Category: TLS for Applications

Jan 30

Today’s VUC Google+ Hangout About “Moving The Web To HTTPS”

It’s a bit late-notice for many of you, I realize, but in about 1.5 hours at 12 noon US EST (17:00 UTC) today, the “IP Communications & VoIP Community” will be having a Google+ Hangout on Air on topic of “MoreCrypto: Moving the Web to HTTPS”. Given that this relates to our TLS For Applications topic area, I thought it might be of interest – and I’m intending to join myself.  For more info and the link to watch just click/tap the image:

VUC 526

As noted on the VUC episode page, the speaker is:

Daniel Appelquist, who describes himself as an “open web advocate”, joins us to talk about TLS on the web: some good reasons for using it and the common objections to it. As someone with a very wide experience in IP and network communications, a session with Dan and our VUC regulars should be excellent!

Dan is also a co-chair of the W3C Technical Architecture Group (W3C TAG). The TAG is a special working group within the W3C, chartered (under the W3C Process Document) with stewardship of the Web architecture.

The session will be recorded for later viewing at that same link.

 

Jan 12

In 5 Days, ION Sri Lanka Will Cover IPv6, DNSSEC, DANE, BGP, TLS, BCOP and more

ION Sri Lanka logoComing up in just over 5 days, our ION Sri Lanka event will take place in Kandy, Sri Lanka, on Sunday, January 18, 2015, beginning at 10:00 am India Standard Time (IST, UTC+5:30).  As our agenda shows, we have an ambitious list of sessions covering pretty much all of the topics we cover here at Deploy360. Sessions include:

  •  Welcome from the Internet Society Sri Lanka Chapter, Prof. Gihan Dias (Internet Society Sri Lanka Chapter)
  • Two Years After World IPv6 Launch: Are We There Yet?, Vivek Nigam (APNIC)
  • Why Implement DNSSEC?, Jitender Kumar (Afilias)
  • Deploying DNSSEC: A .LK Case Study, Sashika Suren (LK Domain Registry)
  • DANE: The Future of Transport Layer Security (TLS), Dan York (Internet Society)
  • Lock it Up: TLS for Network Operators, Chris Grundemann (Internet Society)
  • What’s Happening at the IETF? Internet Standards and How to Get Involved, Dan York (Internet Society) and Thilini Rajakaruna (former IETF Fellow)
  • Operators & the IETF, Chris Grundemann (Internet Society)
  • Best Current Operational Practices – An Update, Jan Žorž (Internet Society)
  • IPv6 Success Stories– Network Operators Tell All!, Asela Galappattige (Sri Lanka Telecom); Senevi Herath (LEARN); Matsuzaki Yoshinobu (IIJ)

We have an excellent set of speakers and are very much looking forward to this event!

REGISTRATION IS FREE! If you can get to the Amaya Hills Hotel in Kandy, Sri Lanka, there is no additional cost to attend ION Sri Lanka.  You do need to register by filling out the SANOG registration form.

If you will not be able to get to the ION Sri Lanka location, we’ll be offering a live video stream / webcast of the event via YouTube Live events. Do note that all events happen on Sunday, January 18, starting at 10:00 am India Standard Time (IST).  Given that this is UTC+5:30, the start of ION Sri Lanka may actually be in the late hours of Saturday, January 17, for people in the United States.  Here are some examples:

  • 10:00 am, Sunday, Jan 18 – IST, Kandy, Sri Lanka
  • 5:30 am, Sunday, Jan 18 – CET, central Europe
  • 4:30 am, Sunday, Jan 18 – UTC
  • 11:30 pm, Saturday, Jan 17EST, east coast, USA
  • 8:30 pm, Saturday, Jan 17PST, west coast, USA

You may find it helpful to use one of the time/date conversion tools to ensure your timing is correct. All the sessions will be recorded for later viewing and the slides will be available online as well.

To stay up-to-date about ION Sri Lanka you can also join:

If you are on Twitter, you can follow @Deploy360 and use hashtag #IONConf for all things ION!

We’re looking forward to seeing many people at the ION Sri Lanka event and joining in the other SANOG 25 activities happening there.  If you are in Sri Lanka (or can get there), please do join us for ION Sri Lanka!

P.S. And if you want to get started today with IPv6, DNSSEC or other topics, please visit our Start Here page to begin – why wait for ION Sri Lanka?  Why not start now?

Jan 01

Happy New Year! Do Your 2015 Plans Include IPv6, DNSSEC or TLS?

2015Happy New Year!  It’s 2015 … what are you going to do differently this year?  Will you get your websites working over IPv6?  Will you sign your domains with DNSSEC and enable validation?  Will you use TLS for all your websites and applications?

We’re looking forward to a great 2015. We’ll be holding ION conferences around the world, including ION Sri Lanka coming up shortly on January 18. We’ll be writing on our blog and posting video, audio, slides and more to all our various sites and services. We’ll be speaking and participating at events from ICANN, IETF and many, many more.  We’ll be helping get more BCOP documents written and doing whatever we can to improve communication between network operators and the IETF.

2015 is going to be a great year!

If you haven’t yet made technical plans for 2015, may we suggest some ideas?  How about:

  • Set up your DNS resolvers to perform DNSSEC validation – there’s a great whitepaper that shows how easy this is!
  • Join the MANRS Initiative and declare publicly that your network will help keep the Internet’s routing infrastructure clean! See the MANRS document for more info.

Why not make one of these your resolution for the year and see what can happen?

We’re here to help… check out our Start Here page to find resources that may work for you… and please let us know if you can’t find what you are looking for!

Let’s make 2015 amazing!

Dec 03

Olle Johansson’s #MoreCrypto V2.0 Slide Deck – With TLS

Olle Johansson is a tireless crusader for bringing about a more secure Internet… and just recently published a new version 2.0 of his “#MoreCrypto” slide presentation that this time incorporates a good bit more information about TLS. He includes some tutorial information about TLS and gives multiple examples of using certificates, including with the DANE protocol.

If you are looking to come up to speed on how we make the Internet more secure as well as why it is important, the deck is very useful.  We do encourage you to check it out!

And when you’re done, why not head over to our “TLS for Applications” area to learn more about adding TLS to your applications?  Or visit our Start Here page to get started with IPv6, DNSSEC, TLS and more?

P.S. Olle is always open to feedback about his slides, too… you can reach him at oej@edvina.net.

Nov 14

Make Encryption The Norm For All Internet Traffic, Says The Internet Architecture Board (IAB)

Internet Architecture Board (IAB)The Internet Architecture Board announced a new “Statement on Internet Confidentiality” yesterday that calls on “protocol designers, developers, and operators to make encryption the norm for Internet traffic“.  The statement, distributed via email by IAB Chair Russ Housely, goes further in urging those who design and develop new protocols “to design for confidential operation by default“.

The strong statement, republished below, represents the continued evolution of the thinking of the wider technical community, as represented by the IAB and the IETF,  that in light of the disclosures of massive pervasive monitoring of the Internet (see RFC 7258) the technical infrastructure of the Internet needs to be strengthened against those attacks.

As the IAB statement notes, such a move to make encryption the default will have impacts on some aspects of current network operations, but the statement represents the very public commitment by the IAB to help create the conditions under which, as it says, we can “move to an Internet where traffic is confidential by default.”

From our perspective here at Deploy360, we definitely welcome this statement as it will help the overall security of the Internet.  Within the topics we cover here, we encourage developers to look at adding TLS to all their applications, and we encourage network operators to do all they can to help their customers use TLS-encrypted applications wherever possible.  We are also looking forward to continued discussions such as those held in the DPRIVE Working Group this week at IETF 91 that will improve the confidentiality and privacy of DNS interactions as well as those within the routing infrastructure.

Here is the full IAB Statement on Internet Confidentiality:

IAB Statement on Internet Confidentiality

In 1996, the IAB and IESG recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.

We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.

We’re looking forward to working with all of you there to bring about this Internet where traffic is encrypted by default!

Nov 13

Deploy360@IETF91, Day 4: TLS, 6TISCH, DNSSD, IDR, SAAG, DHC and DBOUND

Chris Grundemann at IETF 91On the fourth day of IETF 91 we on the Deploy360 return to a focus on the routing / securing BGP side of our work as well as TLS and a number of DNS-related sessions that are not strictly DNSSEC-related, along with a small bit of IPv6 for “Internet of Things” (IoT) mixed in. There are many other working groups meeting at IETF 91 today but the ones I’ll mention below line up with the topics we cover here on the Deploy360 site.

Read on for more information…

NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.

In the morning 9:00-11:30 block two working groups are of interest.  The TLS Working Group continues the evolution of the TLS protocol and we’ll be monitoring that session in Coral 5 to understand where TLS is going.  Meanwhile over in the Hibiscus room, the 6TISCH Working Group will be continuing their work on ensuring that IPv6 works well in low-power networks on devices using IEEE 802.15.4 low-power radios.  We haven’t really covered this work much here on Deploy360, but as the 6TISCH charter indicates, the work is aimed at “low-power and lossy networks” (LLNs) among devices that we often commonly talk of these days as the “Internet of Things” (IoT). As we increasingly connect everything to the Internet, this work should prove very useful.

During the lunch period, there looks to be a fascinating speaker on the topic of “Open Standards, Open Source, Open Loop“,  but the timing is such that several of us will be at an informal (and open) meeting about the Mutually Assured Norms for Routing Security (MANRS) document, part of the ongoing Routing Resilience Manifesto project headed by our colleague Andrei Robachevsky (and he discussed MANRS in his Rough Guide post).

In the 13:00-15:00 HST block there are two groups we’ll be watching: DNSSD and IDR.  As I described in my Rough Guide post about DNSSEC, the DNSSD group is looking at how to extend DNS service discovery beyond a local network – and we’re of course curious about how this will be secured.  DNSSEC is not directly on the agenda, but security issues will be discussed.  Simultaneously the Inter-Domain Routing (IDR) is meeting about improving the Internet’s routing infrastructure, although the security focus will primarily be in tomorrow’s (Friday) IDR meeting. Because of that, our attention may be more focused on the Security Area Open Meeting where there are a couple of drafts about routing security including one that surveyed the different kinds of censorship seen around the world.

Finally, in the 16:40-19:10 HST block the Dynamic Host Configuration (DHC) WG will meet to continue their work on optimizing DHCP for IPv6. Today’s agenda includes some discussions around privacy that should fit in well with the ongoing themes of privacy and security at this IETF meeting.

At the same time as DHC, there will also be a side meeting of the DBOUND (Domain Boundaries) effort that took place at an earlier IETF meeting.  It starts at 16:40 (not 14:40 as went out in email) in the South Pacific II room.  As described in the problem statement, this effort is looking at how “domain boundaries” can be defined for efforts such as the Public Suffix List. From the abstract:

Various Internet protocols and applications require some mechanism for determining whether two Domain Name System (DNS) names are related. In this document we formalize the types of domain name relationships, identify protocols and applications requiring such relationships, review current solutions, and describe the problems that need to be addressed.

While not directly related to the work we do here on Deploy360, it’s interesting from a broader “DNS security perspective”.

And with all of that…  day 4 of IETF 91 will draw to a close for us.  If you are around at IETF 91 in Honolulu, please do find us and say hello!

P.S. Today’s photo is of our own Chris Grundemann making at point at the microphone in the Administrative plenary…

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG
Thursday, 13 November 2014, 0900-1130 HST, Hibiscus
Agenda: https://tools.ietf.org/wg/6tisch/agenda
Documents: https://tools.ietf.org/wg/6tisch/
Charter: https://tools.ietf.org/wg/6tisch/charter

TLS (Transport Layer Security) WG
Thursday, 13 November 2014, 0900-1130 HST, Coral 5
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls/
Charter: https://tools.ietf.org/wg/tls/charter

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Thursday, 13 November 2014, 1300-1500 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: https://datatracker.ietf.org/wg/dnssd/charter/

SAAG (Security Area Open Meeting) WG
Thursday, 13 November 2014, 1300-1500 HST, Coral 3
Agenda: https://tools.ietf.org/wg/saag/agenda
Documents: https://tools.ietf.org/wg/saag/
Charter: https://tools.ietf.org/wg/saag/charter

IDR (Inter-Domain Routing Working Group) WG
Thursday, 13 November 2014, 1300-1500 HST, Kahili
Agenda: https://datatracker.ietf.org/meeting/91/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

DHC (Dynamic Host Configuration) WG
Thursday, 13 November 2014, 1640-1910 HST, Kahili
Agenda: https://tools.ietf.org/wg/dhc/agenda
Documents: https://tools.ietf.org/wg/dhc/
Charter: https://tools.ietf.org/wg/dhc/charter

For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Nov 11

Deploy360@IETF91, Day 2: UTA, DPRIVE, BGP in ARNP, 6LO and IOT, DNSOP

IETF 91 mic lineFor us at Deploy360, Day 2 of IETF 91 brings a heavy focus on DNSSEC and DNS security in general with both DNSOP and DPRIVE meeting. Today also brings one of the key working groups (UTA) related to our “TLS in Applications” topic area.  There is a key WG meeting related to using  IPv6 in “resource-constrained” environments such as the “Internet of Things” (IoT) … and a presentation in the Internet Research Task Force (IRTF) about BGP security and the RPKI.

These are, of course, only a very small fraction of the many different working groups meeting at IETF 91 today – but these are the ones that line up with the topics we write about here at Deploy360.

Read on for more information…

NOTE: If you are not in Honolulu but would like to follow along, please view the remote participation page for ways you can listen in and participate.  In particular, at this IETF meeting all the sessions will have Meetecho coverage so you can listen, watch and chat through that web interface.  All agenda times are in HST, which is UTC-10 (and five hours earlier than US Eastern time for those in the US). I suggest using the “tools-style” agenda as it has easy links to the chat room, Meetecho and other documents for each session.

In the morning 9:00-11:30 block we once again will be splitting ourselves across multiple working groups.  In Coral 2 will be the “Using TLS in Applications” (UTA) working group looking at how to increase the usage of TLS across applications.  The UTA WG is a key part of the overall work of the IETF in strengthening the Internet against pervasive monitoring and should be quite a well-attended session.  The UTA agenda includes multiple drafts related to TLS and email, a discussion of a proposal around “token binding” and what should be an involved discussion about the TLS “fallback dance”, i.e. what should happen when a TLS connection cannot be made at the requested level of security?

On the topic of UTA, I’ll note that one of the groups main documents, draft-ietf-uta-tls-bcp, a best practice document on “Recommendations for Secure Use of TLS and DTLS“, has a new version out that incorporates all of the feedback received to date.  This document should soon be at the point where it will enter the publication queue.

Meanwhile, over in the Kahili room the 6LO WG will be talking about using IPv6 in “resource-constrained” and low power environments. The work here is important for sensor/device networks and other similar “Internet of Things” (IoT) implementations.   Among the 6LO agenda items are a discussion of using IPv6 in near field communications (NFC) and what should be quite an interesting discussion around the challenges of using different types of privacy-related IPv6 addresses in a constrained environment.

Simultaneously over in Coral 4 will be the open meeting of the Internet Research Task Force (IRTF) and of particular interest will be the presentation by one of the winners of the Applied Networking Research Prize (ANRP) that is focused on BGP security and the Resource Public Key Infrastructure (RPKI).  As the IRTF open meeting agenda lists the abstract:

The RPKI (RFC 6480) is a new security infrastructure that relies on trusted authorities to prevent attacks on interdomain routing. The standard threat model for the RPKI supposes that authorities are trusted and routing is under attack. This talk discusses risks that arise when this threat model is flipped: when RPKI authorities are faulty, misconfigured, compromised, or compelled (e.g. by governments) to take certain actions. We also survey mechanisms that can increase transparency when RPKI authorities misbehave.

The slides for the presentation are online and look quite intriguing!

After that we’ll be spending our lunch time at the “ISOC@IETF” briefing panel that is focused this time on the topic of “Is Identity an Internet Building Block?”  While not directly related to our work here at Deploy360 we’re quite interested in the topic.  I will also be directly involved as I’ll be producing the live video stream / webcast of the event.  You can join in and watch directly starting at 11:45 am HST (UTC-10). It should be an excellent panel discussion!

As I described in my Rough Guide post about DNSSEC, the 13:00-15:00 block brings the first meeting of the new DPRIVE working group that is chartered to develop “mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.”  The DPRIVE agenda shows the various documents under discussion – there are some very passionate views on very different perspectives… expect this session to have some vigorous discussion!

In the last 15:20-17:20 meeting block of the day we’ll focus on the DNS Operations (DNSOP) Working Group where the major DNSSEC-related document under discussion will be Jason Livingood’s draft-livingood-dnsop-negative-trust-anchors that has generated a substantial bit of discussion on the dnsop mailing list.  The DNSOP agenda contains a number of other topics of interest, including a couple added since the time I wrote about DNS for the Rough Guide.  The discussion about root servers running on loopback addresses should be interesting… and Brian Dickson (now employed by Twitter instead of Verisign) is bringing some intriguing new ideas about a DNS gateway using JSON and HTTP.

After all of that, they’ll let us out of the large windowless rooms (granted, in the dark of evening) for the week’s Social event that will apparently be a Hawaiian Luau.  After all the time inside it will be a pleasure to end the day in casual conversations outside. Please do look to find us and say hello… and if you are not here in Honolulu, please do join in remotely and help us make the Internet work better!

See also:

Relevant Working Groups

We would suggest you use the “tools-style” agenda to find links to easily participate remotely in each of these sessions.

UTA (Using TLS in Applications) WG
Tuesday, 11 Nov 2014, 900-1130, Coral 2
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

6LO (IPv6 over Networks of Resource-constrained Nodes) WG
Tuesday, 11 Nov 2014, 900-1130, Kahili
Agenda: https://tools.ietf.org/wg/6lo/agenda
Documents: https://tools.ietf.org/wg/6lo
Charter: https://tools.ietf.org/wg/6lo/charter

IRTF (Internet Research Task Force) Open Meeting
Tuesday, 11 Nov 2014, 900-1130, Coral 4
Agenda: http://tools.ietf.org/agenda/91/agenda-91-irtfopen.html
Charter: https://irtf.org/

DPRIVE (DNS PRIVate Exchange) WG
Tuesday, 11 November 2014, 1300-1500 HST, Coral 5
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSOP (DNS Operations) WG
Tuesday, 11 November 2014, 1520-1720 HST, Coral 4
Agenda: https://datatracker.ietf.org/meeting/91/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

For more background on what is happening at IETF 91, please see our “Rough Guide to IETF 91″ posts on the ITM blog:

If you are here at IETF 91 in Honolulu, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Nov 07

Two More Rough Guides To IETF 91 On IPv6 And Security / TLS

IETF LogoTwo more “Rough Guide to IETF 91″ posts have been published that may be of interest to Deploy360 readers:

and

Phil’s post naturally talks about all the great work related to IPv6 happening within the various working groups at IETF 91 next week.  The reality is that IPv6 is now the main IP protocol discussed in so many different working groups – and all new work is assumed that it will (or must) work on IPv6 … and so IPv6 discussions are taking place in many different places.   You can expect that you’ll find members of the Deploy360 team in the dedicated IPv6 sessions Phil mentions!

Karen’s post highlights a number of the security and privacy efforts under way within the IETF and IAB.  She also mentions the TLS working group and the Using TLA in Applications (UTA) working groups, both of which are important to the TLS in Applications topic area we have here on Deploy360.

Combined with all the activities related to DNSSEC / DANE and all the activities related to routing security/resiliency … it’s going to be a very busy week next week!  We’re looking forward to it and to meeting up with many of you.

In the meantime, if you’d like to get started with IPv6 or TLS, please visit our Start Here page to begin!

Aug 07

Awesome News About HTTPS As A Ranking Signal, Google! Now Can We Please Get IPv6 And DNSSEC, Too?

Google logoThe big news hitting the online marketing world today is that Google has indicated that the use of HTTPS in your web site will potentially help your site rank better in Google’s search results. In other words, the use of a TLS (formerly “SSL”) certificate to encrypt the connection to your website will be one of the signals Google uses to rank results.  To be precise, here is the key part of the post:

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Because you almost never get SEO advice directly from Google this was big news today.  And even though the post says that fewer than 1% of search engine queries will be helped today by enabling HTTPS, I’ve already seen a ton of associated articles from SEO consultants and others saying that you need to go enable TLS for your site today.  (Well, okay, to be honest the ones I’ve seen are all saying to go enable “SSL” but maybe some day we can get everyone to use “TLS”! On that note, kudos to Google for NOT using “SSL” in their article!)

I’m sure that many web hosting providers are similarly getting inquiries from customers today about how TLS can be enabled on their websites.

Naturally we’re pleased to see this news out of Google because the goal of our TLS for Applications area here on Deploy360 is to help people get TLS happening across their sites and services.  So to the degree that Google can help drive that deployment of TLS – and wind up getting the whole ecosystem of SEO consultants and marketing/PR people to help drive that deployment – we all win with a more secure Internet!

Of course, our thinking immediately jumps to the next step – what if Google were to say that having a site available over IPv6 would count as a ranking signal?  Several people on Twitter suggested exactly that today. Here’s one:

Can you imagine how many website owners might suddenly be asking their ISPs and hosting providers how to get IPv6?  (Tip to website owners/operators: check our our IPv6 resources targeted to you!)

Or… what if the fact that a web site’s domain was signed with DNSSEC counted as a ranking signal?

Can you imagine how many website owners might suddenly be trying to get their domains signed?  (Again, we’ve got you covered with some steps you can take.)

How about it, Google?  Please?   :-)

P.S. If you do want to get your site or network moved to IPv6 or DNSSEC, please check out our “Start Here” page to find resources focused on your type of organization or role.

 

 

Jul 24

Deploy360@IETF90, Day 4: 6LO, DNSSD, SUNSET4 and Learning About 5G Wireless Technology…

IETF LogoToday at IETF 90 we on the Deploy360 team will be starting the day focusing on the “Internet of Things (IoT)” as we listen to what is being discussed in the 6LO working group.  Formally titled “IPv6 over Networks of Resource Constrained Nodes” this group focuses on using IPv6 in low power and constrained environments such as sensor networks, “smart grids” and other embedded environments. The 6lo agenda is full of drafts exploring different types of such networks.  There is great work happening in this group and we’re looking forward to listening to the discussions.

At the end of the scheduled working group sessions we’ll also be in IPv6-land as we join in the SUNSET4 Working Group looking at what needs to be done to ensure that networks can operate in the absence of IPv4, i.e. in an IPv6-only situation. Today’s SUNSET4 agenda looks at how to shut off IPv4 on a network and several drafts about how to work in an IPv4-only space.

At the same time as the SUNSET 4 WG there will also be the TLS Working Group that will be looking at several new encryption mechanisms for TLS.

In between those IPv6 and TLS sessions I’ll be sitting in the DNSSD working group. As I mentioned in the Rough Guide post relating to DNSSEC, the work in this group doesn’t directly apply to DNSSEC, but there are discussions relating to DNS security in general that are important for us to monitor.

Some of the other sessions that some of our team members may monitor include:

If you’d like to join the 6LO or SUNSET4 sessions (or any of the others) remotely to hear the discussion you can follow the instructions on the IETF 90 Remote Participation page or use the “tools-style” agenda page that provides easy links to the audio stream, jabber chat room documents and more for each of the sessions.

Lunch Briefing About 5G Wireless Technology

In the middle of the sessions during the lunch break from 11:30-13:00 EDT I’m planning to be in Ballroom to listen to a presentation from Erik Dahlman of Ericsson about what “5G” technology is all about. The abstract is:

Discussions on fifth generation (5g) wireless access has rapidly intensified during the latest two years. 5G wireless access is seen as the long-term enabler of the overall networked society, not only providing enhanced mobile broadband access but being a tool to provide wireless connectivity for any kind of application.

This speech will provide an overview of the state of 5G efforts around the world. We will discuss the specific requirements and challenges being identified for 5G wireless access and the different technology
components and alternatives being considered. We will also outline possible time schedule for 5G in ITU and 3GPP.

The lunchtime session will have a live video stream and will also be recorded for later viewing.

Bits-N-Bites

We’ll be ending the day at the Bits-N-Bites session that has a new format and what look like very cool demonstrations related to the “Internet of Things”.  Should be fun to see!

The information about the relevant working groups today is:

6LO (IPv6 over Networks of Resource Constrained Nodes) WG
Agenda: https://datatracker.ietf.org/meeting/90/agenda/6lo/
Documents: https://datatracker.ietf.org/wg/6lo/
Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/ 
(Thursday, July 22, 2014, 0900-1130 EDT, Tudor 7/8)

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Agenda: https://datatracker.ietf.org/meeting/90/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: https://datatracker.ietf.org/wg/dnssd/charter/
(Thursday, July 24, 2014, 1520-1720 EDT, Canadian)

SUNSET4 (Sunsetting IPv4) WG
Agenda: https://datatracker.ietf.org/meeting/90/agenda/sunset4/
Documents: https://datatracker.ietf.org/wg/sunset4/
Charter: http://tools.ietf.org/wg/sunset4/charters
(Thursday, July 22, 2014, 1730-1830 EDT, Tudor 7/8)

TLS (Transport Layer Security) WG
Agenda: https://datatracker.ietf.org/meeting/90/agenda/tls/
Documents: https://datatracker.ietf.org/wg/tls/
Charter: http://tools.ietf.org/wg/tls/charters
(Thursday, July 22, 2014, 1730-1830 EDT, Ontario)

For more background on what is happening at IETF 90, please see our “Rough Guide to IETF 90″ posts on the ITM blog:

If you are here at IETF 90 in Toronto, please do feel free to say hello to a member of the Deploy360 team.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.