Categories
IETF Open Internet Standards

Among the Nerds in Paradise

 

Observations of a new attendee at the IETF 91, Honolulu

 

I’ve just returned from my first Internet Engineering Task Force (IETF) and there can be no better introduction than in semi-tropical Honolulu. Honolulu was a hive of activity from November 9-14 with numerous activities taking place simultaneously including working groups, meetings, plenaries, lunch time talk, networking receptions and dinners.
 
IETF is an organized activity of the Internet Society (ISOC) that meets three times a year to produce standards and other documents. The Honolulu meeting was attended by nearly 1,100 people from 80 countries, 13% were first timers like myself.
 
Many of the attendees were Internet standards developers and technology implementers. Some were sponsored by their employers whereas others were not. ISOC had sponsored eleven qualified individuals including technology professionals and advanced IT students from developing and emerging economies to IETF91.
 
Like all the other IETFs, this meeting was initiated to develop and maintain standards for technologies used to provide Internet service or to provide services over the Internet. The meeting helped to ensure that the technology was able to perform needed functions, support the proper scale of deployment and usage, was secure, could be operated securely and was manageable.
 
For many, the reason for being there was to observe and/or participate in the creation of IETF “standards” which relies on discussion and rough consensus. There were 129 working groups in eight areas: Applications (APS), General (GEN), Internet (INT), Operations & Management (O&M), Real-time Applications and Infrastructure Area (RAI), Routing Area (RTG), Security (SEC) and Transport (TSV).
 
Since the first Request for Comments (RFC) at an IETF in 1969, over 7,000 RFCs have been produced. Many multinational technology companies develop standards at the IETF which are then adopted by themselves and/or others to provide real solutions. Time from implementation of standards at IETF 91 range from six months to six years.
 
Areas of great interest at IETF 91 included making virtualized networks function, programming network nodes, making DNS traffic more private and, guaranteeing network throughput and delay for special applications.
 
There were Birds of a Feather (BOFs) sessions on new multicast forwarding architecture and on new top-level media type for archive formats. A new research group was likewise formed to study data-center latency.
 
Highlights included an ISOC-moderated panel on “Identity as an Internet Building Block,” a presentation on “Open Standards, Open Source, Open Loop,” and the Internet Research Task Force’s (IRTF) Applied Networking Research Prizes (ANRP) awarded to Sharon Goldberg, Tobias Flach and Misbah Uddin.
 
Stuart, the minion from the animated film Despicable Me, came out in force, however there was low participation from Asia-Pacific overall in the meeting and we look forward to this improving.
 
So mark it on the calendar, the next Asian IETF will be in Yokohama on November 1-6 2015 and, Seoul on November 13-18, 2016.
 
Categories
Deploy360 IETF To archive

Operators and the IETF: Update from IETF 91

Nerds In ParadiseTwo weeks ago I let you all know that I would be presenting our Operators and the IETF Internet-Draft at IETF 91. What a busy two weeks it’s been! Between all of the amazing presentations and conversations in Honolulu last week, and then hosting our first ever ION Tokyo this Monday, we’re all just now catching up, gathering our thoughts, and looking at next steps.

The presentation in the IEPG meeting was condensed to only 5 minutes due to time constraints. Even so, it generated several comments in the room, and a fair bit of interest and hallway discussion afterwards.

The momentum for this draft built on Wednesday when I was able to present in the OpsAWG meeting. I think it went great! People were engaged (very few heads hidden behind laptops) and it generated a fair amount of discussion. You can view the video (the Operators and the IETF bit starts at about 01:07:00) and check out the slides if you like. In addition to continuing this discussion with all of the survey results available, we also saw two solid action items come out of this meeting:

The mailing list was set up by IEPG and OpsAWG co-chair Warren Kumari on his personal server, to provide a neutral format for these discussions. We expect the list to be used by both IETFers and Operators, as well as those who are both or somewhere in between, to discuss the results of the survey, to generate and discuss possible solutions, and to start coordinating the execution of those solutions. The first thing the list will be used for is finding volunteers for the IETF help desk.

The idea of the IETF help desk is to provide a common / well-known place for operators to bring their questions about the IETF and have them answered by those experienced with the IETF. We do not expect anyone to travel to NOG or NOF meetings specifically to staff this desk. Instead, we’d like to find those folks who have significant IETF clue and are already planning on attending a given NOG/NOF meeting. We can use the ‘synergy’ list to self-identify and volunteer for this work. In this way we can prearrange to have the IETF help desk open at specified and pre-published times. We expect questions asked at the desk to be along the lines of “what is the IETF working on in X space?” “How do I get involved in the IETF?” “How do I submit an RFC?” etc.

Outside of the public meetings, I also had the chance to chat with many people throughout the week in the hallways, at meals, and anywhere else we happened to bump into each other. Everyone I spoke to personally re-confirmed that work in this area is indeed needed and that the current course of action is helpful. If you disagree, we’d love to hear from you!

In addition to all of these planned presentations and interactions, the Operators and the IETF draft got some unexpected attention.

First, during the IETF 91 Operations and Administration plenary, Brian Carpenter took the opportunity during the IESG open microphone session to ask the IESG to read the draft. In particular he pointed to the statistic that 44% of the operators who responded to the survey told us that they did not feel their input was welcome at the IETF. After some discussion around this point I stood at the mic to elaborate that there are many more statistics and ideas in the draft, imploring those interested in the topic to give it a full read through. I also mentioned something that has come out of our further reading of the survey results: These potential challenges and possible solutions transcend the operator community. While we set out specifically to help solve the perceived problem of not enough operator input, we have found a lot of ideas that could likely make it easier for everyone to participate in the IETF – particularly newcomers of all types.

Then, during his Thursday lunch speaker series talk on “Open Standards, Open Source, Open Loop,” Dave Ward called out a quote from our draft:

If open APIs become the de-facto definition of interoperability requirements, the role of the standardization bodies, and the opportunity for operators to influence specifications, diminishes. As a result the functional interoperability (and interchangeability) of vendors and devices will decrease, potentially leading to a more proprietary and less open and global nature of the Internet.

You can find the quote on slide 4 and hear Dave talk about it at 00:20:50 in the video, although I highly encourage you to look through the whole deck and view the entire talk. In particular, I found slide 16 “IETF Existing Structure Revisited” and his laws for SDOs and OSS very insightful.

Now What?

So, what’s next?

From our side, here at the Internet Society, we’re hitting the road! We’ll be presenting this information everywhere we can get the chance. We want to get in front of as many operators and operator groups as we can. Our goal is to ensure that we got the survey results right and to start working on defining and implementing the best solutions. A big part of this is tearing down misconceptions and ensuring that operators (and other newcomers) have the information they need to get involved when, where, and how they need to.

You can help too!

  • Please join the mailing list and get involved in the discussion!
  • If you have ideas, insight, or feedback – let us know!
  • If you are willing to help implement solutions, including staffing an IETF help desk at your favorite NOG/NOF – let us know!

As always, if you have any comments or questions, please do contact us.

Categories
Deploy360 IETF IPv6 Securing Border Gateway Protocol (BGP)

Deploy360@IETF91, Day 5: IDR (Securing BGP), IPv6 and heading on to ION Tokyo

Minions at IETF91As the final day of IETF 91 opens there are only a few sessions left on the long IETF 91 agenda.  For us at Deploy360, our focus will mainly be on the Inter-Domain Routing (IDR) and IPv6 Maintenance (6MAN) meetings happening this morning.  Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the 9:00-11:30 HST block today the Inter-Domain Routing (IDR) is meeting in Coral 2 and it will be, as I understand it, a joint meeting with the SIDR working group that will focus on the proposed BGPSEC protocol.  The agenda is:

  • BGPSEC background/goals/context, Sandy Murphy
  • BGPSEC protocol walk-through, Matt Lepinski
  • BGPSEC protocol time, space analysis, K. Sriram
  • BGPSEC issues for implementors, John Scudder

It should be an interesting session that ties in well with our Securing BGP topic area.

Simultaneously over in the large Coral 3 room, the IPv6 Maintenance Working Group (6MAN) has a very full agenda of proposals to improve how IPv6 works.  For IPv6 fans such as me, this looks to be a great set of discussions!

The final block of sessions from 11:50-13:20 HST does not have any meetings directly tied to the topics we cover here, but I’m intrigued by a document in the Internet Area Open Meeting about tunnels in the Internet’s architecture that will probably be a good session to listen to.

And with that… our time here at IETF 91 in Honolulu will draw to a close.  We’ll have the Internet Society Advisory Council meeting this afternoon… and then we are all heading to Tokyo to present about IPv6, DNSSEC, BGP, BCOP and more at our ION Tokyo event on Monday!  (And you can watch ION Tokyo live via a webcast.)

Thanks for following us this week and to all those who greeted us at IETF 91!  See you next time in Dallas!

P.S. Today’s photo is from Jared Mauch and used with his permission.  NBC Universal, who sponsored the IETF 91 Welcome Reception, gave a stuffed “minion” out to anyone who wanted to have one.  Give some engineers something fun like this and… well… photos are bound to happen!  Jared had a good bit of fun coming up with some photos – you can see his “Minions” photo stream – and the minons were present in many other photos, such as this one I took.

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

IDR (Inter-Domain Routing Working Group) WG
Friday, 14 November 2014, 0900-1130 HST, Coral 2
Agenda: https://datatracker.ietf.org/meeting/91/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

6MAN (IPv6 Maintenance) WG
Friday, 14 November 9am-1130am, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) IETF Internet of Things (IoT) IPv6

Deploy360@IETF91, Day 4: TLS, 6TISCH, DNSSD, IDR, SAAG, DHC and DBOUND

Chris Grundemann at IETF 91On the fourth day of IETF 91 we on the Deploy360 return to a focus on the routing / securing BGP side of our work as well as TLS and a number of DNS-related sessions that are not strictly DNSSEC-related, along with a small bit of IPv6 for “Internet of Things” (IoT) mixed in. There are many other working groups meeting at IETF 91 today but the ones I’ll mention below line up with the topics we cover here on the Deploy360 site.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block two working groups are of interest.  The TLS Working Group continues the evolution of the TLS protocol and we’ll be monitoring that session in Coral 5 to understand where TLS is going.  Meanwhile over in the Hibiscus room, the 6TISCH Working Group will be continuing their work on ensuring that IPv6 works well in low-power networks on devices using IEEE 802.15.4 low-power radios.  We haven’t really covered this work much here on Deploy360, but as the 6TISCH charter indicates, the work is aimed at “low-power and lossy networks” (LLNs) among devices that we often commonly talk of these days as the “Internet of Things” (IoT). As we increasingly connect everything to the Internet, this work should prove very useful.

During the lunch period, there looks to be a fascinating speaker on the topic of “Open Standards, Open Source, Open Loop“,  but the timing is such that several of us will be at an informal (and open) meeting about the Mutually Assured Norms for Routing Security (MANRS) document, part of the ongoing Routing Resilience Manifesto project headed by our colleague Andrei Robachevsky (and he discussed MANRS in his Rough Guide post).

In the 13:00-15:00 HST block there are two groups we’ll be watching: DNSSD and IDR.  As I described in my Rough Guide post about DNSSEC, the DNSSD group is looking at how to extend DNS service discovery beyond a local network – and we’re of course curious about how this will be secured.  DNSSEC is not directly on the agenda, but security issues will be discussed.  Simultaneously the Inter-Domain Routing (IDR) is meeting about improving the Internet’s routing infrastructure, although the security focus will primarily be in tomorrow’s (Friday) IDR meeting. Because of that, our attention may be more focused on the Security Area Open Meeting where there are a couple of drafts about routing security including one that surveyed the different kinds of censorship seen around the world.

Finally, in the 16:40-19:10 HST block the Dynamic Host Configuration (DHC) WG will meet to continue their work on optimizing DHCP for IPv6. Today’s agenda includes some discussions around privacy that should fit in well with the ongoing themes of privacy and security at this IETF meeting.

At the same time as DHC, there will also be a side meeting of the DBOUND (Domain Boundaries) effort that took place at an earlier IETF meeting.  It starts at 16:40 (not 14:40 as went out in email) in the South Pacific II room.  As described in the problem statement, this effort is looking at how “domain boundaries” can be defined for efforts such as the Public Suffix List. From the abstract:

Various Internet protocols and applications require some mechanism for determining whether two Domain Name System (DNS) names are related. In this document we formalize the types of domain name relationships, identify protocols and applications requiring such relationships, review current solutions, and describe the problems that need to be addressed.

While not directly related to the work we do here on Deploy360, it’s interesting from a broader “DNS security perspective”.

And with all of that…  day 4 of IETF 91 will draw to a close for us.  If you are around at IETF 91 in Honolulu, please do find us and say hello!

P.S. Today’s photo is of our own Chris Grundemann making at point at the microphone in the Administrative plenary…

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Thursday, 13 November 2014, 0900-1130 HST, Hibiscus
Agenda: https://tools.ietf.org/wg/6tisch/agenda
Documents: https://tools.ietf.org/wg/6tisch/
Charter: https://tools.ietf.org/wg/6tisch/charter

TLS (Transport Layer Security) WG
Thursday, 13 November 2014, 0900-1130 HST, Coral 5
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls/
Charter: https://tools.ietf.org/wg/tls/charter

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Thursday, 13 November 2014, 1300-1500 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: https://datatracker.ietf.org/wg/dnssd/charter/

SAAG (Security Area Open Meeting) WG
Thursday, 13 November 2014, 1300-1500 HST, Coral 3
Agenda: https://tools.ietf.org/wg/saag/agenda
Documents: https://tools.ietf.org/wg/saag/
Charter: https://tools.ietf.org/wg/saag/charter

IDR (Inter-Domain Routing Working Group) WG
Thursday, 13 November 2014, 1300-1500 HST, Kahili
Agenda: https://datatracker.ietf.org/meeting/91/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

DHC (Dynamic Host Configuration) WG
Thursday, 13 November 2014, 1640-1910 HST, Kahili
Agenda: https://tools.ietf.org/wg/dhc/agenda
Documents: https://tools.ietf.org/wg/dhc/
Charter: https://tools.ietf.org/wg/dhc/charter


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) IETF To archive

Deploy360@IETF91, Day 3: DANE, HOMENET and Operators and the IETF (OPSAWG)

Sharon Goldberg ANRP prize winnerToday’s third day of IETF 91 is for us on the Deploy360 team both a lighter day in terms of a schedule, but a heavier day in that we have two actual presentations today: Chris is speaking in the OPS Area meeting this morning about our Operators and the IETF project and I’ll be speaking in the DANE working group in the afternoon about DANE deployment.  HOMENET is also meeting this morning and there are connections there to both the IPv6 and DNS security work we talk about here on Deploy360.

These are, of course, only a very small fraction of the many different working groups meeting at IETF 91 today – but these are the ones that line up with our Deploy360 topics.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block our attention will be focused in two working groups.  Of primary importance, our Chris Grundemann will be in the Operations and Management Area Working Group (OPSAWG) in Coral 1 presenting on the work he and Jan Žorž have been doing as part of our Operators and the IETF project to collect information and feedback from network operators about their participation, or lack thereof, in the IETF.  Today he’ll be presenting a summary of the results of the survey he and Jan undertook.  Chris’ slides are available online and he and Jan also published an Internet Draft, draft-opsawg-operators-ietf,  with more information.  (And you can listen live starting at 9:00 HST (UTC-10) , although it looks like Chris is scheduled later in the session.)

Simultaneously over in Coral 3, the HOMENET WG will be meeting to discuss standards related to home/small networks.  As Phil Roberts wrote about, there is a great bit of IPv6-related activity happening within this group.  As I mentioned earlier, too, there is are a couple of DNS-related matters in HOMENET this time around.  One draft, draft-jeong-homenet-device-name-autoconf, explores how home network devices and appliances and sensors that make up the “Internet of Things” (IoT) can be automatically configured with DNS names for monitoring and remote control. Our interest is naturally in how this interaction with DNS can be secured.  Another draft looks at the idea of using a “.home” top-level domain (TLD) for home networks.

After lunch our attention then moves to the DANE Working Group happening from 13:00-15:00 HST in Coral 3.  As I described in my Rough Guide post about DNSSEC, there is a great amount of activity happening here related to DNSSEC and DANE.  As I mentioned in a recent post, I’ll be presenting at the end of the session asking the question “what can we learn from existing DANE deployments?”  I summarized many of the thoughts and questions in draft-york-dane-deployment-observations but have expanded upon that in the slides I’ve prepared for today’s session.  (I also couldn’t resist adding in photos of broccoli and cookies… but why will become clear in the discussion!)

When DANE is done we don’t have a particular focus in the final 15:20-16:50 HST session block on the IETF 91 agenda today, although several groups are of personal interest.  There are also several DNS-related side meetings that are seeming to be scheduled during that time.

We’ll end the day with the usual IETF Operations and Administration Plenary from 17:10-19:40 HST that typically provides good insight into how the IETF is doing… and the “open mic” sessions can usually be educational, entertaining or both.  🙂

If you are around at IETF 91 in Honolulu, please do find us and say hello!

P.S. Today’s photo is of Sharon Goldberg presenting about RPKI and BGP security in the ANRP presentation mentioned yesterday.

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

OPSAWG (Operations and Management Area) WG
Wednesday, 12 November 2014, 0900-1130 HST, Coral 1
Agenda: https://tools.ietf.org/wg/opsawg/agenda
Documents: https://tools.ietf.org/wg/opsawg/
Charter: https://tools.ietf.org/wg/opsawg/charter

HOMENET (Home Networking) WG
Wednesday, 12 November 2014, 0900-1130 HST, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

DANE (DNS-based Authentication of Named Entities) WG
Wednesday, 12 November 2014, 1300-1500 HST, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dane/
Documents: https://datatracker.ietf.org/wg/dane/
Charter: http://datatracker.ietf.org/wg/dane/charter/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF Internet of Things (IoT)

Deploy360@IETF91, Day 2: UTA, DPRIVE, BGP in ANRP, 6LO and IOT, DNSOP

IETF 91 mic lineFor us at Deploy360, Day 2 of IETF 91 brings a heavy focus on DNSSEC and DNS security in general with both DNSOP and DPRIVE meeting. Today also brings one of the key working groups (UTA) related to our “TLS in Applications” topic area.  There is a key WG meeting related to using  IPv6 in “resource-constrained” environments such as the “Internet of Things” (IoT) … and a presentation in the Internet Research Task Force (IRTF) about BGP security and the RPKI.

These are, of course, only a very small fraction of the many different working groups meeting at IETF 91 today – but these are the ones that line up with the topics we write about here at Deploy360.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block we once again will be splitting ourselves across multiple working groups.  In Coral 2 will be the “Using TLS in Applications” (UTA) working group looking at how to increase the usage of TLS across applications.  The UTA WG is a key part of the overall work of the IETF in strengthening the Internet against pervasive monitoring and should be quite a well-attended session.  The UTA agenda includes multiple drafts related to TLS and email, a discussion of a proposal around “token binding” and what should be an involved discussion about the TLS “fallback dance”, i.e. what should happen when a TLS connection cannot be made at the requested level of security?

On the topic of UTA, I’ll note that one of the groups main documents, draft-ietf-uta-tls-bcp, a best practice document on “Recommendations for Secure Use of TLS and DTLS“, has a new version out that incorporates all of the feedback received to date.  This document should soon be at the point where it will enter the publication queue.

Meanwhile, over in the Kahili room the 6LO WG will be talking about using IPv6 in “resource-constrained” and low power environments. The work here is important for sensor/device networks and other similar “Internet of Things” (IoT) implementations.   Among the 6LO agenda items are a discussion of using IPv6 in near field communications (NFC) and what should be quite an interesting discussion around the challenges of using different types of privacy-related IPv6 addresses in a constrained environment.

Simultaneously over in Coral 4 will be the open meeting of the Internet Research Task Force (IRTF) and of particular interest will be the presentation by one of the winners of the Applied Networking Research Prize (ANRP) that is focused on BGP security and the Resource Public Key Infrastructure (RPKI).  As the IRTF open meeting agenda lists the abstract:

The RPKI (RFC 6480) is a new security infrastructure that relies on trusted authorities to prevent attacks on interdomain routing. The standard threat model for the RPKI supposes that authorities are trusted and routing is under attack. This talk discusses risks that arise when this threat model is flipped: when RPKI authorities are faulty, misconfigured, compromised, or compelled (e.g. by governments) to take certain actions. We also survey mechanisms that can increase transparency when RPKI authorities misbehave.

The slides for the presentation are online and look quite intriguing!

After that we’ll be spending our lunch time at the “ISOC@IETF” briefing panel that is focused this time on the topic of “Is Identity an Internet Building Block?”  While not directly related to our work here at Deploy360 we’re quite interested in the topic.  I will also be directly involved as I’ll be producing the live video stream / webcast of the event.  You can join in and watch directly starting at 11:45 am HST (UTC-10). It should be an excellent panel discussion!

As I described in my Rough Guide post about DNSSEC, the 13:00-15:00 block brings the first meeting of the new DPRIVE working group that is chartered to develop “mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.”  The DPRIVE agenda shows the various documents under discussion – there are some very passionate views on very different perspectives… expect this session to have some vigorous discussion!

In the last 15:20-17:20 meeting block of the day we’ll focus on the DNS Operations (DNSOP) Working Group where the major DNSSEC-related document under discussion will be Jason Livingood’s draft-livingood-dnsop-negative-trust-anchors that has generated a substantial bit of discussion on the dnsop mailing list.  The DNSOP agenda contains a number of other topics of interest, including a couple added since the time I wrote about DNS for the Rough Guide.  The discussion about root servers running on loopback addresses should be interesting… and Brian Dickson (now employed by Twitter instead of Verisign) is bringing some intriguing new ideas about a DNS gateway using JSON and HTTP.

After all of that, they’ll let us out of the large windowless rooms (granted, in the dark of evening) for the week’s Social event that will apparently be a Hawaiian Luau.  After all the time inside it will be a pleasure to end the day in casual conversations outside. Please do look to find us and say hello… and if you are not here in Honolulu, please do join in remotely and help us make the Internet work better!

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

UTA (Using TLS in Applications) WG
Tuesday, 11 Nov 2014, 900-1130, Coral 2
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

6LO (IPv6 over Networks of Resource-constrained Nodes) WG
Tuesday, 11 Nov 2014, 900-1130, Kahili
Agenda: https://tools.ietf.org/wg/6lo/agenda
Documents: https://tools.ietf.org/wg/6lo
Charter: https://tools.ietf.org/wg/6lo/charter

IRTF (Internet Research Task Force) Open Meeting
Tuesday, 11 Nov 2014, 900-1130, Coral 4
Agenda: http://tools.ietf.org/agenda/91/agenda-91-irtfopen.html
Charter: https://irtf.org/

DPRIVE (DNS PRIVate Exchange) WG
Tuesday, 11 November 2014, 1300-1500 HST, Coral 5
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSOP (DNS Operations) WG
Tuesday, 11 November 2014, 1520-1720 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) IETF IPv6 Securing Border Gateway Protocol (BGP)

Deploy360@IETF91, Day 1: v6OPS, SIDR, EPPEXT, TRANS

Sunset at IETF 91On the first full day here at IETF 91, we have to leave behind the palm trees of the beautiful welcoming reception (pictured at right) to head indoors for a packed agenda of working group sessions.

For us on the Deploy360 team, this first day hits on three of our major topics:  IPv6, DNSSEC and securing BGP.

A big focus  for our group will be the 4.5 hours of IPv6 Operations (v6OPS) Working Group meetings happening in two blocks today: 9:00-11:30 and then 15:20-17:20 Hawaii Standard Time (HST). As our colleague Phil Roberts noted, IPv6 is everywhere within IETF activity, but the v6OPS sessions are particularly important as IPv6 continues to move into mainstream production and experience real operational deployment.


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US).


At the same 9:00-11:30 block as v6OPS in the morning will be the Secure Inter-Domain Routing (SIDR) Working Group that is really the lead working group we’re monitoring for efforts to increase the security of the BGP routing protocol. As Andrei Robachevsky wrote in his Rough Guide post, there is a great amount of work happening with regard to routing security and resiliency and the discussions within SIDR today will contribute to that.

Amazingly, the 13:00-15:00 time block is a quiet one for us (pretty much the only one all week!), although I may wander into the CDN Interconnections (CDNI) working group to check in purely out of my own interest in CDNs.

The 15:20-17:20 block has v6OPS back for its second session, but also has two of the working groups meeting with DNSSEC-related topics going on.  As I described in my Rough Guide post about DNSSEC, the EPPEXT working group will be discussing how to progress a draft about the secure transfer of signed domain names between registrars – and simultaneously the TRANS working group will be looking at the possibility of applying Certificate Transparency (CT) methods to DNSSEC.

In the final 17:30-18:30 meeting block, the TRANS working group will continue their discussions and the GROW working group will also be meeting to discuss route leaks and de-aggregation issues, two major areas that Andrei indicated are of concern to the routing community.

We’ll finish up the day from 18:50-19:50 with the Technical Plenary that will focus on the IAB’s Privacy and Security Program and should be interesting.

All in all it’s going to be a very busy day!  Do note, of course, that all that I’ve mentioned here is just a small part of the overall activity happening at IETF 91 today – these are just the sessions that WE are interested in for the topics we cover here at Deploy360. Please do look to find us and say hello… and if you are not here in Honolulu, please do join in remotely and help us make the Internet work better!

Relevant Working Groups:

v6OPS (IPv6 Operations) WG
Monday, 10 November 900am-1130am, Coral 4
Monday, 10 November 320pm-520pm, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

SIDR (Secure Inter-Domain Routing) WG
Monday, 10 November 2014, 0900-1130 HST, Coral 1
Agenda: https://datatracker.ietf.org/meeting/91/agenda/sidr/
Charter: https://datatracker.ietf.org/wg/sidr/charter/

TRANS (Public Notary Transparency) WG
Monday, 10 November 2014, 1300-1500 HST, Hibiscus
Agenda: https://datatracker.ietf.org/meeting/91/agenda/trans/
Documents: https://datatracker.ietf.org/wg/trans/
Charter: https://datatracker.ietf.org/wg/trans/charter/

EPPEXT (Extensible Provisioning Protocol Extensions) WG
Monday, November 10, 2014, 1520-1720 HST, Lehua Suite
Agenda: https://datatracker.ietf.org/meeting/91/agenda/eppext/
Documents: https://datatracker.ietf.org/wg/eppext/
Charter: https://datatracker.ietf.org/wg/eppext/charter/

GROW (Global Routing Operations) WG
Monday, 10 November 2014, 1730-1830 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/grow/
Charter: https://datatracker.ietf.org/wg/grow/charter/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Categories
Identity IETF Open Internet Standards Privacy Technology

Webcast Information for Tomorrow’s Panel on Identity as an Internet Building Block at IETF 91

Tomorrow, Tuesday, 11 November, Internet Society CITO Olaf Kolkman and four distinguished panelists will discuss and debate, “Is Identity an Internet Building Block?” during IETF 91 in Honolulu. Pre-registration was required for onsite participation. However, if you didn’t pre-register before it filled up, we have great news in that it will be webcast (over IPv6, of course)! Just visit the Google+ event page and look for the YouTube live stream. It will begin right at 11:45AM HST (21:45 UTC) tomorrow.

We’ll also live-tweet the event via our Twitter channel, @ISOCtech.

From the session abstract:

In the Internet’s early days, users often felt shielded behind an electronic veil of anonymity, able to take on any persona they pleased. Now, nearly every online service has adopted technologies that build user profiles, offer product recommendations, and piece together personal histories that go back farther than most of us even know.

Digital identifiers and the attributes tied to those identifiers are key to establishing trust in any form of online communication. What are the underlying identifiers we use on the Internet today? What are their properties? How do these identifiers and attributes relate to our ideas of “identity?” If we were to dream of an ideal world with multiple interlinked and interoperable identity ecosystems, what would good look like?

During this Briefing Panel, the Internet Society’s Chief Internet Technology Officer Olaf Kolkman and four panelists from various layers of the stack will discuss whether identity management is, or will be, a fundamental building block for the Internet, the forces currently at play in the identity sphere, the push for single sign-on, the role of mobile, and more.

Moderator
Olaf Kolkman (Internet Society)

Panel
Leif Johansson (SUNET)
Ken Klingenstein (Internet2)
Jef Hodges (PayPal)
Natasha Rooney (GSMA)

We hope you can join us, whether it’s in the room in Honolulu, on the webcast, or via Twitter!

Categories
IETF Open Internet Standards Technology

IETF 91 Starts Today!

We are in Honolulu, Hawaii this week for IETF 91, where we’ll be trying really hard to ignore the beautiful weather and beaches outside and do what we came here to do – make the Internet work better. It all officially kicks off this afternoon with the Welcome Reception from 1700-1900 HST, so I hope we’ll see you there. I hope you’ve been following along as we doled out our series of Rough Guide to IETF91 posts last week. You can read through them all individually at these links if you missed any of them:

A few last-minute reminders as we get this week underway.

IETF Journal v10.2

The latest edition of the IETF Journal is available here onsite in hard copy, and you can subscribe here to receive future issues (via hard copy or email). As you go through the week, keep in mind I’m always on the lookout for ideas for future articles, so if you’re interested in writing something, please send an email to ietfj-editor@isoc.org with more information.

ISOC@IETF Briefing Panel: “Is Identity a Building Block?”

Moderated by ISOC Chief Internet Technology Officer Olaf Kolkman, panelists Leif Johansson, Ken Klingenstein, Jef Hodges, and Natasha Rooney will share their ideas about the question, “Is Identity an Internet Building Block?” Registration to participate in person is full, but the event will be webcast so if you want to watch it online, check back here for details.

The Magnum P.I. Contest

And finally, Olaf Kolkman is running a little contest this week. From his overview ‘rough guide’ post:

“Nerds in Paradise” was the tagline on the t-shirt for the 15th IETF in 1989, the decade when Magnum P.I. dominated TV networks. In honor of our return to Honolulu, the participant with the best “Magnum P.I.” mustache will get an honorary mention in the next issue of the IETF Journal. Photographic evidence can be tweeted to @ISOCtech using the hashtag #ietf91MagnumPI or emailed to itm@isoc.org. (NOTE: Remote IETF 91 participants are eligible, and the winning entry need not be a real mustache!)

Follow Us

There’s a lot going on this week, and whether you are or joining remotely, there’s much to follow. To keep up with our Internet Society activities, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf91.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events IETF

Comments? What Can We Learn From Existing DANE Deployments?

IETF LogoWhat can we learn from existing deployments of the DANE protocol?  As more people start implementing DANE in their applications, are there lessons we can learn to feed back into the standards development process?  What are the barriers people are finding to using DANE? How can we help accelerate the deployment of DANE and DNSSEC?

As I mentioned in my Rough Guide to IETF 91 post and also my post here on Deploy360, I have a short bit of time at the end of the DANE Working Group agenda on next Wednesday, November 12, 2014, to raise these questions and try to get some feedback. To help with that, I wrote an Internet-Draft that you can find at:

https://tools.ietf.org/html/draft-york-dane-deployment-observations

In the document, I outline some of the concerns and issues that I have observed related to DANE deployment, including:

  • Lack of awareness of DANE
  • Challenges creating TLSA records
  • Inability to enter TLSA records at DNS hosting operators
  • Availability of developer libraries
  • Perception that DANE is only for self-signed certificates
  • Performance concerns
  • Cryptographic concerns

I then offered these questions for discussion:

  • What roadblocks are people running into with implementing DANE? (outside of the broader issue of getting DNSSEC validation and signing more widely available) are there lessons we can feed back into our process of developing DANE-related standards?
  • Are there more “Using DANE with ” types of documents that we can or should create? (And who is willing to do so?)
  • Are there some good examples/case studies of DANE implementations that we could perhaps capture as informational RFCs? (The Jabber community’s implementation comes to mind)
  • Are there places where it would be helpful if there were reference implementations of DANE support? For example, DANE for email got a boost when support was added to postfix. Are there other commonly-used open source projects where the addition of DANE support would help move deployment along?
  • Are there test tools that need to be developed? Or existing ones that need to be better promoted? Are there interop tests we can arrange?

I’m looking forward to the discussion on Wednesday… but I also welcome any comments you may have NOW on this topic.  You are welcome to send comments directly to me, send them to the DANE mailing list (you need to subscribe first), post them here as comments to this article – or post them on any of the social networks where this post appears. (although either email or posting the comments here on our site are the best ways to make sure I actually see your comments)

What can we learn from DANE deployment so far – and how can we use that to help get more DANE usage happening?

Categories
Deploy360 IETF IPv6 Transport Layer Security (TLS)

Two More Rough Guides To IETF 91 On IPv6 And Security / TLS

IETF LogoTwo more “Rough Guide to IETF 91” posts have been published that may be of interest to Deploy360 readers:

and

Phil’s post naturally talks about all the great work related to IPv6 happening within the various working groups at IETF 91 next week.  The reality is that IPv6 is now the main IP protocol discussed in so many different working groups – and all new work is assumed that it will (or must) work on IPv6 … and so IPv6 discussions are taking place in many different places.   You can expect that you’ll find members of the Deploy360 team in the dedicated IPv6 sessions Phil mentions!

Karen’s post highlights a number of the security and privacy efforts under way within the IETF and IAB.  She also mentions the TLS working group and the Using TLA in Applications (UTA) working groups, both of which are important to the TLS in Applications topic area we have here on Deploy360.

Combined with all the activities related to DNSSEC / DANE and all the activities related to routing security/resiliency … it’s going to be a very busy week next week!  We’re looking forward to it and to meeting up with many of you.

In the meantime, if you’d like to get started with IPv6 or TLS, please visit our Start Here page to begin!

Categories
Deploy360 IETF Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

IETF 91 Rough Guide On Routing Resilience And Security – De-aggregation, Route Leaks and more

IETF LogoWhat will be happening next week at IETF 91 with regard to improving the security and resilience of the Internet’s routing infrastructure?

Our colleague Andrei Robachevsky tackles this question in his post this week: “Rough Guide to IETF 91: Routing Resilience & Security“.

Andrei explains that one of the major issues in routing right now is the growth in the size of the global routing tables and the growth of “de-aggregation”… and the challenges that lie therein.  He also writes about “route leaks” and what is being done to address this issue and he writes about the ongoing work related to RPKI in the SIDR working group.

He finishes up talking about the MANRS initiative announced yesterday  and how that can help with overall routing security and resiliency.

Please do read Andrei’s Rough Guide post … and then do check out our topic areas on Securing BGP and Anti-spoofing to learn more about how you can secure your routing infrastructure.  We will look forward to seeing some of you next week at IETF 91!