Categories
IETF Internet of Things (IoT) Open Internet Standards

Promoting Internet of Things (IoT) through IETF-Africa initiative

The Internet Engineering Task Force held its 96th meeting in Berlin from July 17- 22 2016. More than 1350 volunteers from around the world gathered to discuss the status of their works in 42 active working groups. There were also 8 BOF (Birds of a Feather) meetings to discuss the need to start new working groups.

I had the chance to follow some of the fascinating discussions on future standards that will determine the Internet we will have a few years from now.  I was in particular interested on the works that concerns Internet of Things (IoT) that I will try to focus in my blog today. The reason of my interest is very simple. Internet of Things might be an area from where will come some of the innovations that will change our lives in the coming years and decades.  It might also be a major sector of the Internet industry.

According to CISCO, the number of “things” connected via the Internet have surpassed the global population in 2008 and are estimated to reach 50 Billion in 2020.  A thing can be anything such as a sensor, an actuator or some chip in homes, vehicles, animals or even on people.

The economic value of IoT is expected to grow six folds from 2013 to 2020 to reach 1.2 trillion USD. This is a major revolution in the making that Africa needs to be benefiting from.

But are Africans participating in this revolution? Unfortunately, if we consider the working groups at the IETF such as HomeNet that works on standards for networks we will use in the automation of our homes, or the activities around Intelligent Transportation Systems, Africans’ participation is almost nil.

The consequences are of course that by not participating, Africans are forfeiting their opportunities in this new sector. This should not happen! In the past, we didn’t participate in many of the revolutions that were brought about by the Internet since we couldn’t.  When e-commerce boomed in the 1990s and 2000s, Africa could not benefit from that boom since many African countries were barely connected to the Internet.  In those days, Internet penetration didn’t reach 5% in the majority of the countries and broadband was inexistent. Today, African countries have managed to bridge considerably their connectivity gaps with the rest of the world.  A third of Africans are accessing the Internet and many more could access it if they would be willing to.

Fortunately, the race for Internet of Things has just begun and with good strategy, Africans can join the race and maybe excel at it. In particular, African universities should teach about Internet of Things so that we create a critical mass of people who can meaningfully contribute in the evolution of the sector. African researchers should work with other researchers from the rest of the world to contribute to define the technology and also its applications. African ICT companies need to work on IOT applications that can change the lives of Africans but also that of people around the world.

The Internet Society will play its role in promoting this sector in Africa through various workshops and seminars. It will also encourage and help Africans to join IETF working groups focusing on IOT. Finally, I would like to invite other organizations and people to join the Internet Society so that we work together to insure that Africa becomes a major player in this new exciting sector.

Categories
Deploy360 Events Transport Layer Security (TLS)

Deploy360@IETF96, Day 5: PERC & Auf Wiedersehen!

berlinThere’s slim pickings for Deploy360 on the final day of IETF 96 in Berlin, with the Global Routing Operations (GROW) and the CURves, Deprecating and a Little more Encryption (CURVES) Working Group meetings having been cancelled. However, we can suggest the Privacy Enhanced RTP Conferencing (PERC) Working Group on Friday morning which does have a draft draft-jones-perc-dtls-tunnel related to DTLS tunneling up for discussion.


NOTE: If you are unable to attend IETF 96 in person, there are multiple ways to participate remotely.


Other than that, it’s farewell to Berlin and onwards to Seoul. Many thanks for reading along this week… please do read our other IETF 96-related posts … and we’ll see you at IETF 97 on 13-18 November 2016!

Relevant Working Group:

Categories
Deploy360 Events IETF Improving Technical Security IPv6

Deploy360@IETF 96, Day 4: SIDR & IPv6

berlinThroughout this week at IETF 96 in Berlin we’re bringing you these daily blog posts that highlight what Deploy360 is focused on during that day. And Thursday is an important day as two of our key technologies will be covered in the Secure Inter-Domain Routing (SIDR) and IPv6 Operations (v6ops) Working Groups.


NOTE: If you are unable to attend IETF 96 in person, there are multiple ways to participate remotely.


SIDR holds its session in the morning and will focus on RPKI which adds an authentication framework to BGP and forms an important component of BGPsec for improving trust in the global routing infrastructure.

While RPKI and BGPsec aim to make routing more secure, one of the concerns is mistakes related to “over-claiming” of resources at higher levels of RPKI hierarchy. The draft draft-ietf-sidr-rpki-validation-reconsidered-03 tries to address this by proposing changes to the validation process, whilst the draft draft-lee-sidr-rpki-deployment-02 outlines and provides an analysis of some of the problems that have appeared during the process of RPKI deployment, along with suggesting some solutions to address or mitigate these.

Another draft draft-ietf-sidr-delta-protocol-03 introduces a mechanism whereby Relying Parties can query repositories for incremental updates to certificates, Certificate Revocation Lists (CRLs) and RPKI signed objects. The aim is to provide more efficient synchronization, whilst draft draft-madi-sidr-rp-00 outlines requirements for these Relying Parties.

Also of interest should be the presentation of Tim Bruijnzeels on RPKI and BGP statistics, and of Ruediger Volk on RPKI findings and observations.

During the afternoon, V6OPS will hold its session and will be discussing three drafts. The draft draft-ietf-v6ops-unique-ipv6-prefix-per-host-01 proposes to allow hosts to be assigned a unique IPv6 prefix (typically a /64) in circumstances where a network is shared and a common prefix may not be desirable (e.g. in community wireless applications). This would provide each subscriber with more flexibility to utilise IPv6, whilst ensuring traffic can be directed to a default wireless LAN gateway.

The draft draft-anderson-v6ops-v4v6-xlat-prefix-01 is more straightforward in that it proposes to reserve the IPv6 prefix 64::/16 for use with IPv4/IPv6 translation mechanisms. This would extend the IPv6 prefix 64:ff9b::/96 as specified in RFC 6052.

Last but not least is the draft draft-bowbakova-rtgwg-enterprise-pa-multihoming-00 that attempts to define a solution for connecting  enterprise sites to multiple ISPs using provider-assigned addresses avoiding the use of Network Address Translation (NAT).

For more background, please read the Rough Guide to IETF 96 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups:

Categories
Deploy360 Internet of Things (IoT) IPv6

Deploy360@IETF96, Day 3: You’ve got to ROLL with it

berlinWednesday is a relatively quieter day for the Deploy360 team at IETF 96 in Berlin, with just a couple of working groups to follow. This is probably a good thing after Tuesday though, when our colleague Jan Žorž was drafted into co-chairing the 6MAN Working Group which saw some quite intense discussions on the drafts up for consideration.


If you are unable to attend IETF 96 in person, there are multiple ways to participate remotely.


OPSEC has several IPv6 related drafts on its agenda on Wednesday afternoon. The draft draft-georgescu-opsec-ipv6-trans-tech-threat-model-01 relates to analyzing threats associated with IPv6 transition technologies using the STRIDE threat classification, whilst another draft draft-ietf-opsec-v6-09 deals with operational security considerations for IPv6. Finally, the draft draft-ietf-opsec-ipv6-eh-filtering puts forward recommendation for the filtering of packets containing IPv6 extension headers.

ROLL focuses on routing for the Internet-of-Things and will discuss several protocols for resource constrained nodes. This meets later on Wednesday afternoon.

It might also be worth checking out the DHC, Netconf and DNSSD Working Groups. DHC has several DHCPv6-related drafts up for discussion, including on Secure DHCPv6. There’s also a draft draft-ietf-netconf-tls-client-server-00 related to a TLS Client Server Model in NETCONF, whilst in DNSSD there’s a discussion on DNS Update and mDNS/hybrid proxy coexistence which is related to Homenet.

To round off the day, the IETF Operations, Administration, and Technical Plenary is being held in the evening starting at 17.40 UTC+2.

For more background, please read the Rough Guide to IETF 96 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups:

Categories
Deploy360 IPv6

Deploy360@IETF96, Day 2: IPv6 & TLS

berlinAfter a busy first day for the Deploy360 team at IETF 96 in Berlin, Tuesday is primarily devoted to IPv6 and TLS. Throughout this week at IETF 96 we’ll be bringing you these daily blog posts that point out what we are focused on during that day.

There’s a clash between IPv6 Maintenance (6man) and Transport Layer Security (tls) Working Groups on Tuesday morning at 10.00 CEST (UTC+), so we’ll be splitting our efforts between those. Then in the afternoon we’ll be heading to the Using TLS in Applications Working Group (uta).


If you are unable to attend IETF 96 in person, there are multiple ways to participate remotely.


6MAN will be discussing a tranche of drafts dealing with updates to the IPv6 specification, addressing architecture and path MTU discovery as currently defined in RFC 2460, RFC 4291 and RFC 1981. There’s also a last call on the draft recommendation draft-ietf-6man-default-iids to change the default interface identifier (IID) generation scheme where SLAAC is used to generate a stable IPv6 address. Along similar lines is another draft on generating non-stable addresses draft-gont-6man-non-stable-iids-00 that are not predictable for security reasons, whilst further two drafts draft-carpenter-6man-whats-global-00 and draft-bchv-rfc6890bis-00 aim to clarify the unclear use of ‘global’ in the context of IANA special purpose IPv6 address registries. Last but not least, there’s a new draft dealing with the issue of multihoming using provider-assigned addresses without using network prefix translation.

TLS continues to work on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016, so this meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker. There will also be discussions on AES-OCM, TLS Client Puzzles, and TLS Blocking alerts if there is time remaining in the session.

UTA is building on this work to get TLS support incorporated into existing applications, and the working group will be focusing on support for TLS in SMTP during its meeting on Tuesday afternoon.

For more background, please read the Rough Guide to IETF 96 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups:

Categories
Building Trust Identity IETF Open Internet Standards Privacy

ISOC Rough Guide to IETF 96: Trust, Identity, and Privacy

Welcome to the last installment of the IETF 96 Rough Guide! This post focuses attention on the IETF 96 activities related to improving trust in the Internet. Key to this trust is the ability to establish and maintain accurate identity including privacy. As one might expect, there is a great deal of activity in this space in the IETF.

First, there is one BoF related to trust. This is a continuation of a BoF from IETF 95. The Limited Use of Keys (lurk) BoF is looking at the problem caused by the increasing separation of the content provider from the network delivery. In this case, the content provider does not necessarily want to give their private key to the network service provider hosting their content. Generally speaking, sharing of private keys is a bad idea. Thus far the “offload TLS without giving the CDN my private key” use case is of particular interest. This is a working group forming BoF that will discuss the use cases, certificate delegation, a potential protocol, and a proposed charter for a new working group.

Next, the W3C Privacy Interest Group (PING) will again be meeting face-to-face alongside IETF on Thursday, 21 July in the Schinkel 3 room between 12:30 and 14:00. The meeting is BYOL (Bring Your Own Lunch), but it is an excellent chance to meet up with your fellow privacy enthusiasts. Please join the meeting if you have an interest in privacy on the Web and would like to help develop better privacy features in Web standards.

As for the IETF working groups, there are several ongoing working groups investigating relevant topics in this space. Some of the ones that will meet at IETF 96 are highlighted below.

The Automated Certificate Management Environment (acme) working group is working to lower the barrier to deployment and management of certificates for the Web PKI. Currently, the verification of domain names in a certificate is done using a set of manual mechanisms. The acme WG is working to automate the process of issuance, validation, revocation and renewal of certificates. This is meeting will focus almost exclusively on maturing the current document and resolving the issues documented in the issue tracker. This working group is also tied to the Let’s Encrypt certificate authority that is striving to lower the barriers to certificate usage both from a cost and a complexity perspective.

The Authentication and Authorization for Constrained Environments (ace) working group is focused on the increasingly complex Internet of Things (IoT) space (see our separate post on the IoT). The bulk of the discussion this week will focus on resolving open issues with the draft on using OAuth 2.0 for Internet of Things (IoT) authorization. Additional topics this week include web tokens for CBOR, a profile of ACE, and privacy-enhanced tokens for authentication.

The Web Authorization Protocol (oauth) working group has been working for quite some time on a suite of documents that enables a user to grant a third-party access to protected resources without sharing the user’s long-term credentials. The working group has completed a long list of RFCs. This week’s meeting will start with a summary from the recent OAuth security workshop. Additional topics include OAuth 2.0 token exchange, discovery, token exchange, mix-up mitigation, proof-of-possession, device flow, and the use of OAuth for native apps. OAuth is a key component of online identity systems and is being leveraged in the ongoing OpenID Connect work. In addition, there is going to be a side meeting on Tuesday evening at 6:30pm to discuss OAuth security topics including fragmentation, redirector, injection, code phishing, containment, and authentication.

The Open Specification for Pretty Good Privacy (OpenPGP) Working Group originally completed its work in 2008, providing a solution for object encryption, object signing, and identity certification ( RFC4880). Recently it has become clear that it was time to produce an update to RFC4880, and the OpenPGP working group was reinstated to do that work. This revision will include potential inclusion of elliptic curves recommended by the Crypto Forum Research Group (CFRG), a symmetric encryption mechanism that offers modern message integrity protection, an update to the mandatory-to-implement algorithm selection, deprecation of weak algorithms, and an updated public-key fingerprint mechanism.

As the Internet has evolved, some of the key pieces of infrastructure that we often take for granted need to be reconsidered in the light of the current operational environment. Time is a key component of establishing and maintaining trust, and it is often overlooked. The Network Time Protocol (ntp) Working Group has been working on improvements to security for NTP. The NTS suite of documents went through a recent WGLC and based on that a design team has been established to address the input received. One of the things being considered is the use of DTLS to secure NTP. The NTP working group meetings here at IETF 96 promise to have many interesting questions to resolve.

Have a great week here at IETF 96 while you explore all of these trust, identity, and privacy related activities!

Related Meetings, Working Groups, and BOFs at IETF 96:

Lurk (Limited Use of Remote Keys) BOF
Monday, 18 July 2016; 18:00 – 20:00 CEST, Potsdam III
Agenda: https://datatracker.ietf.org/meeting/96/agenda/lurk/

ace (Authentication and Authorization for Constrained Environments) WG
Wednesday, 20 July 2016; 10:00 – 12:30 CEST, Bellevue
Agenda: https://datatracker.ietf.org/meeting/96/agenda/ace/
Documents: https://datatracker.ietf.org/group/ace/documents/
Charter: https://datatracker.ietf.org/group/ace/charter/

acme (Automated Certificate Management Environment) WG
Monday, 18 July 2016; 15:40 – 17:40 CEST, Tiergarten
Agenda: https://datatracker.ietf.org/meeting/96/agenda/acme/
Documents: https://datatracker.ietf.org/group/acme/documents/
Charter: https://datatracker.ietf.org/group/acme/charter/

oauth (Web Authorization Protocol) WG
Monday, 18 July 2016; 14:00 – 15:30 CEST, Potsdam II
Wednesday, 20 July 2016; 15:50 – 17:20 CEST, Lincke
Agenda: https://www.ietf.org/proceedings/96/agenda/agenda-96-oauth
Documents: https://datatracker.ietf.org/group/oauth/documents/
Charter: https://datatracker.ietf.org/group/oauth/charter/

openpgp (Open Specification for Pretty Good Privacy)
Monday, 18 July 2016; 14:00 – 15:30 CEST, Charlottenburg I
Agenda: https://www.ietf.org/proceedings/96/agenda/agenda-96-openpgp
Documents: https://datatracker.ietf.org/group/openpgp/documents/
Charter: https://datatracker.ietf.org/group/openpgp/charter/

ntp (Network Time Protocol) WG
Monday 18 July 2016, 19:00 – 20:00 CEST, Tiergarten
Agenda: https://www.ietf.org/proceedings/96/agenda/agenda-96-ntp
Documents: https://datatracker.ietf.org/group/ntp/documents/
Charter: https://datatracker.ietf.org/group/ntp/charter/

Follow Us

There’s a lot going on in Berlin, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf96.

Categories
Encryption IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 96: All Things Encryption

IETF 96 finds us back in Berlin still talking about how to strengthen the Internet by improving the deployment and use of encryption. For this installment of the IETF Rough Guide, I’m going to focus on the CrypTech workshop just prior to IETF 96 along with the ongoing work of the cfrg research group, and the curdle, tls, and uta Working Groups.

As I wrote about in a separate blog post, CrypTech (https://cryptech.is) is a project to create an open source hardware security module, and this week in Berlin was the unveiling of the alpha prototype device! A select group of alpha testers joined the core development team for two days of testing and analysis. The workshop was very successful with the general consensus being that CrypTech has arrived! There were a few bugs fixed and potential improvements identified, but as one of the participants stated, there was no grey smoke! All of the details of the workshop are available on the CrypTech wiki, including the presentations and a few pictures. Additional alpha testers are invited to participate. Alpha devices are available through Crowd Supply. Rumor has it that there will be opportunities to see the CrypTech hardware during the saag and cfrg sessions this week.

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg,) continues to focus on use of cryptography for IETF protocols. Topics for this week’s meeting include Argon 2 and SESPAKE. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions. I’d also like to mention that there was an interim meeting of the CFRG on 12 May 2016, Eurocrypt 2016. Minutes of this meeting are available at: https://www.ietf.org/proceedings/interim-2016-cfrg-01/minutes/minutes-interim-2016-cfrg-1.

Moving on to IETF working groups, the first one I’d like to mention is one that is not actually meeting in Berlin. The CURves, Deprecating and a Little more Encryption (CURDLE) working group is focusing on updating cryptographic mechanisms for existing IETF protocols. In particular, they are looking at the incorporation of the curves recommended by the cfrg earlier this year. While the group isn’t meeting physically at the IETF, there are a number of drafts under development including drafts for SSH, PKIX, X.509, DNSSEC, and CMS. There is also a draft from the JOSE working group that defines how to use cfrg curves for the JOSE specifications. The work to incorporate modern cryptographic algorithms in IETF protocols is making progress.

The Transport Layer Security (TLS) working group continues to work on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016. This meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker. There will also be discussions on AES-OCM, TLS Client Puzzles, and TLS Blocking alerts if there is time remaining in the session. Along with the work to develop a new version of TLS are efforts to get TLS support incorporated into existing applications in the Using TLS in Applications (UTA) working group. This week the focus will continue to be on support for TLS in SMTP.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security related conversations ongoing in the IETF.

All in all, the work continues here at IETF 96 to make encryption more widespread and easier to deploy for a stronger Internet.

Related Meetings, Working Groups, and BOFs at IETF 95:

uta (Using TLS in Applications) WG
Tuesday, July 19, 2016, 16:20-18:20 CEST, Potsdam II
Agenda: https://datatracker.ietf.org/meeting/96/agenda/uta/
Documents: https://datatracker.ietf.org/group/uta/documents/
Charter: https://datatracker.ietf.org/group/uta/charter/

tls (Transport Layer Security) WG
Tuesday, 19 July, 2016, 10:00-12:30 CEST, Charlottenburg II/III
Agenda: https://www.ietf.org/proceedings/96/agenda/agenda-96-tls
Documents: https://datatracker.ietf.org/group/tls/documents/
Charter: https://datatracker.ietf.org/group/tls/charter/

cfrg (Crypto Forum Research Group)
Wednesday, 20 July, 2016, 14:00 – 15:30 CEST, Potsdam III
Agenda: https://www.ietf.org/proceedings/96/agenda/agenda-96-cfrg
Documents: https://datatracker.ietf.org/rg/cfrg/documents/
Charter: https://irtf.org/cfrg

saag (Security Area Advisory Group)
Thursday, 21 July 2016, 1400-1600 CEST, Potsdam III
Agenda: https://datatracker.ietf.org/meeting/96/agenda/saag/

Follow Us

There’s a lot going on in Berlin, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf96.

Categories
Building Trust Deploy360 Domain Name System Security Extensions (DNSSEC) Improving Technical Security

Our Hot Topics @ IETF 96

berlinNext week is IETF 96 in Berlin which is the second time the IETF has been held in the city. The Deploy360 team will be well represented with Megan KruseDan York and Kevin Meynell in attendance, who between them will be bringing you the latest IPv6, DNSSEC, Securing BGP, TLS and anti-spoofing developments.

Our Deploy360 colleagues are planning to cover the following sessions, so please come and say hello!

Monday, 18 July 2016

Tuesday, 19 July 2016

Wednesday, 20 July 2016

Thursday, 21 July 2016

Friday, 22 July 2016

The Internet Society has also put together its latest Rough Guide to the IETF 96, and will again be covering wider developments over on the Tech Matters Blog.  In particular, see:

If you can’t get to Berlin next week, you can attend remotely!  Just visit the IETF 96 remote participation page or check out http://www.ietf.org/live/ for more options.

Categories
IETF IPv6

Rough Guide to IETF 96: All About IPv6

IPv6 has again been hitting the headlines this year, with several sources reporting global IPv6 adoption rates of well over 10%, but perhaps more importantly, substantial increases in IPv6 capability in major Internet markets. A number of large ISPs are actively deploying IPv6 in anticipation of IPv4 address exhaustion and in response to the costs of ever increasingly network complexity using NAT’ed private IPv4 addresses. Apple also mandated that all iOS apps support IPv6 only networks starting from 1 June, whilst there was even an Internet draft presented at the last IETF that proposed to move IPv4 (as defined by RFC 791) to historic status and therefore no longer recommended for use on the Internet.

IPv4 is likely to be around for a while yet, but both the IPv6 Operations (v6ops) and IPv6 Maintenance (6man) Working Groups will be meeting at IETF 96 in Berlin next week, along with several other working groups that are defining protocols based around IPv6. 

The Homenet Working Group develops protocols for residential networks based on IPv6 and will meet on Monday afternoon. Since the last IETF, it has had RFCs 7787 (https://tools.ietf.org/html/rfc7787) and 7788 (https://tools.ietf.org/html/rfc7788) published which define the Distributed Node Consensus Protocol (DNCP) and the Home Networking Control Protocol (HNCP) that can be used for automated configuration of addresses, name resolution and service discovery. There’s also one updated draft being discussed (draft-lemon-homenet-naming-architecture-01) on the Homenet Naming and Service Discovery Architecture that covers how services advertise and register themselves both on the homenet and public Internet, as well as a further draft (draft-ietf-homenet-babel-profile-00) adopted by the working group on how the Babel routing protocol can be used in conjunction with HNCP protocol in a Homenet scenario. In addition, HNCP deployment experiences will be related, along with how the protocol interacts with .home naming.

The IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) Working Group also meets on Monday afternoon and will discuss the results of the plug tests, as well as two drafts (draft-dujovne-6tisch-6top-sf0-01 and draft-wang-6tisch-6top-protocol-00) related to neighbour-to-neighbour negotiation. The IPv6 over Networks of Resource-Constrained Nodes (6lo) Working Group is meeting earlier the same day, and whilst there’s currently no agenda published, drafts relating to security and privacy have recently been discussed on the mailing list.

The IPv6 Maintenance (6man) Working Group meets on Tuesday morning to discuss a tranche of drafts dealing with updates to the IPv6 specification, addressing architecture and path MTU discovery as currently defined in RFC 2460 (https://tools.ietf.org/html/rfc2460), RFC 4291 (https://tools.ietf.org/html/rfc4291) and RFC 1981 (https://tools.ietf.org/html/rfc1981). There’s also a last call on the draft recommendation (draft-ietf-6man-default-iids) to change the default interface identifier (IID) generation scheme where SLAAC is used to generate a stable IPv6 address. Along similar lines is another draft on generating non-stable addresses (draft-gont-6man-non-stable-iids-00) that are not predictable for security reasons, whilst further two drafts (draft-carpenter-6man-whats-global-00 and draft-bchv-rfc6890bis-00) aim to clarify the unclear use of ‘global’ in the context of IANA special purpose IPv6 address registries. Last but not least, there’s a new draft dealing with the issue of multihoming using provider-assigned addresses without using network prefix translation.  

To round off the week IPv6-wise, the IPv6 Operations (v6ops) Working Group will meet on Thursday afternoon. Again there’s no agenda published at the time of writing, although recently discussed drafts include IPv6 multicast addresses in vehicular networks, transmission of IPv6 Packets over IEEE 802.11-OCB networks, the use of unique IPv6 prefixes by hosts on a shared network, and operational security considerations when operating an IPv6 network. 

At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe: http://www.worldipv6launch.org/measurements

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 96 posts.

Some IPv6 Working Groups at IETF 96:

v6ops (IPv6 Operations) WG
Thursday, 21 July 1400-1600 UTC+2, Potsdam I
Agenda: https://datatracker.ietf.org/meeting/96/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

6man (IPv6 Maintenance ) WG
Tuesday, 19 July 1000-1230 UTC+2, Bellevue
Agenda: https://datatracker.ietf.org/meeting/96/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

Homenet (Home Networking) WG
Monday, 18 July 1400-1530 UTC+2, Potsdam I
Agenda: https://datatracker.ietf.org/meeting/96/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

6lo (IPv6 over Networks of Resource Constrained Nodes) WG
Monday, 18 July 1000-1230 UTC+2, Potsdam III
Agenda: https://datatracker.ietf.org/meeting/96/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e)
Monday, 18 July 1400-1530 UTC+2, Bellevue
Agenda: https://datatracker.ietf.org/meeting/96/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

Follow Us

There’s a lot going on in Berlin, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blogTwitterFacebookGoogle+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf96.

Categories
Building Trust IETF Improving Technical Security Internet of Things (IoT) Open Internet Standards Technology

Rough Guide to IETF 96: Internet of Things (IoT)

The Internet of Things (IoT) is a buzzword around the Internet industry and the broader technology and innovation business. We often hear questions about what the IETF is doing in relation to IoT and in this short post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 96 meeting in Berlin.

Before talking about Berlin though, I’ll highlight a couple of recent IETF Journal articles that provide some background on IETF activity related to IoT. In “Internet of Things: Standards and Guidance from the IETF” Ari Keränen and Carsten Bormann provide some background and an overview of IETF activity related to the broad topic of IoT. Ari and Carsten are co-chairs of the IRTF Thing-to-Thing Research Group. “Things Talking to Other Things about Things” also provides background and a brief readout from the recent IAB workshop on IoT Semantic Interoperability.

The Thing-to-Thing Research Group investigates open research issues in turning IoT into reality. They will be meeting on Tuesday afternoon in Berlin to report out on various recent activities including the RIOT Summit that is taking place in Berlin immediately prior to the IETF meeting, the recent IoT Software Update workshop, a report on W3C IoT activities, and a talk on using blockchain in the IoT.

The 6lo WG defines mechanisms to adapt IPv6 to a wide range of radio technologies, including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave/Token-Passing (MS/TP) that is widely used over RS-485 in building automation. They will be meeting on Monday morning in Berlin.

The 6tisch WG was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. They are meeting on Monday afternoon in Berlin.

There is one IoT related BoF meeting taking place in Berlin concerning Low-Power Wide Area Networks (lpwan). Typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands. Existing pilot deployments have shown the huge potential and met industrial interest, but the loose coupling with the Internet makes the device management and network operation complex and implementation specific. This BoF meets on Monday afternoon in Berlin to discuss the applicability of IETF technology to this emerging area.

The core WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups and they will be meeting twice in Berlin, on Tuesday and Thursday afternoons.

Security for IoT is addressed in several WGs including the ace WG that is working on authenticated authorization mechanisms for accessing resources hosted on servers in constrained environments. ace will meet on Wednesday morning. This work is supported by the cose WG that is building simplified CBOR analogs for the JSON object signing and encryption methods that were originally developed in the jose WG. cose will meet on Thursday morning.

Routing for IoT is tackled by the roll WG which focuses on routing protocols for constrained-node networks. Wednesday afternoon is the time for them to meet in Berlin.

Finally, in addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WG is working on such documents and they will meet in Berlin on Friday afternoon.

If you have in interest in how the IoT is developing and being standardised in the IETF I hope to see you in person or online at some of these meetings during IETF 96.  You may also be interested in reading the Internet Society’s IoT Overview paper.

Related Working Groups and BoFs at IETF 96

t2trg (Thing-to-Thing) RG
Tuesday, 19 July 2016, 1620-1820, Potsdam III
Agenda: https://datatracker.ietf.org/meeting/96/agenda/t2trg/
Charter: https://irtf.org/t2trg

6lo (IPv6 over Networks of Resource-constrained Nodes) WG
Monday, 18 July 2016, 1000-1230, Potsdam III
Agenda: https://datatracker.ietf.org/meeting/96/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/
Charter: http://datatracker.ietf.org/wg/6lo/charter/

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Monday, 18 July 2016, 1400-1530, Bellevue
Agenda: https://datatracker.ietf.org/meeting/96/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/
Charter: http://datatracker.ietf.org/wg/6tisch/charter/

lpwan (Low-Power Wide Area Networks) BoF
Monday, 18 July 2016, 1540-1740, Charlottenburg II/III
Agenda: https://datatracker.ietf.org/meeting/96/agenda/lpwan/

core (Constrained RESTful Environments) WG
Tuesday, 19 July 2016, 1400-1600, Charlottenburg II/III
Thursday, 21 July 2016, 1620-1820, Tiergarten
Agenda: https://datatracker.ietf.org/meeting/96/agenda/core/
Documents: https://datatracker.ietf.org/wg/core/
Charter: http://datatracker.ietf.org/wg/core/charter/

ace (Authentication and Authorization for Constrained Environments) WG
Wednesday, 20 July 2016, 1000-1230, Bellevue
Agenda: https://datatracker.ietf.org/meeting/96/agenda/ace/
Documents: https://datatracker.ietf.org/wg/ace/
Charter: http://datatracker.ietf.org/wg/ace/charter/

roll (Routing Over Low power and Lossy networks) WG
Wednesday, 20 July 2016, 1550-1720, Schoeneberg
Agenda: https://datatracker.ietf.org/meeting/96/agenda/roll/
Documents: https://datatracker.ietf.org/wg/roll/
Charter: http://datatracker.ietf.org/wg/roll/charter/

cose (CBOR Object Signing and Encryption) WG
Thursday, 21 July 2016, 1130-1230, Charlottenburg I
Agenda: https://datatracker.ietf.org/meeting/96/agenda/cose/
Documents: https://datatracker.ietf.org/wg/cose/
Charter: http://datatracker.ietf.org/wg/cose/charter/

lwig (Light-Weight Implementation Guidance) WG
Friday, 22 July 2016, 1220-1320, Schoeneberg
Agenda: https://datatracker.ietf.org/meeting/96/agenda/lwig/
Documents: https://datatracker.ietf.org/wg/lwig/
Charter: http://datatracker.ietf.org/wg/lwig/charter/

Follow Us

There’s a lot going on in Berlin, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf96.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF

Join the DNS Security team at the IETF 96 Hackathon this weekend…

IETF 96 Hackathon

If you will be in Berlin, Germany, this weekend and are interested in putting your coding or documentation skills to good use in helping make DNS more secure, please plan to join a group of about 20 of us at the IETF 96 Hackathon who will be working on DNS-related projects. The Hackathon is at the InterContinental Hotel from 9:00am – 9:00pm on Saturday, July 16, and from 9:00am – 6:00pm on Sunday, July 17. (You don’t have to be there the whole time – some people come and go.)

NOTE: you do NOT have to be attending IETF 96 to participate in the Hackathon. It is separate – and free – but you do need to register to attend. We welcome other developers in the Berlin area who want to join us during the weekend.

Details can be found on the IETF 96 Hackathon wiki page.

We have a group of 20+ people who will be working on a variety of DNS, DNSSEC, DPRIVE and DANE projects. There are some projects that could use some additional help (including non-coding help such as documentation and user testing). You are also welcome to bring other projects to the Hackathon.

You can see the list of projects and ideas on the IETF wiki hackathon page – although you need to scroll down to find the DNS section.

The GetDNS crew has a number of projects underway, including TLS interfaces, a Universal Acceptance review and RFC5011 testing. Rick Lamb plans to make BIND work with smartcards without patches. I plan to work on the code behind the weekly DNSSEC deployment maps. I’m sure others will bring some projects, too, by the time it begins.

A good group of “DNS people”  have now done this for the past several IETF meetings. It’s been a great experience and moved a number of DNS-related projects forward.  We would definitely welcome anyone else who wants to join us, even if just for part of the time.  Bring your coding and documentation skills and help make DNS better!

P.S. And of course you can also join in with the many other excellent projects happening at the Hackathon, too, including some great work on TLS implementations.  We here at Deploy360 just happen to be focused on DNS…

Categories
Domain Name System (DNS) Domain Name System Security Extensions (DNSSEC) IETF Improving Technical Security Privacy

Rough Guide to IETF 96: DNSSEC, DANE and DNS Security

Once again, it looks like the most vigorous area of DNS security discussion at next week’s IETF 96 meeting in Berlin may be in the Using TLS in Applications (UTA) working group. As was the case earlier this year at IETF 95 in Buenos Aires, the UTA working group is exploring different options for securing email communication. DNSSEC and DANE both feature to different degrees in some of the proposals.

There will also be a great amount of DNS security activity at the IETF 96 Hackathon this weekend. ICANN will also be hosting a special session on Tuesday to talk about the DNSSEC Root Key Rollover.

Beyond that, though, IETF 96 will be a much quieter week than usual on the DNS front. Two of the main IETF working groups related to DNS security, DANE and DPRIVE, have been able to accomplish most of their work via email and therefore did not have a need to meet next week. Similarly, the CURDLE and TRANS working groups also decided not to meet. The ARCING BOF we mentioned last time is also not meeting this week.

IETF 96 Hackathon

On this coming weekend over 20 people will gather as the “DNS team” in the IETF 96 Hackathon working on various projects around DNSSEC, DANE, DNS Privacy, using DNS over TLS and much more. I wrote about this on the Deploy360 blog and you can also get more info in the IETF 96 Hackathon wiki. Anyone is welcome to join us for part or all of that event.

DNS Operations (DNSOP)

The DNS Operations (DNSOP) Working Group meets on Monday afternoon from 15:40-17:40. There is a lengthy agenda. Discussion areas of interest to us include:

  • a proposal to allow recursive resolvers to cache negative (NSEC/NSEC3) answers.
  • an implementation of DNS over TLS
  • multiple drafts up for discussion about ways to pass multiple DNS responses to a query (the interest here is in potentially speeding up DNSSEC responses)

If there is time remaining, which may depend upon how long the “special names” discussion goes, I intend to talk about our Internet Draft on DNSSEC cryptographic algorithm agility.

ICANN DNSSEC Root Key Rollover Discussion

On Tuesday from 12:30 – 13:45, representatives of ICANN and Verisign will be holding a discussion in the Bellevue room on “Upcoming ZSK and KSK Changes to the Root Zone“.  This is part of their broader outreach to make sure people are aware of upcoming changes to the size of the keys and the “rolling” of the root key.  Duane Wessels (Verisign) and Matt Larson (ICANN) made a similar presentation at ICANN 56 in Helsinki last month and I’m looking forward to the discussion here in Berlin.

Other Working Groups

We will be monitoring the TLS WG, particularly given the focus on TLS 1.3, the Security Area open meeting and other similar sessions. The DNSSD working group will also be meeting although it’s not clear that security topics will be covered there right now.

While the week will be quieter, we’re definitely looking forward to seeing the work move forward.

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 96:

DNSOP (DNS Operations) WG
Monday, 18 July 2016, 1540-1740 CEST, Room Bellevue
Agenda: https://datatracker.ietf.org/meeting/96/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

UTA (Using TLS in Applications) WG
Tuesday, 19 July 2016, 1620-1820 CEST, Room Potsdam II
Agenda: https://datatracker.ietf.org/meeting/96/agenda/uta/
Documents: https://datatracker.ietf.org/wg/uta/
Charter: http://tools.ietf.org/wg/uta/charters/

Follow Us

There’s a lot going on in Berlin, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf96.