July 2018 archive

Moose and bear – the perils of Vermont highways

C85C451D-5899-4D2A-BCA3-F37350C76ADB“BEAR CROSSING - STAY ALERT”  The bright yellow sign shouts its warning to me from the side of Interstate 91. I am in the middle of Vermont. There are few people here. Most of the time I-91 has walls of trees on either side, occasionally broken by amazing mountain views  or scenic views of small towns. 

And so we are warned of bears and... moose!

“MOOSE CROSSING - NEXT 5 MILES”

I have seen the photos of damage caused by moose. You have a 2,000 pound animal on thin, spindley legs. Knock out the legs and the main bulk of the body comes crashing down on you! New Hampshire has regular warnings about the number of people who have died due to moose collisions up in the northern part of the state. 

Bears, though, are new. Not sure what I would do if I saw one.  😬

The fascinating flow of free stuff from in front of our house

442E4587-C31C-477B-9FB3-9A8187133085“FREE” says the sign pinned to the telephone pole in front of our house. And as we put out items, they usually disappear within a few hours. 

It’s been a fascinating aspect of living where we do in Keene, New Hampshire. We live on a fairly busy cross street, and so a good number of people are driving by. 

And they do stop and take the stuff we put on the street. All of it. 

Maybe it is part of being a college town. Maybe it is the huge number of people we see going to yard sales. Maybe it is Yankee frugality. Maybe it is just human nature. 

But it has been fun - and incredibly useful. Just put it out on the grassy strip between the sidewalk and the road... and wait a bit. 

And ALL sorts of things. Just yesterday I put out two plastic shelving units from our shed that had gas and oil stains. I honestly thought I would be bringing them to the dump... but no, I looked an hour or so later and they were gone. 

I will miss this culture of picking up free stuff. Our new home in Vermont is in a quieter neighborhood with very little traffic... so this won’t work. 

Meanwhile, at least for the next few days, I will keep putting stuff out there... 🙂

Revisiting a Not-So-New Rule – No Social Media Usage Until I Have Created Something New

Being a writer not being distracted

I woke up this morning frustrated that I simply haven’t been writing across my various sites. In theory I am a “writer”, but I haven’t been writing! And as I wrote in My 3 Words for 2018: “because if I don't write... the stories build up inside of me until they want to explode like a pressure cooker without a relief valve. Writing is my relief valve. I need to do it.

So I said to myself- I know, I will impose a new rule on myself... no social media usage until I publish something new! A blog post, a podcast episode (such as my The Dan York Report short audio segments), an article on some site (ex CircleID), a longer update on a social site... something.... anything.... BEFORE I get sucked into the vortex of social media updates. 

And I will start with a blog post like this one...

Except... I discovered I WROTE THE EXACT SAME POST TWO YEARS AGO! July 24, 2016, to be precise.

And... I noted that on day #2, July 25, 2016, I had already failed. ☹️

So this morning’s great idea turns out to be nothing new. 

In fact, I can go back 10 years ago, to a post in September 2008, where I wrote about Jeremiah Owyang’s “Pay yourself first” philosophy. Or may many other posts about struggling with consistent writing.

Now, maybe this rule is like the “no sweets today” diet rule that turns out to be an aspiration that just doesn’t happen. And maybe EVERY day is too high a goal. Maybe every other day. But I have to do something, or consumption will win over creation. 

Unless, of course, I want to reframe my own perspective and think of myself as an “occasional writer”... and just accept only writing now and then  

I am not quite ready for that. Let’s see how I do this year!

 

TDYR 353 – Podcasting as a Team-building Exercise?

How can you use podcasting or live online radio as a team-building exercise? What happens when you take 16 people, 10 of whom have never done anything with audio, and tell them that in 4 hours they have to stream an hour of live audio on the public Internet? In this episode, Neville Hobson and I talk about exactly this experience! This segment with Neville was actually my weekly report into the For Immediate Release (FIR) podcast hosted by Shel Holtz. It was part of FIR #146 on July 16, 2018. You can hear the entire show at https://firpodcastnetwork.com/fir-146-is-business-dropping-the-e-in-peso/ You can learn more about Neville at: http://www.nevillehobson.com https://twitter.com/jangles The company that did the exercise we talked about is at http://liveat3.today

TDYR 352 – Excited for the start of IETF 102 in Montreal

The 102nd meeting of the Internet Engineering Task Force (IETF) starts today in Montreal with over 1,000 engineers coming together from around the world to make the Internet work better. It’s an amazing event and I give a preview in this episode. Visit https://www.ietf.org/live to follow along this week.

Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy

DNS privacy will receive a large focus in the latter half of the IETF 102 week with attention in the DPRIVE, DNSSD, and OPSEC working groups. In an interesting bit of scheduling (which is always challenging), most of the DNS sessions are Wednesday through Friday. As part of our Rough Guide to IETF 102, here’s a quick view on what’s happening in the world of DNS.

Given that IETF 102 is in Montreal, Canada, all times below are Eastern Daylight Time (EDT), which is UTC-4.

IETF 102 Hackathon

The “DNS team” has become a regular feature of the IETF Hackathons and the Montreal meeting is no different. The IETF 102 Hackathon wiki outlines the work that will start tomorrow (scroll down to see it). Major security/privacy projects include:

Anyone is welcome to join the DNS team for part or all of that event.

DNS Operations (DNSOP)

The DNS sessions at IETF 102 start on Wednesday morning from 9:30am – 12noon with the DNS Operations (DNSOP) Working Group. Paul Wouters and Ondrej Sury will be speaking about “Algorithm Implementation Requirements and Usage Guidance for DNSSEC“, where they will be offering updated guidance around what cryptographic algorithms should be used for different aspects of DNSSEC.  Shumon Huque will be bringing the latest updates to draft-huque-dnsop-multi-provider-dnssec, exploring how to deploy DNSSEC in environments where multiple DNS providers are in use. Paul Wouters will also bring a new draft, draft-pwouters-powerbind, which introduces a new flag for DNSSEC keys that can address a potential attack. Given the critical role DNS plays, the DNSOP agenda has many other drafts up for discussion and action. The DNSOP working group also has a second meeting block on Thursday from 18:10-19:10.

DNS PRIVate Exchange (DPRIVE)

The DPRIVE working group meets Wednesday afternoon from 13:30-15:00 EDT.  As shown on the agenda, there will be three major blocks of discussion. After some initial discussion of current work on existing DNS privacy policies, there will be a larger discussion about some new work called “Oblivious DNS” that aims to make DNS privacy protection even stronger. This work originated in a paper at Princeton University – https://odns.cs.princeton.edu/ – and now is captured in draft-annee-dprive-oblivious-dns. It should be quite an interesting discussion!

The third major area will continue discussion about how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain.  This is work outside the current  DPRIVE Working Group charter and so the group will be discussing whether to ask to expand their mandate to cover this new work.

Extensions for Scalable DNS Service Discovery (DNSSD)

Privacy will also get attention at the DNSSD Working Group on Thursday morning from 9:30-12:00 EDT.  DNSSD focuses on how to make device discovery easier across multiple networks. For instance, helping you find available printers on not just your own network, but also on other networks to which your network is connected. However in doing so the current mechanisms expose a great deal of information. The agenda allocates 65 minutes to Christian Huitema to guide a discussion around the way forward. Drafts under discussion include:

There are other drafts under discussion at DNSSD, but these are the ones probably most of interest to readers of this article.

DNS Resolver Identification and Use (DRIU)

IETF 102 will feature a number of Birds-of-a-Feather (BOF) sessions, and one in particular relates to DNS security. The quick description is:

The IETF has added additional methods for DNS stub resolvers to get to recursive resolvers (notably DNS-over-TLS, RFC 7858), and is about to add another (DNS-over-HTTPS, from the DOH Working Group). As these have been developed, questions have been raised about how to identify these resolvers from protocols such as DHCP and DHCPv6, what the security properties these transports have in various configurations (such as between strict security and opportunistic security), and what it means for a user who has multiple resolvers configured when the elements of the configured set have different transports and security properties.

The DRIU session will be on Thursday from 15:50-17:50, right before the second DNSOP session (although in a different room).

Operational Security Capabilities for IP Network Infrastructure

In the very last slot on Friday afternoon from 11:50-13:20, the OPSEC working group will feature Benno Overeinder speaking about “Recommendations for DNS Privacy Service Operators. This document outlines things DNS operators should thing about when considering offering “DNS privacy” services. It builds on the work coming out of the DPRIVE working group and the experience gained from the IETF Hackathon and the real-world deployment of these new protocols.

DNSSEC Coordination informal breakfast meeting

As a final note, on Friday morning before the sessions start we are planning an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. True to the “informal” nature, we’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

DANE and DNSSEC will also appear in the TLS Working Group’s Monday meeting. The draft-ietf-tls-dnssec-chain-extension will be presented as a potential way to make DANE work faster by allowing both DANE and DNSSEC records to be transmitted in a single exchange, thus reducing the time involved with DANE transactions. Given the key role DNS plays in the Internet in general, you can also expect DNS to appear in other groups throughout the week.

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 102:

DNSOP (DNS Operations) WG
Wednesday, 18 July 2018, 9:30-12:00 EDT, Laurier
Thursday, 19 July 2018, 18:10-19:10 EDT, Place du Canada

Agenda: https://datatracker.ietf.org/meeting/102/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

DPRIVE (DNS PRIVate Exchange) WG
Wednesday, 18 July 2018, 13:30-15:00 EDT, Place du Canada
Agenda: https://datatracker.ietf.org/meeting/102/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Thursday, 19 July 2018, 9:30-12:00 EDT, Duluth
Agenda: https://datatracker.ietf.org/meeting/102/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: http://tools.ietf.org/wg/dnssd/charters/

DRIU (DNS Resolver Identification and Use) BOF
Thursday, 19 July 2018, 15:50-17:50 EDT, Viger
Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-driu

OPSEC (Operational Security Capabilities for IP Network Infrastructure) WG
Friday, 20 July 2018, 11:50-13:20 EDT, Viger
Agenda: https://datatracker.ietf.org/meeting/102/agenda/opsec/
Documents: https://datatracker.ietf.org/wg/opsec/
Charter: http://tools.ietf.org/wg/doh/charters/

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.

The post Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy appeared first on Internet Society.