Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Mar 24

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

Mar 23

Dan York Changing His Role With Deploy360

Dan YorkCh..ch…changes…  I just wanted to give readers a bit of a heads up that some things are changing within this Deploy360 site… and some things are staying the same.

At the beginning of March I moved from the Deployment and Operationalization (DO) Team over into the Internet Society Communications team to expand the writing and content creation I’ve been doing about technology here on Deploy360 to also cover topics in our public policy and development areas.  At an Internet Society all-staff retreat last fall we identified that “telling our story better” overall was a critical objective for the organization.  Ever since we began what became the Deploy360 Programme back in late 2011, I’ve been here telling the stories about how we need to deploy key technologies such as IPv6, DNSSEC, TLS and more in order to make the Internet work better, faster and be more secure.  Now I’m just expanding the range of stories I’ll be telling – and working on our overall “content strategy” as an organization to become more effective with what we publish.

I won’t be leaving this Deploy360 site, though.  While most of my new role is focused on the communications aspects, a significant part is still in the technology realm focused on accelerating the deployment of DNSSEC.  I will still be writing here about DNSSEC – and I will still be leading our “DNSSEC Coordination” work to bring people together around the globe to help make DNSSEC deployment ubiquitous.

You just may not see me writing here quite as often about IPv6, TLS, Securing BGP, Anti-Spoofing and other topics.  Other voices will be writing here telling those stories although I may certainly contribute from time to time.

To that end, we are hiring someone to replace me within the DO Team, although we’ve changed the role a bit to focus less on creating new content and more on facilitating the creation of content by others.  A job description has been posted – and Chris has a post out with more details.

It has been an incredible opportunity to work with the DO team over the past 3.5 years to build out this Deploy360 site and resources.  Megan, Jan and Chris are all awesome people to work with (as was Richard Jimmerson before) – and I look forward to continuing to work with them in my new role.

Thanks to all of you who read all the posts and pages I’ve made over the past 3.5 years and used them, criticized them, commented on them and shared them.  Together I think we’ve done a great bit to make the Internet work better!

P.S. Those of you who really want to know more about what I’ll be doing in my new role can read my post on one of my personal sites.

The post Dan York Changing His Role With Deploy360 appeared first on Internet Society.

Mar 23

Dan York Changing His Role With Deploy360

Dan YorkCh..ch…changes…  I just wanted to give readers a bit of a heads up that some things are changing within this Deploy360 site… and some things are staying the same.

At the beginning of March I moved from the Deployment and Operationalization (DO) Team over into the Internet Society Communications team to expand the writing and content creation I’ve been doing about technology here on Deploy360 to also cover topics in our public policy and development areas.  At an Internet Society all-staff retreat last fall we identified that “telling our story better” overall was a critical objective for the organization.  Ever since we began what became the Deploy360 Programme back in late 2011, I’ve been here telling the stories about how we need to deploy key technologies such as IPv6, DNSSEC, TLS and more in order to make the Internet work better, faster and be more secure.  Now I’m just expanding the range of stories I’ll be telling – and working on our overall “content strategy” as an organization to become more effective with what we publish.

I won’t be leaving this Deploy360 site, though.  While most of my new role is focused on the communications aspects, a significant part is still in the technology realm focused on accelerating the deployment of DNSSEC.  I will still be writing here about DNSSEC – and I will still be leading our “DNSSEC Coordination” work to bring people together around the globe to help make DNSSEC deployment ubiquitous.

You just may not see me writing here quite as often about IPv6, TLS, Securing BGP, Anti-Spoofing and other topics.  Other voices will be writing here telling those stories although I may certainly contribute from time to time.

To that end, we are hiring someone to replace me within the DO Team, although we’ve changed the role a bit to focus less on creating new content and more on facilitating the creation of content by others.  A job description has been posted – and Chris has a post out with more details.

It has been an incredible opportunity to work with the DO team over the past 3.5 years to build out this Deploy360 site and resources.  Megan, Jan and Chris are all awesome people to work with (as was Richard Jimmerson before) – and I look forward to continuing to work with them in my new role.

Thanks to all of you who read all the posts and pages I’ve made over the past 3.5 years and used them, criticized them, commented on them and shared them.  Together I think we’ve done a great bit to make the Internet work better!

P.S. Those of you who really want to know more about what I’ll be doing in my new role can read my post on one of my personal sites.

 

Mar 23

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.

The post Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA appeared first on Internet Society.

Mar 23

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.

Mar 23

The Hobson & Holtz Report – Podcast #800: March 23, 2015

Quick News:

Ryanair’s next stop is not New York, SHIFT becomes a Google Analytics Certified Partner, American Airlines is playing better music onboard thanks to passengers’ Twitter complaints, business use of social media by front-line employees increases; Ragan promo;

News That Fits:

Starbucks’ #RaceTogether campaign: right or wrong?; Michael Netzley’s Asia Report: reflections on Singapore’s Lee Kuan Yew; latest Pew research on internet usage in emerging and developing countries shows text messaging and social media big in many countries; the Media Monitoring Minute with CustomScoop; listener comments in audio and in the FIR Podcast Community on Google+; as PR rises and journalism falls, PR seems to be dropping the ball; Dan York’s Tech Report: 800th episode, eh?, Internet Society, the BBC’s new responsive website, Meerkat, and more; Igloo software promo; the past week on the FIR Podcast Network;

Music by Ex Norwegian; and more.

For Immediate Release: The Hobson and Holtz Report for March 23, 2015: An 94-minute podcast recorded live from Concord, California, USA, and Wokingham, Berkshire, England.

Links to websites, blog posts and other content we discuss in the show are posted as Delicious bookmarks to facilitate your connection with the discussions and sharing of that content.

So, until Monday March 30…

The post The Hobson & Holtz Report – Podcast #800: March 23, 2015 appeared first on FIR Podcast Network.

Mar 23

FIR #800 – 3/23/15 – For Immediate Release

Quick News: Is Ryanair crossing the Atlantic or not? SHIFT now a Google Anyalitics Certified Partner, American Airlines' music is better due to Twitter complaints, business use of social media by front-line employees increases; Ragan promo; News That Fits: Starbucks' RaceTogether campaign, Michael Netzley's Asia Report, Pew research on Internet usage, Media Monitoring Minute from CustomScoop, listener comments, PR's obligations as it rises and journalism declines, Dan York's Tech Report, Igloo Software promo, the last week on the FIR Podcast Network; music from Ex Norwegian; and more.

Mar 23

FIR #800 – 3/23/15 – For Immediate Release

Quick News: Is Ryanair crossing the Atlantic or not? SHIFT now a Google Anyalitics Certified Partner, American Airlines' music is better due to Twitter complaints, business use of social media by front-line employees increases; Ragan promo; News That Fits: Starbucks' RaceTogether campaign, Michael Netzley's Asia Report, Pew research on Internet usage, Media Monitoring Minute from CustomScoop, listener comments, PR's obligations as it rises and journalism declines, Dan York's Tech Report, Igloo Software promo, the last week on the FIR Podcast Network; music from Ex Norwegian; and more.

Mar 20

TDYR 233 – Working Toward the Consistent Creation Of Quality Content

A key to writing online is to consistently create quality content... in this episode I talk about that...

Mar 20

At IETF92 Next Week, Much Happening With IPv6, DNSSEC, DANE, TLS and more…

Dallas skylineNext week is IETF 92 in Dallas, Texas, and there will be a great amount of activity happening with the topics we cover here on Deploy360: IPv6, DNSSEC (and DANE), TLS, anti-spoofing and securing BGP.  As part of the Rough Guide to IETF 92, several of us have written posts outlining what’s happening in the various topic areas:

In each of those posts you’ll find a summary of what’s happening and a list of the relevant working groups and the associated links about how to learn more.  More information about IETF 92 in general can be found on the main Rough Guide to IETF 92 page at:

https://www.internetsociety.org/rough-guide-ietf92

Beyond all of that, Chris Grundemann will also be talking about our “Operators and the IETF” work and discussing Best Current Operational Practices (BCOP) with people as well.

If you can’t get to Dallas next week, you can attend remotely!  Just visit the IETF 92 remote participation page or check out http://www.ietf.org/live/ for more options.

To that end, as a bit of a change both Megan Kruse and I (Dan York) will be participating in this IETF 92 remotely.  It’s very strange to not be attending an IETF meeting in person, but different circumstances have made it not possible for both of us.  Jan Žorž will also be remote having just returned from v6 World Congress in Paris and about to head off to another event.   Chris Grundemann will be there on site in Dallas, though, and so if you have any questions about Deploy360 activities or want to get more involved, please contact Chris!

We’re looking forward to the usual crazy busy blur of a week that is an IETF meeting… and we’re looking forward to learning what else we can do to help accelerate the deployment of these key Internet technologies to make the Internet work better, faster and be more secure!

An audio commentary about IETF 92 is also available from our SoundCloud account:

The post At IETF92 Next Week, Much Happening With IPv6, DNSSEC, DANE, TLS and more… appeared first on Internet Society.