Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF Transport Layer Security (TLS)

Deploy360@IETF98, Day 1: IoT, IPv6, DNSSEC & TLS

It’s a busy week IETF 98 in Chicago, and we’ll be bringing you daily blog posts that highlight what Deploy360 will be focused on during that day. And Monday is the busiest day, with a couple of working groups on the Internet-of-Things, along with sessions relevant to IPv6, DNSSEC and TLS.

The day kicks off at 09.00 CDT/UTC-6 with Homenet which is developing protocols for residential networks based on IPv6. This has one new draft up for discussion on a name resolution and service discovery architecture for homenets, but there’s been a lot of discussion recently about the recommendation to replace the use of  .home with .homenet as the default top-level name for local name resolution.

NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.

Running in parallel is DMM that’s working on solutions to allow traffic to/from mobile nodes to take optimal routes, and has two IPv6-related items on the agenda. This includes an extension to the DHCPv6 protocol to support mobile hosts, and whether mobility extensions for ICMPv6 router advertisement messages are needed.

To complete the hectic morning is ACE which is developing authentication and authorization mechanisms for accessing resources on network nodes with limited CPU, memory and power.

In the afternoon, DNSOP is meeting from 13.00 CDT/UTC-6 and has a couple of items related to DNSSEC. One of these proposes a new mechanism for authenticated denial of existence, whilst the other proposes the use the BLAKE2 cryptographic hash function in NSEC3 responses. Some of the other items on the agenda such as DNS over TCP also have potential impacts on DNS security and privacy.

At the same time is T2TRG that investigates open research issues of how to turn IoT into reality, and is reporting on its recent activities.

Concluding the day is CURDLE during the evening session. This has published RFCs 8080 and 8103 since the last IETF, and this time will be focusing on the cryptographic aspects of PKIX, CMS and SSH.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Deploy360 Domain Name System Security Extensions (DNSSEC)

Deploy360@IETF97, Day 5: TLS, DNS, DHCPv6 & Annyeonghi Gaseyo

Seoul SkylineThe final day at a IETF is usually pretty quiet for us, but not at the IETF 97. There’s four sessions of interest before we bid farewell to Seoul.

The first session on Friday morning at 09.30 KST (UTC+9), see the second part of the TLS meeting continuing on from where it left off on Tuesday. After that, it requires a bit of a juggling act as the Dynamic Host Configuration, DNS PRIVate Exchange, and CURves, Deprecating and a Little more Encryption Working Groups all start at 11.50 KST (UTC+9).

NOTE: If you are unable to attend IETF 97 in person, there are multiple ways to participate remotely.

In DHC there’s a proposed update to the DHCPv6 specification to add prefix delegation and stateless DHCPv6, along with an updated draft on DHCPv4 over DHCPv6 that provides a mechanism for dynamically configuring IPv4 over an IPv6-only network.

DPRIVE is working on securing the connections between the DNS clients and the recursive resolvers, using TLS and/or DTLS. This meeting will focus on the TLS and EDNS padding profiles whereby DNS messages are increased by a variable number of bytes to limit how much correlation can be made with well-known unencrypted packets. There will also be a discussion about Phase 2 of the group’s activities.

That just leaves CURDLE which is working on the cryptographic security of a number of protocols. Its very full agenda includes the specification of new algorithms for DNSSEC, along with those for SSH and CMS.

With that, it’s goodbye from us and onwards to Chicago. Many thanks for reading along this week… please do read our other IETF 97-related posts … and we’ll see you at IETF 98 on 26-31 March 2017!

Relevant Working Groups: