Category: IETF91

Deploy360@IETF91, Day 5: IDR (Securing BGP), IPv6 and heading on to ION Tokyo

Minions at IETF91As the final day of IETF 91 opens there are only a few sessions left on the long IETF 91 agenda.  For us at Deploy360, our focus will mainly be on the Inter-Domain Routing (IDR) and IPv6 Maintenance (6MAN) meetings happening this morning.  Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the 9:00-11:30 HST block today the Inter-Domain Routing (IDR) is meeting in Coral 2 and it will be, as I understand it, a joint meeting with the SIDR working group that will focus on the proposed BGPSEC protocol.  The agenda is:

  • BGPSEC background/goals/context, Sandy Murphy
  • BGPSEC protocol walk-through, Matt Lepinski
  • BGPSEC protocol time, space analysis, K. Sriram
  • BGPSEC issues for implementors, John Scudder

It should be an interesting session that ties in well with our Securing BGP topic area.

Simultaneously over in the large Coral 3 room, the IPv6 Maintenance Working Group (6MAN) has a very full agenda of proposals to improve how IPv6 works.  For IPv6 fans such as me, this looks to be a great set of discussions!

The final block of sessions from 11:50-13:20 HST does not have any meetings directly tied to the topics we cover here, but I’m intrigued by a document in the Internet Area Open Meeting about tunnels in the Internet’s architecture that will probably be a good session to listen to.

And with that… our time here at IETF 91 in Honolulu will draw to a close.  We’ll have the Internet Society Advisory Council meeting this afternoon… and then we are all heading to Tokyo to present about IPv6, DNSSEC, BGP, BCOP and more at our ION Tokyo event on Monday!  (And you can watch ION Tokyo live via a webcast.)

Thanks for following us this week and to all those who greeted us at IETF 91!  See you next time in Dallas!

P.S. Today’s photo is from Jared Mauch and used with his permission.  NBC Universal, who sponsored the IETF 91 Welcome Reception, gave a stuffed “minion” out to anyone who wanted to have one.  Give some engineers something fun like this and… well… photos are bound to happen!  Jared had a good bit of fun coming up with some photos – you can see his “Minions” photo stream – and the minons were present in many other photos, such as this one I took.

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

IDR (Inter-Domain Routing Working Group) WG
Friday, 14 November 2014, 0900-1130 HST, Coral 2
Agenda: https://datatracker.ietf.org/meeting/91/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

6MAN (IPv6 Maintenance) WG
Friday, 14 November 9am-1130am, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/6man/
Documents: https://datatracker.ietf.org/wg/6man/documents/
Charter: https://datatracker.ietf.org/wg/6man/charter/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Deploy360@IETF91, Day 4: TLS, 6TISCH, DNSSD, IDR, SAAG, DHC and DBOUND

Chris Grundemann at IETF 91On the fourth day of IETF 91 we on the Deploy360 return to a focus on the routing / securing BGP side of our work as well as TLS and a number of DNS-related sessions that are not strictly DNSSEC-related, along with a small bit of IPv6 for “Internet of Things” (IoT) mixed in. There are many other working groups meeting at IETF 91 today but the ones I’ll mention below line up with the topics we cover here on the Deploy360 site.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block two working groups are of interest.  The TLS Working Group continues the evolution of the TLS protocol and we’ll be monitoring that session in Coral 5 to understand where TLS is going.  Meanwhile over in the Hibiscus room, the 6TISCH Working Group will be continuing their work on ensuring that IPv6 works well in low-power networks on devices using IEEE 802.15.4 low-power radios.  We haven’t really covered this work much here on Deploy360, but as the 6TISCH charter indicates, the work is aimed at “low-power and lossy networks” (LLNs) among devices that we often commonly talk of these days as the “Internet of Things” (IoT). As we increasingly connect everything to the Internet, this work should prove very useful.

During the lunch period, there looks to be a fascinating speaker on the topic of “Open Standards, Open Source, Open Loop“,  but the timing is such that several of us will be at an informal (and open) meeting about the Mutually Assured Norms for Routing Security (MANRS) document, part of the ongoing Routing Resilience Manifesto project headed by our colleague Andrei Robachevsky (and he discussed MANRS in his Rough Guide post).

In the 13:00-15:00 HST block there are two groups we’ll be watching: DNSSD and IDR.  As I described in my Rough Guide post about DNSSEC, the DNSSD group is looking at how to extend DNS service discovery beyond a local network – and we’re of course curious about how this will be secured.  DNSSEC is not directly on the agenda, but security issues will be discussed.  Simultaneously the Inter-Domain Routing (IDR) is meeting about improving the Internet’s routing infrastructure, although the security focus will primarily be in tomorrow’s (Friday) IDR meeting. Because of that, our attention may be more focused on the Security Area Open Meeting where there are a couple of drafts about routing security including one that surveyed the different kinds of censorship seen around the world.

Finally, in the 16:40-19:10 HST block the Dynamic Host Configuration (DHC) WG will meet to continue their work on optimizing DHCP for IPv6. Today’s agenda includes some discussions around privacy that should fit in well with the ongoing themes of privacy and security at this IETF meeting.

At the same time as DHC, there will also be a side meeting of the DBOUND (Domain Boundaries) effort that took place at an earlier IETF meeting.  It starts at 16:40 (not 14:40 as went out in email) in the South Pacific II room.  As described in the problem statement, this effort is looking at how “domain boundaries” can be defined for efforts such as the Public Suffix List. From the abstract:

Various Internet protocols and applications require some mechanism for determining whether two Domain Name System (DNS) names are related. In this document we formalize the types of domain name relationships, identify protocols and applications requiring such relationships, review current solutions, and describe the problems that need to be addressed.

While not directly related to the work we do here on Deploy360, it’s interesting from a broader “DNS security perspective”.

And with all of that…  day 4 of IETF 91 will draw to a close for us.  If you are around at IETF 91 in Honolulu, please do find us and say hello!

P.S. Today’s photo is of our own Chris Grundemann making at point at the microphone in the Administrative plenary…

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Thursday, 13 November 2014, 0900-1130 HST, Hibiscus
Agenda: https://tools.ietf.org/wg/6tisch/agenda
Documents: https://tools.ietf.org/wg/6tisch/
Charter: https://tools.ietf.org/wg/6tisch/charter

TLS (Transport Layer Security) WG
Thursday, 13 November 2014, 0900-1130 HST, Coral 5
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls/
Charter: https://tools.ietf.org/wg/tls/charter

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Thursday, 13 November 2014, 1300-1500 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: https://datatracker.ietf.org/wg/dnssd/charter/

SAAG (Security Area Open Meeting) WG
Thursday, 13 November 2014, 1300-1500 HST, Coral 3
Agenda: https://tools.ietf.org/wg/saag/agenda
Documents: https://tools.ietf.org/wg/saag/
Charter: https://tools.ietf.org/wg/saag/charter

IDR (Inter-Domain Routing Working Group) WG
Thursday, 13 November 2014, 1300-1500 HST, Kahili
Agenda: https://datatracker.ietf.org/meeting/91/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

DHC (Dynamic Host Configuration) WG
Thursday, 13 November 2014, 1640-1910 HST, Kahili
Agenda: https://tools.ietf.org/wg/dhc/agenda
Documents: https://tools.ietf.org/wg/dhc/
Charter: https://tools.ietf.org/wg/dhc/charter


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Deploy360@IETF91, Day 3: DANE, HOMENET and Operators and the IETF (OPSAWG)

Sharon Goldberg ANRP prize winnerToday’s third day of IETF 91 is for us on the Deploy360 team both a lighter day in terms of a schedule, but a heavier day in that we have two actual presentations today: Chris is speaking in the OPS Area meeting this morning about our Operators and the IETF project and I’ll be speaking in the DANE working group in the afternoon about DANE deployment.  HOMENET is also meeting this morning and there are connections there to both the IPv6 and DNS security work we talk about here on Deploy360.

These are, of course, only a very small fraction of the many different working groups meeting at IETF 91 today – but these are the ones that line up with our Deploy360 topics.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block our attention will be focused in two working groups.  Of primary importance, our Chris Grundemann will be in the Operations and Management Area Working Group (OPSAWG) in Coral 1 presenting on the work he and Jan Žorž have been doing as part of our Operators and the IETF project to collect information and feedback from network operators about their participation, or lack thereof, in the IETF.  Today he’ll be presenting a summary of the results of the survey he and Jan undertook.  Chris’ slides are available online and he and Jan also published an Internet Draft, draft-opsawg-operators-ietf,  with more information.  (And you can listen live starting at 9:00 HST (UTC-10) , although it looks like Chris is scheduled later in the session.)

Simultaneously over in Coral 3, the HOMENET WG will be meeting to discuss standards related to home/small networks.  As Phil Roberts wrote about, there is a great bit of IPv6-related activity happening within this group.  As I mentioned earlier, too, there is are a couple of DNS-related matters in HOMENET this time around.  One draft, draft-jeong-homenet-device-name-autoconf, explores how home network devices and appliances and sensors that make up the “Internet of Things” (IoT) can be automatically configured with DNS names for monitoring and remote control. Our interest is naturally in how this interaction with DNS can be secured.  Another draft looks at the idea of using a “.home” top-level domain (TLD) for home networks.

After lunch our attention then moves to the DANE Working Group happening from 13:00-15:00 HST in Coral 3.  As I described in my Rough Guide post about DNSSEC, there is a great amount of activity happening here related to DNSSEC and DANE.  As I mentioned in a recent post, I’ll be presenting at the end of the session asking the question “what can we learn from existing DANE deployments?”  I summarized many of the thoughts and questions in draft-york-dane-deployment-observations but have expanded upon that in the slides I’ve prepared for today’s session.  (I also couldn’t resist adding in photos of broccoli and cookies… but why will become clear in the discussion!)

When DANE is done we don’t have a particular focus in the final 15:20-16:50 HST session block on the IETF 91 agenda today, although several groups are of personal interest.  There are also several DNS-related side meetings that are seeming to be scheduled during that time.

We’ll end the day with the usual IETF Operations and Administration Plenary from 17:10-19:40 HST that typically provides good insight into how the IETF is doing… and the “open mic” sessions can usually be educational, entertaining or both.  :-)

If you are around at IETF 91 in Honolulu, please do find us and say hello!

P.S. Today’s photo is of Sharon Goldberg presenting about RPKI and BGP security in the ANRP presentation mentioned yesterday.

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

OPSAWG (Operations and Management Area) WG
Wednesday, 12 November 2014, 0900-1130 HST, Coral 1
Agenda: https://tools.ietf.org/wg/opsawg/agenda
Documents: https://tools.ietf.org/wg/opsawg/
Charter: https://tools.ietf.org/wg/opsawg/charter

HOMENET (Home Networking) WG
Wednesday, 12 November 2014, 0900-1130 HST, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/homenet/
Documents: https://datatracker.ietf.org/wg/homenet/
Charter: https://datatracker.ietf.org/wg/homenet/charter/

DANE (DNS-based Authentication of Named Entities) WG
Wednesday, 12 November 2014, 1300-1500 HST, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dane/
Documents: https://datatracker.ietf.org/wg/dane/
Charter: http://datatracker.ietf.org/wg/dane/charter/

 


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Deploy360@IETF91, Day 2: UTA, DPRIVE, BGP in ARNP, 6LO and IOT, DNSOP

IETF 91 mic lineFor us at Deploy360, Day 2 of IETF 91 brings a heavy focus on DNSSEC and DNS security in general with both DNSOP and DPRIVE meeting. Today also brings one of the key working groups (UTA) related to our “TLS in Applications” topic area.  There is a key WG meeting related to using  IPv6 in “resource-constrained” environments such as the “Internet of Things” (IoT) … and a presentation in the Internet Research Task Force (IRTF) about BGP security and the RPKI.

These are, of course, only a very small fraction of the many different working groups meeting at IETF 91 today – but these are the ones that line up with the topics we write about here at Deploy360.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block we once again will be splitting ourselves across multiple working groups.  In Coral 2 will be the “Using TLS in Applications” (UTA) working group looking at how to increase the usage of TLS across applications.  The UTA WG is a key part of the overall work of the IETF in strengthening the Internet against pervasive monitoring and should be quite a well-attended session.  The UTA agenda includes multiple drafts related to TLS and email, a discussion of a proposal around “token binding” and what should be an involved discussion about the TLS “fallback dance”, i.e. what should happen when a TLS connection cannot be made at the requested level of security?

On the topic of UTA, I’ll note that one of the groups main documents, draft-ietf-uta-tls-bcp, a best practice document on “Recommendations for Secure Use of TLS and DTLS“, has a new version out that incorporates all of the feedback received to date.  This document should soon be at the point where it will enter the publication queue.

Meanwhile, over in the Kahili room the 6LO WG will be talking about using IPv6 in “resource-constrained” and low power environments. The work here is important for sensor/device networks and other similar “Internet of Things” (IoT) implementations.   Among the 6LO agenda items are a discussion of using IPv6 in near field communications (NFC) and what should be quite an interesting discussion around the challenges of using different types of privacy-related IPv6 addresses in a constrained environment.

Simultaneously over in Coral 4 will be the open meeting of the Internet Research Task Force (IRTF) and of particular interest will be the presentation by one of the winners of the Applied Networking Research Prize (ANRP) that is focused on BGP security and the Resource Public Key Infrastructure (RPKI).  As the IRTF open meeting agenda lists the abstract:

The RPKI (RFC 6480) is a new security infrastructure that relies on trusted authorities to prevent attacks on interdomain routing. The standard threat model for the RPKI supposes that authorities are trusted and routing is under attack. This talk discusses risks that arise when this threat model is flipped: when RPKI authorities are faulty, misconfigured, compromised, or compelled (e.g. by governments) to take certain actions. We also survey mechanisms that can increase transparency when RPKI authorities misbehave.

The slides for the presentation are online and look quite intriguing!

After that we’ll be spending our lunch time at the “ISOC@IETF” briefing panel that is focused this time on the topic of “Is Identity an Internet Building Block?”  While not directly related to our work here at Deploy360 we’re quite interested in the topic.  I will also be directly involved as I’ll be producing the live video stream / webcast of the event.  You can join in and watch directly starting at 11:45 am HST (UTC-10). It should be an excellent panel discussion!

As I described in my Rough Guide post about DNSSEC, the 13:00-15:00 block brings the first meeting of the new DPRIVE working group that is chartered to develop “mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.”  The DPRIVE agenda shows the various documents under discussion – there are some very passionate views on very different perspectives… expect this session to have some vigorous discussion!

In the last 15:20-17:20 meeting block of the day we’ll focus on the DNS Operations (DNSOP) Working Group where the major DNSSEC-related document under discussion will be Jason Livingood’s draft-livingood-dnsop-negative-trust-anchors that has generated a substantial bit of discussion on the dnsop mailing list.  The DNSOP agenda contains a number of other topics of interest, including a couple added since the time I wrote about DNS for the Rough Guide.  The discussion about root servers running on loopback addresses should be interesting… and Brian Dickson (now employed by Twitter instead of Verisign) is bringing some intriguing new ideas about a DNS gateway using JSON and HTTP.

After all of that, they’ll let us out of the large windowless rooms (granted, in the dark of evening) for the week’s Social event that will apparently be a Hawaiian Luau.  After all the time inside it will be a pleasure to end the day in casual conversations outside. Please do look to find us and say hello… and if you are not here in Honolulu, please do join in remotely and help us make the Internet work better!

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

UTA (Using TLS in Applications) WG
Tuesday, 11 Nov 2014, 900-1130, Coral 2
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

6LO (IPv6 over Networks of Resource-constrained Nodes) WG
Tuesday, 11 Nov 2014, 900-1130, Kahili
Agenda: https://tools.ietf.org/wg/6lo/agenda
Documents: https://tools.ietf.org/wg/6lo
Charter: https://tools.ietf.org/wg/6lo/charter

IRTF (Internet Research Task Force) Open Meeting
Tuesday, 11 Nov 2014, 900-1130, Coral 4
Agenda: http://tools.ietf.org/agenda/91/agenda-91-irtfopen.html
Charter: https://irtf.org/

DPRIVE (DNS PRIVate Exchange) WG
Tuesday, 11 November 2014, 1300-1500 HST, Coral 5
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSOP (DNS Operations) WG
Tuesday, 11 November 2014, 1520-1720 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Deploy360@IETF91, Day 1: v6OPS, SIDR, EPPEXT, TRANS

Sunset at IETF 91On the first full day here at IETF 91, we have to leave behind the palm trees of the beautiful welcoming reception (pictured at right) to head indoors for a packed agenda of working group sessions.

For us on the Deploy360 team, this first day hits on three of our major topics:  IPv6, DNSSEC and securing BGP.

A big focus  for our group will be the 4.5 hours of IPv6 Operations (v6OPS) Working Group meetings happening in two blocks today: 9:00-11:30 and then 15:20-17:20 Hawaii Standard Time (HST). As our colleague Phil Roberts noted, IPv6 is everywhere within IETF activity, but the v6OPS sessions are particularly important as IPv6 continues to move into mainstream production and experience real operational deployment.


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US).


At the same 9:00-11:30 block as v6OPS in the morning will be the Secure Inter-Domain Routing (SIDR) Working Group that is really the lead working group we’re monitoring for efforts to increase the security of the BGP routing protocol. As Andrei Robachevsky wrote in his Rough Guide post, there is a great amount of work happening with regard to routing security and resiliency and the discussions within SIDR today will contribute to that.

Amazingly, the 13:00-15:00 time block is a quiet one for us (pretty much the only one all week!), although I may wander into the CDN Interconnections (CDNI) working group to check in purely out of my own interest in CDNs.

The 15:20-17:20 block has v6OPS back for its second session, but also has two of the working groups meeting with DNSSEC-related topics going on.  As I described in my Rough Guide post about DNSSEC, the EPPEXT working group will be discussing how to progress a draft about the secure transfer of signed domain names between registrars – and simultaneously the TRANS working group will be looking at the possibility of applying Certificate Transparency (CT) methods to DNSSEC.

In the final 17:30-18:30 meeting block, the TRANS working group will continue their discussions and the GROW working group will also be meeting to discuss route leaks and de-aggregation issues, two major areas that Andrei indicated are of concern to the routing community.

We’ll finish up the day from 18:50-19:50 with the Technical Plenary that will focus on the IAB’s Privacy and Security Program and should be interesting.

All in all it’s going to be a very busy day!  Do note, of course, that all that I’ve mentioned here is just a small part of the overall activity happening at IETF 91 today – these are just the sessions that WE are interested in for the topics we cover here at Deploy360. Please do look to find us and say hello… and if you are not here in Honolulu, please do join in remotely and help us make the Internet work better!

Relevant Working Groups:

v6OPS (IPv6 Operations) WG
Monday, 10 November 900am-1130am, Coral 4
Monday, 10 November 320pm-520pm, Coral 3
Agenda: https://datatracker.ietf.org/meeting/91/agenda/v6ops/
Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/wg/v6ops/charter/

SIDR (Secure Inter-Domain Routing) WG
Monday, 10 November 2014, 0900-1130 HST, Coral 1
Agenda: https://datatracker.ietf.org/meeting/91/agenda/sidr/
Charter: https://datatracker.ietf.org/wg/sidr/charter/

TRANS (Public Notary Transparency) WG
Monday, 10 November 2014, 1300-1500 HST, Hibiscus
Agenda: https://datatracker.ietf.org/meeting/91/agenda/trans/
Documents: https://datatracker.ietf.org/wg/trans/
Charter: https://datatracker.ietf.org/wg/trans/charter/

EPPEXT (Extensible Provisioning Protocol Extensions) WG
Monday, November 10, 2014, 1520-1720 HST, Lehua Suite
Agenda: https://datatracker.ietf.org/meeting/91/agenda/eppext/
Documents: https://datatracker.ietf.org/wg/eppext/
Charter: https://datatracker.ietf.org/wg/eppext/charter/

GROW (Global Routing Operations) WG
Monday, 10 November 2014, 1730-1830 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/grow/
Charter: https://datatracker.ietf.org/wg/grow/charter/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Comments? What Can We Learn From Existing DANE Deployments?

IETF LogoWhat can we learn from existing deployments of the DANE protocol?  As more people start implementing DANE in their applications, are there lessons we can learn to feed back into the standards development process?  What are the barriers people are finding to using DANE? How can we help accelerate the deployment of DANE and DNSSEC?

As I mentioned in my Rough Guide to IETF 91 post and also my post here on Deploy360, I have a short bit of time at the end of the DANE Working Group agenda on next Wednesday, November 12, 2014, to raise these questions and try to get some feedback. To help with that, I wrote an Internet-Draft that you can find at:

https://tools.ietf.org/html/draft-york-dane-deployment-observations

In the document, I outline some of the concerns and issues that I have observed related to DANE deployment, including:

  • Lack of awareness of DANE
  • Challenges creating TLSA records
  • Inability to enter TLSA records at DNS hosting operators
  • Availability of developer libraries
  • Perception that DANE is only for self-signed certificates
  • Performance concerns
  • Cryptographic concerns

I then offered these questions for discussion:

  • What roadblocks are people running into with implementing DANE? (outside of the broader issue of getting DNSSEC validation and signing more widely available) are there lessons we can feed back into our process of developing DANE-related standards?
  • Are there more “Using DANE with <foo>” types of documents that we can or should create? (And who is willing to do so?)
  • Are there some good examples/case studies of DANE implementations that we could perhaps capture as informational RFCs? (The Jabber community’s implementation comes to mind)
  • Are there places where it would be helpful if there were reference implementations of DANE support? For example, DANE for email got a boost when support was added to postfix. Are there other commonly-used open source projects where the addition of DANE support would help move deployment along?
  • Are there test tools that need to be developed? Or existing ones that need to be better promoted? Are there interop tests we can arrange?

I’m looking forward to the discussion on Wednesday… but I also welcome any comments you may have NOW on this topic.  You are welcome to send comments directly to me, send them to the DANE mailing list (you need to subscribe first), post them here as comments to this article – or post them on any of the social networks where this post appears. (although either email or posting the comments here on our site are the best ways to make sure I actually see your comments)

What can we learn from DANE deployment so far – and how can we use that to help get more DANE usage happening?

Two More Rough Guides To IETF 91 On IPv6 And Security / TLS

IETF LogoTwo more “Rough Guide to IETF 91″ posts have been published that may be of interest to Deploy360 readers:

and

Phil’s post naturally talks about all the great work related to IPv6 happening within the various working groups at IETF 91 next week.  The reality is that IPv6 is now the main IP protocol discussed in so many different working groups – and all new work is assumed that it will (or must) work on IPv6 … and so IPv6 discussions are taking place in many different places.   You can expect that you’ll find members of the Deploy360 team in the dedicated IPv6 sessions Phil mentions!

Karen’s post highlights a number of the security and privacy efforts under way within the IETF and IAB.  She also mentions the TLS working group and the Using TLA in Applications (UTA) working groups, both of which are important to the TLS in Applications topic area we have here on Deploy360.

Combined with all the activities related to DNSSEC / DANE and all the activities related to routing security/resiliency … it’s going to be a very busy week next week!  We’re looking forward to it and to meeting up with many of you.

In the meantime, if you’d like to get started with IPv6 or TLS, please visit our Start Here page to begin!

IETF 91 Rough Guide On Routing Resilience And Security – De-aggregation, Route Leaks and more

IETF LogoWhat will be happening next week at IETF 91 with regard to improving the security and resilience of the Internet’s routing infrastructure?

Our colleague Andrei Robachevsky tackles this question in his post this week: “Rough Guide to IETF 91: Routing Resilience & Security“.

Andrei explains that one of the major issues in routing right now is the growth in the size of the global routing tables and the growth of “de-aggregation”… and the challenges that lie therein.  He also writes about “route leaks” and what is being done to address this issue and he writes about the ongoing work related to RPKI in the SIDR working group.

He finishes up talking about the MANRS initiative announced yesterday  and how that can help with overall routing security and resiliency.

Please do read Andrei’s Rough Guide post … and then do check out our topic areas on Securing BGP and Anti-spoofing to learn more about how you can secure your routing infrastructure.  We will look forward to seeing some of you next week at IETF 91!

Meet The Deploy360 Team at IETF 91

If you will be at IETF 91 next week in Honolulu, please do say hello to members of the Deployment & Operationalization (DO) team within the Internet Society.  We are the team behind this Deploy360 website and three of us will be there at IETF 91:

You can expect to find us in the sessions related to IPv6, DNSSEC, routing security and network operations, as well as others related to the topics we cover here on Deploy360.  If you’d like to meet with us, please send an email to deploy360@isoc.org and if you don’t know what we look like, this photo may help:

DO Team 2013

DO Team – left-to-right: Chris Grundemann, Dan York, Megan Kruse, Jan Žorž

See you in Hawaii!

A Great Amount of DNSSEC / DANE / DNS Activity At IETF 91 Next Week

IETF LogoWhat is happening next week at IETF 91 in Honolulu with regard to DNSSEC, DANE and other “DNS security” topics?

great amount of activity, it turns out!

So much that my “Rough Guide to IETF 91: DNSSEC, DANE and DNS Security” turned into quite a lengthy article.  Please read that article for the full description, but a quick summary can be:

  • DNSOP will have discussions around “Negative Trust Anchors”, “DNS Cookies” and more.
  • DANE will discuss using DANE for email, and specifically S/MIME, as well as SRV records and a discussion led by me about what we can learn from current deployments of DANE.
  • A brand new DPRIVE working group will be exploring challenges around privacy and confidentiality of DNS queries.
  • TRANS will look at applying Certificate Transparency (CT) mechanism to DNSSEC keys.
  • EPPEXT will discuss how to move a draft forward about secure transfer of DNSSEC-signed domains between registrars.
  • HOMENET and DNSSD will both be looking at different aspects of using DNS with small networks or “Internet of Things” (IoT) environments – and the question of course is how this usage gets secured.

… and again you’ll want to read the full article to understand more.  The key point is that it will be busy for those of us interested in DNS-related issues!   If you are going to be out at IETF 91, please do contact us or find me there.  Odds are pretty good you’ll find me in either the DNS or IPv6 sessions!

And if you want to get started today with DNSSEC, please visit our Start Here page to learn how!