Category: Internet of Things

Deploy360@IETF92, Day 2: DNSSEC, DANE, IPv6, IoT and Homenet

IETF 92 - 6 man working group

The second day of IETF 92 is a big one for DNSSEC with both the DNSOP and DANE working groups meeting back to back in the afternoon.  There’s also the 6LO working group looking at IPv6 in “resource constrained” environments such as the Internet of Things (IoT) and the day begins with Homenet exploring how we create better home networks based on IPv6.  And in the midst of that will be the IDR working group working to improve the Internet’s routing infrastruture! Here’s what today looks like for us…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

We start in the 0900-1130 CDT block in the International Room where the Homenet working group will be meeting.  As Phil Roberts explained in his Rough Guide to IETF 92 post about IPv6:

the Homenet working group is doing a lot of interesting work producing open standards for protocols to implement robust networks in homes of the future, all based on IPv6. The topics include routing, addressing, naming, and security. It’s exciting to see new standards work for such a potentially huge area for extending the reach of open standards in networks that matter to people around the world.

Beyond IPv6, we’re also monitoring Homenet for possibilities where DNSSEC and TLS can help improve the security of those home networks.

As was curiously the case yesterday, the 1300-1500 CDT session block does not contain any of the regular groups we follow, but you might find us in HTTPBIS hearing about the next version of HTTP, in NETCONF learning about network configuration proposals (the zero touch provisioning draft looks interesting), or over in ACE understanding new ideas to make the Internet of Things (IoT) more secure.

Speaking of IoT, the 1520-1720 CDT session block is one in which we’ll be split across three different working group sessions, one of which will be IoT focused.  The 6LO working group, formally known as the IPv6 over Networks of Resource Constrained Nodes WG, has a packed agenda looking at how IPv6 works in IoT environments.  Transmitting IPv6 packets over near field communications (NFC), security and privacy, multicast technologies and multiple discussions of the IoT bootstrapping process… it all should make for an interesting discussion for those folks looking to get IP everywhere!

Simultaneously over in the Far East Room, the Inter-Domain Routing (IDR) working group will be looking at ways to improve the Internet’s routing infrastructure.  Andrei wrote more about some of the routing discussions happening at IETF 92. I’m interested in the draft here about route leaks, as I find that area fascinating.

However, I’ll be over in the Gold Room (virtually, as I am remote for this meeting) for the DNS Operations (DNSOP) working group that has a VERY packed agenda looking at how to improve the operations of the Domain Name System (DNS). As I wrote in my Rough Guide to IETF 92 post, this session has a good number of drafts related to “DNS security” in general.  I expect there to be some vigorous discussion around the restriction of “meta queries” such as the ANY query.  There are multiple drafts on the agenda about reserving new top-level domains (TLDs) such as .onion, which inevitably gets discussion.  The QNAME minimization is important for DNS privacy/confidentiality… and there are a range of other discussions that will be had related to making DNS work better, faster and be more secure.

We’ll end the day in the 1730-1830 CDT block with the DANE Working Group focused on the DANE protocol and how it can be used to add a layer of trust to TLS and SSL certificates.   This is incredibly important work and while the agenda for today has only one presentation about DANE and S/MIME, I expect based on the strong activity on the DANE mailing list that other topics will be brought up.

When the sessions are all over, Chris and the many folks in Dallas will no doubt head to the IETF Social Event, while those of us who are remote will have a bit of break before heading into Day 3.  Speaking of attending remotely, please do remember that multiple options to participate are available at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil and I:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the 6man working group.

Deploy360@IETF91, Day 2: UTA, DPRIVE, BGP in ARNP, 6LO and IOT, DNSOP

IETF 91 mic lineFor us at Deploy360, Day 2 of IETF 91 brings a heavy focus on DNSSEC and DNS security in general with both DNSOP and DPRIVE meeting. Today also brings one of the key working groups (UTA) related to our “TLS in Applications” topic area.  There is a key WG meeting related to using  IPv6 in “resource-constrained” environments such as the “Internet of Things” (IoT) … and a presentation in the Internet Research Task Force (IRTF) about BGP security and the RPKI.

These are, of course, only a very small fraction of the many different working groups meeting at IETF 91 today – but these are the ones that line up with the topics we write about here at Deploy360.

Read on for more information…


NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.


In the morning 9:00-11:30 block we once again will be splitting ourselves across multiple working groups.  In Coral 2 will be the “Using TLS in Applications” (UTA) working group looking at how to increase the usage of TLS across applications.  The UTA WG is a key part of the overall work of the IETF in strengthening the Internet against pervasive monitoring and should be quite a well-attended session.  The UTA agenda includes multiple drafts related to TLS and email, a discussion of a proposal around “token binding” and what should be an involved discussion about the TLS “fallback dance”, i.e. what should happen when a TLS connection cannot be made at the requested level of security?

On the topic of UTA, I’ll note that one of the groups main documents, draft-ietf-uta-tls-bcp, a best practice document on “Recommendations for Secure Use of TLS and DTLS“, has a new version out that incorporates all of the feedback received to date.  This document should soon be at the point where it will enter the publication queue.

Meanwhile, over in the Kahili room the 6LO WG will be talking about using IPv6 in “resource-constrained” and low power environments. The work here is important for sensor/device networks and other similar “Internet of Things” (IoT) implementations.   Among the 6LO agenda items are a discussion of using IPv6 in near field communications (NFC) and what should be quite an interesting discussion around the challenges of using different types of privacy-related IPv6 addresses in a constrained environment.

Simultaneously over in Coral 4 will be the open meeting of the Internet Research Task Force (IRTF) and of particular interest will be the presentation by one of the winners of the Applied Networking Research Prize (ANRP) that is focused on BGP security and the Resource Public Key Infrastructure (RPKI).  As the IRTF open meeting agenda lists the abstract:

The RPKI (RFC 6480) is a new security infrastructure that relies on trusted authorities to prevent attacks on interdomain routing. The standard threat model for the RPKI supposes that authorities are trusted and routing is under attack. This talk discusses risks that arise when this threat model is flipped: when RPKI authorities are faulty, misconfigured, compromised, or compelled (e.g. by governments) to take certain actions. We also survey mechanisms that can increase transparency when RPKI authorities misbehave.

The slides for the presentation are online and look quite intriguing!

After that we’ll be spending our lunch time at the “ISOC@IETF” briefing panel that is focused this time on the topic of “Is Identity an Internet Building Block?”  While not directly related to our work here at Deploy360 we’re quite interested in the topic.  I will also be directly involved as I’ll be producing the live video stream / webcast of the event.  You can join in and watch directly starting at 11:45 am HST (UTC-10). It should be an excellent panel discussion!

As I described in my Rough Guide post about DNSSEC, the 13:00-15:00 block brings the first meeting of the new DPRIVE working group that is chartered to develop “mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.”  The DPRIVE agenda shows the various documents under discussion – there are some very passionate views on very different perspectives… expect this session to have some vigorous discussion!

In the last 15:20-17:20 meeting block of the day we’ll focus on the DNS Operations (DNSOP) Working Group where the major DNSSEC-related document under discussion will be Jason Livingood’s draft-livingood-dnsop-negative-trust-anchors that has generated a substantial bit of discussion on the dnsop mailing list.  The DNSOP agenda contains a number of other topics of interest, including a couple added since the time I wrote about DNS for the Rough Guide.  The discussion about root servers running on loopback addresses should be interesting… and Brian Dickson (now employed by Twitter instead of Verisign) is bringing some intriguing new ideas about a DNS gateway using JSON and HTTP.

After all of that, they’ll let us out of the large windowless rooms (granted, in the dark of evening) for the week’s Social event that will apparently be a Hawaiian Luau.  After all the time inside it will be a pleasure to end the day in casual conversations outside. Please do look to find us and say hello… and if you are not here in Honolulu, please do join in remotely and help us make the Internet work better!

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

UTA (Using TLS in Applications) WG
Tuesday, 11 Nov 2014, 900-1130, Coral 2
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

6LO (IPv6 over Networks of Resource-constrained Nodes) WG
Tuesday, 11 Nov 2014, 900-1130, Kahili
Agenda: https://tools.ietf.org/wg/6lo/agenda
Documents: https://tools.ietf.org/wg/6lo
Charter: https://tools.ietf.org/wg/6lo/charter

IRTF (Internet Research Task Force) Open Meeting
Tuesday, 11 Nov 2014, 900-1130, Coral 4
Agenda: http://tools.ietf.org/agenda/91/agenda-91-irtfopen.html
Charter: https://irtf.org/

DPRIVE (DNS PRIVate Exchange) WG
Tuesday, 11 November 2014, 1300-1500 HST, Coral 5
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSOP (DNS Operations) WG
Tuesday, 11 November 2014, 1520-1720 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/


For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Video/Slides: Case Study – IPv6 and Home Automation (RIPE67)

How well can a home be automated using IPv6? This week at RIPE67, Nathalie Trenaman spoke about how she and her boyfriend have been in the process of wiring up their home to work over IPv6. We previously mentioned the IPv6 home automation blog she’s been maintaining, but in this presentation she went into a great amount of detail and provided a good set of slides outlining the steps they’ve gone through and what has or hasn’t worked. You can watch the video on the RIPE67 site:

RIPE 67 - Nathalie Trenaman

Natalie concludes offering these “lessons learned”:

  • IPv6 in your house is not cheap
  • There is a lot of manual labour involved
  • Thank Goodness for Open Source!
  • Vendors of commercial “home” products are not even aware of IPv6
  • Not everything with IPv4 can be done with IPv6

It’s a good set of information and it is through efforts like this that we’ll start to see consumer electronics vendors paying attention.

Have you tried automating your home over IPv6? What has your experience been? What systems have you found that work over IPv6?

IPSO Challenge 2013 Offers $10K To Winner With Best New Internet of Things Idea/Product

IPSO AllianceLooking for an interesting new weekend project?  Are you interested in devices for the “connected home” or the “Internet of Things?”  Have you been automating your home or building sensor networks?  Do you like experimenting with hardware platforms like Arduino or the Raspberry Pi?

Would you like to potentially win $10,000 USD?

If so, check out the IPSO Alliance’s “IPSO Challenge 2013” where the About page explains the challenge:

The IPSO (Internet Protocol for Smart Objects) Alliance is sponsoring a worldwide challenge to showcase the use of the Internet Protocol (IP) in sensor/control and M2M applications enabling the Internet of Things (IOT). IPSO Challenge 2013 is a competition promoting the development of Smart Objects which use the Internet Protocol. Just 30 years after the official adoption of the TCP/IP networking protocol, nearly 10 billion devices can connect to the Internet; and before the end of the decade, that number is forecast to nearly triple. Over the coming years, the vast majority of newly connected devices won’t be computers, tablets, or smartphones, but will be intelligent embedded devices participating in the Internet of Things (IoT).

The deadline to submit a written proposal is coming up soon on APRIL 5, 2013, using the submission form at the bottom of the main IPSO Challenge 2013 page. Semi-finalists will be notified soon thereafter and will need to submit a functional prototype by May 17, 2013.  Ultimately winners will be chosen who will receive $10,000,  $5,000 and $2,500.  More details about what you need to do can be found on the About page for the contest.

Why are we writing about this contest here on Deploy360?  Simple.  The reality is that to get the massive scale being considered for the “Internet of Things” many implementations will need to use IPv6.

We were in contact with the people behind this IPSO Challenge 2013 and they are very definitely interested in receiving IPv6 entries.

So we’d like to encourage any of you developers out there to submit some IPv6 proposals!  It would be great if some of the semi-finalists or finalists were entries working over IPv6.

So… if you like working with these kind of projects, do check out the IPSO Challenge site and submit your ideas!

New “Internet Of Things Consortium” Launched

Earlier this month at the Consumer Electronics Show (CES) in Las Vegas, a new “Internet of Things Consortium” was announced bringing together 10 companies with the stated goal of fostering and supporting the growth of Internet-connected devices for consumers.  The consortium has a website now visible at iofthings.org.

The term “Internet of Things” has been around for some time (Wikipedia dates the first use to 1999) and is generally used to refer to the networks of devices and objects that we are connecting to the Internet and that are using the Internet for communication.  Sensor networks are an example.  Another is connected homes where lights, appliances and even power outlets might all be connected.  A number of the companies involved with this consortium make game consoles, televisions and other entertainment devices that would be connected to a home network and on out to the public Internet.

All of these devices are ultimately connected to the Internet – and communicating often amongst themselves in so-called “machine-to-machine” or “m2m” connections.

Now, this new Internet Of Things Consortium is not the first or only such consortium out there.  There are other alliances and groups that are working on promoting open standards for connected homes and devices.  But it’s great to see another group of companies working in this space. The CEO of Ube, one of the participants, was quoted in a TechCrunch article as saying in part this:

“The successful adoption of [machine-to-machine] and connected home technologies is dependent on open standards for the provisioning and control of millions of headless devices.”

Exactly!

Here at Deploy360 we’ve been interested in the “Internet of Things” for a long time because to bring all the billions of devices (and power outlets!) onto the Internet, we’re going to need more IP addresses than what we can get with IPv4.  I queried the new consortium about their IPv6 support and the consortium chairman Jason Johnson came back with this response:

We should absolutely support IPv6 – or there won’t be billions of devices with IP addresses.

That’s exactly right… and I look forward to seeing what they do in this regard and helping them if they need it.

Some out there regard the “Internet Of Things” as marketing hype… but the reality is that we are connecting more and more devices to the Internet.  It is happening today – and we’re going to need IPv6 to make it all work!