March 2015 archive

Deploy360@IETF92, Day 5: EPPEXT… and we’re done!

Face of IETFOn this  final day of IETF 92 our Deploy360 attention will be focused on only one working group, EPPEXT, that is looking at communication between registries, registrars and other entities working with domain names.   There only two blocks of working group sessions today… and then everyone heads home!  Here’s what this abbreviated day looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The sessions in the first 0900-1130 CDT block are not ones that we typically follow.  I may be monitoring CORE, as it deals with Internet of Things (IoT) issues, or perhaps MMUSIC as there is a draft dealing with IPv4 vs IPv6 connectivity.

Finally, in the very last 1150-1320 session, the Extensible Provisioning Protocol Extensions (EPPEXT) working group will be meeting in the Oak Room.  I mentioned EPPEXT in my Rough Guide to IETF 92 post but at the time the agenda was not available.  The IETF 92 agenda is now available, and it includes:

One of the existing documents of interest to us is one that helps with the automation of relaying DNSSEC key material between DNS operators.  We’re also just interested in general with steps that can help automate the communication among these various entities.

And then… with that… IETF 92 will draw to a close!

Many thanks for reading along this week… please do read our other IETF 92-related posts … and we’ll see you at IETF 93 in Prague in July!


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: some of the faces and scenes appearing in Olaf Kolkman’s collection of IETF 92 photos. Used with his permission.

The post Deploy360@IETF92, Day 5: EPPEXT… and we’re done! appeared first on Internet Society.

Deploy360@IETF92, Day 5: EPPEXT… and we’re done!

Face of IETFOn this  final day of IETF 92 our Deploy360 attention will be focused on only one working group, EPPEXT, that is looking at communication between registries, registrars and other entities working with domain names.   There only two blocks of working group sessions today… and then everyone heads home!  Here’s what this abbreviated day looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The sessions in the first 0900-1130 CDT block are not ones that we typically follow.  I may be monitoring CORE, as it deals with Internet of Things (IoT) issues, or perhaps MMUSIC as there is a draft dealing with IPv4 vs IPv6 connectivity.

Finally, in the very last 1150-1320 session, the Extensible Provisioning Protocol Extensions (EPPEXT) working group will be meeting in the Oak Room.  I mentioned EPPEXT in my Rough Guide to IETF 92 post but at the time the agenda was not available.  The IETF 92 agenda is now available, and it includes:

One of the existing documents of interest to us is one that helps with the automation of relaying DNSSEC key material between DNS operators.  We’re also just interested in general with steps that can help automate the communication among these various entities.

And then… with that… IETF 92 will draw to a close!

Many thanks for reading along this week… please do read our other IETF 92-related posts … and we’ll see you at IETF 93 in Prague in July!


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: some of the faces and scenes appearing in Olaf Kolkman’s collection of IETF 92 photos. Used with his permission.

Jim Courtney Discussing His "Experience Skype To The Max" Book on March 27 on VUC at Noon US EDT

Vuc534 skype to the maxWant to learn more about what's up with Skype right now? Tomorrow, March 27, 2015, at 12 noon US Eastern, my friend Jim Courtney is going to be discussing the new second edition of his "Experience Skype to the Max" on episode 534 of the VoIP Users Conference (VUC) podcast.

As noted on the VUC page, Jim will be talking about:

  • New features over the past three years and why they don’t have the “buzz” impact that new features used to have. Are we becoming calloused to anything new?
  • The challenge of innovating with a product that has built up a legacy and familiarity
  • The challenge of educating users about features beyond free voice and video calling (and it’s also a challenge for smartphones – to make users realize there is value in all those applications available beyond voice calls and SMS messages).
  • The feature set to consider when evaluating other alternatives
  • The directory issue
  • Skype vs Skype for Business
  • Asynchronous vs real time comms (migrating to IM backend has allowed more “persistence” with chat messaging, for instance)
  • Anytime communications Rooms

It should be a good session. I've known Jim for many years through his blogging about VoIP and he has a great amount of knowledge about Skype. Sadly, I'll be occupied with IETF 92 activities during the live broadcast so I will have to catch up with the recording of the session.

It's probably best to also join the IRC backchannel where links are shared, questions are answered and other comments occur. You also can visit the Google+ event page for the VUC #534 session today where there may be additional links and info.

If you won't be at your computer, you can also call in via:

  • sip:200901@login.zipdx.com
  • +1 (646) 475-2098
  • Skype:vuc.me

The session will of course be recorded so you can listen/watch later. Here is the YouTube live video stream:


If you found this post interesting or useful, please consider either:


Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

The post Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security appeared first on Internet Society.

Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

TDYR 234 – Living The IETF Blur This Week

TDYR 234 - Living The IETF Blur This Week by Dan York

Watch Live On March 26 – A Digital Magna Carta: Internet Governance and a New Social Contract

Should we create a new "digital social contract"? What do we want the future of Internet governance to be?  If you are available tomorrow, March 26, 2015, at 6:30pm US EDT (UTC-4), you can watch "A Digital Magna Carta: Internet Governance and a New Social Contract" streaming live out of New York City at:

http://new.livestream.com/internetsociety/digitalmagnacarta

Our own Constance Bommelaer will be on the panel that includes:

Dan York

Congrats to PowerDNS Team On Their Merger With Open-Xchange

powerdnsCongratulations to Bert Hubert and the rest of the PowerDNS team on their merger with Open-Xchange that was announced yesterday.  We’ve written about PowerDNS a number of times, include it on the list of DNS servers supporting DNSSEC and also include a pointer to the “unofficial” DNSSEC statistics Bert has been maintaining for a number of ccTLDs.

They’ve been doing great work to make DNSSEC easier to deploy and it’s great to see them now have better financial stability.

The Register had a good piece by David Meyer that put this merger into a larger context of Open-Xchange’s plans and included the mention that the team behind the Dovecot open source mail server has also been brought into Open-Xchange.

Congrats to Bert and the team and we hope this new arrangement works well for them and enables to continue their work helping make the Internet more secure!

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

The post Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW) appeared first on Internet Society.

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.