Categories
Deploy360 Events Internet of Things (IoT)

Deploy360@IETF98, Day 5: The Big Goodbye

There’s a couple of sessions of interest on the last day of IETF 98 before we say goodbye to the Windy City.

Both are running in parallel on the Friday morning starting at 09.00 CDT/UTC-6, but perhaps of most interest to us is IPWAVE. This is working to develop a mechanism for transmitting IPv6 datagrams over IEEE 802.11-OCB which is specified as the wireless link for vehicular networks. It will also review a survey on IP-based vehicular networking, and consider a problem statement for vehicle-to-infrastructure networking.


NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.


Nevertheless, IDR has an interesting draft on its agenda. This aims to make route servers aware of data link failures at IXPs as peers can lose data connectivity without the control plane being aware of it. This draft proposes a way for peers verify connectivity amongst themselves, and communicate knowledge of any failures back to the route server.

That brings this IETF to an end, so it’s goodbye from us in Chicago. Many thanks for reading along this week… please do read our other IETF 98-related posts … and we’ll see you at IETF 99 on 16-21 July 2017 in Prague, Czech Republic!

Relevant Working Groups

Categories
Deploy360 IETF

Deploy360@IETF98, Day 4: IPv6, IoT & ACME

Thursday at week IETF 98 in Chicago is another mix of IPv6, the Internet-of-Things and TLS-related working groups. Each day we’re bringing you blog posts pointing out what Deploy360 will be focusing on.

The first session of the day is 6MAN which has a last call on updates to the IPv6 specification as currently defined in RFC 2460, RFC 4291, and RFC 1981. There are also two new drafts under discussion related to recommendations on IPv6 address usage  and temporary IPv6 interface identifiers, plus a draft describing how a Distributed Denial of Service (DDoS) Open Threat Signaling (DOTS) client can send a message over a congested network by tagging outgoing IPv6 packets in order to reach a DOTS server.

Three current drafts include a description of common functionality that should be required on all IPv6 hosts and routers that has been collected from other published IETF Standards Track documents, definition of a new control bit in an IPv6 router advertisement indicating that a receiving node is the exclusive receiver of all traffic destined to any address with that prefix, and providing a backward-compatible extension to the Redirect function in the IPv6 Neighbour Discovery protocol to allow routers to include information that a recipient can associate with the next hop.


NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.


The afternoon sees ACME which has been developing a standards-based REST API allowing agent software to authenticate that a server controls a domain, request a certificate, and then install it on a server without human intervention. This session is discussing some changes to the ACME specification, as well as the next steps for the group with a view to re-chartering.

Finally, there are two working groups of interest during the evening session. DHC has three DHCPv6 related drafts on the agenda, whilst ROLL continues development of  several routing protocols for resource constrained nodes.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Categories
Deploy360 Events Internet of Things (IoT)

Deploy360@IETF98, Day 3: IPv6, IoT & DTLS

Wednesday at IETF 98 in Chicago features a mix of IPv6, the Internet-of-Things and TLS-related working groups. Each day we’re bringing you blog posts pointing out what Deploy360 will be focusing on.

The morning session offers a choice between the 6LO and PERC Working Groups. 6LO focuses on facilitating IPv6 connectivity over node networks with limited power, memory and processing resources, and has a busy agenda with three drafts related to Neighbour Discovery on IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs), one on running IPv6 over Bluetooth Low Energy Mesh Networks , one on the use of IPv6 in Near Field Communication, one on transmitting IPv6 over electrical power lines, and another two drafts dealing with packet fragmentation and expiration issues. Another draft describes the use cases for IPv6 over constrained node networks and describes practical deployment scenarios.

We don’t normally cover PERC which is working on privacy for RTP conferencing, but this session will be discussing a couple of drafts related to DTLS tunnelling and an extension to the DTLS and TLS protocols to support SDP.


NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.


In the afternoon, it’s V6OPS which just has the three drafts primarily up for discussion. Requirements for IPv6 routers aims to learn the lessons of operating large scale networks on IPv4, Basic requirements for IPv6 Customer Edge routers focuses on some baseline requirements for provisioning these classes of routers, and there’s a draft dealing with the scenario whereby different IPv6 implementations have limited support for SLAAC and/or DHCPv6, and recommends that all hosts implement RFC 6105 (DNS options for SLAAC) and the stateless DHCPv6 functionality in RFC 3315. There may also be an update on Happy Eyeballs that aims to reduce user-visible delays on dual-stack networks, and on Provisioning Domains (PvDs) that allows hosts to retrieve configuration information for accessing the Internet.

Running at same time is LPWAN that’s working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres. There are five drafts under discussion, but there will also be an update on the IEEE 802.15.LPWA Interest Group activities, as well as a discussion on future work items.

Concluding the day from 15.30 CDT/UTC-6 onwards is the regular IETF Operations, Administration, and Technical Plenary session.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Categories
Deploy360 IETF IPv6 Transport Layer Security (TLS)

Deploy360@IETF98, Day 2: IoT, IPv6, TLS & SIDR

Chicago Skyline aerial view with road by the beach

Tuesday is another busy day at IETF 98 in Chicago with sessions related to pretty much the whole Deploy360 portfolio. Each day we’re bringing you blog posts pointing out what Deploy360 will be focusing on.

The morning session sees TLS busy with a significant update to the TLS protocol which is now in Last Call. There’s a companion update to DTLS, and also on the agenda are drafts on a DANE Record and DNSSEC Authentication Change Extension for TLS, certificate compression, and delegated credentials. So it looks to be a very significant meeting.

Running at the same time is 6TiSCH. There will be further discussions on the draft that describes the architecture for running IPv6 over TSCH networks, two drafts related to the 6top protocol that enables distributed scheduling, as well as four drafts related to security functionality. There will also be an update on IEEE 802.15.4e developments, and introduction of a draft describing a joint scheduling architecture for deterministic industrial field and backhaul networks.


NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.


It’s perhaps worth calling into the Internet Area Working Group after lunch. This acts as a forum for cross-area issues, and there’s one IPv6 related draft on the agenda concerning DHCPv6 Options for Discovery NAT64 Prefixes.

The second afternoon session sees the first meeting of the recently chartered SIDROPS. This has taken over the technology developed by SIDR and is developing guidelines for the operation of SIDR-aware networks, as well as providing operational guidance on how to deploy and operate SIDR technologies in existing and new networks.

On the agenda are two drafts outlining mitigating mechanisms for route leaks. One suggests an enhancement to BGP that would extend the route-leak detection and mitigation capability of BGPSEC, whilst the other proposes to enhance the BGP Open message to establish a relationship agreement between two BGP neighbouring speakers in order to enforce appropriate configuration on both sides.

Also running at the same time is UTA which has finished a number of pieces of work and will therefore focus on several drafts related to Strict Transport Security (STS) for mail transfer and user agents.

If all this isn’t enough, OPSEC is being held during the evening session where a draft on operational security considerations for IPv6 networks will be discussed. IPv6 presents some new security challenges, but this draft analyses the operational security issues for enterprises, service providers and residential users and proposes practical mitigation techniques.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF Transport Layer Security (TLS)

Deploy360@IETF98, Day 1: IoT, IPv6, DNSSEC & TLS

It’s a busy week IETF 98 in Chicago, and we’ll be bringing you daily blog posts that highlight what Deploy360 will be focused on during that day. And Monday is the busiest day, with a couple of working groups on the Internet-of-Things, along with sessions relevant to IPv6, DNSSEC and TLS.

The day kicks off at 09.00 CDT/UTC-6 with Homenet which is developing protocols for residential networks based on IPv6. This has one new draft up for discussion on a name resolution and service discovery architecture for homenets, but there’s been a lot of discussion recently about the recommendation to replace the use of  .home with .homenet as the default top-level name for local name resolution.


NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.


Running in parallel is DMM that’s working on solutions to allow traffic to/from mobile nodes to take optimal routes, and has two IPv6-related items on the agenda. This includes an extension to the DHCPv6 protocol to support mobile hosts, and whether mobility extensions for ICMPv6 router advertisement messages are needed.

To complete the hectic morning is ACE which is developing authentication and authorization mechanisms for accessing resources on network nodes with limited CPU, memory and power.

In the afternoon, DNSOP is meeting from 13.00 CDT/UTC-6 and has a couple of items related to DNSSEC. One of these proposes a new mechanism for authenticated denial of existence, whilst the other proposes the use the BLAKE2 cryptographic hash function in NSEC3 responses. Some of the other items on the agenda such as DNS over TCP also have potential impacts on DNS security and privacy.

At the same time is T2TRG that investigates open research issues of how to turn IoT into reality, and is reporting on its recent activities.

Concluding the day is CURDLE during the evening session. This has published RFCs 8080 and 8103 since the last IETF, and this time will be focusing on the cryptographic aspects of PKIX, CMS and SSH.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) IETF IPv6

Our Hot Topics @ IETF 98

Next week is IETF 98 in Chicago which is the third time the IETF has been held in the Windy City. The Deploy360 team will be represented by Megan Kruse and Dan York this time, along with ISOC’s Chief Internet Technology Officer Olaf Kolkman. We’ll again be highlighting the latest IPv6, DNSSEC, Securing BGP and TLS related developments.

Our colleagues are planning to cover the following sessions, so please come and say hello!

Monday, 27 March 2017

Tuesday, 28 March 2017

Wednesday, 29 March 2017

Thursday, 30 March 2017

Friday, 31 March 2017

The Internet Society has also put together its latest Rough Guide to the IETF 98, and will again be covering wider developments over on the Tech Matters Blog.  In particular, see:

If you can’t get to Chicago next week, you can attend remotely!  Just visit the IETF 98 remote participation page or check out http://www.ietf.org/live/ for more options.

Categories
Building Trust Identity IETF Open Internet Standards Privacy Technology

Rough Guide to IETF 98: Trust, Identity, and Privacy

It should come as no surprise that there are numerous activities related to Trust, Identity, and Privacy on the agenda for IETF 98. Below I will highlight a few of the many activities and provide pointers to a number of additional ones. There is something for everyone interested in these areas in Chicago in the coming week!

The fun starts before the meeting even begins with the IETF 98 Hackathon. There are two relevant efforts in the hackathon that I’d like to bring to your attention. The first one is a large collaboration of people working on DNS, DNSSEC, and DNS privacy. This is a well-established project that has been active in several recent IETF Hackathon events. Many of the regular contributors to this project recently met with a number of academic researchers in San Diego at the Network and Distributed System Security (NDSS) Symposium 2017 for a full day workshop on DNS Privacy. This work is actively driving improvements in the DNS privacy space. (See also our Rough Guide on DNS Privacy and Security.)

The second hackathon project related to our overarching topic of trust is the one on COSE/JOSE. Javascript Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) are two related standards for the definition of objects for signing and encryption for JSON and CBOR environments respectively. These efforts are foundational to some continuing work in the IETF around tokens in the web and IoT spaces.

After a few days of diving deep into the details, it might be time to broaden the perspective again. The next session I’d like to suggest, especially to those new to the development of IETF protocol standards, is the Sunday tutorial on Security Considerations. This tutorial explores some of the many aspects of security that might get overlooked during the development of a protocol. The IETF security community is in the process of updating the current guidelines represented in RFC 3552 “Guidelines for Writing RFC Text on Security Considerations.” Additional volunteers are being sought to help finish this effort.

For those with a keen interest in privacy, the W3C Privacy Interest Group (PING) will again be meeting for its regular PING and friends get-together during the lunch break on Thursday, 30 March in Montreux2. Anyone with an interest in privacy is invited to join the meeting (but it is bring your own lunch).

Unfortunately, in a slot directly conflicting with the W3C PING meeting is a session that is also of potential interest. It is a lunch talk by John Mattsson, a Senior Specialist at Ericsson Security Research with a focus on Security Protocols, Cryptography, and IoT. This talk will look at the evolution of cellular security from cryptographic beginnings in 2G to a vision for 5G with improved security and privacy. Grab a quick sandwich and head to what is sure to be an interesting and informative session. The good news is that this session will be streamed live and archived on the IETF YouTube channel.

With the hackathons, tutorials, side meetings, and guest lectures covered, we have now arrived at the detailed work of the IETF. The first step to adopting work in the IETF is a Birds of a Feather (BoF) session, and there is one relevant BoF in our space this time. The Protocol for Dynamic Trusted Execution Environment Enablement (TEEP) BoF is considering an effort to define a standardized version of an application layer security protocol for the configuration of security credentials and software running on a Trusted Execution Environment (TEE). There is a proposal available (https://tools.ietf.org/html/draft-pei-opentrustprotocol-03) to help jump start the activity.

The Network Time Protocol (NTP) working group has been working for some time to define a replacement for the NTP Autokey protocol. Autokey was developed many years ago, has been identified with numerous flaws, was published as an Informational RFC because of those flaws, and has never been broadly deployed and used. The Network Time Security (NTS) for NTP effort (https://datatracker.ietf.org/doc/html/draft-ietf-ntp-using-nts-for-ntp) specifies a mechanism to provide cryptographic security for NTP for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD). Accurate, reliable, and precise time synchronization is key to a number of underlying security protocols, and this improvement to NTP is long overdue and needed. The NTP working group will also be discussing the publication of a BCP for NTP addressing some of the key misconfiguration issues that lead to DDoS attacks on NTP and some minor updates to NTPv4 to fix some outstanding issues.

The Public Notary Transparency (TRANS) working group has been working since 2014 to improve the confidence of users in the Web PKI. The underlying premise of this work is to create transparent logs of certificates so that mis-issuance can be detected. That which is transparent can be observed and monitored for unexpected behavior. The core document (https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis) has been through Working Group Last Call and 24 revisions. A number of recent issues have been raised and will be discussed this coming week. Additionally, the working group will be discussing redaction, the threat analysis document, and using transparency to improve trust of binaries.

The Web Authorization Protocol (OAUTH) working group has been working for years on mechanisms that allow users to grant access to web resources without necessarily compromising long-term credentials or even identity. It has been a very prolific working group with around 14 RFCs published to date. IETF 98 will be another busy week for those interested in this area including sessions on both Monday and Friday. Agenda items for these sessions include token exchange, device flow for and input constrained devices without browsers, authorization server metadata, token binding, proof of possession, authorization server to client key distribution, the OAuth 2.0 authorization framework, and additional security topics. This is a full agenda indeed! There is also some related work in the Hackathon and rumors of an OpenID working group hands-on session on building mobile apps with AppAuth (Native Applications Best Practices) to be held on Sunday, 26 March.

There are two additional working groups meeting this coming week that are related to the OAUTH work. The first is the Token Binding (TOKBIND) working group that is tasked with specifying a token binding protocol and specifying the use of that protocol with HTTPS. Additionally, the Security Events (SECEVENT) working group is working on an Event Token specification that includes a JWT extension for expressing security events and a syntax for communicating the event-specific data.

Wrapping up our tour through the trust-related working group activity this week, we have the ACE and LAMPS working groups. The Authentication and Authorization for Constrained Environments (ACE) working group is working to develop standardized solutions for authentication and authorization in constrained environments (think IoT). They published a use cases document last year, and this week’s agenda includes architecture, actors, and the CBOR Web Token (CWT) with multiple drafts to support the conversations. And the Limited Additional Mechanisms for PKIX and SMIME (LAMPS) is (as the name implies) making some specific updates to PKIX and SMIME. The agenda for the week includes drafts to update both RFC 5750 and RFC 5751.

Finally, no IETF week is complete without the Security Area Advisory Group (SAAG) meeting. This meeting features a quick run through all the working groups doing security related work in the IETF across all areas, a set of short talks, and an open session to bring issues and topics forward from the community.

All in all, an action packed week for trust, identity, and privacy related topics here at IETF 98!

Relevant Working Groups at IETF 98:

TEEP BoF (A Protocol for Dynamic Trusted Execution Environment Enablement)
Tuesday, 28 March, 14:50-16:20, Zurich E/F
About: https://datatracker.ietf.org/wg/teep/about/

NTP (Network Time Protocol)
Monday, 27 March, 13:00-15:00, Montreaux 3
Documents: https://datatracker.ietf.org/group/ntp/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ntp/

TRANS (Public Notary Transparency)
Tuesday, 28 March, 13:00-14:30, Montreaux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/trans/
Documents: https://datatracker.ietf.org/group/trans/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-trans/

OAUTH (Web Authorization Protocol)
Monday, 27 March, 17:10-18:10, Zurich C
Friday, 31 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/oauth/
Documents: https://datatracker.ietf.org/group/oauth/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-oauth/

TOKBIND (Token Binding)
Monday, 27 March, 15:20-16:50, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tokbind/
Documents: https://datatracker.ietf.org/group/tokbind/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-tokbind/

SECEVENT (Security Events)
Wednesday, 29 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/secevent/
Documents: https://datatracker.ietf.org/group/secevent/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-secevent/

ACE (Authentication and Authorization for Constrained Environments)
Monday, 27 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ace/
Documents: https://datatracker.ietf.org/group/ace/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ace/

LAMPS (Limited Additional Mechanisms for PKIX and SMIME)
Thursday, 30 March, 17:40-18:40, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lamps/
Documents: https://datatracker.ietf.org/group/lamps/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/

SAAG (Security Area Open Meeting)
Thursday, 30 March, 15:20-17:20, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/saag/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Building Trust Encryption IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 98: Encryption

IETF 98 in Chicago next week seems to be relatively quiet from an encryption perspective compared to some past meetings. However, this could be viewed as an indication of the progress that has been made in recent years as the IETF community has focused heavily on enabling encryption across protocols and updating the cryptographic algorithms being used in those protocols. There is not a great deal of activity specific to encryption in Chicago, and the work represented here this week is quite mature.

Some evidence of the continuing evolution in the encryption space is the IETF 98 Hackathon. There are two separate hackathon efforts being planned to work on implementation and testing improvements for both DTLS and TLS. If you are in Chicago for the weekend, stop by to check on the progress and offer a helping hand. It is a great way to learn more about both DTLS and TLS and to contribute your talents to advancing the implementations. Details on the agenda and all the various projects for the IETF 98 Hackathon are available on the wiki for the event (https://www.ietf.org/registration/MeetingWiki/wiki/98hackathon).

After a weekend spent deep in the actual code, you are now ready to work on the specification! The Transport Layer Security (TLS) working group is busy preparing a significant update to the current version of TLS. Three years, nineteen versions, and 127 pages later, the proposed specification is in Working Group Last Call (WGLC). (https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13). The WGLC is scheduled to end on 27 March – just in time to discuss any issues raised during the working group review during the meeting here at IETF 98. Also on the agenda for the TLS working group is a companion update to DTLS (https://datatracker.ietf.org/doc/draft-rescorla-tls-dtls13/). With the time remaining, the TLS working group will discuss a DANE record and DNSSEC authentication change extension for TLS, certificate compression, and delegated credentials. The TLS working group is one of the most active and productive in the IETF and well worth your time.

The next working group that will meet is the Using TLS in Applications (UTA) working group. The working group has finished a number of pieces of work, and this week will be focused on drafts related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents.

The last working group I’d like to mention is the CURves, Deprecating and a Little more Encryption (curdle) working group. This group was chartered to add and update the cryptographic mechanisms to some IETF protocols. Since the last IETF, the curdle working group has published two RFCs. The first is RFC 8080 “Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC” (http://www.rfc-editor.org/info/rfc8080), and the second one is RFC 8103 “Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)” (http://www.rfc-editor.org/info/rfc8103). For next week’s meeting, the curdle working group will focus on a number of drafts addressing cryptographic aspects of PKIX (Public-Key Infrastructure (X.509)), CMS (Cryptographic Message Syntax), and SSH (Secure Shell).

Finally, normally a regular session at IETF meetings, the Crypto Forum Research Group is not meeting this week, deciding instead to meet at Eurocrypt 2017 in Paris on 30 April 2017. There is still time to register for the meeting for those who are interested.

Relevant Working Groups at IETF 98:

TLS (Transport Layer Security)
Tuesday, 28 March, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tls/
Documents: https://datatracker.ietf.org/group/tls/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-tls/

UTA (Using TLS in Applications)
Tuesday, 28 March, 1450-1620, Zurich G
Agenda: https://datatracker.ietf.org/meeting/98/agenda/uta/
Documents: https://datatracker.ietf.org/group/uta/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-uta/

CURDLE (CURves, Deprecating and a Little more Encryption)
Monday, 27 March, 1710-1810, Montreaux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/curdle/
Documents: https://datatracker.ietf.org/group/curdle/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-curdle/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Domain Name System (DNS) Domain Name System Security Extensions (DNSSEC) IETF Improving Technical Security Open Internet Standards Privacy

Rough Guide to IETF 98: DNS Privacy and Security, including DNSSEC

It is a remarkably quiet week for DNS security and privacy topics at the IETF 98 meeting in Chicago next week. Both the DANE and DPRIVE working groups are moving along very well with their work on their mailing lists and so chose not to meet in Chicago. Similarly, with DNSSEC deployment steadily increasing (as we outlined in the 2016 State of DNSSEC Deployment report in December), the work to be discussed in DNS Operations (DNSOP) is more about exploring ideas to make DNSSEC even more secure.

Here is a quick view of what is happening in Chicago.

IETF 98 Hackathon

Over the weekend (25-26 March) we’ll have a good-sized “DNS team” in the IETF 98 Hackathon working on various projects around DNSSEC, DANE, DNS Privacy, using DNS over TLS and much more. This time the work will include a team looking at how some DNS toolkits can work with the impending Root KSK Rollover in October 2017. More specific information is in the IETF 98 Hackathon wiki. Anyone is welcome to join us for part or all of that event.

DNS Operations (DNSOP)

The DNS Operations (DNSOP) Working Group meets on Monday afternoon from 13:00-15:00 CDT. The DNSOP agenda includes the following items related to DNSSEC:

Some of the other discussions, such as DNS over TCP, also have potential impacts on DNS security and privacy.

DNS Service Discovery (DNSSD)

On Tuesday, the  Extensions for Scalable DNS Service Discovery (DNSSD) Working Group meets from 16:40-18:40 CDT. DNSSD is not one of the groups we regularly follow as its focus is around how DNS can be used to discover services available on a network (for example, a printer or file server). However, in Chicago the DNSSD agenda specifically has a discussion around “Privacy Extensions” (see draft-ietf-dnssd-privacy).

DNSSEC Coordination informal breakfast meeting

Finally, on Friday morning before the sessions start we are planning an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. True to the “informal” nature, we’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

Right before the DNSSD Working Group on Tuesday, the Using TLS in Applications (UTA) WG will meet from 14:50 – 16:20 and will be covering several ideas for “Strict Transport Security” (STS) for email. While not directly tied to DNSSEC or DANE, they do use DNS for these security mechanisms. And then in the final session on Friday, from 11:50-13:20, the IPSECME WG will have a discussion about “split DNS” and how that impacts VPNS (see draft-ietf-ipsecme-split-dns).

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 98:

DNSOP (DNS Operations) WG
Monday, 27 March 2017, 13:00-15:00 CDT (UTC-5), Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Tuesday, 28 March 2017, 16:40 – 18:40 CDT (UTC-5), Zurich B
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: http://tools.ietf.org/wg/dnssd/charters/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blogTwitterFacebookGoogle+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Building Trust IETF Open Internet Standards Technology

Rough Guide to IETF 98: Scalability and Performance

In this Rough Guide to IETF 98 post I’ll highlight some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) groups meeting during the IETF 98 meeting in Chicago next week. These groups are working to explore and address more sophisticated ways to use and share available bandwidth, improve Internet performance, and otherwise efficiently get Internet content to where it needs to be.

The tsvwg WG will include presentations and discussions on the L4S and DualQ approaches demonstrated at previous meetings. The WG has two meetings on Monday and Thursday afternoons.

The mptcp WG will be meeting on Thursday afternoon to discuss the latest developments and proposed improvements to the Multipath TCP protocol.

One of the most active new IETF WGs is QUIC. QUIC is a UDP-based transport protocol that provides multiplexed streams over an encrypted transport. QUIC aims to be nearly equivalent to an independent TCP connection, but with much reduced latency and better stream multiplexing support. The quic WG is meeting on Thursday morning in Chicago. To help bring the wider IETF community up to speed with QUIC, there will be a tutorial on the Sunday afternoon prior to the meeting week.

Measurement techniques and data sources that could help us to make better engineering decisions to work around some of the rigidity in the protocol stack will be the subject of the recently chartered Measurement and Analysis for Protocols (maprg) research group meeting on Tuesday morning.

Packet networks give rise to transient congestion by design and several groups are meeting to discuss different aspects of congestion control and avoidance. The Internet Congestion Control research group (iccrg) will meet on Monday morning to discuss some of the latest innovations and thinking in relation to congestion control and managing congestion on the Internet. The meeting will include an update on TCP Prague ideas and an update on the BBR congestion control algorithm from Google including experiences with deployment at YouTube. Modifications to the functioning of TCP are proposed, presented and discussed in the tcpm WG which will meet on Wednesday morning in Chicago. Internet metrics are defined by the ippm WG and they are meeting in Chicago on Monday morning.

And last but not least, the tsvarea open meeting will take place on Monday afternoon.

Related Working Groups and BoFs at IETF 98

maprg (Measurement and Analysis for Protocols) RG
Tuesday, 28 March 2017, 0900-1130, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/maprg/
Charter: https://datatracker.ietf.org/doc/charter-irtf-maprg/

iccrg (Internet Congestion Control) RG
Monday, 27 March 2017, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/iccrg/
Charter: https://datatracker.ietf.org/doc/charter-irtf-iccrg/

quic (QUIC) WG
Thursday, 30 March 2017, 0900-1130, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/quic/
Documents: https://datatracker.ietf.org/group/quic/documents/
Charter: https://datatracker.ietf.org/group/quic/charter/
QUIC Tutorial: Sunday, 26 March 2017, 1500-1600, Zurich E/F

tcpm (TCP Maintenance and Minor Extensions) WG
Wednesday, 29 March 2017, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tcpm/
Documents: https://datatracker.ietf.org/group/tcpm/documents/
Charter: https://datatracker.ietf.org/group/tcpm/charter/

mptcp (Multipath TCP) WG
Thursday, 30 March 2017, 1520-1840, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/mptcp/
Documents: https://datatracker.ietf.org/group/mptcp/documents/
Charter: https://datatracker.ietf.org/group/mptcp/charter/

ippm (IP Performance Metrics) WG
Monday, 27 March 2017, 0900-1130, Zurich B
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ippm/
Documents: https://datatracker.ietf.org/group/ippm/documents/
Charter: https://datatracker.ietf.org/group/ippm/charter/

tsvarea (Transport Area Open Meeting)
Monday, 27 March 2017, 1300-1650, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tsvarea/

tsvwg (Transport Area Working Group)
Monday, 27 March 2017, 1710-1810, Vevey 1/2
Thursday, 30 March 2017, 1300-1500, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tsvwg/
Documents: https://datatracker.ietf.org/group/tsvwg/documents/
Charter: https://datatracker.ietf.org/group/tsvwg/charter/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
IETF IPv6 Open Internet Standards Technology

Rough Guide to IETF 98: All About IPv6

In this post for the Internet Society Rough Guide to IETF 98, I’m reviewing what’s happening related to IPv6 at IETF 98 in Chicago next week.

IPv6 global adoption rates increased by over 50% last year as pools of IPv4 addresses approached depletion at 4 of the 5 Regional Internet Registries, encouraging more network operators and content providers to actively deploy the protocol. With more large ISPs and mobile operators having announced plans to deploy IPv6 during 2017, and increasing interest in Home Networking and the Internet of Things, IPv6 is at the forefront of standardisation work at the IETF.

The Homenet (homenet) Working Group develops protocols for residential networks based on IPv6 and is a group with a lot of interest. They will meet on Monday morning and have one new draft up for discussion on a name resolution and service discovery architecture for homenets (https://tools.ietf.org/html/draft-tldm-simple-homenet-naming-00). Associating domain names with hosts is a key factor in enabling communication with hosts, particularly for service discovery, and needs to occur without user intervention and on different network topologies.

There are also three updated drafts being discussed, including two that are under evaluation by the Area Director. The first of these proposes an update to RFC 7788 which defines the Home Networking Control Protocol (HNCP) specification, in order to eliminate the recommendation to use .home as the default top-level name for local name resolution (draft-ietf-homenet-redact-03) as this was never registered by IANA in the Special-Use Domain Names Registry and there is evidence that it is already informally used by some sites on the Internet. The second draft defines .homenet as a special use top-level domain to replace .home (https://tools.ietf.org/html/draft-ietf-homenet-dot-03). The last of the three drafts (https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-01) relates to how the Babel routing protocol can be used in conjunction with HNCP protocol in a Homenet scenario.

The Distributed Mobility Management (dmm) Working Group works on solutions that allow traffic to/from mobile nodes to take optimal routes. Whilst this is running at the same time as Homenet on Monday morning, there are two IPv6-related items on the agenda. Firstly, a draft describing an extension to the DHCPv6 protocol to enable mobile hosts to indicate the required services it wishes to receive from a network (https://tools.ietf.org/html/draft-moses-dmm-dhcp-ondemand-mobility-05), especially when moving between locations with different points of attachment to the Internet. This will be followed by a discussion on whether there is interest in investigating on-demand mobility extensions for ICMPv6 router advertisement messages.

On Tuesday, it’s mainly just the IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group in the morning. TSCH is the emerging standard for automation and control over low-power and lossy wireless networks, and this group is working on how to use IPv6 in industrial standards. There will be further discussions on the draft that describes the architecture for running IPv6 over TSCH networks (https://tools.ietf.org/html/draft-ietf-6tisch-architecture-11), two drafts related to the 6top protocol that enables distributed scheduling (https://tools.ietf.org/html/draft-ietf-6tisch-6top-protocol-03 and https://tools.ietf.org/html/draft-ietf-6tisch-6top-sf0-03), as well as four drafts related to security functionality. Rounding off the session is an update on IEEE 802.15.4e developments, and introduction of a draft describing a joint scheduling architecture for deterministic industrial field and backhaul networks (https://tools.ietf.org/html/draft-wang-detnet-backhaul-architecture-00).

On Tuesday evening though, a draft on operational security considerations for IPv6 networks draft will be discussed in the Operational Security Capabilities for IP Network Infrastructure (v6ops) Working Group. IPv6 presents some new security challenges, but this draft analyses the operational security issues for enterprises, service providers and residential users and proposes practical mitigation techniques (https://tools.ietf.org/html/draft-ietf-opsec-v6-10).

Wednesday is a busy day kicked off by the IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group. 6lo focuses on facilitating IPv6 connectivity over node networks with limited power, memory and processing resources, and again has a busy agenda. There are three drafts related to Neighbour Discovery on IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs), one on running IPv6 over Bluetooth Low Energy Mesh Networks (https://tools.ietf.org/html/draft-gomez-6lo-blemesh-02), one on the use of IPv6 in Near Field Communication where portable devices are brought into close proximity with each other (https://tools.ietf.org/html/draft-ietf-6lo-nfc-06), one on transmitting IPv6 over electrical power lines (https://tools.ietf.org/html/draft-hou-6lo-plc-00), and another two drafts dealing with packet fragmentation and expiration issues (https://tools.ietf.org/html/draft-thubert-6lo-forwarding-fragments-04 and https://tools.ietf.org/html/draft-lijo-6lo-expiration-time-01). Last, but not least, a further draft describes the use cases for IPv6 over constrained node networks and describes practical deployment scenarios (https://tools.ietf.org/html/draft-ietf-6lo-use-cases-01).

The IPv6 Operations (v6ops) Working Group meets on Wednesday afternoon and has just three drafts primarily up for discussion. Requirements for IPv6 routers aims to learn the lessons of operating large scale networks on IPv4, and formulate a set of requirements for routers, switches, and middleboxes deployed in IPv6 networks to enable more effective deployment (https://tools.ietf.org/html/draft-ali-ipv6rtr-reqs-02). Basic requirements for IPv6 Customer Edge routers focuses on some baseline requirements for provisioning these classes of routers, the IPv6 hosts attached to them, and the transition technologies required when IPv4 is no longer available (https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis-01). Finally, there’s a draft dealing with the scenario whereby different IPv6 implementations have limited support for SLAAC and/or DHCPv6, and recommends that all hosts implement RFC 6105 (DNS options for SLAAC) and the stateless DHCPv6 functionality in RFC 3315 (https://tools.ietf.org/html/draft-gont-v6ops-host-configuration-01).

Time permitting, there may also be an update on Happy Eyeballs that aims to reduce user-visible delays on dual-stack networks (https://tools.ietf.org/html/draft-pauly-v6ops-happy-eyeballs-update-01), and on Provisioning Domains (PvDs) that allow hosts to retrieve configuration information for accessing the Internet; usually via URL (https://tools.ietf.org/html/draft-bruneau-pvd-00).

Meeting in parallel with v6ops is the IPv6 over Low Power Wide-Area Networks (lpwan) Working Group that’s working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres. There are five drafts under discussion, but there will also be an update on the IEEE 802.15.LPWA Interest Group activities, as well as a discussion on future work items.

The IPv6 Maintenance (6man) Working Group meets on Thursday morning and will present the last call on updates to the IPv6 specification as currently defined in RFC 2460, RFC 4291, and RFC 1981. There are also two new drafts under discussion related to recommendations on IPv6 address usage (https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations) and temporary IPv6 interface identifiers (https://tools.ietf.org/html/draft-gont-6man-non-stable-iids-01), plus a draft describing how a Distributed Denial of Service (DDoS) Open Threat Signaling (DOTS) client can send a message over a congested network by tagging outgoing IPv6 packets in order to reach a DOTS server (https://tools.ietf.org/html/draft-francois-dots-ipv6-signal-option-01).

Three current drafts on the agenda include a description of common functionality that should be required on all IPv6 hosts and routers, collected from other published IETF Standards Track documents (https://tools.ietf.org/html/draft-clw-rfc6434-bis-01), definition of a new control bit in an IPv6 router advertisement indicating that a receiving node is the exclusive receiver of all traffic destined to any address with that prefix (https://tools.ietf.org/html/draft-pioxfolks-6man-pio-exclusive-bit-01), and providing a backward-compatible extension to the Redirect function in the IPv6 Neighbour Discovery protocol to allow routers to include information that a recipient can associate with the next hop (https://tools.ietf.org/html/draft-templin-6man-rio-redirect-01).

Finally, there are three DHCPv6 related drafts in the Dynamic Host Configuration (dhc) Working Group that round-off the Thursday as well as the week IPv6-wise.

At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe: http://www.worldipv6launch.org/measurements

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 98 posts.

IPv6-related Working Groups at IETF 98:

Homenet (Home Networking) WG
Monday, 27 March 2017 0900-1130 UTC-6, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

DMM (Distributed Mobility Manager) WG
Monday, 27 March 2017 0900-1130 UTC-6, Montreux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dmm/
Documents: https://datatracker.ietf.org/wg/dmm/documents/
Charter: https://datatracker.ietf.org/wg/dmm/charter/

T2TRG (Thing-to-Thing) WG
Monday, 27 March 2017 1300-1500 UTC-6, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/t2trg/
Documents: https://datatracker.ietf.org/group/t2trg/documents/
Charter: https://datatracker.ietf.org/group/t2trg/charter/

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e)
Tuesday, 28 March 2017 0900-1130 UTC-6, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

V6OPS (IPv6 Operations) Working Group
Tuesday, 28 March 2017 1640-1840 UTC-6, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/

6LO (IPv6 over Networks of Resource Constrained Nodes) WG
Wednesday, 29 March 2017 0900-1130 UTC-6, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

V6OPS (IPv6 Operations) WG
Wednesday, 29 March 2017 1300-1500 UTC-6, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

LPWAN (IPv6 over Low Power Wide-Area Networks)
Wednesday, 29 March 2017 1300-1500 UTC-6, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lpwan/
Documents: https://datatracker.ietf.org/wg/lpwan/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/

6MAN (IPv6 Maintenance ) WG
Thursday, 30 March 0930-1130 UTC-6, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

DHC (Dynamic Host Configuration) WG
Thursday, 30 March 1740-1840 UTC-6, Montreux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dhc/
Documents: https://datatracker.ietf.org/wg/dhc/documents/
Charter: https://datatracker.ietf.org/wg/dhc/charter/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf98/.

Categories
IETF Open Internet Standards

Save the Date- Africans @ IETF 98- 28 March, 8-9 am (US CDT)

Africans at the IETF Meeting

 
Venue: Swissotel Chicago, Montreux 2 room
Date: Tuesday 28 March 2017 
Time: 8 to 9 am (US Central Time)

Background

There will be a session for the Africans who will be in attendance in Chicago for the upcoming IETF 98. The session will cover the IETF Africa initiative which aims to raise awareness of IETF standards in Africa and encourage more developers and network engineers from Africa to participate in the work being done at the IETF. 

Agenda

Starts at 8 (US Central Time)

·      Introductions and Welcome – 5 mins

·      IETF Africa initiative – where we are – 10mins

·      Planning for 2017 activities (ideas & discussions) – 20 mins

o   Event at AIS 2017 in Nairobi, Kenya

o   Hackathons in 2017 – the plan

o   Webinar topics for 2017

·      Discussion on involving others – 20 mins

·      Wrap up

 

Attendance

Anyone from Africa who will be at the IETF 98 in Chicago is encouraged to attend. The meeting is also open to anyone wanting to hear more about the IETF Africa Initiative and contribute ideas.

 

If you would like to attend, kindly RSVP to Marsema Tariku –  Tariku@isoc.org