There were two plenaries held during IETF63 in Paris. The Wednesday evening plenary was dedicated to Operations and Administration with the Thursday plenary focussing on technical issues.
Operations and Administration Plenary
The Wednesday plenary started with a welcome address by Brian Carpenter, the new IETF Chair. See page 5 for the IETF Chair’s report.
Brian thanked France Telecom, the local host and sponsor of IETF63 and introduced Pascal Viginier, Executive President R&D, France Telecom. In his plenary address, Pascal stressed the importance of standardization in order to ensure interoperability. He encouraged the IETF to continue the way in which they are working and to cooperate with other Standards Organisations, especially with the IEEE, but also with the ITU and 3GPP, especially in the area of mobility.
On behalf of the Internet Society, Daniel Karrenberg (chair of ISOC’s Postel Award committee) then described the Postel Award and presented the 2005 award to Professor Jun Murai of Japan. Professor Murai thanked ISOC for the award and mentions that he is very pleased to see that there are so many attendees from Japan and the Asia Pacific region nowadays. He remembers when he was the only attendee from Asia at the IETF and looks back to the time when he installed the first root server that was located outside the US.
Lucy Lynch, Chair of the IETF Administrative Oversight Committee (IAOC), introduced the IAOC members and describes the responsibilities of the IAOC and the structure of the IETF Administrative Support Activity (IASA) along with the responsibilities of the new IETF Administrative Director (IAD), Ray Pelletier. The IAOC is currently working with CNRI on the transfer of IETF related IPR to a new IETF trust. The details of this trust are currently being discussed. The web site of the IASA is at:http://koi.uoregon.edu/~iaoc
Ray Pelletier, the new IAD, introduced himself to the IETF and explained how his job will be to improve the throughput of the IETF and to reduce friction and add transparency. Some processes will have to be changed. He encourages people to send suggestions to email@example.com on process issues regarding meetings, WGs etc.
Henrik Levkowetz presented the IETF Tools Team, formed in August 2004. The team is working on a number of very useful tools for the IETF community and is also collecting existing tools from other sources. His presentation as well as all information about the tools can be found at http://tools.ietf.org.
A discussion among the IETF community followed during which a number of procedural improvements were suggested related to topics such as:
- Project management/delay reduction for drafts
- Process change ideas
- Does the community believe process change is needed (if so, at what priority)?
- What is the best way to change the process?
Some concern was expressed that concentrating too much on too many process changes could take time away from technical work and review. Leslie Daigle, Chair of the IAB, stressed that the entire community needs to find a way to agree on how to pick what process changes we need to work on and in what order. Further work on process changes will continue in the plenary sessions of coming IETF meetings.
During the Technical plenary on Thursday, a number of technical issues were presented and discussed.
Steve Bellovin gave a presentation entitled Application security: Threats and Architecture showing how the world is changing and how people that want to cause harm adapt to new technology. The requirements for security have changed, because the threats have changed.
Typical attacks today include eavesdropping, man-in-the-middle attacks, evil twin access points, routing attacks and ARP-spoofing. Yesterday’s security mechanisms such as plain text passwords, plain text challenge/response based on passwords or crypto without bilateral authentication don’t work well today.
With every transaction we need to ask: Is this the party to whom I am speaking? Who is the Right Party? Authorisation is still the hard part.
Depending on the application being used, an appropriate security solution must be chosen. However, in order to make that choice, one needs to know what the properties of the lower layers are. This requires real analysis.
After the presentation there was a suggestion to set up a tutorial on this topic. Steve Bellovin agreed saying it is important to make people aware of threats and security holes.
IAB Town Hall session
Moderated open Town Hall sessions were introduced for the first time at IETF63 in order to encourage discussion during the plenaries. Prior to the meeting, suggested discussion topics were collected on the IETF mailing list.
Notably, it is easiest to focus discussion on known problems than everything that in fact is working well. To help frame the evening’s discussion the following issues were raised on the IETF list to be discussed during the open IAB Town Hall session:
- The big interconnection between VoIP and IP services
- End-to-end and KISS principle
- Concerns about NAT alikes popping up with session border controllers
A lively discussion followed on the relationship between IETF standards and real-life user experiences: This centred on the question of “How do we make sure we don’t have to turn millions of people into system administrators?” There was discussion about whether this needs to be addressed in every individual WG, or whether a higher level solution exists to the problem. And should user issues become a separate consideration section in standards documents?
Some felt that there is not enough expertise about user interface issues at the IETF. A lot of IETF participants are from vendors that sell products. Often there is no end-user experience in the WGs at all (it’s interesting to note that there used to be an Area at the IETF dedicated to users and directed by Joyce Reynolds for many years).
The discussion then moved on to the growing complexity and total number of protocols. It is increasingly difficult to see the big picture. Technology is expanding and the IETF needs to respond to that, so Leslie Daigle suggested that more work be done on overview documents, tools and logistical help.
Kurtis Lindqvist (an IAB member) was more worried about “layer creep” than “feature creep”. There is the tendency to reinvent similar functionality in multiple layers. If one is serious about reducing complexity one needs to analyse what layers show the most complexity and then tackle those.
Other speakers believed that as a community we don’t pay enough attention to complexity. It is hard to add simplicity and striking the right balance is essential.
Finally, a suggestion was made that WGs should have a web page on which they could present an overview of their technology.
The Technical plenary also included updates from the IAB (see page 6) and the IRTF.