Categories
Building Trust Encryption IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 99: A Sampling of Encryption-Related Activities

Encryption is once again a hot topic, and there’s much to discuss at IETF 99 this week in Prague. This time the hottest action will definitely be in the Transport Layer Security (TLS) working group. TLS is considering everything from privacy implications for TLS1.3 to how to reduce handshake latency. As mentioned in previous Rough Guide blogs on the topic, the working group is busy on the completion of the TLS 1.3 specification. It has completed working group last call, and the working group is addressing the comments received during that process. Draft 21 was released on 3 July in anticipation of this week’s discussion. (https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/)

In addition to the TLS 1.3 effort, the TLS working group has kicked off on an update to the Datagram Layer Transport Security (DTLS) Protocol (DTLS 1.3) (https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/) and has a number of additional drafts on the agenda. In particular, based on the mailing list traffic, there will be an active discussion about a draft (https://datatracker.ietf.org/doc/draft-green-tls-static-dh-in-tls13/). This document proposes a mechanism to address the challenges associated with supporting enterprise requirements in the presence of TLS 1.3. It is a controversial draft and many have indicated that it should not be discussed in the IETF. In addition to the technical merits of the proposal, the implication of RFC 2804 (https://www.rfc-editor.org/info/rfc2804) on this draft will be discussed. A second session on Monday has been added specifically to provide enough time for all the TLS topics.

The next topic of interest for encryption is the Crypto Forum Research Group (cfrg). Always a popular session at IETF, this week the CFRG will discuss six different drafts, including Re-keying Mechanisms for Symmetric Keys (https://datatracker.ietf.org/doc/draft-irtf-cfrg-re-keying), Verifiable Random Functions (https://tools.ietf.org/html/draft-goldbe-vrf-01), Collective Edwards-Curve Digital Signature Algorithm (https://datatracker.ietf.org/doc/draft-ford-cfrg-cosi), The Transition from Classical to Post-Quantum Cryptography (https://tools.ietf.org/html/draft-hoffman-c2pq-01), Hash-Based Signatures ( https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs), and Kangaroo Twelve (https://tools.ietf.org/html/draft-viguier-kangarootwelve-00).

Three of the working groups focused on updating crypto algorithms and using TLS in IETF protocols are meeting at IETF 99. The CURves, Deprecating and a Little more Encryption (curdle) working group was chartered to add and update the cryptographic mechanisms to some IETF protocols. It will have a very short meeting to discuss key exchange method updates and recommendations for Secure Shell (SSH). There will also be some discussion about potential future work for the curdle working group.

The DKIM Crypto Update (dcrup) working group is just getting started. It will be focused on updating the cryptographic aspecs of RFC 6376 (https://www.rfc-editor.org/info/rfc6376). The new working group has a short agenda this meeting, but given the recent popularity of conversations around cryptography, this may well expand to fill available time. Drafts under discussion include Cryptographic Update to DKIM (draft-ietf-dcrup-dkim-crypto), Cryptographic Algorithm and Key Usage Update to DKIM (draft-ietf-dcrup-dkim-usage), and Defining Elliptic Curve Cryptography Algorithms for use with DKIM (draft-ietf-dcrup-dkim-ecc). Hot topics include key hashes and key sizes.

The final working group discussed in this blog is the Using TLS in Applications (UTA) working group. The uta working group has finished a number of pieces of work, and this week will be focused on a draft related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents. It will also discuss a draft on the use of TLS to provide confidentiality of email.

All in all, there is plenty to keep the encryption enthusiasts engaged here at IETF 99.

Relevant Working Groups at IETF 99

tls – Transport Layer Security
Monday, 17 July 2017, 1330-1530, Congress Hall I
Wednesday, 19 July 2017, 930-1200, Grand Hilton Ballroom
Agenda: https://www.ietf.org/proceedings/99/agenda/agenda-99-tls-01.txt
Charter: https://datatracker.ietf.org/wg/tls/about/

cfrg – Crypto Forum Research Group
Tuesday, 18 July 2017, 15:50-1750, Congress Hall I
Agenda: https://datatracker.ietf.org/meeting/99/agenda/cfrg/
Charter: https://irtf.org/cfrg

curdle – CURves, Deprecating and a Little more Encryption
Monday, 17 July 2017, 1130-1200, Congress Hall III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/curdle/
Draft: https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/

dcrup – DKIM Crypto Update
Thursday, 20 July 2017, 1100-1130, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/dcrup/
Charter: https://datatracker.ietf.org/wg/dcrup/about/

uta – Using TLS in Applications
Thursday, 20 July 2017, 1810-1910, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/uta/
Charter: https://datatracker.ietf.org/wg/uta/about/

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
IETF Improving Technical Security IPv6 Open Internet Standards

Rough Guide to IETF 99: IPv6

In this post for the Internet Society Rough Guide to IETF 99, I’m reviewing what’ll be happening at IETF 99 in Prague next week.

IPv6 global adoption rates have seen another 25% increase since the start of 2017, taking them to close to 20% overall with Belgium leading the way at close to 50%. This is attributable to more ISPs and mobile operators rolling out IPv6 as pools of IPv4 addresses approach depletion, that has kept the cost of IPv4 addresses on the brokerage market fairly static, although these costs are still expected to rise over the next couple of years. With many of the major content and cloud providers now supporting IPv6, and substantial interest in home networking, remote sensing/controllers, and vehicular networks, IPv6 looms large in the standardisation work at the IETF, which is also encouraging the use of IPv6 examples in all of its documentation.

The IPv6 Maintenance (6man) Working Group meets first thing on Monday and the big development is the move of the IPv6 specification to Internet Standard Status. It may come as a surprise to many that despite being widely deployed, IPv6 as defined in RFC 2460 has remained a ‘Draft Standard’ since its original publication in 1998.

There are also two working group drafts on updating the IPv6 Addressing Architecture as currently defined in RFC 4291 (https://tools.ietf.org/html/draft-ietf-6man-rfc4291bis), and on IPv6 Node Requirements as currently defined in RFC 6434 (https://tools.ietf.org/html/draft-ietf-6man-rfc6434-bis). Other existing drafts up for discussion include recommendations on IPv6 address usage (https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations) and on Route Information Options in Redirect Messages (https://tools.ietf.org/html/draft-templin-6man-rio-redirect).

There are also three new drafts being proposed, including one that covers scenarios when IPv6 hosts might not be able to properly detect that a network has changed IPv6 addressing and proposes changes to the Default Address Selection algorithm defined in RFC6724 (https://tools.ietf.org/html/draft-linkova-6man-default-addr-selection-update-00); another that proposes a mechanism for IPv6 hosts to retrieve additional information about network access through multiple interfaces (https://tools.ietf.org/html/draft-bruneau-intarea-provisioning-domains-01); whilst the remaining draft defines something called an AERO address for use by mobile networks with a tethered network of IoT devices requiring a unique link-local address after receiving a delegated prefix (https://tools.ietf.org/html/draft-templin-6man-aeroaddr-00).

The Homenet (homenet) Working Group develops protocols for residential networks based on IPv6 and is therefore one of the most active groups at the moment. This will meet on Monday afternoon, and will continue to discuss updated drafts related to a name resolution and service discovery architecture for homenets (https://tools.ietf.org/html/draft-tldm-simple-homenet-naming-02); how the Babel routing protocol can be used in conjunction with the HNCP protocol in a Homenet scenario (https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02), and the use of .homenet as a special use top-level domain to replace .home (https://tools.ietf.org/html/draft-ietf-homenet-dot-09). Three new drafts relate to the service discovery and registration aspects of Homenet (https://tools.ietf.org/html/draft-sctl-service-registration-00, https://tools.ietf.org/html/draft-sctl-discovery-broker-00, https://tools.ietf.org/html/draft-sctl-dnssd-mdns-relay-00).

Running in parallel is the IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group. TSCH is the emerging standard for automation and control over low-power and lossy wireless networks, and this group is working on how to utilise IPv6 in industrial standards. At this meeting there will be summaries of the 1st F-Interop 6TiSCH Interoperability Event and OpenWSN Hackathon, followed by discussions on the updated drafts related to the 6top protocol that enables distributed scheduling (https://tools.ietf.org/html/draft-ietf-6tisch-6top-protocol-09 and https://tools.ietf.org/html/draft-ietf-6tisch-6top-sf0-05), as well as a draft related to security functionality (https://tools.ietf.org/html/draft-ietf-6tisch-minimal-security-03).

Tuesday kicks off with a very busy IPv6 Operations (v6ops) Working Group, which continues on Thursday afternoon. There’s a couple of deployment case studies up first – on turning IPv4 off in the Microsoft enterprise network, followed by some experiences of using dual-stacked websites with Happy Eyeballs. Co-Chair Lee Howard will then discuss the current status of IPv6 deployment.

There are ten drafts being discussed, including requirements for IPv6 routers that aims to document a set of IPv6 requirements for routers, switches and middle boxes based on design and architectural experiences (https://tools.ietf.org/html/draft-ietf-v6ops-ipv6rtr-reqs-00); specifying requirements for zero-configuration IPv6 CPEs (https://tools.ietf.org/html/draft-baker-v6ops-cpe-autoconfigure-00); and using conditional router advertisements for connecting an enterprise network to multiple ISPs using address space assigned by an ISP (https://tools.ietf.org/html/draft-linkova-v6ops-conditional-ras-01). Version 2 of Happy Eyeballs is also being proposed, tweaking the algorithm whereby a dual-stack host tries to establish connections with both IPv4 and IPv6 (https://tools.ietf.org/html/draft-ietf-v6ops-rfc6555bis-02); and there’s an interesting draft proposing deployment of IPv6-only Wi-Fi at IETF meetings.

The remaining four drafts are proposed updates to RFC 7084 that outlines basic requirements for IPv6 Customer Edge Routers (https://tools.ietf.org/html/draft-ietf-v6ops-rfc7084-bis). As well as updating the basic requirements for routers with HNCP (https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis4-hncp), the other drafts specify both minimum (https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis2) and transitional requirements (https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis2).

The Thing-to-Thing (T2TRG) Working Group on Tuesday afternoon is taking the opportunity to review the outcome of the Workshop on IoT Semantic/Hypermedia Interoperability (WISHI), and discuss what its future activities and deliverables should be.

Then there’s the IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group on Tuesday evening. 6lo focuses on facilitating IPv6 connectivity over node networks with limited power, memory and processing resources. The agenda has yet to be published, but the group has recently been working on Neighbour Discovery, IPv6 over low-power Bluetooth mesh networks, and transmission of IPv6 over electrical power lines, amongst other issues.

The remainder of the week is a bit quieter, although the Distributed Mobility Management (dmm) Working Group on Wednesday morning will be discussing at least one IPv6-relevant draft on the Applicability of the Segment Routing IPv6 to the user-plane of mobile networks (https://datatracker.ietf.org/meeting/99/agenda/dmm/). The Dynamic Host Configuration (dhc) Working Group in the afternoon will continue to discuss four DHCPv6 related drafts, as well as hear about the DHCPv6 deployment experiences at Comcast.

The new IP Wireless Access in Vehicular Environments (ipwave) Working Group will also be meeting on Thursday afternoon, and whilst has yet to publish its agenda, is working on a specification for transmitting IPv6 datagrams over IEEE 802.11-OCB in Vehicle-to-Internet and Vehicle-to-Infrastructure communications.

Rounding off the week is the IPv6 over Low Power Wide-Area Networks (lpwan) Working Group on Friday morning that’s working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres. This will be discussing five drafts related to IPv6 header fragmentation and compression, as well as ICMPv6 usage over LPWANs.

At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe: http://www.worldipv6launch.org/measurements

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

http://dev.internetsociety.org/deploy360/start/
http://dev.internetsociety.org/deploy360/ipv6/

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 99 posts.

IPv6-related Working Groups at IETF 99:

6MAN (IPv6 Maintenance ) WG
Monday, 17 July 2017 0930-1200 UTC+2, Grand Hilton Ballroom
Agenda: https://datatracker.ietf.org/meeting/99/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

Homenet (Home Networking) WG
Monday, 17 July 2017 1330-1530 UTC+2, Grand Hilton Ballroom
Agenda: https://datatracker.ietf.org/meeting/99/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e)
Monday, 17 July 2017 1330-1530 UTC+2, Karlin I/II
Agenda: https://datatracker.ietf.org/meeting/99/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

V6OPS (IPv6 Operations) Working Group
Tuesday, 18 July 2017 0930-1200 UTC+2, Congress Hall II &
Thursday, 20 July 2017 1330-1530 UTC+2, Grand Hilton Ballroom
Agenda: https://datatracker.ietf.org/meeting/99/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/

T2TRG (Thing-to-Thing) WG
Tuesday, 18 July 2017 1330-1530 UTC+2, Grand Hilton Ballroom
Agenda: https://datatracker.ietf.org/meeting/99/agenda/t2trg/
Documents: https://datatracker.ietf.org/group/t2trg/documents/
Charter: https://datatracker.ietf.org/group/t2trg/charter/

6LO (IPv6 over Networks of Resource Constrained Nodes) WG
Tuesday, 18 July 2017 1550-1750 UTC+2, Karlin I/II
Agenda: https://datatracker.ietf.org/meeting/99/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

DMM (Distributed Mobility Manager) WG
Wednesday, 19 July 2017 0930-1200 UTC+2, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/dmm/
Documents: https://datatracker.ietf.org/wg/dmm/documents/
Charter: https://datatracker.ietf.org/wg/dmm/charter/

IPWAVE (IP Wireless Access in Vehicular Environments)
Thursday, 20 July 2017 1550-1750 UTC+2, Athens/Barcelona
Agenda: https://datatracker.ietf.org/meeting/99/agenda/ipwave/
Documents: https://datatracker.ietf.org/wg/ipwave/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ipwave/

LPWAN (IPv6 over Low Power Wide-Area Networks)
Friday, 21 July 2017 0930-1130 UTC+2, Karlin I/II
Agenda: https://datatracker.ietf.org/meeting/99/agenda/lpwan/
Documents: https://datatracker.ietf.org/wg/lpwan/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf99/.

Categories
IETF Improving Technical Security Open Internet Standards Technology

ISOC Rough Guide to IETF 99: Internet Infrastructure Resilience

IETF 99 is next week in Prague, and I’d like to take a moment to discuss some of the interesting things happening there related to Internet infrastructure resilience in this installment of the Rough Guide to IETF 99.

Simple solutions sometimes have a huge impact. Like a simple requirement that “routes are neither imported nor exported unless specifically enabled by configuration”, as specified in an Internet draft “Default EBGP Route Propagation Behavior Without Policies”. The draft is submitted to IESG and expected to be published as a Standards Track RFC soon.

This specification intends to limit the impact of misbehaving networks by requiring the explicit configuration of both BGP Import and Export Policies for an External BGP (EBGP) session such as customers, peers, or confederation boundaries for all enabled address families. When widely deployed, this measure should reduce the occurrence of route leaks and some other routing misconfigurations.

Speaking of route leaks, there are still two proposals addressing the route leak problem. Now both are IDR WG documents: “Methods for Detection and Mitigation of BGP Route Leaks” (http://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation), and “Route Leak Prevention using Roles in Update and Open messages” (https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-open-policy/). The first approach uses a so-called RLP Route Leak Prevention field to inform upstream networks and lateral peers of a “leaked” route. Another one leverages the BGP Open message to establish an agreement of the (customer, provider, complex) relationship of two BGP neighboring speakers in order to enforce appropriate configuration on both sides. Propagated routes are then marked with a flag according to agreed relationship allowing detection and mitigation of route leaks.

In the area of RPKI and BGPSEC a recently chartered SIDR Operations Working Group (SIDROPS) has taken over the technology developed in SIDR WG and is focused on developing guidelines for the operation of SIDR-aware networks, and providing operational guidance on how to deploy and operate SIDR technologies in existing and new networks. The first of such guidelines was just published and will probably be discussed during the WG meeting: “Requirements for Resource Public Key Infrastructure (RPKI) Relying Parties” (https://datatracker.ietf.org/doc/draft-madi-sidrops-rp). Being a relying party is not an easy job – one has to comply to dozen of RFCs, from protocol specifications to best practices – and this document attempts to outline a set of baseline requirements imposed on RPs and provides a single reference point for requirements for RP software for use in the RPKI, as segmented with orthogonal functionalities:

  • Fetching and Caching RPKI Repository Objects
  • Processing Certificates and CRLs
  • Processing RPKI Repository Signed Objects
  • Delivering Validated Cache Data to BGP Speakers

The IDR WG continues working on the proposal “Making Route Servers Aware of Data Link Failures at IXPs” (https://datatracker.ietf.org/doc/draft-ietf-idr-rs-bfd/). When route servers are used, the data plane is not congruent with the control plane. Therefore, the peers on the Internet exchange can lose data connectivity without the control plane being aware of it, and packets are dropped on the floor. This document proposes a means for the peers to verify connectivity amongst themselves, and a means of communicating the knowledge of the failure back to the route server. There was quite some discussion on the mailing list about whether communication of failures back to the RS is necessary. I imagine this discussion will continue during the WG session.

It seems the OPSEC WG will discuss another attempt at addressing the source IP spoofing problem. A draft “Enhanced Feasible-Path Unicast Reverse Path Filtering Anti-spoofing” (https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements) proposed a method that does not have the drawbacks of the existing modes of Unicast Reverse Path Filtering (uRPF) – strict, feasible and loose. Apart from implementation issues and a potential performance hit, uRPF presents risks of dropping traffic by an ISP implementing it. These were the major obstacles in the way of its deployment and protection against IP-spoofed traffic.

DDoS attacks are a persistent and growing threat on the Internet. And as DDoS attacks evolve rapidly in the aspect of volume and sophistication, more efficient cooperation between the victims and parties that can help in mitigating such attacks is required. The ability to quickly and precisely respond to a beginning attack, communicating the exact information to the mitigation service providers is crucial.

Addressing this challenge is what keeps the DDoS Open Threat Signaling (DOTS, http://datatracker.ietf.org/wg/dots/) WG busy. The goal of the group is to develop a communications protocol intended to facilitate the programmatic, coordinated mitigation of such attacks via a standards-based mechanism. This protocol should support requests for DDoS mitigation services and status updates across inter-organizational administrative boundaries. Specifications outlining the requirements, architecture and the use cases for DOTs are maturing and will be discussed at the meeting.

To summarize – there is important work underway at the IETF that will hopefully lead to a more resilient and secure Internet infrastructure.

Related Working Groups at IETF 99

SIDROPS (SIDR Operations) WG
Monday, 17 July, 15:50-17:20, Congress Hall III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/sidrops/
Charter: https://datatracker.ietf.org/wg/sidrops/charter/

GROW (Global Routing Operations) WG
Monday, 17 July, 17:40-18:40, Congress Hall III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/grow/
Charter: https://datatracker.ietf.org/wg/grow/charter/

IDR (Inter-Domain Routing Working Group) WG
Thursday, 20 July, 09:30-12:00, Congress Hall III
Agenda: https://datatracker.ietf.org/meeting/99/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

DOTS (DDoS Open Threat Signaling) WG
Thursday, 20 July, 15:50-17:50, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/dots/
Charter: https://datatracker.ietf.org/wg/dots/charter/

OPSEC (Operational Security) WG
Wednesday, 19 July, 13:30-15:00, Berlin/Brussels
Agenda: https://datatracker.ietf.org/meeting/99/agenda/opsec/
Charter: https://datatracker.ietf.org/wg/opsec/charter/

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
Building Trust Domain Name System Security Extensions (DNSSEC) Human Rights IETF Improving Technical Security Internet of Things (IoT) IPv6 Open Internet Standards Privacy Technology

Rough Guide to IETF 99: Back to Prague

Time to get ready for IETF 99! Starting a week from today, on Sunday, 16 July, the Internet Engineering Task Force will be in Prague, Czech Republic, where about 1000 engineers will spend a week discussing the latest issues in open standards and protocols. As usual, the agenda is packed, and the Internet Society is providing a ‘Rough Guide’ to the IETF via a series of blog posts all this week on topics of mutual interest:

  • Overview (this post!)
  • Internet Infrastructure Resilience
  • Internet of Things
  • IPv6
  • Scalability & Performance
  • DNSSEC, DANE, and DNS Security
  • Trust, Identity, and Privacy
  • Encryption

All these posts will be found on the Internet Technology Matters Blog, and archived via the Rough Guide to IETF 99 overview page.

IETF Journal

Before we get to IETF 99, catch up on some of the highlights from IETF 98 in Chicago, Illinois, USA, by reading Volume 13, Issue 1 of the IETF Journal. You can read all the articles online at https://www.ietfjournal.org, or pick up a hard copy in Chicago.

Our cover article is a deep dive into Segment Routing, a new traffic-engineering technology being developed by the SPRING Working Group. Also in this issue, you’ll learn about the many activities of the new Education and Mentoring Directorate, which aims to enhance the productivity, diversity, and inclusiveness of the IETF. We also present an update from the Security Automation and Continuous Monitoring WG, BoF updates, a readout from the pre-IETF Hackathon, a list of the tech demonstrations at the Bits-N-Bites event, and an article about the Internet Society Policy Guests to the IETF. Our regular columns from the chairs and coverage of the IETF plenary wrap up the issue.

If you’d like to write something for the next issue, please contact us at ietfjournal@isoc.org. You can subscribe to hard copy or email editions at https://dev.internetsociety.org/form/ietfj.

IRTF and ANRP

Through the Applied Networking Research Prize (ANRP, supported by the Internet Society) the Internet Research Task Force (IRTF) recognizes the best new ideas in networking, and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. In Prague, two talented researchers will present during the IRTF Open Meeting on Thursday, 20 July, at 15:50 CEST:

  • Stephen Checkoway, University of Illinois Chicago, US, for “A Systematic Analysis of the Juniper Dual EC Incident”
  • Philipp Richter, Technische Universität Berlin, DE, for “A Multi-perspective Analysis of Carrier-Grade NAT Deployment”

Hackathon

Right before IETF 99, on 15-16 July, the IETF is holding another Hackathon to encourage developers to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards. The Hackathon is free to attend, but pre-registration is required.

Birds of a Feather (BoF) Sessions

A major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work.

There are four BoFs happening in Prague:

  • BANdwidth Aggregation for Network Access (BANANA) – would work on bandwidth aggregation and failover solutions for multi-access networks where the end-nodes are not multi-access-aware.
  • Network Slicing (NETSLICING) – would develop a set of protocols and/ or protocol extensions that enable the following operations on slices: efficient creation, activation / deactivation, composition, elasticity, coordination / orchestration, management, isolation, guaranteed SLA, OAM/Feedback mechanisms and safe and secure operations within a network environment that assumes an IP and/or MPLS-based underlay.
  • IDentity Enabled Networks (IDEAS) – would standardize a framework that provides identity-based services that can be used by any identifier-location separation protocol.
  • IASA 2.0 (iasa20) – “IASA 2.0” will review and possibly rework administrative arrangements at the IETF.

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf99/.

Categories
IETF Open Internet Standards

IETF Journal July 2017 Issue Available Online Now

The July 2017 issue of the IETF Journal is now online at http://www.ietfjournal.org/journal-issues/july-2017/. With IETF 99 in Prague just over one week away, this is the perfect time to get caught up on what’s been happening in the world of Internet standards lately.

Our cover article is a deep dive into Segment Routing, a new traffic-engineering technology being developed by the SPRING Working Group. Also in this issue, you’ll learn about the many activities of the new Education and Mentoring Directorate, which aims to enhance the productivity, diversity, and inclusiveness of the IETF.

We also present an update from the Security Automation and Continuous Monitoring WG, BoF updates, a readout from the pre-IETF Hackathon, and an article about the Internet Society Policy Guests to the IETF. Our regular columns from the IETF, IAB, and IRTF chairs and coverage of the IETF plenary wrap up the issue.

There will be print copies available at IETF in Prague, the email version will hit subscribers’ inboxes early next week, and hard copies will arrive to print subscribers shortly thereafter. You can subscribe at https://dev.internetsociety.org/form/ietfj, if you haven’t already.

We’ll also highlight specific articles via our social media channels – https://twitter.com/ietfjournal and https://www.facebook.com/ietfjournal/.

If you are interested in writing for the next issue, or know someone who may be, please let us know via email to ietfjournal@isoc.org.

Happy reading!

Categories
Building Trust IETF Open Internet Standards Technology

Rough Guide to IETF 99: Scalability & Performance

In this post I’ll highlight some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) groups meeting during the IETF 99 meeting in Prague next week. These groups are working to explore and address more sophisticated ways to use and share available bandwidth, improve Internet performance, and otherwise efficiently get Internet content to where it needs to be.

Monday afternoon in Prague will be the second BoF meeting for BANdwidth Aggregation for interNet Access (banana). This BoF will discuss methods to take advantage of multiple access links, provided by one or more access providers, in cases where end nodes and applications may not be multi-access aware. Use of multiple access links could provide bandwidth aggregation when multiple links are available (i.e. improved performance), and session continuation when a link becomes unavailable (i.e. increased reliability).

The tsvwg WG has many documents under discussion on topics including diffserv, ECN, and UDP options. The WG has two meetings on Tuesday and Thursday afternoons.

The mptcp WG will be meeting on Tuesday and Friday afternoons to discuss the latest developments and proposed improvements to the Multipath TCP protocol. MPTCP support in iOS11 was announced during WWDC2017.

One of the most active new IETF WGs is QUIC. QUIC is a UDP-based transport protocol that provides multiplexed streams over an encrypted transport. QUIC aims to be nearly equivalent to an independent TCP connection, but with much reduced latency and better stream multiplexing support. The quic WG is meeting on Thursday afternoon and Friday morning in Prague.

Measurement techniques and data sources that could help us to make better engineering decisions to work around some of the rigidity in the protocol stack will be the subject of the Measurement and Analysis for Protocols (maprg) research group meeting on Thursday morning.

Packet networks give rise to transient congestion by design and several groups are meeting to discuss different aspects of congestion control and avoidance. The Internet Congestion Control research group (iccrg) will meet on Monday afternoon to discuss some of the latest innovations and thinking in relation to congestion control and managing congestion on the Internet. The meeting will include an update on TCP Prague ideas and an update on the BBR congestion control algorithm from Google including experiences with deployment at YouTube. Modifications to the functioning of TCP are proposed, presented and discussed in the tcpm WG which will meet on Monday morning in Prague. Internet metrics are defined by the ippm WG and they are meeting in Prague on Wednesday morning.

And last but not least, the tsvarea open meeting will take place on Monday afternoon.

Related Working Groups and BoFs at IETF 99

banana (BANdwidth Aggregation for interNet Access) BoF
Monday, 17 July 2017, 1550-1720, Grand Hilton Ballroom
Agenda
Draft
Charter

maprg (Measurement and Analysis for Protocols) RG
Thursday, 20 July 2017, 0930-1200, Congress Hall II
Agenda
Charter

iccrg (Internet Congestion Control) RG
Monday, 17 July 2017, 1330-1530, Congress Hall III
Agenda
Charter

quic (QUIC) WG
Thursday, 20 July 2017, 1550-1750, Grand Hilton Ballroom
Friday, 21 July 2017, 0930-1130, Grand Hilton Ballroom
Agenda
Documents
Charter

tcpm (TCP Maintenance and Minor Extensions) WG
Monday, 17 July 2017, 0930-1200, Karlin I/II
Agenda
Documents
Charter

mptcp (Multipath TCP) WG
Tuesday, 18 July 2017, 1550-1750, Athens/Barcelona
Friday, 21 July 2017, 1150-1320, Congress Hall I
Agenda
Documents
Charter

ippm (IP Performance Metrics) WG
Wednesday, 19 July 2017, 0930-1200, Athens/Barcelona
Agenda
Documents
Charter

tsvarea (Transport Area Open Meeting)
Monday, 17 July 2017, 1740-1840, Grand Hilton Ballroom
Agenda

tsvwg (Transport Area Working Group)
Tuesday, 18 July 2017, 1330-1530, Congress Hall I
Thursday, 20 July 2017, 1810-1910, Congress Hall III
Agenda
Documents
Charter

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
IETF Improving Technical Security Internet of Things (IoT) Open Internet Standards Technology

Rough Guide to IETF 99: Internet of Things

The Internet of Things (IoT) is a buzzword around the Internet industry and the broader technology and innovation business. We are often asked what the IETF is doing in relation to IoT and in this short post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 99 meeting in Prague. Check out the IETF Journal IoT Category or the Internet Society’s IoT page for more details about many of these topics.

The core WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups and they will be meeting twice in Prague, on Wednesday morning and Friday afternoon.

The Thing-to-Thing Research Group investigates open research issues in turning the IoT into reality. The research group will be holding a two-day workshop on the topic of IoT Semantic/Hypermedia Interoperability on the Saturday and Sunday prior to the IETF meeting. They will also be meeting on Tuesday afternoon in Prague to report out on their recent activities.

The 6lo WG defines mechanisms to adapt IPv6 to a wide range of radio technologies, including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave/Token-Passing (MS/TP) that is widely used over RS-485 in building automation. They will be meeting on Tuesday afternoon in Prague.

The 6tisch WG was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. They are meeting on Monday afternoon in Prague.

The IPv6 over Low Power Wide-Area Networks (lpwan) WG will be meeting in Prague on Friday morning. Typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands.

The IP Wireless Access in Vehicular Environments (ipwave) WG‘s primary deliverable is a specification for mechanisms to transmit IPv6 datagrams over IEEE 802.11-OCB mode. ipwave will meet on Thursday afternoon in Prague.

Security for IoT is addressed in several WGs including the ace WG that is concerned with authenticated authorization mechanisms for accessing resources hosted on servers in constrained environments. ace will meet on Monday morning.

Routing for IoT is tackled by the roll WG which focuses on routing protocols for constrained-node networks. Thursday afternoon is the time for them to meet in Prague.

Finally, in addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WG is developing such documents and they will meet in Prague on Thursday afternoon.

If you have an interest in how the IoT is developing and being standardised in the IETF I hope to see you in person or online at some of these meetings during IETF 99.

t2trg (Thing-to-Thing) RG
July 15/16 (weekend prior to IETF99)
Workshop on IoT Semantic/Hypermedia Interoperability
Workshop details
Tuesday, 18 July 2017, 1330-1530
Grand Hilton Ballroom
Agenda
Charter

6lo (IPv6 over Networks of Resource-constrained Nodes) WG
Tuesday, 18 July 2017, 1550-1750
Karlin I/II
Agenda
Documents
Charter

6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Monday, 17 July 2017, 1330-1530
Karlin I/II
Agenda
Documents
Charter

lpwan (IPv6 over Low Power Wide-Area Networks) WG
Friday, 21 July 2017, 0930-1130
Karlin I/II
Agenda
Documents
Charter

core (Constrained RESTful Environments) WG
Wednesday, July 19 2017, 0930-1200
Congress Hall I
Friday, 21 July 2017, 1150-1320
Congress Hall III
Agenda
Documents
Charter

ace (Authentication and Authorization for Constrained Environments) WG
Monday, 17 July 2017, 0930-1200
Congress Hall I
Agenda
Documents
Charter

roll (Routing Over Low power and Lossy networks) WG
Thursday, 20 July 2017, 1330-1530
Karlin I/II
Agenda
Documents
Charter

lwig (Light-Weight Implementation Guidance) WG
Thursday, 20 July 2017, 1810-1910
Athens/Barcelona
Agenda
Documents
Charter

ipwave (IP Wireless Access in Vehicular Environments) WG
Thursday, 20 July 2017, 1550-1750
Athens/Barcelona
Agenda
Documents
Charter

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf99.

Categories
Building Trust Identity IETF Open Internet Standards Privacy Technology

Rough Guide to IETF 98: Trust, Identity, and Privacy

It should come as no surprise that there are numerous activities related to Trust, Identity, and Privacy on the agenda for IETF 98. Below I will highlight a few of the many activities and provide pointers to a number of additional ones. There is something for everyone interested in these areas in Chicago in the coming week!

The fun starts before the meeting even begins with the IETF 98 Hackathon. There are two relevant efforts in the hackathon that I’d like to bring to your attention. The first one is a large collaboration of people working on DNS, DNSSEC, and DNS privacy. This is a well-established project that has been active in several recent IETF Hackathon events. Many of the regular contributors to this project recently met with a number of academic researchers in San Diego at the Network and Distributed System Security (NDSS) Symposium 2017 for a full day workshop on DNS Privacy. This work is actively driving improvements in the DNS privacy space. (See also our Rough Guide on DNS Privacy and Security.)

The second hackathon project related to our overarching topic of trust is the one on COSE/JOSE. Javascript Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) are two related standards for the definition of objects for signing and encryption for JSON and CBOR environments respectively. These efforts are foundational to some continuing work in the IETF around tokens in the web and IoT spaces.

After a few days of diving deep into the details, it might be time to broaden the perspective again. The next session I’d like to suggest, especially to those new to the development of IETF protocol standards, is the Sunday tutorial on Security Considerations. This tutorial explores some of the many aspects of security that might get overlooked during the development of a protocol. The IETF security community is in the process of updating the current guidelines represented in RFC 3552 “Guidelines for Writing RFC Text on Security Considerations.” Additional volunteers are being sought to help finish this effort.

For those with a keen interest in privacy, the W3C Privacy Interest Group (PING) will again be meeting for its regular PING and friends get-together during the lunch break on Thursday, 30 March in Montreux2. Anyone with an interest in privacy is invited to join the meeting (but it is bring your own lunch).

Unfortunately, in a slot directly conflicting with the W3C PING meeting is a session that is also of potential interest. It is a lunch talk by John Mattsson, a Senior Specialist at Ericsson Security Research with a focus on Security Protocols, Cryptography, and IoT. This talk will look at the evolution of cellular security from cryptographic beginnings in 2G to a vision for 5G with improved security and privacy. Grab a quick sandwich and head to what is sure to be an interesting and informative session. The good news is that this session will be streamed live and archived on the IETF YouTube channel.

With the hackathons, tutorials, side meetings, and guest lectures covered, we have now arrived at the detailed work of the IETF. The first step to adopting work in the IETF is a Birds of a Feather (BoF) session, and there is one relevant BoF in our space this time. The Protocol for Dynamic Trusted Execution Environment Enablement (TEEP) BoF is considering an effort to define a standardized version of an application layer security protocol for the configuration of security credentials and software running on a Trusted Execution Environment (TEE). There is a proposal available (https://tools.ietf.org/html/draft-pei-opentrustprotocol-03) to help jump start the activity.

The Network Time Protocol (NTP) working group has been working for some time to define a replacement for the NTP Autokey protocol. Autokey was developed many years ago, has been identified with numerous flaws, was published as an Informational RFC because of those flaws, and has never been broadly deployed and used. The Network Time Security (NTS) for NTP effort (https://datatracker.ietf.org/doc/html/draft-ietf-ntp-using-nts-for-ntp) specifies a mechanism to provide cryptographic security for NTP for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD). Accurate, reliable, and precise time synchronization is key to a number of underlying security protocols, and this improvement to NTP is long overdue and needed. The NTP working group will also be discussing the publication of a BCP for NTP addressing some of the key misconfiguration issues that lead to DDoS attacks on NTP and some minor updates to NTPv4 to fix some outstanding issues.

The Public Notary Transparency (TRANS) working group has been working since 2014 to improve the confidence of users in the Web PKI. The underlying premise of this work is to create transparent logs of certificates so that mis-issuance can be detected. That which is transparent can be observed and monitored for unexpected behavior. The core document (https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis) has been through Working Group Last Call and 24 revisions. A number of recent issues have been raised and will be discussed this coming week. Additionally, the working group will be discussing redaction, the threat analysis document, and using transparency to improve trust of binaries.

The Web Authorization Protocol (OAUTH) working group has been working for years on mechanisms that allow users to grant access to web resources without necessarily compromising long-term credentials or even identity. It has been a very prolific working group with around 14 RFCs published to date. IETF 98 will be another busy week for those interested in this area including sessions on both Monday and Friday. Agenda items for these sessions include token exchange, device flow for and input constrained devices without browsers, authorization server metadata, token binding, proof of possession, authorization server to client key distribution, the OAuth 2.0 authorization framework, and additional security topics. This is a full agenda indeed! There is also some related work in the Hackathon and rumors of an OpenID working group hands-on session on building mobile apps with AppAuth (Native Applications Best Practices) to be held on Sunday, 26 March.

There are two additional working groups meeting this coming week that are related to the OAUTH work. The first is the Token Binding (TOKBIND) working group that is tasked with specifying a token binding protocol and specifying the use of that protocol with HTTPS. Additionally, the Security Events (SECEVENT) working group is working on an Event Token specification that includes a JWT extension for expressing security events and a syntax for communicating the event-specific data.

Wrapping up our tour through the trust-related working group activity this week, we have the ACE and LAMPS working groups. The Authentication and Authorization for Constrained Environments (ACE) working group is working to develop standardized solutions for authentication and authorization in constrained environments (think IoT). They published a use cases document last year, and this week’s agenda includes architecture, actors, and the CBOR Web Token (CWT) with multiple drafts to support the conversations. And the Limited Additional Mechanisms for PKIX and SMIME (LAMPS) is (as the name implies) making some specific updates to PKIX and SMIME. The agenda for the week includes drafts to update both RFC 5750 and RFC 5751.

Finally, no IETF week is complete without the Security Area Advisory Group (SAAG) meeting. This meeting features a quick run through all the working groups doing security related work in the IETF across all areas, a set of short talks, and an open session to bring issues and topics forward from the community.

All in all, an action packed week for trust, identity, and privacy related topics here at IETF 98!

Relevant Working Groups at IETF 98:

TEEP BoF (A Protocol for Dynamic Trusted Execution Environment Enablement)
Tuesday, 28 March, 14:50-16:20, Zurich E/F
About: https://datatracker.ietf.org/wg/teep/about/

NTP (Network Time Protocol)
Monday, 27 March, 13:00-15:00, Montreaux 3
Documents: https://datatracker.ietf.org/group/ntp/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ntp/

TRANS (Public Notary Transparency)
Tuesday, 28 March, 13:00-14:30, Montreaux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/trans/
Documents: https://datatracker.ietf.org/group/trans/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-trans/

OAUTH (Web Authorization Protocol)
Monday, 27 March, 17:10-18:10, Zurich C
Friday, 31 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/oauth/
Documents: https://datatracker.ietf.org/group/oauth/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-oauth/

TOKBIND (Token Binding)
Monday, 27 March, 15:20-16:50, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tokbind/
Documents: https://datatracker.ietf.org/group/tokbind/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-tokbind/

SECEVENT (Security Events)
Wednesday, 29 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/secevent/
Documents: https://datatracker.ietf.org/group/secevent/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-secevent/

ACE (Authentication and Authorization for Constrained Environments)
Monday, 27 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ace/
Documents: https://datatracker.ietf.org/group/ace/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ace/

LAMPS (Limited Additional Mechanisms for PKIX and SMIME)
Thursday, 30 March, 17:40-18:40, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lamps/
Documents: https://datatracker.ietf.org/group/lamps/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/

SAAG (Security Area Open Meeting)
Thursday, 30 March, 15:20-17:20, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/saag/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Building Trust Encryption IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 98: Encryption

IETF 98 in Chicago next week seems to be relatively quiet from an encryption perspective compared to some past meetings. However, this could be viewed as an indication of the progress that has been made in recent years as the IETF community has focused heavily on enabling encryption across protocols and updating the cryptographic algorithms being used in those protocols. There is not a great deal of activity specific to encryption in Chicago, and the work represented here this week is quite mature.

Some evidence of the continuing evolution in the encryption space is the IETF 98 Hackathon. There are two separate hackathon efforts being planned to work on implementation and testing improvements for both DTLS and TLS. If you are in Chicago for the weekend, stop by to check on the progress and offer a helping hand. It is a great way to learn more about both DTLS and TLS and to contribute your talents to advancing the implementations. Details on the agenda and all the various projects for the IETF 98 Hackathon are available on the wiki for the event (https://www.ietf.org/registration/MeetingWiki/wiki/98hackathon).

After a weekend spent deep in the actual code, you are now ready to work on the specification! The Transport Layer Security (TLS) working group is busy preparing a significant update to the current version of TLS. Three years, nineteen versions, and 127 pages later, the proposed specification is in Working Group Last Call (WGLC). (https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13). The WGLC is scheduled to end on 27 March – just in time to discuss any issues raised during the working group review during the meeting here at IETF 98. Also on the agenda for the TLS working group is a companion update to DTLS (https://datatracker.ietf.org/doc/draft-rescorla-tls-dtls13/). With the time remaining, the TLS working group will discuss a DANE record and DNSSEC authentication change extension for TLS, certificate compression, and delegated credentials. The TLS working group is one of the most active and productive in the IETF and well worth your time.

The next working group that will meet is the Using TLS in Applications (UTA) working group. The working group has finished a number of pieces of work, and this week will be focused on drafts related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents.

The last working group I’d like to mention is the CURves, Deprecating and a Little more Encryption (curdle) working group. This group was chartered to add and update the cryptographic mechanisms to some IETF protocols. Since the last IETF, the curdle working group has published two RFCs. The first is RFC 8080 “Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC” (http://www.rfc-editor.org/info/rfc8080), and the second one is RFC 8103 “Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)” (http://www.rfc-editor.org/info/rfc8103). For next week’s meeting, the curdle working group will focus on a number of drafts addressing cryptographic aspects of PKIX (Public-Key Infrastructure (X.509)), CMS (Cryptographic Message Syntax), and SSH (Secure Shell).

Finally, normally a regular session at IETF meetings, the Crypto Forum Research Group is not meeting this week, deciding instead to meet at Eurocrypt 2017 in Paris on 30 April 2017. There is still time to register for the meeting for those who are interested.

Relevant Working Groups at IETF 98:

TLS (Transport Layer Security)
Tuesday, 28 March, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tls/
Documents: https://datatracker.ietf.org/group/tls/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-tls/

UTA (Using TLS in Applications)
Tuesday, 28 March, 1450-1620, Zurich G
Agenda: https://datatracker.ietf.org/meeting/98/agenda/uta/
Documents: https://datatracker.ietf.org/group/uta/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-uta/

CURDLE (CURves, Deprecating and a Little more Encryption)
Monday, 27 March, 1710-1810, Montreaux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/curdle/
Documents: https://datatracker.ietf.org/group/curdle/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-curdle/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Domain Name System (DNS) Domain Name System Security Extensions (DNSSEC) IETF Improving Technical Security Open Internet Standards Privacy

Rough Guide to IETF 98: DNS Privacy and Security, including DNSSEC

It is a remarkably quiet week for DNS security and privacy topics at the IETF 98 meeting in Chicago next week. Both the DANE and DPRIVE working groups are moving along very well with their work on their mailing lists and so chose not to meet in Chicago. Similarly, with DNSSEC deployment steadily increasing (as we outlined in the 2016 State of DNSSEC Deployment report in December), the work to be discussed in DNS Operations (DNSOP) is more about exploring ideas to make DNSSEC even more secure.

Here is a quick view of what is happening in Chicago.

IETF 98 Hackathon

Over the weekend (25-26 March) we’ll have a good-sized “DNS team” in the IETF 98 Hackathon working on various projects around DNSSEC, DANE, DNS Privacy, using DNS over TLS and much more. This time the work will include a team looking at how some DNS toolkits can work with the impending Root KSK Rollover in October 2017. More specific information is in the IETF 98 Hackathon wiki. Anyone is welcome to join us for part or all of that event.

DNS Operations (DNSOP)

The DNS Operations (DNSOP) Working Group meets on Monday afternoon from 13:00-15:00 CDT. The DNSOP agenda includes the following items related to DNSSEC:

Some of the other discussions, such as DNS over TCP, also have potential impacts on DNS security and privacy.

DNS Service Discovery (DNSSD)

On Tuesday, the  Extensions for Scalable DNS Service Discovery (DNSSD) Working Group meets from 16:40-18:40 CDT. DNSSD is not one of the groups we regularly follow as its focus is around how DNS can be used to discover services available on a network (for example, a printer or file server). However, in Chicago the DNSSD agenda specifically has a discussion around “Privacy Extensions” (see draft-ietf-dnssd-privacy).

DNSSEC Coordination informal breakfast meeting

Finally, on Friday morning before the sessions start we are planning an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. True to the “informal” nature, we’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

Right before the DNSSD Working Group on Tuesday, the Using TLS in Applications (UTA) WG will meet from 14:50 – 16:20 and will be covering several ideas for “Strict Transport Security” (STS) for email. While not directly tied to DNSSEC or DANE, they do use DNS for these security mechanisms. And then in the final session on Friday, from 11:50-13:20, the IPSECME WG will have a discussion about “split DNS” and how that impacts VPNS (see draft-ietf-ipsecme-split-dns).

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 98:

DNSOP (DNS Operations) WG
Monday, 27 March 2017, 13:00-15:00 CDT (UTC-5), Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Tuesday, 28 March 2017, 16:40 – 18:40 CDT (UTC-5), Zurich B
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: http://tools.ietf.org/wg/dnssd/charters/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blogTwitterFacebookGoogle+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
Building Trust IETF Open Internet Standards Technology

Rough Guide to IETF 98: Scalability and Performance

In this Rough Guide to IETF 98 post I’ll highlight some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) groups meeting during the IETF 98 meeting in Chicago next week. These groups are working to explore and address more sophisticated ways to use and share available bandwidth, improve Internet performance, and otherwise efficiently get Internet content to where it needs to be.

The tsvwg WG will include presentations and discussions on the L4S and DualQ approaches demonstrated at previous meetings. The WG has two meetings on Monday and Thursday afternoons.

The mptcp WG will be meeting on Thursday afternoon to discuss the latest developments and proposed improvements to the Multipath TCP protocol.

One of the most active new IETF WGs is QUIC. QUIC is a UDP-based transport protocol that provides multiplexed streams over an encrypted transport. QUIC aims to be nearly equivalent to an independent TCP connection, but with much reduced latency and better stream multiplexing support. The quic WG is meeting on Thursday morning in Chicago. To help bring the wider IETF community up to speed with QUIC, there will be a tutorial on the Sunday afternoon prior to the meeting week.

Measurement techniques and data sources that could help us to make better engineering decisions to work around some of the rigidity in the protocol stack will be the subject of the recently chartered Measurement and Analysis for Protocols (maprg) research group meeting on Tuesday morning.

Packet networks give rise to transient congestion by design and several groups are meeting to discuss different aspects of congestion control and avoidance. The Internet Congestion Control research group (iccrg) will meet on Monday morning to discuss some of the latest innovations and thinking in relation to congestion control and managing congestion on the Internet. The meeting will include an update on TCP Prague ideas and an update on the BBR congestion control algorithm from Google including experiences with deployment at YouTube. Modifications to the functioning of TCP are proposed, presented and discussed in the tcpm WG which will meet on Wednesday morning in Chicago. Internet metrics are defined by the ippm WG and they are meeting in Chicago on Monday morning.

And last but not least, the tsvarea open meeting will take place on Monday afternoon.

Related Working Groups and BoFs at IETF 98

maprg (Measurement and Analysis for Protocols) RG
Tuesday, 28 March 2017, 0900-1130, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/maprg/
Charter: https://datatracker.ietf.org/doc/charter-irtf-maprg/

iccrg (Internet Congestion Control) RG
Monday, 27 March 2017, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/iccrg/
Charter: https://datatracker.ietf.org/doc/charter-irtf-iccrg/

quic (QUIC) WG
Thursday, 30 March 2017, 0900-1130, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/quic/
Documents: https://datatracker.ietf.org/group/quic/documents/
Charter: https://datatracker.ietf.org/group/quic/charter/
QUIC Tutorial: Sunday, 26 March 2017, 1500-1600, Zurich E/F

tcpm (TCP Maintenance and Minor Extensions) WG
Wednesday, 29 March 2017, 0900-1130, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tcpm/
Documents: https://datatracker.ietf.org/group/tcpm/documents/
Charter: https://datatracker.ietf.org/group/tcpm/charter/

mptcp (Multipath TCP) WG
Thursday, 30 March 2017, 1520-1840, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/mptcp/
Documents: https://datatracker.ietf.org/group/mptcp/documents/
Charter: https://datatracker.ietf.org/group/mptcp/charter/

ippm (IP Performance Metrics) WG
Monday, 27 March 2017, 0900-1130, Zurich B
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ippm/
Documents: https://datatracker.ietf.org/group/ippm/documents/
Charter: https://datatracker.ietf.org/group/ippm/charter/

tsvarea (Transport Area Open Meeting)
Monday, 27 March 2017, 1300-1650, Zurich E/F
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tsvarea/

tsvwg (Transport Area Working Group)
Monday, 27 March 2017, 1710-1810, Vevey 1/2
Thursday, 30 March 2017, 1300-1500, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tsvwg/
Documents: https://datatracker.ietf.org/group/tsvwg/documents/
Charter: https://datatracker.ietf.org/group/tsvwg/charter/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf98.

Categories
IETF IPv6 Open Internet Standards Technology

Rough Guide to IETF 98: All About IPv6

In this post for the Internet Society Rough Guide to IETF 98, I’m reviewing what’s happening related to IPv6 at IETF 98 in Chicago next week.

IPv6 global adoption rates increased by over 50% last year as pools of IPv4 addresses approached depletion at 4 of the 5 Regional Internet Registries, encouraging more network operators and content providers to actively deploy the protocol. With more large ISPs and mobile operators having announced plans to deploy IPv6 during 2017, and increasing interest in Home Networking and the Internet of Things, IPv6 is at the forefront of standardisation work at the IETF.

The Homenet (homenet) Working Group develops protocols for residential networks based on IPv6 and is a group with a lot of interest. They will meet on Monday morning and have one new draft up for discussion on a name resolution and service discovery architecture for homenets (https://tools.ietf.org/html/draft-tldm-simple-homenet-naming-00). Associating domain names with hosts is a key factor in enabling communication with hosts, particularly for service discovery, and needs to occur without user intervention and on different network topologies.

There are also three updated drafts being discussed, including two that are under evaluation by the Area Director. The first of these proposes an update to RFC 7788 which defines the Home Networking Control Protocol (HNCP) specification, in order to eliminate the recommendation to use .home as the default top-level name for local name resolution (draft-ietf-homenet-redact-03) as this was never registered by IANA in the Special-Use Domain Names Registry and there is evidence that it is already informally used by some sites on the Internet. The second draft defines .homenet as a special use top-level domain to replace .home (https://tools.ietf.org/html/draft-ietf-homenet-dot-03). The last of the three drafts (https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-01) relates to how the Babel routing protocol can be used in conjunction with HNCP protocol in a Homenet scenario.

The Distributed Mobility Management (dmm) Working Group works on solutions that allow traffic to/from mobile nodes to take optimal routes. Whilst this is running at the same time as Homenet on Monday morning, there are two IPv6-related items on the agenda. Firstly, a draft describing an extension to the DHCPv6 protocol to enable mobile hosts to indicate the required services it wishes to receive from a network (https://tools.ietf.org/html/draft-moses-dmm-dhcp-ondemand-mobility-05), especially when moving between locations with different points of attachment to the Internet. This will be followed by a discussion on whether there is interest in investigating on-demand mobility extensions for ICMPv6 router advertisement messages.

On Tuesday, it’s mainly just the IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group in the morning. TSCH is the emerging standard for automation and control over low-power and lossy wireless networks, and this group is working on how to use IPv6 in industrial standards. There will be further discussions on the draft that describes the architecture for running IPv6 over TSCH networks (https://tools.ietf.org/html/draft-ietf-6tisch-architecture-11), two drafts related to the 6top protocol that enables distributed scheduling (https://tools.ietf.org/html/draft-ietf-6tisch-6top-protocol-03 and https://tools.ietf.org/html/draft-ietf-6tisch-6top-sf0-03), as well as four drafts related to security functionality. Rounding off the session is an update on IEEE 802.15.4e developments, and introduction of a draft describing a joint scheduling architecture for deterministic industrial field and backhaul networks (https://tools.ietf.org/html/draft-wang-detnet-backhaul-architecture-00).

On Tuesday evening though, a draft on operational security considerations for IPv6 networks draft will be discussed in the Operational Security Capabilities for IP Network Infrastructure (v6ops) Working Group. IPv6 presents some new security challenges, but this draft analyses the operational security issues for enterprises, service providers and residential users and proposes practical mitigation techniques (https://tools.ietf.org/html/draft-ietf-opsec-v6-10).

Wednesday is a busy day kicked off by the IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group. 6lo focuses on facilitating IPv6 connectivity over node networks with limited power, memory and processing resources, and again has a busy agenda. There are three drafts related to Neighbour Discovery on IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs), one on running IPv6 over Bluetooth Low Energy Mesh Networks (https://tools.ietf.org/html/draft-gomez-6lo-blemesh-02), one on the use of IPv6 in Near Field Communication where portable devices are brought into close proximity with each other (https://tools.ietf.org/html/draft-ietf-6lo-nfc-06), one on transmitting IPv6 over electrical power lines (https://tools.ietf.org/html/draft-hou-6lo-plc-00), and another two drafts dealing with packet fragmentation and expiration issues (https://tools.ietf.org/html/draft-thubert-6lo-forwarding-fragments-04 and https://tools.ietf.org/html/draft-lijo-6lo-expiration-time-01). Last, but not least, a further draft describes the use cases for IPv6 over constrained node networks and describes practical deployment scenarios (https://tools.ietf.org/html/draft-ietf-6lo-use-cases-01).

The IPv6 Operations (v6ops) Working Group meets on Wednesday afternoon and has just three drafts primarily up for discussion. Requirements for IPv6 routers aims to learn the lessons of operating large scale networks on IPv4, and formulate a set of requirements for routers, switches, and middleboxes deployed in IPv6 networks to enable more effective deployment (https://tools.ietf.org/html/draft-ali-ipv6rtr-reqs-02). Basic requirements for IPv6 Customer Edge routers focuses on some baseline requirements for provisioning these classes of routers, the IPv6 hosts attached to them, and the transition technologies required when IPv4 is no longer available (https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis-01). Finally, there’s a draft dealing with the scenario whereby different IPv6 implementations have limited support for SLAAC and/or DHCPv6, and recommends that all hosts implement RFC 6105 (DNS options for SLAAC) and the stateless DHCPv6 functionality in RFC 3315 (https://tools.ietf.org/html/draft-gont-v6ops-host-configuration-01).

Time permitting, there may also be an update on Happy Eyeballs that aims to reduce user-visible delays on dual-stack networks (https://tools.ietf.org/html/draft-pauly-v6ops-happy-eyeballs-update-01), and on Provisioning Domains (PvDs) that allow hosts to retrieve configuration information for accessing the Internet; usually via URL (https://tools.ietf.org/html/draft-bruneau-pvd-00).

Meeting in parallel with v6ops is the IPv6 over Low Power Wide-Area Networks (lpwan) Working Group that’s working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres. There are five drafts under discussion, but there will also be an update on the IEEE 802.15.LPWA Interest Group activities, as well as a discussion on future work items.

The IPv6 Maintenance (6man) Working Group meets on Thursday morning and will present the last call on updates to the IPv6 specification as currently defined in RFC 2460, RFC 4291, and RFC 1981. There are also two new drafts under discussion related to recommendations on IPv6 address usage (https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations) and temporary IPv6 interface identifiers (https://tools.ietf.org/html/draft-gont-6man-non-stable-iids-01), plus a draft describing how a Distributed Denial of Service (DDoS) Open Threat Signaling (DOTS) client can send a message over a congested network by tagging outgoing IPv6 packets in order to reach a DOTS server (https://tools.ietf.org/html/draft-francois-dots-ipv6-signal-option-01).

Three current drafts on the agenda include a description of common functionality that should be required on all IPv6 hosts and routers, collected from other published IETF Standards Track documents (https://tools.ietf.org/html/draft-clw-rfc6434-bis-01), definition of a new control bit in an IPv6 router advertisement indicating that a receiving node is the exclusive receiver of all traffic destined to any address with that prefix (https://tools.ietf.org/html/draft-pioxfolks-6man-pio-exclusive-bit-01), and providing a backward-compatible extension to the Redirect function in the IPv6 Neighbour Discovery protocol to allow routers to include information that a recipient can associate with the next hop (https://tools.ietf.org/html/draft-templin-6man-rio-redirect-01).

Finally, there are three DHCPv6 related drafts in the Dynamic Host Configuration (dhc) Working Group that round-off the Thursday as well as the week IPv6-wise.

At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe: http://www.worldipv6launch.org/measurements

You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 98 posts.

IPv6-related Working Groups at IETF 98:

Homenet (Home Networking) WG
Monday, 27 March 2017 0900-1130 UTC-6, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/documents/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

DMM (Distributed Mobility Manager) WG
Monday, 27 March 2017 0900-1130 UTC-6, Montreux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dmm/
Documents: https://datatracker.ietf.org/wg/dmm/documents/
Charter: https://datatracker.ietf.org/wg/dmm/charter/

T2TRG (Thing-to-Thing) WG
Monday, 27 March 2017 1300-1500 UTC-6, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/t2trg/
Documents: https://datatracker.ietf.org/group/t2trg/documents/
Charter: https://datatracker.ietf.org/group/t2trg/charter/

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e)
Tuesday, 28 March 2017 0900-1130 UTC-6, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/

V6OPS (IPv6 Operations) Working Group
Tuesday, 28 March 2017 1640-1840 UTC-6, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/

6LO (IPv6 over Networks of Resource Constrained Nodes) WG
Wednesday, 29 March 2017 0900-1130 UTC-6, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/

V6OPS (IPv6 Operations) WG
Wednesday, 29 March 2017 1300-1500 UTC-6, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

LPWAN (IPv6 over Low Power Wide-Area Networks)
Wednesday, 29 March 2017 1300-1500 UTC-6, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lpwan/
Documents: https://datatracker.ietf.org/wg/lpwan/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/

6MAN (IPv6 Maintenance ) WG
Thursday, 30 March 0930-1130 UTC-6, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/

DHC (Dynamic Host Configuration) WG
Thursday, 30 March 1740-1840 UTC-6, Montreux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dhc/
Documents: https://datatracker.ietf.org/wg/dhc/documents/
Charter: https://datatracker.ietf.org/wg/dhc/charter/

Follow Us

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf98/.