Categories
Building Trust Identity IETF Open Internet Standards Privacy Technology

Rough Guide to IETF 94: Trust, Identity, and Privacy

Welcome to the last installment of the IETF 94 Rough Guide! This installment focuses attention on the IETF 94 activities in Yokohama this week related to improving trust in the Internet including identity and privacy.

The first thing I’d like to highlight is technically not part of the IETF, but it is an important cross-pollination effort. The W3C Privacy Interest Group (PING) will again be meeting face-to-face alongside the IETF. The purpose of this meeting is outreach to the broader IETF community, information sharing amongst the participants on various privacy efforts, and progression of PING work items including the draft privacy and security questionnaire for specification authors. The meeting occurs during the lunch slot (1130-1300 JST) on Thursday, 5 November 2015 in Room 511. It is BYOL (Bring Your Own Lunch), but the conversation is definitely worth the effort!

As for the IETF working groups, there are several ongoing working groups addressing relevant topics in this space. Some of the ones that will meet at IETF 94 are highlighted below.

The Automated Certificate Management Environment (acme) working group is working to lower the barrier to deployment of certificates for the Web PKI. Currently, the verification of domain names in a certificate is done using a set of ad hoc mechanisms. In particular, the acme working group is automating the process of issuance, validation, revocation and renewal. This is meeting will focus exclusively on the current document (https://datatracker.ietf.org/doc/draft-ietf-acme-acme/) and the issues documented in the issue tracker (https://github.com/ietf-wg-acme/acme/issues).

In response to evolving concerns about pervasive surveillance, the IETF has looked to improve the observable data in many of its protocols. The DNS PRIVate Exchange (DPRIVE) Working Group was chartered to develop mechanisms to initially provide confidentiality between DNS Clients and Iterative Resolvers. This week’s agenda includes DNS over DTLS, DNS over TLS, and Stateless DNS Encryption. Given that virtually all communication on the Internet involves name resolution, providing additional privacy to the underlying mechanisms is key to improving trust in the Internet.

The Web Authorization Protocol (oauth) working group has been working for quite some time on a suite of documents that enables a user to grant a third-party access to protected resources without sharing the user’s long term credentials. The working group has completed a long list of RFCs. This week’s meeting will focus on authorization requests, Proof-of-Possession, token exchange, and the use of OAuth for native apps. OAuth is emerging as a key component of online identity systems, and this week is yet another opportunity to impact the conversations.

The Open Specification for Pretty Good Privacy (OpenPGP) working group originally completed its work in 2008 providing a solution for object encryption, object signing, and identity certification (RFC4880). Recently it has become clear that it was time to produce an update to RFC4880, and the OpenPGP working group was reinstated to do that work. This revision will include potential inclusion of elliptic curves recommended by the Crypto Forum Research Group (CFRG), a symmetric encryption mechanism that offers modern message integrity protection, an update to the mandatory-to-implement algorithm selection, deprecation of weak algorithms, and an updated public-key fingerprint mechanism.

The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The primary effort of the Public Notary Transparency (trans) working group is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. Certificate Transparency creates a log of certificates issued by certificate authorities (CAs). This provides the opportunity to monitor for problems in the certificate infrastructure globally. The primary focus of this week’s discussion will be the update to RFC 6962, a threat analysis, and the gossip protocol. There is also some potential new work to discuss including other uses for transparency beyond PKI certifications.

In a bit of a tangent, I’d like to mention the Network Time Protocol (ntp) working group. As the Internet has evolved, some of the key pieces of infrastructure that we often take for granted need to be reconsidered in the light of the current operational environment. Time is a key component of establishing and maintaining trust, and it is often overlooked. The ntp working group is currently pursuing two efforts to improve the trustworthiness of the time infrastructure. Network Time Security (NTS) will define an updated framework and mechanisms for time server authentication. Additionally, a Best Current Practice (BCP) is being developed to address common operational issues that are being increasingly exploited.

To reinforce the importance of the IETF work in trust, identity, and privacy, I would like to mention my experience at last week’s World Wide Web Consortium (W3C) Technical Plenary and Advisory Council (TPAC) meeting in Sapporo. One of the highlights was a plenary panel discussion with Tim Berners-Lee, Vint Cert, and Jun Murai. There was a question specifically on building a better trust layer for the web. Vint Cert responded that the IETF and W3C communities should work together to address the question: “What is missing from the enabling protocol space to make strong authentication, high integrity, and other trust building mechanisms?” Perhaps we can take some inspiration from this in the coming week!

Related Meetings, Working Groups, and BOFs at IETF 93:

ace (Authentication and Authorization for Constrained Environments) BOF
Monday, 2 November 2015; 0900-1130, Room 302
Agenda: https://tools.ietf.org/wg/ace/agenda
Documents: https://tools.ietf.org/wg/ace
Charter: https://tools.ietf.org/wg/ace/charter

acme (Automated Certificate Management Environment) WG
Friday, 6 November 2015; 9:00 – 11:30, Room 304
Agenda: https://tools.ietf.org/wg/acme/agenda
Documents: https://tools.ietf.org/wg/acme/
Charter: https://tools.ietf.org/wg/acme/charters

dprive (DNS PRIVate Exchange) WG
Monday, 2 November 2015; 17:10 – 19:10, Room 304
Agenda: https://tools.ietf.org/wg/dprive/agenda
Documents: https://tools.ietf.org/wg/dprive/
Charter: https://tools.ietf.org/wg/dprive/charters

oauth (Web Authorization Protocol) WG
Thursday, 5 November 2015; 15:20 – 17:20, Room 301
Agenda: https://tools.ietf.org/wg/oauth/agenda
Documents: https://tools.ietf.org/wg/oauth
Charter: https://tools.ietf.org/wg/oauth/charter

openpgp (Open Specification for Pretty Good Privacy)
Tuesday, 3 November 2015; 17:10 – 18:40, Room 411/412
Agenda: https://tools.ietf.org/wg/openpgp/agenda
Documents: https://tools.ietf.org/wg/openpgp/
Charter: https://tools.ietf.org/wg/openpgp/charters

trans (Public Notary Transparency) WG
Monday, 2 November 2015, 1300 – 1500, Room 411/412
Agenda: https://tools.ietf.org/wg/trans/agenda
Documents: https://tools.ietf.org/wg/stir/
Charter: https://tools.ietf.org/wg/trans/charter

ntp (Network Time Protocol) WG
Monday, 2 November 2015, 1710-1910, Rooms 411/412
Agenda: https://tools.ietf.org/wg/ntp/agenda
Documents: https://tools.ietf.org/wg/ntp
Charter: https://tools.ietf.org/wg/ntp/charter

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Photo Credit: istock.com
Categories
IETF Improving Technical Security Open Internet Standards Privacy Technology

Rough Guide to IETF 94: Strengthening the Internet

The ongoing efforts of the Internet community to strengthen the Internet continue with IETF 94 in Yokohama next week. Even though it seems like just yesterday we were in Prague for IETF 93, there is progress to report and new activities to highlight. In this edition of the Rough Guide, we will highlight the IAB Privacy and Security program including the recently held MaRNEW workshop, the Crypto Forum Research Group, and the TLS working group including the upcoming TRON workshop.

The Internet Architecture Board (IAB), through its Privacy and Security Program, has been focusing on strengthening the Internet by looking at threats, mitigations, and trust models. Since IETF 93, RFC 7624 “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement” has been published. The IAB program is now working on a follow-on document discussing relevant mitigations, “ Confidentiality in the Face of Pervasive Surveillance“. Additionally, a draft has been adopted identifying issues and emerging solutions to some of the key issues associated with the webpki infrastructure, “ Problems with the Public Key Infrastructure (PKI) for the World Wide Web”. Both these document will be discussed during the week in Yokohama. Review and submit your comments now!

Also since IETF 93, the IAB held a workshop jointly with the GSMA on Managing Radio Networks in an Encrypted World (MaRNEW). The submitted papers, workshop agenda, and the presentations are currently available at https://www.iab.org/activities/workshops/marnew/. Minutes are expected by the end of October, and a draft workshop report is targeted for the end of the year. Both of these will be provided on the workshop page referenced above. A short report on this workshop is in the recent issue of the IETF Journal. There will also be a report and discussion of the workshop provided in the SAAG meeting on Thursday afternoon.

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg) continues to focus on use of cryptography for IETF protocols. It has been focusing extensively on the selection of new elliptic curves for use in IETF protocols, and rough consensus on this topic is documented in “ Elliptic Curves for Security”. Since IETF 93, this document has been completed and forwarded to the RFC Series editor for publishing. Topics for discussion at the meeting this week will include elliptic curves, PAKE, post-quantum secure signatures, and key exchange. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.

There are a significant number of IETF working groups progressing efforts related to strengthening the Internet that will be meeting this week. In this post I will focus on primarily on TLS. Other working groups also working on strengthening the Internet are discussed in the “DNSSEC, DANE, DPRIVE, and DNS Security” and the “Trust, Identity, and Privacy” Rough Guide posts in the coming days, so watch the Rough Guide to IETF 94 for updates.

The Transport Layer Security (TLS) working group is actively working on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016. This meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker: https://github.com/tlswg/tls13-spec/issues.

As a side note, the TLS working group plans to solidify the TLS 1.3 specification and pause for a brief period to allow security researchers time to analyze the specification. As part of this effort, the TLS1.3 Ready or Not (TRON) workshop has been planned in conjunction with the Network and Distributed System Security Symposium (NDSS) in February 2016. The call for papers is available now and anyone interested in improving the robustness of the new TLS specification is strongly encouraged to participate.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security-related conversations ongoing in the IETF. This week’s session will include the MaRNEW overview discussed above as well as a discussion about standardization of cryptographic application techniques for Internet of Thing (IoT).

All in all, the work continues to make encryption more widespread and easier to deploy for a stronger Internet.

Related Meetings, Working Groups, and BOFs at IETF 94:

cfrg (Crypto Forum Research Group)
Monday, 2 November 2015, 1520-1650 JST, Room 303
Agenda: https://tools.ietf.org/agenda/94/agenda-94-cfrg.html
Charter: https://irtf.org/cfrg

tls (Transport Layer Security) WG
Wednesday, 4 November, 2015, 0900-1130 JST, Room 303,
Thursday, 5 November, 2015, 1740-1840 JST, Room 501
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls
Charter: https://tools.ietf.org/wg/tls/charters

saag (Security Area Advisory Group)
Thursday, 5 November 2015, 1300-1500 JST, Room 502
Agenda: https://tools.ietf.org/agenda/94/agenda-94-saag.html

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf94/.

Photo Credit: www.istock.com
Categories
IETF IPv6 Open Internet Standards Technology

Rough Guide to IETF 94: All About IPv6

IPv6 deployment growth continues throughout the world as the Regional Internet Registries assign their last remaining IPv4 addresses, and APNIC, Akamai, and Google publish IPv6 deployment statistics showing growth in both individual networks and in countries all around the globe. The standardisation work in the IETF continues to reflect this operational experience, and both the IPv6 Operations (v6ops) and IPv6 Maintenance (6man) Working Groups will be meeting at IETF 94 in Yokohama this week.

The draft draft-jjmb-v6ops-unique-ipv6-prefix-per-host has been generating significant discussion on the v6ops mailing list recently, which aims to address certain issues related to IPv6 deployment in community wi-fi scenarios. This document will be discussed in the first v6ops session on Monday morning, along with other drafts concerning the operational implications of extension headers in IPv6 packets and how and where such packets are being dropped.

Other drafts up for discussion include a proposal for identifier-locator IPv6 addressing to support network virtualisation, as well as operational recommendations for networks to assign multiple IPv6 addresses to end hosts to support usage of virtual machines, tethering, identifier-locator addressing and privacy amongst other applications. An informational draft  provides advice on routing-related design choices in IPv6 networks, and there’s a proposed update of RFC 6145. The second v6ops session during Monday evening is rounded off with presentation of work to improve classification and measurement methods for IPv6.

The 6man working group will be meeting on Wednesday morning and will be discussing proposed updates to the IPv6 specification, addressing architecture and neighbour discovery as currently defined in RFC 2460, RFC 4291, and RFC 4861.

It’s not all ‘business-as-usual’ though, as Homenet Working Group will on Tuesday morning be continuing its work to produce protocols for residential networks based on IPv6. This is usually one of the best attended working groups and at this session will be focusing on autoconfiguration, naming architecture and service discovery, as well as multiple interfacing support in home-type scenarios.

There has also been much discussion on the Internet-of-Things (IoT) recently, and quite aside from IPv6 being a necessity for future scalability, the IETF has been looking into the issues of implementing IPv6 on nodes with limited power, memory and processing resource that are characteristic of IoT. The IPv6 over Networks of Resource-Constrained Nodes (6lo) Working Group will be meeting on Thursday morning, but other groups have also been investigating the related challenges of using low power and lossy networks as typically found with power line or low bandwidth radio links. It’s therefore worth checking out the both the Routing Over Low Power and Lossy Networks (roll) and IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) Working Groups on Thursday afternoon.

These are the IPv6 specific sessions in Yokohama, but IPv6 is has become such an integral part of the Internet that most working groups need to take it into account. At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe.

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

And you can see more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 94 posts.

Some IPv6 Working Groups at IETF 94:

v6ops (IPv6 Operations) WG
Monday, 2 November 0900-1130 UTC+9, Room 501
Monday, 2 November 1710-1910 UTC+9, Room 501 
Agenda: https://datatracker.ietf.org/meeting/94/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

6man (IPv6 Maintenance ) WG
Wednesday, 4 November 0900-1130 UTC+9, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

Homenet (Home Networking) WG
Tuesday, 3 November 0900-1130 UTC+9, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

6lo (IPv6 over Networks of Resource Constrained Nodes) WG
Thursday, 5 November 0900-1130 UTC+9, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e)
Thursday, 5 November 1520-1720 UTC+9, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

roll (Routing Over Low power and Lossy networks)
Thursday, 5 November 1740-1840 UTC+9, Room 302
Agenda: https://datatracker.ietf.org/meeting/94/agenda/roll/
Documents: https://datatracker.ietf.org/wg/roll/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-roll/

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Categories
Building Trust IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 94: Scalability and Performance

Bigger, Faster, Better

In this post I’ll highlight some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) groups meeting as part of the IETF 94 meeting in Yokohama next week. These groups are working to explore and address more sophisticated ways to use and share available bandwidth, improve Internet performance, and otherwise efficiently get Internet content to where it needs to be.

Getting new networking code deployed on the Internet is often made difficult because of uncertainties about how existing hardware and software on the network will react. Measurements of the network, measurement platforms and methodologies are all key to improving our understanding of how we can safely evolve the network. On the Saturday prior to the IETF 94 meeting, the Research and Applications of Internet Measurements workshop will explore these topics in detail.

The importance of measurements and the relationship with good protocol engineering will also be the technical topic discussed during the plenary session on Wednesday afternoon.

Measurement techniques and data sources that could help us to make better engineering decisions to work around some of the rigidity in the protocol stack will be the subject of the proposed HOPS research group meeting on Monday morning. The agenda for the session includes a presentation on the results Apple have obtained from their testing of Explicit Congestion Notification.

The Internet Storage Sync BoF will take place on Tuesday afternoon. Network-based storage services allow users to keep local files synchronised with remote servers on the Internet. The goal of this BoF is to establish whether there is interest in working on a standardised protocol for these kind of file synchronisation services.

Internet performance is to a large extent governed by the way transport protocols operate, and the tcpm WG will be meeting to discuss proposed new functionality to improve and enhance the working of TCP, the main transport protocol used on the Internet today.

On Tuesday, Applied Networking Research Prize winner Xiao Sophia Wang will present the results of her systematic study of web page load times using SPDY, an open networking protocol developed primarily at Google for transporting web content. A lot of the features of SPDY were incorporated in the HTTP/2 standard so this should offer a useful insight into the cutting edge of web performance.

Packet networks give rise to transient congestion by design and several groups are meeting to discuss different aspects of congestion control and avoidance. The RTP Media Congestion Avoidance Techniques working group is developing and evaluating congestion control algorithms to handle the emerging use of the Internet for real-time audio and video communication.

For regulators, being able to monitor the performance of networks, and the extent to which congestion or other factors are impacting consumers’ experience of the network is very important. The lmap working group is meeting in Yokohama to advance their important work on standardizing a large-scale broadband performance measurement infrastructure.

Related Working Groups and BoFs at IETF 94

iss BoF (Internet Storage Sync) BoF
Tuesday, 3 November 2015, 1520-1650, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/iss/

tcpm (TCP Maintenance and Minor Extensions) WG
Thursday, 5 November 2015, 0900-1130, Rooms 411/412
Agenda: https://datatracker.ietf.org/meeting/94/agenda/tcpm/
Documents: https://datatracker.ietf.org/wg/tcpm/
Charter: http://datatracker.ietf.org/wg/tcpm/charter/

irtfopen (IRTF Open Meeting)
Tuesday, 3 November 2015, 1710-1840, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/irtfopen/

hopsrg (Proposed How Ossified is the Protocol Stack?) RG
Monday, 2 November 2015, 0900-1130, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/hopsrg/
Charter: https://datatracker.ietf.org/doc/charter-irtf-hopsrg/

lmap (Large-Scale Measurement of Broadband Performance) WG
Monday, 2 November 2015, 1710-1910, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/lmap/
Documents: https://datatracker.ietf.org/wg/lmap/
Charter: http://datatracker.ietf.org/wg/lmap/charter/

rmcat (RTP Media Congestion Avoidance Techniques) WG
Monday, 2 November 2015, 1520-1650, Room 502
Friday, 6 November 2015, 0900-1130, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/rmcat/
Documents: https://datatracker.ietf.org/wg/rmcat/
Charter: http://datatracker.ietf.org/wg/rmcat/charter/

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Photo Credit: istock.com
Categories
IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 94: Routing Security & Resilience

There is significant work underway across several IETF working groups to ensure the Internet’s infrastructure is more secure and resilient in both the short and long runs. This does not only relate to routing, although it is the focus of this guide, but to all layers and components of the Internet architecture. Several of these groups will meet at IETF 94 in Yokohama next week.

The Secure Inter-Domain Routing (SIDR) WG focuses on securing the global routing system. The overall architecture is based on a Resource PKI (RPKI), which adds an authentication framework to BGP and is an important component of BGP security extensions – BGPSEC, also developed in SIDR WG. This is a key technology for improving trust in the global routing infrastructure.

The two main enhancements to the security of inter-domain routing – Origin Validation (OV) and path validation (BGPSEC) are in a good shape, but a lot of work and attention is given to details now. Since OV was the first component standardized in the IETF, additional considerations come from deployment and operational experience. Examples are RPKI Repository Delta Protocol improving the overall scalability and performance of the system, or an out-of-band protocol proposed to ease setup of the RPKI provisioning and publication protocols between two parties.

There are also more fundamental changes requested, like the proposal to change the certificate validation procedure. Authors of the draft “RPKI Validation Reconsidered“, which has an informational status, replaced it with another, more succinct specification on the standards track updating the RPKI certificate validation procedure as specified in Section 7.2 of RFC6487.

The path validation component – BGPSEC – is maturing, too. The BGPSEC protocol specification is now in its 13th revision and is almost in the WG Last Call. New potential vulnerabilities are found and some clarifications are needed, so this is still work in progress.

There are already implementations of the spec, being developed in parallel with the standardization process! For example, there is running code that adds BGPsec capability to the open source routing daemon BIRD.

But there is a significant threat that SIDR technologies cannot fix: so-called “route-leak.” Simply speaking, this term describes an otherwise valid announcement that nevertheless violates the intended propagation scope. For example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Because it is a policy violation, neither OV nor BGPSEC can detect or mitigate such an “attack.”

In “Methods for Detection and Mitigation of BGP Route Leaks”, the authors suggest an enhancement to BGP that would extend the route-leak detection and mitigation capability of BGPSEC. The draft proposes a new Route Leak Protection (RLP) field that operators should set when announcing routes to their customers and peers. Receiving a BGP update that has the RLP field set to ’01’ (‘Do not Propagate Up or Laterally’) for one or more hops in the AS path from a customer or a peer indicates that such announcement represents a “route leak” and should be treated accordingly (e.g. by preferring a valid signed update from a peer or an upstream provider over the customer’s update).

This draft is being discussed in the Inter-Domain Routing Working Group (IDR).

Another working group – Global Routing Operations (GROW), which focuses on operational problems associated with the global routing system – is also active working on issues related to security and resilience of global routing.

Massive Distributed Denial of Service (DDoS) attacks targeting Internet Exchange Point (IXP) members may cause congestion of their peering port(s). In order to limit the impact of such a scenario on legitimate traffic, IXPs adopted a feature called blackholing. A member may trigger blackholing via BGP through the route server. The concept of blackholing at IXPs is similar to blackholing in iBGP scenarios [RFC3882] and the expansion RTBH filtering [RFC5635]. A draft “ BLACKHOLEIXP BGP Community for Blackholing at IXPs” proposes to define a well-known transitive BGP community, to allow an operator to indicate to the IXP route server which routes should be discarded on the switching fabric of the IXP. The draft has been discussed on the mailing list and during IETF 93 and is about to get adopted as a WG document.

Speaking of DDoS attacks, another WG has recently been created – DDoS Open Threat Signaling (DOTS). DDoS attacks are not strictly related to the routing plane of the Internet communication system, but they may have a significant impact on the overall resilience. The goal of the group is to develop a communications protocol intended to facilitate the programmatic, coordinated mitigation of such attacks via a standards-based mechanism. This protocol should support requests for DDoS mitigation services and status updates across inter-organizational administrative boundaries.

Related Working Groups at IETF 94

SIDR (Secure Inter-Domain Routing) WG
Tuesday, 3 November, 17:10-18:40, Room 304
Friday, 6 November, 09:00-10:30, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/sidr/
Charter: https://datatracker.ietf.org/wg/sidr/charter/

GROW (Global Routing Operations) WG
Friday, 6 November, 09:00-11:30, Room 303
Agenda: https://datatracker.ietf.org/meeting/94/agenda/grow/
Charter: https://datatracker.ietf.org/wg/grow/charter/

IDR (Inter-Domain Routing Working Group) WG
Monday, 2 November, 13:00-15:00, Room 502
Agenda: https://datatracker.ietf.org/meeting/94/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

DOTS (DDoS Open Threat Signaling) WG
Tuesday, 3 November, 13:00-15:00, Room 501
Agenda: https://datatracker.ietf.org/meeting/94/agenda/dots/
Charter: https://datatracker.ietf.org/wg/dots/charter/

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.

Photo Credit: istock.com
Categories
IETF Open Internet Standards

Rough Guide to IETF 94 – Yokohama-Bound!

It’s almost here! Starting on Sunday, 1 November, the Internet Engineering Task Force will be in Yokohama, Japan for IETF 94, where more than 1000 engineers will spend a week discussing the latest issues in open standards and protocols. As usual, the Internet Society is providing a ‘Rough Guide’ to the IETF via a series of blog posts on topics of mutual interest:

All these posts can be found, and will be archived, through our Rough Guide to IETF 94 overview page at https://dev.internetsociety.org/tag/ietf94/.

Here are some of the activities that the Internet Society is involved in and some of my personal highlights.

IETF Journal

Before we get to IETF 94, catch up on some of the highlights from IETF 93 in Prague by reading Volume 11, Issue 2 of the IETF Journal. Within the next day or so, you can read all the articles online at https://dev.internetsociety.org/ietfjournal, or pick up a hard copy in Yokohama. The cover article, “ACME: Better Security Through Automation,” provides an update on the status of exciting new work to simplify the deployment of security technologies on the Internet. We also have articles about the second IETF Hackathon, an introduction to the fast-growing world of NETCONF and YANG, and a report on the live Q&A with Edward Snowden that happened in Prague. As usual we also have our usual reports on the technical plenary, Applied Network Research Prize winners, and Chair Reports from the IETF, IAB, and IRTF Chairs.

We also have exciting news to share! The ISOC Russia Chapter has started doing Russian translations of the IETF Journal, and for this issue we’ll also have a Spanish translation! Both will be available in a few weeks. Watch the Internet Technology Matters blog for announcements.

IRTF and ANRP

Through the Applied Networking Research Prize (ANRP, supported by the Internet Society) the Internet Research Task Force (IRTF) recognizes the best new ideas in networking, and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. In Yokohama, two talented researchers will present during the IRTF Open Meeting on Tuesday, 3 November:

  • Xiao Sophia Wang on a systematic study of web page load times under SPDY: Xiao Sophia Wang, Aruna Balasubramanian, Arvind Krishnamurthy and David Wetherall. How Speedy is SPDY? Proc. USENIX Symposium on Networked Systems Design and Implementation (NSDI), Seattle, WA, USA, April 2-4, 2014.
  • Roland van Rijswijk-Deij on a detailed measurement study on a large dataset of DNSSEC-signed domains: Roland van Rijswijk-Deij, Anna Sperotto, and Aiko Pras. DNSSEC and its Potential for DDoS Attacks: A Comprehensive Measurement Study. Proc. ACM Internet Measurement Conference (IMC), Vancouver, BC, Canada, November 2014.

Hackathon

Right before IETF 94, the IETF is holding its third Hackathon to encourage developers to discuss, collaborate and develop utilities, ideas, sample code and solutions that show practical implementations of IETF standards. The Hackathon is free to attend but has limited seats available. This is the third time the IETF has held a Hackathon before a meeting, and I hope it is a tradition that continues.

RAIM Workshop

To increase collaboration between industry and academia in the field of networking, the Internet Research Task Force (IRTF) and the Internet Society (ISOC) in cooperation with ACM SIGCOMM are organizing a workshop on Research and Applications of Internet Measurements (RAIM), scheduled for the Saturday, 31 October, in between the 2015 ACM SIGCOMM Internet Measurement Conference (IMC) in Tokyo and IETF 94.

This workshop will bring together researchers and practitioners that are advancing the state of the art in measuring networked systems to share measurement-based insights into operational networks, to improve the use of research in protocol design decisions, and to suggest relevant new topics for research.

Noteworthy

One of the week’s highlights will be the technical plenary on Wednesday, 4 November, which will feature the technical topic of “Measurement-Driven Protocol Engineering.”

Another major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. There’s only one BoF happening in Yokohama:

In addition to the IRTF Open Meeting mentioned above, I am looking forward to two meetings of proposed research groups.

  • “How Ossified is the Protocol Stack?” (HOPSRG), on Monday morning, I find interesting because I hope it will get to a perspective on whether permissionless innovation and end-to-end are realities in today’s Internet.
  • “Proposed Network Machine Learning Research Group” (NMLRG), on Tuesday morning, looks into various aspects of machine learning in the Internet.

Follow Us

There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+ >, via RSS, or see https://dev.internetsociety.org/tag/ietf94/.

Photo Credit: iStock.com/Torsakarin