IETF 101, Day 4: The Brass Tacks about DNS and Routing

This week is IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. And Thursday is probably the busiest day for us, covering the whole range of our interests.

ROLL has its first of two sessions starting at 09.30 GMT/UTC; continuing on Friday morning. There are several drafts being discussed dealing with the issues of routing over resource constrained networks where limited updates are possible.

NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.

There’s a choice between a couple of working groups after lunch, starting at 13.30 GMT/UTC.

DOH was chartered to create a single RFC, so clearly the draft DNS queries over HTTPS is going to be the primary focus of discussion. However, there will also be updates on the practical implementation work, and a discussion about possible future work if there is a decision to re-charter the group.

6LO runs in parallel and has a fairly busy agenda with Registration Extensions for 6LoWPAN Neighbor Discovery, and Address Protected Neighbor Discovery for Low-power and Lossy Networks having received feedback from the IESG. The drafts related to IPv6 Backbone Router and Packet Delivery Deadline time in 6LoWPAN Routing Header are being prepared for Working Group Last Calls, and there will also be updates on the 6LO applicability and use cases and from the fragmentation design team (draft-watteyne-6lo-minimal-fragment-00 and draft-thubert-6lo-forwarding-fragments-04). Finally, there’s a proposed update to RFCs 6550 and 6775 where 6LoWPAN ND nodes in a RPL domain do not participate in the routing protocol.

Following the afternoon break there’s the choice of SIDROPS, T2TRG or a joint NTP/TICTOC meeting, commencing at 15.50 GMT/UTC.

SIDROPS will be discussing several drafts related to the operational management of certificates in the RPKI, and in particular how to perform RPKI checks via a route server. There are also two drafts related to Trust Anchor Locators – one defining a TAL for RPKI with support for HTTPS URIs, whilst RPKI signed object for TAL defines how a RPKI signed object can be used to communicate a new Trust Anchor Locator to already deployed Relying Parties. There’s a working group sponsored draft on Requirements for RPKI Relying Parties, and finally a new proposed draft on Origin Validation Policy Considerations for Dropping Invalid Routes (not yet published).

T2TRG researches the issues of turning the IoT into reality, and will be discussing a key draft State-of-the-Art and Challenges for the Internet of Things Security. There will also be presentations on Deep learning on microcontrollers, Secure Computations in Decentralized Environments, and Semantic Interoperability Testing.

The NTP/TICTOC joint session is focusing on Network Time Security (NTS). This represents a significant update for NTP server authentication as secure and accurate time synchronization is vitally important for the proper operation of security protocols.

If you still have any remaining energy, there’s a couple of evening sessions starting at 18.10 GMT/UTC.

DNSOP holds its second session of the week, and the main draft of interest is the Multi-Provider DNSSEC Model that relates to deploying DNSSEC in environments where multiple DNS providers are in use.

Last but not least, UTA will be discussing drafts on Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents as well as SMTP Require TLS Option.

For more background, please read the Rough Guide to IETF 101 from Olaf, Dan, Andrei, Steve, Karen and myself.

Relevant Working Groups

Deploy360 IETF

Deploy360 at IETF 100, Day 4: Woohoo for DOH!

This week is IETF 100 in Singapore, and we’re bringing you daily blog posts highlighting some of the topics that Deploy360 is interested in. Thursday is another busy day, with the second sessions of the V6OPS and DNSOPS Working Groups, along with the first meeting of the DOH Working Group and other encryption-related activities.

V6OPS continues at 09.30 SGT/UTC+8 from where it left off. On the agenda are drafts relating to 464XLAT Deployment Guidelines for Operator Networks, transition requirements for IPv6 customer edge routers, and IPv6 prefix delegation for hosts. There’s other drafts on DHCPv6 Prefix Delegation and Neighbour Discovery on a cellular connected IoT router, and on using a /64 from a customer prefix for numbering an IPv6 point-to-point link. Finally, there’s an initiative to clarify about what functionalities should determine whether a network is ‘IPv6-only’.

Running at the same time is TLS, which will be primarily focusing on the two big issues of TLS 1.3 and DTLS 1.3. However, it will also be discussing drafts on connection ID, exported authenticators, protecting against denial of service attacks, and application layer TLS.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

After lunch sees the debut of DOH at 13.30 SGT/UTC+8. This is working to standardise encodings for DNS queries and responses that are suitable for use in HTTPS, thereby enabling the DNS to function where existing DNS methods (UDP, TLS and DTLS) have problems. There’s just the one draft so far, although there will also be a discussion on the planned next steps.

Alternatively, you can check out 6LO. There are four drafts relating to IPv6 Neighbour Discovery on node networks with limited power, memory and processing resources, and there will also be a discussion on the 6LO applicability and use cases. Last but not least, is a draft relating to the transmission of IPv6 packets over Wireless Body Area Networks.

Following the afternoon break, ACME is meeting at 15.50 SGT/UTC+8 to finalise the ACME specification. This has been submitted to the IESG for publication, and will focus on the feedback received to-date. Other drafts being discussed relate to automatic certificate management for telephony and email , along with Short-Term Automatically-Renewed (STAR) Certificates.

Running in parallel is DNSOP that will also continue from where it left off on Monday. Much of this session is likely to focus on new business, including returning additional answers in DNS responses, a mechanism allowing an end user to determine the trusted key state of resolvers handling DNSSEC queries, an update to the TSIG specification to address a known bug, and a proposal for a .internal TLD to use the DNS for non-global names.

For more background, please read the Rough Guide to IETF 100 from Olaf, Dan, Andrei, Steve, Karen and myself.

Relevant Working Groups