-17.20 UTC+9 block, and the roll (Routing Over Low Power and Lossy Networks) Working Group meeting during 17.40-18.40 UTC+9 block.

Also in the 15.20-17.20 UTC+9 block, the dhc (Dynamic Host Configuration) Working Group will discussing several drafts related to DHCPv6, including security and encryption mechanisms.

For more background, please read the Rough Guide to IETF 94 from Andrei, Mat, Karen, Dan and myself.

Relevant Working Groups:

Categories
Deploy360 Events Internet of Things (IoT) IPv6

Deploy360@IETF94, Day 3: TLS, 6MAN & Internet-of-Things

ROW workshop at IETF 92The third day at IETF 94 in Yokohama brings a bit of a scheduling conflict for the Deploy360 team with both the TLS and IPv6 Maintenance sessions being held at the same time.

There’s also an overlapping meeting of the proposed Thing-to-Thing Research Group which has implications for the Deploy360 technologies, so with just two of us on the ground this time, something will have to miss out.


NOTE: If you are unable to attend IETF 94 in person, there are multiple ways to participate remotely.


The 6man (IPv6 Maintenance) Working Group will be meeting during the 09.00-11.30 UTC+9 block and will be discussing proposed updates to the IPv6 specification, addressing architecture and neighbour discovery as currently defined in RFC 2460, RFC 4291 and RFC 4861.

At the same time, the tls (Transport Layer Security) Working Group over in Room 303 will be covering the various logged issues related to TLS 1.3. The ongoing usage of SHA-1 which has known weaknesses has also generated substantial discussion on the mailing list recently, so this may come up during the session.

There’s only the Report to the IETF on the agenda of the proposed t2trg (Thing-to-Thing Research Group) that runs from 10.30-11.30 UTC+9, but perhaps worth following if the Internet-of-Things interests you.

The afternoon is devoted to the Operations, Administrative and Technical Plenary that runs from 15.30-18.30 UTC+9.

For more background, please read the Rough Guide to IETF 94 from Andrei, Mat, Karen, Dan and myself.

Relevant Working Groups:

Other Relevant Session:

Categories
Deploy360 Events IETF IPv6

Deploy360@IETF94, Day 2: Homenet, SPRING & SIDR

Geoff Huston at APNIC 38The second day at IETF 94 in Yokohama is all about home networking and secure routing for the Deploy360 team.

Not to mention of course the evening social event which is also a chance to come and say hello .


NOTE: If you are unable to attend IETF 94 in person, there are multiple ways to participate remotely.


The homenet (Home Networking)Working Group is meeting during the 0900-1130 UTC+9 block to continue its work on IPv6 based protocols for residential networks. This is usually one of the best attended working groups and this session will be focused on autoconfiguration, naming architecture and service discovery, as well as multiple interfacing support in home-type scenarios. No less than eight new drafts are up for discussion here, as well as updates to another seven, so expect an active session.

Running in parallel with homenet is the spring (Source Packet Routing in Networking) Working Group that’s looking into how to specify explicit packet forwarding paths to take advantage of certain network characteristics. Whilst similar mechanisms are already employed in MPLS traffic engineering, spring is also considering the use of IPv6 as a data plane.

There’s a bit of gap until the secure routing session, so the more politically conscious may want to check out the proposed hrpc (Human Rights Protocol Considerations) Research Group. Although not an obvious subject for the IETF, this group aims to look at how protocols can be developed to protect the Internet as a human rights enabling environment. IP, DNS, HTTP, P2P, XMPP and VPN protocols are up for specific discussion, so there are obvious IPv6, DNSSEC and TLS implications here.

The sidr (Secure Inter-Domain Routing) Working Group is running a split session in the 17.10-18.40 UTC+9 block today, but continuing on Friday during the 09.00-11.30 block. Today’s session is primarily devoted to the operational issues in deploying RPKI, and in particular referencing the experience of the Regional Internet Registries. These concerns include the consequences of mismatched resources in the digital certificate chain, when resources are transferred to a new holder in a different registry, and the handling RKPI validation locally when the CA authority is inaccessible. Four drafts that seek to address these issues are up discussion this evening.

At the same time as SIDR, the DBOUND Working Group will meet .We monitor this WG primarily because the “boundaries” of how you look at domain names can impact other security mechanisms such as TLS certificates. The DBOUND problem statement gives a good view into what the group is trying to do.

Then don’t forget the social event over at the Yokohama Bay Hotel Tokyu, starting at 19.00!

For more background, please read the Rough Guide to IETF 94 from Andrei, Mat, Karen, Dan and myself.

Relevant Working Groups:

Categories
Community Networks Deploy360 Domain Name System Security Extensions (DNSSEC) IETF

Deploy360@IETF94, Day 1: IPv6, DPRIVE and TRANS

HTTPBIS session at IETF 92For the first day at IETF 94 in Yokohama, the attention of the Deploy360 team is going to be on IPv6, with the important IPv6 Operations Working Group (v6ops) and also on the DNS Privacy (DPRIVE) and certificate transparency (TRANS) working groups.

v6ops has a busy agenda this time, so much so that it’s running across two sessions curiously split between the 09.00-1130 UTC+9 block, and continuing later on during 17.10-19.10 UTC+9 block. Note also that the morning session will be held in Room 501, but proceedings move to Room 502 for the evening session.


NOTE: If you are unable to attend IETF 94 in person, there are multiple ways to participate remotely.


The draft draft-jjmb-v6ops-unique-ipv6-prefix-per-host has been generating significant discussion on the v6ops mailing list recently, which aims to address certain issues related to IPv6 deployment in community wi-fi scenarios. Another interesting draft with a luminary authorship is the operational recommendations for networks to assign multiple IPv6 addresses to end hosts to support usage of virtual machines, tethering, identifier-locator addressing and privacy amongst other applications.

Also worth following are drafts related to the operational implications of extension headers in IPv6 packets and how and where such packets are being dropped.

Other drafts up for discussion include a proposal for identifier-locator IPv6 addressing to support network virtualisation, an informational draft providing advice on routing-related design choices in IPv6 networks, and a proposed update of RFC 6145. If you can make it to the end of the day though, there will be a presentation of the work of David Plonka and Arthur Berger to improve classification and measurement methods for IPv6.

The DPRIVE Working Group will be meeting on Monday afternoon to dive into what look like some lengthy discussions about DNS over TLS and DNS over DTLS.  Stateless DNS encryption will also be discussed and there will be a general discussion of how to move the DPRIVE work forward.

All of this DPRIVE work is focused on securing the connection between DNS clients and the recursive resolvers that people use (such as those typically at an Internet Service Provider (ISP) or on the edge of a network) to add a layer of confidentiality.  We see this as an important part of the overall encryption work being done by the IETF to protect against the pervasive monitoring that we’ve seen on the Internet.  Mechanisms such as what DPRIVE is developing will raise the overall amount of trust in Internet-based communication.

Another group we don’t always monitor but will this time is the TRANS WG focused on “certificate transparency” (CT), a mechanism for tracking changes in TLS certificates.  The TRANS agenda includes some potential new work on logging of DNSSEC key changes in draft-zhang-trans-ct-dnssec.

For more background, please read the Rough Guide to IETF 94 from Andrei, Mat, Karen, Dan and myself.

Relevant Working Group:

Categories
Building Trust Identity IETF Open Internet Standards Privacy Technology

Rough Guide to IETF 94: Trust, Identity, and Privacy

Welcome to the last installment of the IETF 94 Rough Guide! This installment focuses attention on the IETF 94 activities in Yokohama this week related to improving trust in the Internet including identity and privacy.

The first thing I’d like to highlight is technically not part of the IETF, but it is an important cross-pollination effort. The W3C Privacy Interest Group (PING) will again be meeting face-to-face alongside the IETF. The purpose of this meeting is outreach to the broader IETF community, information sharing amongst the participants on various privacy efforts, and progression of PING work items including the draft privacy and security questionnaire for specification authors. The meeting occurs during the lunch slot (1130-1300 JST) on Thursday, 5 November 2015 in Room 511. It is BYOL (Bring Your Own Lunch), but the conversation is definitely worth the effort!

As for the IETF working groups, there are several ongoing working groups addressing relevant topics in this space. Some of the ones that will meet at IETF 94 are highlighted below.

The Automated Certificate Management Environment (acme) working group is working to lower the barrier to deployment of certificates for the Web PKI. Currently, the verification of domain names in a certificate is done using a set of ad hoc mechanisms. In particular, the acme working group is automating the process of issuance, validation, revocation and renewal. This is meeting will focus exclusively on the current document (https://datatracker.ietf.org/doc/draft-ietf-acme-acme/) and the issues documented in the issue tracker (https://github.com/ietf-wg-acme/acme/issues).

In response to evolving concerns about pervasive surveillance, the IETF has looked to improve the observable data in many of its protocols. The DNS PRIVate Exchange (DPRIVE) Working Group was chartered to develop mechanisms to initially provide confidentiality between DNS Clients and Iterative Resolvers. This week’s agenda includes DNS over DTLS, DNS over TLS, and Stateless DNS Encryption. Given that virtually all communication on the Internet involves name resolution, providing additional privacy to the underlying mechanisms is key to improving trust in the Internet.

The Web Authorization Protocol (oauth) working group has been working for quite some time on a suite of documents that enables a user to grant a third-party access to protected resources without sharing the user’s long term credentials. The working group has completed a long list of RFCs. This week’s meeting will focus on authorization requests, Proof-of-Possession, token exchange, and the use of OAuth for native apps. OAuth is emerging as a key component of online identity systems, and this week is yet another opportunity to impact the conversations.

The Open Specification for Pretty Good Privacy (OpenPGP) working group originally completed its work in 2008 providing a solution for object encryption, object signing, and identity certification (RFC4880). Recently it has become clear that it was time to produce an update to RFC4880, and the OpenPGP working group was reinstated to do that work. This revision will include potential inclusion of elliptic curves recommended by the Crypto Forum Research Group (CFRG), a symmetric encryption mechanism that offers modern message integrity protection, an update to the mandatory-to-implement algorithm selection, deprecation of weak algorithms, and an updated public-key fingerprint mechanism.

The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The primary effort of the Public Notary Transparency (trans) working group is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. Certificate Transparency creates a log of certificates issued by certificate authorities (CAs). This provides the opportunity to monitor for problems in the certificate infrastructure globally. The primary focus of this week’s discussion will be the update to RFC 6962, a threat analysis, and the gossip protocol. There is also some potential new work to discuss including other uses for transparency beyond PKI certifications.

In a bit of a tangent, I’d like to mention the Network Time Protocol (ntp) working group. As the Internet has evolved, some of the key pieces of infrastructure that we often take for granted need to be reconsidered in the light of the current operational environment. Time is a key component of establishing and maintaining trust, and it is often overlooked. The ntp working group is currently pursuing two efforts to improve the trustworthiness of the time infrastructure. Network Time Security (NTS) will define an updated framework and mechanisms for time server authentication. Additionally, a Best Current Practice (BCP) is being developed to address common operational issues that are being increasingly exploited.

To reinforce the importance of the IETF work in trust, identity, and privacy, I would like to mention my experience at last week’s World Wide Web Consortium (W3C) Technical Plenary and Advisory Council (TPAC) meeting in Sapporo. One of the highlights was a plenary panel discussion with Tim Berners-Lee, Vint Cert, and Jun Murai. There was a question specifically on building a better trust layer for the web. Vint Cert responded that the IETF and W3C communities should work together to address the question: “What is missing from the enabling protocol space to make strong authentication, high integrity, and other trust building mechanisms?” Perhaps we can take some inspiration from this in the coming week!

Related Meetings, Working Groups, and BOFs at IETF 93:

ace (Authentication and Authorization for Constrained Environments) BOF
Monday, 2 November 2015; 0900-1130, Room 302
Agenda: https://tools.ietf.org/wg/ace/agenda
Documents: https://tools.ietf.org/wg/ace
Charter: https://tools.ietf.org/wg/ace/charter

acme (Automated Certificate Management Environment) WG
Friday, 6 November 2015; 9:00 – 11:30, Room 304
Agenda: https://tools.ietf.org/wg/acme/agenda
Documents: https://tools.ietf.org/wg/acme/
Charter: https://tools.ietf.org/wg/acme/charters

dprive (DNS PRIVate Exchange) WG
Monday, 2 November 2015; 17:10 – 19:10, Room 304
Agenda: https://tools.ietf.org/wg/dprive/agenda
Documents: https://tools.ietf.org/wg/dprive/
Charter: https://tools.ietf.org/wg/dprive/charters

oauth (Web Authorization Protocol) WG
Thursday, 5 November 2015; 15:20 – 17:20, Room 301
Agenda: https://tools.ietf.org/wg/oauth/agenda
Documents: https://tools.ietf.org/wg/oauth
Charter: https://tools.ietf.org/wg/oauth/charter

openpgp (Open Specification for Pretty Good Privacy)
Tuesday, 3 November 2015; 17:10 – 18:40, Room 411/412
Agenda: https://tools.ietf.org/wg/openpgp/agenda
Documents: https://tools.ietf.org/wg/openpgp/
Charter: https://tools.ietf.org/wg/openpgp/charters

trans (Public Notary Transparency) WG
Monday, 2 November 2015, 1300 – 1500, Room 411/412
Agenda: https://tools.ietf.org/wg/trans/agenda
Documents: https://tools.ietf.org/wg/stir/
Charter: https://tools.ietf.org/wg/trans/charter

ntp (Network Time Protocol) WG
Monday, 2 November 2015, 1710-1910, Rooms 411/412
Agenda: https://tools.ietf.org/wg/ntp/agenda
Documents: https://tools.ietf.org/wg/ntp
Charter: https://tools.ietf.org/wg/ntp/charter

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Photo Credit: istock.com
Categories
Domain Name System (DNS) Domain Name System Security Extensions (DNSSEC) IETF

Rough Guide to IETF 94: DNSSEC, DPRIVE and DNS Security

DNS privacy will be the main topic at IETF 94 in Yokohama related to the overall theme of “DNS security”. The DPRIVE Working Group will be meeting on Monday afternoon to dive into what look like some lengthy discussions about DNS over TLS and DNS over DTLS.  Stateless DNS encryption will also be discussed and there will be a general discussion of how to move the DPRIVE work forward.

All of this DPRIVE work is focused on securing the connection between DNS clients and the recursive resolvers that people use (such as those typically at an Internet Service Provider (ISP) or on the edge of a network) to add a layer of confidentiality.  We see this as an important part of the overall encryption work being done by the IETF to protect against the pervasive monitoring that we’ve seen on the Internet.  Mechanisms such as what DPRIVE is developing will raise the overall amount of trust in Internet-based communication.

DNS Operations (DNSOP)

DNSSEC will be a major topic in the DNS Operations (DNSOP) Working Group on Thursday.  First will be a review of the “DNSSEC Roadblock Avoidance” draft, draft-ietf-dnsop-dnssec-roadblock-avoidance. This is an important document that is capturing the challenges found in networks today that get in the way of DNSSEC validation – and also suggesting solutions to ensure DNSSEC validation can occur.

Second, DNSOP will discuss draft-ogud-dnsop-maintain-ds, a document seeking to improve the usage of the CDS and CDNSKEY records to communicate a DS record from a child to a parent to maintain the global chain-of-trust used by DNSSEC. In particular this draft is proposing a fix to an omission in RFC 7344 where no mechanism to delete DS records was stated.

Finally, a new draft-wessels-edns-key-tag will be brought to DNSOP where Duane Wessels is proposing a new way for resolvers to signal to a DNS server which DNSSEC keys are in their chain-of-trust. This is useful for monitoring key rollovers.

Domain Boundaries (DBOUND)

The DBOUND Working Group will meet on Tuesday and while no agenda has been posted yet, the list of documents shows the topics likely to be covered. We monitor this WG primarily because the “boundaries” of how you look at domain names can impact other security mechanisms such as TLS certificates. The DBOUND problem statement gives a good view into what the group is trying to do.

Public Notary Transparency (TRANS)

Another group we don’t always monitor but will this time is the TRANS WG focused on “certificate transparency” (CT), a mechanism for tracking changes in TLS certificates.  The TRANS agenda includes some potential new work on logging of DNSSEC key changes in draft-zhang-trans-ct-dnssec.

Other Working Groups

The DANE Working Group is not meeting due to some scheduling challenges with some key participants and a couple of the working groups that sometimes have DNS security items (such as EPPEXT) have completed their work and so are on to other matters. The DNS-SD WG is meeting, but the agenda does not appear to intersect with the work we are focused on here at the Internet Society.  We’ll also of course be monitoring the TLS WG (because of the connection to DANE), the Security Area open meeting and other similar sessions.

It will be a busy week – but the outcomes of all these sessions should go far to make the DNS – and the overall Internet – more secure!

On a personal note, I’ll mention that I will not be in Yokohama… but I’ll be monitoring the activities from afar!

Please see the main Rough Guide to IETF 94 page to learn about more of what we are paying attention to in Yokohama.

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 94:

TRANS (Public Notary Transparency) WG
Monday, 2 November 2015, 1300-1500 JST, Room 4ll/412
Agenda: https://datatracker.ietf.org/meeting/94/agenda/trans/
Documents: https://datatracker.ietf.org/wg/trans/
Charter: http://tools.ietf.org/wg/trans/charters/

DPRIVE (DNS PRIVate Exchange) WG
Monday, 2 November 2015, 1710-1910 JST, Room 304
Agenda: https://datatracker.ietf.org/meeting/94/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DBOUND (Domain Boundaries) WG
Tuesday, 3 November 2015, 1710-1840 JST, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/dbound/
Documents: https://datatracker.ietf.org/wg/dbound/
Charter: http://tools.ietf.org/wg/dbound/charters/

DNSOP (DNS Operations) WG
Thursday, 4 November 2015, 0900-1130 JST, Room 304
Agenda: https://datatracker.ietf.org/meeting/94/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Categories
IETF Improving Technical Security Open Internet Standards Privacy Technology

Rough Guide to IETF 94: Strengthening the Internet

The ongoing efforts of the Internet community to strengthen the Internet continue with IETF 94 in Yokohama next week. Even though it seems like just yesterday we were in Prague for IETF 93, there is progress to report and new activities to highlight. In this edition of the Rough Guide, we will highlight the IAB Privacy and Security program including the recently held MaRNEW workshop, the Crypto Forum Research Group, and the TLS working group including the upcoming TRON workshop.

The Internet Architecture Board (IAB), through its Privacy and Security Program, has been focusing on strengthening the Internet by looking at threats, mitigations, and trust models. Since IETF 93, RFC 7624 “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement” has been published. The IAB program is now working on a follow-on document discussing relevant mitigations, “ Confidentiality in the Face of Pervasive Surveillance“. Additionally, a draft has been adopted identifying issues and emerging solutions to some of the key issues associated with the webpki infrastructure, “ Problems with the Public Key Infrastructure (PKI) for the World Wide Web”. Both these document will be discussed during the week in Yokohama. Review and submit your comments now!

Also since IETF 93, the IAB held a workshop jointly with the GSMA on Managing Radio Networks in an Encrypted World (MaRNEW). The submitted papers, workshop agenda, and the presentations are currently available at https://www.iab.org/activities/workshops/marnew/. Minutes are expected by the end of October, and a draft workshop report is targeted for the end of the year. Both of these will be provided on the workshop page referenced above. A short report on this workshop is in the recent issue of the IETF Journal. There will also be a report and discussion of the workshop provided in the SAAG meeting on Thursday afternoon.

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg) continues to focus on use of cryptography for IETF protocols. It has been focusing extensively on the selection of new elliptic curves for use in IETF protocols, and rough consensus on this topic is documented in “ Elliptic Curves for Security”. Since IETF 93, this document has been completed and forwarded to the RFC Series editor for publishing. Topics for discussion at the meeting this week will include elliptic curves, PAKE, post-quantum secure signatures, and key exchange. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.

There are a significant number of IETF working groups progressing efforts related to strengthening the Internet that will be meeting this week. In this post I will focus on primarily on TLS. Other working groups also working on strengthening the Internet are discussed in the “DNSSEC, DANE, DPRIVE, and DNS Security” and the “Trust, Identity, and Privacy” Rough Guide posts in the coming days, so watch the Rough Guide to IETF 94 for updates.

The Transport Layer Security (TLS) working group is actively working on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016. This meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker: https://github.com/tlswg/tls13-spec/issues.

As a side note, the TLS working group plans to solidify the TLS 1.3 specification and pause for a brief period to allow security researchers time to analyze the specification. As part of this effort, the TLS1.3 Ready or Not (TRON) workshop has been planned in conjunction with the Network and Distributed System Security Symposium (NDSS) in February 2016. The call for papers is available now and anyone interested in improving the robustness of the new TLS specification is strongly encouraged to participate.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security-related conversations ongoing in the IETF. This week’s session will include the MaRNEW overview discussed above as well as a discussion about standardization of cryptographic application techniques for Internet of Thing (IoT).

All in all, the work continues to make encryption more widespread and easier to deploy for a stronger Internet.

Related Meetings, Working Groups, and BOFs at IETF 94:

cfrg (Crypto Forum Research Group)
Monday, 2 November 2015, 1520-1650 JST, Room 303
Agenda: https://tools.ietf.org/agenda/94/agenda-94-cfrg.html
Charter: https://irtf.org/cfrg

tls (Transport Layer Security) WG
Wednesday, 4 November, 2015, 0900-1130 JST, Room 303,
Thursday, 5 November, 2015, 1740-1840 JST, Room 501
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls
Charter: https://tools.ietf.org/wg/tls/charters

saag (Security Area Advisory Group)
Thursday, 5 November 2015, 1300-1500 JST, Room 502
Agenda: https://tools.ietf.org/agenda/94/agenda-94-saag.html

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf94/.

Photo Credit: www.istock.com
Categories
IETF IPv6 Open Internet Standards Technology

Rough Guide to IETF 94: All About IPv6

IPv6 deployment growth continues throughout the world as the Regional Internet Registries assign their last remaining IPv4 addresses, and APNIC, Akamai, and Google publish IPv6 deployment statistics showing growth in both individual networks and in countries all around the globe. The standardisation work in the IETF continues to reflect this operational experience, and both the IPv6 Operations (v6ops) and IPv6 Maintenance (6man) Working Groups will be meeting at IETF 94 in Yokohama this week.

The draft draft-jjmb-v6ops-unique-ipv6-prefix-per-host has been generating significant discussion on the v6ops mailing list recently, which aims to address certain issues related to IPv6 deployment in community wi-fi scenarios. This document will be discussed in the first v6ops session on Monday morning, along with other drafts concerning the operational implications of extension headers in IPv6 packets and how and where such packets are being dropped.

Other drafts up for discussion include a proposal for identifier-locator IPv6 addressing to support network virtualisation, as well as operational recommendations for networks to assign multiple IPv6 addresses to end hosts to support usage of virtual machines, tethering, identifier-locator addressing and privacy amongst other applications. An informational draft  provides advice on routing-related design choices in IPv6 networks, and there’s a proposed update of RFC 6145. The second v6ops session during Monday evening is rounded off with presentation of work to improve classification and measurement methods for IPv6.

The 6man working group will be meeting on Wednesday morning and will be discussing proposed updates to the IPv6 specification, addressing architecture and neighbour discovery as currently defined in RFC 2460, RFC 4291, and RFC 4861.

It’s not all ‘business-as-usual’ though, as Homenet Working Group will on Tuesday morning be continuing its work to produce protocols for residential networks based on IPv6. This is usually one of the best attended working groups and at this session will be focusing on autoconfiguration, naming architecture and service discovery, as well as multiple interfacing support in home-type scenarios.

There has also been much discussion on the Internet-of-Things (IoT) recently, and quite aside from IPv6 being a necessity for future scalability, the IETF has been looking into the issues of implementing IPv6 on nodes with limited power, memory and processing resource that are characteristic of IoT. The IPv6 over Networks of Resource-Constrained Nodes (6lo) Working Group will be meeting on Thursday morning, but other groups have also been investigating the related challenges of using low power and lossy networks as typically found with power line or low bandwidth radio links. It’s therefore worth checking out the both the Routing Over Low Power and Lossy Networks (roll) and IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) Working Groups on Thursday afternoon.

These are the IPv6 specific sessions in Yokohama, but IPv6 is has become such an integral part of the Internet that most working groups need to take it into account. At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe.

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

And you can see more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 94 posts.

Some IPv6 Working Groups at IETF 94:

v6ops (IPv6 Operations) WG
Monday, 2 November 0900-1130 UTC+9, Room 501
Monday, 2 November 1710-1910 UTC+9, Room 501 
Agenda: https://datatracker.ietf.org/meeting/94/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

6man (IPv6 Maintenance ) WG
Wednesday, 4 November 0900-1130 UTC+9, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

Homenet (Home Networking) WG
Tuesday, 3 November 0900-1130 UTC+9, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

6lo (IPv6 over Networks of Resource Constrained Nodes) WG
Thursday, 5 November 0900-1130 UTC+9, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e)
Thursday, 5 November 1520-1720 UTC+9, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

roll (Routing Over Low power and Lossy networks)
Thursday, 5 November 1740-1840 UTC+9, Room 302
Agenda: https://datatracker.ietf.org/meeting/94/agenda/roll/
Documents: https://datatracker.ietf.org/wg/roll/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-roll/

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Categories
Building Trust IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 94: Scalability and Performance

Bigger, Faster, Better

In this post I’ll highlight some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) groups meeting as part of the IETF 94 meeting in Yokohama next week. These groups are working to explore and address more sophisticated ways to use and share available bandwidth, improve Internet performance, and otherwise efficiently get Internet content to where it needs to be.

Getting new networking code deployed on the Internet is often made difficult because of uncertainties about how existing hardware and software on the network will react. Measurements of the network, measurement platforms and methodologies are all key to improving our understanding of how we can safely evolve the network. On the Saturday prior to the IETF 94 meeting, the Research and Applications of Internet Measurements workshop will explore these topics in detail.

The importance of measurements and the relationship with good protocol engineering will also be the technical topic discussed during the plenary session on Wednesday afternoon.

Measurement techniques and data sources that could help us to make better engineering decisions to work around some of the rigidity in the protocol stack will be the subject of the proposed HOPS research group meeting on Monday morning. The agenda for the session includes a presentation on the results Apple have obtained from their testing of Explicit Congestion Notification.

The Internet Storage Sync BoF will take place on Tuesday afternoon. Network-based storage services allow users to keep local files synchronised with remote servers on the Internet. The goal of this BoF is to establish whether there is interest in working on a standardised protocol for these kind of file synchronisation services.

Internet performance is to a large extent governed by the way transport protocols operate, and the tcpm WG will be meeting to discuss proposed new functionality to improve and enhance the working of TCP, the main transport protocol used on the Internet today.

On Tuesday, Applied Networking Research Prize winner Xiao Sophia Wang will present the results of her systematic study of web page load times using SPDY, an open networking protocol developed primarily at Google for transporting web content. A lot of the features of SPDY were incorporated in the HTTP/2 standard so this should offer a useful insight into the cutting edge of web performance.

Packet networks give rise to transient congestion by design and several groups are meeting to discuss different aspects of congestion control and avoidance. The RTP Media Congestion Avoidance Techniques working group is developing and evaluating congestion control algorithms to handle the emerging use of the Internet for real-time audio and video communication.

For regulators, being able to monitor the performance of networks, and the extent to which congestion or other factors are impacting consumers’ experience of the network is very important. The lmap working group is meeting in Yokohama to advance their important work on standardizing a large-scale broadband performance measurement infrastructure.

Related Working Groups and BoFs at IETF 94

iss BoF (Internet Storage Sync) BoF
Tuesday, 3 November 2015, 1520-1650, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/iss/

tcpm (TCP Maintenance and Minor Extensions) WG
Thursday, 5 November 2015, 0900-1130, Rooms 411/412
Agenda: https://datatracker.ietf.org/meeting/94/agenda/tcpm/
Documents: https://datatracker.ietf.org/wg/tcpm/
Charter: http://datatracker.ietf.org/wg/tcpm/charter/

irtfopen (IRTF Open Meeting)
Tuesday, 3 November 2015, 1710-1840, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/irtfopen/

hopsrg (Proposed How Ossified is the Protocol Stack?) RG
Monday, 2 November 2015, 0900-1130, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/hopsrg/
Charter: https://datatracker.ietf.org/doc/charter-irtf-hopsrg/

lmap (Large-Scale Measurement of Broadband Performance) WG
Monday, 2 November 2015, 1710-1910, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/lmap/
Documents: https://datatracker.ietf.org/wg/lmap/
Charter: http://datatracker.ietf.org/wg/lmap/charter/

rmcat (RTP Media Congestion Avoidance Techniques) WG
Monday, 2 November 2015, 1520-1650, Room 502
Friday, 6 November 2015, 0900-1130, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/rmcat/
Documents: https://datatracker.ietf.org/wg/rmcat/
Charter: http://datatracker.ietf.org/wg/rmcat/charter/

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Photo Credit: istock.com
Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IPv6 To archive

Our Hot Topics at IETF 94 & Meet Deploy360

Yokohama IETF 94Next week is IETF 94 in Yokohama, Japan and Deploy360 will as ever be following the latest IPv6, DNSSEC, Securing BGP, TLS and anti-spoofing developments. Both Jan Žorž and Megan Kruse will on site in Yokohama, so if you have any questions about Deploy360 activities or would like to help us accelerate the deployment of our key Internet technologies, then please get in contact with them!

The Deploy360 team is planning to be at the following sessions, although this is always subject to change as Megan also has her IETF Journal responsibilities:

Monday, 2 November 2015

Tuesday, 3 November 2015

Wednesday, 4 November 2015

Thursday, 5 November 2015

Friday, 6 November 2015

The Internet Society has also put together its latest Rough Guide to the IETF 94, and will again be covering wider developments over on the Tech Matters Blog.  In particular, see:

If you can’t get to Yokohama next week, you can attend remotely!  Just visit the IETF 94 remote participation page or check out http://www.ietf.org/live/ for more options.