July 2014 archive

Live Today: IXPs and The Relationship Between Geography and Network Topology (Featured Blog)

More...

Deploy360@IETF90, Day1: v6OPS, DNSSEC in SIPCORE, 6TISCH and the Technical Plenary

IETF LogoToday here in Toronto at IETF 90 the main activity for the Deploy360 team will be the “IPv6 Operations” (V6OPS) session happening at 9:00am EDT this morning.  The V6OPS agenda  shows that today there will be three larger discussions of interest to us:

  • A discussion of how the interaction between SLAAC and DHCPv6 for can be improved for the configuration of IPv6 clients. There is an Internet Draft that explains the problem statement and will be the basis for the discussion.
  • An analysis of problems encountered in a mobile environment when IPv6-enabled devices roam between mobile networks. Again, an Internet Draft provides the analysis. Coming out of the work of a number of mobile service providers this should be an interesting session.
  • A discussion about what is the appropriate usage of Unique Local Addresses (ULAs).  A draft will be presented but there will also be a much larger discussion happening around what the role of ULAs will be.

There are also a few other topics on the V6OPS agenda and overall it should be a busy session.

If you’d like to join the V6OPS session (or any of the others) remotely to hear the discussion you can follow the instructions on the IETF 90 Remote Participation page or use the “tools-style” agenda page that provides easy links to the audio stream, jabber chat room documents and more for each of the sessions.

After that I’ll be over in the SIPCORE session in the afternoon for Olle Johansson’s draft about how DANE can be used to improve the security of VOIP sessions using TLS and SIP. As I said in my Rough Guide post about DNSSEC/DANE at IETF 90, Olle’s draft presents an interesting usage of DANE in the world of SIP-based voice-over-IP (VoIP).

Next I’ll be over listening in the 6TISCH working group.  This is not one I’ve been actively monitoring but it is of interest to me because it is looking at how IPv6 gets used in automated environments and in Low-power and Lossy Networks (LLNs) that many of us may broadly group into the “Internet of Things”.  From the 6TISCH charter:

The IEEE802.15.4e Timeslotted Channel Hopping (TSCH) is a recent amendment to the Medium Access Control (MAC) portion of the IEEE802.15.4  standard. TSCH is the emerging standard for industrial automation and  process control LLNs, with a direct inheritance from WirelessHART and ISA100.11a. Defining IPv6 over TSCH, 6TiSCH is a key to enable the further adoption of IPv6 in industrial standards and the convergence of Operational Technology (OT) with Information Technology (IT).

Finally, our formal schedule will end today with what should be a very interesting Technical Plenary looking at the link between “network topology” and geography.  The Technical Plenary will be streamed live at http://www.ietf.org/live/ starting at 5:10pm EDT and is available for all to watch. Here is the description of the main technical focus:

Since network gear, links, and the nodes they connect must be in some specific physical place, there is always a relationship between geography and network topology. The flow of data through that topology has generally, however, been relatively independent of the geography.

Recently, some public policy proposals have tried to tie the flow of data on the network to national or regional boundaries. This panel will discuss the relationship between geography and network topology from three points of view.

Each panelist will make a brief presentation, and then we will discuss the implications of their findings. A Question & Answer session will follow the presentations.

I’m personally fascinated by this topic so I’ll be looking forward to this plenary session! Again it is at http://www.ietf.org/live/ – please feel free to share that link widely.

The information about the relevant working groups today is:

V6OPS (IPv6 Operations) WG
Agenda: https://datatracker.ietf.org/meeting/90/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/
(Monday, July 21, 2014, 0900-1130 EDT, Canadian room)

SIPCORE (Session Initiation Protocol Core) WG
Agenda: https://datatracker.ietf.org/meeting/90/agenda/sipcore/
Documents: https://datatracker.ietf.org/wg/sipcore/
Charter: http://tools.ietf.org/wg/uta/charters/
(Monday, July 21, 2014, 1300-1500 EDT, Territories room)

6TISCH (IPv6 over TSCH mode of 802.16e4)
Agenda: https://datatracker.ietf.org/meeting/90/agenda/6tisch/
Documents: https://datatracker.ietf.org/wg/6tisch/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/ 
(Monday, July 21, 2014, 1520-1650 EDT, Territories room)

For more background on what is happening at IETF 90, please see our “Rough Guide to IETF 90″ posts on the ITM blog:

If you are here at IETF 90 in Toronto, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

FIR #765 – 7/21/14 – For Immediate Release

Quick News: French blogger fined for high search ranking, Russian government caught editing MH17 Wikipedia entry, is PressFriendly keeping your PR agency up at night?, Bing complies with right-to-be-forgotten ruling; Ragan promo; News That Fits: automated editing bots on Wikipedia, Dan York's Tech Report, rethinking earned/owned/paid media, Media Monitoring Minute from CustomScoop, listener comments, Microsoft's leadership email debacle, Igloo Software promo, last week on the FIR Podcat Network, the link between social media and corporate reputation; music from Soft Plastic; and more.

Watch LIVE: Edward Snowden at HOPE-X Today at 2:00pm EDT (18:00 UTC) (Featured Blog)

Whether you view Edward Snowden as a criminal or a hero, or somewhere in between, you cannot dispute that his revelations about pervasive surveillance have changed the discussions about the Internet on both technology and policy levels. If you are interested in hearing what Edward Snowden has to say himself, he is scheduled to speak today, Saturday, July 19, 2014, at 2:00pm US EDT at the HOPE-X conference in New York City. More...

Watch LIVE: Edward Snowden at HOPE-X Today At 2:00pm EDT (18:00 UTC) (Featured Blog)

More...

A Great Bit of DNSSEC and DNS at IETF 90 Next Week (Featured Blog)

For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... More...

New World IPv6 Launch Measurements – Comcast over 30%, AT&T over 20%

The World IPv6 Launch measurements for July 2014 are out and among the top 10 networks in terms of volume Comcast has now crossed over the 30% mark for IPv6 deployment:

Comcast IPv6 measurements

 

Also in North America, AT&T has crossed over the 20% mark and Time Warner Cable has crossed over 10% for the first time.  Verizon Wireless, who we reported last month was the first of the top networks to cross over the 50% mark, has now grown to 53.55% this month!

Beyond those top networks, as our colleague Mat Ford wrote on the World IPv6 Launch blog, the growth in IPv6 is happening globally with networks such as these providing solid growth:

  • Telekom Malaysia, one of Asia’s leading communications companies
  • Get AS, Norway’s second largest cable operator
  • Corporacion Nacional de Telecomunicaciones, the public telecommunications company in Ecuador
  • Sunrise AG, the 2nd largest telecommunications company in Switzerland

Do check out the World IPv6 Launch Measurements page for more information (and see the Notes toward the bottom of the page to understand more about how these measurements are made).

The time to make the move to IPv6 is NOW!  Please visit our “Start Here” page to find suggestions of resources that can help you get started today!

Meet The Deploy360 Team at IETF 90 Next Week In Toronto

IETF LogoIf you are going to be at IETF 90 next week (July 12-16, 2014) in Toronto, please do find us and say hello! Three of our DO team members will be there: Megan Kruse, Jan Žorž and myself (Dan York).

You can expect to find us in many or most of the sessions related to DNSSEC, IPv6, Routing/BGP and TLS.  We’ve outlined many of those sessions in these three “Rough Guide to IETF 90″ blog posts on the Internet Technology Matters blog:

If you go into each of those posts you’ll see information about what is being discussed and then the list of relevant working groups and other sessions.  We’ll also be at the ISOC@IETF session, the Cryptech briefing, the Technical Plenary and other sessions outlined by Phil Roberts in his overview post.

Please do say hello… and if you would like to set up a specific time to meet with us please send an email to deploy360@isoc.org.  You can also follow us on Twitter, Facebook and/or Google+ to see our updates from IETF 90.

Congrats to Spain (.ES) and Croatia (.HR) on on their DNSSEC-signed TLDs in the DNS Root

Croatia and SpainCongratulations to the teams at the top-level domains (TLDs) of both .ES (Spain) and .HR (Croatia) for getting their DNSSEC-signed TLDs in the root of DNS!  Looking at Rick Lamb’s DNSSEC Deployment Report today I can see that as of yesterday both TLDs had a DS record in the root zone of DNS.

Both will now appear with the “DS In Root” status in our DNSSEC deployment maps that get generated every Monday (and to which all are welcome to subscribe).

What this means is that the TLDs have been signed with DNSSEC and as of yesterday can now participate in the “global chain of trust”. DNSSEC-signed second-level domains under .ES and .HR will now be able to have their signatures validated and confirmed from the root of DNS all the way down to their domains.

Now… I should say that this is technically possible at this point in time.  The DS records for .ES and .HR are now in the root zone.  Second-level domains could be validated from the root all the way down.

However, we can’t tell from external observations whether someone with a .ES domain can provide their DS record up to the .ES TLD – and the same for .HR.  We can’t tell if those registries are allowing DNSSEC signatures from second-level domains.  So it might or might not be possible today… but there is no longer a technical roadblock in the DNS system – it is now up to the TLD registries to allow registrars to submit DNSSEC records for domain registrants.  (And once we can confirm that they are allowing DS records from second-level domains we’ll set their status to “Operational” in the DNSSEC deployment maps.)

Congratulations again to both teams – and if you have registered a .ES or .HR domain, you can now start asking your registrar to find out when you will be able to get the increased security of DNSSEC and try new services like the DANE protocol!

Want to get started with DNSSEC and DANE? Check out our “Start Here” page to find resources tailored to your type of organization – or please let us know if you need additional material.

P.S. In entering the information about .HR for Croatia into our DNSSEC Deployment Map database, I discovered that the status had been previously incorrectly set to “Operational” based on some earlier information that had not been updated.  Croatia has been showing up in that state since the end of March 2014.  We regret that error and now will correctly be showing Croatia as “DS in Root” on the maps that get generated on Monday, July 21, 2014.

A Huge Amount Of DNSSEC Activity Next Week At IETF 90 In Toronto

DNSSEC badgeIf you are interested in DNSSEC and/or “DNS security” in general, there is going to be a great amount of activity happening in a number of different working group sessions at IETF 90 next week in Toronto.

I wrote about all of this in a post on the ITM blog, “Rough Guide to IETF 90: DNSSEC, DANE and DNS Security“, a part of the Rough Guide to IETF 90 series of posts.

You can read the full details (and find links to all the drafts), but here’s a quick summary:

  • The DNSOP (DNS Operations) Working Group will be talking about DNSSEC key and signing policies and requirements for DNSSEC validation in DNS resolvers.  The group will also talk about the “DNSSEC roadblock avoidance” draft before getting into what should be a lively discussion about how we better optimize the distribution of data in the root zone of DNS.
  • The DANE Working Group will discuss a number of ways the DANE protocol can be used with applications such as OpenPGP, SMIME, SMTP and more.  There will also be a discussion of turning the “DANE Operational Guidance” draft into an actual update/replacement for RFC 6698 that defines DANE. It should be very interesting session!
  • The SIPCORE Working Group will discuss a draft about using DANE and DNSSEC for SIP-based Voice-over-IP (VoIP).
  • The TRANS Working Group will explore whether or not there is a role for Certificate Transparency (CT) to play with DNSSEC and/or DANE.
  • The HOMENET Working Group will discuss two different drafts relating to DNSSEC and customer-premise equipment (CPE) such as home wifi routers.

And a couple of other working groups may have DNSSEC-related discussions as well.  All in all it will be a very busy week at IETF 90!

Again, more details and links to all of the associated drafts can be found in the Rough Guide to IETF 90 article about DNSSEC.

If you aren’t able to actually be in Toronto, you still can participate remotely – see the IETF 90 Remote Participation page for more information about how you can join in to the discussions.

If you are in Toronto, please do feel free to say hello and introduce yourself.  You can pretty much expect to find me in all of these various DNSSEC-related sessions (and many of the IPv6-related sessions, too).

The post A Huge Amount Of DNSSEC Activity Next Week At IETF 90 In Toronto appeared first on Internet Society.