Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Mar 25

Congrats to PowerDNS Team On Their Merger With Open-Xchange

powerdnsCongratulations to Bert Hubert and the rest of the PowerDNS team on their merger with Open-Xchange that was announced yesterday.  We’ve written about PowerDNS a number of times, include it on the list of DNS servers supporting DNSSEC and also include a pointer to the “unofficial” DNSSEC statistics Bert has been maintaining for a number of ccTLDs.

They’ve been doing great work to make DNSSEC easier to deploy and it’s great to see them now have better financial stability.

The Register had a good piece by David Meyer that put this merger into a larger context of Open-Xchange’s plans and included the mention that the team behind the Dovecot open source mail server has also been brought into Open-Xchange.

Congrats to Bert and the team and we hope this new arrangement works well for them and enables to continue their work helping make the Internet more secure!

Mar 25

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

The post Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW) appeared first on Internet Society.

Mar 25

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

Mar 24

Video: IETF Newcomers Session Provides A Tutorial About The Standards Process

What is the Internet Engineering Task Force (IETF) all about?  How does it work to create the open standards that power the Internet?  What does it do specifically?  How can you participate?

At IETF 92 this week in Dallas, Texas, USA, long-time IETF participant Scott Bradner delivered a tutorial as part of the IETF 92 for Newcomers program.  His session was streamed live and is now available for viewing. In the 1.5 hour session Scott covers:

Dan York

Mar 24

Join Live Today at 9:00 CDT – Internet Video Codec BOF at IETF92

Ietf square 1Can we create a royalty-free (RF) video codec that can be deployed ubiquitously and become the new open standard for video communication across the Internet?

THAT is the fundamental question of the Internet Video Codec (NETVC) Birds-of-a-Feather (BoF) happening at IETF 92 in Dallas today, March 24, 2015, from 9:00-11:30 CDT (UTC-5). You can listen and participate live using the following links:

You also may want to view the presentation that will be used during the session.

The goal of the overall effort is defined as this:

  • Development of a video codec that is:

    • Optimized for real-time communications over the public Internet
    • Competitive with or superior to existing modern codecs 

    • Viewed as having IPR licensing terms that allow for wide implementation and deployment 

    • Developed under the IPR rules in BCP 78 (RFC 5378) and BCP 79 (RFCs 3979 and 4879)
  • Replicate the success of the CODEC WG in producing the Opus audio codec.

The BOF proposal contains more of a narrative:

The Internet needs a royalty-free (RF) video codec that can become the backbone for universal deployment of video related technologies. Royalty-bearing codecs put constraints on implementors that are unacceptable, but current RF codecs are not yet competitive with royalty-bearing offerings. This dilemma stalls innovation in the space and means large sets of consumers don't have access to the best video technology.

There are efforts underway by several groups to produce a next-generation, royalty-free (RF) video codec, including VP10 by Google and Daala by Mozilla/Xiph.Org. While far from complete, these efforts aim to surpass the royalty-bearing competition. Efforts within other standards organizations like MPEG to create RF video standards have been unsuccessful so far, but have showed that many consumer device manufacturers would support an RF codec.

The success of Opus from the CODEC WG has also shown that collaboration, based on the IETF's principals of open participation, can produce better results than competition between patented technologies. The IPR rules in BCP 78 and 79 are also critical for success. They impose a duty to disclose, and require exact patent or patent application numbers, in addition to basic licensing terms. This allows participants to evaluate the risk of infringement and, if appropriate, design work arounds, in any technology adopted, and assess the cost of adopting such technology. Because it does not force participants to agree to license their patents under RF terms, it helps to encourage participation even by those opposed to such terms (instead of guaranteeing they stay away). In addition to an environment which encourages third-party disclosures, this provides much better chances of success than SDOs which have a "patent-blind" process or which require blanket RF grants.

And the NETVC BOF agenda outlines the plan for the session today.

I do believe that creating this kind of royalty-free codec for Internet video is a critical step to enabling video to be used everywhere across the Internet... not just where people are able to pay to license royalty-bearing codecs. I'd like to see even more developer creativity and innovation unleashed with this action.

I'll be listening and participating remotely. I hope that many of you will join in as well. 9:00am US CDT today (10:00am for me on the US East Coast).

P.S. If you have no idea what the IETF is all about, you may want to skim The Tao of IETF first...

If you found this post interesting or useful, please consider either:

Mar 24

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

The post Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet appeared first on Internet Society.

Mar 24

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

Mar 23

Dan York Changing His Role With Deploy360

Dan YorkCh..ch…changes…  I just wanted to give readers a bit of a heads up that some things are changing within this Deploy360 site… and some things are staying the same.

At the beginning of March I moved from the Deployment and Operationalization (DO) Team over into the Internet Society Communications team to expand the writing and content creation I’ve been doing about technology here on Deploy360 to also cover topics in our public policy and development areas.  At an Internet Society all-staff retreat last fall we identified that “telling our story better” overall was a critical objective for the organization.  Ever since we began what became the Deploy360 Programme back in late 2011, I’ve been here telling the stories about how we need to deploy key technologies such as IPv6, DNSSEC, TLS and more in order to make the Internet work better, faster and be more secure.  Now I’m just expanding the range of stories I’ll be telling – and working on our overall “content strategy” as an organization to become more effective with what we publish.

I won’t be leaving this Deploy360 site, though.  While most of my new role is focused on the communications aspects, a significant part is still in the technology realm focused on accelerating the deployment of DNSSEC.  I will still be writing here about DNSSEC – and I will still be leading our “DNSSEC Coordination” work to bring people together around the globe to help make DNSSEC deployment ubiquitous.

You just may not see me writing here quite as often about IPv6, TLS, Securing BGP, Anti-Spoofing and other topics.  Other voices will be writing here telling those stories although I may certainly contribute from time to time.

To that end, we are hiring someone to replace me within the DO Team, although we’ve changed the role a bit to focus less on creating new content and more on facilitating the creation of content by others.  A job description has been posted – and Chris has a post out with more details.

It has been an incredible opportunity to work with the DO team over the past 3.5 years to build out this Deploy360 site and resources.  Megan, Jan and Chris are all awesome people to work with (as was Richard Jimmerson before) – and I look forward to continuing to work with them in my new role.

Thanks to all of you who read all the posts and pages I’ve made over the past 3.5 years and used them, criticized them, commented on them and shared them.  Together I think we’ve done a great bit to make the Internet work better!

P.S. Those of you who really want to know more about what I’ll be doing in my new role can read my post on one of my personal sites.

The post Dan York Changing His Role With Deploy360 appeared first on Internet Society.

Mar 23

Dan York Changing His Role With Deploy360

Dan YorkCh..ch…changes…  I just wanted to give readers a bit of a heads up that some things are changing within this Deploy360 site… and some things are staying the same.

At the beginning of March I moved from the Deployment and Operationalization (DO) Team over into the Internet Society Communications team to expand the writing and content creation I’ve been doing about technology here on Deploy360 to also cover topics in our public policy and development areas.  At an Internet Society all-staff retreat last fall we identified that “telling our story better” overall was a critical objective for the organization.  Ever since we began what became the Deploy360 Programme back in late 2011, I’ve been here telling the stories about how we need to deploy key technologies such as IPv6, DNSSEC, TLS and more in order to make the Internet work better, faster and be more secure.  Now I’m just expanding the range of stories I’ll be telling – and working on our overall “content strategy” as an organization to become more effective with what we publish.

I won’t be leaving this Deploy360 site, though.  While most of my new role is focused on the communications aspects, a significant part is still in the technology realm focused on accelerating the deployment of DNSSEC.  I will still be writing here about DNSSEC – and I will still be leading our “DNSSEC Coordination” work to bring people together around the globe to help make DNSSEC deployment ubiquitous.

You just may not see me writing here quite as often about IPv6, TLS, Securing BGP, Anti-Spoofing and other topics.  Other voices will be writing here telling those stories although I may certainly contribute from time to time.

To that end, we are hiring someone to replace me within the DO Team, although we’ve changed the role a bit to focus less on creating new content and more on facilitating the creation of content by others.  A job description has been posted – and Chris has a post out with more details.

It has been an incredible opportunity to work with the DO team over the past 3.5 years to build out this Deploy360 site and resources.  Megan, Jan and Chris are all awesome people to work with (as was Richard Jimmerson before) – and I look forward to continuing to work with them in my new role.

Thanks to all of you who read all the posts and pages I’ve made over the past 3.5 years and used them, criticized them, commented on them and shared them.  Together I think we’ve done a great bit to make the Internet work better!

P.S. Those of you who really want to know more about what I’ll be doing in my new role can read my post on one of my personal sites.

 

Mar 23

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.

The post Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA appeared first on Internet Society.