Category: IETF92

Deploy360@IETF92, Day 5: EPPEXT… and we’re done!

Face of IETFOn this  final day of IETF 92 our Deploy360 attention will be focused on only one working group, EPPEXT, that is looking at communication between registries, registrars and other entities working with domain names.   There only two blocks of working group sessions today… and then everyone heads home!  Here’s what this abbreviated day looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The sessions in the first 0900-1130 CDT block are not ones that we typically follow.  I may be monitoring CORE, as it deals with Internet of Things (IoT) issues, or perhaps MMUSIC as there is a draft dealing with IPv4 vs IPv6 connectivity.

Finally, in the very last 1150-1320 session, the Extensible Provisioning Protocol Extensions (EPPEXT) working group will be meeting in the Oak Room.  I mentioned EPPEXT in my Rough Guide to IETF 92 post but at the time the agenda was not available.  The IETF 92 agenda is now available, and it includes:

One of the existing documents of interest to us is one that helps with the automation of relaying DNSSEC key material between DNS operators.  We’re also just interested in general with steps that can help automate the communication among these various entities.

And then… with that… IETF 92 will draw to a close!

Many thanks for reading along this week… please do read our other IETF 92-related posts … and we’ll see you at IETF 93 in Prague in July!


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: some of the faces and scenes appearing in Olaf Kolkman’s collection of IETF 92 photos. Used with his permission.

Deploy360@IETF92, Day 5: EPPEXT… and we’re done!

Face of IETFOn this  final day of IETF 92 our Deploy360 attention will be focused on only one working group, EPPEXT, that is looking at communication between registries, registrars and other entities working with domain names.   There only two blocks of working group sessions today… and then everyone heads home!  Here’s what this abbreviated day looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The sessions in the first 0900-1130 CDT block are not ones that we typically follow.  I may be monitoring CORE, as it deals with Internet of Things (IoT) issues, or perhaps MMUSIC as there is a draft dealing with IPv4 vs IPv6 connectivity.

Finally, in the very last 1150-1320 session, the Extensible Provisioning Protocol Extensions (EPPEXT) working group will be meeting in the Oak Room.  I mentioned EPPEXT in my Rough Guide to IETF 92 post but at the time the agenda was not available.  The IETF 92 agenda is now available, and it includes:

One of the existing documents of interest to us is one that helps with the automation of relaying DNSSEC key material between DNS operators.  We’re also just interested in general with steps that can help automate the communication among these various entities.

And then… with that… IETF 92 will draw to a close!

Many thanks for reading along this week… please do read our other IETF 92-related posts … and we’ll see you at IETF 93 in Prague in July!


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: some of the faces and scenes appearing in Olaf Kolkman’s collection of IETF 92 photos. Used with his permission.

The post Deploy360@IETF92, Day 5: EPPEXT… and we’re done! appeared first on Internet Society.

Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

The post Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security appeared first on Internet Society.

Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

The post Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW) appeared first on Internet Society.

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

The post Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet appeared first on Internet Society.

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.


NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.


The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.

The post Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA appeared first on Internet Society.

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.


NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.


The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.