https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542 Mon, 08 Jul 2019 11:46:37 +0000 en-US 1.2 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542 2 3 112 25 157 209 1 344 348 347 345 346 349 4 343 6 167 334 5 8 9 7 3 308 17 355 353 354 19 291 365 372 292 377 392 404 405 341 26 150 350 397 374 287 390 378 338 381 376 279 22 359 395 406 402 21 20 403 307 394 25 391 387 401 385 309 310 396 389 373 294 357 356 342 407 339 364 400 382 393 371 388 399 281 398 23 380 340 18 366 IETF profile has more detail.]]> Eliot's IETF profile provides more detail.]]> here. ]]> Luca Belli is Senior Researcher at the Center for Technology & Society, FGV Rio de Janeiro, where he heads the Internet Governance project, and is Associated Researcher at CDPC, Paris 2 University.]]> Internet Architecture Board and is a co-chair of the IETF’s HTTP and QUIC Working Groups.]]> 13nav_menu 2nav_menu 12nav_menu 11nav_menu https://wordpress.org/?v=5.2.2 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=115 Tue, 10 May 2016 21:29:33 +0000 http://org.ietfjournal/?post_type=acf-field&p=115 115 114 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=116 Tue, 10 May 2016 21:32:11 +0000 http://org.ietfjournal/?post_type=acf-field&p=116 116 114 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=117 Tue, 10 May 2016 21:32:11 +0000 http://org.ietfjournal/?post_type=acf-field&p=117 117 114 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=138 Thu, 12 May 2016 16:26:34 +0000 http://org.ietfjournal/?post_type=acf-field&p=138 138 137 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=148 Mon, 23 May 2016 17:03:13 +0000 http://org.ietfjournal/?post_type=acf-field&p=148 148 147 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=150 Mon, 23 May 2016 17:14:15 +0000 http://org.ietfjournal/?post_type=acf-field&p=150 150 147 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=151 Mon, 23 May 2016 17:14:15 +0000 http://org.ietfjournal/?post_type=acf-field&p=151 151 147 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=152 Mon, 23 May 2016 17:14:15 +0000 http://org.ietfjournal/?post_type=acf-field&p=152 152 147 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=153 Mon, 23 May 2016 17:14:15 +0000 http://org.ietfjournal/?post_type=acf-field&p=153 153 147 4 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=154 Mon, 23 May 2016 17:14:15 +0000 http://org.ietfjournal/?post_type=acf-field&p=154 154 147 5 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=155 Mon, 23 May 2016 17:14:15 +0000 http://org.ietfjournal/?post_type=acf-field&p=155 155 154 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=157 Mon, 23 May 2016 17:41:30 +0000 http://org.ietfjournal/?post_type=acf-field&p=157 157 147 6 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=158 Mon, 23 May 2016 17:41:30 +0000 http://org.ietfjournal/?post_type=acf-field&p=158 158 157 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=160 Mon, 23 May 2016 21:17:33 +0000 http://org.ietfjournal/?post_type=acf-field&p=160 160 157 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=180 Wed, 25 May 2016 19:15:47 +0000 http://org.ietfjournal/?post_type=acf-field&p=180 180 173 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=181 Wed, 25 May 2016 19:15:47 +0000 http://org.ietfjournal/?post_type=acf-field&p=181 181 173 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=183 Wed, 25 May 2016 19:21:00 +0000 http://org.ietfjournal/?post_type=acf-field&p=183 183 173 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=185 Wed, 25 May 2016 19:25:10 +0000 http://org.ietfjournal/?post_type=acf-field&p=185 185 173 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=186 Wed, 25 May 2016 19:25:40 +0000 http://org.ietfjournal/?post_type=acf-field&p=186 186 173 4 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=189 Wed, 25 May 2016 20:02:03 +0000 http://org.ietfjournal/?post_type=acf-field&p=189 189 173 5 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/logo/ Tue, 03 May 2016 20:30:08 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/logo.png 22 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/search/ Tue, 03 May 2016 20:30:08 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/search.png 23 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/menu/ Tue, 03 May 2016 20:58:20 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/menu.png 24 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/x-2/ Wed, 04 May 2016 17:47:25 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/x-1.png 50 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/viewmore/ Fri, 06 May 2016 17:49:23 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/ViewMore.png 56 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field-group&p=114 Tue, 10 May 2016 21:29:33 +0000 http://org.ietfjournal/?post_type=acf-field-group&p=114 114 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field-group&p=137 Thu, 12 May 2016 16:26:34 +0000 http://org.ietfjournal/?post_type=acf-field-group&p=137 137 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field-group&p=147 Mon, 23 May 2016 17:03:13 +0000 http://org.ietfjournal/?post_type=acf-field-group&p=147 147 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field-group&p=173 Tue, 24 May 2016 19:32:23 +0000 http://org.ietfjournal/?post_type=acf-field-group&p=173 173 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=190 Wed, 25 May 2016 20:02:03 +0000 http://org.ietfjournal/?post_type=acf-field&p=190 190 173 6 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=191 Wed, 25 May 2016 20:02:03 +0000 http://org.ietfjournal/?post_type=acf-field&p=191 191 173 7 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=193 Wed, 25 May 2016 20:49:54 +0000 http://org.ietfjournal/?post_type=acf-field&p=193 193 173 8 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=195 Thu, 26 May 2016 13:26:22 +0000 http://org.ietfjournal/?post_type=acf-field&p=195 195 114 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=196 Thu, 26 May 2016 13:27:00 +0000 http://org.ietfjournal/?post_type=acf-field&p=196 196 114 4 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1387 Fri, 17 Jun 2016 20:04:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1387 1387 173 9 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1388 Fri, 17 Jun 2016 20:04:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1388 1388 1387 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1389 Fri, 17 Jun 2016 20:04:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1389 1389 1387 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1390 Fri, 17 Jun 2016 20:11:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1390 1390 173 10 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1818 Fri, 08 Jul 2016 18:14:59 +0000 https://www.ietfjournal.org/?post_type=acf-field&p=1818 1818 137 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=acf-field&p=1819 Fri, 08 Jul 2016 18:14:59 +0000 https://www.ietfjournal.org/?post_type=acf-field&p=1819 1819 137 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/android-icon-192x192/ Fri, 06 May 2016 21:46:36 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/android-icon-192x192.png 57 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/afilias/ Mon, 09 May 2016 15:25:56 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/afilias.png 58 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/cisco/ Mon, 09 May 2016 15:25:56 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/cisco.png 59 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comcast/ Mon, 09 May 2016 15:25:57 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/comcast.png 60 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/editorialmap/ Mon, 09 May 2016 15:25:57 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/editorialmap.jpg 61 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ericsson/ Mon, 09 May 2016 15:25:58 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/ericsson.png 62 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/errors/ Mon, 09 May 2016 15:25:58 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/errors.txt 63 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/footer-logo/ Mon, 09 May 2016 15:25:58 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/footer-logo.png 64 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/google/ Mon, 09 May 2016 15:25:59 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/google.png 65 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/icann/ Mon, 09 May 2016 15:25:59 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/icann.png 66 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietffooter-logo/ Mon, 09 May 2016 15:25:59 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/IETFfooter-logo.png 67 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iij/ Mon, 09 May 2016 15:26:00 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/iij.png 68 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc/ Mon, 09 May 2016 15:26:00 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/isoc.png 69 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/juniper/ Mon, 09 May 2016 15:26:00 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/juniper.png 70 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/linebreak/ Mon, 09 May 2016 15:26:01 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/linebreak.png 71 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/logo-2/ Mon, 09 May 2016 15:26:01 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/logo-1.png 72 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/mapdots/ Mon, 09 May 2016 15:26:01 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/mapdots.jpg 73 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/microsoft/ Mon, 09 May 2016 15:26:02 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/microsoft.png 74 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/nbc/ Mon, 09 May 2016 15:26:02 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/nbc.png 75 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ntt/ Mon, 09 May 2016 15:26:03 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/ntt.png 76 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/ripe/ Mon, 09 May 2016 15:26:03 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/ripe.png 77 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/follow/twitter/ Mon, 09 May 2016 20:24:03 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/twitter.png 89 2348 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iefttest4/ Tue, 10 May 2016 16:47:51 +0000 http://org.ietfjournal/wp-content/uploads/2016/04/ieftTest4.jpeg 91 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietftest1/ Tue, 10 May 2016 16:47:54 +0000 http://org.ietfjournal/wp-content/uploads/2016/04/ietfTest1.jpeg 92 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietftest2/ Tue, 10 May 2016 16:47:55 +0000 http://org.ietfjournal/wp-content/uploads/2016/04/ietfTest2.jpeg 93 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietftest3/ Tue, 10 May 2016 16:47:57 +0000 http://org.ietfjournal/wp-content/uploads/2016/04/ietftest3.jpeg 94 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietftest5/ Tue, 10 May 2016 16:48:01 +0000 http://org.ietfjournal/wp-content/uploads/2016/04/ietfTest5.jpeg 95 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietftest6/ Tue, 10 May 2016 16:48:05 +0000 http://org.ietfjournal/wp-content/uploads/2016/04/ietfTest6.jpeg 96 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lake/ Thu, 12 May 2016 14:49:14 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/lake.jpeg 126 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/flowertree/ Thu, 12 May 2016 14:49:18 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/flowertree.jpeg 127 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/palmtree/ Thu, 12 May 2016 14:49:26 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/palmtree.jpeg 128 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/brazil/ Thu, 12 May 2016 16:05:38 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/Brazil.jpeg 136 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal_w_o_dropshadow/ Wed, 25 May 2016 18:49:09 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/Journal_w_o_dropshadow.jpg 179 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf_endowment_case-for-support/ Wed, 25 May 2016 19:31:28 +0000 http://org.ietfjournal/wp-content/uploads/2016/05/IETF_Endowment_Case-for-Support.pdf 187 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf/ Mon, 06 Jun 2016 14:44:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETF.jpeg 226 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2014/journal_10-2_oct14/ Mon, 06 Jun 2016 14:54:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Journal_10.2_Oct14.pdf 237 230 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2014/journal_10-2_oct14-2/ Mon, 06 Jun 2016 14:58:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Journal_10.2_Oct14.png 239 230 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2015/screen-shot-2016-06-06-at-11-22-46-am/ Mon, 06 Jun 2016 15:23:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Screen-Shot-2016-06-06-at-11.22.46-AM.png 262 261 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/november2013/ Mon, 06 Jun 2016 15:29:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/November2013.pdf 268 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/acme-better-security-through-automation/fillerphoto/ Mon, 06 Jun 2016 15:38:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/fillerphoto.jpg 282 278 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2015/screen-shot-2016-06-06-at-12-05-04-pm/ Mon, 06 Jun 2016 16:05:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Screen-Shot-2016-06-06-at-12.05.04-PM.png 366 365 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2015/journal_11-1/ Mon, 06 Jun 2016 16:07:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Journal_11.1.pdf 368 365 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2013/july2013/ Mon, 06 Jun 2016 16:08:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/July2013.pdf 372 248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2014/ietfjuly2014/ Mon, 06 Jun 2016 16:24:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJuly2014.pdf 439 436 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2014/ietfjuly2014-2/ Mon, 06 Jun 2016 16:25:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJuly2014.png 445 436 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2013-2/ietfmarch2013/ Mon, 06 Jun 2016 16:35:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFMarch2013.pdf 483 473 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2015/screen-shot-2016-06-06-at-12-44-15-pm/ Mon, 06 Jun 2016 16:44:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Screen-Shot-2016-06-06-at-12.44.15-PM.png 522 521 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2015/journal_march-2/ Mon, 06 Jun 2016 16:45:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Journal_March-2.pdf 525 521 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof/comicbof_march2013/ Mon, 06 Jun 2016 16:48:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/comicbof_March2013.pdf 540 535 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2011/ietfj7-2/ Mon, 06 Jun 2016 17:08:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJ7-2.jpg 586 585 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2011/ietfj7-2-2/ Mon, 06 Jun 2016 17:08:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJ7-2.pdf 587 585 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2011/ietfjournal8011july-smaller1/ Mon, 06 Jun 2016 17:11:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJournal8011July-smaller1.jpg 593 592 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2011/ietfjournal8011july-smaller1-2/ Mon, 06 Jun 2016 17:11:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJournal8011July-smaller1.pdf 594 592 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2013-2/ietfmarch2013-2/ Mon, 06 Jun 2016 17:16:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFMarch2013-1.pdf 611 473 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2010/ietfnovember2010/ Mon, 06 Jun 2016 17:18:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFNovember2010.pdf 622 619 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2012/pub-ietfjv8-2-20121012-en/ Mon, 06 Jun 2016 17:38:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2012/10/pub-IETFJv8.2-20121012-en.jpg 665 270 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2010/ietfjune2010/ Mon, 06 Jun 2016 17:48:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJune2010.pdf 670 669 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/january-2010/ietfjanuary2010/ Mon, 06 Jun 2016 18:24:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJanuary2010.pdf 716 715 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2014/screen-shot-2016-06-06-at-2-40-37-pm/ Mon, 06 Jun 2016 18:41:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Screen-Shot-2016-06-06-at-2.40.37-PM.png 741 727 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2014/ietf-88_feb-21b/ Mon, 06 Jun 2016 18:42:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETF-88_Feb-21b.pdf 744 727 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2011/screen-shot-2016-06-06-at-3-04-24-pm/ Mon, 06 Jun 2016 19:04:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Screen-Shot-2016-06-06-at-3.04.24-PM.png 764 763 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2011/ietfjournal79finalsmall/ Mon, 06 Jun 2016 19:04:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJournal79FINALsmall.pdf 765 763 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/nov2013/ Tue, 07 Jun 2016 14:19:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/NOV2013.png 830 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/jul2013/ Tue, 07 Jun 2016 14:19:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/JUL2013.png 831 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/mar2013/ Tue, 07 Jun 2016 14:19:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/MAR2013.png 833 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/oct2012/ Tue, 07 Jun 2016 14:19:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/OCT2012.png 834 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/jun2012/ Tue, 07 Jun 2016 14:19:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/JUN2012.png 835 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/oct2010/ Tue, 07 Jun 2016 14:19:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/OCT2010.png 836 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/jun2010/ Tue, 07 Jun 2016 14:19:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/JUN2010.png 837 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/jan2010/ Tue, 07 Jun 2016 14:19:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2013/11/JAN2010.png 838 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2009/ietfseptember2009/ Tue, 07 Jun 2016 14:26:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFSeptember2009.pdf 845 844 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2009/ietfjune2009/ Tue, 07 Jun 2016 14:46:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJune2009.pdf 872 871 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/february-2009/ietffebruary2009/ Tue, 07 Jun 2016 15:07:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFFebruary2009.pdf 894 893 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2008/ietfoctober2008/ Tue, 07 Jun 2016 15:26:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFOctober2008.pdf 923 922 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2008/ietfjuly2008/ Tue, 07 Jun 2016 15:50:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFJuly2008.pdf 956 955 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/december-2007/ietfdecember2008/ Tue, 07 Jun 2016 16:03:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFDecember2008.pdf 979 978 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2007/ietfoctober2007/ Tue, 07 Jun 2016 16:21:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFOctober2007.pdf 1008 1007 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2007/ietfmay2007/ Tue, 07 Jun 2016 16:39:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFMay2007.pdf 1033 1032 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2009/sept2009/ Tue, 07 Jun 2016 16:52:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2009/09/SEPT2009.png 1058 844 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2009/jun2009/ Tue, 07 Jun 2016 16:53:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2009/06/JUN2009.png 1061 871 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/february-2009/feb2009/ Tue, 07 Jun 2016 16:54:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2009/02/FEB2009.png 1063 893 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2008/oct2008/ Tue, 07 Jun 2016 16:54:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2008/10/OCT2008.png 1064 922 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2008/jul2008/ Tue, 07 Jun 2016 16:54:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2008/07/JUL2008.png 1065 955 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/december-2007/dec2007/ Tue, 07 Jun 2016 16:55:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2007/12/DEC2007.png 1067 978 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2007/oct2007/ Tue, 07 Jun 2016 16:55:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2007/10/OCT2007.png 1068 1007 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2006/ietfnovember2006/ Tue, 07 Jun 2016 16:56:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFNovember2006.pdf 1069 1066 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2007/may2007/ Tue, 07 Jun 2016 16:56:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2007/05/MAY2007.png 1070 1032 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2006/nov2006/ Tue, 07 Jun 2016 16:56:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2006/11/NOV2006.png 1073 1066 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2006/ietfautumn2006/ Tue, 07 Jun 2016 17:13:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFAutumn2006.pdf 1095 1094 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2006/ietfmay2006/ Tue, 07 Jun 2016 17:44:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFMay2006.pdf 1129 1128 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2006/autumn2006/ Tue, 07 Jun 2016 17:59:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2006/09/AUTUMN2006.png 1146 1094 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2006/spring2006/ Tue, 07 Jun 2016 18:00:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2006/05/SPRING2006.png 1148 1128 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/winter-20052006/ietfwinter2005-2006/ Tue, 07 Jun 2016 18:16:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFWinter2005-2006.pdf 1172 1171 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/autumn-2005/ietfautumn2005/ Tue, 07 Jun 2016 18:36:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETFAutumn2005.pdf 1205 1204 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/winter-20052006/winter2005-2006/ Wed, 08 Jun 2016 15:38:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2005/12/WINTER2005-2006.png 1260 1171 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/autumn-2005/autumn2005/ Wed, 08 Jun 2016 15:38:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2005/09/AUTUMN2005.png 1261 1204 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/april-2016/ietf-journal-apr2016/ Fri, 17 Jun 2016 18:34:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/05/IETF-Journal-apr2016.pdf 1332 206 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-ietf-flies-to-south-america/buenos-aires/ Fri, 17 Jun 2016 19:34:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/04/Buenos.Aires_.jpg 1372 1340 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-ietf-flies-to-south-america/buenosaires2/ Fri, 17 Jun 2016 19:40:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/04/BuenosAires2.jpg 1381 1340 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/reflections-on-the-ietf-94-public-policy-programme/yokohama/ Fri, 17 Jun 2016 19:47:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/04/yokohama.jpg 1385 1363 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/april-2016/april2016spanish/ Fri, 17 Jun 2016 20:36:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/05/April2016SPANISH.pdf 1397 206 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/russianapril2014/ Fri, 17 Jun 2016 20:40:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/RUSSIANApril2014.pdf 1398 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/russiannov2015/ Fri, 17 Jun 2016 20:40:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/RUSSIANNov2015.pdf 1399 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/russianjuly2015/ Fri, 17 Jun 2016 20:40:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/RUSSIANJULY2015.pdf 1400 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/russianmarch2015/ Fri, 17 Jun 2016 20:40:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/RUSSIANMarch2015.pdf 1401 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/april2016russian/ Fri, 17 Jun 2016 20:40:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/April2016RUSSIAN.pdf 1402 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/april2016spanish-2/ Fri, 17 Jun 2016 20:40:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/April2016SPANISH.pdf 1403 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-journal-apr2016-2/ Fri, 17 Jun 2016 20:40:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/IETF-Journal-apr2016.pdf 1404 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/spanishnov2015/ Fri, 17 Jun 2016 20:40:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/SPANISHNov2015.pdf 1405 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/april2016russian-2/ Fri, 17 Jun 2016 20:42:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/April2016RUSSIAN-1.pdf 1407 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-2/comicbofjuly2013/ Tue, 28 Jun 2016 14:52:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/comicbofJuly2013.jpg 1547 1546 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-3/comicbof/ Tue, 28 Jun 2016 15:29:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/comicbof.jpg 1557 1556 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-4/openstand-cartoon/ Tue, 28 Jun 2016 17:59:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/OpenStand-Cartoon.png 1565 1564 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-92-at-a-glance/ietf-92/ Tue, 28 Jun 2016 20:17:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2015/07/ietf-92.png 1573 429 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/screen-shot-2016-06-29-at-11-01-04-am/ Wed, 29 Jun 2016 15:01:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/Screen-Shot-2016-06-29-at-11.01.04-AM.png 1644 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-5/plainlyforbidden/ Wed, 29 Jun 2016 15:01:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/06/PlainlyForbidden.png 1645 1643 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2012/ietf-2/ Fri, 01 Jul 2016 19:55:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/07/IETF.png 1664 1663 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2012/pub-ietfjv7-3-20120312-en_hiweb/ Fri, 01 Jul 2016 19:57:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542wp-content/uploads/sites/22/2016/07/pub-IETFJv7.3-20120312-en_HiWeb.pdf 1665 1663 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/pub-ietfjv12-1-20160630-en-smaller/ Wed, 06 Jul 2016 14:39:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/pub-IETFJv12.1-20160630-en-smaller.pdf 1683 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2016/argentina/ Wed, 06 Jul 2016 14:47:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Dish_MEDIUM.jpg 1687 1686 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/declaring-ipv4-historic-one-issue-two-sides/undecided/ Wed, 06 Jul 2016 14:53:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Undecided.jpg 1690 1689 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-july-2016/admin-video/ Wed, 06 Jul 2016 14:58:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Admin-Video.jpg 1693 1692 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-23/sullivan2016/ Wed, 06 Jul 2016 15:01:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Sullivan2016.jpeg 1696 1695 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-july-2016/jari/ Wed, 06 Jul 2016 15:02:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Jari.jpg 1698 1692 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-systers/ietf-95-buenos-aires-tech-talks/ Wed, 06 Jul 2016 15:07:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Systers.jpg 1702 1701 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/turning-30-ietf-seeks-ideas-for-growth/ietf-95-buenos-aires-plenary-session/ Wed, 06 Jul 2016 15:11:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Scott-Bradner.jpg 1705 1704 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/using-i2nsf-for-overlay-network-to-avoid-distributed-denial-of-service-attacks/slide2/ Wed, 06 Jul 2016 15:14:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Slide2.jpg 1708 1707 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/using-i2nsf-for-overlay-network-to-avoid-distributed-denial-of-service-attacks/slide3/ Wed, 06 Jul 2016 15:15:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Slide3.jpg 1709 1707 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-1/ Wed, 06 Jul 2016 15:36:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/its-1.jpg 1713 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-1-2/ Wed, 06 Jul 2016 15:37:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/its-1-1.jpg 1714 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-2/ Wed, 06 Jul 2016 15:40:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/its-2.jpg 1716 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-3/ Wed, 06 Jul 2016 15:44:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/its-3.jpg 1718 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-4/ Wed, 06 Jul 2016 15:47:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/its-4.png 1720 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-fig-1/ Wed, 06 Jul 2016 15:54:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/ITS-Fig-1.png 1722 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/its-fig-5/ Wed, 06 Jul 2016 15:57:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/ITS-Fig-5.png 1724 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/traffic-on-the-gardiner-express/ Wed, 06 Jul 2016 16:03:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/traffic.jpg 1725 1712 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/things-talking-to-other-things-about-things/iot/ Wed, 06 Jul 2016 16:15:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/IoT.png 1731 1730 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-regulators-technologists-seek-ongoing-dialogue/isoc-panel/ Wed, 06 Jul 2016 16:19:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/ISOC-Panel.png 1734 1733 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-l3sm/l3sm-fig1/ Wed, 06 Jul 2016 16:26:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/L3SM-Fig1.png 1737 1736 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-l3sm/l3sm-fig2/ Wed, 06 Jul 2016 16:26:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/L3SM-Fig2.png 1738 1736 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-l3sm/collaboration/ Wed, 06 Jul 2016 16:28:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/collaboration.jpg 1739 1736 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/tron-workshop-connects-ietf-tls-engineers-and-security-researchers/tibor-receives-tron-award/ Wed, 06 Jul 2016 18:09:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/tibor-receives-tron-award.jpg 1746 1745 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-hackathon-breaks-new-ground-in-buenos-aires/ietf-95-hackaton-sponsored-by-huawei-in-buenos-aires/ Wed, 06 Jul 2016 18:13:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Hackathon.jpg 1749 1748 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/integrating-the-worlds-of-technology-design-and-policy/grewel/ Wed, 06 Jul 2016 18:18:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Grewel.jpg 1752 1751 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-july-2016/irtf-logo-1600/ Wed, 06 Jul 2016 18:20:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/irtf-logo-1600.png 1755 1754 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-2/roya/ Wed, 06 Jul 2016 18:23:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Roya.jpg 1758 1757 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-2/zakir/ Wed, 06 Jul 2016 18:25:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Zakir.jpg 1759 1757 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-july-2016/toco-toucan-isolated-on-white-background/ Wed, 06 Jul 2016 18:30:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/toucan_LARGE.jpg 1762 1761 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-95-at-a-glance/pie/ Wed, 06 Jul 2016 18:32:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/pie.jpg 1765 1764 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-95-at-a-glance/argentinian-flag/ Wed, 06 Jul 2016 18:33:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/flag_MEDIUM.jpg 1766 1764 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/12-1-cover/ Wed, 06 Jul 2016 18:36:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/12.1-Cover.png 1768 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/ntt_communications_reverse/ Thu, 07 Jul 2016 15:39:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/NTT_Communications_reverse.png 1778 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/wide_logo_reverse/ Thu, 07 Jul 2016 19:38:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/WIDE_logo_reverse.png 1786 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/wide_logo_reverse2/ Thu, 07 Jul 2016 19:40:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/WIDE_logo_reverse2.png 1788 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-23/iab-logo/ Thu, 07 Jul 2016 19:48:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/IAB-Logo.jpg 1792 1695 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-23/iab/ Thu, 07 Jul 2016 19:51:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/IAB.png 1793 1695 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/declaring-ipv4-historic-one-issue-two-sides/yes-or-no-decision/ Sun, 10 Jul 2016 01:16:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Yes-No.jpg 1821 1689 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/declaring-ipv4-historic-one-issue-two-sides/yes-or-no/ Sun, 10 Jul 2016 01:22:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Yes-No2.jpg 1823 1689 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-july-2016/simple-illustration-of-migrating-birds/ Sun, 10 Jul 2016 01:49:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/birds.jpg 1824 1761 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/using-i2nsf-for-overlay-network-to-avoid-distributed-denial-of-service-attacks/i2nsf/ Sun, 10 Jul 2016 01:57:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/i2nsf.png 1825 1707 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/pub-ietfjv12-1-20160630-en-smaller-2/ Sun, 10 Jul 2016 20:45:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/pub-IETFJv12.1-20160630-en-smaller-1.pdf 1826 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/ietf-journal-12-1-russian/ Wed, 10 Aug 2016 18:06:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/IETF-Journal-12-1-Russian.pdf 1865 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/journal-12_1_spanish_rev/ Wed, 10 Aug 2016 19:16:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/Journal-12_1_Spanish_Rev.pdf 1867 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/pub-ietfjv11-3-20160310-en-sm/ Thu, 25 Aug 2016 12:44:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/08/pub-IETFJv11.3-20160310-en-sm.pdf 1872 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/pub-ietfjv12-1-20160630-en-sm/ Thu, 25 Aug 2016 12:47:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/pub-IETFJv12.1-20160630-en-sm.pdf 1874 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2015/pub-ietfjv11-2-20151022-en-2/ Wed, 12 Oct 2016 08:40:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/10/pub-IETFJv11.2-20151022-en-2.pdf 1883 261 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/pub-ietfjv12-2-20161027-en_web/ Tue, 01 Nov 2016 06:57:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/pub-IETFJv12.2-20161027-en_Web.jpg 1895 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/pub-ietfjv12-2-20161027-en_web-2/ Tue, 01 Nov 2016 06:58:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/pub-IETFJv12.2-20161027-en_Web.pdf 1896 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/picture1/ Tue, 01 Nov 2016 08:01:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1.png 1913 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/picture1-2/ Tue, 01 Nov 2016 08:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-1.png 1914 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/picture1-3/ Tue, 01 Nov 2016 08:03:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-2.png 1915 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/picture1-4/ Tue, 01 Nov 2016 08:03:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-3.png 1916 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/picture1-5/ Tue, 01 Nov 2016 08:04:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-4.png 1917 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/picture1-6/ Tue, 01 Nov 2016 08:04:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-5.png 1918 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/actn-from-standard-to-interop/picture1-7/ Tue, 01 Nov 2016 08:33:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-6.png 1927 1926 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-96-at-a-glance/picture1-8/ Tue, 01 Nov 2016 08:55:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Picture1-7.png 1942 1941 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-96-at-a-glance/ietf96_chair-key/ Wed, 02 Nov 2016 12:50:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/96-pie.jpg 1946 1941 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/multipath-tcp-deployments/slide1/ Wed, 02 Nov 2016 12:54:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Slide1.jpg 1947 1929 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-story-of-an-rfc-about-alternative-networks/subway-metro-train-in-berlin-on-oberbaum-bridge/ Wed, 02 Nov 2016 12:59:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/metro.jpg 1948 1908 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-3/irtf-chair-lars-eggert-presents-samuel-jero-and-prof-darrio-rossi-withirtf-awards-after-the-irtf-open-meeting-at-69th-ietf-intercontinental-hotel-berlin-germany/ Wed, 02 Nov 2016 13:04:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Lars-Eggers-Samuel-Jero-Prof.-Dario-Rossi-IRTF-2016-Berlin_.jpg 1949 1933 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/actn-from-standard-to-interop/actn-figure/ Wed, 02 Nov 2016 13:10:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/ACTN-figure.jpg 1953 1926 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/record-breaking-hackathon-at-ietf-96-in-berlin/hackathon-at-69th-ietf-intercontinental-hotel-berlin-germany/ Wed, 02 Nov 2016 13:11:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Berlin-Hackathon-at-69th-IETF-024.jpg 1954 1924 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/quic-performance-and-security-at-the-transport-layer/screen-shot-2016-11-02-at-9-20-27-am/ Wed, 02 Nov 2016 13:20:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Screen-Shot-2016-11-02-at-9.20.27-AM.png 1957 1920 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/waveform/ Wed, 02 Nov 2016 13:22:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/waveform.png 1959 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/cryptech-releases-alpha-hardware-at-ietf-96/cryptech-at-69th-ietf-intercontinental-hotel-berlin-germany/ Wed, 02 Nov 2016 13:23:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Cryptech-001.jpg 1960 1910 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-veteran-recommends-reducing-protocol-complexity/ross-callon-delivering-his-talk-keep-it-simple-the-cost-of-too-many-standards-during-the-plenary-of-ietf-96-intercontinental-hotel-berlin-germany/ Wed, 02 Nov 2016 13:24:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Ross-Callon-IETF-96-Plenary-008.jpg 1961 1906 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-6lo/growth/ Wed, 02 Nov 2016 13:28:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Growth.jpg 1963 1922 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-of-things-unchecked/fig-1/ Wed, 02 Nov 2016 13:36:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Fig-1.jpg 1966 1900 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-of-things-unchecked/fig-2/ Wed, 02 Nov 2016 13:37:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Fig-2.pdf 1968 1900 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-of-things-unchecked/screen-shot-2016-11-02-at-9-37-33-am/ Wed, 02 Nov 2016 13:38:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Screen-Shot-2016-11-02-at-9.37.33-AM.png 1969 1900 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/quic-performance-and-security-at-the-transport-layer/screen-shot-2016-11-02-at-9-50-14-am/ Wed, 02 Nov 2016 13:50:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Screen-Shot-2016-11-02-at-9.50.14-AM.png 1975 1920 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-6lo/screen-shot-2016-11-02-at-9-52-47-am/ Wed, 02 Nov 2016 13:53:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Screen-Shot-2016-11-02-at-9.52.47-AM.png 1978 1922 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/multipath-tcp-deployments/slide2-2/ Wed, 02 Nov 2016 13:59:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Slide2.jpg 1983 1929 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/quic-performance-and-security-at-the-transport-layer/global-motion-machine/ Wed, 02 Nov 2016 14:07:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/machine-to-machine.jpg 1986 1920 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-96-at-a-glance/brandenburg-gate-berlin-germany-panorama/ Thu, 03 Nov 2016 16:00:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Brandenburg-Gate.jpg 1989 1941 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/multipath-tcp-deployments/shortcut-concept/ Thu, 03 Nov 2016 16:09:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/multiple-road-signs.jpg 1993 1929 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/actn-from-standard-to-interop/fragments-of-time/ Thu, 03 Nov 2016 16:12:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/Fragments-Of-Time.jpg 1995 1926 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/summer-meadow/ Thu, 03 Nov 2016 16:27:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/open-meadow.jpg 1999 1912 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-story-of-an-rfc-about-alternative-networks/magnifying-glass-and-documents-with-analytics-data-lying-on-tabl/ Thu, 03 Nov 2016 16:29:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/research.jpg 2001 1908 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/pub-ietfjv12-2-20161027-en_web-3/ Sat, 12 Nov 2016 09:47:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/pub-IETFJv12.2-20161027-en_Web-1.pdf 2014 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/pub-ietfjv12-2-20161123-en_web/ Mon, 28 Nov 2016 14:16:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/pub-IETFJv12.2-20161123-en_Web.pdf 2021 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/comcast-2/ Mon, 28 Nov 2016 17:49:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/comcast-1.png 2025 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/verisign/ Mon, 28 Nov 2016 17:49:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/verisign.png 2026 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/pialogo2x/ Wed, 30 Nov 2016 20:17:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/PIALogo2x.jpg 2028 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/ietf-journal-12-2_russian_2016-november/ Mon, 05 Dec 2016 20:03:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/IETF-Journal-12.2_Russian_2016-November.pdf 2030 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/pub-ietfjv12-2-20161027-spanish/ Tue, 03 Jan 2017 16:23:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/pub-IETFJv12.2-20161027-SPANISH.pdf 2039 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2012/8-1-2012-jun-ietf-journal/ Wed, 01 Feb 2017 15:36:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/8.1-2012-Jun-IETF-Journal.pdf 2046 671 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/ietf-journal-12-3-web/ Thu, 16 Mar 2017 18:49:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/IETF-Journal-12.3-Web.pdf 2062 2049 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-microwave-modelling-at-ccamp/fig-1-2/ Fri, 17 Mar 2017 00:05:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/Fig-1.jpg 2073 2072 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-microwave-modelling-at-ccamp/fig-2-2/ Fri, 17 Mar 2017 00:05:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/Fig-2.jpg 2074 2072 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-lwig-building-minimal-yet-interoperable-ip-stacks-on-tiny-devices/fig1/ Fri, 17 Mar 2017 00:30:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/fig1.gif 2077 2076 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-lwig-building-minimal-yet-interoperable-ip-stacks-on-tiny-devices/fig1-2/ Fri, 17 Mar 2017 00:32:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/fig1.png 2078 2076 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-fellowship-to-the-ietf-programme-march-2017/fellows/ Fri, 17 Mar 2017 01:47:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/Fellows.jpg 2090 2089 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-the-i-in-iot-implications-for-a-global-open-internet/isocpanel/ Sun, 19 Mar 2017 06:31:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/ISOCPanel.jpg 2102 2065 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-panel-explores-causes-potential-remedies-for-massive-ddos-attack/ds8a2502/ Sun, 19 Mar 2017 06:36:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/DS8A2502.jpg 2103 2070 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-hackathon-improving-open-standards-through-open-source/duo/ Sun, 19 Mar 2017 06:47:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/duo.jpg 2104 2087 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-alissa-cooper/alissa-cooper_sm/ Sun, 19 Mar 2017 06:47:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/Alissa-Cooper_sm.jpg 2105 2084 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-jari-arkko/dsc_5103/ Sun, 19 Mar 2017 06:48:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/DSC_5103.jpg 2106 2082 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2017/seoul/ Sun, 19 Mar 2017 13:37:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/Seoul.jpg 2117 2054 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2017/seoul-panoramic-aerial-view-downtown-city-center/ Tue, 21 Mar 2017 14:12:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/landscape.jpg 2120 2054 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-at-a-glance/zen-door/ Tue, 21 Mar 2017 14:18:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/iStock-92364194.jpg 2125 2098 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/ietf-journal-12-3_webb/ Wed, 22 Mar 2017 14:13:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/IETF-Journal-12.3_Webb.pdf 2134 2049 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-at-a-glance/pie-97-jpg/ Wed, 22 Mar 2017 16:58:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/IETF97-Pie-Chart.jpg 2136 2098 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-at-a-glance/pie-97-jpg-2/ Wed, 22 Mar 2017 17:11:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/PieChart97.jpg 2139 2098 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/journals-12-3-thumbnail/ Wed, 22 Mar 2017 17:41:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/Journals-12.3-Thumbnail.png 2142 2049 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/comcast_nov-2016/ Wed, 22 Mar 2017 17:46:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/Comcast_Nov-2016.jpeg 2144 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/icann-sm/ Wed, 22 Mar 2017 17:46:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/ICANN-sm.jpg 2145 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/juniper-new-2015/ Wed, 22 Mar 2017 17:47:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/Juniper-New-2015.jpg 2146 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/nbc-universal/ Wed, 22 Mar 2017 17:47:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/NBC-Universal.jpeg 2147 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/privateinternet/ Wed, 22 Mar 2017 17:47:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/PrivateInternet.png 2148 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/ripe_2016/ Wed, 22 Mar 2017 17:47:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/RIPE_2016.png 2149 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/afiliasnotag/ Wed, 22 Mar 2017 17:48:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/AfiliasNoTag.jpeg 2150 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/cisco_logo_emblem_logotype/ Wed, 22 Mar 2017 17:49:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/Cisco_logo_emblem_logotype.png 2151 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/private-internet-access/ Wed, 22 Mar 2017 17:51:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/private-internet-access.png 2153 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/pialogo4x-notag-whttxt/ Wed, 22 Mar 2017 17:55:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/PIALogo4x-notag-whttxt.png 2156 79 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-at-a-glance/pie-97-jpg-3/ Sat, 25 Mar 2017 14:55:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/pie-97b-300.jpg 2159 2098 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/journal_97_14-april-spanish_ms/ Wed, 26 Apr 2017 15:38:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/04/Journal_97_14-April-SPANISH_ms.pdf 2167 2049 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-modelado-de-microondas-en-ccamp/microwave/ Wed, 03 May 2017 15:28:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/05/Microwave.jpg 2194 2193 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-guia-para-implementaciones-ligeras/coap/ Wed, 03 May 2017 16:08:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/05/coap.pdf 2197 2196 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-guia-para-implementaciones-ligeras/coap-2/ Wed, 03 May 2017 16:09:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/05/coap.jpg 2198 2196 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lideres-del-ietf-hoy-jari-arkko/jari-2/ Wed, 03 May 2017 16:22:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/05/jari.jpg 2206 2205 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lideres-del-ietf-hoy-alissa-cooper/alissa/ Wed, 03 May 2017 16:26:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/05/alissa.jpg 2209 2208 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/programa-de-becas-de-la-internet-society-para-asistir-a-las-reuniones-del-ietf/fellows-2/ Wed, 03 May 2017 16:38:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/05/fellows.jpg 2218 2215 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/ietf_journal_russian_1_2017_final/ Mon, 08 May 2017 19:43:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/IETF_Journal_Russian_1_2017_FINAL.pdf 2221 2049 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/pub-ietfjv13-1-20170629-en_web/ Tue, 04 Jul 2017 00:01:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/pub-IETFJv13.1-20170629-en_Web.pdf 2233 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/pub-ietfjv13-1-20170629-en_web-2/ Tue, 04 Jul 2017 03:13:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/pub-IETFJv13.1-20170629-en_Web.jpg 2236 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/segment-routing-cutting-through-the-hype-and-finding-the-ietfs-innovative-nugget-of-gold/figure1/ Tue, 04 Jul 2017 03:54:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Figure1.jpg 2240 2239 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/segment-routing-cutting-through-the-hype-and-finding-the-ietfs-innovative-nugget-of-gold/figure2/ Tue, 04 Jul 2017 03:55:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Figure2.jpg 2241 2239 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/segment-routing-cutting-through-the-hype-and-finding-the-ietfs-innovative-nugget-of-gold/figure3/ Tue, 04 Jul 2017 03:55:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Figure3.jpg 2242 2239 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/arris_signature_4color_vertical/ Tue, 04 Jul 2017 04:36:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/ARRIS_Signature_4Color_Vertical.jpg 2249 2248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/comcast_nov-2016-2/ Tue, 04 Jul 2017 04:36:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Comcast_Nov-2016.jpg 2250 2248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/f5-logo-solid-rgb/ Tue, 04 Jul 2017 04:36:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/f5-logo-solid-rgb.jpg 2251 2248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/nbc-universal-2/ Tue, 04 Jul 2017 04:36:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/NBC-Universal.jpg 2252 2248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/nsa_seal_hires/ Tue, 04 Jul 2017 04:36:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/NSA_Seal_HiRes.jpg 2253 2248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/sigfox_logo/ Tue, 04 Jul 2017 04:36:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Sigfox_Logo.jpg 2254 2248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig1-3/ Tue, 04 Jul 2017 05:03:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/SACM-Fig1-3.pdf 2260 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig1-3-2/ Tue, 04 Jul 2017 05:04:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/SACM-Fig1-3.jpg 2261 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/marzo-2017/ietf-journal-spanish-12-3/ Tue, 04 Jul 2017 16:36:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/IETF-Journal-Spanish-12.3.png 2263 2174 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig1/ Tue, 04 Jul 2017 17:26:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/sacm-fig1.jpg 2278 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig2/ Tue, 04 Jul 2017 17:26:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/sacm-fig2.jpg 2279 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig3/ Tue, 04 Jul 2017 17:26:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/sacm-fig3.jpg 2280 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig-4/ Tue, 04 Jul 2017 17:36:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/SACM-Fig-4.jpg 2281 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/sacm-fig4/ Tue, 04 Jul 2017 17:38:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/sacm-fig4.jpg 2282 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-at-a-glance/chicago/ Wed, 05 Jul 2017 19:18:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/iStock-689062532.jpg 2305 2301 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-july-2017/falcon-flying-with-wings-spread-on-white-background/ Wed, 05 Jul 2017 19:19:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/iStock-167468548.jpg 2306 2299 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-mirja-kuhlewind-phd/mirja_2017/ Wed, 05 Jul 2017 19:21:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Mirja_2017.jpeg 2307 2297 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-july-2017/chicago-theater-usa/ Wed, 05 Jul 2017 19:22:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/iStock-504220988.jpg 2308 2294 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-july-2017/irtf-winner-alistair-king-at-ietf-98-chicago-26032017/ Wed, 05 Jul 2017 19:25:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Alistair-King-ANRP-winner-014.jpg 2309 2292 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-together-the-ietf-and-3gpp-on-5g/alissa-cooper-becomes-new-ietf-chair-during-ietf-98-plenary-003-reduced/ Wed, 05 Jul 2017 19:26:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Alissa-Cooper-becomes-new-IETF-chair-during-IETF-98-Plenary-003-reduced.jpg 2310 2290 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-hackathon-improves-the-internet-through-running-code/ietf-98-hackathon-winners-dtls-chicago-26032017/ Wed, 05 Jul 2017 19:27:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETF-98-Hackathon-051.jpg 2311 2288 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-society-ietfs-policy-programme/david-clark-speaking-at-ietf-98-technical-plenary_/ Wed, 05 Jul 2017 19:29:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/David-Clark-speaking-at-IETF-98-technical-Plenary_.jpg 2312 2286 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/education-and-mentoring-directorate-established/attendees-at-the-ietf-98-technical-plenary-chicago-29032017/ Wed, 05 Jul 2017 19:31:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Attendees-at-IETF-98-technical-Plenary-003.jpg 2313 2284 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/ietf-98-hackathon-chicago-25032017/ Wed, 05 Jul 2017 19:35:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETF-98-Hackathon-042.jpg 2314 2259 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-society-ietfs-policy-programme/gonzalo-camarillo-speaking-at-the-ietf-98-technical-plenary-chicago-29032017/ Wed, 05 Jul 2017 19:45:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Gonzalo-Camarillo-speaking-at-IETF-98-technical-Plenary-003.jpg 2315 2286 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-july-2017/tedhardie/ Wed, 05 Jul 2017 19:54:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/TedHardie.jpg 2318 2246 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-together-the-ietf-and-3gpp-on-5g/ietf-98-hackathon-chicago-25032017-2/ Wed, 05 Jul 2017 19:59:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETF-98-Hackathon-032.jpg 2319 2290 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-july-2017/irtf-winner-alistair-king-presents-his-research-at-ietf-98-chicago-26032017/ Wed, 05 Jul 2017 20:01:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Alistair-King-IRTF-presentation.jpg 2320 2292 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-mirja-kuhlewind-phd/mirja_2017-2/ Wed, 05 Jul 2017 20:03:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Mirja_2017-1.jpeg 2321 2297 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/ietfjournal-13-1-cover-thumbnail/ Thu, 06 Jul 2017 13:03:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETFJournal-13.1-Cover-Thumbnail.png 2322 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2017/chicago-theater-usa-2/ Thu, 06 Jul 2017 13:08:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/iStock-504220988-1.jpg 2323 2237 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-society-ietfs-policy-programme/ietf-hackathon-chicago-25032017/ Thu, 06 Jul 2017 13:10:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETF-98-Policy-guests-group-portrait-002.jpg 2324 2286 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/pub-ietfjv13-1-20170629-en_web_12-july/ Wed, 12 Jul 2017 18:14:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/pub-IETFJv13.1-20170629-en_Web_12-July.pdf 2335 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/ietf-journal-july-2017-cover-image/ Wed, 12 Jul 2017 18:15:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETF-Journal-July-2017-Cover-Image.png 2337 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/ietf-journal-july-2017-cover/ Wed, 12 Jul 2017 18:16:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/IETF-Journal-July-2017-Cover.png 2338 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/journal_13-1_98_spanishl/ Wed, 18 Oct 2017 15:54:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/Journal_13.1_98_SPANISHl.pdf 2346 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/follow/fb-f-logo__blue_72/ Wed, 18 Oct 2017 21:55:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/FB-f-Logo__blue_72.png 2349 2348 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-at-ietf-99/irtf-logo-200/ Thu, 19 Oct 2017 11:46:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/irtf-logo-200.png 2357 2353 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enrutamiento-por-segmentos-descubriendo-un-tesoro-de-innovacion-en-el-ietf/sr1/ Mon, 23 Oct 2017 20:43:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/SR1.pdf 2364 2362 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enrutamiento-por-segmentos-descubriendo-un-tesoro-de-innovacion-en-el-ietf/sr1-2/ Mon, 23 Oct 2017 20:44:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/SR1.png 2365 2362 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enrutamiento-por-segmentos-descubriendo-un-tesoro-de-innovacion-en-el-ietf/sr2/ Mon, 23 Oct 2017 20:46:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/SR2.png 2366 2362 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enrutamiento-por-segmentos-descubriendo-un-tesoro-de-innovacion-en-el-ietf/sr3/ Mon, 23 Oct 2017 20:48:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/SR3.png 2367 2362 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-automatizacion-y-monitoreo-continuo-de-la-seguridad/j1/ Mon, 23 Oct 2017 21:09:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/J1.png 2373 2371 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-automatizacion-y-monitoreo-continuo-de-la-seguridad/j2/ Mon, 23 Oct 2017 21:39:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/j2.png 2375 2371 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-automatizacion-y-monitoreo-continuo-de-la-seguridad/j3/ Mon, 23 Oct 2017 21:40:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/j3.png 2376 2371 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-automatizacion-y-monitoreo-continuo-de-la-seguridad/j4/ Mon, 23 Oct 2017 21:41:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/j4.png 2377 2371 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/julio-2017/journal_13-1_98_spanishl-2/ Thu, 26 Oct 2017 19:25:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Journal_13.1_98_SPANISHl.pdf 2401 2400 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/julio-2017/ietfjournal13-1-spanish-cover-thumbprint/ Thu, 26 Oct 2017 19:30:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/IETFJournal13.1-Spanish-Cover-Thumbprint.png 2403 2400 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2017/ietf-journal-nov2017/ Tue, 31 Oct 2017 05:58:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/ietf-journal-nov2017.jpg 2428 2427 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2017/pub-ietfjv13-2-20171026-en_web/ Tue, 31 Oct 2017 05:59:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/pub-IETFJv13.2-20171026-en_Web.pdf 2429 2427 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/celebrating-100-meetings/picture1-9/ Tue, 31 Oct 2017 06:32:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Picture1.png 2446 2445 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/celebrating-100-meetings/picture2/ Tue, 31 Oct 2017 06:32:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Picture2.png 2447 2445 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/were-going-digital/screen-shot-2017-11-01-at-12-44-12-am/ Wed, 01 Nov 2017 07:45:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Screen-Shot-2017-11-01-at-12.44.12-AM.png 2461 2433 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-99-at-a-glance/99-pie/ Wed, 01 Nov 2017 07:48:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/99-Pie.jpg 2462 2457 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-november-2017/isolated-great-cormorant/ Wed, 01 Nov 2017 07:49:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/iStock-530353901.jpg 2463 2455 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-november-2017/anrp-winner-stephen-checkoway-presents-his-research-during-ietf-99-prague20072017-ietf-99-hilton-hotel-prague/ Wed, 01 Nov 2017 07:50:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/ANRP-winner-Stephen-Checkoway-003.jpg 2464 2453 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-announced-november-2017/allison-mankin-presents-stephen-checkoway-and-philipp-richter-with-their-anrp-awards-during-ietf-99-prague20072017-ietf-99-hilton-hotel-prague/ Wed, 01 Nov 2017 07:51:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/ANRP-winners-Stephen-Checkoway-and-Philipp-Richter-.jpg 2465 2451 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/celebrating-100-meetings/systers-group-portrait-ietf-99-prague/ Wed, 01 Nov 2017 07:55:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Systers-Group-Portrait-IETF-99-Prague.jpg 2467 2445 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-new-security-mechanism-for-the-network-time-protocol/hackathon-at-99th-ietf-hilton-hotel-prague-07162017/ Wed, 01 Nov 2017 07:57:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/IETF-Hackathon-July-2017-Prague-043.jpg 2468 2443 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/human-rights-protocol-considerations-bridging-the-implementation-gap/hr-logos/ Wed, 01 Nov 2017 07:59:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/HR-Logos.jpg 2469 2441 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/extra-and-jmap-improving-mailstore-access/ietf-hackathon-hiton-hotel-prague-07152017-2/ Wed, 01 Nov 2017 08:02:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/IETF-Hackathon-t-shirt-July-2017-Prague-002.jpg 2470 2439 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-november-2017/tedhardie-2/ Wed, 01 Nov 2017 08:03:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/TedHardie.jpg 2471 2437 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-november-2017/alissa-cooper-becomes-new-ietf-chair-during-ietf-98-plenary-003-reduced-2/ Wed, 01 Nov 2017 08:04:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Alissa-Cooper-becomes-new-IETF-chair-during-IETF-98-Plenary-003-reduced.jpg 2472 2435 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2017/rooster-in-the-tower/ Wed, 01 Nov 2017 08:05:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/iStock-139859399.jpg 2473 2431 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/celebrating-100-meetings/celebrate/ Fri, 03 Nov 2017 14:00:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/Celebrate.jpg 2481 2445 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/running-code-is-king-at-ietf-99-in-prague/ietf-hackathon-hiton-hotel-prague-07-15-2017/ Tue, 05 Dec 2017 16:44:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/IETF-Hackathon-woman-July-2017-Prague-031-1.jpg 2501 2449 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2017/pub-ietfjv13-2-20171206-en-web/ Fri, 08 Dec 2017 10:15:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/11/pub-IETFJv13.2-20171206-en-Web.pdf 2502 2427 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2017/pub-ietfjv13-2-20171206-en-web-2/ Fri, 08 Dec 2017 10:29:56 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/11/pub-IETFJv13.2-20171206-en-Web-1.pdf 2504 2427 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/autumn-2005/200509-ietf-journal-vol1-1-en/ Wed, 13 Dec 2017 12:52:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2005/09/200509-ietf-journal-vol1-1-en.pdf 2509 1204 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/winter-20052006/200512-ietf-journal-vol1-2-en/ Wed, 13 Dec 2017 12:54:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2005/12/200512-ietf-journal-vol1-2-en.pdf 2511 1171 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2006/200605-ietf-journal-vol2-1-en/ Wed, 13 Dec 2017 12:55:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2006/05/200605-ietf-journal-vol2-1-en.pdf 2513 1128 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2006/200609-ietf-journal-vol2-2-en/ Wed, 13 Dec 2017 12:55:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2006/09/200609-ietf-journal-vol2-2-en.pdf 2515 1094 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2006/200611-ietf-journal-vol2-3-en/ Wed, 13 Dec 2017 12:56:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2006/11/200611-ietf-journal-vol2-3-en.pdf 2517 1066 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2007/200705-ietf-journal-vol3-1-en/ Wed, 13 Dec 2017 12:56:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2007/05/200705-ietf-journal-vol3-1-en.pdf 2519 1032 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2007/200710-ietf-journal-vol3-2-en/ Wed, 13 Dec 2017 13:42:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2007/10/200710-ietf-journal-vol3-2-en.pdf 2521 1007 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/december-2007/200712-ietf-journal-vol3-3-en/ Wed, 13 Dec 2017 13:43:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2007/12/200712-ietf-journal-vol3-3-en.pdf 2523 978 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2008/200807-ietf-journal-vol4-1-en/ Wed, 13 Dec 2017 13:43:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2008/07/200807-ietf-journal-vol4-1-en.pdf 2525 955 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2008/200810-ietf-journal-vol4-2-en/ Wed, 13 Dec 2017 13:44:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2008/10/200810-ietf-journal-vol4-2-en.pdf 2527 922 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/february-2009/200902-ietf-journal-vol4-3-en/ Wed, 13 Dec 2017 13:44:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2009/02/200902-ietf-journal-vol4-3-en.pdf 2529 893 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2009/200906-ietf-journal-vol5-1-en/ Wed, 13 Dec 2017 13:45:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2009/06/200906-ietf-journal-vol5-1-en.pdf 2531 871 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2009/200909-ietf-journal-vol5-2-en/ Wed, 13 Dec 2017 13:46:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2009/09/200909-ietf-journal-vol5-2-en.pdf 2533 844 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/january-2010/201001-ietf-journal-vol5-3-en/ Wed, 13 Dec 2017 13:52:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2010/01/201001-ietf-journal-vol5-3-en.pdf 2535 715 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2010/201006-ietf-journal-vol6-1-en/ Wed, 13 Dec 2017 13:54:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2010/06/201006-ietf-journal-vol6-1-en.pdf 2537 669 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2010/201010-ietf-journal-vol6-2-en/ Wed, 13 Dec 2017 13:55:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2010/10/201010-ietf-journal-vol6-2-en.pdf 2539 619 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2011/201103-ietf-journal-vol6-3-en/ Wed, 13 Dec 2017 13:56:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2011/03/201103-ietf-journal-vol6-3-en.pdf 2541 763 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2011/201107-ietf-journal-vol7-1-en/ Wed, 13 Dec 2017 13:56:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2011/07/201107-ietf-journal-vol7-1-en.pdf 2543 592 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2011/201110-ietf-journal-vol7-2-en/ Wed, 13 Dec 2017 13:57:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2011/10/201110-ietf-journal-vol7-2-en.pdf 2545 585 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2012/201203-ietf-journal-vol7-3-en/ Wed, 13 Dec 2017 13:59:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/03/201203-ietf-journal-vol7-3-en.pdf 2547 1663 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2012/201206-ietf-journal-vol8-1-en/ Wed, 13 Dec 2017 13:59:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/201206-ietf-journal-vol8-1-en.pdf 2549 671 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2012/201211-ietf-journal-vol8-2-en/ Wed, 13 Dec 2017 14:03:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/10/201211-ietf-journal-vol8-2-en.pdf 2551 270 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2013-2/201303-ietf-journal-vol8-3-en/ Wed, 13 Dec 2017 14:05:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2013/03/201303-ietf-journal-vol8-3-en.pdf 2553 473 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2013/201307-ietf-journal-vol9-1-en/ Wed, 13 Dec 2017 14:06:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2013/07/201307-ietf-journal-vol9-1-en.pdf 2555 248 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/201311-ietf-journal-vol9-2-en/ Wed, 13 Dec 2017 14:07:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2013/11/201311-ietf-journal-vol9-2-en.pdf 2557 242 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2014/201403-ietf-journal-vol9-3-en/ Wed, 13 Dec 2017 14:07:56 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2014/03/201403-ietf-journal-vol9-3-en.pdf 2559 727 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2014/201407-ietf-journal-vol10-1-en/ Wed, 13 Dec 2017 14:10:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2014/07/201407-ietf-journal-vol10-1-en.pdf 2561 436 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2014/201407-ietf-journal-vol10-1-en-2/ Thu, 14 Dec 2017 11:19:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2014/07/201407-ietf-journal-vol10-1-en-1.pdf 2562 436 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2014/201411-ietf-journal-vol10-2-en/ Thu, 14 Dec 2017 11:20:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2014/11/201411-ietf-journal-vol10-2-en.pdf 2564 230 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2015/201503-ietf-journal-vol10-3-en/ Thu, 14 Dec 2017 11:20:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2015/03/201503-ietf-journal-vol10-3-en.pdf 2566 521 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2015/201507-ietf-journal-vol11-1-en/ Thu, 14 Dec 2017 11:21:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2015/07/201507-ietf-journal-vol11-1-en.pdf 2568 365 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2015/201511-ietf-journal-vol11-2-en/ Thu, 14 Dec 2017 11:22:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2015/11/201511-ietf-journal-vol11-2-en.pdf 2570 261 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/april-2016/201604-ietf-journal-vol11-3-en/ Thu, 14 Dec 2017 11:23:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/05/201604-ietf-journal-vol11-3-en.pdf 2572 206 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/201607-ietf-journal-vol12-1-en/ Thu, 14 Dec 2017 11:23:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/07/201607-ietf-journal-vol12-1-en.pdf 2574 1682 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/201611-ietf-journal-vol12-2-en/ Thu, 14 Dec 2017 11:24:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2016/11/201611-ietf-journal-vol12-2-en.pdf 2576 1894 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/marzo-2017/201703-ietf-journal-vol12-3-es/ Thu, 14 Dec 2017 11:25:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/201703-ietf-journal-vol12-3-es.pdf 2578 2174 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/201703-ietf-journal-vol12-3-en/ Thu, 14 Dec 2017 11:25:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/03/201703-ietf-journal-vol12-3-en.pdf 2580 2049 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/201707-ietf-journal-vol13-1-en/ Thu, 14 Dec 2017 11:26:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/07/201707-ietf-journal-vol13-1-en.pdf 2582 2232 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/julio-2017/201707-ietf-journal-vol13-1-es/ Thu, 14 Dec 2017 11:26:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/10/201707-ietf-journal-vol13-1-es.pdf 2584 2400 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2017/201711-ietf-journal-vol13-2-en/ Thu, 14 Dec 2017 11:27:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2017/11/201711-ietf-journal-vol13-2-en.pdf 2586 2427 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/screen-shot-2018-01-16-at-10-52-49/ Tue, 16 Jan 2018 10:53:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/01/Screen-Shot-2018-01-16-at-10.52.49.png 2627 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/quic-bringing-flexibility-to-the-internet/quic-badge/ Fri, 23 Feb 2018 14:08:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/02/quic-badge.png 2643 2637 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/three-years-on-open-standards-open-source-open-loop/5a78ef72dcb71-460x230/ Wed, 07 Mar 2018 11:43:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/5a78ef72dcb71-460x230.jpg 2649 2648 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-back-to-london/red-phone-boxes-london/ Wed, 07 Mar 2018 21:05:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/London-Phone-Booths.jpg 2657 2656 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-internet-of-things/social-media-devices-connection-concept/ Fri, 09 Mar 2018 19:59:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/Internet-of-Things-IoT.jpg 2660 2659 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-ipv6/growth-2/ Mon, 12 Mar 2018 15:19:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/Growth.jpg 2663 2662 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-bit-index-explicit-replication-bier/bier_overview/ Wed, 14 Mar 2018 11:14:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/BIER_overview.png 2674 2668 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-bit-index-explicit-replication-bier/multicast/ Wed, 14 Mar 2018 11:14:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/multicast.png 2675 2668 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-bit-index-explicit-replication-bier/topology/ Wed, 14 Mar 2018 11:14:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/topology.png 2676 2668 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-bit-index-explicit-replication-bier/screen-shot-2018-03-14-at-11-27-15/ Wed, 14 Mar 2018 11:28:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/Screen-Shot-2018-03-14-at-11.27.15.png 2680 2668 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-identity-privacy-and-encryption/cyber-security-concept-businessman-lock-on-digital-screen-contrast-virtual-screen-with-a-consultant-doing-presentation-in-the-background-closed-padlock-on-digital-cyber-security-key-wannacrypt/ Fri, 16 Mar 2018 15:53:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/encryption-key-globe-network-iStock-683716072.jpg 2695 2693 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/network-self-determination-when-building-the-internet-becomes-a-right/luca-belli/ Wed, 28 Mar 2018 09:02:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/luca-belli.jpg 2711 2708 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/network-self-determination-when-building-the-internet-becomes-a-right/luca-belli-2/ Wed, 28 Mar 2018 09:12:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/luca-belli.jpeg 2715 2708 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/hacking-from-paradise/mauritius/ Thu, 29 Mar 2018 09:14:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/Mauritius.png 2718 2717 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-bit-index-explicit-replication-bier/screen-shot-2018-04-03-at-11-30-41/ Tue, 03 Apr 2018 10:31:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/03/Screen-Shot-2018-04-03-at-11.30.41.png 2722 2668 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/roll-on-a-roll/screen-shot-2018-04-23-at-16-15-57/ Mon, 23 Apr 2018 15:16:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/04/Screen-Shot-2018-04-23-at-16.15.57.png 2728 2726 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/roll-on-a-roll/screen-shot-2018-04-23-at-16-15-14/ Mon, 23 Apr 2018 15:17:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/04/Screen-Shot-2018-04-23-at-16.15.14.png 2729 2726 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enabling-internet-measurement-with-the-quic-spin-bit/screen-shot-2018-06-21-at-13-27-15/ Thu, 21 Jun 2018 12:27:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/05/Screen-Shot-2018-06-21-at-13.27.15.png 2852 2797 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/managing-the-internet-of-things-its-all-about-scaling/picture1-10/ Mon, 25 Jun 2018 15:21:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/06/Picture1.png 2855 2854 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/managing-the-internet-of-things-its-all-about-scaling/picture2-2/ Mon, 25 Jun 2018 15:21:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/06/Picture2.png 2856 2854 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/managing-the-internet-of-things-its-all-about-scaling/picture3/ Mon, 25 Jun 2018 15:21:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/06/Picture3.png 2857 2854 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/managing-the-internet-of-things-its-all-about-scaling/picture4/ Mon, 25 Jun 2018 15:21:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/06/Picture4.png 2858 2854 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/managing-the-internet-of-things-its-all-about-scaling/picture5/ Mon, 25 Jun 2018 15:21:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/06/Picture5.png 2859 2854 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/autumn-2005/ Wed, 07 Sep 2005 18:35:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1204 1204 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102/montreal_night_view-max-4000x4000/ Tue, 03 Jul 2018 10:47:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/07/Montreal_night_view.max-4000x4000.jpg 2869 2868 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102-dnssec-dns-security-and-privacy/billboard_dnssec/ Fri, 13 Jul 2018 19:20:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/07/Billboard_DNSSEC.jpg 2927 2926 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/running-code-for-the-win-at-ietf-hackathon-in-montreal/5b60aef6af232-550x325/ Tue, 21 Aug 2018 09:50:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/08/5b60aef6af232-550x325.jpg 2937 2935 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-103/thailand-max-4000x4000/ Mon, 29 Oct 2018 12:04:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2018/10/thailand.max-4000x4000.jpg 2963 2961 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-39-46/ Mon, 14 Jan 2019 15:42:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.39.46.png 2993 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-39-59/ Mon, 14 Jan 2019 15:42:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.39.59.png 2994 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-40-15/ Mon, 14 Jan 2019 15:43:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.40.15.png 2996 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-40-26/ Mon, 14 Jan 2019 15:43:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.40.26.png 2997 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-40-33/ Mon, 14 Jan 2019 15:44:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.40.33.png 2998 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-40-38/ Mon, 14 Jan 2019 15:44:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.40.38.png 2999 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-40-45/ Mon, 14 Jan 2019 15:44:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.40.45.png 3000 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-40-57/ Mon, 14 Jan 2019 15:44:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.40.57.png 3001 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-45-32/ Mon, 14 Jan 2019 15:46:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.45.32.png 3002 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-45-38/ Mon, 14 Jan 2019 15:46:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.45.38.png 3003 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-45-46/ Mon, 14 Jan 2019 15:46:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.45.46.png 3004 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-46-37/ Mon, 14 Jan 2019 15:47:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.46.37.png 3005 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-46-45/ Mon, 14 Jan 2019 15:47:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.46.45.png 3006 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/screenshot-2019-01-14-at-15-46-53/ Mon, 14 Jan 2019 15:47:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wp-content/uploads/2012/06/Screenshot-2019-01-14-at-15.46.53.png 3007 811 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/sunsetting-the-ietf-journal/sunset-vt/ Mon, 01 Jul 2019 20:45:52 +0000 /wp-content/uploads/2019/07/sunset-vt.jpg 3026 3024 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2011/ Thu, 06 Oct 2011 17:07:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=585 585 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2011/ Wed, 06 Jul 2011 17:10:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=592 592 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2010/ Fri, 01 Oct 2010 17:17:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=619 619 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2010/ Tue, 01 Jun 2010 17:48:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=669 669 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2012/ Fri, 01 Jun 2012 17:51:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=671 671 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/january-2010/ Fri, 01 Jan 2010 18:23:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=715 715 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2011/ Sun, 06 Mar 2011 19:06:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=763 763 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2009/ Fri, 25 Sep 2009 14:27:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=844 844 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/june-2009/ Sun, 07 Jun 2009 14:45:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=871 871 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/february-2009/ Sat, 07 Feb 2009 15:06:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=893 893 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2008/ Tue, 07 Oct 2008 15:26:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=922 922 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2008/ Mon, 07 Jul 2008 15:49:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=955 955 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/december-2007/ Fri, 07 Dec 2007 16:02:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=978 978 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2007/ Sun, 07 Oct 2007 16:21:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1007 1007 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2007/ Mon, 07 May 2007 16:38:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1032 1032 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2006/ Tue, 07 Nov 2006 16:55:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1066 1066 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/september-2006/ Thu, 07 Sep 2006 17:12:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1094 1094 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/may-2006/ Sun, 07 May 2006 17:43:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1128 1128 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/winter-20052006/ Wed, 07 Dec 2005 18:15:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1171 1171 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2012/ Wed, 07 Mar 2012 19:54:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=1663 1663 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/30/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=30 30 0 4 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/31/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=31 31 0 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/april-2016/ Thu, 26 May 2016 19:34:16 +0000 http://org.ietfjournal/?post_type=journal-issues&p=206 206 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2014/ Sat, 01 Nov 2014 14:50:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=230 230 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2013/ Fri, 01 Nov 2013 15:12:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=242 242 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2013/ Mon, 01 Jul 2013 16:07:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=248 248 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2015/ Sun, 01 Nov 2015 15:23:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=261 261 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/october-2012/ Mon, 01 Oct 2012 15:32:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=270 270 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2015/ Mon, 06 Jul 2015 16:05:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=365 365 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2014/ Tue, 01 Jul 2014 16:24:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=436 436 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2013-2/ Fri, 01 Mar 2013 17:16:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=473 473 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2015/ Fri, 06 Mar 2015 16:43:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=521 521 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2014/ Sat, 01 Mar 2014 18:37:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?post_type=journal-issues&p=727 727 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2016/ Wed, 06 Jul 2016 14:41:39 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=1682 1682 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2016/ Tue, 01 Nov 2016 08:55:59 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=1894 1894 0 0 0 ISOC Russia Chapter]]]> https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/march-2017/ Sun, 19 Mar 2017 07:09:34 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=2049 2049 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/marzo-2017/ Sat, 18 Mar 2017 14:19:21 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=2174 2174 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/july-2017/ Wed, 05 Jul 2017 19:49:25 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=2232 2232 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/julio-2017/ Thu, 26 Oct 2017 19:25:40 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=2400 2400 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/journal-issues/november-2017/ Wed, 01 Nov 2017 08:06:01 +0000 https://www.ietfjournal.org/?post_type=journal-issues&p=2427 2427 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/32/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=32 32 0 5 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/34/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=34 34 0 6 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/35/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=35 35 0 7 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/36/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=36 36 0 8 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/37/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=37 37 0 9 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/38/ Tue, 03 May 2016 21:29:39 +0000 http://org.ietfjournal/?p=38 38 0 10 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/41/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=41 41 0 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/42/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=42 42 0 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/43/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=43 43 0 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/45/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=45 45 0 5 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/46/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=46 46 0 6 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/47/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=47 47 0 7 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/48/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=48 48 0 8 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/49/ Wed, 04 May 2016 17:28:53 +0000 http://org.ietfjournal/?p=49 49 0 9 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/85/ Mon, 09 May 2016 19:59:03 +0000 http://org.ietfjournal/?p=85 85 0 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-org/ Mon, 09 May 2016 19:59:03 +0000 http://org.ietfjournal/?p=87 87 0 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internetsociety-org/ Mon, 09 May 2016 19:59:03 +0000 http://org.ietfjournal/?p=88 88 0 4 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/210/ Thu, 26 May 2016 20:28:47 +0000 http://org.ietfjournal/?p=210 210 0 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/topics/ Fri, 17 Jun 2016 18:20:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1330 1330 0 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/topics-2/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1668 1668 0 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ Tue, 26 Apr 2016 21:06:03 +0000 http://org.ietfjournal/?page_id=5 5 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/topics/ Tue, 03 May 2016 19:46:15 +0000 http://org.ietfjournal/?page_id=8 8 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/info/ Tue, 03 May 2016 19:46:27 +0000 http://org.ietfjournal/?page_id=10 10 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/subscribe/ Tue, 03 May 2016 19:46:36 +0000 http://org.ietfjournal/?page_id=12

The IETF Journal is no longer available for subscription. Please visit the IETF blog for the latest news about the IETF.

]]> 12 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/latest-issue/ Tue, 03 May 2016 19:46:58 +0000 http://org.ietfjournal/?page_id=14 14 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/about-us/ Mon, 09 May 2016 19:57:30 +0000 http://org.ietfjournal/?page_id=79 the IETF Journal stopped publishing new articles because the IETF blog is now functioning as a source of information about the work of the IETF and the proceedings of IETF meetings. The goal of the IETF Journal was to give anyone with an interest in Internet standards an overview of the topics being debated by the IETF, and also help to facilitate participation in IETF activities for newcomers. The articles published by IETF Journal are not intended to reflect the opinions or the position of the IETF or the Internet Society. IETF Journal content is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.]]> 79 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?page_id=83 Mon, 30 Nov -0001 00:00:00 +0000 http://org.ietfjournal/?page_id=83 83 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1670/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1670 1670 0 3 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1671/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1671 1671 0 4 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1672/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1672 1672 0 11 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1673/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1673 1673 0 9 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1674/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1674 1674 0 5 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1675/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1675 1675 0 6 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1676/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1676 1676 0 7 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1677/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1677 1677 0 10 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1678/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1678 1678 0 8 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/1680/ Tue, 05 Jul 2016 21:02:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1680 1680 0 1 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/2609/ Fri, 12 Jan 2018 16:29:24 +0000 https://www.ietfjournal.org/2609/ 2609 0 11 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/2621/ Mon, 15 Jan 2018 14:38:32 +0000 https://www.ietfjournal.org/2621/ 2621 0 12 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/2826/ Tue, 15 May 2018 17:17:35 +0000 https://www.ietfjournal.org/?p=2826 2826 0 2 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/contact-us/ Mon, 09 May 2016 19:57:43 +0000 http://org.ietfjournal/?page_id=81 81 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-dns/ Sat, 07 May 2005 18:21:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1180 http://www3.ietf.org/proceedings/05nov/agenda/dnsext.htm. Draft minutes of the working group are available here:http://www3.ietf.org/proceedings/05nov/minutes/dnsext.txt. The mDNS ID returned to the working group. The chairs post a summary about the comments to the mailing list with a request for review. DNS Testing The Tahi group reported on their first interoperability testing effort. They tested one DNS client and found some bugs in the client and some bugs in the testing tool. They did not find any issues with the basic DNS specifications. The next scheduled TAHI testing event is at the end of January 2006. NSEC3 Update The definition of the NSEC3 records is progressing rapidly. Among the things that got discussed was whether a new record type might be needed for storing meta data. This would help to prevent collisions of hash names and legitimate zone names. A decision about this is delayed until experience is gathered from real implementations. Such experiments should take place before the document is advanced. A testing and engineering workshop might be held at the beginning of 2006. The Big Trust Anchor Management debate The way the trust anchor for DNSSEC in the resolver is managed is not defined, but this needs to be done. Doing things manually is error prone so people are looking into ways for automating this process. Currently there are four proposals – with IDs already written for three of them. There are various intellectual property claims to a couple of these ideas, but the strength of each individual claim is not clear. During the discussion it became evident that all solutions are struggling with at least two different problems: Initial key distribution and key roll over. The need is felt for a short requirements document. Some volunteers have stepped forward to write this within a short time frame (three months). The Sky is falling! The crypto algorithms used in DNSSEC come from standard sources. One of these, the SHA-1 is under attack and some weaknesses have been found. The way that DNSSEC uses SHA-1 is not affected by this weakness, so the sky is not really falling. Since there is not yet widespread deployment of DNSSEC, it is better to replace SHA-1 by SHA-256 now, just in case SHA-1 gets even more tainted in future. For this purpose a new ID will be written which will make SHA-256 mandatory to implement. Workload Review The chairs suggested that for a working group document to advance or to be accepted at least four or five people should have committed to review. If not, it will be dropped by the group and authors will have to do a personal submission. The room hummed consensus. DNSOP The WG has a new co-chair, Peter Koch, replacing David Meyer. The participants agreed to work on the document backlog one-by-one to significantly reduce the number of open and close-to-finished documents before the next meeting in Dallas. This is why no new work was adopted as WG items. For a list of current work items, see http://www3.ietf.org/proceedings/05nov/agenda/dnsop.txt 6to4 Reverse DNS Delegation The (expired) draft-huston-6to4-reverse-dns-03.txt describes a potential mechanism for entering a description of DNS servers which provide “reverse lookup” of 6to4 addresses into the 6to4 reverse zone file and is asked by an IAB IPv6 ad-hoc to be published by the DNSOP WG. After some discussion whether the WG should publish other people’s work, it was agreed to do so. Some reviewers stepped forward. Cross-WG review Other WGs (e.g. ENUM, GEOPRIV, ECRIT) are increasingly asking for review of their drafts buy DNSOP (and DNSEXT), often via the IESG. As an example, the ENUM WG feels the need for clarification about ENDS(0) and volunteers were found to write such a document. Here the question was also how to communicate to both vendors and network operators that EDNS0 is a sheer necessity in today’s DNS operations, particularly needed for ENUM and DNSSEC, but considered non-optional in the general case. The DNSOP WG minutes are available at http://www3.ietf.org/proceedings/05nov/dnsop.html New work: AS 112 in a box Queries to domains such as 168.192.in-addr.arpa or 8.e.f.ip6.arpa leak all over the Internet and end up at the root-servers. There is a network of volunteers (see http://www.as112.net/), operating (anycasted) domain name servers trying to answer these queries, before they hit the root servers. For a description see the http://public.as112.net/ website. The new work proposes that resolvers themselves should directly return authoritative answers for special domains.]]> 1180 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-introduction-to-the-ietf/ Wed, 07 Sep 2005 18:38:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1209 Funding ISOC provides a major source of funding and support for the IETF and its processes. Notably, ISOC funds 100 percent of the RFC Editor function today, and is providing additional support for the IETF by housing its Administrative Support Activity (IASA), which is responsible for all of the IETF’s operational support. Funding for these efforts is provided by ISOC Organisation Members as well as ISOC’s Platinum Sponsors for Internet standards programmes: APNIC, ARIN, RIPE NCC, and Microsoft. Other Support ISOC’s contributions also extend to policy and public relations support on behalf of the IETF as well as legal and insurance coverage. ISOC is the IETF’s sole source of financial support apart from IETF meeting fees. Support from companies whose products and services so clearly depend on the standards developed by the IETF is essential.]]> 1209 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-web-resources/ Wed, 07 Sep 2005 18:39:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1211

IETF Journal Autumn 2005

More information about the IETF IETF meetings IETF mailing lists IETF Areas and Working Groups The Tao of IETF: A Novice’s Guide to the Internet Engineering Task Force The Internet Standards Process IETF RFCs Internet Architecture Board Internet Engineering Steering Group Internet Research Task Force IETF Edu Team IETF Tools Team

]]> 1211 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-mission-statement/ Wed, 07 Sep 2005 18:40:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1213 Open process – any interested person can participate in the work, know what is being decided, and make his or her voice heard on the issue. Part of this principle is our commitment to making our documents, our WG mailing lists, our attendance lists, and our meeting minutes publicly available on the Internet. Technical competence – the issues on which the IETF produces its documents are issues where the IETF has the competence needed to speak to them, and that the IETF is willing to listen to technically competent input from any source. Technical competence also means that we expect IETF output to be designed to sound network engineering principles – this is also often referred to as “engineering quality”. Volunteer Core – our participants and our leadership are people who come to the IETF because they want to do work that furthers the IETF’s mission of “making the Internet work better”. Rough consensus and running code – We make standards based on the combined engineering judgement of our participants and our real-world experience in implementing and deploying our specifications. Protocol ownership – when the IETF takes ownership of a protocol or function, it accepts the responsibility for all aspects of the protocol, even though some aspects may rarely or never be seen on the Internet. Conversely, when the IETF is not responsible for a protocol or function, it does not attempt to exert control over it, even though it may at times touch or affect the Internet. The IETF Mission statement was published as RFC3935.]]> 1213 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf/ Wed, 07 Sep 2005 18:41:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1215

the IASA restructuring is well underway

the IETF now has a written mission statement

Tools Team has been established

the Edu Team is in place and providing tutorials at each IETF

improvements in the IESG document processing

The IESG and the IAB continue to take transparency very seriously: all meeting minutes are published on the web site. IESG teleconference minutes are available here. IAB meeting minutes are available here. The IAB recently published a series of governing RFCs regarding liaisons with other organisations (RFC 4052 and RFC 4053). There is ongoing work in the General Area of the IETF:

• IPR WG (virtually done, no consensus for changes of the underlying policy)
• NEWTRK WG (to discuss a possible new standards track)

At the next IETF in Vancouver there will be a BoF session to discuss IETF requirements for the publication of technical specifications (watch for the Techspec BoF). More work will be done on procedural and process documents. Also the quality and timeliness of WG output and cross-area review needs to be improved. We all need to think more about engineering practices in WGs. Tools can help to manage the status of documents. Some IETF processes will have to change as the world is changing and becoming more complex. Nevertheless it is very important to ensure stability and continuity. At the same time it’s hard to predict the effect and cost of changes in a non-linear system. The aircraft is in flight, so the engines need to be changed with care (and probably one at a time!). IETF Facts and Figures Document actions and RFCs since IETF62

• 4 new WGs
• 22 WGs closed
• 548 new I-Ds (56% in 4 weeks prior to IETF63)
• 1043 updated I-Ds (55% in 4 weeks prior to IETF63)
• 103 IETF Last Calls
• 148 approvals (83 standard/BCP)
• Around 125 RFCs published (71 standard/BCP)
• 1 appeal

IETF63

• 1454 registered attendees (65% from outside US)
• 36 countries (26 countries at IETF62)

]]> 1215 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-iab-4/ Wed, 07 Sep 2005 18:42:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1217

"What’s in a name – False assumptions about DNS Names" (draft-iab-dns-assumptions); will be sent to the RFC editor shortly

"Architectural Implications of Link Layer Indications" (draft-iab-link-indications)

IAB Processes for management of liaison relationships (published as BCP102, RFC4052)

Writing Protocol Models (published as RFC4101)

The IAB members met during a retreat in June and discussed the priorities for this year. The following areas were identified as key organizing items:

• IPv6 (helping detect and promote solutions of pieces missing to get IPv6 deployed).
• Internet Architecture (there are specific underlying Internet engineering principles that are not well-documented; this "common knowledge" needs to be documented better).
• Bad net traffic (providing pointers to documents and overviews on what the real issues are about bad net traffic and to provide tools to reduce the impact of such activities; also see Steve Bellovin’s presentation during IETF 63 technical plenary).

To help organize and inform IAB discussions on particular topics, informal (ad hoc) committees are formed from time to time. Currently, these include:

• the IPv6 ad hoc committee, which is composed of IAB, IESG, RIR-aware folks looking at IPv6 address allocation and related technical issues. The purpose is to provide an opportunity to detect areas that need further exploration within or across the IETF or RIR communities, and promote the discussion and resolution of any such issues within the appropriate communities.
• the IDN ad hoc committee, which was formed to review technical issues that are facing deployment of IDNs and propose appropriate next steps for appropriate usage and/or standardization of IDNs.

All documents published by the IAB are listed here. All current IAB Internet-Drafts are can be found here. Minutes of IAB meetings are published here. For more info about the IAB: http://www.iab.org.]]> 1217 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf-administrative-support-activity-iasa/ Wed, 07 Sep 2005 18:43:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1219

provide direction to the IETF Administrative Director (IAD)

review regular reports

oversee the IASA functions to ensure administrative needs of the IETF community are met

The IAOC’s mission is not to be engaged in the day-to-day operations of the IASA, but rather to provide appropriate direction, oversight and approval. The IAD is responsible for negotiating and maintaining contracts with outside organisations as well as providing any coordination necessary to make sure the IETF administrative support functions are covered properly. The IAOC was seated in April after the publication of RFC 407 (BCP 101). One of their first activities was the hiring of the IAD: Ray Pelletier was hired for this position in May. At the moment the IAOC is working with CNRI on the transfer of IETF related IPR to “the trust”. The details of this trust are currently being discussed. There are also discussions underway about a potential service contract for secretarial functions with NeuStar. The official web site of the Internet Administrative Support Activity (IASA) and the IAOC is currently located at: http://koi.uoregon.edu/~iaoc. For questions, please send mail to: iaoc@ietf.org or iad@ietf.org.]]> 1219 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf-edu-team/ Wed, 07 Sep 2005 18:44:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1221 Bridging, Routing and Switching was a class that was given for the second time at IETF63. This session demystifies the conceptual issues involved in moving data across multiple hops. The class gives an overview of, and contrasts the functionality of these technologies, including an overview of link state routing (used in OSPF and IS-IS), spanning tree (used in bridging and switching), distance vector (used in RIP), and path vector (used in BGP). DNS for programmers was a new class that was offered for the first time at IETF63. Various IETF working groups’ protocols/applications have a need for universal distribution of information related to their operation. The Domain Name System (DNS) is the natural fit to carry certain information. While the DNS is indeed a very valuable and powerful tool fulfilling its tasks very well for almost two decades now, it does not serve all proposed new uses equally well. And even if the DNS is the lookup system of choice, the extent to which the DNS is used still needs to be considered. Sometimes, the DNS’s strength, its global availability, turns out to be a weakness when it comes to operational issues, tracking bugs and fighting misconceptions. This tutorial covered DNS basics and explained how to take advantage of DNS. It also covered the pitfalls of DNS. The class covered common misconceptions and design criteria to be used. RFC Editor Tutorial or How to Write an RFC is a class that is given at each IETF. Given that the main product of the IETF is technical documentation, this is a critical class and should be attended by everyone who plans to write an RFC. During this class, not only are the processes explained, but some of the major errors RFC authors make are described, with explanations of ways to avoid them. This tutorial provides an introduction for newcomers to the RFC series as well as a refresher for experienced RFC authors. It reviews the most important editorial policies and formatting rules for RFCs. It also provides a set of helpful hints to authors about content and format; following these hints will often improve the timeliness of RFC publication and the quality of the resulting documents. It includes a brief overview of the procedures for review and approval of RFCs, both IETF submissions and RFC Editor submissions. The class was given by an RFC editor and there was an opportunity to ask questions of RFC Editor staff. Copies of slide sets used in the classes are available at: http://edu.ietf.org. In addition to offering the series of classes on Sundays, the Edu Team also holds a lunchtime session for current Working Group chairs on selected topics. These sessions are usually very interactive and this time was no exception. The session at IETF63 covered the criteria the Area Directors use when reviewing Internet Drafts before sending them on to become RFCs and covered new tools that are being developed by the IETF Tool Team and the IETF Secretariat. The Edu Team is always looking for new ways to provide information and education to the IETF community. We hope that this newsletter is helpful in describing the activities of the IETF. The Edu Team maintains an open email list for discussions of any IETF educational issues. Please feel free to subscribe and to send us email with any recommendations you have on ways to improve the educational project in the IETF. For more information about the IETF Edu Team: http://edu.ietf.org Join the IETF Edu Team Mailing list: edu-discuss@ietf.org]]> 1221 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-irtf-3/ Wed, 07 Sep 2005 18:46:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1223

a congestion control RG will be set up soon. Mark Handley gave a presentation during the IETF63 technical plenary on this subject.

a RG to work on transport models has been created (recommended ways to do simulation modelling to support advances in transport protocols).

Other RGs may be formed to focus on the following topics:

• The IETF ALIEN BoF (privacy and anonymous identifiers) might be moved to the IRTF
• Authentication of source IP addresses
• IDN

For more information about the IRTF: http://www.irtf.org.]]> 1223 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf63-review-plenary-sessions/ Wed, 07 Sep 2005 18:47:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1225 Operations and Administration Plenary The Wednesday plenary started with a welcome address by Brian Carpenter, the new IETF Chair. See page 5 for the IETF Chair’s report. Brian thanked France Telecom, the local host and sponsor of IETF63 and introduced Pascal Viginier, Executive President R&D, France Telecom. In his plenary address, Pascal stressed the importance of standardization in order to ensure interoperability. He encouraged the IETF to continue the way in which they are working and to cooperate with other Standards Organisations, especially with the IEEE, but also with the ITU and 3GPP, especially in the area of mobility. On behalf of the Internet Society, Daniel Karrenberg (chair of ISOC’s Postel Award committee) then described the Postel Award and presented the 2005 award to Professor Jun Murai of Japan. Professor Murai thanked ISOC for the award and mentions that he is very pleased to see that there are so many attendees from Japan and the Asia Pacific region nowadays. He remembers when he was the only attendee from Asia at the IETF and looks back to the time when he installed the first root server that was located outside the US. Lucy Lynch, Chair of the IETF Administrative Oversight Committee (IAOC), introduced the IAOC members and describes the responsibilities of the IAOC and the structure of the IETF Administrative Support Activity (IASA) along with the responsibilities of the new IETF Administrative Director (IAD), Ray Pelletier. The IAOC is currently working with CNRI on the transfer of IETF related IPR to a new IETF trust. The details of this trust are currently being discussed. The web site of the IASA is at:http://koi.uoregon.edu/~iaoc Ray Pelletier, the new IAD, introduced himself to the IETF and explained how his job will be to improve the throughput of the IETF and to reduce friction and add transparency. Some processes will have to be changed. He encourages people to send suggestions to iad@ietf.org on process issues regarding meetings, WGs etc. Henrik Levkowetz presented the IETF Tools Team, formed in August 2004. The team is working on a number of very useful tools for the IETF community and is also collecting existing tools from other sources. His presentation as well as all information about the tools can be found at http://tools.ietf.org. A discussion among the IETF community followed during which a number of procedural improvements were suggested related to topics such as:

• Project management/delay reduction for drafts
• Process change ideas
• Does the community believe process change is needed (if so, at what priority)?
• What is the best way to change the process?

Some concern was expressed that concentrating too much on too many process changes could take time away from technical work and review. Leslie Daigle, Chair of the IAB, stressed that the entire community needs to find a way to agree on how to pick what process changes we need to work on and in what order. Further work on process changes will continue in the plenary sessions of coming IETF meetings. Technical Plenary During the Technical plenary on Thursday, a number of technical issues were presented and discussed. Steve Bellovin gave a presentation entitled Application security: Threats and Architecture showing how the world is changing and how people that want to cause harm adapt to new technology. The requirements for security have changed, because the threats have changed. Typical attacks today include eavesdropping, man-in-the-middle attacks, evil twin access points, routing attacks and ARP-spoofing. Yesterday’s security mechanisms such as plain text passwords, plain text challenge/response based on passwords or crypto without bilateral authentication don’t work well today. With every transaction we need to ask: Is this the party to whom I am speaking? Who is the Right Party? Authorisation is still the hard part. Depending on the application being used, an appropriate security solution must be chosen. However, in order to make that choice, one needs to know what the properties of the lower layers are. This requires real analysis. After the presentation there was a suggestion to set up a tutorial on this topic. Steve Bellovin agreed saying it is important to make people aware of threats and security holes. IAB Town Hall session Moderated open Town Hall sessions were introduced for the first time at IETF63 in order to encourage discussion during the plenaries. Prior to the meeting, suggested discussion topics were collected on the IETF mailing list. Notably, it is easiest to focus discussion on known problems than everything that in fact is working well. To help frame the evening’s discussion the following issues were raised on the IETF list to be discussed during the open IAB Town Hall session:

• The big interconnection between VoIP and IP services
• End-to-end and KISS principle
• Concerns about NAT alikes popping up with session border controllers

A lively discussion followed on the relationship between IETF standards and real-life user experiences: This centred on the question of "How do we make sure we don’t have to turn millions of people into system administrators?" There was discussion about whether this needs to be addressed in every individual WG, or whether a higher level solution exists to the problem. And should user issues become a separate consideration section in standards documents? Some felt that there is not enough expertise about user interface issues at the IETF. A lot of IETF participants are from vendors that sell products. Often there is no end-user experience in the WGs at all (it’s interesting to note that there used to be an Area at the IETF dedicated to users and directed by Joyce Reynolds for many years). The discussion then moved on to the growing complexity and total number of protocols. It is increasingly difficult to see the big picture. Technology is expanding and the IETF needs to respond to that, so Leslie Daigle suggested that more work be done on overview documents, tools and logistical help. Kurtis Lindqvist (an IAB member) was more worried about "layer creep” than “feature creep". There is the tendency to reinvent similar functionality in multiple layers. If one is serious about reducing complexity one needs to analyse what layers show the most complexity and then tackle those. Other speakers believed that as a community we don’t pay enough attention to complexity. It is hard to add simplicity and striking the right balance is essential. Finally, a suggestion was made that WGs should have a web page on which they could present an overview of their technology. The Technical plenary also included updates from the IAB (see page 6) and the IRTF.]]> 1225 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf63-review-routing/ Wed, 07 Sep 2005 18:48:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1227 Securing Inter-Domain Routing For those who have been following this activity, the good news is that the base documents on securing inter-domain routing, being developed in the RPSEC working group are now in their final stages. The next step is to look at the issue of standardization of an inter-domain routing protocol that can incorporate these requirements. There have been a number of secure routing protocol proposals over the past few years and part of the work will be the challenging aspect of standardizing a protocol that can support security in the inter-domain routing environment. It’s likely that there will be a BOF on this topic at IETF-64. This promises to be an interesting area of IETF activity in the coming months. Inter-Domain Routing At IETF 63 there was a proposal to introduce a ‘Time To Live” or TTL for BGP updates. This is not the first proposal for a protocol mechanism to limit the scope of propagation of BGP updates, and no doubt will not be the last, but it does have the essential attributes of being simple in its definition and clear in its operation. Each AS decrements the TTL of an Update, and when the TTL value gets to zero the update is discarded. Given that about one half of the BGP routing table consists of more specific advertisements of existing aggregates, this method of localizing the propagation of more specific prefixes is certainly worth considering. On another note, the revised specification for the BGP protocol proved to be a significant exercise taking some three years and 26 iterations of the draft document. The good news is that this work is now largely complete, and is currently in the publication process. OSPF Current work is on version 3 of this interior routing protocol. This includes aspects of support for Traffic Engineering as well as adding explicit support for various forms of mobility. There is an interesting area of trade-off here in terms of how much functionality is pushed into the routing protocol itself, and how much is taken up by the application environment. ISIS The Working Group is currently working on documenting a number of implementation practices and extensions. The bulk of this work is now coming to a conclusion and the next steps for ISIS appear to be on the agenda for the Routing Area. MPLS The current activity here includes the task of adding multicast to MPLS. No doubt one of these days we’ll see multicast become an accepted and integral part of the portfolio of IP services, but multicast provides a set of technical and business challenges that continue to make its ubiquitous deployment a challenging goal. However there is a lot of interest in multicast these days, and maybe we’ll make some progress in this. Also there is the continuing work in extending MPLS into inter-area support. VPN Activity Standardizing various aspects of the design of Virtual Private Networks continues to be an aspect of the IETF’s work. The original work on standardizing aspects of VPNs quickly split into two working groups, the Level2 and Level 3 VPN working groups, reflecting the two major approaches to VPN implementation. These working groups sit in the Internet Area of the IETF. The Routing Area now has a Level 1 VPN working group, looking at the aspects of providing a synthetic Layer 1 VPN between the customer’s edge devices. Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects a personal perspective on some current highlights.]]> 1227 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf63-review-ipv6/ Wed, 07 Sep 2005 18:49:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1229 IPv6 Operations What has been shown on the operational side is the limited operational experience. Many topics in the IPv6 operations working group highlight this problem. One example is the document on ICMP filtering. ICMP filtering is very different from IPv4 and something that will require rethinking. There is still a lot feedback needed from the community before there will be a good best practice document. Renumbering is another case where there has been an effort to try to document actual renumbering trials, but where it was pointed out that the experience with renumbering is still limited and that there are many pieces missing to make the renumbering effortless. To compensate for the lack of operational experience a lot of effort has gone into documents that describe different scenarios and how they should be tackled. The documents discussed at this meeting covered enterprise networks and broadband access networks. The broadband access network document covers many different deployment cases, but not all. It was pointed out that it doesn’t comply with the latest standard for cable networks, DOCSIS 3.0, but as the draft is more or less ready for last call there was bit of reluctance to wait too long for input on that topic. One document that highlights clearly the difference between IPv4 and IPv6 is the network architecture protection draft. It documents the perceived benefits of IPv4 NATs and shows how these benefits can be implemented in IPv6 without losing end to end connectivity. As it gives a very comprehensive view of a popular topic and includes solutions to all the problems it will hopefully soon be approved by the working group. Shim6 The lack of multi-homing capability is seen by many as biggest problem with IPv6. Therefore the Shim6 working group has put forward a very aggressive plan where most things should be documented and ready by the end of next year. As the multi-homing approach using a shim layer is extremely complex many new questions will arise as the work with the protocol progresses. Right now there are already a number of questions to be answered. One is the triggers to change communication path. To some extent this has already been documented in a draft about reachability detection. The discussion regarding this document showed that it isn’t trivial to define what is or is not a failure. This area will need continued work as will the work with upper layer interaction which was decided to be started as working group item. These are only small parts of the whole design but still very important. Another area that might have to be studied is traffic engineering, which today isn’t covered at all. Right now the focus is on getting the basic architecture through the standardization process. Tunnelling mechanisms Something that has been a hot topic for a long time is different tunnelling mechanisms and at the last IETF there was a BOF about a tunnel discovery and configuration protocol. That BOF didn’t lead to a working group but at IETF63 there was a new BOF on almost the same topic. This time the BOF was called Lightweight Reachability softWires (LRW) and tried to describe the problems instead of the solutions. Even with the focus on the problems it wasn’t clear what the use cases were since there were very many different scenarios where people saw a need for a deterministic tunnelling mechanism. As tunnel mechanisms are things that are needed in the initial stage of IPv6 deployment the time frame for this potential working group is short and the work needs to be started more or less now to be of any use. If the WG is approved the chairs wanted to have an interim meeting to write the problem statement before the next IETF. As a final note it is worth mentioning the Dynamic Host Configuration working group (DHC) which is a good example of where IPv6 has spread and is a natural part of the WG work. A lot of efforts are going in to writing standards for DHC that can work with both IPv4 and IPv6, which isn’t as trivial as it might seem at first glance, especially in a mixed environment with several DHC servers. Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects a personal perspective on some current highlights.]]> 1229 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf63-review-mobility-and-wireless/ Wed, 07 Sep 2005 18:50:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1231

NETLMM – on standardizing a network-based, localized mobility management protocol

AUTOCONF – on auto configuration for ad hoc networks

ALIEN – on issues around privacy and anonymity of network identifiers, such as port numbers and IP addresses

MONAMI – on dealing with multi-homed mobile hosts and routers and the associated per interface routing policies

Finally, the MOBOPTS IRTF Research Group – which reviews research on mobility related optimizations for Mobile IPv6 and recommends topics for standardization that have reached an appropriate level of maturity – typically meets at IETF meetings as well. This is the first of what will hopefully be a regular column that focuses on mobility and wireless topics in the IETF. However, given the range of activities currently underway in the IETF, it is not possible in every column to provide a comprehensive summary of all the working groups and BOFs. Instead, each column will summarize the topic of BOFs and newly formed working groups, and take an in-depth look at the primary activities in one or two working groups dealing with wireless and mobile topics. In this issue, we’ll focus on one of the successors to the traditional Mobile IP working group, the MIP6 working group. Reader feedback on exactly how best to provide ongoing information about wireless and mobility related activity in the IETF is welcome. The MIP6 working group has been chartered to work on a few topics related to implementation and deployment of Mobile IPv6, including updating the protocol specification. Foremost on the list is a way to bootstrap a mobile node having nontopological information (like a DNS domain name of a home mobility service provider) to the point where the mobile node has a home agent address, a home address, and an IPsec security association with a home agent. With this information, the mobile node can perform Mobile IPv6 Binding Update to register its care-of address and start getting traffic routed through the home address. At IETF 63, the design team reported back on their work in this area. The work applies primarily to cases where administrative entity authorizing the mobile node for mobility service and the administrative entity authorizing for network access service are two different entities, but is also applicable to cases where the two different services are authorized by the same entity, such as the typical cellular operator. The design team specified the use of DNS for locating a home agent address (with DHCP also applicable in some limited cases), and IKEv2-based home address configuration. The team also designed a way for the home agent to update the mobile node’s FQDN within the DNS server with the new home address, so that the mobile node is reachable by applications. Another design team has been investigating transition issues related to Mobile IPv6. The transition scenarios addressed by the design team aim to ease the deployment of Mobile IPv6 and allow it to work independently of the access networks’ capability (i.e. IPv4 only or IPv6 only). The work will also allow mobile nodes using Mobile IPv6 to use IPv4 home addresses, which smoothes migration by allowing dual stacked hosts to use one mobility management protocol. Naturally, the design team also aims to make Mobile IPv6 work in networks using private IPv4 addresses and NATs. An important consideration is to avoid having to run both MIP4 and MIP6 on the mobile node, since various considerations have shown that this is difficult and cumbersome to do. The mobile node is assumed to be dual stack. Finally, the working group has also been discussing home agent reliability. The idea here is for a protocol to provide a way for home agents to communicate among themselves, and for a home agent or home agent cluster to communicate with mobile nodes, to allow failover if a home agent goes down either intentionally or inadvertently. A protocol for inter-home agent communication in an individual submission was discussed at IETF 63, as were a few protocols for home agent to mobile node communication. It wasn’t clear to the WG that there is a need for a standard protocol. Discussion will continue on the mailing list. Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects a personal perspective on some current highlights. Mobile IPv6 Working Group web page: http://www.ietf.org/html.charters/mip6-charter.html Mobile IPv6 Working Group Mailing List: mip6@ietf.org]]> 1231 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/follow/ Wed, 18 Oct 2017 21:59:18 +0000 https://www.ietfjournal.org/?page_id=2348 Journal on social media to keep up to date with the latest articles, IETF highlights, and useful resources.

	Follow us on Twitter
	Follow us on Facebook

 ]]> 2348 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/back-issues/ Fri, 12 Jan 2018 16:29:24 +0000 https://www.ietfjournal.org/?page_id=2606 2606 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/testing/ Tue, 01 May 2018 09:26:47 +0000 https://www.ietfjournal.org/?page_id=2752 2752 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/privacy-policy/ Tue, 15 May 2018 16:57:08 +0000 https://www.ietfjournal.org/?page_id=2808

Privacy Policy

As this site is hosted and maintained by the Internet Society, your interaction with the site falls under the Internet Society Statement of Privacy found at: https://www.internetsociety.org/privacy-policy/ The text of that statement as of 20 April 2018 is included below.

Internet Society Statement of Privacy Policy (“Privacy Statement”)

Effective date: 20 April 2018 Previous versions:

• 17 August 2017
• 15 December 2011

The Internet Society’s Commitment to Responsible & Ethical Privacy Practices

In keeping with the goals and objectives of The Internet Society (“ISOC”), we are committed to the highest degree of respect for the privacy of our members, visitors to our websites and attendees of our events. In this Privacy Statement, we use “we,” “us” or “our” to refer to ISOC and “you” or “your” to refer to you, the user, member or visitor to our web sites. For certain purposes of this Privacy Statement, we distinguish between individuals who choose to register and join ISOC as a member (“Members”) and users of our websites (the “Sites”, including otalliance.org) who simply visit the Sites (“Visitors”) and do not choose to register as Members. Unless indicated otherwise, all provisions of this Privacy Statement apply to Visitors and Members. This Privacy Statement applies to all of our Sites. When we do not rely on your consent to this Privacy Statement for use of “Your Data” (as defined below), we will tell you so. By accessing and using any of the Sites as a Visitor, you expressly and knowingly consent to the information collection and use practices as described in this Privacy Statement. Our commitment to your privacy, is based on the following principles which we apply to our use of both your personally identifiable data (“Personal Data”) and to certain anonymous information we collect when you visit our Sites (“Technical Information”, and together with Personal Data, “Your Data”):

• We will describe Your Data we will collect;
• We will inform you clearly about our collection and use of Your Data;
• We will either seek your express informed consent or rely on other legally permissible bases for the use of Your Data – either way, we will inform you of the basis for our use of Your Data;
• We will give you control over the privacy preferences that apply to Your Data, including the rights to (a) change your mind about our use, (b) have access to change or correct inaccurate aspects of Your Data, and (c) require that we delete all or parts of Your Data;
• We will not sell or rent Your Personal Data to others;
• We endeavor to maximize the protection of Your Data, and provide you with prompt notice in the unlikely event that a data loss incident or breach occurs; and
• We will endeavor to be completely transparent and open about our data privacy policies and practices.

Privacy Policy Sections

• • How do we collect information?
  • What information do we collect?
  • How Do We Use Your Data Collected at Our Sites?
  • Can I Choose not to Receive Commercial Email Communications?
  • Other Legal Bases for Using Your Data
  • Credit Card Information
  • Use of Cookies
  • Data Security
  • Cross Border Transfers
  • Links
  • Accessing and Updating Personal Data 
  • Data Retention 
  • Social Media, Blogs & Discussion Groups 
  • Compliance
  • Control of Your Personal Information “Do Not Track” Notice: 
  • Children / Minors
  • Your California Privacy Rights
  • California Web Site Data Collection
  • Contact Us
  • Member Personal Data, Communication & Database
  • Changes to this Privacy Statement

How do We Collect Information?

We collect Your Data in the following basic ways:

• You give it to us when you register as a Member or if a Member or a Visitor registers for an event including but not limited to webinars, signing up for a newsletter or making a comment on a blog or social media;
• You give it to us in email inquiries or in your public comments;
• We automatically collect Technical Information when you visit our Sites; and
• We obtain legally available information from outside sources, including commercially available geographic and demographic information along with other publicly available information, such as public posts to social networking sites.

What Information Do We collect?

• On the Sites, we request certain Personal Data, for purposes such as registering to become a Member, renewing your membership, participating in discussion groups, submitting inquiries and comments, or registering for a webinar or our conferences or events. This may include name, title, company/organization name, postal address, email address, work, home and mobile phone numbers. See our Frequently Asked Questions (FAQ) list for specific data elements we may request and collect.
• We or our authorized vendors may collect Technical Information that we do not associate with any individual Site user. This information includes –
  • how many visits we have to the Sites,
  • when those Sites are visited,
  • browser types used for Site visits,
  • name of the Internet service providers,
  • the Internet Protocol (IP) address through which you access the Internet;
  • pages that you access while at one of the Sites, and
  • the Internet address of the website from which you linked directly one of the Sites.

How Do We Use Your Data Collected at Our Sites?

• We do not sell or rent any Personal Data supplied by you. We occasionally work with other companies, consultants, and contractors to provide limited services on our behalf, such as website hosting, public relations, mailing, answering customer questions about products and services, and sending information including but not limited to our research, white papers, policy positions and events. We will only provide those companies the Personal Data they need to perform the service for which they are retained and they agree to treat information confidentially and to only use it for the purposes of providing services under our agreement with them. See our FAQs for a current listing of those third parties that perform these services for ISOC.
• We may use Your Data to provide you with more effective customer service and to improve the Sites and any related products or services we may provide or make available.
• We may use your Personal Data to provide you with important information about your ISOC or Chapter membership.
• We may use Technical Information to periodically analyze Site logs to assess aggregate usage trends in order to better serve the needs of Visitors and Members and maximize the user viewing experience. Under some circumstances this information may be used for purposes of systems administration, fraud prevention or server troubleshooting and security. This information may also be used to help improve the Sites, analyze trends, and administer the Sites.
• We may disclose Your Data if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the requirements of the law or comply with legal process served on us or the Sites; (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of our employees and staff, agents, users of our products or services, or members of the public, or (d) effect any merger, acquisition, or sale of all or a portion of our assets, in which case you will be provided notice of the following via email and/or a prominent notice on the relevant Site, (i) the change in ownership, (ii) the uses of Your Data in the transaction, and (iii) choices you may have regarding Your Data. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide Your Data to third parties as part of legal process.

In addition, we will use Your Data to:

• Provide information or a service requested or consented to by you.
• Assist in the performance of our activities and public interest functions.
• Comply with relevant contractual obligations with you and other third parties.
• Improve Site performance and content, including trouble shooting and diagnostics.
• Improve your engagement and interaction with other Members of our community.
• Improve our engagement and interaction with you.
• Facilitate your attendance at and participation in our events, communities or blogs.
• Confirm your identity.
• Process a request or payment / donation submitted to us.
• Comply with legal requests.

Can I Choose not to Receive Commercial Email Communications?

We realize that unwanted and non-relevant email notices and communications can be unwelcome. Every promotional, event or related communication we send to you via email contains instructions and an easily discoverable link that will allow you to unsubscribe and stop all subsequent commercial or marketing messages and/or direct you to a preference center to select topics of interest to you. Unless you consent (opt in) to the receipt of commercial or marketing emails, we will not use your email address for such purposes. You can always change your email preferences by visiting our membership portal and clicking through to the preferences page. By joining ISOC, Members may opt-in to the inclusion of their email contact information in our Member email communication and Member newsletter lists. Members can manage their email preferences including opting in and out of working groups, committees and special interest group (SIG) communications through the ISOC membership portal at https://portal.isoc.org/membership/membership-management-centre and through the OTA member preference center at https://otalliance.org/user/login. Members may receive periodic email or postal mailings from us with information about us, upcoming events, or issues related to the Internet including but not limited to news, public policy and emerging best practices and standards. We offer you the opportunity to select which, if any, of these communications you would like to receive. All of our practices are designed and intended at a minimum to satisfy state, national, provincial and federal legal requirements limiting email communications. In addition to these laws and regulations governing email marketing there are other laws and regulations governing telemarketing and direct mail. As a general rule, we do not engage in those types of targeted marketing activities including but not limited to device finger printing, profiling and or cross device tracking.

Other Legal Bases for Using Your Data

In the event we do not rely on your consent to this Privacy Statement as the basis for our permitted use of Your Data, we will tell you so. For example, we may tell you that we are relying on our obligation to meet our contractual obligations to you. We may also rely on a “legitimate interests assessment” to process Your Data. Current circumstances where we use this approach are described in the FAQs. We will separately notify or disclose to you when we rely on an alternative legal basis for the use or processing of Your Data.

Credit Card Information

Credit card information is not collected or stored on our servers. When you conduct transactions through a Site, payment and payment card information for transactions with us is entered directly into a third-party processor’s systems and is not transmitted through or stored by us. The card processor provides us with an authorization code which is securely stored with the payment record on our servers.

Use of Cookies; Technical Information Collection

Our Sites use third parties for web analytics services, including Google Analytics, to collect Technical Information. See our FAQ for a current listing of such third parties. These third parties do or may use “cookies” or similar technologies, which are text files placed on your computer, to help analyze how you use a Site. The information generated by the cookie about your use of a Site (including your IP address) will be transmitted to and stored by these service providers servers in the United States. They will use this information for the purpose of evaluating your use of a Site, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. They may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf. You may refuse and block the use of all of our (and third party) cookies by selecting the appropriate settings on your browser. However please note that if you do this you may not be able to use the full functionality of our Sites and it might impact your overall experience.

Data Security

While no data transmission over the Internet can be guaranteed to be 100 percent secure, we take reasonable and appropriate measures designed to protect the security of data transmitted to us upon receipt. ISOC is a strong advocate of privacy enhancing technologies including our efforts with respect to encryption (see https://www.internetsociety.org/encryption). By default, the Sites encrypt connections between client devices and our servers to minimize the ability of any third party to “eavesdrop” on Your Data. In addition, where feasible, data is stored encrypted. If your browser does not support HTTPS encryption, you are encouraged to contact us by phone or in writing. Our databases and system administration logs, are restricted to access by authorized and authenticated users. We use reasonable industry security standard safeguards (which may include physical, procedural and technical measures) to protect against the unauthorized disclosure of Personal Data. We take reasonable steps to ensure that Your Data is complete and relevant to its intended use. We will take reasonable and appropriate security measures to protect against unauthorized access, disclosure, alteration or destruction of Your Data. ISOC has a Chief Administrative Officer, who routinely reviews our data incident response plan. Our Chief Administrative Officer can be contacted at privacy at isoc.org.

Cross Border Transfers

If you visit our Sites from a country other than the United States, your communications will likely result in the transfer of Your Data across national borders. Our servers or offices may be located in countries other than the country from which you access our Sites, also resulting in the transfer of Your Data across international borders. If you provide Your Data when visiting one of our Sites from outside of the United States, you acknowledge and agree that this data may be transferred from your then current location to our offices and servers and to those of our affiliates, agents, and service providers located in the United States and in other countries. The United States and such other countries may not have the same level of data protection as those that apply in the jurisdiction where you live. For site visitors who reside in the European Economic Area, Switzerland or the United Kingdom, we will only transfer Your Data (a) to jurisdictions with “adequate protection” as used in the General Data Protection Regulation governing transfer of personal data outside of the European Union (the “GDPR”), or (b) to recipients with appropriate safeguards in place, including where contractual arrangements exist which include Standard Contractual Clauses (as defined in the GDPR) without any additions, modifications, or omissions.

Links

The Sites contain links to other sites, organizations and resources. Please be aware that we cannot be and are not responsible for the privacy or security practices of such other sites. We encourage you, when you leave our Site(s), to read the privacy statements of those other sites that collect personally identifiable information and have up-to date security and anti-virus software on all of your devices. This Privacy Statement applies only to the Sites.

Accessing and Updating Personal Data

Users may request access to their Personal Data collected and stored by us (if any) to verify if it is complete and accurate or to request that it be deleted. At a minimum, we will respond to your request within any applicable timeframe required by law and will otherwise take reasonable steps to respond to legitimate requests to access, correct, delete or update any such information retained by us. Requests may be sent by email to privacy at isoc.org. It is important to understand that deletion of your Personal Data may adversely impact your ability to enjoy the full benefits of membership.

Data Retention

We will only retain Your Data stored on our servers in accordance with the legitimate needs of our business and as required or permitted by applicable law. We will not retain any unused Personal Data on our systems longer than necessary for legitimate business purposes.

Social Media, Blogs & Discussion Groups

Please note that this Privacy Statement does not apply to any posting by you in any of our discussion groups, blogs, discussion threads, elists, chat areas or similar interactive areas of our Sites. Your participation in those discussion areas and anything you post in those areas constitutes your public disclosure and may be attributed to you and displayed, republished and otherwise disseminated by us in accordance with the terms of use agreement you agree to abide by in order to participate in those areas.

Compliance

Our collection and use of any of Your Data is subject to the laws and regulations of the countries and political subdivisions in which our Visitors and Members reside. We are and remain committed to complying with all such legal obligations and use these legal requirements as the minimum beginning point for our use and collection of Your Data. Included in these laws and regulations are (a) the GDPR, which governs among other things, consents, uses and cross-border transfers of personal data concerning European Union residents, and (b) the California Online Privacy Protection Act, governing such matters with respect to California residents. If you have any questions regarding this Privacy Statement or you feel that the Sites are not following these legal requirements or our stated information policy, please contact us by email to privacy at isoc.org or at either of the addresses or phone numbers listed in the Contact Us section of the Sites. You may also contact us at that address if you have any concerns about the accuracy of, or wish to correct, your Personal Data we have collected from you.

Control of Your Personal Information “Do Not Track” Notice:

We respect enhanced user privacy control and support the development and implementation of a standard “Do Not Track” (DNT) browser feature, designed to provide users universal and persistent control over the collection, sharing and use of information by third parties regarding their web-browsing activities. Once the specification is finalized we intend to honor user’s requests with respect to browser tracking.

Children / Minors

The Sites are not targeted at, directed to or intended for the use of children under the age of thirteen. No person under the age of thirteen should use any Site or under any circumstances provide any Personal Data or other information at a Site. If you become aware that any individual under the age of thirteen has used any Site, please contact us immediately at privacy at isoc.org. By use of any Site you represent and warrant that you are over the age of thirteen.

Your California Privacy Rights

California Civil Code Section 1798.83 entitles California residents to request information concerning whether a business has disclosed Personal Data to any third parties for their direct marketing purposes. As stated in this Privacy Statement, we will not sell your Personal Data to other companies and we will not share it with other companies for them to use for their own marketing purposes without your consent. For further information concerning your California Privacy Rights including “Do Not Track,” visit https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf

California Web Site Data Collection

We do not knowingly allow other parties to collect personally identifiable information about your online activities over time and across third-party web sites when you use the Sites. We provide information about the opt-out or opt-in choices available to users.

Contact Us

Any user, including California residents, who wish to request further information about our compliance with these requirements, or have questions or concerns about our privacy practices and policies, may contact us at: privacy at isoc.org or by mail at: Internet Society Attn: Chief Administrative Officer 11710 Plaza America Drive Suite 400 Reston, VA 20190

Member Personal Data, Communication & Database

“Members” are defined as individuals, companies, organizations and/or institutions that choose to register with and have an agreed membership relationship with us. All of Your Data as a Member is covered by this Privacy Statement. Some Member types include voting rights. In the case of online balloting for our elections, our voting Members are supplied with a unique identification that ensures only a single vote is registered per voting Member. The details of the actual votes are maintained only during the election process and solely to allow proper verification and audit of the election. As a Member, you may review or update your Personal Data by logging into the membership portal(s) and reviewing or changing your Personal Data directly. You may also inform us by email, phone, or postal mail directed to the contact information provided on our Sites or, Members may also adjust these settings or change or correct their Personal Data by email to membership at isoc.org, or by contacting Us by phone using the Contact Us information available on our Sites. In order for you to fully enjoy the benefits of membership in ISOC, we need to be able to use Your Data for communication, record keeping and the other purposes described in this Privacy Statement. If you choose not to permit us to use Your Data as described in this Privacy Statement, you will not be able to continue as a Member. Of course, you will still be able to visit our Sites as a Visitor and to take advantage of all of the opportunities provided to Visitors to the Sites.

Changes to this Privacy Statement

We routinely update this Privacy Statement to provide additional explanation and clarification of our practices and to reflect new or different privacy practices, such as when we add new services, functionality or features to our Sites. You can determine when this Privacy Statement was last revised by referring to the Effective Date above on this page. We will also provide an archive of our past privacy policies with the ability to plainly see the changes from one to another. Any changes to this Privacy Statement will also be announced on our home page. ]]> 2808 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/privacy-policy/privacy-faq/ Tue, 22 May 2018 15:28:30 +0000 https://www.ietfjournal.org/?page_id=2828

Internet Society Statement of Privacy – Frequently Asked Questions (FAQ)

These Frequently Asked Questions (FAQs) provide additional information or explanation about the Internet Society (ISOC)’s Privacy Statement and our use and sharing of Your Data. Should you have any questions about these FAQs or suggestions for additional questions we might add, please contact our Chief Administrative Officer through the contact information in the Privacy Statement. Capitalized terms in these FAQs have the same meanings as in the Privacy Statement.  These FAQs are intended to assist in the understanding of our Privacy Statement. If there is an inconsistency or conflict between these FAQs and the Privacy Statement, you should rely on the language in the Privacy Statement.

Q: What information does ISOC collect when I register to become a Member and why?

Our free membership is available to anyone in the world via our join pages on our Sites. During the registration process, we collect four basic pieces of information – First Name, Last Name, Email Address and Country.  These pieces of information become the basis of

• how we address you in our communications,
• how we send communications to you
• how we group you geographically for Customer support
• how we validate login to our Member systems

Without your email address, we are unable to communicate with you, or provide transactional information (such as validation of email address, process a forgotten password or send you confirmation of payment if you also donate to ISOC). Additionally, if you choose to apply to one of our Chapters, we will also ask for your city of residence. This information is used as described in the Privacy Statement, including making sure that you choose the right Chapter based on your physical location.

Q: When do we rely on other permitted bases for the use or processing of Your Data?

ISOC ‘s goal and commitment is to inform you when we would like to use Your Data, the purposes for which we will use it and the legal basis for our use. For example, there may be a contractual relationship between you and ISOC (the contract does not have to be in writing) where ISOC needs to use Your Data to provide you with the services you are entitled to under the agreement. We will tell you when we are relying on our obligation to comply with our contractual obligations to you for the use of Your Data.

Q: What other personal information does ISOC collect?

In order to register to participate in certain ISOC activities, you may be asked for and provide other personal information including physical address, credit card information or social media information. This information is collected to facilitate your request to participate in ISOC activities. For example, if you request to be put on a mailing list of a physical journal or newsletter, we would need your physical address to ship the item to you.

Q: The Privacy Statement says that ISOC allows the collection of some Technical Information of both Visitors and Members who use the Sites. What third parties does ISOC use for this data collection?

Our Sites use third parties for web analytics services so that we can understand how visitors interact with our sites – and how we can improve the experience for visitors. Our current services and/or vendors are:

• Google Analytics – our primary source for website analytics
• Facebook – information associated with sharing content from this site on Facebook

In April 2018, we are currently in the middle of an inventory of our sites to determine what other tracking systems may be in use across our ecosystem of affiliated sites. This FAQ will be updated as that inventory is completed.

Q: The Privacy Statement says that ISOC uses third-party companies, consultants or contractors to provide limited services. What are those companies or services and why does ISOC use them?

We utilize these services for website hosting, public relations, mailing, or focused scope work in computer system development. Each of our contracts with these third parties restricts the use of personal information so it can only be used to provide the services under the contracts.  In addition, these companies are required to treat all information and protect it by processes and procedures no less strict than those used by ISOC. Our current services and/or contractors are:

• Bytemark – Private cloud hosting provider for our Sites and Association Management System (AMS)
• HigherLogic- Base software as a service for our Connect platform
• High Road and Bluehornet – Bulk Mail services and integration to our Association Management System (AMS).
• AMSL – Service provider that manages an elist system for us based on Mailman
• Kallidus LMS – Base software as a service for our Inforum Learning Management System
• Five Nines Hosting – Service provider that hosts and maintains systems for ISOC.
• BigPulse Online Voting – Software as a service for our various election and voting management
• BriteVerify – Validates the ability to send email to email addresses in our database.
• com – File storage and sharing platform utilized by ISOC Staff and community.

Q: Will this FAQ be updated over time?

ISOC will continue to update this FAQ should more clarity be needed on aspects of the Privacy Statement. Should you have a question, please contact the Chief Administrative Officer at the contact information on the Privacy Statement. ]]> 2828 2808 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/form-dev/ Fri, 13 Jul 2018 09:08:58 +0000 https://www.ietfjournal.org/?page_id=2919 2919 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-agreement-marks-major-milestone-in-ietf-administrative-restructuring/ Wed, 07 Dec 2005 18:17:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1174 1174 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-routing/ Wed, 07 Dec 2005 18:20:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1178 Routing Area Working Group (rtgwg) Alex Zinin, one of the Area Directors of the Routing Area announced his intention to step down from this role in March 2006, at the expiration of his current term as AD. Alex has served for four years as an AD for the Routing Area of the IETF and has established a careful consultative style as an Area Director. I’d like to simply say here a personal thanks to Alex for his time and energy over the past four years. RFC1264bis – a review of Routing Protocol Standardization Criteria. A number of changes are being proposed here, including turning the protocol analysis documentation, which was a mandatory requirement for Proposed or Draft Standard protocol specifications, into a chartered step if it is felt that such an analysis is a requirement for the protocol being developed. The experience with BGP was that this particular analysis was an exercise required for the IETF standards process, but was not felt to be a useful document in its own right. The current proposal is to either place the preparation of this document into the charter as an explicit Working Group deliverable, or do not prepare such an analysis. Also within scope of this review is a clarification of the independence of the two implementations from the proposed specification. The area meeting also considered the manageability considerations proposal. This is a proposal for each routing protocol to have explicit consideration of manageability while designing the protocol. The discussion of this proposal highlighted the consideration that making this a required considerations section in a protocol specification may not necessarily be a lever to get people to think about this topic, and it stands the risk of adding more boilerplate text to specification documents. On the other hand, thinking about manageability early in the process of protocol specification may be a useful exercise. However, there was no overwhelming push to make this a mandatory part of routing protocol specifications. IP Fast Reroute – the microloop prevention specification has been updated, as have the base protocol and framework documentation. Common Control and Measurement Plane (ccamp) There has been a collection of RFCs published recently (RFCs 4201 through to RFC4210) on a common theme of Multi-Protocol Label Switching (MPLS) extensions and refinements, including six from the CCAMP Working Group on the topic of control and management extensions. A further eight documents are in the RFC Editor queue, nine documents have completed working group last call and seven are still being considered by the working group. Given this relatively high level of document generation, the pace of work in this working group has been quite intense in recent months. A revised charter for CCAMP reflects an intention to deliberately pace the next round of activity to match the capacity of the working group to carefully review material, but nothing dramatically different in terms of direction here. The meeting at IETF64 had a relatively full agenda, including the following items: The group is working on an update of RFC3946 in an attempt to clear up a potential ambiguity, and in the way of many similar efforts, what was in the first instance a relatively straightforward minor task of altering a condition that was ‘greater than 1′ to ‘greater than or equal to 1′ has become infused with all kinds of complexities relating to already deployed implementations that have interpreted the existing text literally, while others have used a more liberal interpretation. It was reported that a resolution appears to be in sight, and it is expected that this will clarify some of the issues in interworking between the SONET and SDH systems. Other activity includes consideration of addressing in GMPLS networks, Traffic Engineering LSPs and the interaction with the RSVP protocol. Related work is on a Network-to-Network Interface specification (NNI) for GMPLS and an associated area of study of inter-domain GMPLS. One of the proposed work items I found interesting was that of virtual concatenation coupled with Link Capacity Adjustment within a GMPLS framework, which is proposed for a general inverse multiplexing technique that could be used across a number of transport technologies, including SONET, SDH, PDH and OTN. For those of us who have struggled with various forms of inverse multiplexing over the years in an effort to treat a number of parallel circuits as a single virtual circuit with a capacity equal to the sum of the multiplexed components, this news of a generalized approach is indeed promising news. Forwarding and Control Element Separation (forces) It appears that this working group is relatively close to completion of its work. To recap from the charter of this working group, the emergence of off-the-shelf network processor devices that implement the fast path or forwarding plane in network devices such as routers, along with the appearance of a new generation of third party signalling, routing, and other router control plane software, has created the need for standard mechanisms to allow these components to be combined into functional systems. In other words ForCES is an effort to standardize a number of internal control interactions between the logical components of a routing engine. To continue from the charter, ForCES aims to define a framework and associated mechanisms for standardizing the exchange of information between the logically separate functionality of the control plane, including entities such as routing protocols, admission control, and signalling, and the forwarding plane, where per-packet activities such as packet forwarding, queuing, and header editing occur. At IETF64 there was an interesting presentation of a ForCES router implementation, with a control element and a forwarding element linked by ForCES protocol messaging. It seems that we are nearing the completion of this effort. Inter-Domain Routing (idr) From a somewhat personal perspective, the good news from this meeting was the completion of this Working Group’s efforts with preparing the 4-byte AS proposal. This has been parked in the working group for some time awaiting two independent implementations of the specification before being able to proceed as a Proposed Standard. With the recent implementation report on these implementations this draft is now on its way to being a Proposed Standard. A similar issue was associated with the AS Confederations specification, and with the recent implementation report this specification has also completed working group review, and is ready for publication as a Draft Standard. The Working Group has also been working on a revised base specification for the BGP protocol, and this group of documents is now with the RFC Editor. The new work being introduced into this working group includes the use of an explicit AS Time To Live (TTL) for BGP advertisements. Currently it is possible to specify a TTL of 1, by specifying ‘NO EXPORT’, but not any values higher than 1, so advertisements are either highly constrained to immediate BGP peers, or completely global. Like similar previous efforts with the ‘NO PEER’ community attribute, the TTL specification is an attempt to localize the propagation of a routing advertisement to a particular AS radius. The IDR Working Group continues to see a wide variety of proposals for refinements to BGP, including outbound route filter grouping, aggregated withdrawals, dynamic AS renumbering, multicast signalling and explicit support for route tunnelling to support various forms of overlay configurations. The major criteria here for advancement of a proposal in the standards process is a writeup of two independent implementations of the proposed specification. Of course there is also no shortage of proposals that appear to be on a continuous loop, and QoS routing, or in this context inter-domain QoS routing, is perhaps one of the best known of these proposals. It’s not all that easy to identify precisely what has changed at each iteration of such proposals, and at each time the proposals tend to founder on one of the basic precepts of the Internet’s inter-domain routing architecture, namely that routing is not a resource management system. The entire topic of how to manage a network’s resources, and to how solve the associated feedback signalling mechanisms remain very resilient as outstanding problems in the routing space. IS-IS for IP Internets (isis) As reported to the routing area, the IS-IS working group has now pushed most of its drafts through the process, including link attributes and router capability advertisements. Rechartering of this working group is the logical next step, and the decision at this point in time is whether to identify a number of work items relating to further IS-IS extensions (such as Layer 2 end point definition) and refinements (such as logical tunnel concentration) and recharter the group to work on these items, or to leave the working group dormant for a period while the current drafts complete their path through the publication process and await a critical mass of new work proposals for IS-IS before reactivating the working group with a new charter. Layer 1 Virtual Private Networks (l1vpn) It is still early days for this particular working group, and this is their second meeting. Someone well versed in the 7-layer network model would see layer 1 as a media adaptation layer, primarily concerned with electrical voltages, plug and socket dimensions and encoding formats. This is not quite the case here. This form of VPN is based on a switched circuit-based network, that may be composed of optical cross-connects, time division cross- connects or fibre switches. The VPN control plane is used to provision a set of switching configurations to inter-connect Customer Edge (CE) devices in a specified topology. The working group is currently working on two documents, framework and applicability, and will shortly start looking at the solution aspects of this form of switch control. With a considerable level of interest in the research community in various form of light-path switched systems for very high speed point-to- point on demand circuits, this form of automation of control of the switching elements appears one promising way to handle on- demand high speed circuit provisioning. Mobile Ad-hoc Networks (manet) To quote from the charter of the ad-hoc autoconfiguration working group, from the IP layer perspective, a MANET presents itself as an IP multi-hop network formed over a collection of links. Thus, each ad-hoc node in the MANET is, potentially, acting as a router in order to provide connectivity to other nodes within the MANET. Each ad-hoc node maintains host routes to other ad-hoc nodes within the MANET, in addition to potentially holding network routes to destinations outside the MANET. If connected to the Internet, MANETs are edge networks, i.e. their boundary is defined by their edge routers. Due to the nature of the links over which a MANET is formed, ad hoc nodes within a MANET do not share access to a single multicast-capable link for signalling. This implies that the usual delivery semantics of link-local multicast and broadcast are not preserved within a MANET. The specification for this topic is now relatively well fleshed out and the working group is now calling for early implementation reports of the MANET protocols. A small number of drafts remain active in the working group, concerning dynamic source routing, on-demand routing, a link-state routing protocol and a simplified multicast forwarding protocol. It is likely that these documents will be completed in early 2006. Also the group is spinning off activities in other areas, such as the autoconf working group in the Internet Area, and interest in a MANET research group to look at topics such as multicast, link metrics and the potential of QoS-related activity. Multiprotocol Label Switching (mpls) As with IDR, OSPF and IS-IS, the MPLS working group is now one of the more venerable working groups in the routing area. Most of its chartered goals and milestones have been achieved, and the current work is focussed on a number of matters relating to ICMP handling, management considerations and OAM requirements and framework, failure detection and graceful restart mechanisms, point-to-multipoint paths. The decision point appears to be rapidly approaching whether to recharter MPLS, or to wind up with this working group and charter more specific working groups on the basis of demonstrated interest in specific areas of further MPLS refinement. Open Shortest Path First IGP (ospf) There has been some good progress on some long-standing work items in this working group, with work on refresh and flooding in stable networks, graceful restart and prioritization and congestion avoidance all being published as RFCs. The working group is currently completing work on IANA Considerations to create a number of IANA registries for OSPF types and options, as well as traffic engineering extensions for OSPF v3. Current activity includes consideration of multi-topology routing, where a number of basic approaches including reuse of the IPv4 Type of Service (TOS) bits with altered semantics in the context of OSPF v2, or use of OSPF v3 with separate instances of OSPF for each topology instance, or the use of tagging OSPF protocol elements with Type Length Value (TLV) headers to allow a number of routing contexts to co-exist in one OSPF environment. The OSPF working group is also looking at the integration of the Mobile Ad-hoc network (MANET) requirements into OSPF v3, looking, in particular, at how to manage potential flooding instances and reduction in the level of formed adjacencies. Rechartering of the OSPF Working Group also appears to be a near term option. Path Computation Element (pce) The PCE Working Group is chartered to specify a Path Computation Element (PCE) based architecture for the computation of paths for MPLS and GMPLS Traffic Engineering LSPs. In this architecture path computation does not occur on the head-end label switching device, but on some other entity that may physically not be located on the head-end device. As reported to the Routing Area, this working group is evidently making good progress, with the architecture description at a mature state and the requirements document also close to completion. The group is intending to complete these documents before heading into the protocol specification phase of their work. At this stage the working group is looking at candidate path computation communications protocols, and protocols of the discovery of path computation elements. Routing Protocol Security Requirements (rpsec) This group did not meet at IETF-64. As reported to the routing area meeting, the main work item at present is the security requirements document for BGP. This document is supported by reasonable agreement on most aspects, but there remain a small number of strongly contested items, and there is no clear way forward at this stage to resolve this. There has evidently been some discussion in the working group on starting a work item on Interior Routing security requirements at this stage, and defer the resolution of the remaining BGP items for the moment. Source-Specific Multicast (ssm) The SSM architecture document has been approved by the IESG. As this was the last remaining work item for the working group, it may be that the working group has now completed all its work! BoF Sessions One way to charter new work in the IETF is via the BoF, which is a more informal session designed to assess the level of interest in the work, and see what related issues may be exposed when considering a particular topic. Two BoFs were held in the IETF-64 within the Routing Area: Secure Inter-Domain Routing (sidr) The BoF reviewed the current status of RPSEC, and the current state of design activity in the area of secure inter-domain frameworks. The proposition was advanced that while RPSEC has not concluded as yet, there is sufficient impetus to commence work on infrastructure and protocol support mechanisms intended to address aspects of securing inter-domain routing. The specific area where there has been clear agreement in the requirements specification activity is that of authentication of route origination. The proposed work would include consideration of the relevant certificate infrastructure to support information validation. It was noted that the outcomes of this activity should be capable of supporting hierarchical rooted PKI models as well as decentralized “web of trust” models if at all possible, as the intended scope of application of this framework encompasses a broad diversity of deployment environments. There was support from the BoF attendees for the aspects of the work where there is clear agreement on requirements, concerning authentication of route origination information and use of associated certificate frameworks, to be undertaken immediately. The question of charter scope was considered and the rough consensus in the BoF was to support a charter that encompassed a more comprehensive security framework for inter-domain routing, but with a caveat that commencement on any particular component of the work would be conditional on clear agreement on requirements from the RPSEC Working Group. GMPLS-controlled Ethernet Label Switching (gels) When all you have is a hammer, then everything looks like a nail, or so goes the saying. So when all you have is Generalized Multi-Protocol Label Switching (GMPLS), then everything looks like a collection of potential label switching devices! (Although some people have been heard to comment that when all you have is GMPLS then, unfortunately, everything still looks like a nail!). This session was to see if there was interest in applying GMPLS to Ethernet switches in support of point-to-point label switched paths. This is very close to the existing effort in CCAMP, but with the addition of wanting to place label information into the Ethernet frame and then coordinate the switches via a GMPLS superstructure. The proposed work was to include definition of protocol-independent attributes for describing links and paths that are required for routing and signalling Ethernet switched point-to- point paths, and specification of routing protocol extensions (OSPF, ISIS) and signalling protocol extensions (RSVP-TE) required for Ethernet switched point-to-point path establishment. If you are looking for a clean delineation between layers 2 and 3 of the OSI protocol stack model in this work you are probably not going to see it! This a blurring of the original protocol model that attempts to create logical point-to-point circuits between Ethernet switching devices, where the circuits are constructed using a label path across label switching devices using some form of routing mechanism to determine edge-to-edge paths. Not all BoFs become chartered as working groups in the IETF, and there was evidently little support in this case to continue with this work in the IETF.]]> 1178 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-ipv6/ Wed, 07 Dec 2005 18:22:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1182 Neighbor discovery RFC2461bis is one of the documents underway and the last remaining piece was the issue about the meaning of the ‘Managed address configuration’ flag and the ‘Other configuration’ flag. The accepted solution at the meeting was to say that M flag indicates a client should use DHCPv6 for all configuration information and only use DHCPv6lite if just the O bit is set. Related to the management flag discussion was the issue when an ISP wants to force a user to use a specific address. Even if the management bit is set by a router there is no guarantee that the client doesn’t use any other address such as privacy addresses. This will create problems with access control since the client address isn’t always predictable. One solution would be not to include a prefix in the router advertisements. IPv6 Operations There’s no lack of operational issues related to IPv6. One big task at the meeting was to figure out what to take up as work within the WG and what to send off to other groups. Documents that already are WG items and now starting to be finalized are Broadband deployment scenarios, Enterprise Analysis, and Network architecture protection. The Broadband deployment document will ship without an updated cable networks section since the new cable network specification isn’t quite ready. The Enterprise analysis will just have a small rewording regarding DSTM before moving to the IESG. One document that was taken up as a new WG item was IPv6 Implications for TCP/UDP Port Scanning. There are many other interesting documents in the working group and the work would definitely gain from a wide community review since all operational input is useful. Softwires At IETF63, Softwires was a BoF but it has been very active and has held an interim meeting to finalize the problem statement. Softwires was approved as WG during IETF64 and will now start working on flexible tunneling mechanisms that work in two different scenarios; the first being hubs and spokes and the second mesh. These more or less represent end host and core network cases. One of the important goals is to make the mechanisms independent of the tunnelling protocol so that it can be optimized to different networks and provide integrity when needed. IPv6 over IEEE 802.16(e) Networks This was a BoF to start a working group that would work with IPv6 over 802.16 networks or WiMax. There was some confusion as to what was the actual problem since it is possible to run IPv6 over 802.16 today. The statement was that the functions in 802.16 networks make IPv6 perform poorly and that there has to be additional work done. One question many asked was if this shouldn’t be something that should be fixed in the 802.16 standard instead of in the IETF. In the end there was no clear consensus on how to proceed and there will not be a WG created right now.]]> 1182 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-shim6/ Wed, 07 Dec 2005 18:23:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1184 1184 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-security/ Wed, 07 Dec 2005 18:24:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1186 http://eprint.iacr.org/2004/199.pdf) and even bigger news in February 2005 when it was announced that the security level of SHA-1 was substantially less than its design goal of 80 bits (http://theory.csail.mit.edu/~yiqun/shanote.pdf). Improved attacks have since lowered the security level of SHA-1 to 63 bits, just inside the range of what’s practical. The three big questions on people’s minds were:

1. Is my protocol still secure?
2. What hash function should I be using now?
3. How and when do I make the transition to a new protocol?

Although there were some differences of opinion, the consensus answers to these questions were more or less as follows:

1. Most protocols are still safe, even if they use MD5. The one big exception here is protocols that use MD5 for digital signatures. This practice should be stopped as soon as possible. HMAC-MD5, which is in wide use for message integrity, is still believed safe but Cryptography Forum Research Group (CFRG) chair David McGrew expressed concern that it might be broken in the near future.
2. Security Area Director Russ Housley recommends that new protocols not use SHA-1 and that the best current choice for a hash function is NIST’s SHA-256, however many attendees expressed hope that better candidates would emerge in the near future.
3. Steve Bellovin, Russ Housley, and Eric Rescorla have studied the problem of hash function transitions in a number of existing IETF protocols (IPsec, S/MIME, SSL/TLS, DNSSEC, and OCSP) and in every case there are protocol problems preventing a clean transition. This means that transition steps have to be taken deliberately but need to start fairly soon.

Russ Housley has issued a call for the Security Area to review every major security protocol to determine the impact of hash function vulnerabilities and study transition strategies. Protocols that have working groups will be studied within those WGs. LTANS, PKIX, SMIME, Kerberos, and TLS have already started this process. Protocols that do not have WGs will be studied by the Security Area Advisory Group (SAAG). Volunteers are actively being solicited for this work. Security Area Working Group meetings were fairly peaceful, with work quietly being accomplished. The Security Area held two BoFs: DKIM and EMU and one Security-related BoF (SIDR) was held in Routing. Domain Keys Identified Mail (DKIM) is a protocol designed to allow e-mail servers to take responsibility for the messages they send. The intention is that this will be a useful tool for fighting spam and e-mail based fraud. This was the second DKIM BoF (the first was held in Paris) and the attendees were mostly in favor of the formation of a working group. EAP Method Update (EMU) was an outgrowth of the SechMech BoF held at IETF63 in Paris. The intention here is to have a forum for the standardization of a small set of EAP methods that meet existing requirements from other SDOs. The mechanisms under consideration include additional shared secret mechanisms as well as public key based ones. There was general enthusiasm in the group for moving forward with this work. Secure Inter-Domain Routing (SIDR) is an effort to design security mechanisms for Inter-Domain Routing (i.e. BGP) while avoiding some of the focus problems that the Routing Protocol Security (RPSEC) Working Group has had. There were presentations on the three major contending protocols: soBGP, sBGP, and psBGP. This work will also probably go forward, with the understanding that rather than picking one design the final design will pick the best technologies from each candidate.]]> 1186 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-mobility-and-wireless/ Wed, 07 Dec 2005 18:25:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1188 MONAMI6 – working on a problem statement and standards track specifications addressing issues associated with the simultaneous use of multiple addresses for mobile hosts using Mobile IPv6 or mobile routers using NEMO Basic Support. AUTOCONF – working to standardize mechanisms by which ad hoc network nodes can configure locally or globally routable IPv6 addresses. In addition, there were BoFs related to mobility and wireless: NETLMM – second BoF on network-based, localized mobility management; 16NG – discussed 802.16 wireless link architectures and work needed to run IPv6 over 802.16; EMU – standardizing Extensible Authentication Protocol (EAP) methods. This article will discuss the results of the first meeting of the AUTOCONF working group and progress in the DNA (Detecting Network Attachment) working group. Both working groups are in the Internet Area. The AUTOCONF working group met for the first time at IETF64, after two BoFs. The objective of the working group is to standardize a way to configure locally routable and globally routable addresses within an ad hoc network. Part of this problem may involve discovery of routers that connect a collection of ad hoc nodes to the Internet. The working group will focus on IPv6 only, to take advantage of the more powerful local link configuration protocols available in IPv6. One of the major issues that came up during the chartering of the working group was that the IETF has really not considered what a Mobile, Ad hoc NETwork (MANET) is and what makes it different from a standard IP network. The first working group meeting discussed the architecture of MANETs in some detail. One presentation characterized the difference very succulently as follows: in other IP networks, the links form the network, while in MANETs, the network forms the links. MANETs tend to be characterized by half broadcast links, little or no specialized infrastructure for routing (the hosts act as routers themselves), and relatively flat routing control structures. In the past, addresses within MANETs could be local (i.e. valid only within the collection of ad hoc hosts forming the MANET), but there is now increasing interest in hybrid MANETs, where the MANET is connected to the Internet through a gateway router. Because the nodes participating in the MANET and the links between nodes are quite fluid, MANETs see network partitions and the joining of two networks more often than other IP networks, and such operations can be thought of as a common part of a MANET’s operation rather than an error condition. This kind of shifting network structure is difficult to accommodate with traditional IP network address and routing configuration. Up until now MANETs have been thought of as principally a routing problem, but work in the ad hoc research community, which is well-represented among the AUTOCONF working group members, has come up with some additional areas were standardization is necessary for good interoperability. The DNA working group has been chartered to devise a more robust network attachment and movement detection protocol for IPv6 than currently is available. RFC 3775, the Mobile IPv6 specification, specifies passive movement detection as the default. The mobile node waits until it hears a multicast Router Advertisement, then checks whether the router was seen before. If not, the mobile node infers that it has moved. The frequency of Router Advertisements is increased to 50 ms. This technique of movement detection has many disadvantages. Besides generating lots of Router Advertisement traffic, the requirement to wait until a Router Advertisement beacon is seen slows down the process of handover. In addition, if a link is configured with multiple routers, the protocol could cause the mobile node to conclude that it had moved to a new link when it really only is seeing a router advertisement from another router. In order to improve movement detection, the working group is developing Best Current Practice (BCP) specifications for configuring hosts and routers without any additional protocol support to facilitate better network attachment and movement detection. The DNA protocol design itself was finished by the design team. The design is based on having the host respond to a Layer 2 hint indicating that it has changed to a new access point. The host then multicasts a Router Solicitation to the All Routers Muticast Address, and receives unicast Router Advertisements from routers on the link. Both the Router Solicitation and Router Advertisement are enhanced for DNA, with additional options. These options allow the host to indicate the link it thinks it is on, and for the router to reply indicating if the host is correct. If the router indicates to the host that it is on a new link, the router returns enough information so that the host can quickly autoconfigure a new IPv6 address on the new link and otherwise become established. The Router Advertisements are returned without the delay required by RFC 2461. Such delays can significantly hamper the ability of a mobile node to quickly configure on the new link. The protocol also contains security features to limit the ability of an attacker to subject the link to a Denial of Service attack.]]> 1188 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-internationalized-email-and-extensions-iee/ Wed, 07 Dec 2005 18:26:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1190

The definition of a mailbox in RFC 2821 is revisited and updated in order for the Local Part (everything left of the ‘@’) to support the full Unicode range of characters, not only ASCII, and for the Domain part (everything right of the ‘@’) to support the IDNA standard. This new form of mailbox is called the Internationalized eMail Address (IMA).

The mail transfer protocol SMTP needs a service extension that will allow mail transmission agents (MTAs) to signalize to their clients at the moment of the session establishment that they support IMAs. Clients that are confronted with that extension will then be able to transmit IMAs in raw UTF-8 encoding to the MTAs in the SMTP commands. The IMA extension is dependent on previous support of the 8BITMIME (RFC 1652) extension by the MTA.

IMAs will not be confined to the SMTP envelope, but spread all over the headers of an email, so the need for characters beyond ASCII in the values of header fields becomes obvious. Though MIME-Extensions (RFC 2047) already provide for partial internationalization support in headers by means of different encodings on the wire, these extensions don’t go far enough. Now with IMA, the definition of header fields as of RFC 2822 will be updated for them to natively support the whole Unicode character space. If an SMTP client communicates with an MTA with IMA support, the client can encode any header field in raw UTF-8. The syntax of header names, however, remains unchanged.

A last, but crucial issue: downgrade mechanisms are defined for the case in which any of the MTAs involved in the delivery chain of a mail would not support the IMA extension. Basically, the MAIL and RCPT SMTP commands will support an optional parameter (ALT-ADDRESS) that allows a client to convey an alternative non-internationalized address, which could be used as a fallback instead of the original IMA. This alternative address could also be automatically generated by applying an ASCII encoding mechanism similar to the ACE used for domain names to the whole IMA, thus mapping it into ASCII. The latter kind of downgraded addresses would be marked accordingly. It would be up to the final MTA (or mail delivery agent) to decode the downgraded fields to turn them back into IMAs. As a last resort, when everything else fails, the mail could always be bounced back to the sender.

These mechanisms, in the form of four I-Ds, are targeted at becoming experimental RFCs. Since it was recognized as a prime directive not to fragment the existing email system, these RFCs will not find their way on to the standards track before implementations appear and the extensions are thoroughly evaluated in daily operations. Impact on other protocols which make use of email addresses, notably POP and IMAP, and on others such as LDAP, ACAP or S/MIME, will be evaluated and additional documents will be produced. Interaction with mailing lists and similar distribution mechanisms will be studied and operational guidelines for IMA deployment will be documented. Internationalized domain names are often associated to phishing and other security problems, like the so-called homograph attack. That is partly unfair: to be true, the whole of the spoofing-attempt mails received by the author at the moment, which are not few, come from traditional ASCII domain names. Since the advent of IDNA, however, some lessons have been learnt and it is a widespread belief that the amount of characters allowed by IDNA is far beyond what is actually needed. To the eyes of the author, the internationalized email addresses effort should try to apply this knowledge from the beginning, constraining the syntax of the Local Part of the email as necessary. It would be sensible to base upon work done by other experts, like for instance, the General Security Profile for Identifiers defined by the Unicode Consortium. All in all, a challenging, multidisciplinary task, which will need as much peer review as possible. What are you waiting for?]]> 1190 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-new-birds-of-a-feather-bof-meetings/ Wed, 07 Dec 2005 18:27:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1192 http://www.ietf.org/meetings/past.meetings.html Applications Area:

• xmlpatch – XML-Patch-Ops BoF
• iee – Internationalised Email and Extensions BoF

General Area:

• pesci – Process Evolution Consideration for the IETF BoF
• techspec – Requirements for IETF Technical Specification Publication BoF

Internet Area:

• softwire – Softwire BoF (met for the second time)
• netlmm – Network based localised mobility BoF (met for the second time)
• 16ng – Ipv6 over IEEE 802.16(e) Networks BoF

Ops/Mgmt Area:

• callhome – Reversing Traditional Client/Server Conn. Model BoF

Routing Area:

• gels – GMPLS Controlled Ethernet Label Switching BoF
• sidr – Secure Inter-Domain Routing

Transport Area:

• voipeer – VoIP Peering and Interconnect BoF
• fecframe – FEC over Transport Framework BoF

Security Area:

• dkim – Domain Keys Identified Mail BoF (met for the second time)
• emu – EAP Method Update BoF

]]> 1192 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-iab-3/ Wed, 07 Dec 2005 18:28:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1194 Appointment of the IESG, the RFC Editor and the IANA From BCP39, the IAB has a role in the appointment of the IESG, RFC Editor, and IANA. Formally, this includes:

• Confirmation of the IESG: The NomCom annually provides a list of candidates for vacant IESG seats and for the IETF chair (if vacant). The IAB reviews the candidates, consenting to some, all or none.
• RFC series: The IAB approves the appointment of an organisation to act as RFC Editor and the general policy followed by the RFC Editor.
• IANA: The IAB approves the appointment of an organisation to act as IANA on behalf of the IETF.

With the introduction of BCP101, while the IAB continues to maintain oversight of the relationships with the RFC Editor and IANA, the IETF Administrative Support Activity (IASA) means that the IAB now has fewer responsibilities for practical management of the relationships. During IETF64, the IAB was involved in leading the TechSpec BoF (Requirements for IETF Technical Specification Publications), to discuss the specific requirements of the IETF’s technical publication process. This comes from the IAB’s work to oversee the RFC Editor process, and is aimed at providing further clarification of requirements there. Oversight over the Standards Process Even before BCP39, BCP 9 (RFC2026) defines the role of the IAB in oversight of the IETF standards process:

• The IAB provides oversight of the process to create Internet Standards
• The IAB serves as an appeals board for complaints of improper execution of the standards process

Lately, the IAB has been fortunate not to have had any appeals to deal with. The IAB is responsible for liaison relationships with other organisations The IAB carries out various tasks to ensure the IETF’s continued open communications with other organizations to carry out our work.

• The IAB acts as a source of advice and guidance to officers and the Board of Trustees of the Internet Society (ISOC) concerning techncial, architectural, procedural and (where appropriate) policy matters pertaining to the Internet and its enabling technologies.
• The IAB acts as representative of the interests of the IETF and ISOC in technical liaison relationships with other organisations concerned with standards and other technical and organisational issues relevant to the world-wide Internet.
• The IAB appoints the IETF liaison to the ICANN Board of Trustees.

While there were no new liaison relationships established between IETF63 and IETF64, the IAB has appointed some new external liaison representatives. The IAB has also established a subcommittee to work with ISOC on technical communications. Oversight of the architecture for the protocols and procedures used by the Internet BCP39 describes a number of specific activities in which the IAB engages. The IAB provides input to the IESG regarding BoFs and possible (subsequent) WG formation

• BoF meetings were attended by at least one IAB member (see more discussion on IAB’s involvement in BoF formation in the summary of the plenary sessions on page 2). IAB members work to provide additional feedback to the IESG in reviewing the BoF outcome and potential working group formation.

The IAB sponsors and organises the IRTF as well as reviewing proposed IRTF research groups

• The IRTF regularly reports at the plenary sessions. The IAB reviews the charters of WGs and RGs. At IETF64, the Routing RG had a meeting with the IAB to review the status of the Routing RG.

The IAB can convene invitational workshops to perform in-depth reviews of particular architectural issues

• The IAB is planning to hold a workshop – called “Network Architecture meets Network Reality” at IETF64, and subsequently renamed to “Unwanted Traffic” in the first quarter of 2006.

The IAB can organise ad-hoc groups of independent experts to discuss and provide input on various topics

• The IDN ad-hoc committee has concluded. The IPv6 ad-hoc committee will continue its work. In addition to that the IAB has established a committee to work with ISOC on technical communications and publications.

The IAB can write (informational) documents The IAB has recently published a number of documents:

• “Internet Denial of Service Considerations” – draft-iab-dos-03.txt
• “What’s in a Name: False Assumptions about DNS Names” – draft-iab-dns-assumptions-03
• “IAOC Member Selection Guidelines and Process” – draft-iab-iesg-iaoc-selection-03.txt

As reported in the last issue of the IETF Journal, the IAB is currently focusing on the following technical issues:

• IPv6: The IAB has organised an IPv6 Multihoming Bof at the recent NANOG35 meeting to get input from the operators community. This will bring other perspectives to the discussions at the IETF. The IAB expects to organise more such sessions in the future. For more details seehttp://www.iab.org/documents/open-mtgs/
• Internet Architecture: a new mailing list has been set up to discuss architectural issues: architecture-discuss@ietf.org (also see Pekka Nikkander’s article elsewhere in this issue of the IETF Journal).
• Bad Net Traffic: The IAB agreed to set up a workshop on "Unwanted Traffic". It is expected to be held in February 2006.

]]> 1194 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-irtf-2/ Wed, 07 Dec 2005 18:29:56 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1196 http://www.acm.org/sigs/sigcomm/ccr/archive/2005/october/p69-falk.pdf In the meantime two new Research Groups have been created: Transport Modelling (TMRG) This Research Group will develop drafts on how to evaluate congestion control mechanisms and simulation & testbed scenarios. It is further planning to produce documents on best current practices and admission control mechanisms. Sally Floyd will be chairing the group. Internet Congestion Control (ICCRG) The ICC Research Group is chaired by Srinivasan Keshav and Mark Handley and is extected to work on a roadmap on congestion control. In addition to that there are currently ten Research Groups active in the IRTF: ASRG: Anti-Spam RG (chair: John Levine) The group is currently writing a draft on using the DNS to distribute blacklists and whitelists. It is further planned to work on measurements on if/how e-mail message mutation breaks a signature-related to Domain Keys Identified Mail (dkim). CFRG: Crypto Forum Research Group (chairs: David McGrew, Ran Canetti) CFRG is currently working on an improved variant of the SHA-1 hash function and is evaluating randomised hash function and key derivation proposals. It is also reviewing the UMAC message authentication code. DTNRG: Delay Tolerant Networking Research Group (chair: Kevin Fall) This RG is in the process of finalising the DTN architecture and protocol specs. It has recently requested a provisional URI prefix ‘dtn’ from IANA. It is now transitioning from architecture and design to more testing and trials. A DTN workshop took place at SIGCOMM05 which was attended by about 60 people. end2end: End-to-End Research Group Bob Braden has retired as E2ERG chair after a 20 year tenure. Craig Partridge and Karen Sollins will act as interim chairs. Bob will continue to run the end2end mailing list and will stay on the IRSG as an ad-hoc member. HIP: Host Identify Payload Research Group (chairs: Andrei Gurtov, Tom Henderson) This group is very active, there are currently 6 revised drafts. It is likely that some topics from the hip RG will migrate into a re-chartered hip WG. MobOpts: Mobility Optimisation Research Group (chairs: Radjeev Koodli, William Arbaugh) This RG completed its work on “Advances in Mobile IPv6 Route-Optimized Communication”. The group is now busy building testbeds and investigating the following issues:

• Link-assisted Fast Handovers
• Location Privacy with Mobility
• Network-introduced Handovers

NMRG: Network Management Research Group (chair: Jürgen Schönwälder) There will be a RG meeting in January in Oslo or Stockholm. The agenda will cover “promise theory” and P2P approaches to network management. The group is also involved in network management traffic measurements. RRG: Routing Research Group (chair: Avri Doria) The RRG has a new co-chair: Dan Massey from the University of Colorado. A number of new RG topics are under consideration: from proposals for improving convergence times to new routing architectures. The group is planning to meet at INFOCOM in Barcelona to increase participation from the research community. There are two more IRTF research groups: the IMRG: Internet Measurements RG (chair: Mark Allman) and the P2PRG: Peer-to-Peer RG (Co-chairs: Bill Yeager and Bobby Bhattacharjee). We continue to discuss the possiblity of a research group on small-group multicast. The Routing RG had a meeting with the IAB to review the status of the research. Aaron has also been working with the IETF attorney to find out if the IETF IPR policy could be applied to the IRTF. Finally, the IRTF started to use the Friday afternoon slots for RG meetings. At this IETF the Host Identify Protocol Research Group (hiprg) met.]]> 1196 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-iaoc-and-iad/ Wed, 07 Dec 2005 18:31:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1198

signing off on the IETF Trust

completing the initial service agreement with NeuStar

developing full RFPs for all major service contracts

publishing regular contract performance and budget reports

That means, the management of operations and expenses is the top priority. More information, including supporting documents for the IETF Trust, the Statement of Work documents with NeuStar and a list of IAOC members can be found on http://koi.uoregon.edu/~iaoc/ The Structure of the IETF Administrative Support Activity (IASA) The IAOC’s mission is not to be enganged in the day-to-day administrative work of IASA, but rather to provide appropriate direction, oversight and approval. The IASA structure is designed to ensure accountability and transparency of the IETF administrative and fiscal activities to the IETF community. The IAD is responsible for negotiating and maintaining contracts or equivalent instruments with outside organisations as well as providing any coordination necessary to make sure the IETF administrative support functions are covered properly. All functions whether contracted to outside organisations or performed internally within the IASA, must be clearly specified and documented with well-defined deliverables, service level agreements and transparent accounting for the cost of such function. The IASA is responsible for managing all intellectual property rights (IPR), including but not limited to trademarks, and copyrights that belong to the IETF. The IASA is responsible for undertaking any required actions on behalf of the IETF to obtain, protect and manage the rights that the IETF needs in order to carry out its work. Members of the IAOC

• Lucy Lynch, appointed by the IESG (Initial Chair)
• Kurtis Lindquist, appointed by the IAB
• Steve Crocker, appointed by the ISOC Board of Trustees
• Brian Carpenter, IETF Chair (ex officio)
• Leslie Daigle, IAB Chair (ex officio)
• Lynn St.Amour, ISOC President/CEO (ex officio)
• Jonne Soininen, appointed by the NomCom (2 year term)
• Ed Juskevicius, appointed by the NomCom (1 year term)
• Ray Pelletier, IETF Administrative Director (non-voting)

]]> 1198 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf-tools-team/ Wed, 07 Dec 2005 18:32:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1200 http://tools.ietf.org/members for a full list of team members. The first tool the team has considered is an Internet Draft (ID) submission tool. With this in place, other tools will follow, as listed in the milestones on http://tools.ietf.org/charter-page It is not the team’s task to do the actual development – however, the team understands the tool development process, and has the ability to formulate and communicate the IETF’s needs with respect to the individual tools. It is also not prohibited for team members to actively develop tool implementations. An inventory of all IETF tools written by other developers is available on the tools site. All scripts written by the tools team are freely available and can be downloaded. The WG-status pages http://tools.ietf.org/wg/ is a one-stop shop for all active or concluded WGs. This tool is a great entry point to other useful tools. It lists the status of each WG along with a pointer to the mailing list archives. One can also find the history of each WG document and the diffs between each version of a document. It produces HTML versions of each document allowing for easy navigation through Internet Drafts. Auto-converted PDF versions are available for those who prefer this format for easy printing. It is also planned to set up a Wiki for each WG for them to use as they wish. Another useful tool is the agenda tool. As an example, the IETF 64 agenda is available at:http://tools.ietf.org/agenda/64/. It shows the meeting agenda with all WG and BoF meetings and pointers to the agendas and document status of each WG as available. It is updated every five minutes based on the submissions sent to the IETF mailing list. It also contains instructions on how to join a jabber room. This allows people to follow discussions during the meetings remotely. The tools team is currently working on a plug-in for iCalendar. There are a number of new tools in progress, one of the most interesting for the wider IETF community being the ‘Build-your-own-notifications’ tool. This tool receives notifications of new Internet Drafts, changes in document status, new BoFs and WGs. Anybody can create their own pages based on specific criteria (e.g. ‘notify me of all activities in a certain IETF area’). One can chose to be notified by e-mail or to create an html page. This will make it much easier for the community to follow developments in the IETF. Before this tool can be provided, all notifications have to be converted into XML. Once this is done, it will be easier for people to build their own tools. See http://www1.tools.ietf.org/wiki for more tools in progress.]]> 1200 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/reflections-on-architecture/ Wed, 07 Dec 2005 18:33:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1202 http://www.tml.tkk.fi/~pnr/FAT/, 2005. [5] Li, and Vitányi, An Introduction to Kolmogorov Complexity and Its Applications, Springer, 1997. [6] Fowler, Beck, Brant, Opdyke, and Roberts, Refactoring: Improving the Design of Existing code, Addison-Wesley Professional, 1999. [7] Deering, Watching the Waist of the Protocol Hourglass, in Proceedings of 51st IETF meeting,http://www.iab.org/documents/docs/hourglass-london-ietf.pdf, IETF, 2001. [8] Aura, Cryptographically Generated Addresses (CGA), RFC 3972, IETF, 2005. [9] Site Multihoming by IPv6 Intermediation, IETF Working Group,http://www.ietf.org/html.charters/shim6-charter.html [10] IKEv2 Mobility and Multihoming, IETF Working Group, http://www.ietf.org/html.charters/mobike-charter.html [11] Better-Than-Nothing Security, IETF Working Group, http://www.ietf.org/html.charters/btns-charter.html [12] Host Identity Protocol, IETF Working Group, http://www.ietf.org/html.charters/hip-charter.html [13] Host Identity Protocol, IRTF Research Group, http://www.irtf.org/charter?gtype=rg&group=hip [14] Nikander, Laganier, and Dupont, A Non-Routable IPv6 Prefix for Keyed Hash Identifiers (KHI), Internet Draft (work in progress), 2005. [15] Architecture Discuss mailing list, https://www1.ietf.org/mailman/listinfo/architecture-discuss]]> 1202 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf63-review-dns/ Wed, 07 Sep 2005 18:51:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1233 DNSSEC key rollover The main subject on the agenda during the DNS Extensions (DNSEXT) meeting was automated DNSSEC key rollover. There are different views on how important the existence of such a mechanism is for initial DNSSEC deployment. There are also competing drafts (and methods) to do key rollover for DNSSEC for the roots. The plan is to advance one of them. Meanwhile the main differences between the various methods will be documented and published in order to get the discussion started. While technical solutions have been specified, there exist IPR claims (a patent has been filed in Israel) which make further work on the two existing Internet-Drafts troublesome. There was also a non-IETF meeting of several TLDs on Tuesday where Bill Manning presented his Client Authenticated DNS Request (CADR) system which should enable TLD managers to securely (and, hopefully, quickly) change their TLD’s delegation information (name server names and addresses). The prototype combines DNSSEC technology and a secured website to convey authenticated information to IANA. Currently the system has technical restrictions and also implies policy changes, so it is unclear how things will proceed. NSEC record There is progress on the definition of the new NSEC record and there is even the possibility of code for real testing within a couple of months. The fact that with this proposal the Opt-In proposal pops up again is something that might be cause for quite some discussion. The desire was expressed not to repeat the whole discussion. The chairs urged to leave out political arguments which made the previous debate ugly. Server Identification extension With the deployment of anycast for nameservers, there is a need to have an identification of which server actually answered the question. This would help debugging of anycast systems. Progress was made on the way this should develop and a new ID by Rob Austein is expected. Domain Name System (DNS) IANA Considerations To help experimenting with new RR types in DNS, Donald Eastlake proposed some policy rules for IANA to register these RR types. RFC 2929 Early Allocation for RRs (RFC 4020) is felt to be too strict. Policy being policy, this of course caused a lot of discussion. A new and less controversial ID is expected to be published soon. TAHI Test tool set There was a small presentation of an effort to do conformance testing (www.tahi.org). There is some overlap with the French group doing DNS infrastructure testing (www.idsa.prd.fr/index.php?lang=en) and both groups promise to work together. Best Current Practice for TLD Zones During the DNSOPS WG meeting Kurtis Lindqvist presented a draft which was trying to address best practices for TLD zones. It triggered a lot of discussion since it compares running TLDs to the proverbial blind man describing an elephant. Just what is involved? Is it running the name servers? Is it the registry, the Whois server, etc? Is it all of these or just some of them? Also, this might be taken as a requirements document to dictate on technical grounds political decisions in places such as, and not limited to, ICANN, ITU, WSIS, UN, OECD, Governments etc. This was of course not the purpose, but one never knows what will happen. The document will be split in, at least, two parts. One part on “how to run nameservers”, which is in itself not a trivial problem statement. For the “how to run a TLD registry” documents there will be some discussions with various groups (including ISOC) in order to define the scope of such a document. This is needed in order to avoid treading into level 9 space. Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects a personal perspective on some current highlights.]]> 1233 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf63-review-new-birds-of-a-feather-bof-meetings/ Wed, 07 Sep 2005 18:52:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1235 Applications Area:

• rui – Remote User Interface BoF

Internet Area:

• Open Internet Area BoF
• autoconf – Ad hoc Network Autoconfiguration BoF (second meeting)
• lrw – Lightweight Reachable Softwires BoF (second meeting; was previously ‘tunnel configuring BoF’)
• netlmm – Network based localised mobility BoF
• monami6 – Mobile Nodes and Multiple Interfaces in IPv6 BoF

Ops/Mgmt Area:

• imad – IPv4 Multicast Address Architecture BoF

Transport Area:

• voipeer – VoIP Peering and Interconnect BoF

Security Area:

• mass – Message Authentication Signature Service BoF
• hash – One-way Hash Function BoF
• secmech – Security Mechanisms BoF
• alien – Anonymous Identifiers BoF

]]> 1235 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recently-published-rfcs/ Wed, 07 Sep 2005 18:53:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1237 http://www.ietf.org/iesg/1rfc_index.txt To search for an RFC: http://www.ietf.org/rfc.html

4130	MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2). D. Moberg, R. Drummond. July 2005. (Format: TXT=99857 bytes) (Status: PROPOSED STANDARD)
4131	Management Information Base for Data Over Cable Service Interface Specification (DOCSIS) Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus. S. Green, K. Ozawa, E. Cardona, Ed., A. Katsnelson. September 2005. (Format: TXT=183091 bytes) (Status: PROPOSED STANDARD)
4132	Addition of Camellia Cipher Suites to Transport Layer Security (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 bytes) (Status: PROPOSED STANDARD)
4133	Entity MIB (Version 3). A. Bierman, K. McCloghrie. August 2005. (Format: TXT=136711 bytes) (Obsoletes RFC2737) (Status: PROPOSED STANDARD)
4134	Examples of S/MIME Messages. P. Hoffman, Ed.. July 2005. (Format: TXT=325865 bytes) (Status: INFORMATIONAL)
4135	Goals of Detecting Network Attachment in IPv6. JH. Choi, G. Daley. August 2005. (Format: TXT=20518 bytes) (Status: INFORMATIONAL)
4136	OSPF Refresh and Flooding Reduction in Stable Topologies. P. Pillay-Esnault. July 2005. (Format: TXT=8534 bytes) (Status: INFORMATIONAL)
4137	State Machines for Extensible Authentication Protocol (EAP) Peer and Authenticator. J. Vollbrecht, P. Eronen, N. Petroni, Y. Ohba. August 2005. (Format: TXT=105781, PDF=107470 bytes) (Status: INFORMATIONAL)
4138	Forward RTO-Recovery (F-RTO): An Algorithm for Detecting Spurious Retransmission Timeouts with TCP and the Stream Control Transmission Protocol (SCTP). P. Sarolahti, M. Kojo. August 2005. (Format: TXT=55538 bytes) (Status: EXPERIMENTAL)
4139	Requirements for Generalized MPLS (GMPLS) Signaling Usage and Extensions for Automatically Switched Optical Network (ASON). D. Papadimitriou, J. Drake, J. Ash, A. Farrel, L. Ong. July 2005. (Format: TXT=36660 bytes) (Status: INFORMATIONAL)
4140	Hierarchical Mobile IPv6 Mobility Management (HMIPv6). H. Soliman, C. Castelluccia, K. El Malki, L. Bellier. August 2005. (Format: TXT=71503 bytes) (Status: EXPERIMENTAL)
4144	How to Gain Prominence and Influence in Standards Organizations. D. Eastlake 3rd. September 2005. (Format: TXT=19529 bytes) (Status: INFORMATIONAL)
4145	TCP-Based Media Transport in the Session Description Protocol (SDP). D. Yon, G. Camarillo. September 2005. (Format: TXT=30225 bytes)(Status: PROPOSED STANDARD)
4146	Simple New Mail Notification. R. Gellens. August 2005. (Format: TXT=8561 bytes) (Status: INFORMATIONAL)
4147	Proposed Changes to the Format of the IANA IPv6 Registry. G. Huston. August 2005. (Format: TXT=21196 bytes) (Status: INFORMATIONAL)
4148	IP Performance Metrics (IPPM) Metrics Registry. E. Stephan. August 2005. (Format: TXT=23074 bytes) (Also BCP0108) (Status: BEST CURRENT PRACTICE)
4149	Definition of Managed Objects for Synthetic Sources for Performance Monitoring Algorithms. C. Kalbfleisch, R. Cole, D. Romascanu. August 2005. (Format: TXT=78560 bytes) (Status: PROPOSED STANDARD)
4150	Transport Performance Metrics MIB. R. Dietz, R. Cole. August 2005. (Format: TXT=123144 bytes) (Status: PROPOSED STANDARD)
4152	A Uniform Resource Name (URN) Namespace for the Common Language Equipment Identifier (CLEI) Code. K. Tesink, R. Fox. August 2005. (Format: TXT=12228 bytes) (Status: INFORMATIONAL)
4153	XML Voucher: Generic Voucher Language. K. Fujimura, M. Terada, D. Eastlake 3rd. September 2005. (Format: TXT=41941 bytes) (Status: INFORMATIONAL)
4154	Voucher Trading System Application Programming Interface (VTS-API). M. Terada, K. Fujimura. September 2005. (Format: TXT=61629 bytes) (Status: INFORMATIONAL)
4155	The application/mbox Media Type. E. Hall. September 2005. (Format: TXT=19645 bytes) (Status: INFORMATIONAL)
4156	The wais URI Scheme. P. Hoffman. August 2005. (Format: TXT=6564 bytes) (Status: HISTORIC)
4157	The prospero URI Scheme. P. Hoffman. August 2005. (Format: TXT=7096 bytes) (Status: HISTORIC)
4158	Internet X.509 Public Key Infrastructure: Certification Path Building. M. Cooper, Y. Dzambasow, P. Hesse, S. Joseph, R. Nicholas. September 2005. (Format: TXT=199297 bytes) (Status: INFORMATIONAL)
4159	Deprecation of “ip6.int”. G. Huston. August 2005. (Format: TXT=5353 bytes) (Also BCP0109) (Status: BEST CURRENT PRACTICE)
4160	Internet Fax Gateway Requirements. K. Mimura, K. Yokoyama, T. Satoh, C. Kanaide, C. Allocchio. August 2005. (Format: TXT=24930 bytes) (Status: INFORMATIONAL)
4161	Guidelines for Optional Services for Internet Fax Gateways. K. Mimura, K. Yokoyama, T. Satoh, K. Watanabe, C. Kanaide. August 2005. (Format: TXT=23189 bytes) (Status: INFORMATIONAL)
4162	Addition of SEED Cipher Suites to Transport Layer Security (TLS). H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) (Status: PROPOSED STANDARD)
4163	RObust Header Compression (ROHC): Requirements on TCP/IP Header Compression. L-E. Jonsson. August 2005. (Format: TXT=20587 bytes) (Status: INFORMATIONAL)
4164	RObust Header Compression (ROHC): Context Replication for ROHC Profiles. G. Pelletier. August 2005. (Format: TXT=47088 bytes) (Status: PROPOSED STANDARD)
4165	Signaling System 7 (SS7) Message Transfer Part 2 (MTP2) – User Peer-to-Peer Adaptation Layer (M2PA). T. George, B. Bidulock, R. Dantu, H. Schwarzbauer, K. Morneault. September 2005. (Format: TXT=114669 bytes) (Status: PROPOSED STANDARD)
4171	Internet Storage Name Service (iSNS). J. Tseng, K. Gibbons, F. Travostino, C. Du Laney, J. Souza. September 2005. (Format: TXT=310636 bytes) (Status: PROPOSED STANDARD)
4172	iFCP – A Protocol for Internet Fibre Channel Storage Networking. C. Monia, R. Mullendore, F. Travostino, W. Jeong, M. Edwards. September 2005. (Format: TXT=241908 bytes) (Status: PROPOSED STANDARD)
4173	Bootstrapping Clients using the Internet Small Computer System Interface (iSCSI) Protocol. P. Sarkar, D. Missimer, C. Sapuntzakis. September 2005. (Format: TXT=27105 bytes) (Status: PROPOSED STANDARD)
4174	The IPv4 Dynamic Host Configuration Protocol (DHCP) Option for the Internet Storage Name Service. C. Monia, J. Tseng, K. Gibbons. September 2005. (Format: TXT=29485 bytes) (Status: PROPOSED STANDARD)
4175	RTP Payload Format for Uncompressed Video. L. Gharai, C. Perkins. September 2005. (Format: TXT=39431 bytes) (Status: PROPOSED STANDARD)
4181	Guidelines for Authors and Reviewers of MIB Documents. C. Heard, Ed.. September 2005. (Format: TXT=102521 bytes) (Also BCP0111) (Status: BEST CURRENT PRACTICE)
4182	Removing a Restriction on the use of MPLS Explicit NULL. E. Rosen. September 2005. (Format: TXT=14087 bytes) (Updates RFC3032) (Status: PROPOSED STANDARD)
4183	A Suggested Scheme for DNS Resolution of Networks and Gateways. E. Warnicke. September 2005. (Format: TXT=18357 bytes) (Status: INFORMATIONAL)
4192	Procedures for Renumbering an IPv6 Network without a Flag Day. F. Baker, E. Lear, R. Droms. September 2005. (Format: TXT=52110 bytes) (Updates RFC2072) (Status: INFORMATIONAL)

 ]]> 1237 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-last-calls/ Tue, 27 Dec 2005 16:44:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1497 http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-framing-contrans-... Date: 2005-08-01 – Last Call (Deadline: 2005-08-29) / Proposed Standard Title: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE) URL: http://www.ietf.org/internet-drafts/draft-hoffman-rfc3664bis-03.txt Date: 2005-08-01 – Last Call (Deadline: 2005-08-15) / Historic Title: RTP Payload for Text Conversation interleaved in an audio stream URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-audio-t140c-00.txt Date: 2005-08-02 – Approved by the IESG as a BCP Title: Media Type Specifications and Registration Procedures URL: http://www.ietf.org/internet-drafts/draft-freed-media-type-reg-05.txt Date: 2005-08-02 – Approved by the IESG as an Informational RFC Title: TCP/IP Field Behavior URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-tcp-field-behavior-0... Date: 2005-08-02 – Approved by the IESG as a Proposed Standard Title: A Session Initiation Protocol (SIP) Event Package for Conference State URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-conference-packag... Date: 2005-08-02 – Approved by the IESG as an Informational RFC Title: A Framework for Conferencing with the Session Initiation Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-conferencing-fram... Date: 2005-08-02 – Approved by the IESG as a Proposed Standard Title: The TLS Protocol Version 1.1 URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-13.txt Date: 2005-08-03 – Approved by the IESG as a Proposed Standard Title: Profile for DCCP Congestion Control ID 2:TCP-like Congestion Control URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-ccid2-10.txt Date: 2005-08-03 – Approved by the IESG as a Proposed Standard Title: Datagram Congestion Control Protocol (DCCP) URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-spec-11.txt Date: 2005-08-04 – Approved by the IESG as a Proposed Standard Title: A Method for Generating Link Scoped IPv6 Multicast Addresses URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-link-scoped-mcast-09... Date: 2005-08-04 – Approved by the IESG as a Proposed Standard Title: MIME Type Registration for MPEG-4 URL: http://www.ietf.org/internet-drafts/draft-lim-mpeg4-mime-03.txt Date: 2005-08-05 – Approved by the IESG as a Proposed Standard Title: MIME Type Registrations for 3GPP2 Multimedia files URL: http://www.ietf.org/internet-drafts/draft-garudadri-avt-3gpp2-mime-02.txt Date: 2005-08-05 – Approved by the IESG as a Proposed Standard Title: A Mechanism for Content Indirection in Session Initiation Protocol (SIP) Messages URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-content-indirect-mech... Date: 2005-08-05 – Last Call (Deadline: 2005-08-19) / Proposed Standard Title: Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-bridge-rstpmib-08.txt Date: 2005-08-08 – Last Call (Deadline: 2005-08-22) / Proposed Title: SSH Transport Layer Encryption Modes URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-04.txt Date: 2005-08-09 – Last Call (Deadline: 2005-08-23) / Proposed Standard Title: GSSAPI Authentication and Key Exchange for the Secure Shell Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-gsskeyex-09.txt Date: 2005-08-09 – Approved by the IESG as a Proposed Standard Title: Domain Name System Uniform Resource Identifiers URL: http://www.ietf.org/internet-drafts/draft-josefsson-dns-url-13.txt Date: 2005-08-10 – Last Call (Deadline: 2005-08-24) / Proposed Standard Title: Storing Certificates in the Domain Name System (DNS) URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-rfc2538bis-03.txt Date: 2005-08-10 – Last Call (Deadline: 2005-09-07) / Proposed Standard Title: Internet Code Point Assignments URL: http://www.ietf.org/internet-drafts/draft-gray-rfc1888bis-01.txt Date: 2005-08-10 – Last Call (Deadline: 2005-08-24) / Proposed Standard Title: Linklocal Multicast Name Resolution (LLMNR) URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-mdns-42.txt Date: 2005-08-10 – Last Call (Deadline: 2005-08-24) / Proposed Standard Title: Secure Shell (SSH) Session Channel Break Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-break-04.txt Date: 2005-08-11 – Approved by the IESG as a Draft Standard Title: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification URL: http://www.ietf.org/internet-drafts/draft-ietf-ipngwg-icmp-v3-07.txt Date: 2005-08-15 – Last Call (Deadline: 2005-08-29) / Proposed Standard Title: Multiprotocol Label Switching (MPLS) Label-Controlled ATM and Frame-Relay Management Interface Definition URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lc-if-mib-06.txt Date: 2005-08-16 – Approved by the IESG as a Proposed Standard Title: Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-epp-secdns-08.txt Date: 2005-08-17 – Approved by the IESG as a Proposed Standard Title: The Atom Syndication Format URL: http://www.ietf.org/internet-drafts/draft-ietf-atompub-format-11.txt Date: 2005-08-18 – Last Call (Deadline: 2005-09-01) / Proposed Standard Title: Sieve Extension: Variables URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-variables-06.txt Date: 2005-08-18 – Last Call (Deadline: 2005-09-01) / Proposed Standard Title: Session Description Protocol (SDP) Format for Binary Floor Control Protocol (BFCP) Streams URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-bfcp-02.txt Date: 2005-08-19 – Last Call (Deadline: 2005-09-02) / Proposed Standard Title: The Binary Floor Control Protocol (BFCP) URL: http://www.ietf.org/internet-drafts/draft-ietf-xcon-bfcp-05.txt Date: 2005-08-22 – Last Call (Deadline: 2005-09-05) / Draft Standard Title: BGP Route Reflection – An Alternative to Full Mesh IBGP URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc2796bis-01.txt Date: 2005-08-22 – Last Call (Deadline: 2005-09-05) / Proposed Standard Title: Protocol Independent Multicast – Sparse Mode PIM-SM): Protocol Specification (Revised) URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-sm-v2-new-11.txt Date: 2005-08-22 – Last Call (Deadline: 2005-09-05) / Proposed Standard Title: Encapsulation Methods for Transport of ATM Over MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-atm-encap-09.txt Date: 2005-08-23 – Approved by the IESG as an Informational RFC Title: IPv6 Host Configuration of DNS Server Information Approaches URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-ipv6-dns-configurat... Date: 2005-08-23 – Last Call (Deadline: 2005-09-06) / BCP Title: Tags for Identifying Languages URL: http://www.ietf.org/internet-drafts/draft-ietf-ltru-initial-04.txt Date: 2005-08-23 – Last Call (Deadline: 2005-09-20) / Proposed Standard Title: Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option URL: http://www.ietf.org/internet-drafts/draft-legg-ldap-binary-03.txt Date: 2005-08-23 – Approved by the IESG as a Proposed Standard Title: Internet X.509 Public Key Infrastructure Operational Protocols: Certificate Store Access via HTTP URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-certstore-http-09.txt Date: 2005-08-24 – Approved by the IESG as a Proposed Standard Title: Graceful Restart Mechanism for BGP with MPLS URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-bgp-mpls-restart-05.txt Date: 2005-08-24 – Approved by the IESG as a Proposed Standard Title: Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 URL: http://www.ietf.org/internet-drafts/draft-nystrom-smime-hmac-sha-02.txt Date: 2005-08-24 – Approved by the IESG as a BCP Title: Deprecation of “ip6.int” URL: http://www.ietf.org/internet-drafts/draft-huston-ip6-int-03.txt Date: 2005-08-24 – Revised Last Call (Deadline: ailing lis) / Title: SSH Transport Layer Encryption Modes URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-04.txt Date: 2005-08-25 – Last Call (Deadline: 2005-09-22) / BCP Title: BCP101 Update for IPR Trust URL: http://www.ietf.org/internet-drafts/draft-carpenter-bcp101-update-01.txt Date: 2005-08-29 – Approved by the IESG as a Proposed Standard Title: Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-dh-group-exchange-0... Date: 2005-08-30 – Approved by the IESG as a Proposed Standard Title: Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-bridge-rstpmib-09.txt Date: 2005-09-02 – Approved by the IESG as a Proposed Standard Title: Unidirectional Lightweight Encapsulation (ULE) for transmission of IP datagrams over an MPEG-2 Transport Stream URL: http://www.ietf.org/internet-drafts/draft-ietf-ipdvb-ule-06.txt Date: 2005-09-03 – Last Call (Deadline: 2005-10-01) / Informational RFC Title: LDAP Bulk Update/Replication Protocol URL: http://www.ietf.org/internet-drafts/draft-rharrison-lburp-04.txt Date: 2005-09-03 – Approved by the IESG as a Proposed Standard Title: The Network Access Identifier URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-rfc2486bis-06.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: RTP Payload Format for 3GPP Timed Text URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-3gpp-timed-text-1... Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: Quota and Size Properties for DAV Collections URL: http://www.ietf.org/internet-drafts/draft-ietf-webdav-quota-07.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: Internet X.509 Public Key Infrastructure Authority Information Access CRL Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-crlaia-03.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: Secure Shell (SSH) Session Channel Break Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-break-04.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: GSSAPI Authentication and Key Exchange for the Secure Shell Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-gsskeyex-10.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: Certificate Extensions and Attributes Supporting Authentication in Point-to-Point Protocol (PPP) and Wireless Local Area Networks (WLAN) URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3770bis-03.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol URL: http://www.ietf.org/internet-drafts/draft-harris-ssh-arcfour-fixes-03.txt Date: 2005-09-06 – Approved by the IESG as a Proposed Standard Title: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE) URL: http://www.ietf.org/internet-drafts/draft-hoffman-rfc3664bis-04.txt Date: 2005-09-07 – Last Call (Deadline: 2005-09-21) / Proposed Standard Title: IRIS – An Address Registry (areg) Type for the Internet Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-12.txt Date: 2005-09-07 – Last Call (Deadline: 2005-09-21) / BCP Title: IANA Considerations for LDAP URL: http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-bcp64-05.txt Date: 2005-09-07 – Last Call (Deadline: 2005-09-21) / BCP Title: Avoiding Equal Cost Multipath Treatment in MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-ecmp-bcp-01.txt Date: 2005-09-07 – Last Call (Deadline: 2005-09-21) / Proposed Standard Title: M-ISIS: Multi Topology (MT) Routing in IS-IS URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-wg-multi-topology-10... Date: 2005-09-07 – Approved by the IESG as an Informational RFC Title: Additional cryptographic algorithms for use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algorithms. URL: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-04.txt Date: 2005-09-08 – Last Call (Deadline: 2005-09-22) / Proposed Standard Title: Definitions of Managed Objects For iFCP URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-ifcp-mib-06.txt Date: 2005-09-09 – Last Call (Deadline: 2005-09-23) / Proposed Standard Title: DHCP over InfiniBand URL: http://www.ietf.org/internet-drafts/draft-ietf-ipoib-dhcp-over-infiniban... Date: 2005-09-09 – Last Call (Deadline: 2005-09-23) / Proposed Standard Title: Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-bridge-ext-v2-07.txt Date: 2005-09-09 – Approved by the IESG as an Informational RFC Title: Host Identity Protocol Architecture URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-arch-03.txt Date: 2005-09-09 – Approved by the IESG as a Proposed Standard Title: Mobile Node Identifier Option for MIPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-mn-ident-option-03.txt Date: 2005-09-09 – Approved by the IESG as an Informational RFC Title: Identity selection hints for Extensible Authentication Protocol (EAP) URL: http://www.ietf.org/internet-drafts/draft-adrangi-eap-network-discovery-... Date: 2005-09-12 – Last Call (Deadline: 2005-09-26) / Proposed Standard Title: RObust Header Compression (ROHC): A Link-Layer Assisted Profile for IP/UDP/RTP URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc3242bis-01.txt Date: 2005-09-12 – Last Call (Deadline: 2005-09-26) / Proposed Standard Title: Mobile IPv4 Challenge/Response Extensions (revised) URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-rfc3012bis-04.txt Date: 2005-09-12 – Approved by the IESG as a Proposed Standard Title: Domain Name System (DNS) Case Insensitivity Clarification URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-insensitive-06.txt Date: 2005-09-12 – Approved by the IESG as a Proposed Standard Title: Lightweight Directory Access Protocol (LDAP) schema definitions for X.509 Certificates URL: http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-x509-02.txt Date: 2005-09-12 – Last Call (Deadline: 2005-10-10) / Informational RFC Title: XHTML+Voice – application/xv+xml URL: http://www.ietf.org/internet-drafts/draft-mccobb-xv-media-type-00.txt Date: 2005-09-12 – Approved by the IESG as a Proposed Standard Title: The LDAP entryUUID operational attribute URL: http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-uuid-06.txt Date: 2005-09-14 – Approved by the IESG as a Proposed Standard Title: Session Description Protocol Security Descriptions for Media Streams URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt Date: 2005-09-15 – Last Call (Deadline: 2005-09-29) / Proposed Standard Title: Chargeable User Identity URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-chargeable-user-id... Date: 2005-09-16 – Approved by the IESG as a Proposed Standard Title: Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP) URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-kmgmt-ext-15.txt Date: 2005-09-19 – Approved by the IESG as a BCP Title: IAOC Member Selection Guidelines and Process URL: http://www.ietf.org/internet-drafts/draft-iab-iesg-iaoc-selection-03.txt Date: 2005-09-19 – Approved by the IESG as a Proposed Standard Title: SSH Transport Layer Encryption Modes URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-05.txt Date: 2005-09-19 – Approved by the IESG as a Proposed Standard Title: Pseudowire Setup and Maintenance using the Label Distribution Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-control-protocol-17.txt Date: 2005-09-19 – Approved by the IESG as an Informational RFC Title: Problem Statement for DCCP URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-problem-03.txt Date: 2005-09-20 – Protocol Action / Historic Title: RTP Payload for Text Conversation interleaved in an audio stream URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-audio-t140c-00.txt-00... Date: 2005-09-20 – Approved by the IESG as an Informational RFC Title: A Uniform Resource Name (URN) Formal Namespace for the New Zealand Government URL: http://www.ietf.org/internet-drafts/draft-hendrikx-wallis-urn-nzl-00.txt Date: 2005-09-20 – Last Call (Deadline: 2005-10-18) / BCP Title: Guidelines for Mandating the Use of IPsec URL: http://www.ietf.org/internet-drafts/draft-bellovin-useipsec-04.txt Date: 2005-09-20 – Last Call (Deadline: 2005-10-18) / Proposed Title: RIPv2 Cryptographic Authentication URL: http://www.ietf.org/internet-drafts/draft-rja-ripv2-auth-01.txt Date: 2005-09-21 – Approved by the IESG as a Proposed Standard Title: Frame-Relay over L2TPv3 URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-pwe3-fr-07.txt Date: 2005-09-22 – Approved by the IESG as a Proposed Standard Title: Framing RTP and RTCP Packets over Connection-Oriented Transport URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-framing-contrans-... Date: 2005-09-22 – Last Call (Deadline: 2005-10-06) / Proposed Standard Title: Foreign Agent Error Extension for Mobile IPv4 URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-faerr-02.txt Date: 2005-09-23 – Last Call (Deadline: 2005-10-07) / Draft Standard Title: Multiprotocol Extensions for BGP-4 URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc2858bis-07.txt Date: 2005-09-23 – Last Call (Deadline: 2005-10-07) / Proposed Standard Title: RADIUS Extension for Digest Authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-digest-auth-05.txt Date: 2005-09-27 – Approved by the IESG as a Proposed Standard Title: NNTP Extension for Authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-nntpext-authinfo-10.txt Date: 2005-09-27 – Approved by the IESG as a Proposed Standard Title: HDLC Frames over L2TPv3 URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-pwe3-hdlc-07.txt Date: 2005-09-28 – Last Call (Deadline: 2005-10-12) / BCP Title: A Framework for Application Interaction in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-app-interaction-f... Date: 2005-09-28 – Approved by the IESG as an Informational RFC Title: A Session Initiation Protocol (SIP) Event Package and Data Format for Various Settings in Support for the Push-to-talk Over Cellular (PoC) Service URL: http://www.ietf.org/internet-drafts/draft-garcia-sipping-poc-isb-am-04.txt Date: 2005-09-28 – Approved by the IESG as a Proposed Standard Title: RTP Payload Format for Extended AMR Wideband (AMR-WB+) Audio Codec URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-amrwbplus-07.txt Date: 2005-09-28 – Approved by the IESG as a Proposed Standard Title: Real-Time Transport Protocol (RTP) Payload Format for the Variable-Rate Multimode Wideband (VMR-WB) Audio Codec URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-vmr-wb-11.txt Date: 2005-09-30 – Last Call (Deadline: 2005-10-14) / BCP Title: IANA Allocations for pseudo Wire Edge to Edge Emulation (PWE3) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-iana-allocation-12.txt Date: 2005-10-03 – Approved by the IESG as a Proposed Standard Title: DHCP Options for Broadcast and Multicast Control Servers URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-bcmc-options-05.txt Date: 2005-10-03 – Approved by the IESG as a Proposed Standard Title: DHCP over InfiniBand URL: http://www.ietf.org/internet-drafts/draft-ietf-ipoib-dhcp-over-infiniban... Date: 2005-10-03 – Approved by the IESG as a Proposed Standard Title: Node-Specific Client Identifiers for DHCPv4 URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-3315id-for-v4-05.txt Date: 2005-10-03 – Approved by the IESG as an Informational RFC Title: Use of IKEv2 in The Fibre Channel Security Association Management Protocol URL: http://www.ietf.org/internet-drafts/draft-maino-fcsp-02.txt Date: 2005-10-03 – Approved by the IESG as an Informational RFC Title: A Uniform Resource Name (URN) Namespace for the Open Mobile Alliance (OMA) URL: http://www.ietf.org/internet-drafts/draft-smith-oma-urn-00.txt Date: 2005-10-03 – Approved by the IESG as a Proposed Standard Title: Communications Resource Priority for the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-resource-priority-10.txt Date: 2005-10-03 – Approved by the IESG as a Proposed Standard Title: Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-bridge-ext-v2-07.txt Date: 2005-10-03 – Approved by the IESG as a Proposed Standard Title: RObust Header Compression (ROHC): A Link-Layer Assisted Profile for IP/UDP/RTP URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc3242bis-01.txt Date: 2005-10-04 – Approved by the IESG as a Proposed Standard Title: Session Description Protocol (SDP) Source Filters URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-srcfilter-10.txt Date: 2005-10-04 – Last Call (Deadline: 2005-10-18) / Proposed Title: DHCPv6 Relay Agent Remote ID Option URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-dhcpv6-remoteid-00.txt Date: 2005-10-05 – Last Call (Deadline: 2005-10-19) / Proposed Standard Title: DHCPv6 Relay Agent Subscriber-ID Option URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-dhcpv6-subid-00.txt Date: 2005-10-06 – Approved by the IESG as a BCP Title: BCP101 Update for IPR Trust URL: http://www.ietf.org/internet-drafts/draft-carpenter-bcp101-update-03.txt Date: 2005-10-06 – Approved by the IESG as a Proposed Standard Title: Transport Layer Security (TLS) Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc3546bis-02.txt Date: 2005-10-11 – Last Call (Deadline: 2005-11-08) / Proposed Title: Collected extensions to IMAP4 ABNF URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-ext-abnf-05.txt Date: 2005-10-12 – Approved by the IESG as a Proposed Standard Title: RTP Retransmission Payload Format URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-retransmission-12... Date: 2005-10-12 – Approved by the IESG as an Informational RFC Title: Guidelines for Usage of the Session Initiation Protocol (SIP) Caller Preferences Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-callerprefs-useca... Date: 2005-10-13 – Last Call (Deadline: 2005-10-27) / Proposed Standard Title: An ENUM Registry Type for the Internet Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-iris-ereg-02.txt Date: 2005-10-14 – Last Call (Deadline: 2005-11-11) / Historic Title: Real-Time Facsimile (T.38) – audio/t38 MIME Sub-type Registration URL: http://www.ietf.org/internet-drafts/draft-jones-avt-audio-t38-05.txt Date: 2005-10-14 – Last Call (Deadline: 2005-10-28) / Proposed Standard Title: Attribute Certificate Policies extension URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-acpolicies-extn-06.txt Date: 2005-10-17 – Approved by the IESG as a Proposed Standard Title: A Framework for Application Interaction in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-app-interaction-f... Date: 2005-10-18 – Approved by the IESG as a Proposed Standard Title: Source-Specific Multicast for IP URL: http://www.ietf.org/internet-drafts/draft-ietf-ssm-arch-07.txt Date: 2005-10-18 – Approved by the IESG as an Informational RFC Title: Conferencing Scenarios URL: http://www.ietf.org/internet-drafts/draft-ietf-xcon-conference-scenarios... Date: 2005-10-18 – Approved by the IESG as an Informational RFC Title: Internet Assigned Number Authority (IANA) Registration of the Message Media Feature Tag URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-message-tag-00.txt Date: 2005-10-18 – Approved by the IESG as an Informational RFC Title: Authentication Protocol for Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-auth-protocol-07.txt Date: 2005-10-18 – Approved by the IESG as a Proposed Standard Title: Definitions of Managed Objects for iFCP URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-ifcp-mib-07.txt Date: 2005-10-19 – Approved by the IESG as a Proposed Standard Title: A Session Initiation Protocol (SIP) Event Notification Extension for Resource Lists URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-event-list-07.txt Date: 2005-10-20 – Last Call (Deadline: 2005-11-13) / Proposed Standard Title: Transmission of IPv6, IPv4 and ARP Packets over Fibre Channel URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-ip-over-fibre-channe... Date: 2005-10-20 – Last Call (Deadline: 2005-11-13) / Draft Standard Title: Remote Network Monitoring Management Information Base Version 2 URL: http://www.ietf.org/internet-drafts/draft-ietf-rmonmib-rmon2-v2-05.txt Date: 2005-10-21 – Last Call (Deadline: 2005-11-04) / Proposed Standard Title: IANA Registration for Enumservice Voice URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-voice-01.txt Date: 2005-10-21 – Last Call (Deadline: 2005-11-04) / Informational RFC Title: Getting rid of the cruft: an experiment to identify obsolete standards document URL: http://www.ietf.org/internet-drafts/draft-ietf-newtrk-decruft-experiment... Date: 2005-10-21 – Last Call (Deadline: 2005-11-04) / Proposed Standard Title: Sieve Email Filtering: Vacation Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-vacation-04.txt Date: 2005-10-26 – Last Call (Deadline: 2005-11-23) / Proposed Standard Title: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE) URL: http://www.ietf.org/internet-drafts/draft-hoffman-rfc3664bis-05.txt Date: 2005-10-27 – Last Call (Deadline: 2005-11-25) / BCP Title: Node ID based RSVP Hello: A Clarification Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-node-id-based-... Date: 2005-10-31 – Last Call (Deadline: 2005-11-25) / Informational RFC Title: Reoptimization of Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) loosely routed Label Switch Path (LSP) URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-loose-path-reopt-01... Date: 2005-10-31 – Last Call (Deadline: 2005-11-14) / Proposed Standard Title: Management Information Base for IS-IS URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-wg-mib-24.txt Date: 2005-10-31 – Approved by the IESG as a Proposed Standard Title: The Use of TESLA in SRTP URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-srtp-tesla-05.txt Date: 2005-10-31 – Approved by the IESG as a Proposed Standard Title: Multiprotocol Label Switching (MPLS) Label-Controlled ATM and Frame-Relay Management Interface Definition URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lc-if-mib-08.txt Date: 2005-10-31 – Approved by the IESG as an Informational RFC Title: LDAP Bulk Update/Replication Protocol URL: http://www.ietf.org/internet-drafts/draft-rharrison-lburp-05.txt Date: 2005-10-31 – Approved by the IESG as a Proposed Standard Title: LDAP Proxied Authorization Control URL: http://www.ietf.org/internet-drafts/draft-weltman-ldapv3-proxy-13.txt Date: 2005-10-31 – Approved by the IESG as a Proposed Standard Title: Chargeable User Identity URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-chargeable-user-id... Date: 2005-10-31 – Approved by the IESG as an Informational RFC Title: Emergency Telecommunications Services (ETS) Requirements for a Single Administrative Domain URL: http://www.ietf.org/internet-drafts/draft-ietf-ieprep-domain-req-05.txt Date: 2005-10-31 – Approved by the IESG as an Informational RFC Title: XHTML+Voice – application/xv+xml URL: http://www.ietf.org/internet-drafts/draft-mccobb-xv-media-type-00.txt Date: 2005-10-31 – Approved by the IESG as an Informational RFC Title: Requirements for Floor Control Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-xcon-floor-control-req-03... Date: 2005-11-01 – Last Call (Deadline: 2005-11-25) / Proposed Standard Title: CIPID: Contact Information in Presence Information Data Format URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-cipid-06.txt Date: 2005-11-01 – Last Call (Deadline: 2005-11-25) / Proposed Standard Title: Timed Presence Extensions to the Presence Information Data Format (PIDF) to Indicate Status Information for Past and Future Time Intervals URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-future-04.txt Date: 2005-11-01 – Last Call (Deadline: 2005-11-25) / Proposed Standard Title: RPID: Rich Presence Extensions to the Presence Information Data Format (PIDF) URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-rpid-09.txt Date: 2005-11-01 – Last Call (Deadline: 2005-11-25) / Proposed Standard Title: A Data Model for Presence URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-presence-data-mode... Date: 2005-11-03 – Last Call (Deadline: 2005-11-17) / Proposed Standard Title: Anycast-RP using PIM URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-anycast-rp-04.txt Date: 2005-11-03 – Approved by the IESG as a Proposed Standard Title: Encoding of Attributes for Multiprotocol Label Switching (MPLS) Label Switched Path (LSP) Establishment Using RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-rsvpte-attributes-05... Date: 2005-11-03 – Approved by the IESG as an Informational RFC Title: A Transport Network View of the Link Management Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-transport-lmp-02.txt Date: 2005-11-03 – Approved by the IESG as an Informational RFC Title: The “info” URI Scheme for Information Assets with Identifiers in Public Namespaces URL: http://www.ietf.org/internet-drafts/draft-vandesompel-info-uri-04.txt Date: 2005-11-03 – Approved by the IESG as a Proposed Standard Title: LDAP: The Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-protocol-32.txt Date: 2005-11-05 – Last Call (Deadline: 2005-11-19) / Proposed Standard Title: Definitions of Managed Objects for FCIP URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-fcip-mib-09.txt Date: 2005-11-05 – Approved by the IESG as a Proposed Standard Title: DHCP Lease Query URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-leasequery-09.txt Date: 2005-11-05 – Approved by the IESG as a Proposed Standard Title: PWE3 Control Word for use over an MPLS PSN URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-cw-06.txt Date: 2005-11-05 – Last Call (Deadline: 2005-11-25) / Proposed Standard Title: Mapping Between the Multimedia Messaging Service (MMS) and Internet Mail URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-mms-mapping-06.txt Date: 2005-11-07 – Last Call (Deadline: 2005-12-05) / Informational RFC Title: The DNSSEC Lookaside Validation (DLV) DNS Resource Record URL: http://www.ietf.org/internet-drafts/draft-andrews-dlv-dns-rr-00.txt Date: 2005-11-07 – Approved by the IESG as a Draft Standard Title: IPv6 Stateless Address Autoconfiguration URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-rfc2462bis-08.txt Date: 2005-11-08 – Last Call (Deadline: 2005-11-22) / Proposed Standard Title: Bootstrapping TESLA URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-bootstrapping-tesla-... Date: 2005-11-08 – Last Call (Deadline: 2005-11-22) / Informational RFC Title: ECC Cipher Suites for TLS URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-12.txt Date: 2005-11-09 – Document Action / Experimental RFC Title: Neighbor Discovery Proxies (ND Proxy) URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-ndproxy-04.txt Date: 2005-11-14 – Last Call (Deadline: 2005-12-12) / Proposed Standard Title: Transport Layer Security Session Resumption without Server-Side State URL: http://www.ietf.org/internet-drafts/draft-salowey-tls-ticket-05.txt Date: 2005-11-14 – Last Call (Deadline: 2005-12-12) / Proposed Standard Title: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH URL: http://www.ietf.org/internet-drafts/draft-mcgrew-aes-gmac-esp-01.txt Date: 2005-11-15 – Protocol Action (Deadline: 2005-11-28) / BCP Title: Tags for Identifying Languages URL: http://www.ietf.org/internet-drafts/draft-ietf-ltru-registry-14.txt Date: 2005-11-15 – Last Call (Deadline: 2005-11-30) / Proposed Title: A PRF API extension for the GSS-API URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-prf-07.txt Date: 2005-11-15 – Approved by the IESG as a BCP Title: Guidelines and Registration Procedures for new URI Schemes URL: http://www.ietf.org/internet-drafts/draft-hansen-2717bis-2718bis-uri-gui... Date: 2005-11-15 – Last Call (Deadline: 2005-12-13) / Proposed Standard Title: Rivest-Shamir-Adleman (RSA) key exchange for the Secure Shell (SSH) Transport Layer Protocol URL: http://www.ietf.org/internet-drafts/draft-harris-ssh-rsa-kex-05.txt Date: 2005-11-16 – Approved by the IESG as an Informational RFC Title: Session Initiation Protocol Torture Test Messages URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-09.txt Date: 2005-11-21 – Last Call (Deadline: 2005-12-05) / Proposed Standard Title: Stream Control Transmission Protocol (SCTP) Specification Errata and Issues URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctpimpguide-16.txt Date: 2005-11-21 – Last Call (Deadline: 2005-12-05) / Proposed Standard Title: RTP Payload Format for Uncompressed Video: Additional Colour Sampling Modes URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-uncomp-video-ext-01.txt Date: 2005-11-22 – Last Call (Deadline: 2005-12-06) / Proposed Standard Title: Classless Inter-Domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan URL: http://www.ietf.org/internet-drafts/draft-ietf-grow-rfc1519bis-03.txt Date: 2005-11-22 – Last Call (Deadline: 2005-12-06) / Proposed Standard Title: Minimally Covering NSEC Records and DNSSEC On-line Signing URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-online-sign... Date: 2005-11-22 – Document Action / Experimental RFC Title: Internet X.509 Public Key Infrastructure Repository Locator Service URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-pkixrep-04.txt Date: 2005-11-23 – Last Call (Deadline: 2005-12-07) / Proposed Standard Title: Using the NETCONF Protocol over Blocks Extensible Exchange Protocol (BEEP) URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-beep-07.txt Date: 2005-11-23 – Last Call (Deadline: 2005-12-07) / Proposed Standard Title: NETCONF Configuration Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-prot-09.txt Date: 2005-11-23 – Last Call (Deadline: 2005-12-07) / Proposed Standard Title: Using the Network Configuration Protocol (NETCONF) Over the Simple Object Access Protocol (SOAP) URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-soap-06.txt Date: 2005-11-23 – Approved by the IESG as a BCP Title: IANA Allocations for pseudo Wire Edge to Edge Emulation (PWE3) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-iana-allocation-15.txt]]> 1497 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/calendar-5/ Tue, 27 Sep 2005 16:49:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1503 Autumn 2005 – 64th IETF November 6-11, 2005 Host: Nortel Networks Location: Vancouver Spring 2006 – 65th IETF March 19-24, 2006 Host: TBD Location: TBD Summer 2006 – 66th IETF July 9-14, 2006 Host: TBD Location: TBD Autumn 2006 – 67th IETF November 5-10, 2006 Host: TBD Location TBD Spring 2007 – 68th IETF March 18-23, 2007 Host: TBD Location: TBD Summer 2007 – 69th IETF July 22-27, 2007 Host: TBD Location: TBD]]> 1503 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/jun-murai-receives-2005-postel-award/ Tue, 27 Sep 2005 16:51:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1506 1506 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/how-to-take-part-in-ietf-activities/ Tue, 27 Sep 2005 16:53:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1508 http://www.ietf.org.]]> 1508 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/editorial/ Thu, 07 Sep 2006 17:16:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1098 1098 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-celebrates-20th-anniversary/ Sun, 07 May 2006 17:46:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1131 Congratulations, IETF, on 20 great years of Internet standards development! To celebrate the 20th anniversary of the IETF, many activities took place at the 65th IETF in Dallas, Texas, US. The IETF community has come a long way since its first meeting on 16th January 1986 in San Diego, California. At IETF 65 participants could test their inside knowledge by answering a number of trivia questions. Every day, small prizes were handed out to the winners. Celebrations reached a high point during the Social event (co-sponsored by ISOC and Nokia) at the IETF 65. Many participants from the very earliest days of the IETF were present, including a number of earlier IETF chairs.

Lixia Zhang, professor at UCLA: "At the first IETF I was a graduate student. I felt that I had so much to contribute. I had lots of great ideas. As years go by, I have better appreciation of how much I can learn from this community. Each time I come to an IETF Meeting, I learn from others. Now, I feel how little I know. As a graduate student, I felt how much I know."

Dave Clark, a professor at MIT, gave a presentation, referring back to a speech he gave in 1992, pointing out issues the IETF was facing back then, namely Routing and Security. The network has changed tremendously and much work has been done to get it to where it is today. However, these topics are still high on the agenda of the IETF today. During the meeting, many enthusiastic attendees recorded their congratulations on video. You can view these here. Throughout this issue of the IETF Journal, you will find reflections on the past and the future of the IETF from IETF participants, some of them involved since IETF 1, others that were Newcomers at IETF 65. ISOC has declared 2006 the "Year of the IETF" and activities are planned throughout the year to celebrate the IETF@20. Check back often for activities which will be announced throughout the year onhttp://ietf20.isoc.org.]]> 1131 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf-chair-3/ Sun, 07 May 2006 17:49:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1133 As you will surely know, even if you didn’t experience it, IETF 65 in Dallas got off to something of a wet start, with flooding up to, and inside, the hotel on Sunday afternoon and evening. Thanks and congratulations are due to the NOC crew for relocating the NOC equipment to get away from the waterfalls from the light fixtures, with only a few minutes’s interruption to DHCP service. Nevertheless, a total of 1264 participants from about 36 countries attended despite the weather, for a busy week of WG meetings, birds-of-a-feather sessions, plenaries, and many other meetings and discussions, as well as a fine social event. I want to thank Nokia, the principal host, and other sponsors for helping to make the meeting such a success. Unfortunately, a serious problem was encountered by some participants in obtaining the necessary business visas in good time. The Internet Society made a welcome urgent intervention with the US State Department, allowing a few more visas to be issued at the last moment, but this problem is damaging to the IETF’s principle of openness. In the year leading up to IETF 65, the IESG approved almost 400 Internet-Drafts for publication as RFCs, of which about half were Standards Track or Best Current Practice documents. During the same period, no fewer than 43 WGs completed their work and were closed down, and fourteen new ones were chartered, leaving more than 120 WGs in progress. Thus, the last year has been unusually productive for the IETF. Much of the credit for this, of course, belongs to the Area Directors, and in particular I want to recognise the work of the five who stepped down in Dallas:

• Scott Hollenbeck (Applications)
• Allison Mankin (Transport)
• Margaret Wasserman (Internet)
• Bert Wijnen (Operations and Management)
• Alex Zinin (Routing)

However, the real credit for such a productive year belongs to the various WG Chairs, document authors, and individual participants, who did all that needed to be done to deliver the goods. Now we will all focus on continuing the work in preparation for IETF 66 in Montreal, Canada from July 9-14. IETF 65 Facts and Figures 1264 registered attendees from 36 countries 7 new WGs 18 WGs closed 531 new Internet-Drafts 995 updated Internet-Drafts 106 IETF Last Calls 150 approvals around 184 published RFCs (96 standards and BCPs) 2 appeals]]> 1133 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-iab-2/ Sun, 07 May 2006 17:50:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1135 The first IETF meeting of each calendar year marks the transition between two “IAB years”, as some IAB members finish their terms and step down, and new IAB members join the group. On behalf of all the IAB, I’d like to thank the departing IAB members for their contributions and hard work:

• Patrik Fältström
• Bob Hinden
• Pekka Nikander (stepping down mid-term)
• Pete Resnick
• Jonathan Rosenberg

And I’d like to welcome the new folks who take their place:

• Elwyn Davies
• Kevin Fall
• Olaf Kolkman
• Dave Oran
• Dave Thaler

As I elaborated during the Thursday plenary session (and as reported here on page 9), the IAB is bringing a busy year to a close. For the IAB, a “busy year” involves acquitting its various administrative and oversight roles, as well as being active in key areas of technical contribution. Early on in the year, the IAB identified 3 primary areas of focus, in which it planned to make a difference: IPv6 (remaining issues to deployment), general Architectural perspectives and Unwanted Traffic. These three areas capture many of the things that are currently challenging Internet evolution. The IAB opted to move beyond the discussion of “what if IPv6″ — no matter which set of numbers one believes, it is clear that IPv4 will not last forever. The IAB focused instead on identifying impediments to deployment of IPv6, with a view to filtering that back into any architectural issues that need to be resolved (if any), or architectural guidance that would be helpful to compile and share. While it’s increasingly clear that a large portion of the Internet’s traffic is unintended, unwanted, or downright malicious, it is also apparent that “unwanted traffic” is a proverbial “elephant” — different people have a very clear understanding of one or more individual parts of the problem, but we need to get a better sense of the overall picture, as well. Hopefully, the report from the IAB’s March workshop on this topic will help provide a starting point for building that perspective. The challenge is now set for the IAB’s new year — to review what we learned and achieved through the last year, and determine priorities for the coming year. Architecture never sleeps — stay tuned! Leslie Daigle, Chair, IAB. More information about past and present IAB members can be found here .]]> 1135 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-65-review-plenary-sessions/ Sun, 07 May 2006 17:52:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1137 Administrative Plenary IETF chair opening Brian Carpenter, the chair of IETF, welcomed everyone to the plenary. He presented attendees and document statistics (see Fact & Figures on page 2). This time some people had problems receiving their visa in time. Thanks to ISOC’s urgent intervention with the US State Department, this could be solved in most cases. It is still damaging to the IETF’s openness as Brian pointed out. NOC and Host Report Rich Osman, in charge for the NOC at the IETF this time, showed some network statistics. He thanked the many volunteers who helped during the week and did an especially good job, when the NOC had to be moved within 20 minutes on Sunday due to rain in the NOC. Paul Murdock, representing Nokia, the host for IETF 65, gave a presentation showing some of Nokia’s latest multimedia developments. IASA Report The IASA Report consisted of four presentations: - RFC Editor report (Bob Braden) - IANA report (David Conrad) - IASA operations report by the IAD (Ray Pelletier) - IAOC general report: IAOC Chair (Lucy Lynch) RFC Report Bob Braden reported that the RFC Editor has made significant progress towards reducing the publications backlog reported at the last few IETF meetings. At current rate the backlog will be completely gone before June 2006. IANA Report David Conrad, the General Manager of IANA, reported that at the last meeting a number of issues were identified, mostly related to the lack of consistent management, understaffing and too complicated processes. Many of these issues have been addressed which is visible in the improved IANA performance. Before the next meeting, IANA is planning on clearing up the current backlog and hiring two additional staff, one of them fully dedicated to IETF liaison. IANA will also work on improved tools and will publish IETF-related processes and data on IANA performance. David thanked Michelle Cotton, who has now been working for 6 years at IANA and was at times the only IANA person. IAD Report Ray Pelletier, the IETF Administrative Director, showed an overview of the IETF expenses for the Fiscal Year 2005 and the budget for 2006. He then gave a status report of the secretariat services after being in place for 90 days. The transition from Foretec to NeuStar Secretariat Services went well, new tools and infrastructure have been set up as well as longer-term planning for future meetings. IAOC Report Lucy Lynch, the chair of the IETF Administrative Oversight Committee, reminded the plenary that after IETF 64, the IAOC had issued a Call for Consensus on the formation of an IETF Trust. The founding parties included CNRI, ISOC and the IETF. Some substantive issues were raised and the documents were modified to address community concerns. In December consensus was reached. The final IETF Trust Agreement can be found here(pdf). Consequently a number of actions were taken to round up the Trust Agreement. In recent months, the IAOC has been focused on

• the development of an RFP for the RFC Editor services
• conducting the first annual review of the IAD
• future IETF meeting planning
• monitoring the US Department of Commerce (DoC) RFI regarding IANA services

Lucy clarified that the RFC-Editor RFP will be an open RFP and that there will be a request for interest first. Leslie Daigle added that she sent the planned process to the IETF mailing list recently. Major projects for IASA in 2006 entail:

• IAD annual review and goal setting in June 2006 (IAOC)
• development and Execution of the RFC-Editor RFP (IAOC)
• managing IANA issues: DoC, contracting etc. (IAD)
• community relations per BCP101: minutes, financial updates, active listening (IASA)
• formalising the budget process (IASA)
• IPR related issues (Trust)
• managing archives and assets (Trust)

The IAOC web site will soon move to http://iaoc.ietf.org The trust web site will soon move to http://trust.ietf.org Updating the Tao of the IETF Susan Harris gave a short summary of the main changes made to the Tao document (see more details on page 11) and asked the community, especially IETF Newcomers for feedback. Nomcom Report Ralph Droms, chair of the NomCom, listed the nominees for the open IESG, IAB and IAOC slots. It was a difficult task this time, because of the creation of the new Real-time Applications and Infrastructure (RAI) area and a resignation on the IAB. The NomCom schedule, as laid out in RFC3777, turned out to be tight. Ralph and the NomCom proposed to review this schedule significantly. The tools developed together with Henrik Levkowetz and the tools team were very helpful and the development of additional tools for I* nominations and NomCom volunteers are being considered. Henrik added that the time schedule problem might also be solvable with the help of new tools.

Incoming IESG MembersLisa Dusseault: Applications Area Jari Arkko : Internet Area Dan Romascanu: Ops & Mgmt Area Ross Callon: Routing Area Sam Hartman *: Security Magnus Westerlund: Transport Area (2 yr) Lars Eggert: Transport (1 yr) Cullen Jennings: RAI Area Jon Peterson **: RAI Area Incoming IAB Members Leslie Daigle * Elwyn Davies Kevin Fall Olaf Kolkman David Oran Eric Rescorla * Incoming IAOC Members Ed Juskevicius * * returning incumbent ** moved from Tarnsport

“Thank You” to all departing IESG and IAB members Fred Baker, the chair of the ISOC Board of Trustees (and former IETF chair) thanked all departing IESG members for their time on the IESG. They have done a great service to the IETF. Brian Carpenter echoed these thanks. Leslie Daigle, chair of the IAB, thanked all departing IAB members in the name of the entire IAB. Lynn St.Amour, CEO and President of ISOC, handed out plaques to Jonathan Rosenberg, Patrik Fältström, Pekka Nikkander, Pete Resnick and Bob Hinden as thanks for their service on the IAB and to Bert Wijnen, Allison Mankin, Alex Zinin, Scott Hollenbeck, Margaret Wasserman for their service on the IESG. Alex Zinin, one of the departing IESG member, reflected on the IETF in the last 4 years. He felt that the IETF has become a more open and cooperative organisation that is more innovative and more international. It is also more operations-aware than a while ago. At the same time he felt the IETF has also become more formal and process oriented. Alex pointed out a number of things he learned during his time on the IESG and gave the following recommendations to new IESG members:

• trust your first impressions
• you are a newbie – use that! (you bring the background from the community)
• don’t allow politics to rule avoid bureaucracy burn-out
• if it stalls – take it to the public (community can help!)
• remember who your real boss is (the community!)
• remember why you did it (keep your nom-com questionnaire)
• know when to stop

Bert Wijnen, another departing IESG member, who served on the IESG for 8 years added that even though we are all here as individuals, he would like to thank his employer, Lucent Technologies, who basically sponsored his work for many of those years. Bert also thanked the community for the help and support. He mentioned that he got a little worried lately about the IETF and the IESG (referring to issues like blocking people from mailing lists, a lot of the process issues etc.). He would like to see the IETF continue to focus on technology. As a thank-you to the community he sang two Dutch songs which was enthusiastically welcomed by the audience.

Mike St.Johns Nominet (present at IETF 1): “One of the things about the Internet is that it was designed to be used by experts. We have gone from a benign environment where we knew everyone on the Internet to an environment where we have cyber-stalkers and cyber-terrorists. It is a different world. The web has changed things. I think for the good, because lots of people can get their voice out, but part of it is that we are diluting the truth… The Internet is the best system for spreading memes that we have ever seen.”

Open mic sessionBrian Carpenter welcomed a suggestion to present IESG statistics to the community similar to the IANA and RFC queue statistics. He mentioned that the IESG had an ‘Efficiency Retreat’ and set some targets for itself. They should certainly be presented. Bill Fenner and Allison Mankin are working on tools to present them. This was followed by a discussion about the perceived lack of food – notably cookies – during the IETF 65 meeting breaks which some community members took as a sign that the IETF was in very good shape if that much time is spent on such a topic during an IETF plenary session. Ray Pelletier admitted that the numbers were underestimated and were adjusted for the rest of the week. Another topic that got raised were individual submissions to the RFC Editor. One author felt that the technical review board does not have sufficient expertise in one particular area. Joyce Reynolds, representing the RFC Editor on the IESG, noted that the RFC Editor is always trying to make the best effort to find the best reviewer on the review board, but that they cannot guarantee to have expertise in all possible fields. All reviewers are volunteers.

Complexity, a topic raised at previous IETF plenary sessions, was brought up again. Some people were worried that an increasing amount of complexity is exposed to the end-user, especially in the area of security. This can lead to users not deploying security standards. Sam Hartman, one of the security ADs, agreed and said “We don’t only need to make sure security mechanisms are complete, we also need to ensure they are deployable.” He suggested to develop more show cases and examples in order to demonstrate how security mechanisms can and should be used. At the end of the plenary, the role of the IETF chair was raised. There was some concern that the IETF chair has too many roles to fill:

• IETF chair
• IESG chair
• General Area Director

One speaker felt that chairing the IESG might be the most important role for the IETF chair. Other tasks of the IETF chair could possibly done by others. There was no agreement on this topic and in closing Brian pointed out the importance of the external role of the IETF chair. Technical Plenary Welcome and Introduction by the IAB chair Leslie Daigle opened the technical part of the IETF plenary and announced that she was honored to be re-appointed as IAB chair for the next year. IRTF Report Aaron Falk, chair of the Internet Research Task Force (IRTF), described some recent IRTF highlights. A number of Research Groups (RGs) met during IETF 65. One of them was the Anti-Spam RG which also had a review with the IAB. The two new research groups (the Transport Modelling RG and the Internet Congestion Control RG) are making good progress. There is a charter under development for a MANET RG and for a group on scalable small-group multicast. The document “IAB Thoughts on the role of the Internet Research Task Force” is about to be published as an RFC. In addition to that the IRTF published draft-irtf-rfcs-00.txt to describe a process for IRTF RGs to publish RFCs.

IRTF Technical Presentation – End-to-End Research Group Karen Sollins, one of the co-chairs of the IRTF End-to-End (e2e) RG presented the status of that group. The e2e RG has existed since 1984 and is limited to 20 members with rotating, closed membership. The focus of the RG is on End-to-End services and protocols. There are 1.5 day long meetings 2 – 3 times a year. The group is set up as a forum to exchange ideas. Topics which have been discussed in the past include: Transactions (VMTP, SUN, RPC etc.) Multicast TCP congestion control Integrated Services New Architectures At their last meeting, the e2e RG posed the following question: ‘How might the computing and communications world be materially different in 10 – 15 years, and how might we define a research agenda that would get us to that world?’ Answering that question requires a vision of the future Internet. The e2e RG concentrated on the conceptual vision rather than on possible technical approaches to get to that future Internet.

Lixia Zhang professor at UCLA (present at IETF 1): “We need to develop a vision. When the network was still small, we did not really need a clear vision… When we were slightly off track, we said ‘ooops, let’s adjust it.’ But when the system is huge, it is much harder to adjust. If it is not steered into the right direction at all times, it will be very hard to turn. Therefore, I believe that today, it is essential to have a clear vision, because the network is this gigantic thing that is moving along and that we have to steer.”

Karen encouraged everyone to develop visions as well as architectural requirements that would bring us there. More details on this work can be found in the following publication: ‘Making the World (of Communications) a different Place’ by Clark, Partridge, Braden, Davie, Floyd, Jacobson, Katabi, Minshall, Ramakrishnan, Roscoe, Stoica, Wroclawski, Zhang in ACM SIGCOMM CCR 35 (2), July 2005, pp. 91 – 96. A copy of that document can be found here(pdf). IAB Technical Presentation – Distributed Hash Tables The IAB has regular informal, internal tech-chats. On a recent tech-chat about Distributed Hash Tables (DHTs), it became apparent to the IAB that there was material that would be interesting to share with the community – hence this plenary technical presentation. Eric Rescorla, an IAB member, described the overall concept of DHTs, explained the difference between search and lookup and gave some examples . He further described different security mechanisms, their applications and the open issues for each of them. In closing Eric noted that the work on Distributed Hash Tables is mostly research today and not really relevant to normal users at the moment even as they are being actively proposed for use within various protocol standards. Not related to the above topic, but in good IETF tradition to combine serious work with some fun, various IETF participants stood up and gave Eric bags of cookies (referring to him complaining at the Administrative plenary about the lack of cookies during the breaks. IAB update Leslie Daigle gave an update of the IAB activities of the year. The IAB identified 3 areas of interest last year:

• IPv6
• Architectural Perspective
• Unwanted Traffic
• And, of course there is always a “misc” category !

Regarding IPv6, the IAB started a dialogue with the operational community. A special thanks to Dave Meyer, a member of the IAB, who opened channels to the operations community by organising BoF sessions on IPv6 Multihoming at operators meetings (NANOG, APRICOT, RIPE). This effort will be continued. In addition to that the IAB has set up an IPv6 ad hoc committee. On the topic of Architectural Perspective, the IAB has published a number of documents:

• RFC 4101: Writing Protocol Models (June 2005)
• RFC 4417: Report of the 2004 IAB Messaging Workshop (Feb. 2006)
• RFC 4367: What’s in a Name: False Assumptions about DNS Names (Feb. 2006)

The architecture-discuss mailing list : architecture-discuss@ietf.org was also established for broader community discussions on architectural issues. The IAB IDN ad hoc committee will be shutting down. At the beginning of March 2006, the IAB hosted a workshop on the topic of ‘Unwanted Traffic’, with people from various backgrounds: backbone operators, enterprise managers, researchers, software developers. The goal was to get cross-area communication and to raise awareness. As a main result from the workshop it has been recognised that the IETF needs to continue to build mechanisms to address the usual security and unwanted traffic issues while at the same time mechanisms have to be developed to respond to more serious, more organised security threats. The solutions might not be the same. A full workshop report will be published as an RFC. At the end, Leslie listed some other ongoing and administrative IAB activities:

• Tech Comms ad hoc committee (to work with ISOC on a series of documents)
• IETF-related process and liaison documents
• RFC 4089: IAB and IESG recommendation for IETF Administrative Restructuring (May 2005)
• RFC 4052/BCP 0102: IAB Process for Management of IETF Liaison Relationships (April 2005)

In RFC queue:

• draft-iab-ieee-802-rel-05
• draft-iab-irtf-02

Appeals

• Jefsey Morfin, suspension from ietf-languages mailing list
• IAB annulled IESG decision
• Julian Mehnle, MADRID documents
• IAB upheld IESG decision

Jessy Cowan-Sharp Masters Public Policy and Computer Science at Univ. of Maryland (Newcomer at the IETF): “One of the things that attracted me to come here – which is probably a double-edge sword – is the fact that it is so focused on the working groups. That makes it interesting, because you’re actually doing work. On the other hand it is also what makes it inaccessible for Newcomers, especially if you haven’t been reading the mailing lists for a while.”

The discussion around the RFC Editor has been continued during the IETF 65 GENAREA meeting. The overall timeline was sent to the IETF mailing list, as well as: - a straw proposal of an RFC Editor charter. - IAB documents. - current IAB Internet-Drafts. - IAB Minutes.

Town Hall Meeting – Technical Topics

As all the IAB members came up on stage to host this session, a video of “virtual” Vint Cerf sharing congratulations to the IETF’s 20th anniversary of the IETF was presented. During the open mic session the topic issue was the End-to-End principle (in reference to Karen Sollins presentation on the e2e RG; see page 8). It was noted that e2e and network neutrality today might be more a business rather than a technology decision. While some people felt that the IETF should continue to concentrate on the development of protocols and not make recommendations about ‘good’ or ‘bad’ technologies , others believed the IETF needs to be promoting technologies and components that do support the e2e model and that it has a responsibility at that (similar to the IETF’s conscious decision not to design protocols that make wiretapping substantially easier). As way forward, comments in the room suggested that the IETF needs to accommodate both: the e2e principle as well as business considerations. A role for the IAB in this could be to ensure the protocols work in networks today (including firewalls). In the ensuing discussion, people wondered how the ends were actually identified. In IETF discussions, an end is typically identified by an IP address. Not everyone agreed with that. Patrik Fältström, one of the departing IAB members said: “End-to-End should be defined as the humans and their applications (e.g. chat, rss feeds). As long as the IETF designs protocols the way it has done so far, users will always be do able to use their applications.” Jeff Schiller suggested that a new definition of Internet services is needed. i.e. end-user security (assuming the network can not be trusted) vs. security in the infrastructure (providing reliability and availability for the end-user). The web service community is one example of this distinction: because they could not trust the network, they developed security on the xml level, as Brian Carpenter pointed out. In the network neutrality context, he recommended to look at RFC 4084 (Terminology for Describing Internet Connectivity). All presentations given during the IETF 65 plenary session can be found here.]]> 1137 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-65-review-tao-of-the-ietf-revised/ Sun, 07 May 2006 17:54:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1139 phoffman@imc.org) and Susan Harris (Merit, srh@merit.edu) announced that the Tao has undergone major revisions. The practical, “how-to” Working Group information has been greatly expanded, and text has been added about the IETF’s new administrative structure, new tools, and efforts such as the EDU team. http://tools.ietf.org/html/draft-hoffman-taobis]]> 1139 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-65-review-rai-a-new-area/ Sun, 07 May 2006 17:55:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1141 Interview with new RAI Area Directors: Jon Peterson, Cullen Jennings, conducted by Mirjam Kühne Recently a new IETF area has been created: Real-Time Applications and Infrastructure (RAI). We wanted to find out more about the motivation behind this decision and the scope of the new area. Question: When was it decided to set up a new area? Jon: Already 5 or 6 years ago people spoke about setting up an area that was focused on – what they then called telephony. At that time many people viewed it as this ‘container to put all this radioactive material into, so it cannot contaminate the rest of the IETF’ and therefore resisted that idea. Now the situation is quite different with SIP and similar technologies having gained a certain prominence in the industry. We are certainly generating enough documents and working groups and have enough visibility that it easily warrants its own area. Cullen: It also reflects what is going on in the industry and as a result there are new people with new energy in this field. 2 WGs were moved out of Applications (simple and geopriv). The rest were moved from Transport. [Editor's note: a full list of RAI WGs is included at the end of this article]. The scope of things that we were trying to cover in the Transport area was diverging further apart. It was covering an incredible range. Jon: We needed to have at least two very distinct areas of expertise to work in Transport. You needed to understand UDP plus all the SIP related work. That makes it hard to find people to fill the job. I was brought in as a Transport AD, because I had SIP expertise. I was not really a TCP expert. Cullen: My area of expertise is also around SIP and the whole communications area. Jon: Another aspect is security: there are people who design security mechanisms and there are people who know how to apply security mechanisms to protocols that need them. And I think in that latter category we have significant expertise. Cullen: over the last 5 years, the whole issue of bringing presence in and how presence works for communication systems, how to set up policies and how to deal with these various aspects, is something no one was an expert in a few years ago. Jon: Another factor that is worth mentioning is scheduling. Having the Transport area include all of the SIP related meetings, finding time for all the meetings and trying to ensure that people can make it, became increasingly difficult. Question: What are the main topics currently being worked on in the RAI area? Jon: The work on emergency services for real time communications (related to emergency phone numbers like 911, 112) is important (see Emergency Context Resolution with Internet Technologies (ecrit) WG). There has been an enormous amount of work and clearly also some controversy around various ways to do the protocol. That is one of the topics that the industry at large recognises as a potentially limiting factor for deployment, for instance with Voice over IP. Cullen: This is another example, like enum, that does not only involve technical issues, but also touches on regulatory, operational and practical issues. The emergency response work that is being developed now is likely to be better than the currently deployed systems in many ways. It takes into account mobile devices and allows a broad range of location information to be reported to the emergency responder. It also provides ways to place policy to restrict the privacy of the location information. Jon: We had a BoF on peer2peer at this IETF 65. I believe everyone in the SIP community here at the IETF thought this was an enormously important effort. Although in this kind of environment there is bound to be disagreement about exactly the right approach. There are a lot of alternatives. There is a very strong consensus that we need to do something in this space, but we are not sure how SIP could operate in a context without service providers at all. Cullen: We had a RAI open are meeting at IETF 65 where we talked about some issues that were relevant to lots of the WGs in the area. We spoke about how people want to organise work, how to be more effective and how to get lots of high quality documents done quickly. Jon: The community has lots of good ideas about that. The good news is that a lot of the core work on SIP itself is done. There is still a lot of work to do around leveraging it and building applications. List of WGs in the Real-Time Applications and Infrastructure Area: avt – Audio/Video Transport ecrit – Emergency Context Resolution with Internet Technologies enum – Telephone Number Mapping geopriv – Geographic Location/Privacy ieprep – Internet Emergency Preparedness iptel – IP Telephony mmusic – Multiparty Multimedia Session Control sigtran – Signaling Transport simple – SIP for Instant Messaging and Presence Leveraging Extensions sip – Session Initiation Protocol sipping – Session Initiation Proposal Investigation speechsc – Speech Services Control speermint – Session Peering for Multimedia Interconnect xcon – Centralized Conferencing Scott Bradner University technology Security Officer at Harvard University: "The IETF is an incredibly important forum for the creation of standards – and standards in the true sense: they are standards, because people use them, not standards in the false sense of the traditional standards bodies where governments say ‘you must use this specification.."]]> 1141 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-65-review-internet-area/ Sun, 07 May 2006 17:57:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1143 proceedings, logs of text sessions and the audio archives of the meeting. The Internet Area of the IETF sits in a position similar to that of the Internet Protocol layer in the traditional stacked layer of network models: between transport protocols and the underlying media. The "conventional" activities of this Area include standardization of IP adaptation layers (IP over foo), as well as a number of network attachment protocols and various forms of IP-specific protocols. For many years one of the major areas of activity in this area was the IPv6 WG. IPv6 over Low power WPAN (6lowpan) This WG is an example of the IP adaptation standardization role undertaken by the Internet Area – in this case the underlying media is the IEEE 802.15.4 class of networks, which includes a set of wide area low power wireless access systems. This WG includes the conventional agenda of IP adaptation interfacing, including framing, address generation and header compression specification. The WG also has the latitude to look at more innovative approaches to adaptation that make use of ad-hoc networks based on the MANET approach. The frame formats, address acquisition and header compression schemes have been documented in a 6lowpan draft which appears to be in its final stages in the WG review cycle (draft-ietf-6lowpan-format-02.txt). The WG is now looking at re-chartering with an intended focus on neighbour discovery, stateful header compression, recommendations for applications, meshed routing and security considerations. At IETF 65 the WG considered proposals for mesh routing, ad-hoc on demand distance vector routing, neighbour discovery and serial forwarding. It appears likely that the rechartering will proceed in the coming months. Ad-Hoc Network Autoconfiguration (autoconf) The autoconf WG is intended to standardize mechanisms to be used by ad-hoc (self-configuring) nodes for obtaining unique routeable addresses. Such ad-hoc nodes would be capable of supporting the MANET routing protocols for multi-hop communications. The WG is chartered to produce a "MANET architecture" and an auto-configuration mechanism. The WG is currently working on the MANET architecture document, as well as the problem statement documents for auto-configuration, so at this stage the WG is still in its initial phase. This is part of a larger effort to bring IPv6 standards into the realm of reliable self-configuration in mobile environments that may utilize various forms of ad-hoc connections to build up connectivity services. The WG was established just prior to IETF 64, so the progress to date has been noteworthy. Dynamic Host Configuration (dhc) The Dynamic Host Configuration Protocol (DHCP) is now a very well-established protocol with extremely broad deployment. DHCPv4 is a Draft Standard, and DHCPv6 is a Proposed Standard. This WG is, in effect, a protocol maintenance WG, maintaining oversight on proposed DHCP options and extensions in a manner that is consistent with the core DHCP specification, avoiding instances of option and extension clashes and duplication. Current WG activities include security and authentication, rigorous analysis of the specification, operation of DHCP in dual-stacked IPv4/IPv6 contexts and dynamic updates. The WG is a well established one with a very sizeable list of already published RFCs. The current work at IETF 65 was the consideration of a number of DHCP option proposals, namely for a timezone option for DHCPv6, emergency dial string option, 802.21 information service option, PANA authentication agent option, service override option, lease query option, and passive Duplicate Address Detection (DAD). The WG also considered mixed DHCPv4 and DHCPv6 environments and possible operational issues that could arise. Detecting Network Attachment (dna) As pointed out in the dna WG charter: "The current IPv6 stateless and stateful autoconfiguration procedures may take a fairly long time due to delays associated with Router Discovery and Duplicate Address Detection. … The main goal of this WG is to develop mechanisms that reduce or avoid such delays, in cases where they are not necessary. … The purpose of the dna WG is to define standards track and BCP documents that allow hosts to detect their IP layer configuration and connectivity status quickly, proposing some optimization to the current specifications that would allow a host to reconfigure its IPv6 layer faster than today. The WG has produced 1 RFC and one WG draft has passed WG Last Call and is now in the IESG review process. A further 7 drafts are still with the WG. This form of reworking existing specifications in order to optimise performance can be very slow and painstaking work, in that much of the existing sequencing of activity and the associated protocol timers were folded into the standard specification to ensure that the autoconfiguration steps did not converge to incorrect outcomes. The work of the dna WG follows a design team proposal to have the host be aware of layer 2 hints indicating a change in access point, and then have the host communicate to a router its concept of connectivity and have the router either confirm this view or propose a new network configuration for the host. DNS Extensions (dnsext) This is another example of a WG that has a significant protocol maintenance component. In this case the protocol is the DNS, and while there is a significant protocol maintenance component, the primary focus of the WG is DNSSEC. The WG is concerned with issues relating to DNSSEC deployment and the potential for protocol modifications in the light of DNSSEC experience. In addition the group is also studying zone transfer, notify and update documents as they progress towards Draft Standard status. Current activity is concerned with a set of DNS specification clarification documents, and the NSEC3 issues. Extensible Authentication Protocol (eap) EAP appears to be nearing the end of its current charter to revise the EAP specification with a view to fully document the protocol and improve the interoperability of the protocol. This charter is almost complete, and with the publication of the revised EAP specification in June 2004 and the state machine specification in August 2005, the remaining work items are concerned with the keying framework and the network selection problem. It appears that these two drafts are close to WG Last Call, and with that the only remaining task for this WG is to complete the problem definition document on network selection. Host Identity Protocol (hip) HIP has had a relatively lengthy history in the IETF. The idea was originally published as an individual Internet-Draft in May 1999. The basic idea is to inject a hash of the public key into the IP datagram as a means of providing a constant identity pivot within a packet sequence. This allows a certain level of locator agility while maintaining a presentation of a constant connection state to the upper level protocols. As noted in the HIP charter, "The Host Identity Protocol (HIP) provides a method of separating the end-point identifier and locator roles of IP addresses. It introduces a new Host Identity (HI) name space, based on public keys." This is an interesting WG in that its charter is not one that is primarily intended to produce standard protocol specifications, but to define a set of infrastructure elements to allow for wide scale HIP experimentation. At this stage the base HIP protocol specification has completed a WG Last Call, and the architectural description of HIP is to be published as RFC 4423. The mobility and multihoming specifications are in WG Last Call state, and are essentially complete. At this stage it appears that the WG is nearing completion of its chartered work items, and a rechartering discussion is underway in this WG. Layer 2 Virtual Private Networks (l2vpn) This WG is responsible for defining and specifying a limited number of solutions for supporting provider-provisioned layer-2 virtual private networks (L2VPNs). The VPN area is one that has certainly consumed a significant amount of attention from the IETF over the years, and the current IETF framework to work on this admittedly large topic is to group VPNs into a number of classes and work on each class as a distinct WG effort. In this case the l2vpn WG is looking at LAN-emulation VPN structures, IP-over-LAN emulation services, and point-to-point private wire services. The working group has a large set of active drafts at present. Five of these drafts were being reviewed as to their security properties by a Security Area review group after a WG Last Call, and a number of documents are close to a WG Last Call. However there are a further 7 drafts under current consideration, and 3 more waiting in the wings. This is a detailed area of activity, and one of the broader WGs in scope, despite the efforts to restrict its scope to layer-2 VPNs, and I suspect that this is not a WG that will have reached the logical end of its charter anytime soon! Layer 3 Virtual Private Networks (l3vpn) This is the routed equivalent of the l2vpn WG, looking at VPNs where the VPN is an active routing entity for the client VPN. This WG has already produced 10 RFCs and while there are a further 14 Internet-Drafts in the process, most of these have completed a WG Last Call and are in the subsequent stages of IESG review or awaiting publication. There are only 3 drafts that are currently in the WG, one concerning verification of routing information generated by PE routers and a further two drafts relating to multicast requirements. The discussion on whether to recharter the WG or to declare victory and move on is a likely topic for this WG in the coming months. Mobility for IPv4 (mip4) According to the mipv4 WG charter. "IP mobility support for IPv4 nodes (hosts and routers) is specified in RFC 3344. RFC 3344 mobility allows a node to continue using its “permanent” home address as it moves around the Internet. The Mobile IP protocols support transparency above the IP layer, including maintenance of active TCP connections and UDP port bindings." At present the IETF appears to be in a phase of consolidation in terms of revisiting some basic specifications, and mobility for IPv4 has not escaped such attention. The WG is working on an update to RFC 3344 that clarifies some aspects of the protocol as well as making some adjustments to the protocol specification (draft-ietf-mip4-rfc3344bis-02.txt). This would set the path for mipv4 to progress to a Draft Standard within the Internet Standards process.

Bob Hinden Nokia (present at IETF 1): "I think there are two different dimensions where we will see lots of growth: one is in places that don’t have the Internet today. That is a big challenge in many ways. The other dimension is the development to make everything on the Internet interconnected. Instead of just having the laptops, PCs and servers we have to today, we will have an increasing amount of devices that are small or embedded. They may be self-organised but networked together. In the first case the network is getting wider and covering more area and more people. But I think it is also going to get a lot more denser with more devices on the network all the time. Building this big, complicated, very dense network where everything is networked together and everything has a potential to talk to each other and in a secure way, so it is usable, will keep us all busy for a long time."

Mobility for IPv6 (mip6) MIPv6 has a similar objective to mipv4, unsurprisingly, but the mechanisms used in IPv6 to provide this functionality are quite different. At this stage the number of working group documents and related individual submissions is up to 18 drafts, although its not quite as daunting as it sounds. The MIB and shared key documents are to be published as Proposed Standards, and the bootstrap and extensions to the socket API are in the final stages of revision prior to publication. The WG has also completing a review of Mobile IPv6 with IKEv2 and the revised IPv6 architecture. MIPv6 Signalling and Handoff Optimization (mipshop) A quick glance at the MIPSHOP drafts and its charter milestones would have you believe that this WG has completed its work items on Hierarchical Mobile IPv6 mobility management (HMIPv6) and Fast Handovers for Mobile IPv6 (FMIPv6). However the group considered 11 individual contributions relating to further potential work for this WG. In other words its chartered work appears to be complete, but the continuing level of interest in this area of activity is extremely high. It appears that this WG may be assuming a role of evaluation of various forms of experimental extensions for MIPv6 that relate to particular envisaged deployment scenarios in the signalling and handoff area. Mobile Nodes and Multiple Interfaces in IPv6 (monami6) One of the critical aspects of the IPv6 architecture is the concept of multiple addresses, where an endpoint can be configured with multiple address prefixes simultaneously. This presents some issues to mobility protocols with multiple care-of addresses and potentially multiple Home Agent addresses. The objective of the monami6 WG is to produce a problem statement and associated specifications to clarify the use of multiple addresses in mobility contexts. The multi-homing motivation scenario and mipv6 analysis drafts are in their final stages of WG review and work is progressing on multiple care-of addresses and flow binding. Network Mobility (nemo) The nemo working group is concerned with managing the mobility of a network, looking at the issue in the form of interactions between Home Agents and Mobile Routers. The working group appears to be in the latter stages of defining common terminology, requirements, models and issues. It is likely that this material will be completed in the coming months, exposing the critical parts of followup agenda, namely routing optimization in both IPv4 and IPv6 contexts (as well as hybrid v6 over v4 contexts, no doubt) and adequately addressing the associated security issues that proliferate this area of mobility. This is a relatively challenging area to work in and it will be interesting to see how well the Internet Area can produce clear and concise specifications to address this space. The decision to recharter nemo to undertake this work, or use a new WG for this route optimization effort has yet to be made. Network-based Localized Mobility Management (netlmm) The basic motivation of this WG is in the assertion that mobility for IP nodes can be more efficiently handled if mobility management is broken down into localized mobility management and global mobility management. Local mobility involves movements across some administratively and geographically contiguous set of subnets. As the netlmm WG charter notes: "In the WLAN infrastructure market, WLAN switches, which perform localized mobility management without any mobile node involvement, have seen widespread deployment … [this suggests] localized mobility protocol with no mobile node software to specifically implement localized mobility management". It appears that the WG is heading towards the substance of its study in the draft "Network-based Localized Mobility Management Interface between Mobile Node and Access Router" (draft-laganier-netlmm-mn-ar-if-00). However, the WG is following what has become a very conventional IETF approach of first working at a Problem Statement (what are we talking about), Requirements (why is this useful) and Threat Model (what could go wrong here) as the initial steps into this space. Network Time Protocol (ntp) NTP is another of those venerable protocols with very extensive deployment experience. In this case NTP is the timekeeper for the Internet. This WG is chartered to advance NTP along the standards track, by documenting the deployment experience of NTPv4 and completing the specification of NTPv6. From that respect the WG is close to completion of its initial charter, and is looking to add work items concerning IPv6, security and auto-configuration. The NTPv4 document is close to completion within the WG and requires some further revision to reflect NTP extension and authentication fields, the definition of IANA-managed protocol parameter registries and some guidance on the poll interval. The work on the algorithm specification for NTP is also underway. The WG appears to be steadily working through its agenda. Protocol for carrying Authentication for Network Access (pana) Its worth quoting the WG charter here to describe the intent of this working group: "The goal of PANA is to define a protocol that allows clients to authenticate themselves to the access network using IP protocols. Such a protocol would allow a client to interact with a site’s back-end AAA infrastructure to gain access without needing to understand the particular AAA infrastructure protocols that are in use at the site. It would also allow such interactions to take place without a link-layer specific mechanism. […] provide support for various authentication methods, dynamic service provider selection, and roaming clients." Once more this WG has followed the convention of initial documents concerning Framework (what are we talking about), Requirements (why is this useful) and Threat Model (what could go wrong here) as the initial steps into this space. The requirements and threats documents are already published as RFCs and the core PANA specification document, framework description and IPSEC use specification have been passed to the IESG. The SNMP and Pana State Machine descriptions have also been largely completed. The current focus of the WG is on pre-authentication, context transfer, mobility optimizations and interoperation with AAA systems. Pseudo Wire Emulation Edge to Edge (pwe3) As any student of Computer Science will tell you there is nothing quite like recursion. Of course recursion is not confined to algorithms and the potential to emulate various media-layer servers as virtual services over an IP substrate has proved to be irresistible for IP. The WG is looking at the encapsulation, transport, control, management, restoration, interworking and security of emulated point-to-point link servers. The set of emulated services includes Ethernet, Frame Relay, PPP, HDLC, ATM, low-rate TDM, SONET/SDH and Fibre Channel. This is a relatively challenging agenda and the WG has already completed documents on a generic architecture and requirements, as well as encapsulation methods for Ethernet, Frame Relay, ATRM and HDLC PPP. However the list of active drafts is impressively long at this point. So there appears to much for this WG to undertake across the remainder of 2006. Site Multihoming by IPv6 Intermediation (shim6) This WG has adopted a two phase approach to the area of study. The initial work phase has been to develop a core set of documents that describe the "basic" set of SHIM6 protocol actions, as well as the associated protocol objects that will be used in the SHIM6 protocol. This base scenario looks at the multi-homing problem from the perspective of two communicating hosts that undertake an exchange locator information between themselves as a means of preserving active sessions by being agile across locator pairs in the event of active path failure. This protocol specification work is largely complete, and the three documents are in the closing stages of the WG’s consideration. SHIM6 will now be turning its attention on to a number of potential refinements to the approach, including site-based locator policy settings, split functionality SHIM approaches, and also to the area of signalling path and locator information vertically within the protocol stack. At the same time the WG is now soliciting implementations of the base specification in order to assess the robustness of the protocol specification. Softwires (softwires) The issues relating to various permutations of IPv6 and IPv4 have been studied by the IETF for many years now, and the softwires WG is the latest in what has become a rich tradition for the IETF. According to its charter, the softwires WG is undertaking the standardization of the discovery, control and encapsulation methods for connecting IPv4 networks across IPv6 networks and IPv6 networks across IPv4 networks in a way that will encourage multiple, inter-operable implementations. "softwires" are, in this context, various forms of tunnels, and the richness of tunnel approaches, and the level of mutual incompatibility in these approaches are the critical issues for this WG. This WG is looking to define a software end-point discovery mechanism, a softwire setup negotiation protocol and a standard encapsulation. The WG appears to have reached consensus on a "Hub and Spoke" scenario using L2TP and a "Mesh" scenario using extensions to Multi-Protocol BGP with negotiated tunnel encapsulation types. The practical approach being taken by the WG in looking to the capabilities of deployed networks and equipment to guide their standardization decisions appears to be one that offers a practical and effective approach to this longstanding issue. Transparent Interconnection of Lots of Links (trill) Many operations folk have grappled with Spanning Tree protocol in L2 networks for many years. There have been noteable victories and equally noteable defeats over the years! Spanning Tree has well known weaknesses and one approach to move to more robust protocols in this space is to look at the problem as a routing problem. The trill WG is looking at the application of link state routing protocol technology to this problem space, using the initial rbridge proposal as a starting point (draft-perlman-rbridge-03.txt). The WG is looking at a problem statement, architecture document and a routing requirements document in addition to the rbridge protocol specification. BoF Sessions IP over IEEE 802.16(e) Networks (16ng) This is the second attempt to introduce the work item of standardizing IP over WIMAX (IEEE 802.16) into the IETF. This appears to be a matter principally of coordination between multiple standards bodies and also coming to grips with multiple convergent layers. Layer 2 Control Protocol (l2cp) This BoF was concerned with the configuration of access devices, and, in particular the control of the L2 (switching) operation of access devices. The proposed mode of operation for this group is in keeping with the current style of the IETF to first look at a common framework to describe the environment, then generate a set of requirements for the space, and then look at protocol development work, preferably through protocol adaptation or recycling: "The WG will define a framework and set of requirements, and will investigate and define a solution for an IP based Layer 2 control protocol that is robust, reliable and scalable. L2CP will be based on extensions to existing protocols. The initial proposal for L2CP is based on GSMPv3." Network Endpoint Assessment (nea) This BoF was concerned with a proposal for a Network Endpoint Assessment protocol specification, intended to assess the "status" of devices before that attach to a network. This work is related to the Endpoint Attachment Protocol (EAP) and RADIUS, but focuses on what is termed "posture assessment", where "posture" is the device’s current state of operating system patches, Firewall state, and similar, and where the assessment checks this state against a set of policy rules.]]> 1143 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-65-review-ipv6-host-mobility/ Sun, 07 May 2006 17:58:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1145 Mobility for IPv6 WG (mip6) The mip6 WG focuses on enhancing the Mobile IPv6 base protocol with functionality required for a large-scale deployment. These enhancements will include mechanisms for bootstrapping the security associations between Mobile Node (MN) and Home Agent (HA), improvements for HA reliability, or support for MNs changing their home addresses. Beyond that the WG will draft problem statements concerning issues with firewalls, deployment in IPv4 networks and multicast. The bootstrapping design team has completed its work, specifying two scenarios. In the split scenario the mobility service is authorized by a different service provider from the network access provider, and the HA address discovery is performed using the DNS. In the integrated scenario the mobility service and access providers are the same and the HA address discovery is done by using DHCPv6. For the split scenario an external review by DNS and IKEv2 experts has been proposed for optimizing solutions for DNS home address update and home prefix advertisement. During the IETF 65 meeting, the goals for the AAA-HA interface were presented. This would be sufficient for the split scenario. The integrated scenario requires an interface between AAA and NAS. It has been recommended to broaden the scope of this document to cover both, AAA-HA and AAA-NAS interfaces. Standardization of these interfaces is expected to happen within the radius and/or diameter WGs. Another work item for the mip6 WG is the Dual Stack MIPv6 (DSMIPv6) document. This document allows the use of MIPv6 only for dual stack nodes, i.e. to eliminate the need for two simultaneous mobility management protocols. Several issues were discussed during the meeting including the use of a new keepalive mechanism (as opposed to the binding updates only) and the message formats. The WG has recently established a new design team to investigate HA reliability. MIPv6 Signalling and Handoff Optimization WG (mipshop) The mipshop WG focuses on defining optimizations for Mobile IPv6 signalling and handoff performances. The WG has published the specification for Fast Handover for Mobile IPv6 (FMIPv6, RFC 4068) and for Hierarchical Mobile IPv6 (HMIPv6, RFC 4140) and has been recently re-chartered to cope with further optimizations related to IP mobility. The new charter includes two main topics. The first one is related to the previous charter: the mipshop WG will continue to work on HMIPv6 and FMIPv6 in order to prepare their publication as proposed standards. The new charter includes some activities that are related to the IEEE 802.21 Media Independent Handoff (MIH) working group. Mipshop will define the mechanisms to deliver MIH services information through a “layer 3 or above” protocol. During the IETF 65 meeting, three Internet-Drafts have been presented concerning MIH: one presentation dealt with the problem statement and two other presentations were related to the requirements for Handover Event/Command Services and for Handover Information Services. None of these drafts has been accepted as WG item and the WG is still discussing the scope of the detailed work. A security solution for HMIPv6 was presented : the solution is based on SEND. Naturally, the solution assumes that the MNs use IPv6 stateless autoconfiguration and SEND and does not need any AAA involvement. A solution for FMIPv6 security was proposed: an AAA exchange is used by the MN to request a key from the home AAA server to be shared with the access router (AR) in order to protect the FMIPv6 Fast Binding Update. At the end of the meeting, there was some discussion on adopting some Internet-Drafts as WG items; in particular, RFC4068-bis and other proposals based on AAA and SEND for FMIPv6 security and other FMIPv6 related drafts (FMIPv6 over foo). The consensus call for WG adoption is still on-going in the mipshop mailing list. Mobile Nodes and Multiple Interfaces in IPv6 WG (monami6) The monami6 WG focuses on producing problem statements and specifications addressing issues related to simultaneous use of multiple IPv6 addresses on mobile hosts or routers. These multiple addresses could be assigned to a single or multiple interfaces. Furthermore the WG will investigate flow bindings (mechanisms, to bind a certain flow to one of the MN’s care-of addresses). An update of work on using several care-of addresses for Mobile IPv6 was presented. This solution was extended to allow the registration of several care-of addresses within a single bulk registration. In case the MN has multiple interfaces, it has to de-register all its registrations if one of its interfaces attaches to the home network. As a next step security considerations will be added to the draft. A new draft on flow binding was presented. Currently Mobile IPv6 only allows binding of all traffic to a single interface. The intention of this work is to achieve a finer granularity of flow binding on interfaces. A new rule identification option is included in Binding Updates and Binding Acknowledgements that specifies which flows should be bound to which care-of address, and consequently to which interface. A flow in this context follows the definition in RFC 2460. It should be possible to add or remove a flow from a certain care-of address. This functionality could be used for splitting the MN’s traffic received from the HA, the Correspondent Node (CN) or the Mobility Anchor Point (MAP). Network-based Localized Mobility Management WG (netlmm) One could distinguish between global and localized mobility management, whereby the latter is focusing on mobility management within access networks. The netlmm WG will design an IPv6-based, link-layer agnostic protocol between Access Routers (ARs) and the Mobility Anchor Point (MAP) in the access network, which handles localized mobility aspects on the network side transparently to the mobile host. The netlmm WG had its first formal meeting during IETF 65. The requirements draft for netlmm will be renamed into "design goals", and will remove the gap analysis section, which briefly discusses other mobility management approaches and their gaps in meeting netlmm requirements. The draft on netlmm threats will focus on covering threats to the MN-AR interface. Threats to AR-MAP interfaces are considered to be easier to solve, and are therefore not part of this work. A design team has been established to work on the required protocol design. It is planned to have a first version available IETF 66 in July 2006. This protocol design should cover components such as MN identifier, dynamic MAP allocation, message types for location updates between AR and MAP, message transport (control plane), security between AR and MAP, address assignment for MNs, support for any IP version, data plane transport, AR-MAP reachability detection, or AR handover. The design won’t consider components such as the MN-AR interface, inter-MAP handover, fast handover, or hierarchical MIPv6. So far the design team has not yet decided on a specific protocol for netlmm. In addition to the protocol designed for the AR-MAP communication the WG also adopted work on the interface between MN and AR. This informational work will illustrate the use of existing protocols, such as SEND, IPv6 ND or DNA on this interface, but won’t specify any new functionality. Protocol for carrying Authentication for Network Access (pana) The pana WG focuses on defining a protocol that allows clients to authenticate themselves to the access network using IP protocols. The WG has already published the requirements for the solution (RFC 4058) and a threat analysis and the security requirements (RFC 4016). Currently, the pana protocol specification is in IETF last call, together with the pana framework document that described how the PANA protocol can be applied to different deployment scenarios and can interwork with other IETF protocols, such as IP address configuration protocols (e.g. DHCP and IPv6 stateless auto-configuration). Another WG draft is quite close to submission as RFC: the pana-ipsec draft specifies how the PANA protocol is used to bootstrap an IPsec security association between the client and the network in order to protect data exchanged over the wireless link. This document is currently under AD review. During the IETF 65 meeting, an update for the use of SNMP in a pana environment has been provided: the document specifies how SNMP is used between the PANA Authentication Agent (PAA) and the Enforcement Point (EP) in order to install policies that need to be applied to the traffic sent and received by the client. The draft is fairly stable and a WG last call will be issued; in addition an external review by SNMPv3 experts has been proposed. Handover and Application Keying and Pre-authentication BoF (hoakey) During IETF 65 the hoakey BoF had its first meeting. The scope of the BoF was quite broad and included the definition of mechanisms based on the Endpoint Attachment Protocol (EAP) to derive keys used during handover events, and solutions based on EAP to derive keys that can be used by other applications in order to bootstrap these services in a more efficient way (i.e. in order to avoid performing multiple EAP authentications with the same EAP server). Mechanisms to perform pre-authentication for network access were also included in the BoF proposal. Concerning the topic of handover keys, a problem statement draft has been presented; the idea is to apply the concepts defined in the EAP key hierarchy to the case of an MN that changes the point of access to the network, resulting in a change of Enforcement Point or Authenticator. The scope of the proposed charter is not to extend EAP or the EAP key hierarchy, but to provide a model for handover keys, defining the entities involved and how handover keys are derived. Concerning the application keys, another problem statement has been presented. There were several concerns regarding the way the application keys should be defined and handled. The problem statement itself has not be considered clear enough to proceed with the work: as an example, in several deployments the identities and credentials used for application authentication are not the same for network access authentication and this prevents to leverage on the latter to perform the former. Finally, a problem statement about pre-authentication for inter-technology handover has been presented. The scope of this work does not include proactive IP address assignment that can be performed through other mechanisms; the idea is to proactively perform pre-authentication to neighboring authenticators in order to decrease the interruption time when a handover occurs. The proposed charter aims to investigate the requirements for a pre-authentication protocol and the impact of pre-authentication procedures on current AAA protocols, such as RADIUS or Diameter. Acknowledgement: Writing this review has been partially supported by the European Commission FP6 IST ENABLE project.]]> 1145 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-evolution-of-an-internet-standard/ Sun, 07 May 2006 18:01:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1151 ¹. However that’s probably pretty dry material to all but the most dedicated of standards aficionados. The IETF ethos is one that espouses practical sense: "rough consensus and running code" offers a very pragmatic perspective on the standards process. So in the same spirit of taking a practical perspective here, perhaps the best way to describe this process is to follow the path of an individual document as it progresses through the IETF process. I’ll use the document describing the 4-Byte AS number specification, for no other reason than it is a document that the author is relatively familiar with and it appears to have a background that is relatively typical of the IETF process.

Steve Crocker CEO of Shinkuro Inc.: "The most important thing for the IETF to do is to continue to organise and manage itself to develop the highest quality technical work and to do so in an efficient and open way that is inviting to new people. I have a very special place in my heart for the IETF. It is creating an entirely different world and some of the things that come naturally out of the IETF are fairly radical from a principle point of view: We have no membership. So, we have no way to restrict ourselves. That also means we cannot have votes. Making decisions by ‘rough consensus and running code’ turned out to be remarkably effective."

Step 1 – Understanding the Need The IETF does not generate standards upon a whim (or at least not very often!), nor does it do so to meet some annual production quota (or at least that’s not the intention!). Internet Standards produced by the IETF are intended to address a practical need where a standard specification can assist both vendors and consumers of a product or a service to be assured that a standards conformant implementation will undertake certain functions in a known manner, and that, as appropriate, implementations of the standard specification from different vendors will indeed interoperate in intended ways. The first step in the IETF’s process is one of reaching a reasonable common understanding of the requirements that the work should address. At times the exposition of the requirements is undertaken during the process of formation of an IETF Working Group, and the requirements are aired in the formative Birds of a Feather (BoF) sessions at IETF meetings. At other times the discussion of requirements may happen within an existing Working Group (WG) as part of a proposal to adopt a specific work item into the scope of the WG’s activities. Also at times WGs have been formed solely to produce requirements, with the intention to pass these requirements to other WGs for subsequent activity. And, of course, at other times the requirements are gathered into the IETF from exposition of the topic in other venues. No matter what the path, the essential question that should be answered is "just what problem are we solving here, and why does this problem need to be solved in this venue?" In the case of the 4-Byte AS Number work there was no IETF-generated requirement specification that was passed to the Inter-Domain Routing WG. This was a case of a need being expressed through other studies and being bought into the IETF. In the late 1990′s a number of studies of the inter-domain routing space indicated that the consumption of AS numbers was exhibiting clear exponential growth trends, and that exhaustion of the existing AS number space could occur by 2005 if those trends were to continue. This was the subject of presentations to the IETF on routing in the late ’90s. The form of introduction of how to address this problem into the IETF followed a relatively traditional path in the form of an individually submitted Internet-Draft draft-chen-as4bytes submitted by Enke Chen and Yakov Rekhter in September 2001. In reviewing this draft some years later, it is interesting to note that the draft addressed the relatively straightforward specification of an expanded AS number field in the BGP protocol as the result of a capability advertisement. The motivation for the proposal is not considered in the draft, and is a common convention in Internet-Drafts. The document notes a potential problem with transition from the shorter existing AS number space to this larger 32 bit number space, but does not address how such a transition could be supported. It also does not explain in any detail what may happen if the local routing domain is using a 4-Byte AS number when it attempts to initiate an eBGP peer session with a BGP speaker that does not recognise such 4-Byte AS numbers. So what we have here is the genesis of an idea, but one that clearly has to be refined. Step 2 – WG Admission The next step in the IETF process is to place the work item into the agenda of a WG. One option is the chartering of a WG to look quite specifically at a particular item of work, and such decisions to charter a dedicated WG are made by the IESG. The IESG decisions to charter WGs are generally based on their assessment of the level of support from the IETF to take on the work, the degree to which the work fits within the chosen scope of the IETF’s activities. Also taken into consideration is an indication of the feasibility of the proposed activity, and the extent to which there are a sufficient number of individuals who are keen to actually do the work. Of course not every work items generates its own WG, and a more common path is to integrate the work into an existing WG. This is conventionally signalled by the adoption of an individually submitted Internet-Draft as a WG document. Adoption of a draft by a WG involves a shift in the status of the document, in the document is now a WG document and revisions to the document should reflect the rough consensus of the WG. In the case of the 4-Byte AS draft, the document was accepted as a WG document in 2001 by the IDR WG. This was based on the charter of the IDR WG to standardize and promote the use of BGP-4. The transition to a WG document also saw considerable refinement in the document of the transition case, where the local routing domain is using a 4-Byte AS number when it attempts to initiate an eBGP peer session with a BGP speaker that does not recognise such 4-Byte AS numbers. This initial WG draft draft-ietf-idr-as4bytes-00 describes the dual translation and tunnelling techniques that form the core aspect of this work. Step 3 – WG Refinement Once a document is adopted by a WG there is an iterative process of document refinement and WG review to successively refine the document to reflect the WG’s considerations. The intended purpose of these open peer review cycles is to ensure that the document is peer reviewed, that it reflects a shared understanding of the space, that the specification is neutral and unbiased, that it is useful to the Internet, that it reflects a rough consensus of being of high quality, and that it is a feasible and practical approach to addressing the topic. When to complete this iterative process is normally signalled by a WG Last Call on the document. The judgement call of whether a WG Last Call has reached a rough consensus of the WG is one of the roles of the chair (or chairs) of the WG. The 4-Byte AS document was refined as part of the iterative process a number of times. The initial revision (version 1, February 2001) included specific consideration of the transition mechanism where AS Confederations were being used. Version 2 (April 2001) of the draft included an IANA Considerations section relating to the BGP Capability code point assignment, and BGP Type Code assignments for the new structures introduced in this draft, as well as the assignment of an AS number to be used in the transition phase. Version 3 (May 2001) appears to offer some minor grammatical changes to the draft. Version 4 (September 2001) appears to also offer only minor changes to the grammar and appears to be a token holder for the work to ensure that all references to the work are not lost on the 6 month expiration cycle of Internet-Drafts. Versions 5 (May 2002) through to 10 (July 2005) appear at regular 6 month intervals and have no substantive changes at each iteration. WG documents need volunteer input in order to progress, and in some ways the IETF is no different to any other organization with limited resources – the organization tends to focus on the most pressing needs of the day. In this case, once the Internet bust exerted its influence on the industry the consumption rate of AS numbers slowed dramatically, and the predicted point of exhaustion of the existing number pool pushed outward to around 2011 – 2013. The urgency in defining a solution to this problem dissipated and the work on this document slowed down as a result. Following the circulation of revised expiry projections and the need to undertake considered planning to assist in the transition issue, in mid-2005 the topic was revised with some external impetus of revised projections concerning the exhaustion of the 2-Byte AS Number space and the need to undertake preparatory activities in a planned fashion. Version 11 (September 2005) reflected some grammatical changes to get the document ready of a Working Group Last Call, as well as a more informative Security Considerations section. Following the Working Group Last Call a further revision of the document was published (version 12, November 2005), including some changes to bring the draft to the current levels of Internet-Draft format and content guidelines, with the inclusion of an Introduction section, use of terms as defined in RFC 2119, and the addition of text relating to proxy aggregation conditions in transition, and explicit text to describe the reconstruction of the 4-Byte AS path. The IANA Considerations section was expanded to include the creation of the larger AS Number registry. On November 12, 2005, the document was passed from the IDR Working Group to the Routing Area Directors, with the request that the document be published as a Proposed Standard. Step 4 – Implementability and Interoperability One of the hallmarks of the IETF’s standards process is to stress the importance of useful and practical standard specifications. The conventional manner in which this is assessed is the evaluation of the functionality and interoperability of two or more independent implementations of the specification. Such an assessment is recorded in the production of an implementation report. Reports that have been prepared for the IETF for various standards can be found here. These documents record the implementation of an IETF protocol specification, those parts to the specification that were implemented and any aspects that were not implemented. They also document the outcomes of interoperability tests, and may include an assessment as to what extent the specification is sufficiently well phrased such that implementations that faithfully follow the specification will indeed interoperate correctly with other implementations. Formally within the IETF Standards Process this requirement of documentation of implementations and their interoperability occurs when a specification moves from Proposed Standard to Draft Standard in the Internet Standards Process. However, a cursory glance at the RFC collection reveals 1,302 Proposed Standards, 119 Draft Standards, and 104 full Standards. The pragmatic observation is that much of industry that uses standard specifications are happy to work off the IETF’s Proposed Standards, and there is generally little motivation to move any document through the next steps of the IETF Standards Process to a Full Standard. This implies that the formal steps of review of implementations and their interoperation is missing for many of the IETF’s protocol specifications [Editors note: The IETF newtrk WG is looking it this issue]. Each Area of the IETF has some discretion as to how it manages its part of the Standards Process, and the Routing Area has determined to address this issue of the extensive use of Proposed Standard as the stopping point for specifications by adopting the procedure that publication of Routing Area Proposed Standard documents should be accompanied by implementation and interoperability reports of the specification. In the case of the 4-Byte AS work the report was published as an Internet Draft in September 2005 as an individual submission to the internet drafts editor (draft-huston-idr-as4bytes-survey), documenting two implementations of this draft and their interoperation. Step 5 – Publication The next step in the process is the handover from the WG to the IESG publication process. The first step is the handing of the document from the WG to the Area Directors as a publication request. This is the current state of the 4-Byte AS draft, which is currently marked as "publication requested". Normally within a week or two the document will have been reviewed by the Area Directors and placed on the agenda of the next IESG meeting. The role of the IESG is to conduct a review of the document and include in that review an IETF-wide Last Call for publication of the document. It is not unusual for a document to attract some substantial comment at this step. Formally this is the point in time where the document is subjected to a broader review that includes "cross-area" consideration, and it is often the case that the document needs to resolve issues related to their impact on related technologies and their interoperation. It is not unusual for the document to be passed back to the working group for further consideration at this time to resolve these review comments into the document. At some point the process of iterative review will reach a conclusion. The document is ready for publication, and is handed over to the RFC Editor for copy-editing and markup into a consistent document format . The document is also checked by the IANA, to ensure that any necessary protocol parameter registries are in place. The authors are consulted on any changes made to the document during this copy-editing phase, and then, once the authors’ permissions have been obtained, the document is published as an RFC.

Wouter Wijngaards developer at NLnetLabs (Newcomer at the IETF): "To meet the people was the most important thing for me. That was really essential. I had a chance to meet people that I would normally only communicate with via e-mail: people who wrote the specifications for the software I am currently working on (NSD), people who use that software and people who are DNS experts and I could get advice from. I think the software I am writing will be more interoperable after having been at the IETF and having spoken to all these people."

Step 6 – Use and Experience At the same time others are making use of the specification in their line of activity, producing implementations of the technology or considering how such a technology could be used within their particular environment. In this case the suppliers of BGP implementations are consumers of the 4-Byte AS specification, as they will inevitably be asked to provide this capability in their product. In addition, the Regional Internet Registries have an interest in this topic, as they will have to undertake a role of supply of these larger AS numbers, and need to coordinate this supply with availability of BGP implementations that will be able to manipulate these larger AS number fields. There are also implications in the area of documentation, training and supporting material that need to reflect the issues associated with the transition into the larger number space. Some Observations This production of an Internet Standard is neither a particularly fast, nor a particularly slow process. As needed, the document review process can be relatively fast, and RFC documents have been produced in timeframes of months, rather than the years taken in the example we have followed. On the other hand, when urgency is not a critical consideration, then the process can take on a more deliberative momentum, and, as with the example we’ve followed here, the process may take some years. Perhaps more worrisome than the issue of timeframes is that we’re continuing to condense the process of review and collapsing much of the role of Proposed Standards in the later stages of the Internet Draft, and Proposed Standard documents are becoming a surrogate form of Full Standard these days. The implications to the IETF’s ethos of running code as an essential criteria for its documents are certainly a valid consideration as a result, as is the consideration of the utility and clarity of the IETF’s documents. But, of course, every organization evolves to meet changing needs and roles, and the IETF is no exception to this. What constitutes an Internet Standard may change over time, and the process for generation of such standards may also change over time, but I for one would hope that we continue to ensure that its not just the process that counts, but that the outputs continue to be useful to the Internet at large. [Editors Note: For a more detailed description of the 4-byte AS number specification, see the recent issue of IPJ: www.cisco.com/ipj 1.) This document now is 10 years old, and not unsurprisingly certain aspects of this document have been revised due to the changing landscape. The updates to this original specification can be found in RFC 3932, The IESG and RFC Editor Documents: Procedures, RFC3979 Intellectual Property Rights in IETF Technology and RFC3978 IETF Rights in Contributions.]]> 1151 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-lixia-zhang-professor-computer-science-department-ucla-member-of-the-iab/ Sun, 07 May 2006 18:04:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1154 Question: Lixia, you attended the first IETF Meeting. How did you get involved in the IETF? Lixia: I was at MIT working with Dave Clark. He was the first IAB chair from 1981 – 1989. That were exactly the same 8 years I was at MIT as his graduate student. There used to be a few meetings every year with the whole network team in the same room. As the community was growing large, around 1984 or so Dave Clark and Berry Leiner decided to break up to different groups. They were called Task Forces. I recall initially there were 10 Task Forces. Among the 10 one was called GADS (Gateway Algorithm and Data Structure), and Dave suggested that I participate in GADS. GADS held the first meeting in January 1985, but we only met a few times before GADS split up. From the beginning there were two kinds of competing agenda items. Some people were mostly interested in talking about blue-sky research, but some other people were more worried about burning issues in the operational network. During the last meeting in 1985, it was decided to split the group into two: one was called Internet Engineering Task Force (IETF). The other one was called Internet Architecture Task Force (INARC). INARC met seperately for 2 or 3 years before it vanished. But the IETF kept growing like a snowball. As I can tell, the only one of the original 10 Task Forces that still exists today is the end2end group, though it is no longer called a Task Force, but End-to-End Research Group, now under the Internet Research Task Force (IRTF). Question: What kind of roles did you have during all these years at the IETF? Lixia: Since the beginning I have always been part of the IETF, or more accurately the IETF has always been part of my life. In the early days I worked on routing issues. There was one closed WG under IETF: Open Routing WG. Routing is recognized as a fundamentally difficult problem since day one. Bob Hinden who was also at the first IETF meeting (see interview with Bob Hinden) chaired this Open Routing WG. We had around 10 or so people and met for a few years, trying to work out a new routing protocol for the Internet but didn’t get there. In the meantime BGP had been developed. My thesis was on a different topic: today one would call it Quality of Service (QoS) across the Internet. I also did some work on transport protocols, mostly TCP performance studies. My first published paper (which got SIGCOMM Best Student Paper Award) illustrated some defects in the original TCP retransmission timer settings. Phil Karn invented a fix (about how to set the retransmission timer upon timeout) and that is the way TCP timers work today. I was also the first to observe the traffic dynamics resulted from TCP’s slowstart congestion control. For some early IETF meetings I was the only woman and also the only graduate student. It was a very small research community, and was especially difficult for a foreign student to get in (Mike StJohns has some stories to tell about me here). I feel so lucky, being at the right place at the right time. All my life I have been lucky. Many people asked me how I got admitted to MIT. Well, God blessed me. Around 1990 the ARPANET disappeared and the Internet became operational. That meant we did not have a playground anymore to test new things. So DARPA set up a small testbed, called DARTNET, and we used it to test out bunch of things, IP multicast, voice & video over IP, and also various packet scheduling algorithms. I recall at a scheduling algorithm bakeoff on the DARTNET, Andrew Heybey (a supporting staff for Dave) had to manually log into each router on the DARTNET to change the settings from one algorithm to another. Dave commented that “We need an automated Andrew”. So I worked out a signaling protocol, which later turned into RSVP. Since late 90s I came back to work on routing again: looking at the global routing infrastructure, the dynamics, the scalability, and especially security. Question: At some point you got nominated on to the IAB? Lixia: The first time the IETF was still a relatively small community. I did a few pieces of work, my name got known. I was on the IAB from 1994 to 1996, only for one term, because I changed job and started teaching at UCLA in 1996. Last year, I got nominated to the IAB again. This time, the job on the IAB is fundamentally different than it was 10 – 12 years ago. Not only the community grew significantly, also the problem space has expanded enormously. There are more open issues, more challenges that we have to face. Question: Do you mean the protocols and technical issues or also organisational and process issues. Lixia: Both, the process and the vision. Where are we heading to? Fundamentally, what are the problems we are facing? In terms of process, but also in terms of solutions we are developing. Are we developing the right solutions? How do they work together? In the early days we used to know how every protocol works, and actually read almost all the RFCs. But pretty soon that was not possible anymore. The overall Internet has become such a complex structure that not one person can see all the pieces. And I believe this is just nature.

There is one short article by J. Haldane, titled “On Being the right size”. It was written almost a hundred years ago by someone studying Biology. He is saying that for a small insect the body structure was very simple. However, when you look at anything big – in that case he was looking at animals – the body is a lot more complex. There are many more organs. And it is not because it wants to be complex, but the complexity comes with the size. One simple example: Lots of small insects actually suck in oxygen through the skin. When the insect grows, the skin grows with the square of the size, but the body weight grows with the cube of the size. Therefore the amount of oxygen needed by the body grows faster than the skin surface. So parts of the skin was sucked in and became the lung to increase the area that can absorbe oxygen.

I think there is a analogy here, even if it may be a remote one: When the network gets bigger, we get more applications, more users, more vendors, more operators, more protocols, more of everything. This is good, but it clearly makes the whole system more complex. In the old days we had three applications for a number of years: e-mail, ftp, telnet. Then the search engines started (archie, gopher). Then the web came and everything exploded. I think there are two parts of complexity: when things get bigger, they necessarily have more parts. But there is another side of complexity: when a system is already huge, it is more difficul to design new components, to get it right. And lack of a complete understanding leads to overlapping and incompatible pieces, make the whole system more complex than necessary. I am afraid the latter is what we often see today. As we developed more and more protocols, the network became very complex which makes it harder to understand. I believe we need a better way to see the overall picture insteadd of only focusing on individual parts of the network. A big Internet also makes it more important to develop a vision. With a small system, if we were slightly off track, we would say ‘ooops, lets readjust’, and you could actually do it. But once the system is huge, it is much harder to adjust. Big systems have big inertia, that’s why it’s hard to turn. So I believe that today, more than ever, it is essential to have a clear vision. The network is this gigantic thing moving along that we have to steer it in the right direction, because any slight turn would take very long time and tremendous effort and cost. That is one of my tasks on the IAB: to do my best to understand where the whole thing should be moving to. And how to nudge the community to move in that direction. Finally I would like to make one more remark: at the first IETF I was a graduate student. I felt that I had so much to contribute. I got lots of great ideas. As years go by, I have better appreciation of how much I can learn from this community. Now, everytime I come to the IETF Meeting, I learn from others. That really changed totally for me: Now, I feel how little I know. As a graduate student, I felt how much I know .]]> 1154 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-steve-crocker-ceo-of-shinkuro-inc/ Sun, 07 May 2006 18:04:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1156 Steve Crocker is also a Trustee on ISOC’s Board of Trustees and Chair of ICANN’s Security and Stability Advisory Committee. It’s a pleasure to be here and to talk about the IETF on its 20th anniversary and to reflect on the IETF as an institution and the whole process of creating protocols. My perspective is necessarily affected by having been part of the very earliest protocol design processes for the beginnings of the ARPA net. It was a deliberately unorganised process. There was no formal or official organisation to the process of designing the protocols or what the different labs would do with the network that was handed to them. The initial organisation, we called ourselves the Network Working Group, consisted of 6 to 10 people. We then quickly grew to 30 people and then to 50 people. It was getting out of control and we had to bring some structure to it. Eventually we had to form two or three tracks, so that not everyone was working on the same thing in the same room. That process and the creation of RFCs, all which is now embodied in the modern IETF that has started 20 years ago, is an incredible success! An unbelievable success! One can take issue whether the technical designs that emerge out of that process are the best possible, but it is far more important that they actually come into existence by a process that is open — architecturally open, politically open, that new people come in regularly, that the results are distributed free of charge around the world to everybody. The enormous power of those very simple concepts is very hard to convey to people who have not experienced them. The Internet has become important on the world’s stage. We are having Internet Governance discussions and meetings and a very large number of people are discussing the future of the Internet who have no clue as to what the Internet is except that it is important and that they have to be involved. This is a potential danger of loosing track of the essential goodness of the processes embodied in the IETF. Of course any structure goes through a natural aging process and is no longer the same as it was at the beginning. The same is certainly true for the IETF. It is bigger and more difficult to navigate through than it was at its beginning. I think that is one of the challenges that has to be faced by the IETF and I think we are addressing them. When the IETF started 20 years ago, I was not paying close attention to networking issues, but shortly after that I did get involved. The first IETF meeting I attended was in Florida. Phill Gross chaired the IETF and had formed the Internet Engineering Steering Group that consisted of the various directors of the IETF areas. He had decided to start a security area. I had done a fair amount of work on security issues at that point and was asked to take on the job of the first security area director. This was a very exciting process. It was immediately clear to me that security was a cross-cutting issue, so rather than dividing the space up in parallel with each of the other areas, I wanted security cut across the areas in addition to having its own content. Therefore we formed the Security Area Advisory Group (SAAG) with the intention of providing people who understood security issues to be available to help other areas and assist other WGs. That was in fall of 1989. Now, sixteen and a half years later, the IETF has considerably expanded and is moving along quite vibrantly, and the IETF is recognised as an important force. Question: where do you think it is going with the network and with the IETF? Steve: well, for the network, it is always been clear exactly where it is going (laughs). Seriously, we are in the midst of the convergence of voice and data and that is challenging the infrastructure of the telephone companies. There are huge commercial interests in the basic technology, but even more so in content delivery and control of content. The most important thing for the IETF to do is to continue to organise and manage itself to develop the highest quality technical work and to do so in an efficient and open way that is inviting to new people. I have a very special place in my heart for the IETF. It is creating an entirely different world and some of the things that come naturally out of the IETF are fairly radical from a principle point of view: We have no membership. So, we have no way to restrict ourselves. That also means we cannot have votes. Making decisions by ‘rough consensus and running code’ turned out to be remarkably effective. There was never a desire to restrict participation, for instance by introducing membership rules. There was never a thought about having organisations have control as opposed to individuals contribute and their contributions be judged by others by the merits of what they say as opposed by their position in an organisation or authority. The merit of that approach was understood pretty early. I believe that this is one of the important contributions on top of the developed technology that has affected all of us and has transformed the world. This very egalitarian idea of dive right in and make your contribution.]]> 1156 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-scott-bradner-university-technology-security-officer-at-harvard-university/ Sun, 07 May 2006 18:06:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1159 Q: How did you get involved in the IETF and what was your first IETF meeting? Scott: I knew Jeff Schiller at MIT for a number of years in conjunction with the NSF network and NEARnet (the regional NSF-connected network in the Boston area). He suggested I get involved in the IETF. I had never heard of it before. So, I got on some mailing lists and found it interesting. The first IETF I attended was at Tallahassee. The first WG meeting I attended at that IETF meeting was the DHCP WG. Ralph Droms was the chair. And I could go to one of their meetings this week. Ralph Droms is still the WG chair and the WG is still working on some of the same issues. Q: How did you become a WG chair yourself? Scott: Yes, I had met Phil Gross, the IETF chair at that time, at MIT. He knew that I was doing performance test of routers and switches. He approached me about setting up a WG on creating a termonology and a set of procedures for performance testing of network devices. So, I formed and chaired the benchmark methodology WG (BM WG). That WG is still going on. It is been running along at a regular pace, producing RFCs ever since. And the RFCs are in wide use for performance testing of routers and switches. Q: And then at some point you became an area director (AD). Yes, I was nominated for the position of Operational Requirements area director. In those days that was separate area to create a feedback loop for standards. A standard gets created and then there would be this special group at the IETF, primarily the operators, who would comment on how easy or hard it was to actually run the standard. It that meant as feedback to the standards process, so that the standards developers could figure out what they should change or what needed to be added in order to make the standard useful and operatable.

The most interesting WG I have ever been an AD for, was in the operational requirements area and that was CIDR Deployment (CIDRD WG). It was the most contentious and rambunctious WG I have ever seen and it was fantastic. There was a lot of involvement. Some of it very heated. A lot of religious discussions on whether you actually needed to aggregate routes or if this was all a plot to save a certain router vendor. It was a very involved group and there were a lot of operators which we do not have enough of in the IETF these days. I believe we did a lot of good in that WG. But the mailing list and the meetings were contentious enough that many of the other ADs and the IESG at the time felt that it was out of control. I knew it was out of control, but I thought it was OK. But the other ADs got me close the WG which I didn’t really wanted to do, but at that time we did not have the concept of a long-running WG. OK, I mentioned the DHCP WG that ran from 1990 until now. But in general, we were supposed to have short lived an pointed WGs. And CIDRD was purposely an open-ended WG and most of the WGs in the operations requirements area were purposely open ended, because we did not know when the development would finish. But the argument the IESG used at the time was that the idea of having an open-ended WG that doesn’t have clearly defined milestones was somehow abhorrent, so I had to close it down.

Today there are not enough operators at the IETF, so we do not have a good feedback loop for our standards. The biggest example was SNMPv2 (Simple NEtwork Managment Protocol v2). That actually caused a structural change in the IETF. SNMPv2 was SNMP with security; Unfortunately the security was so complex that normal human beings couldn’t operate it. It was too complicated and it completely failed in the market place. At that point the network management AD proposed to the IESG to merge the Operational Requirements and Network Management areas, because she felt there wasn’t enough operational experience in the Network Management area. The network management people had to create things that the operators had to be able to understand and to operate. And the operators needed to be able to implement network management. So, it seemed to be a pretty good mix. I don’t think it has work as well as we had hoped. I actually think these were really two different areas stuffed into the same envelope. The network management side is not closely enough aligned with the operational requirements side. And part of this is that we’re not seeing enough of the operators here either at the enterprise nor at the ISP level to provide good feedback. Hopefully we can fix that. Dave Meyer and other IAB members are working to get more operators to the IETF. About the time the two areas merged, I was selected by the nomcom to move over and become a director of the Transport area. The reason given at the time was that the nomcom and the community felt that some of the activities in the transport area did not take enough into consideration what operators needed to do. And I was seen as someone who had been involved in operating a network so maybe could bring some operations clue in there. So, I became a Transport area director. After I moved over to the transport areas there was a great deal of confusion about what became known as the sub-IP area. MPLS and other protocols which were dealing with configurable underneath IP requirements. Bert Wijnen and I were asked by the then chair to form a temporary area moving all the VPN technology and MPLS and some other things into a new area (the Sub-IP area) so that they would work together to find out how to deal with this configurable underlayment. Bert and I worked on that for a couple of years until I was not renewed by the nomcom and Bert continued with Alex Zinin. But before – very soon after becoming an area director at all – I was asked along with Allison Mankin to be one of the area directors for a temporary IP Next Generation area and was charged to come up with a process to determine what IPng would look like, what its feature set was and the like. That was a very interesting experience. When we were asked to take over, there were 5 proposals for IPng. By the time we actually took over, there were 3, some of them had merged. The feeling in the community was very strong amongst two of those three. And for most people it was so clear that one of them was the right answer, and that it really wasn’t necessary to have a process. So, when Allison and I stood up in Huston and said we were going to have a process and it might take 9 months to a year to do, we got quite vehement criticism from the floor that it should not take more than 3 months, because all we had to do was pick the obviously correct solution. Of course it wasn’t that easy, because they came from two different groups. In retrospect I wish we would have taken longer, but we came up with a recommendation in about a year. It was a merger of two of the three proposals. Still, it was a very instructive process to see how the individual groups believed in their own solutions and how much they thought it should be obvious to everybody involved that their solution was the right one. The IPng area was purposely temporary. The idea was to ask one transport area director (Allison Mankin) and one operational requirements area director (me) to run it and to combine all the IPng related WGs into on area and 4 years later split them up again and push them to the area they came from. At the moment I am a WG chair for newtrk and a co-chair, with Kimberly King, of the ieprep WG. The newtrk WG is trying to figure out if there is a way to make the standards process more reflect reality. The standards process is documented in RFC 2026 which describes a number of things that ought to be done that are not being done, for example: the IESG is supposed to review proposed standards every couple of years to make sure that they are still relevant. The IESG has not been doing that. Another example: We have a 3-step standards track that has been followed in the exeption rather than in the normal case (also see Geoff Huston’s 4-byte ASN article). Once something has been accepted as a proposed standard, people start implementing and using it and do not have the time and energy to go back and do the rest of the process, because it is actually not going to increase deployment or sales. Newtrk is trying to find out if there is a way to better reconcile that, either by changing RFC 2026 to reflect what we actually do or to come up with a new concept. Q: Over all these years, what do you think is the biggest change? Scott: When I first got off the IESG, I was asked what I thought of the IETF after being on the IESG for 10 years and being heavily involved in most of the process related and politically related issues within the organization. At that time I thought the light was too bright: When standing right next to a very bright light, you can’t really see very well. That is less the case now. But still, trying to see what the IETF’s impact is on the Internet, is a hard thing. You hear from outside the IETF that the IETF is becoming irrelevant and that work is being done elsewhere, whether at traditional standards bodies or other fora. But then we see that SIP (Session Initiation Protocol) is taking over the VoIP world (modulo skype), that MPLS is widely deployed, that the Internet runs on the protocols that the IETF is actively working on or has defined in the past. The IETF is an incredibly important forum for the creation of standards – and standards in the true sense: they are standards, because people use them, not standards in the false sense of the traditional standards bodies where governments say ‘you must use this specification.’ When Brian Carpenter and I went first to the ITU-T in the mid 90s to describe what the IETF was, the first question we got after presenting the IETF standards process was ‘How can you call them standards, if no governments mandates their use?’. That illustrates a fundamental difference in concept. We are certainly working on other standards here at the IETF now: IPstorage, Internationalization of Domain Names and a bunch of other things which may become extremely important in the future, or they may not. There are about 120 WGs. My gut feeling is that about 30% are working on things that 5 years from now people will find useful. And that is not a bad ratio at all. Q: What do you think will be possible future technology developments? Scott: I don’t see that much new work. I would like to see more new concepts. The question is if we as the IETF will recognize them when they are provided to us. IPstorage is the most recent big example of that: where someone came along and had a BoF and it looks really interesting. If we put storage over IP it adds flexibility. IP has shown that flexibility is much more important than efficienct performance. Flexibility has been a core feature of our path in the past and I hope it will remain so in the future. We are in the IETF right now in the middle of some quite serious discussions how we should structure ourselves going forward. The re-arrangement and re-vitalisation of the administrative structure as now an integral part of the Internet Society has been a major accomplishment, but there are other aspects of the organizational behavior of the IETF: - how we approve standards, - how we decide on what to work on, - how we understand what consensus is. These are topics we are discussing right now. We need to come to good conclusions on many of them. We don’t only need to develop good technology, we also have to have processes in place that ensure those technologies reach the market in a timely way. Scott Bradner’s functions held related to IETF (see also resume):

• Chair, New IETF Standards Track Discussion Working Group (newtrk), (2004 to present).
• Co-Chair, Internet Emergency Prepardiness Working Group (ieprep), (2002 to present).
• Liaison between IETF and ITU-T, (1995 to present).
• Member, IETF Internet Engineering Steering Group (1993 to 2003).
• Co-Director, Sub-IP Area (2001 to 2003).
• Co-Chair, Transport Area Working Group (tsvwg), (1999 to 2003).
• Co-Director, Transport Area (1997 to 2003).
• Co-Director, IPng Area (1993 to 1996).
• Co-Director, Operational Requirements Area (1993 to 1997).
• Chair, Benchmarking Methodlogy Working Group (bmwg), (1991 to 1993).
• ISOC Vice President for Standards, (1995 to 2003).

]]> 1159 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-bob-hinden-nokia-fellow/ Sun, 07 May 2006 18:07:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1161 Question: Bob, you attended the first IETF Meeting. How did you get involved in the IETF? Bob: I have been involved in this work even earlier. I started working for a company called Bolt, Beranek & Newman (BBN) that designed, implemented and operated the ARPANET. I started working there in 1978. The ARPANET existed since 1969, so it was a fairly established packet switching network. I started as a programmer. BBN had built a multi-processor system called the Pluribus and I did a lot of software development for that which was also used on the ARPANET. At that time TCP/IP was in its early stages and I worked on the project that added TCP/IP to the Terminal Interface Processor (TIP) part of the IMP. This involved replacing the original ARPANET host-to-host protocol, the Network Control Protocol (NCP) with TCP/IP. This was my first involvement in IP. That means I wrote one of the first TCP implementations. There were about 4 different TCP/IP implementations at the time. That was a lot of fun and a real challenge. I was not involved in routers yet. We called it the more research oriented group. It is funny to say this now – in hindsight, the whole thing was research. We then got responsibility for building what we called gateways (we call them routers now). I realised that the routers were going to be packet switches in their own right. This was a radical idea at BBN which believed in the ARPANET style packet switching and was ultimately evolved on X.25 packet switching commercially. They thought IP and routers were not reliable. It was real hard to get them to take it serious as a business until it was much too late for them to be a big player in the router business. I was leading the group that developed and deployed 4 generations of gateways/routers, the HW, SW, operations etc. I don’t think we had any idea what it was going to grow into. Many of the problems we still talk about today, we already had then (e.g. that the routing tables are getting too big). Of course, the scale is different. We were thinking about what happened when we got to a hundred, not hundreds of thousands or millions. But if the router couldn’t do it, it was a big problem. That was in the days where the distinction between the hosts and the routers was less distinct. We then invented this idea of interior and exterior routing to try to separate them. There was an earlier protocol and then eventually BGP replaced that. As part of doing this work at BBN – initially for ARPA and later for the Defense Data network – there were periodic meetings. It predates the IETF but evolved in creating the IETF as an activity to formalised the development of the protocols. Mike Corrigan was the first chair. Later, when the IETF became bigger and Phil Gross (the IETF chair after Mike Corrigan) decided to break it into different areas, I became the first Area Director (AD) for routing, because I had done a lot in that area at BBN. During my time as the Routing AD, we created and standardised all of what are now the current routing protocols: RIPv2, OSPF, IS-IS, BGP. It is interesting to note that some of the WGs that started then are still going on. Then I got involved in the IPng process and we worked with a team (together with Steve Deering) and developed what became the next version of IP: IPv6. That work has been mostly wrapped up now, we should probably close the WG sometime this year. I have been doing that for a long time. But I have also been doing other things: I chaired the vrrp (Virtual Router Redundancy Protocol) (?) WG and worked with a team writing the protocol. Unlike with IPv6 which is trying to solve the big problems, it is nice to work to solve smaller problems sometimes (laughs). I think the protocol is very successful, it is deployed very widely and solves real problems.

When I first got involved in the network at BBN I knew it was going to be interesting, but I had no idea it was going to create what we have today. And I don’t think many people really knew then where we were going. I think that is actually good. Because, if we had been trying to design for today or even for beyond today, we probably would have made something very complicated and it probably never would have worked.I think it was the simplicity and easy interfaces of IP and TCP and that no tight coupling between the devices was needed, that has allowed the Internet to go where it is now. It allowed different companies, different organisations and different people building things. I believe this is the only way to create not just the technical side, but also the business environment that allows this to work: in a distributed way where there isn’t one person in charge. Things that are very tightly coupled are very hard to scale. You can see that in the original way the telephone network started out. In the US and in many other countries, there was one organisation building the network, setting the standards, building the technology. The Internet never followed that model. From the start it was very distributed and flexible. That is one of the reasons why the Internet has grown and is so diverse today.

Question: Let’s look into the future. You just said, the development of IPv6 is almost done? Bob: We now need to do the operational transition which will be very hard. What originally caused us develop it, was that we were running out of IPv4 addresses. And yes, it looks like we will be running out of IPv4 addresses. It took longer than we thought, for a many reasons. It will be interesting to see if we are all able to get v6 turned on (it is actually fairly well deployed in a lot of systems). Everyone needs to think it is in their self interest to deploy it. We have the problem of the commons, I think. Question: What do you want to work on next once this is done? Bob: I am not sure yet. I have some interest in the manet WG and similar work around auto-configuration. I probably don’t want to work on anything that is quite as big as IPv6 again, at least for a while. I want to give it some time and think about what to do next. Question: Do you think there are any big issues the IETF needs to address? Bob: We still have the problem on how to make the routing work better. It was interesting to hear Dave Clark’s talk again on the big problems we have on the Internet now and 14 years ago. Already 14 years ago the big problems were routing and security! I think this is an indication that just because we know there is a problem, we don’t necessarily know how to fix it. We have been trying to make a more secure Internet for a long time and we have certainly done a lot of incremental things, but I don’t think anyone would call it secure. There is a lot of conflict between making it open and flexible and making it secure. Routing has its own challenges. The problem we are trying to solve is a lot more complicated than it was. It is not just dealing with the number of routes. It is policies, people dealing with each other in companies that compete with each other. There are many different aspects that make this a much harder problem, and I don’t think we have any tools which can make this much better. So, there will be lots to do. I am not worried that we will run out steam. People are pretty good in making things better in an incremental way. Computers will continue to get faster and have bigger memories. Q: What do you think will be the next big development on the Internet? I think there are two different dimensions where we will see lots of growth: one is of course in places that don’t have the Internet today. Parts of the world that don’t have a lot of technologies or infrastructure. That is a big challenge in many ways. It is hard to have a router or a computer if you don’t have electricity. The other dimension is the development to make everything on Internet interconnected. Instead of just having the laptops and PCs and servers we have to today, we will have an increasing amount of devices that are small or embedded. They may be self-organised but networked together. In the first case the network is getting wider and covering more area and more people. But I think it is also going to get a lot more denser with more devices on the network all the time. Building this big, complicated, very dense network where everything is networked together and everything has a potential to talk to each other and in a secure way, so it is usable, will keep us all busy for a long time.]]> 1161 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-jessy-cowan-sharp-masters-public-policy-and-computer-science-at-univ-of-maryland-newcomer-at-the-ietf/ Sun, 07 May 2006 18:08:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1163 Question: Why did you attend the IETF and how did you find out about it? Jessy: I knew about the IETF before and I found about this meeting through my interest in interplanetary Internet and deep space communications. It turns out that this topic is being pursued under the delay-tolerant networking research group and they were meeting here this time. It happened to overlap with my university break. Question: What are you studying? Jessy: I am doing a masters in public policy and I am also taking courses in Computer Science and would possibly like to do a PHD in Computer Science. I have also a grade in astrophysics and math and I am actually interested in seeing the technical side of things. Question: You were here all week. How did you like it? Jessy: It is fascinating. I am just starting to learn about networking and protocols and I found the research groups being more accessible to me. I’ve attended two research groups. For the actual IETF WG meetings you really have to be up to date about all the drafts people are writing and talking about on their mailing lists. If you have not been reading the mailing lists or have not been reading the Internet-Drafts or the RFCs it is difficult to follow. But I have met a lot of people and have been talking to them and that was really good. That might be the most useful side effect of the IETF and I heard a lot of people say that. Question: Is there anything you find particularly interesting or different from other meetings or conferences? Jessy: One of the things that attracted me to come here – which is probably a double-edge sword – is the fact that it is so focused on the working groups. That makes it interesting, because you’re actually doing work. On the other hand it also what makes it inaccessible for Newcomers, especially if you haven’t been reading the mailing lists for a while. I don’t know enough about how the IETF works to know if it might benefit from having one presentation a day summarising some topics. As a newcomer this time and as I begin to learn more over time it might be interesting to write a document for beginners that talks about the pros and cons and what the major considerations are for writing standards and protocols. Once I know more about protocols and routing and switches and all that, maybe that will become more obvious to me. But it would be helpful to have a document that talks about things like how much room they take up on a server, what kinds of resources they require, how much bandwidth they require, what the trade-offs are when designing them (e.g. they might make things work faster, but take up more memory). Maybe that sort of thing exists, but I have not seen it or maybe once I knew more, it would be intuitively more obvious to me. Question: Did you attend the Newcomers Tutorial on Sunday? Jessy: Yes. It was good and useful. I was a bit disappointed, because there were a few other tutorials I would have been interested in, but they were in parallel with the Newcomers Session. Next time I will go to one of the other ones. Question: Do you have any other comments or suggestions? Jessy: Maybe from someone who is funding her participation herself, having the meeting at a hotel that costs 170 USD a night (plus registration fee and air fare) means that even though it is open in terms of not having to have any technical requirements, it is not necessarily financially open to everyone.]]> 1163 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-mike-st-johnes-director-network-implementation-strategies-nominet/ Sun, 07 May 2006 18:09:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1165 Question: John, you attended the first IETF Meeting. How did you get involved in the IETF? Mike: In 1986 my boss was Mike Corrigan, who was the first chair of the IETF. I was working on the Defense Data Network Program along with Phill Gross. I was responsible for managing the development of the packet switches, the gateways and the terminal servers for the DDN (Defense Data Network). So, I saw this note about GADS (Gateway Algorithms and Data Structures) meeting in San Diego and decided to go. The meeting had been going on for half a day and we look up and Mike Corrigan wanders in. Mike had just come from the Internet Architecture Board Meeting where they decided to turn it into something different: the Internet Engineering Task Force (IETF). So, Dave Mills, the chair of GADS, ended up as the chairman of Internet Architecture Task Force and Mike Corrigan would take over the Internet Engineering Task Force. The original mission of the IETF was engineering. It was to look at what we were calling the Internet which consisted of the following networks: - Milnet (the military version of the ARPANET), - ARPANET, - the core gateway system, - Nasa Science Internet (NSI), - National Science Foundation (NSF) net So, the original IETF was really a place for NASA, the Department of Energy, DOD and the NSF to talk with each other about how to build networks. With Mike Corrigan as the chair of the IETF, I ended up being one of the program chairs for the first one or two meetings together with Phill Gross until Mike departed and Phill took over as IETF chair. Question: What other functions did you have on the IETF? Mike: I was on the IAB twice. I was on the first IAB after the Kobe meeting. And I was on the IAB two years ago. And I was a WG chair for 4 or 5 WGs. I have been a NomCom chair once. I was actually on the NomCom that filled 17 slots which was difficult to do. That was also the NomCom that was charged to rationalise when people’s terms ended. And we ended up having to find an Area Director (AD) for Operations & Management three times for various reasons. Question: looking back, what do you see as fundamentally different now? Mike: The IETF is a a standards body. Parts of the problem I am seeing today is that process gets in the way of technology. I am not really sure how to fix that except by screening at the entry point and then killing groups that don’t do the work. But it is hard to do. Question: You said the was initially not set up or designed as a standards organisations? Mike: No. The IETF up until meeting 8 or 9, was plenary only. There were technical presentations about what was going on on the Internet. There were no workings groups. We organised the WG structure between Austin and Hawaii. By Hawaii Phill had created the area structure that is in place today. He appointed a steering group, being responsible for various parts of the system. At the Boulder meeting we were having some interesting discussions with Jon Postel about the ability to create our own documents. We really wanted to be able to create documents and Jon wanted the RFC system to continue as it was (as the documents describing the standards). The IETF had created a document series called IDEAS (Internet Design Engineering Analysis Series. We published about 11 of them before Phill went off and had a long chat with Jon. The result was the beginning of the Internet-Drafts system. Question: What do you think will be the next big development on the Internet? Mike: one of the things about the Internet is that it was designed to be used by experts. We have gone from a benign environment where we knew everyone who is on the Internet to an environment where we have cyber-stalkers and cyber-terrorists. It is a different world. The web has changed things. I think for the good, because lots of people can get their voice out, but part of it is that we are diluting the truth. For instance, you used to be able to pick up the newspaper and say ‘Oh, I believe that’, because you trusted the newspaper etc. But there is so much stuff on the Internet, that gets picked up. Do you know what is meant by meme (A unit of cultural information, such as a cultural practice or idea, that is transmitted verbally or by repeated action from one mind to another; dictionary.reference.com). It is a memory element. It is an idea. It is an idea that can spread from person to person. Urban legends are one example of it. Polls are another example of it. Belief systems, religions. The Internet is the best system for spreading memes that we have ever seen. Before it would be newspaper and books and fiction etc. Now we have an idea popping up in Idaho and showing up in Berlin the next day. So, we need a way of inoculating ourselves against memes, against non-benign memes. So, it may be that the next thing for the Internet isn’t so much the protocols and standards, but the theory of information transfer.]]> 1165 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interview-with-wouter-wijngaards-developer-at-nlnetlabs-amsterdam-the-netherlands-newcomer-at-the-ietf/ Sun, 07 May 2006 18:10:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1167 Question: Why did you attend the IETF and how did you find out about it? Wouter: I am working for NLnetLabs and my boss told me the IETF is a place where a lot of DNS-related topics are being discussed. So, I wanted to find out what is going on in this area. Question: Is DNS your main area of expertise? Wouter: Yes, I attended all the DNS-related WGs: dns-ops, dns-ext. And WGs that deal with protocols that use the DNS for different purposes (e.g. hip, shim6, some other v6 related WGs). It was interesting to sit in those WGs, but I could better follow the discussions at the DNS WGs, because I had actually read all the current documents. Question: How useful was it for your work and your area of expertise to attend the IETF? Wouter: It was not essential to attend the WGs, because most discussions are also taking place on the mailing lists. To meet the people was the most important thing for me. That was really essential. And the WGs are a good place to see everyone who is involved in this area. I had a chance to meet various people that I would normally only communicate with via e-mail: people who wrote the specifications for the software I am currently working on (NSD), people who use that software and people who are basically DNS experts and I could get advice from. I think the Software I am writing will be more interoperable after having been at the IETF and having spoken to all these people. Question: Compared to other conferences what did you find different at the IETF? Wouter: In the past I attended mostly scientific conference. At those conferences people present information and ideas. Researchers and scientists want to explain their ideas and projects. They usually give an overview of a certain idea and may skip over some details. Whereas at the IETF the approach is different: Assume everyone has read the document, lets discuss and go right into the nitty-gritty details. And often it is easier and more productive to discuss in person rather than over a mailing list. Question: What did you like most about the IETF? Wouter: there were lots of laptops. There might have been more laptops than people. And it is a more relaxed and less formal atmosphere. Even less formal than at scientific conference. At scientific conferences people do not sing at plenary sessions. Question: Was there anything that you did not like or that could be improved? Especially for you as a newcomer? Wouter: That is difficult to say, because my boss already introduced me to things before the meeting (e.g. he told me to read the documents). I found the latter days a little boring, since I was mostly interested in the DNS related WGs, and they were all on the same day pretty early in the week. Question: Did you attend the Newcomers Presentation on Sunday? Wouter: Yes, I did and it was very useful, for instance to learn about the whole process and how decision are made (“rough consensus and running code”). I also attended the xml2RFC tutorial. It was very good. Sounded like a this is a pretty good tool. I will start using it.]]> 1167 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/calendar-3/ Sat, 27 May 2006 16:38:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1493 Summer 2006 – 66th IETF July 9-14, 2006 Host: Ericsson Location: Montreal, Canada Autumn 2006 – 67th IETF November 5-10, 2006 Host: TBD Location TBD Spring 2007 – 68th IETF March 18-23, 2007 Host: TBD Location: TBD Summer 2007 – 69th IETF July 22-27, 2007 Host: TBD Location: TBD Autumn 2007 – 70th IETF December 2-7, 2007 Host: TBD Location: TBD]]> 1493 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-65-review-wireless/ Sat, 27 May 2006 16:40:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1495

NETLMM – working on a protocol for network-based, localized mobility management

EMU – working on an update of EAP-TLS to improve interoperability and bring it to standards track, standardization of an EAP method using shared keys, and an EAP method using password databases.

In addition, there were BOFs related to mobility and wireless:

1. 16NG (met for the second time) – discussing work needed by IEEE, WiMax, and WiBro to put IPv6 over 802.16e
2. HOAKEY – discussing work to standardize the EAP application key hierarchy for handover, backend AAA work for preauthentication, and AAA key distribution for services.

In this review, we will discuss two working groups that are about done with their charter deliverables: the MOBIKE WG and the 6LOWPAN WG. MOBIKE is in the Security Area and 6LOWPAN is in the Internet Area. The MOBIKE working group was chartered to define modifications to the IKEv2 mutual authentication and key exchange protocol that allow a moving node or a node with multiple interfaces to switch local addresses without having to re-establish their IKEv2 and IPsec security associations. The protocol does not apply to IKEv1. The working group confined their work to tunnel-mode SAs, transport-mode SAs were explicitly declared out of scope. The work is expected to be most useful for VPN clients, so that they can move between wireless access points or between multiple wireless interfaces – for example WLAN and GPRS – without having to establish new security associations. Although the protocol supports use of multiple addresses on both ends, only one pair of addresses (client side, VPN-gateway side) may be used at a time. The protocol does not support dynamic load balancing between addresses. The initiator of the IKEv2 SA, typically a remote VPN client is responsible for deciding what pair of addresses to use. The VPN gateway simply tells the client what addresses it has available but does not initiate an update of the client’s IPsec SAs until the client requests it. The protocol includes two features designed to handle explicit security concerns associated with mobility and multihomed hosts. A return routability check is included so that a VPN gateway can optionally check whether the client is, in fact, reachable at the addresses it has specified. This prevents a redirection attack, in which a fully authenticated client-attacker provides addresses where another node is reachable, to which the attacker then redirects traffic. An explicit mechanism for excluding Network Address Translators (NATs) and other address translators such as IPv4/IPv6 gateways is included. This mechanism is primarily for site-to-site VPNs and other cases where NATs and other middleboxes that modify addresses are known not to be present, and any modification of the IP address can be considered an attack. The working group has produced two documents, one on design considerations (an Informational document) and another defining the protocol itself (for Proposed Standard). Both documents have passed IETF last call and are in the RFC Editor’s queue. At IETF 65, the working group discussed remaining items, principally a modification of the PFKEY interface to reduce overhead of IPsec SA movements and tunnel overhead, and a possible new item, the Bound End to End Tunnel (BEET) draft, which had been proposed as a work item initially but was deferred until the initial work was complete. The working group decided to drop the PFKEY goal due to lack of implementation interest. BEET provides limited tunnel mode semantics for IPsec ESP when the ESP security association is end-to-end, rather than end-to-middle, as in VPNs. The working group has decided to close since there was also not enough interest in continuing work on BEET. The 6lowpan WG was chartered to work on the problem of transmitting IPv6 packets over 802.15.4 low power wireless networks. These networks are characterized by a bit rate of 20 to 250 kbps in the frequency range of 900 to 2400 MHz. The link layer is almost but not entirely like standard 802.11 networks, but the range is much more limited. Also, since broadcast is expensive, it is necessary to avoid multicasting wherever possible. The deliverables for the working group were to produce a problem statement, describing why the standard default IPv6 to Ethernet binding needs changing, and a solution document, describing modifications to various aspects of sending IPv6 packets over 802.15.4 links. The problem statement document is complete, and the solution document is undergoing final discussion. 802.15.4 nodes are allowed to have 16 bit MAC addresses in order to save space in link layer frames. The solution document specifies a way to generate the interface identifier part of the IPv6 address (bottom 64 bits) using a 16 bit instead of an EUI-64 bit MAC address. Since the MTU for 802.15.4 frames is below the minimum MTU for IPv6 packets, fragmentation, and reassembly mechanisms are defined. Modifications to stateless address autoconfiguration that suppress multicast are also specified. Finally, a stateless header compression algorithm is presented to reduce the header overhead of IPv6 packets. At IETF 65, the working group discussed a few remaining items in the solution draft, and possible recharter items. Node configuration and setup for 802.15.4 nodes was discussed as a possible recharter item. The idea here is to reduce further the need for human intervention to automate connecting sensors and other non-human interfaced devices to the network. Security configuration is especially a concern. The development of a specification for layer-2 mesh routing was also discussed as a charter item. The idea would be to investigate a MANET routing protocol such as AODV and see what would be needed to adapt it to setting up Layer 2 meshes. Although specifications are available for mesh routing of 802.15.4 networks, the specifications are difficult for developers to access. Another possible recharter topic is the a set of recommendations for applications, such as service discovery or application protocols such as SNMP. Finally, working on security threats and solutions was discussed. The working group has established a Wiki as an experiment in recording discussion and design ideas that don’t end up in the working group documents. The Wiki can be accessed at http://6lowpan.tzi.org.]]> 1495 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/calendar-4/ Tue, 27 Dec 2005 16:45:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1499 Spring 2006 – 65th IETF March 19-24, 2006 Host: Nokia Location: Dallas, Texas Summer 2006 – 66th IETF July 9-14, 2006 Host: TBD Location: TBD Autumn 2006 – 67th IETF November 5-10, 2006 Host: TBD Location TBD Spring 2007 – 68th IETF March 18-23, 2007 Host: TBD Location: TBD Summer 2007 – 69th IETF July 22-27, 2007 Host: TBD Location: TBD Autumn 2007 – 70th IETF December 2-7, 2007 Host: TBD Location: TBD]]> 1499 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/editors-welcome-november-2006/ Tue, 07 Nov 2006 16:56:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1072 1072 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf-chair/ Tue, 07 Nov 2006 16:58:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1075   Approximately 1,200 people from 41 countries gathered for IETF 67, making it our third visit to the Sheraton San Diego Hotel & Marina and our sixth visit to San Diego (the first being IETF 1 in January 1986). Hosted by Siemens Networks – with additional support from Afilias, from Poland’s Computing Communication and Network Security (CCNS), from the University of Wisconsin-Madison, and from a team of dedicated volunteers – the week featured the usual mix of working group (WG) meetings, BoF (birds-of-a-feather) sessions, research groups, and formal and informal side meetings, as well as excellent wireless networking. Since IETF 66, two new WGs were chartered and 12 WGs were closed, leaving approximately 120 WGs currently chartered. In the months between the meetings, the WGs and their individual contributors produced 440 new drafts and an impressive 933 updates. The Internet Engineering Steering Group (IESG) approved 104 drafts for publication as RFCs (requests for comment), and the RFC publication queue continued to decrease. An important discussion during IETF 66 concerned the scaling problem in wide-area interdomain routing. Though not a new issue, the scaling problem is again becoming a matter of operational concern, and IETF action in conjunction with the entire technical community is required. Articles elsewhere in this journal, including the Plenary Report, discuss the issue in more detail. At the end of its 20th anniversary year, the IETF remains crucial to continued growth and innovation in the Internet. It’s worth noting that the International Telecommunication Union (ITU) Next Generation Networks program, which is regarded as a major industry initiative, is heavily dependent on IETF standards, including but not limited to Session Initiation Protocol (SIP), Multiprotocol Label Switching (MPLS), and, of course, IPv4, IPv6, and the transport protocols running over them. The IETF remains responsible for the evolution of these basic protocols and is committed to continuing their development for the good of the Internet as a whole and not for any one individual industrial bloc. As always, scheduling information for the next IETF meeting may be found here. I look forward to seeing many of you in Prague March 18-23, 2007, and after that in Chicago on 22-27 July 2007.]]> 1075 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-iab-chair/ Tue, 07 Nov 2006 17:00:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1077 The IAB held two workshops in 2006, and the San Diego technical plenary included presentations reporting on both of them. I’ll say a bit more about each of them below, but first a few thoughts on IAB workshops in general. As described in its charter (RFC 2850), a major role of the IAB is to pay attention to important long-term issues in the Internet, and to make sure that these issues are brought to the attention of the people or groups that can address them. The IAB works to fulfill that mandate in several different ways, one of which is to occasionally convene an invitational workshop. In addition to bringing issues to wider attention, such workshops aim to gather more input on an architectural topic than is represented by the IAB members’experience alone. The workshops themselves are usually limited to participation by invitees in order to allow for focused, small-group discussions. However, the only accepted formal output of the workshop is a public report, published as an RFC. As a report of the workshop, the document is a reflection of the attendees’ collective understanding at the time of the meeting – not necessarily either the IAB’s as a whole or that of individual attendees. The less formal outputs include any follow-up work attendees may pursue, including the proposal of further work within other IETF-related groups such as the Internet Research Task Force (IRTF), the IETF, and working groups. At the IETF 67 Thursday evening plenary, Loa Andersson and Danny McPherson presented a report from the IAB’s March 2006 workshop on Unwanted Traffic (see draft-iab-iwout-report). As noted previously, the IAB had organised that workshop to recognise (1) that there is plenty of unwanted traffic on the Internet today – in the form of ((D)DoS, Spam, viruses, worms, and the like; (2) that the trend is not decreasing; and (3) that the persistence of infected hosts is considerable. This is causing significant economic losses already, and that trend is increasing as well. The purpose of the workshop was to assess the state of affairs, examine existing counter measures, and collect input for action planning. The plenary presentation and the workshop report provide details of the specific findings and conclusions, but one of the main takeaways of the workshop was that there is an “underground economy” that is real and that is driving a lot of the unwanted traffic. This makes the motivation and possible remediation activities different from traditional methods for dealing with unwanted traffic: it’s no longer driven by script kiddies with nothing better to do; it is a financially motivated, illegal activity. The technology and global connectedness of the Internet are just the enablers of the effort. Further work is needed to determine what can be done to address the growing trend – and not all of itis technical work. During the same plenary session, Dave Meyer and Chris Morrow provided a preliminary report from the IAB’s October 2006 workshop on Routing and Addressing (now documented in draft-iab-raws-report). The purpose of the workshop was to explore the issues that the large backbone operators are facing regarding the scalability of today’s Internet routing system. In the report, you will find that the key workshop findings include an analysis of the major factors that are driving routing table growth, constraints in router technology, and the limitations of today’s Internet addressing architecture. In particular, an important takeaway from the workshop was that there is a need to ensure a scalable routing and addressing system in the face of multihoming and the existence for a wide spectrum of traffic engineering (TE) requirements. Scalability is typically measured in terms of the size of the default-free-zone (DFZ) routing table, but the implications are felt in terms of the computing cost of recomputing routing information in the face of updates, concerns about the Border Gateway Protocol (BGP) convergence times and the required power/heat dissipation properties of the hardware needed to route traffic in the core of the Internet. The IAB & IESG have announced plans to establish a “Routing & Addressing Directorate” that would facilitate the continued coordination and promotion of activities to analyse and address the aforementioned problems. And you, too, are invited to join the already lively technical discussion on theRAM@iab.org public mailing list!]]> 1077 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-ietf-67/ Tue, 07 Nov 2006 17:02:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1080 In its return to San Diego – city of the first IETF meeting and site of five others – IETF 67 drew nearly 1,200 participants from 41 countries. IETF chair Brian Carpenter offered a warm welcome to participants and special thanks to Siemens for hosting the event and for providing outstanding networking facilities. Together with Siemens’ staff, countless volunteers ensured excellent WiFi coverage, including in the bars and at the pool. Brian also expressed gratitude to Afilias for its sponsoring of the welcome reception. A Fond Farewell to Joyce Reynolds On behalf of the entire IETF, Brian and Internet Architecture Board (IAB) chair Leslie Daigle publicly thanked Joyce Reynolds for her longtime involvement in and contribution to the IETF. Joyce had announced in October 2006 that she was stepping down from her position with the RFC Editor team after having served the IETF community for more than 20 years. She began as an Internet Assigned Numbers Authority (IANA) staff member under Jon Postel and ultimately became coleader of the RFC Editor function. In the 10 years beginning in 1988, Joyce also organised and led the User Services Area of the IETF. At the IETF meeting in San Diego, she received an award from the Internet Society (ISOC) and a standing ovation from the IETF community. Joyce expressed her gratitude to the community, saying, “It has been a lovely ride.” Administrative Updates IETF administrative director Ray Pelletier reported that a significant budget surplus followed IETF 66 that is now expected to be returned to the IETF Administrative Support Activity (IASA) budget. Ray also announced that a request for proposal (RFP) for the RFC Editor function was issued and a letter of intent has been signed with the Information Sciences Institute of the University of Southern California (ISI), the organisation that fulfilled this function over the past years. In addition, Ray reported on the recent publication of two FAQs: The first is on the use of request-for-comment (RFC) material by third parties, and the second is on the use of the IETF logo and trademarks. In addition to that, the text for a service-level agreement with the IANA has been finalised. Ray also announced that the Web site for the IAOC has been moved to http://iaoc.ietf.org. A full report can be found there. Finally, the current chair of the IETF Nominations Committee, Andrew Lange, urged everyone to nominate candidates for open positions in the IAB, IESG and IAOC. Jonathan B. Postel Award The Jonathan B. Postel award was established by the Internet Society to honor those who have made outstanding contributions to the data communications community. For the first time since the program began, two individuals have been chosen to receive the prestigious award: Bob Braden and Joyce Reynolds, both of whom are being recognised for their stewardship of the RFC series, which enabled countless others to contribute to the development of the Internet. They each received a crystal globe and $10,000. Bob and Joyce expressed their appreciation to the community and to ISOC for the honor. The IETF and ISOC also recognised Jonne Soininen of Nokia and Olle Viktorsson of Ericsson for hosting IETF 65 and IETF 66, respectively. Open Discussion Focuses on Legal Issues, Remote Participation in Meetings Following presentation of the Postel award was an open-mike discussion, much of which was dedicated to reviewing particular aspects of the new secretariat contract and the IETF Trust. One participant expressed his interest that tools for the IETF will soon be developed through an open committee process rather than being contracted out to the IETF secretariat, as is the case now. Ray Pelletier and IAOC chair Lucy Lynch said they are working with the secretariat on an agreement for support services. “If we are not satisfied with the proposal, we will open it up” said Ray. Brian added that one of the tools being considered is a mechanism for metadata interchange between tools, which is expected to simplify the process of decoupling tools in the future. Others expressed concern that with the development of tools to support remote participation, IETF meeting revenue might decrease. However, statistics show that this does not seem to be the case. While tools that facilitate remote participation appear to be useful if meeting attendance is not possible, there is no evidence to suggest that remote participation offers the same value as face-to-face participation. IETF 67 Technical Plenary Leslie Daigle announced publication of two IAB documents as RFCs: RFC 4690 “Review and Recommendations for Internationalised Domain Names (IDNs)” and RFC4691 “Guidelines for Acting as an IETF Liaison to Another Organisation.”In addition, a number of IAB internet-drafts are currently under way. A full list can be found on http://tools.ietf.org/group/iab. Last October, the IAB held a workshop in Amsterdam on routing and addressing. A report is expected to be released shortly on www.iab.org. IAB Workshop on Unwanted Traffic In March 2006, the IAB held a workshop in Marina del Rey at the University of Southern California titled Unwanted Traffic. Danny McPherson and Loa Andersson provided a readout from that workshop to the plenary session.The purpose of the workshop was to raise awareness of unwanted traffic that is proliferating on the Internet today, including spam, (D)DoS attacks, viruses, and worms. The ratio of unwanted to desired traffic is increasing, and infected hosts stay on the Internet for a long time. The most common forms of unwanted traffic began as worms and viruses that are designed to wreak havoc on the network and that have evolved to include self-propagating malware, which compromises hosts and enables command and control infrastructure, as well as service platforms that facilitate malicious activity. New forms of unwanted traffic include, for example, Code Red (DDoS against an IP address), Blaster (DDoS against hostname), and Deloder (arbitrary DDoS toolkit). DDos was initially designed for botnet threats, but today it encompasses a multitude of functions that are, for the most part, motivated by financial gain but are sometimes also employed for political or religious purposes. Workshop participants assessed the current situation and examined possible countermeasures. One of their findings points to a huge underground economy that drives most of the unwanted traffic. This underground economy is a virtual shopping mall where one’s belongings and assets are bought and sold by criminals who use the tools developed by the Internet community. Due to the vulnerability of host platforms and a lack of education, which prevents protection, no meaningful deterrence exists. Prosecution of the criminals who perpetrate these crimes is extremely difficult, especially in an international environment. And service providers aren’t inclined to take proactive measures, mainly because few tools exist to prevent attacks and because there is no clear return on investment if they did. It was suggested that the IETF and the Internet community step up discussion on this issue and look for the right balance in terms of solutions. New cryptographic mechanisms could stem the tide of unwanted traffic but could also curtail openness and increase the network’s level of complexity. Hackers are savvy, tenacious, and highly adaptive, and it is commonly understood that they can often outmaneuver any attempts at self-defense. What can be done in the near and long term to protect the Internet?

• Tighten security of the routing infrastructure
• Clean up the Internet Routing Registry (IRR)
• Take down bots and botnets
• Educate the community
• Raise the bar on layer security

Members of the Internet technical community are encouraged to update documents on host and router requirements as well as the RFCs on ingress filtering; the IAB should continue to raise awareness throughout the community; and the Internet Research Task Force (IRTF) would benefit from becoming thoroughly acquainted with all aspects of this underground economy so that the research community can work on effective countermeasures. While the situation appears to be worsening, with growing awareness of the problem certain first steps toward effective solutions can emerge. For a full report of the IAB workshop on Unwanted Traffic, see www.iab.org. Audience response to the discussion was one of support and an understanding that effective solutions will require community effort. Security needs to be addressed at all levels, including among vendors and users and as part of the protocol design. “Even at IETF meetings, security is often an afterthought,” said Merike Kaeo. “It is not often an integral part of the protocol design from the start.” IAB Routing and Addressing Workshop The Internet’s routing system appears to be facing a set of serious scaling problems, and many backbone operators are of the opinion that none of the existing IETF initiatives provides a complete set of solutions. In response, the IAB organised a routing and addressing workshop in Amsterdam in October 2006. Sponsored by ISOC, the RIPE NCC, NLnetLabs, and Cisco Systems, the workshop brought together 38 backbone operators, hardware designers, and individuals running enterprises, many of them from the IAB, the IESG, and the IRTF. The group met to develop an understanding of the problems operators face with today’s routing and addressing system and to find ways to use that information to inform the IETF process. Dave Meyer and Chris Morrow provided an overview of the workshop material. Data suggests that current trends in the growth of routing and addressing are not scalable in the long term due mainly to the rapid growth that resulted from multihoming and traffic engineering. Unfortunately, when it comes to routing, IPv6 is not significantly different from IPv4; it shares many of the same properties and scaling characteristics. Statistics presented at IETF 67 sparked a heated debate about the actual growth curve as well as underlying assumptions, with questions being raised about whether the growth is exponential, polynomial, or linear. According to Dave Meyer, who defended those who are working on the statistics, it’s not an easy task to analyse the data, project the growth, and produce the graphs. According to the data presented, the Internet community is expected to switch on IPv6 at the same time and run it in parallel with IPv4. Not everyone agreed with that assumption, even though it is generally agreed that IPv4 will be around for a long time and that the scalability of the routing system is an urgent problem. As Peter Lothberg said, “There are things we can’t do with today’s architecture, which limits functionality for users.” Another important finding from the workshop was that the use of IP addresses for both identifier and locator is becoming problematic. Workshop participants expressed the belief that a solution to overloading may solve the mobility and multihoming problems. They also examined the trade-offs inherent in SHIM6 and GSE and agreed that long-term solutions must take into account the anticipated order-of-magnitude growth in today’s new mobile end devices. At the moment, costs and benefits in current practices are not aligned. The workshop concluded with a few recommendations:

• The problems are urgent.
• We need to reach out to all stakeholders – not just backbone operators but also content providers, enterprises, application developers, and vendors.
• Solutions must be developed in an open and transparent manner and must engage as many people as possible, including the research community.
• Interim solutions could buy time.
• A road map with next steps, intermediate steps, and long-term steps needs to be established.

Leslie Daigle assured attendees that the IAB and IESG are taking the problem seriously and will be facilitating the process; however, more input from all stakeholders and experts is needed. It is clear that unprecedented, coordinated action is needed and that more open discussion of the issues is required. Several actions are currently being considered, such as (1) creation of a group to help track the situation and monitor progress and (2) development of additional IAB workshops pertaining to this topic. Leslie encourages everyone to review the existing material atwww.iab.org/about/workshops/routingandaddressing/ and to engage in existing or propose new WGs. There is also some ongoing discussion on architecture-discuss@ietf.org. Sam Hartman reminded attendees of previous work on this topic, including a presentation by Radia Perlman, given during the plenary session at IETF 53 in Minneapolis. Bob Hinden said he was pleased that the IETF community is starting to again work seriously on routing. “The routing is not that different between IPv4 and IPv6,” he said. “When we approach this problem, we should not restrict ourselves to how we handle things today and how routers work today. We probably need to replace BGP [Border Gateway Protocol].” In conclusion, plenary attendees were asked whether they’d be interested in participating in a BoF in an effort to address the issues related to this topic. Many hands went up – an indication that the first step might be a plenary-size BoF at the next IETF meeting. All IETF 67 presentations can be found atwww.ietf.org/meetings/past.meetings.html.]]> 1080 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/reflections-on-internet-transparency/ Tue, 07 Nov 2006 17:03:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1082

Oblivious transport. A network that does not filter or transform the data that it carries may be said to be transparent, or oblivious to the content of the packet – New Arch: Future Generation Internet Architecture (PDF: 507KB)

Tussle. [The process by which] different parties adapt the [Internet's] mix of mechanisms to try to achieve their conflicting goals, and others respond by adapting the mechanisms to push back. Tussle in Cyberspace (PDF: 507KB)

In very general terms, the community believes the goal is connectivity, the tool is the Interent Protocol, and the intelligence is in the end to end rather than hidden in the network. (From RFC 1958 "Architectural Principles of the Internet")

One desirable consequence of the end-to-end principle is protection of innovation. Requiring modification in the network in order to deploy new services is still typically more difficult than modifying end nodes. (From RFC 3724 "A Rise of the Middle and the Future of End-to-End")

Although the pure IPv6 scenario is the cleanest and simplest, it is not straightforward to reach it. The various scenarios without use of IPv6 are all messy and ultimately seem to lead to dead ends. . . . deployment of IPv6 . . . is also messy but avoids the dead ends. (From RFC 2775 "Internet Transparency") There are a number of questions we should ask: How has the thinking on Internet transparency evolved over the years? What core tenets still guide us, and what new insights have been developed? Are there transparency issues that have not received enough attention? And are new potential transparency barriers being encountered? Even while the Internet has greatly expanded both in size and in application diversity, the degree of transparency has diminished. RFC 2775 "Internet Transparency" notes some of the causes for the loss of Internet transparency and analyses their impact:

• Application-layer gateways RFC 2775 says: “If the full range of Internet applications is to be used, NATs have to be coupled with Application Layer Gateways (ALGs) or proxies. Furthermore, the ALG or proxy must be updated whenever a new address-dependent application comes along.” This means that ALGs represent an additional barrier to transparency above and beyond NAT and that ALGs create barriers to the updating of existing applications as well as to the deployment of new applications. It further means that Domain Name System (DNS) ALGs represent a barrier to the deployment of DNS Security Extensions (DNSSEC).
• The Domain Name System The use of a unique root for the DNS namespace is essential and a fundamental principle. Recursive name servers and/or DNS forwarders may replace responses that indicate that a name does not exist with a name and an address record that hosts a Web service. In addition to that, recursive forwarders modifying responses are incompatible with DNSSEC.
• Load balancing and redirection If load balancing and redirection services are not implemented well, it can lead to other services’ being disrupted; for instance, DNS redirection may not properly determine locality. Misconfigured packet filters may result in improper shunting of traffic to overlay networks. And anycast service may not provide oblivious transport in the face of routing changes.
• IPv6 address restrictions Even though RFC 2775 states that "it is a basic assumption of IPv6 that no artificial constraints will be placed on the supply of addresses, given that there are so many of them," providers may not support prefix delegation and gateways may not support bridging and/or neighbour discovery proxy. Also, IKEv2 may assign only a single IPv6 address (as defined in RFC 4306).
• Application filtering Applications may be blocked without consent of the edge of the network, or providers may not disclose service terms and policies to the users.
• Quality of Service (QoS) QoS may be used to restrict deployment of new applications and therefore has potential implications for transparency, since having better or worse QoS for a flow can result in making the Internet more or less oblivious to that flow.

It looks like the IAB statements on transparency – some of them quoted earlier – remain relevant today, and the tussle that led to a reduction in Internet transparency continues. While full restoration of Internet transparency through the deployment of IPv6 remains a goal, the Internet’s growing role in society, the increasing diversity of applications, and the continued growth in security threats have altered the balance between transparency and security. While transparency provides great flexibility, it also makes it easier to deliver unwanted as well as wanted traffic. Since many of the fundamental forces that have led to a reduction in the transparency of the IPv4 Internet also may play a role in the IPv6 Internet, the transparency of the IPv6 Internet is not preordained; rather, represents an ideal whose maintenance will require significant ongoing effort.]]> 1082 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/update-on-ipv6-host-mobility/ Tue, 07 Nov 2006 17:04:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1084 Mobility for IPv6 WG (mip6) Mobile IPv6 (MIPv6) provides the routing support that allows a mobile node (MN) to roam between different points of attachment to the Internet while continuing to use its home address, thereby keeping transparency of the mobility to layers above IP. The mip6 WG focuses on enhancing the Mobile IPv6 base protocol in order to provide the functionality required for a large-scale deployment. In this context, the mip6 WG is working on a protocol that will enable MIPv6 to support dual stack hosts and routers. This solution will handle IPv4 and IPv6 mobility at once by using MIPv6 as its basis. It allows MNs to access the Internet via IPv4 and IPv6 access networks. The dual-stack solution further provides support for dealing with private address assignment to MNs and the required network address translator (NAT) traversal procedures. In an updated draft version, many issues have been resolved, such as the rejection of a lightweight keep-alive mechanism for state maintenance in NATs or the avoidance of the use of an alternate care-of address (CoA) in IPv4 networks. Other issues, such as the dynamic discovery of NATs in the home agent’s (HA’s) domain or the use of mapped addresses, will need to be discussed and resolved on the mailing list. The work on authentication, authorisation, and accounting (AAA) goals for MIPv6 has passed WG last call. The WG agreed on a new goal for supporting the separation of AAA servers used for network access and mobility service authorisation. However, a final agreement about whether or not to include additional support for RFC 4285 (Authentication Protocol) has been delayed. While the Design Team (DT) working on HA reliability has synchronised the drafts about the HA switch message and the HA reliability protocol, no new versions were released prior to the cutoff time. Challenges remain on how best to transmit IP security state from one HA to another, as required for the virtual switch mode. The WG also discussed firewall traversal functionality for MIPv6. Many attendees were unclear about why a generic solution or a manual configuration of firewalls would not work also for MIPv6. Since firewall traversal is already part of the updated WG charter, it was decided that discussion of the scope of the problem would continue on the mailing list. In the meantime, a firewall traversal DT was established. Finally, a brief discussion touched on recent interest in the Proxy MIPv6 (PMIPv6) work. The inter-est comes mainly from other standardisation bodies, such as 3GPP2 and the WiMax Forum. While this topic clearly has been assigned for decision to the Network-Based Localised Mobility Management (netlmm) WG, an informal consensus call within the mip6 WG showed the majority in favour of standardising only a single localised mobility management protocol. MIPv6 Signalling and Handoff Optimisation WG (mipshop) The mipshop WG focuses on defining optimisations for Mobile IPv6 signalling and handoff performances. The charter of the group consists of two main activities: the first deals with HMIPv6 and FMIPv6 protocols that are now in experimental status and will be documented as Proposed Standard; the other deals with activities related to the IEEE 802.21 Media Independent Handoff (MIH) working group. With regard to the first, the group is working on defining solutions for HMIPv6 and FMIPv6 security. Those protocols propose certain enhancements to Mobile IPv6 and require that the mobile node have a security relationship between itself and the mobility anchor point (MAP) for HMIPv6 and the access router for FMIPv6. Several proposals have been submitted that bootstrap these security associations, some of which are based on the AAA infrastructure of the network operator. Other proposals are based on the use of infrastructureless security mechanisms, such as cryptographically generated addresses. The group has decided that in order to move HMIPv6 to Proposed Standard, the use of IKEv2 between the MN and the MAP should be adopted. The Extensible Authentication Protocol may be used over IKEv2 in case the authentication of the MN is based on an AAA infrastructure. Other alternatives may be considered as optimisations, but so far, the group has not adopted any of them. With regard to the second part of the charter, the IEEE 802.21 Media Independent Handoff (MIH) working group is looking at providing services to assist with handoffs between heterogeneous link-layer technologies and across IP subnets. The information exchanges defined by IEEE 802.21 provide topological and location-related information of service networks, timely communications of wireless environment information, and commands that can change the state of the wireless link. The mipshop WG is chartered to define the delivery of information for MIH services in case they are delivered via layer 3. The working group is examining the problem statement document that is in the process of being adopted as a work document. In addition, a Design Team has been created to produce the first version of the solution on transport protocol that will carry 802.21 information. Network-Based Localised Mobility Management WG The netlmm WG focuses on analysing the problem scope and on designing protocols for localised mobility management. In contrast to other efforts, the work in netlmm will address the condition of not placing additional functionality for the mobility management on the MN; that is, the complete mobility management will be handled inside the network. The WG has already produced documents describing the problem statement and goals for network-based localised mobility management. A DT was established to produce a protocol design that addresses the problem scope. However, recently, other standardisation bodies, including WiMax and 3GPP2, declared their interest in a different protocol for network-based localised mobility management: network-based MIPv6 or Proxy MIPv6 (PMIPv6). Dealing with this situation has been a central topic of recent mailing list discussions and also at the WG meeting held during IETF 67. At the beginning of the meeting, the Area Director declared the basic rules for following discussions. Whichever protocol will be selected needs to address currently documented functionality requirements and the agreed link model (per-MN prefix assignment), and it will need to follow the usual Standards Track requirements. The three candidate protocols currently available have been presented – including the protocol designed by the netlmm DT, an approach based on Dynamic Host Configuration Protocol (DHCP), and PMIPv6, the last of which is available in two different individual drafts. The DT protocol has been further updated and now supports mixed IPv4 and IPv6 infrastructures by using an identity-locator split. Furthermore, optimised handover based on a make-before-break approach is possible. The PMIPv6 protocol introduces a new entity, the Proxy Mobile Agent, which is a kind of MIPv4 foreign agent sitting on the access router (AR). Between AR and MN, a secure point-to-point link will be established. The Proxy Mobile Agent will handle mobility on behalf of the MN, using functionality similar to MIPv6′s. Under the DHCP-based approach, the mobility anchor point runs a DHCP server, while the ARs run a DHCP client and a DHCP relay functionality in parallel. MNs are able to use stateless address autoconfiguration or DHCP. DHCP is also used as protocol to carry mobility management information between the MAP and ARs. At the end of the meeting, multiple consensus calls were performed and there is clear consensus for proceeding with only a single protocol within netlmm. In terms of which protocol this should be, the DHCP-based approach has been ruled out, but the PMIPv6 protocol had only slightly more support than the netlmm DT protocol did. In another consensus call concerning whether the WG would be comfortable moving ahead with the PMIPv6 approach, it was decided that the netlmm WG will continue to work on the basis of the PMIPv6 protocol. Deciding which one of the two available individual drafts will serve as the basis still needs to be sorted out on the mailing list. Diameter Maintenance and Extensions WG The Diameter Maintenance and Extensions (DIME) WG focuses on the maintenance of and extensions to the Diameter Protocol required to enable its use in applications such as IP mobility and local area network authentication, authorisation, and accounting. This review focuses only on the ongoing work about Mobile IPv6 authentication and authorisation and does not include any details of the work being done on Quality of Service and RFC 3588 review. The purpose of the work on mobility is to design one or more Diameter applications in order to authenticate and authorise the Mobile IPv6 service for a specific user, which includes authentication of user credentials during the bootstrapping phase and authorisation of service when the user starts to use Mobile IPv6. The MIP6 WG is finalizing the requirements document that will include all of the goals the Diameter application(s) design must fulfil. Based on work done in the mip6 WG on Mobile IPv6 bootstrapping, the DIME WG is working on two different documents. The first document focuses on communication between the HA and the AAA server. This communication is needed in order to authenticate the user during the service bootstrapping, to explicitly authorise the usage of Mobile IPv6 based on user profile, to perform accounting operations based on the packets exchanged by the mobile node, and to maintain the service, aborting the session when necessary. The design of the Diameter support for this communication is in a preliminary phase. The main discussion has been about whether authentication and authorisation should be done through the same application or via different ones. The discussion on this topic is ongoing. The second document focuses on communication between the AAA server and the NAS and is expected to define the extensions to current Diameter applications that are needed to carry Mobile IPv6 information to the network access server (NAS). The purpose is that the NAS, acting as DHCP relay, may provide home agent and home address information for the mobile node by using DHCP. This extension is designed for the so-called integrated scenario identified by the mip6 WG, that is, when the mobility service is authorised by the same entity that authorises the network access service. This is to acknowledge that the writing of this review has been partially supported by the European Commission’s Information Society Technologies Sixth Framework Programme ENABLE project.]]> 1084 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/e-mail-address-internationalisation-eai/ Tue, 07 Nov 2006 17:06:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1086 www.ietf.org/html.charters/eai-charter.html. This working group will address one basic approach to e-mail internationalisation. That approach is based on the use of an SMTP [Simple Mail Transfer Protocol] extension to enable both the use of UTF-8 [8-bit unicode transformation format] in envelope address local-parts and optionally in domain-parts and the use of UTF-8 in mail headers – both in address contexts and wherever encoded-words are permitted today. Its initial target will be a set of experimental RFCs that specify the details of this approach and provide the basis for generating and testing interoperable implementations. Its work will include examining whether "downgrading" – transforming an internationalised message to one that is compatible with unextended SMTP clients and servers and unextended MUA [mail user agent] – is feasible and appropriate and, if it is, specifying a way to do so. If it is not, the WG will evaluate whether the effort is worth taking forward. Other approaches may be considered by the formation of other working groups. As of this writing, the WG has the following Internet Drafts in the agenda. All were discussed at IETF 67 in November:

• draft-ietf-eai-framework Presents an overview of, and the framework for, the approach described in the charter. This is a good one-stop reading if you want to quickly find out how all of this is supposed to work.
• draft-ietf-eai-scenarios Describes possible scenarios that an EAI solution will have to deal with, defining what the acceptable behaviour for a technical solution would be and thus constraining the space of possible alternatives.
• draft-ietf-eai-smtpext Describes an SMTP service extension that enables mail transmission agents (MTAs) to signalise to their clients EAI support.
• draft-ietf-eai-utf8headers Defines a representation – in UTF-8 – of certain mail header field bodies.
• draft-ietf-eai-downgrade Defines mechanisms for backward compatibility, so that EAI mail can be transported even through non-EAI-aware MTAs. Downgrading is the generic term used for any kind of conversion mechanism employed for allowing this.
• draft-ietf-eai-mailinglist Illustrates issues with mailing lists that need to be considered and that are not listed in the scenarios document. Mailing lists are interesting environments inasmuch as mails are received by software and then reinjected into mail transport for users to receive, many of whom, without any a priori knowledge on the original sender’s side, might or might not be users of EAI addresses.
• draft-ietf-eai-pop Extends the Post Office Protocol version 3 (POP3) (RFC 2449) to support without encodings characters beyond ASCII in user names, mail addresses, and other message headers. This document also takes the opportunity to support localisation of protocol-level textual errors into different languages.
• draft-ietf-eai-imap-utf8 Extends the Internet Message Access Protocol version 4rev1 (IMAP) (RFC 3501) to support without encodings characters beyond ASCII in user names, mail addresses, and other message headers.

During the most recent group meeting, it was decided that the framework document was ready to go to the IESG after passing working group Last-Call. It became clear, too, that a new document on a service extension to Delivery Status Notifications (DSN) for SMTP (cf RFC 3461) with EAI support was necessary. A high note during the meeting was the reaching of consensus on representation of an alternative ASCII address for a given EAI. This ASCII address would be specified by the user – if it is known to the user at the moment of mail submission – and it would then look like this: <utf8@utf8 <ascii@ascii>> For instance, <chimäre@example.net <chimaere@example.net>> Unfortunately, there were disagreements in the room as well. There is still ongoing discussion about whether the introduction of a marker header field that would identify a message (in transit or not) as an EAI mail is really necessary. Also controversial was the issue of the appearance of raw UTF-8 in multipurpose Internet mail extension (MIME) headers (a usual situation when dealing with file names, for instance) and how to handle it. One possibility could be to downgrade it by means of RFC 2047 mechanisms when it’s outside quotes and RFC 2231 mechanisms when it’s inside quotes. Alternatively, it could be possible to deprecate RFC 2231 and use the RFC 2047 technique. Regarding the running-code part of the proverbial saying, there’s an implementation in Perl by the Taiwan Network Information Centre (TWNIC) based on sendmail together with Milter and Mimedefang. In parallel, the China Internet Network Information Centre (CNNIC) has developed an implementation based on qmail. The existence of two independent implementations has allowed for intercompatibility tests. If you want to get involved, do it now, because the current plans of this hardworking group are to have all the documents ready before the next IETF meeting in Prague!

References RFC 2449: POP3 Extension Mechanism. R. Gellens et al., Nov. 1998. RFC 3501: Internet Message Access Protocol, Version 4rev1. M. Crispin, March 2003. RFC 3461: Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs). K. Moore, Jan. 2003. RFC 2047: MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text. K. Moore, Nov. 1996. RFC 2231: MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations. N. Freed, K. Moore, Nov. 1997.

]]> 1086 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-ietf-chair-2/ Thu, 07 Sep 2006 17:17:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1100 ETF 66 was held in the Palais des congrès in Montréal, Canada, close to the city’s Chinatown and a short walk from the famous old town. We shared this enormous facility with a conference on pediatric pulmonology, and from its attendees we learned that we could be far more imaginative in our naming of meeting rooms. Their exhibit area, for example, was named Thoracic Park. IETF 66 was hosted by Ericsson Canada which, with the help of Combat Networks and a team of dedicated volunteers, provided excellent wireless networking throughout the week. More than 1,200 people from 44 countries attended. Notably, more than 70 people named China as their country of origin. As always, the week was a busy combination of working group (WG) meetings, BoF (birds-of-a-feather) sessions, research groups, and formal and informal meetings of all kinds on the side.

IETF 66 Facts and Figures1236 registered attendees from 44 countries 4 new WGs 13 WGs closed 463 new Internet-Drafts 852 updated Internet-Drafts 80 IETF Last Calls 96 approvals around 138 published RFCs (88 standards and BCPs) 1 appeal

Since IETF 65, four new WGs were chartered and 13 WGs were closed, leaving approximately 120 WGs currently chartered. Between the meetings, the WGs and their individual contributors produced 463 new drafts, not to mention 852 updates. The Internet Engineering Steering Group (IESG) approved 96 drafts for publication as RFCs. For the first time in several years, this was fewer than the number of RFCs published during the same interval – evidence that the publication backlog is getting smaller. The IESG has opened a new section on the IETF Web site for material provides by IESG (see http://www.ietf.org/IESG/content). Among other things, the site includes a link to the IESG’s own wiki, an informal guide to IESG procedures that was developed as a collaboration among Area Directors. The IESG has decided to start session scheduling for future meetings two weeks earlier to allow extra time for resolving clashes in the draft agenda. Similarly, BoF requests must now be sent earlier to allow extra time for evaluation. Deciding which BoFs to approve is one of an Area Director’s most important tasks, and it requires consultation with both the IESG and the Internet Architecture Board (IAB). Scheduling information for the next IETF meeting may always be found via http://www.ietf.org/meetings/meetings.html. I look forward to seeing many of you in San Diego, California, USA, from November 5-10, 2006.]]> 1100 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-iab/ Thu, 07 Sep 2006 17:19:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1103 During the Thursday plenary at the Montreal IETF meeting, I gave an overview of the IAB’s activities since the last IETF meeting. The details, including pointers, can be fount atwww3.ietf.org/proceedings/06jul. In this note, I’d like to draw attention to 3 particular areas you might want to keep an eye on and/or participate in. First, as voiced at the IAB’s BoF sessions at the network operator group meetings during the last year (NANOG, APRICOT, RIPE), as well as many other places, there are growing concerns about the evolution of network addressing and routing architectures. This year, the IAB is planning to hold an invitational workshop to examine the issues. The stated goals of the workshop include producing a concise problem statement of the current concerns about scalable routing and addressing. Concerns we have heard raised, that will be discussed at the workshop, include:

• Difficulty in changing provider due to PA/CIDR addressing schemes
• Lack of effective multi-homing support
• Limited capability to protect against either the spoofing of individual host IP addresses or entire IP address blocks
• Limited ability to secure the routing system itself

Stay tuned for the workshop report. Second, the IAB recently finalized a document outlining some possible next steps for evolving the Internationalized Domain Name (IDN) standard. This document, written by John Klensin, Patrik Fältström and Cary Karp, describes some of the lessons learned and issues perceived with current IDN usage. The statement proposes some areas for further exploration within IETF work, ICANN bodies and elsewhere. Some of the documents main conclusions include:

• IDNA and its tables need another look in terms of its use of Unicode
• Need more stable normalization
• May need a more restricted, permitted character list
• There is no IDNA/DNS solution to several problems – they can’t be solved in this technology, or perhaps any technology
• Time for another look at the "above DNS" approaches?

See http://tools.ietf.org/html/draft-iab-idn-nextsteps-06 for full details and suggestions of where further work may be pursued. Finally, as one of its non-technical work activities, the IAB has been working to help develop a clearer community definition of both the RFC Series and RFC Editor function. This is in support of this year’s IASA RFP process for the RFC Editor function. The IAB has proposed a framework for the RFC Series and an RFC Editor function for the specific purpose of ensuring the RFC Series and RFC Editor role are maintained and supported in ways that are consistent with the stated purpose of the RFC Series and the realities of today’s Internet research and engineering community. Details can be found in . However, the RFC Series contains more than IETF documents. As part of this effort, the IAB has sponsored the openindependent@ietf.org mailing list, which is discussing draft-klensin-rfc-independent as a process document to describe the handling of the independent submissions the RFC Editor receives today. These are three key areas of active work for the Internet community as a whole – not just for the IAB. There’s plenty of engineering work to go around!]]> 1103 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-administrative-process-and-new-challenges-discussed-at-ietf-66/ Thu, 07 Sep 2006 17:20:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1105 IETF 66 BoF SessionsApplications Area dmsp – Distributed Multimodel Synchronizastion Protocol wae – Web Authentication Enhancement RAI Area rtpsec – Securing the Real-Time Transport Protocol Security Area hoakey – Handover and Application Keying and Pre-Authentication nea – Network Endpoint Assessment Transport Area offpath – Path-decoupled Signalling for Data Brian described a number of enhancements being made to the IETF meeting process, including a new scheduling procedure for WG and BoF sessions. The IESG is proposing to commence scheduling for working group meetings two weeks earlier than usual so as to allow more time for adjustments to the agenda and to minimise the possibility of clashes. Looking ahead to IETF 67, planned for November 5-10 in San Diego, the change means WG scheduling will open on August 7, with a cut-off date of September 18 for both WG scheduling and BoF proposals. A preliminary agenda will be announced on September 29 and the final agenda will made available on October 16. Standards-Track Reform A significant portion of the plenary discussion was dedicated to the future of standards-track reform. The current three-stage standards process, as described by Scott Bradner in RFC 2026, was intended "to provide a fair, open, and objective basis for developing, evaluating, and adopting Internet Standards." As such, a specification undergoes first a period of development and review by the Internet community, and then revisions based on preliminary implementation. It is then adopted as a Proposed, Draft or Full Standard by the IESG and then published as an RFC. As mentioned in the previous issue of the IETF Journal, in reality, protocol specifications are often adopted and implemented before they are approved as full standards. RFC 3774, published in May 2004, addressed the erosion of the three-stage process, stating that "in practice, the IETF currently has a one-step standards process that subverts the IETF’s preference for demonstrating effectiveness through running code in multiple interoperable implementations. This compresses the process that previously allowed specifications to mature as experience was gained with actual implementations." This problem has further been identified and described in the newtrk WG, chartered in 2004, but no clear community consensus has emerged as a solution to the problem. Opening the plenary discussion, Brian offered three possible directions. In option 1, RFC 2026 would be clarified, not just to "reflect the reality" that few standards go through the process as laid out in RFC 2026 but also to acknowledge that "the problems with the existing standards track are not serious enough to justify the effort needed to make substantial changes." Option 2 focuses on document relationships, or, as the newtrk charter now says, "[creating] a new series of shorter IESG-approved IETF documents to describe and define IETF technology standards." Option 3 would focus attention on the "maturity" levels of proposed standards, which would mean revising the three-stage IETF standards track described in RFC 2026. A spirited debate ensued, with a number of participants admitting that large segments of the industry start accepting standards as soon as they have an RFC number, preferring not to wait for specifications to go through the entire three-stage process. However, a critical step in the standards track is one in which interoperability is demonstrated through a number of independent implementations, a part of the process that, if neglected, could lead to problems down the road. Other participants preferred to look at ways to get the "running code" piece back into the IETF, maybe as part of the WG specification writing process and not as part of the standards track. "Sometimes we spend too much time on process and yet it seems like the problems are not big enough," said Sam Hartman, who added that "while it would be nice to fix RFC 2026,"it doesn’t seem to be a high-enough priority for the community. "If we turn to it," he said, "we need to get it right; it would be easy to get this one wrong and that would be very bad." Bradner agreed, pointing out that "the Internet hasn’t stopped because we are not following RFC 2026." However, Bradner also said he believes that a good description of the standards process would be useful. "The three-stage process shows maturity levels of the document," he added. Long-time IETF participant Dave Crocker suggested that a second label be explored, one in which the market reports its use of particular standards. In this scenario, a document would move to "Proposed Standard" for X number of years. If the market does not come back within that many years, it ceases to be a standard. Dave said that while not moving through the levels doesn’t seem to be hindering the process, he lamented the "lack of feedback about the specs." Brian put the issue to an informal vote, resulting in no clear consensus on which of the three options is preferred. There was some agreement, however, that the nature of the problem may have been incorrectly stated and that the discussion would continue on the IETF mailing list. IAOC Makes Progress, Moves toward the Future Lucy Lynch, chair of the IETF Administrative Oversight Committee (IAOC), reported that a request-for-information (RFI) had been issued for the RFC Editor function, as were a statement of work (SoW) and a draft IANA service-level agreement (SLA). Both the SoW and the SLA were sent to the IETF community. Shortly after the IETF 66 meeting, an RFP for the RFC Editor function was published. Lucy gave a brief summary of a two-day IAOC retreat held in May, where members outlined future activities and turned their attention to setting goals. Topics discussed at the retreat included meeting planning, funding models, and IASA goal setting, as well as plans for finalising an IASA work plan for 2006-2007. Lucy announced progress on the newly formed IETF Trust, saying that some issues still await resolution within the Intellectual Property Rights (IPR)-WG, which affect both ISOC and the Trust. "We need to deal with current physical assets transferred from CNRI and develop a document’s retention policy," said Lucy. The IAOC expects to solicit additional donations of IETF-related IPR in the coming year and the group is addressing the need for inventory tools and archival storage. More information can be found at the IAOC Web site at http://wkoi.uroegon.edu/~iaoc/, which will soon move tohttp://iaoc.ietf.org. IASA: The First 180 Days Reporting on the activities of the IETF Administrative Support Activity (IASA), IETF Administrative Director (AD) Ray Pelletier outlined plans to establish a multievent contract with a hotel chain, which he said, was intended to reduce both costs and risks associated with IETF meetings as well as to improve long-term planning. The group is also considering the possibility of outsourcing the operations of the IETF meeting network, which Ray said would reduce the host’s workload and possibly attract organisations that may not possess expertise in running big networks to host an IETF meeting. According to Ray, the additional resources that have recently been invested in the RFC Editor had met with success, as evidenced by the elimination of copy-edit backlog. An RFP is being issued for the RFC Editor function and Ray anticipates that new contracts will be negotiated in September. A transition is scheduled for December and RFC Editor services are expected to commence in January 2007. IETF66 Plenary Photo: Shane Kerr IANA Operations Manager Barbara Roseman announced that while a few positions remained unfilled, the increase in administrative staffing has resulted in measurable service improvements. By introducing redundancy and providing for back-up for staff on leave, single points of failure have been eliminated. In addition, the regularising of request processing has led to increased responsiveness and better collection of statistics. However, according to Roseman, due to legacy data and the fact that highly detailed and accurate statistical reporting requires considerable preparation time, a few issues remain regarding the collection and analysis of statistics. Prior to IETF 67, IANA expects to complete implementation of the SLA within the IAB, migration of historic data, public documenting of IETF-related processes, and the launch of a new web site for IETF assignments. IETF 66 Technical Report Draws Attention to DNS and IDN The publication of draft-iab-idn-nextsteps took center stage at the technical session of the IETF 66 plenary. IAB Chair Leslie Daigle made it clear that the intention of the document is not to propose solutions, but "to identify issues and in some cases possibilities." The document identifies a number of experiences with IDNA and IDN, including concerns about character spoofing and similarities that do not currently have technical fixes. Leslie also pointed out the difficulty in trying to design policies that are helpful in solving such problems but not so restrictive as to make IDNs unappealing. The position of the IAB is that the time is right to review certain aspects of IDNA – especially the tables. Leslie suggested that a more restricted approach to permitted characters may be needed. There was also general agreement that IDN creates problems for DNS as it exists today. "We could spend a long time debating this," said John Klensin. "But the point is that these things overload the DNS and DNS was never built to deal with these kinds of issues." Independent Document Submissions A proposal to change the document draft-iab-rfc-editor-00.txt based on feedback from the community was offered by Leslie. The draft describes the need for an RFC Series that is implemented for the community and that has a number of key characteristics: it needs to be expertly implemented and clearly managed, and it needs appropriate community input and review of activities. According to Leslie, the proposal would allow for more explicit integration of the RFC Editor, the IAB, and the IETF, while ensuring that each retains clear and distinct responsibilities. RFC Series decisions would thus be more open to community discussion, with the IAB monitoring the discussion and maintaining the coherency of the series and related discussions. Leslie said the IAB believes that the proposed changes would clarify the role of decision-making groups and ensure the right balance of RFC streams. The community is encouraged to participate in the discussion on a new mailing list atwww1.ietf.org/mailman/listinfo/independentlist. A fair portion of the plenary session was dedicated to a public discussion about independent submissions to the RFC Editor. IAB member Olaf Kolkman, who led the discussion, is the moderator of theindependent@ietf.org mailing list. Olaf pointed out that it is important to the RFP process that policies and procedures be documented. The IAB is looking for broad community input, which is why the mailing list was announced at the IETF as well as other venues, such as the Regional Internet Registry (RIR) communities. The feedback received on the list thus far indicates that the document “draft-klensin-rfc-independent-02.txt” provides a good desription of the current process and procedures. There are a number of open issues, related mostly to different interpretations of RFC 3932 – "The IESG and RFC Editor Documents: Procedures" – and which require broad agreement. Olaf presented a number of issues and encouraged people to raise their voices on the mailing list. He pointed out that now is the time to set up a good working structure for RFCs and independent submissions. In the discussion that followed, Allison Mankin cautioned participants about making changes to RFC 3932 as it is an approved BCP that was reviewed by the community. In contrast, others felt it is important that the document reflect reality, such as in the editorial process and in the way reviews are accomplished. It was also suggested that non-IETF-consensus documents should have a different name or label, so they do not get confused with standards-track documents. This discussion will be continued on the independent@ietf.org mailing list. The Challenges of Appeals With formal appeals on the rise, the IAB was asked if having to deal with those types of challenges is consuming too much of the group’s time and, if so, wether the IAB would consider using a separate organisation to handle appeals. Members of the IAB agreed that the appeals process is an important part of the IAB’s work, as well as part of its charter. As Eric Rescorla pointed out, the appeals process may take time, and the IAB should probably think about streamlining the process instead of creating a separate pool of people to handle appeals." A key concern expressed by attendees was the potential of one-person appeals to obstruct the process. "The past several months have demonstrated the potential for people who are not actively participating in getting things done to be launching appeals," said John Klensin. He added that the IAB should consider mechanisms for "applying dampers" for appeals that are submitted repeatedly, before the situation gets out of control. Of equal concern was the need to handle changes to the appeals process with care. Bradner reminded the group that the appeals process was not only an issue of fairness but also a condition set by the IETF’s insurance company as means for avoiding litigation. "We need to be careful when changing the appeals process," he said. "We cannot be seen as an unfair organisation by insurance companies, even though we have never had to use the insurance so far." Dave Crocker expressed appreciation for the diligence with which appeals have been handled thus far but said he felt "real concern" about the abuses he has seen recently. "The IETF model of rough consensus is about broad-based concern and consensus," he said, suggesting that the IETF consider requiring that appeals be submitted by multiple people or at least supported by others. "It might also make sense that an appeal should not be resubmitted by the same person," he said. While it was agreed that care should be taken when addressing changes to the appeals process, there was general agreement that the number of appeals should be reduced by any means. Anticipating the Future When asked what they thought the most pressing problems over the next five years might be, IAB member Lixia Zhang answered that the routing system needs a fundamental change. "Congestion and routing were problems at IETF 1," she said. "Congestion solved itself but the routing problem is still there." She also pointed out the value of looking back to see which protocols have been successful and which others took a lot of time but didn’t take off. Conducting this type of review, she said, would help in the future with prioritising tasks.

IAB member Bernard Aboba answered that until the IAB workshop on unwanted traffic, he had underestimated the security problem. "Often we seem to underestimate how difficult it is to apply security mechanisms on a global scale," he said. Dave Oran, a new IAB member, said that over the past 20 years, there have been dramatic shifts in traffic as a result of e-mail, the Web, and VoIP. "We need to be getting more knowledgeable about applications that have no known upper bound on bandwidth," he said. "We need to figure out network management without thinking that adding bandwidth is the solution." It was recommended to work closely with ISOC on issues related to policy and politics.

Please note that this is not a complete report of the plenary sessions, but is instead summarising the highlights of the discussions.

The discussion gravitated toward nontechnical issues, particularly those involving policy, including whether the IETF should be concerned with Net Neutrality. "There are a lot of important issues out there that are at a different level," said Bradner, "but we should not overlook them. Routing might not be important anymore if bad things happen at level 8 or 9." Presentations given during the IETF 66 plenary session can be found atwww3.ietf.org/proceedings/06jul]]> 1105 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-66-review-routing/ Thu, 07 Sep 2006 17:24:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1107 Routing Area Directorate The Routing Area Directorate is an advisory group of routing experts selected by the Area Directors. The Area Directors use the feedback from the Directorate while making decisions on a range of topics related to the IETF Routing area. One of the consistent issues with the IETF is that of ensuring that documents receive adequate and timely peer review. The Area Directors will be putting some effort into the Routing Area Directorate to ensure that directorate members will be a resource for WG chairs to undertake early review of routing drafts prior to the final steps of IESG submission. The Area Director review will also use the Routing Area Directorate for comments as part of the Director’s review process. Routing Area WG Reports Bidirectional Forwarding Detection (BFD) This WG is not meeting at IETF 66. The WG is close to undertaking a last call on its current document set. The Routing Area Directorate should be involved in review at this stage Common Control and Measurement Plane (CCAMP) This WG has a new new co-chair, Deborah Brungard. There was reported to be steady progress on drafts. Considering that the WG currently has some 29 active drafts, this is certainly a very active group. There is currently a strong focus on interior gateway routing protocols with traffic engineering capabilities and automatic mesh capabilities. The GMPLS-controlled Ethernet Label Switching (GELS) topic, relating to GMPLS control of Ethernet environments, which held a BoF at IETF 64 will now be folded into the CCAMP WG charter, and GMPLS control protocols will be used. There is no new data plane definition in this proposed direction, which is addressing one of the more contentious issues that surfaced in the GELS BoF. Forwarding and Control Element Separation (FORCES) The WG is attempting to complete the base model document, which then forms the foundation for the WG’s document set. The WG has decided to place a deadline for review comments for this draft, in an attempt to complete the document in the near future. Current work includes consideration of the Transport Mapping Layer, and the potential to use SCTP in this context, as well as a FORCES MIB. Inter-Domain Routing (IDR) There has been some progress in terms of moving documents thriough the IESG, and a number of RFCs were published after IETF 65 (RFC 4456 and RFC4486). A number of additional documents are to be passed to the IESG in the weeks immediately following IETF 66. It was noted by the WG chair that there have been various recent efforts to add capabilities to BGP in working groups outside the Routing Area, and a call for IDR involvement in this effort was made. As one example, the Softwires WG in the Internet area will work on some framework documents to attempt to address these issues, and some deliberate effort to use cross-WG postings was made in that case. Some further discussion with the ADs was proposed. Other areas and other WGs do undertake some work on extensions to routing protocols, with the need to manage outcomes to ensure coherence and consistency of the resultant routing protocol extensions. This is asserted to be a matter for AD attention and work management. It was recommended that some coordination effort across WGs should be undertaken as early as possible when work on routing protocols is taken up in other working groups (“early cross-area review” is the procedure being considered here). IS-IS for IP Internets (ISIS) There are some further work items in this WG, including support for IPv6, multi-topology routing, policy control mechanisms, and extensions for advertising routing information and HMAC SHA authentication. It is expected that the WG will be rechartered to reflect this intended work agenda. Layer 1 Virtual Private Networks (L1VPN) It was reported that this WG is progressing well, with the framework document completed in the working group and applicability description underway. A large part of this WG’s agenda is concerned with emulation of edge-to-edge circuit states via GMPLS paths. There has been some cross-working group and cross-area review of these L1VPN drafts. Mobile Ad-Hoc Networks (MANET) The three core MANET documents have been updated. The WG is now looking at a common generalized messaging format. Update of this document has been completed, and work on a common neighbourhood discovery protocol is underway. Within MANET there are at present both pro-active and re-active approaches, and some effort to pull these together will be undertaken. The chairs of Autoconf (Internet Area) and MANET are working on a common-architecture document and will publish this following IETF 66. This is a document that would benefit from early cross-area review. Multiprotocol Label Switching (MPLS) This working group had a busy agenda at IETF 66. The highlight is point-to-multi-point point traffic engineering-label-switched path (TE LSPs) and a report of the meeting with ITU-T Q12/15 on T-MPLS. Open Shortest Path First IGP (OSPF) Most the original OSPF charter documents have been completed by the working group at this stage (MIB on V2 and security on v3). Only the OSPFv3 MIB remains. The WG is currently in the process of re-chartering with work items including Multi-Topology Routing (MTR) in OSPF and OSPF in a MANET environment. The initial OSPF MANET work has focused on flooding and adjacency reduction optimizations. Some OSPF WG review of the CCAMP documents has been requested. Path Computation Element (PCE) The PCE architecture RFC (first WG RFC) has been published: RFC 4655 and two PCE documents are in the RFC editor queue. The base protocol space is now stable, and a call for review has been made. There have been some proposals for further PCE work, and the chair would like to hold off on further specification of requirements until there has been some experience with the base protocol. There was consideration of an experimental track on manageability of the PCE specifications. Policy work is outstanding, as is consideration of the complete requirement set. Routing Protocol Security Requirements (RPSEC) The RPSEC Working Group is finishing up with work on the generic threats document, and this document is now back in the RFC Editor’s queue. The documents on OSPF vulnerabilities and the BGP attack tree are being reviewed, and appear to be close to completion. The BGP security requirements document is also considered to be almost ready for a working group Last Call. Without further new items, the WG will have completed its current charter with those documents. Routing Area Working Group (RAWG) This group did not meet at IETF 66. Currently on the Working Group’s agenda is an open question about loop-free/microloop detection algorithms that need to be resolved prior to last call of the IP Fast-Reroute document. Secure Inter-Domain Routing (SIDR) This is the first meeting of this working group since it was chartered following IETF 65. Current work is focused on the basic instruments of trust within the routing and addressing environment, examining a profile for X.509 Public Key certificates that would be able to function as ‘right-of-use’ tokens in a routing context. This would form the basic trust injection function for the work on securing route origination. The next work item is that of an overall architecture for secure inter-domain routing systems. In addition at IETF 66 SIDR gave some time to air the varying proposals for TCP MD5 key rollover. Virtual Router Redundancy Protocol (VRRP) The VRRP for V6 spec with the IESG, as it relates to consideration of the SeNd technology. The unified MIB is under MIB doctor review, and the subsecond timer work is under WG review. This working group did not meet at IETF 66. RFC 1264 Discussion What should the requirement be for routing area documents that are forwarded to the IESG for publication as RFCs? The Routing Area had previously requested implementation reports, detailing the outcomes of implementation and interoperability of the specification, preferably from at least two independent implementations as a pre-requisite for passing a document to the IESG for publication at the Proposed Standard level. There was strong consensus at the area meeting to have “good” requirements, however the developing picture appears to be visible consensus in the Routing Area to have Proposed Standard publication requirements that are no different than the other IETF areas. At this stage it is proposed that it be a working group matter to determine requirements related to implementation reports, and due attention should be given to quality of WG documents in this process. This would make the requirements specified in RFC 1264 to be considered historic for the Routing Area, particularly in terms of specifying more stringent preconditions for Routing Area Proposed Standard documents. IP Routing in the Global Information Grid This was a report to the meeting on the recent U.S. Departement of Defense initiative called the “Global Information Grid”. This initiative is projected to have a number of routing objectives, as well as objectives of supporting Quality of Service (QoS) and security. This Global-Internet-Geography (GIG) environment proposes pervasive node and network mobility, implying that the current Internet routing paradigm may not be totally applicable in a number of dimensions. Some potential for “fundamental change” in inter-domain is contemplated. IAB Routing and Addressing Workshop

Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects the author’s personal perspective on some current highlights.

Dave Meyer reported on the proposed IAB workshop on routing and addressing. Mid-October is the likely time for this by-invitation-only IAB workshop. Current workshop activity appears to be the definition of a routing problem statement and a requirement list. Ross Callon commented that it would be valuable for a broader consideration on the routing-discuss mailer on the identification of the problems of routing and addressing. The routing-discuss mailing list is: routing-discussion@ietf.org]]> 1107 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-2/ Thu, 07 Sep 2006 17:26:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1109 http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-signaling-08.txt Date: 2006-06-07 – Last Call (Deadline: 2006-06-21) / Proposed Standard (draft-ietf-simple-xcap) Title: The Extensible Markup Language (XML) Configuration Access Protocol (XCAP) URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-xcap-11.txt Date: 2006-06-12 – Approved by the IESG as Proposed Standard Title: OSPF Version 2 Management Information Base URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-mib-update-11.txt Date: 2006-06-12 – Approved by the IESG as Draft Standard Title: Multiprotocol Extensions for BGP-4 URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc2858bis-10.txt Date: 2006-06-14 – Last Call (Deadline: 2006-06-28) / Informational RFC (draft-ietf-dkim-threats) Title: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-threats-03.txt Date: 2006-06-14 – Last Call (Deadline: 2006-07-12) / Experimental RFC (draft-ash-alt-formats) Title: Proposed Experiment: Normative Format in Addition to ASCII Text URL: http://www.ietf.org/internet-drafts/draft-ash-alt-formats-02.txt Date: 2006-06-14 – Last Call (Deadline: 2006-06-28) / Proposed Standard (draft-ietf-sipping-transc-conf) Title: The Session Initiation Protocol (SIP) Conference Bridge Transcoding Model URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-conf-03.txt Date: 2006-06-14 – Last Call (Deadline: 2006-06-28) / Informational RFC (draft-ietf-sipping-transc-framework) Title: Framework for Transcoding with the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-framework-04.txt Date: 2006-06-15 – Last Call (Deadline: 2006-07-12) / Experimental RFC (draft-ash-alt-formats) Title: Proposed Experiment: Normative Format in Addition to ASCII Text URL: http://www.ietf.org/internet-drafts/draft-ash-alt-formats-02.txt Date: 2006-06-23 – Last Call (Deadline: 2006-07-07) / Proposed Standard (draft-ietf-dnsext-nsid) Title: DNS Name Server Identifier Option (NSID) URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-nsid-02.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Virtual Private LAN Services Using LDP URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-vpls-ldp-09.txt Date: 2006-06-26 – Approved by the IESG as Informational RFC Title: Service Requirements for Layer 2 Provider Provisioned Virtual Private Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-requirements-07.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP and TCP Headers URL: http://www.ietf.org/internet-drafts/draft-fenner-iana-exp-2780-05.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Atom Threading Extensions URL: http://www.ietf.org/internet-drafts/draft-snell-atompub-feed-thread-12.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Atom Threading Extensions URL: http://www.ietf.org/internet-drafts/draft-snell-atompub-feed-thread-12.txt Date: 2006-06-26 – Approved by the IESG as Informational RFC Title: Considerations on the IPv6 Host density Metric URL: http://www.ietf.org/internet-drafts/draft-huston-hd-metric-02.txt Date: 2006-06-27 – Approved by the IESG as Proposed Standard Title: Transport Layer Security (TLS) Authorization Extensions URL: http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-07.txt Date: 2006-07-05 – Approved by the IESG as Informational RFC Title: Requirements for Path Computation Element (PCE) Discovery URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-discovery-reqs-05.txt Date: 2006-07-05 – Approved by the IESG as Proposed Standard Title: Virtual Private LAN Service (VPLS) Using BGP for Auto-discovery and Signaling URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-vpls-bgp-08.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: IKEv2 Clarifications and Implementation Guidelines URL: http://www.ietf.org/internet-drafts/draft-eronen-ipsec-ikev2-clarifications-09.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: GigaBeam High-Speed Radio Link Encryption URL: http://www.ietf.org/internet-drafts/draft-housley-gigabeam-radio-link-encrypt-02.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: Terminology for Benchmarking Network-layer Traffic Control Mechanisms URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-dsmterm-13.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: RTP Payload Format for H.263 using RFC2190 to Historic status URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2190-to-historic-06.txt Date: 2006-07-11 – Last Call (Deadline: 2006-08-08) / Proposed Standard (draft-melnikov-imap-search-ret) Title: IMAP4 extension to SEARCH command for controlling what kind of information is returned URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-search-ret-03.txt Date: 2006-07-13 – Last Call (Deadline: 2006-07-27) / BCP (draft-ietf-dnsop-bad-dns-res) Title: Observed DNS Resolution Misbehavior URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-06.txt Date: 2006-07-19 – Approved by the IESG as Informational RFC Title: Registration of media type audio/mobile-xmf URL: http://www.ietf.org/internet-drafts/draft-kosonen-mobile-xmf-mediatype-01.txt Date: 2006-07-20 – Approved by the IESG as Proposed Standard Title: Internet X.509 Public Key Infrastructure Subject Identification Method (SIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-sim-08.txt Date: 2006-07-24 – Last Call (Deadline: 2006-08-07) / Experimental RFC (draft-ietf-imapext-annotate) Title: IMAP ANNOTATE Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-imapext-annotate-15.txt Date: 2006-07-24 – Last Call (Deadline: 2006-08-07) / Proposed Standard (draft-ietf-sieve-spamtestbis) Title: SIEVE Email Filtering: Spamtest and Virustest Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-spamtestbis-05.txt Date: 2006-07-24 – Approved by the IESG as Informational RFC Title: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-threats-03.txt Date: 2006-07-24 – Approved by the IESG as Proposed Standard Title: Encapsulation Methods for Transport of ATM Over MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-atm-encap-11.txt Date: 2006-07-25 – Last Call (Deadline: 2006-08-22) / Informational RFC (draft-fenner-obsolete-1264) Title: RFC 1264 is Obsolete URL: http://www.ietf.org/internet-drafts/draft-fenner-obsolete-1264-02.txt Date: 2006-07-25 – Approved by the IESG as Proposed Standard Title: The Virtual Fabrics MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-vf-mib-02.txt Date: 2006-07-25 – Last Call (Deadline: 2006-08-08) / Proposed Standard (draft-ietf-simple-message-sessions) Title: The Message Session Relay Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-msrp-relays-08.txt Date: 2006-07-26 – Last Call (Deadline: 2006-08-09) / Proposed Standard (draft-ietf-ccamp-crankback) Title: Crankback Signaling Extensions for MPLS and GMPLS RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-crankback-05.txt Date: 2006-07-26 – Approved by the IESG as Proposed Standard Title: DDP/RDMAP Security URL: http://www.ietf.org/internet-drafts/draft-ietf-rddp-security-10.txt Date: 2006-08-01 – Approved by the IESG as Informational RFC Title: Requirements for IETF Technical Publication Service URL: http://www.ietf.org/internet-drafts/draft-mankin-pub-req-11.txt Date: 2006-08-01 – Approved by the IESG as Informational RFC Title: SSH Public Key File Format URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-publickeyfile-13.txt Date: 2006-08-02 – Approved by the IESG as Proposed Standard Title: Real-time Application Quality of Service Monitoring (RAQMON) Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-rmonmib-raqmon-framework-16.txt Date: 2006-08-03 – Last Call (Deadline: 2006-08-17) / Proposed Standard (draft-ietf-midcom-mib) Title: Definitions of Managed Objects for Middlebox Communication URL: http://www.ietf.org/internet-drafts/draft-ietf-midcom-mib-08.txt Date: 2006-08-07 – Last Call (Deadline: 2006-08-21) / BCP (draft-ietf-ospf-iana) Title: IANA Considerations for OSPF URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-iana-01.txt Date: 2006-08-07 – Approved by the IESG as Informational RFC Title: CellML Media Type URL: http://www.ietf.org/internet-drafts/draft-miller-media-type-cellml-05.txt Date: 2006-08-07 – Approved by the IESG as Proposed Standard Title: IKE and IKEv2 Authentication Using ECDSA URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-auth-ecdsa-06.txt Date: 2006-08-09 – Last Call (Deadline: 2006-08-23) / Draft Standard (draft-ietf-idr-rfc3065bis) Title: Autonomous System Confederations for BGP URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc3065bis-05.txt Date: 2006-08-09 – Last Call (Deadline: 2006-08-23) / Proposed Standard Title: Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE) URL: http://www.ietf.org/internet-drafts/draft-ooms-v6ops-bgp-tunnel-06.txt Date: 2006-08-10 – Last Call / Proposed Standard (draft-ietf-avt-rfc3555bis) Title: Media Type Registration of RTP Payload Formats URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3555bis-04.txt Date: 2006-08-10 – Last Call / Proposed Standard (draft-ietf-avt-rfc3555bis) Title: Media Type Registration of RTP Payload Formats URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3555bis-04.txt Date: 2006-08-10 – Last Call (Deadline: 2006-08-24) / Proposed Standard (draft-ietf-sipping-gruu-reg-event) Title: Registration Event Package Extension for Session Initiation Protocol (SIP) Globally Routable User Agent URIs (GRUU) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-gruu-reg-event-06.txt Date: 2006-08-10 – Approved by the IESG as Experimental RFC Title: IETF Operational Notes URL: http://www.ietf.org/internet-drafts/draft-alvestrand-ipod-03.txt Date: 2006-08-11 – Last Call (Deadline: 2006-09-08) / Informational RFC (draft-jaganathan-rc4-hmac) Title: The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows URL: http://www.ietf.org/internet-drafts/draft-jaganathan-rc4-hmac-03.txt Date: 2006-08-11 – Last Call (Deadline: 2006-08-25) / Informational RFC (draft-ietf-netlmm-nohost-req) Title: Goals for Network-based Localized Mobility Management (NETLMM) URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-nohost-req-04.txt Date: 2006-08-14 – Last Call (Deadline: 2006-08-28) / Proposed Standard (draft-ietf-crisp-iris-lwz) Title: A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-lwz-06.txt Date: 2006-08-14 – Last Call (Deadline: 2006-08-28) / Proposed Standard (draft-ietf-crisp-iris-common-transport) Title: A Common Schema for Internet Registry Information Service Transfer Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-common-transport-03.txt Date: 2006-08-14 – Last Call (Deadline: 2006-08-28) / Proposed Standard (draft-ietf-crisp-iris-xpc) Title: XML Pipelining with Chunks for the Information Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-xpc-04.txt Date: 2006-08-14 – Approved by the IESG as Informational RFC Title: Mounting Web Distributed Authoring and Versioning (WebDAV) servers URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-mount-05.txt Date: 2006-08-18 – Last Call (Deadline: 2006-09-01) / Informational RFC (draft-ietf-l3vpn-ppvpn-mcast-reqts) Title: Requirements for Multicast in L3 Provider-Provisioned VPNs URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-ppvpn-mcast-reqts-08.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Informational RFC (draft-ietf-l3vpn-ce-based) Title: An Architecture for Provider Provisioned CE-based Virtual Private Networks using IPsec URL: http://www.ietf.org/internet-drafts/draft-declercq-l3vpn-ce-based-as-00.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Informational RFC (draft-ietf-pwe3-cesopsn) Title: Structure-aware TDM Circuit Emulation Service over Packet Switched Network (CESoPSN) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-cesopsn-07.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Informational RFC (draft-ietf-pwe3-tdmoip) Title: TDM over IP URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-tdmoip-05.txt Date: 2006-08-21 – Approved by the IESG as Proposed Standard Title: Graceful Restart Mechanism for BGP URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-restart-13.txt Date: 2006-08-21 – Approved by the IESG as Proposed Standard Title: The Session Initiation Protocol (SIP) Conference Bridge Transcoding Model URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-conf-03.txt Date: 2006-08-21 – Approved by the IESG as Proposed Standard Title: The Session Initiation Protocol (SIP) Conference Bridge Transcoding Model URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-conf-03.txt Date: 2006-08-21 – Approved by the IESG as Informational RFC Title: OAM Requirements for Point-to-Multipoint MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-p2mp-oam-reqs-01.txt Date: 2006-08-21 – Approved by the IESG as Informational RFC Title: OAM Requirements for Point-to-Multipoint MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-p2mp-oam-reqs-01.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Proposed Standard (draft-ietf-pwe3-sonet) Title: SONET/SDH Circuit Emulation over Packet (CEP) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-sonet-13.txt Date: 2006-08-23 – Last Call (Deadline: 2006-09-20) / Proposed Standard (draft-melnikov-imap-expunged) Title: IMAP4 extension for reporting expunged messages URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-expunged-01.txt Date: 2006-08-23 – Approved by the IESG as Informational RFC Title: ISDN subaddress encoding type for tel URI URL: http://www.ietf.org/internet-drafts/draft-munakata-iptel-isub-type-04.txt Date: 2006-08-24 – Last Call (Deadline: 2006-09-07) / Experimental RFC (draft-ietf-mip4-reg-tunnel) Title: Mobile IPv4 Regional Registration URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-reg-tunnel-03.txt Date: 2006-08-24 – Approved by the IESG as Proposed Standard Title: An additional mode of key distribution in MIKEY: MIKEY-RSA-R URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-mikey-rsa-r-07.txt Date: 2006-08-24 – Approved by the IESG as Proposed Standard Title: IMAP4 extension to SEARCH command for controlling what kind of information is returned URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-search-ret-03.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-ccamp-rsvp-te-exclude-route) Title: Exclude Routes – Extension to RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-te-exclude-route-05.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-ccamp-rsvp-te-exclude-route) Title: Exclude Routes – Extension to RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-te-exclude-route-05.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-mpls-lsr-self-test) Title: Label Switching Router Self-Test URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsr-self-test-06.txt Date: 2006-08-25 – (Deadline: 2006-09-08) / Title: Label Switching Router Self-Test URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsr-self-test-06.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-ccamp-rsvp-restart-ext) Title: Extensions to GMPLS RSVP Graceful Restart URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-restart-ext-05.txt Date: 2006-08-25 – Approved by the IESG as Proposed Standard Title: RTP Payload for DTMF Digits, Telephony Tones and Telephony Signals URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2833bis-15.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-mmusic-fec-grouping) Title: Forward Error Correction Grouping Semantics in Session Description Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-fec-grouping-05.txt Date: 2006-08-28 – Approved by the IESG as Proposed Standard Title: Common Policy: A Document Format for Expressing Privacy Preferences URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11.txt Date: 2006-08-28 – Approved by the IESG as Proposed Standard Title: Common Policy: A Document Format for Expressing Privacy Preferences URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-25) / BCP (draft-carpenter-rescind-3683) Title: Progressive Posting Rights Supsensions URL: http://www.ietf.org/internet-drafts/draft-carpenter-rescind-3683-01.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-11) / Proposed Standard (draft-ietf-sasl-gssapi) Title: The Kerberos V5 (“GSSAPI”) SASL mechanism URL: http://www.ietf.org/internet-drafts/draft-ietf-sasl-gssapi-07.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-25) / BCP (draft-carpenter-rescind-3683) Title: Progressive Posting Rights Supsensions URL: http://www.ietf.org/internet-drafts/draft-carpenter-rescind-3683-01.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-12) / Proposed Standard (draft-ietf-idr-as4bytes) Title: BGP Support for Four-octet AS Number Space URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-as4bytes-12.txt Date: 2006-08-28 – Approved by the IESG as Experimental RFC Title: Multiple Authentication Exchanges in IKEv2 URL: http://www.ietf.org/internet-drafts/draft-eronen-ipsec-ikev2-multiple-auth-02.txt Date: 2006-08-29 – Last Call (Deadline: 2006-09-12) / Proposed Standard (draft-ietf-mmusic-sdp-media-content) Title: The SDP (Session Description Protocol) Content Attribute URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-media-content-05.txt Date: 2006-08-30 – Approved by the IESG as BCP Title: Observed DNS Resolution Misbehavior URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-06.txt Date: 2006-08-30 – Last Call (Deadline: 2006-09-13) / BCP (draft-ietf-grow-anycast) Title: Operation of Anycast Services URL: http://www.ietf.org/internet-drafts/draft-ietf-grow-anycast-04.txt Date: 2006-08-30 – Approved by the IESG as Proposed Standard Title: NP Parameters for the “tel” URI URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-tel-np-11.txt Date: 2006-08-31 – Last Call (Deadline: 2006-09-14) / Informational RFC (draft-ietf-l3vpn-vpn-vr) Title: Network based IP VPN Architecture Using Virtual Routers URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-vpn-vr-03.txt Date: 2006-08-31 – Last Call (Deadline: 2006-09-14) / Experimental RFC (draft-ietf-hip-base) Title: Host Identity Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-base-06.txt Date: 2006-08-31 – Last Call (Deadline: 2006-09-14) / Proposed Standard (draft-ietf-dnsext-dnssec-experiments) Title: DNSSEC Experiments URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-experiments-03.txt]]> 1109 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-66-review-dns/ Thu, 07 Sep 2006 17:27:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1112 www3.ietf.org/proceedings/06jul. DNS Extensions Working Group The DNS Extensions Working Group deals with both the details of the DNS protocol and its extensions, such as the Security Extension (DNSSEC) . The group reports progress on reducing backlog and advancing documents. To date, the Wild Card Clarify draft, which updated the wildcard definition of RFC 1034, achieved RFC status (RFC 4592: The Role of Wildcards in the Domain Name System). According to the authors, the RFC did not change the essence of the protocol; rather, it refined the definition of RFC 1034 to make it more consistent and to reflect reality. The dynamic host client identifier draft is currently in the RFC Editor queue and the new Resource Record Type-code has been assigned by IANA (DHCID, Type-code 49). Four other documents are in IETF Last Call; two are in working group Last Call and the others are close to that stage. NSEC3 Update The work on NSEC3 is still progressing. A workshop where various implementations and specifications were tested was successful. Several issues were discovered in both the drafts and implementations. David Blacka presented those in detail at the IETF meeting, and a lively discussion followed that is likely to continue on the mailing list. A new workshop test is planned for September. In the meantime, a permanent testbed has been set up for the purpose of testing various ideas. Details of the efforts can be found at www.nsec3.org. Discussions will take place on the official dnsext-wg mailing list. DNS Trust Anchor Management A couple of competing drafts have emerged proposing a roll-over mechanism for updating the trust anchors in DNSSEC aware resolvers. Several reviews of the various methods have been published on the dnsext mailing list. A few common elements of the drafts include threshold schemata or the use of timers. The timer-based proposal seems to be the most complete, and it was agreed that the proposal should serve as the basis for further work. DNAME Clarify Effort Meeting participants expressed concern that RFC2672 (status: Proposed Standard) suffers from omissions and is unclear in terms of how the DNAME interacts with wildcards, EDNS0, compression and similar stuff. Plans are currently under way for the use of DNAME in a wide-scale operation, though the DNSSEC implementers expressed the need for clarification. The plan is to first collect open questions and perceived ambiguities in the DNAME specification in a separate draft and then to ask the working group for feedback in order to create resolutions that can be added to a DNAME Clarifications document. An explicit ‘non-Goal’ is the creation of a DNAME-2. New Work: DNS Cookies Donald Eastlake presented a proposal for a dynamic system that requires neither configuration nor set-up in order to provide weak authentication of queries and responses between servers and resolvers. It can be described as a weaker version of client authentication and is intended to greatly reduce the increasingly popular attacks that use forced source addresses. Although there was some interest in the proposal, it has not been formalised, and the community is encouraged to comment. Feedback on operational requirements will be solicited from the DNSOP WG. Mark Andrews proposed a method for revealing zone cuts without having negative entries recorded in caches. He wrote an Internet-Draft and asked about achieving Last Call (LC) for the document. Apparently, the method has already been implemented in the latest version of bind. Milestones Given the catching up there has been on the backlog and the new work trickling in, there is a need to update the milestones. The chairs will prepare a draft to discuss. DNS Operations Working Group The DNS Operations Working Group deals with the daily dross of operating DNS. The WG does not create protocols; the participants discuss the use of protocols in practice. Work on reducing the backlog continues and there are now a couple of Internet-Drafts in Last-Call stage or close to publication, such as the DNSSEC best practices and the server id. The last extension will make it easier to maintain DNS any-cast server clusters. Open Recursive Servers It became increasingly popular in the past year to use public recursive name servers as amplification mechanisms in D-DOS attacks. In essence, one spoofs the address of the victim and generates, via such public name servers, massive amounts of traffic to the victim. At the request of the WG chairs, Frederico Neves and João Damas have written an I-D to document this practice for the DNS operators and there have been discussions about the trade-offs when dealing with these attacks. Solutions are being discussed, and a new version of the I-D is expected to be published soon. Default Local Zones and AS 112 Project AS112 (www.as112.net) is a loosely organised group of volunteers who operate systems that respond to DNS queries for the reverse mapping of so-called private address space of BCP 5 (RFC 1918). These queries should never meet the public Internet. Therefore a two-stage approach for managing them was suggested. First, nameserver software vendors are encouraged to avoid leaking queries by directly answering those about local zones and, second, as a potential new WG work item, by documenting the setup of AS112 for new team members and organisations or site DNS administrators, which will reduce the pollution. Other (Non-WG) Internet-Drafts and Discussions Web server cookie-validation ads often make assumptions about the structure of the Top-Level-Domain (TLD) name space. As Yngve Pettersen presented, even though administrative hierarchy does not imply or follow the hierarchy of the DNS, concerns are being raised about attempts to subvert this principle. A number of suggestions were made, but no conclusions or actions were finalised. ENUM WG ENUM is a protocol that links the DNS with the VoIP and PSTN worlds by mapping phone numbers to services such as SIP, instant messaging, multimedia mail messages and, of course, phone calls. Defining and specifying ENUM services has been a major work item in the ENUM WG for some time, so it seems more than reasonable that the WG should now address the issue of providing guidelines and a registration template to aid future service registrants. The prospected multitude of services, and the use of the DNS NAPTR record, will lead to larger DNS responses; even more so when DNSSEC is used in combination with ENUM. Therefore, the WG is currently working on a recommendation to vendors and operators of ENUM-related name servers and clients to support the DNS EDNS0 protocol extension for larger packet sizes. There is a document collecting examples of the ways in which different implementers chose to interpret the ENUM specification. It is expected to serve as a source of information when it comes to clarifying and advancing RFC 3761, which is the big task for the ENUM WG in the next year. Miscellaneous The DNS is an attractive data publishing and retrieval mechanism, which explains why so many IETF working groups are working on DNS-based solutions for their particular problems. This offers ample opportunity for cross-working-group discussions that make it possible to share experiences designing DNS extensions while at the same time preserving the benefits that the DNS offers, such as scalability. The dnsext WG is working on an update to RFC 2929 that will make registration of new resource record types easier and that provides some operational and architectural guidance. This is also the intention of a draft initiated by the IAB that discusses trade-offs of several popular approaches for basing new applications on the DNS.

Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects the author’s personal perspective on some current highlights.

]]> 1112 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-66-review-wireless/ Thu, 07 Sep 2006 17:28:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1114 Group Providing IP Mobility Support for IPv6 Starts Up NETLMM, a group recently formed in the Internet Area is currently developing a protocol to provide IP mobility support for IPv6 in the network, rather than as a host-based service like Mobile IP. According to the NETLMM charter, the host is not involved in IP-level movement. The host keeps the same IP address across a span of the wireless network and wired backhaul that is limited topologically to a local area, called a localized mobility management domain. The host keeps the same IP address as it moves around a geographical area that is covered by a collection of wireless access points. The access points are connected through a wired IP backhaul into a topologically limited domain, called a localized mobility management domain. The exact topological extent of the localized mobility management domain depends on particular deployment circumstances. The host never changes its IP address as it moves across the localized mobility management domain, while routing updates to a mobility anchor from the local access router ensure that the host continues to receive its traffic. Existing cellular architectures provide similar support, but are limited to a single family of wireless technologies, such as UMTS, while NETLMM is independent of wireless link technology. NETLMM serves to complement Mobile IP, since Mobile IP is still needed if the host requires session continuity as it moves between localized mobility management domains. A problem statement document and a requirements document have been sent to the IESG. The IESG has reviewed the problem statement document and returned it for further editing; the requirements document is still in Area Director review. At the IETF 66 meeting, the primary topic of discussion was the first draft of the design team protocol document. The design team has been meeting since February, and the first draft of its protocol design was published in June. The protocol consists of messages to associate a mobile node with a mobility anchor in the wired backhaul network, called a Localized Mobility Anchor (LMA), when the mobile node first comes on the network. The protocol also provides messages that allow a Mobile Access Gateway (MAG) located at the access router to move the forwarding end point for the mobile node from one access router to another as the mobile node moves across the localized mobility management domain. The working group gave feedback to the design team on the document, recommending that the design team try to simplify the protocol. The working group also discussed a draft describing the mobile node to access router interface. Prior to the Montreal meeting, the working group was operating on a type of addressing model for the mobile node to access router interface called “multilink subnets”, in which the access routers all advertise the same IPv6 subnet prefixes on their wireless interfaces while continuing to function as routers on their wired interfaces. In the past, this model was discussed and rejected by the IETF. Currently, the working group is conducting discussions on its mailing list to determine the type of addressing model it will support. Outcomes are expected by early August. The protocol design team plans to continue meeting for two months and to issue a final draft in the middle of September. The working group is planning an interim meeting at the end of September to discuss issues with the design. It hopes to have the protocol draft ready for working group last call by early October. CAPWAP Makes Progress The Control and Provisioning of Wireless Access Points (CAPWAP) working group, which operates in the Operations and Management Area, is developing a protocol for control and provisioning of wireless access points. The initial target wireless protocol is 802.11, which is designed to allow a centralized Access network Controller (AC) to control a collection of access points, called Wireless Termination Points (WTPs), in the CAPWAP architecture. The AC performs such functions as power management, load balancing, and security, functions that are difficult to perform on the individual access points because they require co-ordination. The working group recently published two RFCs as follows: RFC 4564: describes objectives for the CAPWAP protocol RFC 4565: describes a protocol-design evaluation to determine which of several candidate drafts the working group should use as the starting point for the standard. The working group is planning to complete the protocol and MIB by June 2007. The chairs are interested in determining whether there are any implementations of CAPWAP underway, and in organizing an interoperability test. At their meeting at IETF 66, the editors of the CAPWAP protocol specification discussed issue resolution on the document. One of the main issues was the replacement of the original CAPWAP security protocol with datagram transport layer security (DTLS). The protocol document has now been edited to reflect the design change. Use of DTLS will ensure that CAPWAP would benefit from fixes of any flaws discovered in the DTLS protocol by other applications. The working group decided that the first standardized version of the protocol will reflect only changes to the 802.11 protocol that are incorporated into the 802.11ma specification. 802.11ma is an update of the 802.11 specification, which is due out next year and which will include all of the amendments (such as 802.11i, 802.11e, etc.) that have been put in place since the original 802.11 specification was published in 1999. The primary topic of discussion at the meeting was a proposal to multiplex control and data traffic between the WTPs and the AC on a single UDP port. This would cause all CAPWAP control messages in addition to all data traffic from the 802.11 terminals to go through a single port on the AC. The reason for this proposal is that it would simplify network-address-translation (NAT) keepalives for deployments in which NATs are positioned between the AC and WTPs. The keepalives on the control traffic between the WTPs and the AC serve to also keep the NAT bindings for the 802.11 terminal data channels active in case the terminals go dormant. The main argument against this proposal is that it would limit scalability. All traffic for terminals on the WTPs would need to go through a single port on a single AC. This would put a reduced upper limit on the number of WTPs that an AC could support, compared with the case in which multiple ports are used.

Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects the author’s personal perspective on some current highlights.

In addition, existing middleboxes between the WTPs and the AC won’t recognize the multiplex header, which could cause problems. A consensus call made earlier this year resulted in an almost even split in opinion among working group members. Currently, the working group is undergoing a rather heated debate about this issue, and the chairs have requested that the IESG provide a designated domain expert to provide input.]]> 1114 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/impressions-of-two-ietf-newcomers/ Thu, 07 Sep 2006 17:29:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1116 Alain Aina at IETF66 Photo: Michuki Mwangi The ultimate achievement for a technical engineer is the opportunity to participate at the highest level of Internet development, perhaps even serve as a co-author of an RFC. To most Internet engineers, the IETF is a revered organisation and involvement is regarded as a career high. We felt that our participation at the IETF meeting in Montreal was both a personal achievement and a motivational experience. It gave life to a process that we had experienced only on mailing lists. Having had the opportunity to be at the meeting, we were able to appreciate the passion and the energy that are put into the IETF for the good of the Internet. The 66th IETF meeting was held at the Palais des congrès in Montreal, Canada. The conference facility was large enough that with a total attendance of 1,257, it was difficult to comprehend a meeting of this magnitude. In Africa, most ICT-related meetings do not draw large numbers of participants, except for the WSIS, ITU, and ATU meetings. However, only at the IETF plenary meetings and the breakfast sessions could one appreciate the sheer number of participants. During the plenary, for example, the wireless network was challenged as a result of the large concentration of people in one room at one time. Nonetheless, being newcomers to the meeting, we must admit that the level of organisation was exceptional despite the numbers. It’s no wonder that the IETF budget runs into the thousands of dollars. Due to our keen interest in the DNS and IPv6, which is a result of our involvement in the African ccTLD and Internet Registry arena, we were interested in attending the working groups on the Internet operations and routing areas. Some of the issues concerning the deployment of DNS-SEC and IPv6 for our region were of particular interest to us. We learned that the Kenyan (.ke) and the Senegalese (.sn) ccTLD Registries have formal plans to commence DNSSEC trials in the near future. We also learned that AfriNIC, the African Regional Internet Registry, is currently undergoing IPv6 training in the region, with the aim of creating the necessary awareness and expertise for deployment. However, in order to appreciate the protocols functionalities, involvement in IETF discussion groups has helped unearth and clarify the challenges faced by those involved in deployment. By attending the IETF meetings, the reality of the issues is made even clearer through the deliberations on their impacts at the Working Group sessions. Of interest were the discussion on the AS112 draft and the DNS reflector attacks drafts that bring to the fore operational concerns as they apply to the DNS. The two drafts have proposed implementation recommendations that are, in our opinion, worth consideration. Initiating discussions within our region on these two drafts seems like a fair starting point for generating sufficient interest in the IETF activities. Finally, we noticed a large number of participants from the Asian region and were disappointed to see that, other than the two of us, there were no African participants. Increasing participation at IETF meetings from among African nations will be challenging and possible only through increased awareness of the meetings’ activities and role. A similar issue was raised at the plenary meetings in regard to the location of future IETF meetings. There were varied opinions as to why considerations should or should not be given to hosting meetings in developing countries and regions. Ultimately, it was felt that hosting the IETF meetings in a region that draws many participants was of more value than hosting a meeting in a location where there would be little participation. Unfortunately, if that was the primary criterion, it would virtually eliminate any possibility of hosting an IETF meeting in Africa. This makes it even more of a challenge to the communities in those regions to become active contributors to the future of Internet protocols and standards development, and not just consumers of the Internet. We wish to take this opportunity to thank ISOC for making our participation at the IETF 66 meeting possible. Further, we wish to thank our mentors, Joe Abley, Jaap Akkerhuis, John Crain, Lucy Lynch, Frederico Neves and ISOC staff members Mirjam Kühne and Matthew Shears for ensuring that we settled in without much ado.]]> 1116 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-tools-enhance-meeting-efficiencies/ Thu, 07 Sep 2006 17:31:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1120 http://tools.ietf.org/wg now provide HTML versions of all the WG agendas, including links to uploaded slides. This should provide a one-stop-shop for everything associated with an individual WG meeting, and has been made possible by the early access to presentations which the Secretariat’s new materials upload tool provides. In addition, the overall meeting agenda at http://tools.ietf.org/agenda has been enhanced so that IETF meeting attendees are able to view the layout of the meeting venue online and locate WG meeting rooms by clicking on the room number next to the WG meeting time. IETF Meeting Calendar Generator http://tools.ietf.org/calendar: Here you willl find agenda for upcoming IETF meeting, complete with check boxes for marking sessions you want to attend. An individualised calendar file for the week of the meeting will be created from this information, which can be downloaded and included in your preferred calendar application. The calendar tool has been tested using iCal, Outlook and Google calendar). A future addition of the Calendar Generator will allow you to ‘change your mind’ when creating your individual IETF meeting calendar. After opening http://tools.ietf.org/calendar, you will be presented with your previous choices and given the opportunity to change your selections. Other tool news, not directly related to the meetings: Searching for Documents by Name. On the left margin of the tools pages at http://tools.ietf.org/tools/ you will find now a search function that allows you search for any string (including the RFC number) in the title of an RFC or Internet-Draft. The results will offer html versions of the matching documents. Later this summer the Tools Team hopes to release a Notification Service (‘send me e-mail when this draft or charter changes’), which is intended to make it easier to keep track of changes in documents or WG charters. This tool will provide a selective notification mechanism for general use, complementing the IETF announcement mailing lists. It will include RSS and ATOM feeds from the available XML meta-information about Internet-Drafts, RFCs, and WGs. This format will make it possible for individuals and tool-builders to better interface with information from the IETF standards process in a well-defined manner. Over time, the notification tool will produce a complete history of document and charter changes, WG agendas, and minutes. The Tools Team is always interested in feedback about current tools or any wishes you may have. The team can be reached at tools-discuss@ietf.org. A full list of all chartered work items and their status can be found on slides presented by Henrik Levkowetz (PDF).  ]]> 1120 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dns-security-a-historical-perspective/ Thu, 07 Sep 2006 17:39:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1124 The DNS Security sub-group of the DNS working group met to identify the threats, security services, and requirements of interest to the DNS. The requirements will be distributed to the mailing list for discussion until November 30, 1993. After that time, strawman proposals may be distributed until January 31, 1993. The group will evaluate all proposals with the goal of creating one proposal at the next IETF. It was decided to create a DNS security working group. In parallel with the activities above a charter will be drafted for review and submission to the IESG. The working group was officially chartered in March 2004 with the following description.

The Domain Name System (DNS) security working group (dnssec) will specify enhancements to the DNS protocol to protect the DNS against unauthorized modification of data and against masquerading of DNS data origin. That is, it will add data integrity and authentication capabilities to the DNS. The specific mechanism to be added to the DNS protocol will be a digital signature. The digital signature service will be added such that the DNS resource records will be signed and, by distributing the signatures with the records, remote sites can verify the signatures and thus have confidence in the accuracy of the records received. There are at least two issues to be explored and resolved. First, should the records be signed by the primary or secondary (or both) servers distributing the resource records, or should they be signed by the start of authority for the zone of the records. This issue is relevant since there are servers for sites that are not IP connected. Second, the mechanism with which to distribute the public keys necessary to verify the digital signatures must be identified. Two essential assumptions have been identified. First, backward compatibility and co-existence with DNS servers and clients that do not support the proposed security services is required. Second, data in the DNS is considered public information. This latter assumption means that discussions and proposals involving data confidentiality and access control are explicitly outside the scope of this working group.

There are two elements of the first summary and the first charter that are important to an understanding of the history of DNS security. First, one of the greatest mistakes we made in those early days was failing to document the actual threat discussions that led to the selection of security services to be added to the DNS protocol. At the time it seemed pretty obvious and straightforward. The scope of work was limited and we estimated we would be done in about one year (an estimation that, unfortunately, has become the DNS Security mantra). In reality it would take more than two years until the first version of the work was completed, resulting in RFC2065 – Domain Name System Security Extensions by Donald Eastlake and Charlie Kaufman – being published in January1997, almost three years from when the working group was first chartered. Failing to document the threat analysis was wrong for at least two reasons. First, security experts will tell you that adding security without understanding why is like "putting the cart before the horse." A threat analysis provides a careful study of what is at risk and what needs to be protected. Although it is possible that the lack of this analysis could have been tolerated initially, DNS security is no longer the simple DNS extension it was once imagined it could be. Such a document would have served as an important baseline for reviewing future extensions. Second, with respect to the question of when DNS security will be done, the threat analysis would have established clear goals against which the DNS security specification could have been evaluated. Although a prologue was published in August 2004, the informational RFC3833 "Threat Analysis of the Domain Name System (DNS) by Derek Atkins and Rob Austein," it has not served this purpose. The conclusion from RFC3833 states:

Based on the above analysis, the DNSSEC extensions do appear to solve a set of problems that do need to be solved, and are worth deploying.

The document carefully, and probably wisely, does not judge whether the solved problems were the correct problems to solve or whether the solutions are sufficient. Thus, rather than declare “success” for the DNS security work its primary role was to end the almost 10 years of repeating discussions of why the protocol does what it does. Of course, the significance of this should not be underestimated since it has facilitated more focused effort on the issues that do need attention. The second element of the original charter worthy of special notice is the assertion that data in the DNS is public information. The extant intent of this statement was, as stated in the charter, to ensure that confidentiality and access control services were not considered by the working group, although in principal it is obvious that the information in the DNS is public. The primary purpose of the DNS is to map domain names to IP addresses to facilitate communication between two sites. If the information is not available or is inaccessible then the sites will not be able to communicate. Unfortunately, the assertion later conflicted with a business practice requirement: preventing the transfer of the entire contents of a zone. Although the data in the DNS must be available to be useful, in ordinary circumstances the DNS protocol inherently limits how quickly any client can access all the data in a zone. If a client knew all the domains in a zone it could query for the data available for each domain individually. Since the label for each domain in a zone could be as long as 256 characters, a brute-force search of the zone for valid domains is impractical. A protocol element for transferring the entire contents of a zone is available but all popular DNS server implementations include mechanisms that restrict access to this functionality. The result is that the entire contents of a zone is frequently unavailable to most clients. Adding DNS security added functionality that had not previously been present in the DNS. Specifically, if a client queried for a non-existent domain, the response would correctly and securely assert that the domain did not exist but, in addition, it would indicate the lexicographically next valid domain in the zone. Through repeated queries, a client could discover and download the entire contents of a zone. This feature (or mis-feature depending on your point of view) has come to be known in technical circles as “zone walking.” The requirement to prevent zone walking has become a gating factor in the deployment of DNS security, particularly with larger zones. Significant technical resources over several years have been focused on this issue. A solution that is approaching broad consensus includes the use of OPT-IN and NSEC3. A second interoperability event is scheduled for the fall of 2006. If it is successful (and all indicators are that it will be) we may see publication of the solution in early 2007. Moving on, as we neared the end of the first version of the DNS security extensions, dynamic update was getting attention from the DNS community. RFC2065 did include limited coverage of dynamic update issues, but ultimately, the security work for dynamic update was left as a follow on activity of the DNS Security Working Group. Our charter was updated in March 1996 to include dynamic update, as well as a few other technical issues. Of particular note is the fact that the working group moved into the Security Area with Jeff Schiller as Area Director with this update to its charter. RFC2137 – Secure Domain Name System Dynamic Update by Donald Eastlake – was published in April 1997. Along the way RFC2065 was updated according to implementation and operational experience from developers and early adopters. RFC2535 – Domain Name System Security Extensions by Donald Eastlake – was published in March 1999. After completion of the issues outlined in the second charter, it was time once again to consider the status of the working group. There was still work to be done. The zone-walking problem had not been resolved and there was a need to provide transaction level authentication by using shared secrets and one-way hashing in the form of TSIG (transaction signature), first published as RFC2845 in May 2000. An obvious choice would have been to update the charter accordingly and press on. However, there were two other IETF changes to consider. The DNS Security working group was part of the Security Area. At the time its charter was updated, most security work was being done in the Security Area and it was generally accepted that this was a good thing. More recently, there has been more discussion of the question of whether the protocol work was principally about security or whether security was a component of the protocol work to be done. In this regard, the core DNS security work was arguably complete. Implementations were in progress and the work to be done was either an extension or a new requirement based on operational DNS experience. When security work was a component of the protocol work to be done, as it now was with DNS security, there was some preference for the work to progress primarily with those experts. Thus, one change was a suggestion to continue the work in the Internet Area with the DNS work. Second, at the same time, the DNS IXFR, Notification, and Dynamic Update (DNSIND) working group, which was the only DNS working group at the time, was nearing completion of its charter’s stated goals. The question under consideration was whether to create separate working groups for the ongoing work items or to create a working group to manage the work items. In the spirit of the IETF, a few “hallway” conversations between the IESG, working group chairs, and other interested parties resulted in a proposal to create the DNS Extensions (DNSEXT) Working Group to manage DNS related work items. The DNSSEC and DNSIND working groups concluded in December 1999 and January 2000, respectively, coincident with the chartering of the DNSEXT working group. DNS security work began anew with early deployment experiments of RFC2535 by the Swedish and Dutch top-level domain operators, NLnet Labs, and RIPE NCC. They discovered operational problems with the key exchanges between the DNS parents and children. This was one of the principal issues that resulted in a major rewrite that became three specifications – RFC4033, RFC4034, and RFC4035 – published in March 2005. Unfortunately, the zone walking problem had still not been resolved, although this time the working group committed to solving the privacy problem. During the last few months of the rewrite a few large top-level domain registries came to realize and asserted that the non-requirement for privacy would prohibit the deployment of DNSSEC in their environment. After careful consideration of the issue, the working group believed that a solution could be added after a deployed base of the rewrite existed. Thus, rather than delay the specifications any longer they were published so the working group could lend some focus to the zone walking problem. DNS security work continues today under the auspices of the DNSEXT working group. Updates have progressed along with some new work. Zone walking will hopefully be resolved soon. Unfortunately, we are still not done but “we will be done soon,” or so the story goes. Finally, early adopters are deploying the protocol and the DNS Security Extensions Deployment Intiative http://dnssec-deployment.org is working to encourage voluntary adoption of DNS security protocols as part of a global effort to improve the security of the Internet’s naming infrastructure. We are much closer to declaring success now than we have been in the 10 years since the first specification was published. It is worth noting that over the years there has been a shift in the type of people who have worked on DNSSEC development. It started with security people, moved to DNS protocol experts, and finally more operationally inclined experts joined the effort to get their concerns addressed. Each group had its own requirements, and the DNSSEC specification changed accordingly. DNSSEC, like all IETF protocols, is a slave to the members of the working group who have responsibility for it. Although such evolution is arguably rational, perhaps some of the past 13 years could have been spared if more of us could have been working together sooner, rather than one after another. It would be useful to analyze whether and how the IETF could have worked more efficiently. No protocol should ever take more than 13 years to be deployed.

Note: This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects the author’s personal perspective on some current highlights.

[Editor's note: For a more detailed technical description of DNSSEC, see the recent publications at http://ispcolumn.isoc.org ]]]> 1124 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-multihoming-and-open-issues-in-gse2/ Thu, 07 Sep 2006 17:41:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1126 Abstract This draft has three objectives:

1. to discuss the impact of multihoming on the scalability of the global routing system;
2. to provide an overview of GSE, one of the early proposals by Mike O’Dell to address the multihoming scalability problem;
3. to identify open issues raised by the GSE proposal, which may serve as a first step toward resolving them.

1. Introduction In its original design IPv4 had a class-based address structure that divided the 2^32 address space into 2^7 large networks (Class-A), 2^14 medium size networks (Class-B), and 2^21 small networks (Class-C)³.

GSE stands for Global, Site, and End-system address elements.

Each network is represented by a Network ID, also called a network prefix, with the length of 8 bits, 16 bits, and 24 bits for Class A, B, C networks, respectively. Global routing was performed by matching the high order bits of the packet destination address against a table indexed by network prefixes. Each prefix took one entry in the global routing table and the length of the prefix was implied by the address class.

³ In addition, a block of 2^28 addresses was assigned to multicast address, and another 2^28 block was reserved.

The explosive growth of the Internet during early 1990′s brought serious scalability problems to the Internet routing infrastructure: there were too few Class-A address blocks to give out; Class-B blocks were nearly exhausted; and as a result a large number of Class-C blocks were assigned. Because each Class-C network has only 256 addresses, one institution might have to get multiple Class-C address blocks. Since each network ID takes one entry in the global routing table, the table started growing at an alarming rate, until Classless Interdomain Routing (CIDR) was deployed [RFC4632].

⁴ On the surface it seems that the Moore’s law should be more than adequate to handle the DFZ routing table growth rate. One should understand, however, that routing scalability is a multi-dimension issue, a large table size brings a number of problems in other dimensions which, unfortunately, need to be explained in another article.

At the time it was deployed, CIDR provided an effective way to slow down the growth of the routing table in the Internet backbone, commonly referred to as the Default Free Zone (DFZ). 15 years after CIDR’s deployment, however, today’s global routing system is facing serious scaling problems again. A rough estimate from the weekly CIDR report [1] shows that the IPv4 DFZ routing table size has gone up by about 36% since September 2004 and doubled since January 2001. The rate of growth also seems to be accelerating over time and, if the current acceleration rate is maintained, the DFZ routing table size would double again in about early 2010⁴. What is the main cause of the rapid routing table growth this time? The problem appears to be customer multihoming and traffic engineering. The multihoming induced routing scalability problem has long been recognized, and a number of recent IETF efforts have been dedicated to the development of solutions to the problem [2,3]. This draft is intended to help the reader fully understand the importance of the problem, and to describe some alternative solutions in the design space. We first describe the relation between edge multihoming and traffic engineering practice and DFZ routing scalability. We then describe an early proposal, GSE by O’Dell from 1997, and show how it works to resolve the multihoming scalability problem. We also identify some of the open issues that must be resolved before GSE, or similar proposals, can be deployed in practice. 2. Impact of Multihoming on Routing Scalability The basic idea behind CIDR is simple: the size of an IP address block is allowed to be 2^n, where 0 <= n <= 32. This simple idea helped slow down routing table growth in two ways. First, each organization needs only one address block of the right size, as opposed to multiple Class-C blocks in pre-CIDR days. Second, and perhaps more important, CIDR allows an Internet Service Provider (ISP) to divide an allocated address block into multiple pieces of potentially different sizes, and to assign each piece to a customer according to its need. Each IPv4 address block allocated to an ISP typically has an address prefix 8-21 bits long. The address block allocated to a customer is represented by a prefix longer than the ISP's prefix, with the high order bits being the same as the ISP's prefix. The ISP can announce the prefix of its allocated address block to the global routing system and receive data traffic destined to all of its customers, as long as none of the longer prefixes assigned to individual customers are announced separately. The ISP then distributes the traffic to its customers according to their individual address prefixes. Thus CIDR enables an ISP to support many customers while still announcing only one aggregated prefix to the global Internet. In an ideal CIDR case, the number of routing table entries should be around the same order of magnitude as the number of ISPs. However, in reality, the former has always been much larger than the latter, since each ISP tends to have multiple allocated address blocks, and more important, there exist a large number of provider-independent (PI) prefixes; many of these are legacy allocations that predate the introduction of CIDR. PI prefixes are the address blocks allocated to customer networks directly. The important property of a PI prefix is that its owner has the freedom to switch providers without renumbering the network. Furthermore, a network with a PI prefix can connect to multiple ISPs simultaneously. This is known as multihoming, which allows the network to stay reachable through whichever providers remain functional when some part of the Internet fails. As Renesys' measurement of the 2003 US East Coast blackout shows, well engineered multihoming can be an effective way to ensure Internet connectivity [4]. In the absence of network failures, a multihomed site can distribute outbound traffic across multiple provider connections to maximize some locally defined goals such as cost, throughput, and/or performance. If routing policy permits, a customer may also subdivide its address allocation, that is, split its prefix into multiple longer ones that are then used for load-balancing the incoming traffic, as shown in Figure-1 below: The aforementioned advantages of multihomed sites, however, come at the cost of one or possibly multiple entries per site in the global routing table. During the early days of CIDR deployment, the number of customer networks was relatively small, few were multihomed, and most of them got address assignments from their ISPs. Thus CIDR aggregation worked out well. However over time more and more customer networks became multihomed for improved Internet availability and performance. Our recent measurement results indicate that today the majority of customer networks are multihomed [5].

⁵ Assuming provider P1makes a single aggregated prefix announcement P for multiple customers. If one of the customer networks, C, with a P1 assigned prefix Pc P multihomes with another provider P2, P2 will announce reachability to prefix Pc. This in turn will force P1 to announce PC as well – that is, de-aggregating its routing announcements. Otherwise it would not get any traffic going to C.

Such pervasive multihoming practice has made a profound impact on the scalability of the current routing and address architecture. Being reachable through any of its providers implies that a customer network must be visible in the global routing table, that is, it must announce a PI prefix, or otherwise make its providers announce a specific prefix for it⁵. Moreover, if a site wants to load-balance incoming traffic, it may also split its prefix into multiple longer ones and announce them to different ISPs. Consequently, both of CIDR’s advantages mentioned earlier, one address block per customer site and ISP aggregation of customer prefixes, are lost through current multihoming and traffic engineering practices. A number of people foresaw the routing scalability problem resulting from multihoming and proposed solutions. Below we describe GSE, one of the earliest proposed solutions suggested by Mike O’Dell in 1997. 3. GSE: An Alternate Addressing Architecture for IPv6: How It Works

⁶ Goop is American slang for a messy but useful substance.

The proposed IPv6 address structure inherits from IPv4 the CIDR-style “Provider-based Addressing”. Recognizing CIDR’s intrinsic limitation in the presence of multi-homed sites, O’Dell proposed to divide IPv6′s 16-byte address into three parts, with the lower N bytes being the End System Designator (ESD), the middle M bytes representing site topology partition (STP) for local routing, and the top (16-M-N) bytes being Routing Goop⁶, or RG, to be used for routing between providers. A Routing Goop signifies where a site attaches to the Global Internet, and a multihomed site will have multiple RGs, one for each of its providers. As the site changes providers, its RGs change but not the remainder of the address structure. When a packet flow moves from one provider connection to another, the RGs in the packets’ addresses change as well. Therefore GSE requires that transport and all of the higher level protocols use the ESD portion, instead of the whole IPv6 address as connection identifiers.

⁷ Site-Local in GSE has no relation to the now-deprecated site-local addresses in the IPv6 specification earlier.

The fundamental novelty in the GSE design is to hide a site’s RG from its internal hosts and routers, so that they are insulated from the external topological connectivity and such changes as multihoming or re-homing (that is, changing providers). This insulation is implemented through the following steps as shown in Figure-2. (1) When generating a packet, the source host fills the destination address with a complete 16-byte IPv6 destination address, including the RG, that it receives from DNS resolution, and fills the upper (16-M-N) bytes in the source address with a special “Site-Local” prefix⁷. (2) If the destination is not within the local site, the packet will leave the site via one of possibly several site boundary routers, which will insert a proper RG, expected to be used for returning packets of the same end-to-end communication, into the packet’s source address. (3) When the packet reaches a site boundary router of the destination network, the router will replace the RG in the destination address with the Site-Local prefix. As a result, the internal routers and hosts of a site should never see the value of its own RG. This insulation provides a site with the flexibility of re-homing and multihoming. Because a site’s interior should have no knowledge about the RGs, the site administrator can change providers, and hence change the RGs, whenever needed. At the same time ISPs can also aggressively aggregate RGs as needed for routing scalability. However, every coin has two sides. Along with its gains GSE also raised a set of new issues that must be fully understood and resolved before it can be put into deployment. In the next section we briefly describe a few of the major ones that have been identified. Before leaving this section we would like to point out that GSE was not the only proposal in the direction of insulating edge networks from transit providers. In RFC1955 Bob Hinden proposed an ENCAPS scheme that separates providers and customers into two address spaces and uses tunnels to carry packets from source customer networks over the provider space to reach destination customer networks [6]. Here the tunneling plays a role similar that of the RG in the GSE design, hiding the provider space from edge networks. 4. Open Issues in GSE Before diving into specific open issues in GSE, we would like to stress that the list of issues mentioned in this section is not complete and does not necessarily capture all the major ones. Rather we hope that the list can serve as a starting point for future discussions; some of these issues were also mentioned in the GSE proposal [5]. [RFC4218 and RFC4219] provide good sources of information for general threats and considerations in the development of multihoming solutions. 4.1 RGs and DNS Servers Since hosts learn about destination RGs from DNS lookup, naturally DNS plays a critical role in GSE. One new issue raised by GSE is which RGs to use to reach DNS servers. Even if one may assume that DNS root servers will use host routes that stay relatively stable, other DNS servers may be reachable by using one of multiple RGs. When the hosting sites change providers, the RGs used for reaching the DNS servers also change. Assuming the network hosting one of the example.com DNS servers is multihomed, which one RG or how many RGs should be returned from a DNS server lookup for example.com? Although GSE strives to insulate a site’s internal hosts and routers from RG changes, DNS servers are exceptions. The authoritative DNS servers of a customer site must know the RGs of the site in order to resolve the DNS names for the site, and thus they must be updated with all of the RG changes. Furthermore, whenever a site changes its RGs, all of the DNS servers in the site, both its own and others that it hosts, change their IP addresses. Hence, all of the parents of all of those servers, as well as their owners, must be properly updated. In addition, GSE also brings up the need for supporting 2-faced DNS. That is, a DNS server must be able to tell whether a query is from a local or remote host, so that it can decide whether to put Site-Local or the site’s RG(s) in the returned address. For hosts in a multihomed site, the DNS server must also decide which of the multiple RGs to put in the addresses in DNS replies. As we will mention later, one organization may have multiple sites that are interconnected through both a private internal network and the external transit core, thereby adding additional complexity to 2-faced DNS servers. 4.2 The Border Links

⁸ Since sources get the destination RGs through DNS lookup, at least in theory it may be possible to capture the status of the destination edge links through dynamic DNS updates to the destination DNS servers. However the GSE proposal recommended against this approach [2].

As one can see from Figure-2, although GSE insulates edge networks from the transit core, there exist physical links that connect the former to the latter. Let us call them border links. On one hand, when packets exit the source site, it is possible to make the source site be aware of the status of its border links and associated routers, so that outbound packets can choose exit routers to avoid any failed border link or router. On the other hand, which border link at the destination end a packet may travel through is determined by the RG in the packet’s destination address. In picking a destination RG, the source site has no easy way to tell whether any of the remote edge links may have failed in order to avoid it⁸. The GSE proposal suggested manually configuring all of the routers serving the same site to be aware of each other as a group; in case one of the routers loses its connectivity to the site, it can tunnel traffic to the others in the group. Such configuration not only requires close coordination between competing providers, but also must be done for tens of thousands of multihomed edge sites, which posts a big question mark on the feasibility of this proposed solution. We would like to point out that this issue of handling border link failures is not unique to GSE; the ENCAPS proposal shares a similar problem. In fact any approach in the direction of separating edges from the transit core will find that some special handling is needed to deal with border link failures. Those links along the isolation boundary provide connectivity between the transit core and edge networks. However, they are not covered by routing protocol of the transit core because the edge networks at the other end of those links are now isolated from the core and are no longer routable entities. 4.3 RGs and Tunnels IP tunneling has been widely used as an simple way to meet various special packet delivery needs. Generally speaking, an IP tunnel can be set up between any two nodes in the same address space. However the GSE design raises new issues in tunneling due to its separation of RGs and the rest of the IP address. In GSE, it is unclear whether tunneling would still be allowed between any two IP boxes, or have to be constrained to being between site border routers only. For an IP tunnel across RG boundaries, there are also questions regarding which source and destination RGs should be given to the packets going into the tunnel, and how to handle the packets when they get out of the tunnel and land on a different site. In light of the extensive use of Virtual Private Networks (VPNs) that has grown up since GSE was proposed, and the use of tunnels at protocol layers below IP, tunneling operations need a thorough examination in the GSE context. 4.4 Traffic Engineering When an edge network is multihomed, generally speaking it would like to be able to choose exit routers for outbound traffic (outbound traffic engineering) and entry routers for incoming traffic (inbound traffic engineering). In addition, a transit network may also wish to know how many different paths it has in order to reach a given destination network, so that it can send packets in certain proportion along parallel paths based on some locally defined criteria (transit traffic engineering). GSE was proposed as a scalable way to support site multihoming, but it did not directly address the need for traffic engineering. In particular, the GSE draft mentioned only packets reaching a desired source site exit router, without elaborating on exactly how to direct outbound traffic toward potentially multiple exits. Similarly, the destination RGs are included in the DNS replies, but it is left open as to whether the DNS server, or the sending host, should decide which RG to use among multiple options for inbound traffic engineering. Transit traffic engineering is even more challenging, as a transit network would have no easy way to tell whether packets carrying different destination RGs belong to the same destination site. In short, although it may be possible to enhance GSE for achieving traffic engineering goals, the existing GSE proposal clearly does not solve this problem. 4.5 Other GSE Related Issues GSE opened a door to decouple edge sites’ internal addressing from its connection to the transit core, yet how to take this opportunity to build scalable and robust transit routing operations remains an open issue. In [2] O’Dell sketched out an idea of partitioning the global Internet into a set of tree-shaped regions anchored by “Large Structures (LS)”. Flat-routing is carried out between LS’s and within the regions under each LS. Any two LS’s may share a tangency below the top level for “cut-through” paths, but such cut-through paths were considered controlled circumvention of otherwise hierarchical paths. Measurement results suggest that, over the past 10 years, the global topology has become more densely connected, and interconnection below the top level has become the norm rather than controlled circumventions, suggesting that the originally proposed RG structure and usage may need to be re-evaluated. Another issue involves routing within large organizations that may have a presence in multiple locations, as well as routing packets between multiple sites of the same organization through the transit core. Each of the sites may be connected through a private internal network, as well as having its own RGs for the connections to the transit core which may also change from time to time. In a GSE setting, how to best utilize both internal and external connectivity for packet delivery between sites seems an entirely open question at this time. Yet another important issue in GSE deployment concerns the management of End System Designator (ESD) space in order to assure ESD’s global uniqueness, as ESDs would be used for end-to-end connection identifications. One must also be prepared to handle ESD collisions in case they occur. 5. A Few Ending Words It has been nearly 10 years since the GSE proposal was published, yet the problem GSE was set forth to solve is still with us today, and can potentially get much worse when IPv6 starts seeing wide deployment. Despite the IETF’s effort in developing multihoming support with provider-allocated addresses [2, 3], regional Internet registries have been under heavy pressure from customers to allocate Provider-Independent IPv6 address blocks, a worrisome sign for IPv6′s future routing scalability. GSE pointed out a brand-new approach to the multihoming support problem. However because it is drastically different from existing practice, at the time it was proposed, a large number of concerns were raised (some of which were captured in [8, 9]), and the original proposal was never fully explored to appreciate its advantages, to understand its tradeoffs, and to identify its open issues. In our search for a scalable global routing system design, it seems worthwhile to pay a full revisit to the GSE proposal. Acknowledgment First of all, I would like to thank Mirjam Kühne. This article would not have been written without her encouragement and patience. I sincerely thank David Meyer, Brian Carpenter, David Thaler, and other IAB members for their comments. Special thanks go to Elwyn Davies who painstakingly went through an earlier draft and made numerous corrections. References

[1]	www.cidr-report.org
[2]	IETF Site Multihoming in IPv6 Working Group, www.ietf.org/html.charters/multi6-charter.html
[3]	IETF Site Multihoming by IPv6 Intermediation Working Group, www.ietf.org/html.charters
[4]	"Impact of the 2003 Blackouts on Internet Communications”, Renesys Corporation,www.renesys.com/tech/presentations/blackout_results, November 2003.
[5]	"Observing the Evolution of Internet AS Topology", R. Oliveira et. al., submitted for publication, August, 2006.
[6]	"GSE – An Alternate Addressing Architecture for IPv6", Mike O’Dell,www.watersprings.org/pub/id/draft-ietf-ipngwg-gseaddr-00.txt February 1997.
[7]	"New Scheme for Internet Routing and Addressing (ENCAPS) for IPNG", R. Hinden,www.ietf.org/rfc/rfc1955.txt, June 1996.
[8]	Minutes from the two day IPng interim meeting February 27-28, 1997,http://playground.sun.com/pub/ipng/html/minutes/ipng-minutes-feb97.txt.
[9]	"Separating Identifiers and Locators in Addresses: An Analysis of the GSE Proposal for IPv6", M. Crawford et. al., http://ietfreport.isoc.org/idref/draft-ietf-ipngwg-esd-analysis/ October 1999. [RFC4632] "Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan", V. Fuller and T. Li, www.ietf.org/rfc/rfc4632.txt, August 2006. [RFC4218] [RFC4219]

 ]]> 1126 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/calendar-2/ Fri, 27 Oct 2006 16:28:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1486 Autumn 2006 – 67th IETF November 5 – 10, 2006 Host: Siemens Location: San Diego, US Spring 2007 – 68th IETF March 18 – 23, 2007 Host: TBD Location: Prague, Czech Republic Summer 2007 – 69th IETF July 22 – 27, 2007 Host: TBD Location: Chicago, US Autumn 2007 – 70th IETF December 2 – 7, 2007 Host: TBD Location: TBD]]> 1486 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-irtf-4/ Fri, 27 Oct 2006 16:30:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1489 Delay-Tolerant Networking (DTN) RG The DTN RG met in Berkeley, California, in May in addition to conducting a review with the IAB. New work has begun on bundle-in-bundle encapsulation and on defining new bundle headers/blocks. End-to-End (End2End) RG The End2End RG is planning a meeting in summer 2006 to discuss, among other things, the re-evaluation of the state of work on congestion control. The re-evaluation will be coordinated with the Internet Congestion Control (ICC) RG. Host Identity Protocol (HIP) RG The HIP RG met at the past two IETF meetings. The HIP over NAT problem statement is currently in the RFC Editor queue. The experimental report is progressing. Internet-Drafts on the following topics are in preparation:

• Simultaneous multi-access
• Service discovery
• TCP piggybacking

Internet Measurement (IM) RG The IM RG is considering two workshops: one on techniques for application identification and the other on IM RG bandwidth estimation, at which the RG will determine whether the techniques are ready for standardisation. IP Mobility Optimization (MobOpts) RG The document on "Route Optimization Enhancements" will be published as the first IRTF RFC. The RG is further investigating the effect of mobility on transport protocol performance, with measurements on operational networks as well as simulation. The RG has access to a testbed and has developed a draft on Layer-2 abstractions for Layer-3 handover. Internet Congestion Control (ICC) RG In May, Michael Welzl joined S. Keshav as co-chair of the ICC RG. A wiki page has been developed and the RG is now working on an online bibliography. There has also been discussion of one or more "survey" documents. The surveys will catalog the IETF RFCs on congestion control in addition to experimental congestion control protocols. Network Management (NM) RG The Network Management RG met during IETF 66 to discuss SNMP trace collection and analysis. A workshop is planned to identify network-management research challenges and to draft a five-year research agenda. Routing Research Group (RRG) The Routing Research Goup met in Barcelona in April during InfoCom and is currently searching for a new co-chair. The documents "Routing Requirements" and "History of Routing Requirements" are awaiting final updates. The RG is planning to meet at the IETF in November in San Diego. Scalable Adaptive Multicast (SAM) RG The SAM RG had its first meeting at IETF 66 in Montreal. A couple of Internet-Drafts are in preparation (see www.samrg.org/bib for a full bibliography). SAM RG co-chair John Buford gave a short review of IP Multicast and explained why it is needed. For example, multicast achieves bandwidth savings over unicast. Certain applications, such as real-time video-streaming, are difficult or impossible to deploy without it. The goal of the SAM RG is to enhance the benefits of multicast by offering flexible and incremental deployment options. With three different types of Multicast available – Application Layer Multicast (ALM), Overlay Multicast (OM) and Hybrid approaches – the group is attempting to create a unified framework that enables interoperability of different multicast protocols based on network, traffic, and group properties. The group is hoping for a dynamic transition between protocols and mechanisms to optimise performance. There are, however, challenges with this approach. For example, determining multicast support by region may require significant awareness of the network topology. For another example, constructing trees across regions will require mapping between different protocols for tree construction and group membership. The RG has prepared two Internet-Drafts. As next steps the SAM RG will prepare a problem statement and driving scenarios, requirements for a SAM framework, and a survey of ALM/OM/Hybrid technologies and performance metrics. For more information, see the SAM web site: www.samrg.org]]> 1489 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/editors-welcome/ Mon, 07 May 2007 16:40:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1035 1035 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-incoming-ietf-chair/ Mon, 07 May 2007 16:43:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1040 At IETF 68, I was honoured to accept the position of IETF chair. I have the privilege of standing on the shoulders of the giants who came before me: 2005 - 2007 Brian Carpenter 2001 - 2005 Harald Alvestrand 1996 - 2001 Fred Baker 1994 - 1996 Paul Mockapetris 1986 - 1994 Phillip Gross 1986 Michael Corrigan The mission of the IETF is to make the Internet work better. However, no one is “in charge” of the Internet. Instead, many people cooperate to make it work. Each person offers a unique perspective of the Internet, and such diversity of perspective sometimes makes it difficult to reach consensus. Yet once consensus has been achieved, the outcome is better, clearer, and more strongly supported than the initial position of any one participant.   As Security Area director, my focus was on the continuous incremental improvement of the security of the Internet. My focus as IETF chair must be broader. I will focus on continuous incremental improvement of all aspects of the Internet, as well as on continuous incremental improvement of the IETF standards development process. I look forward to IETF 69 in Chicago on 22 – 27 July 2007 and to IETF 70 in Vancouver, Canada, on 2-7 December 2007. Scheduling information for the next IETF meetings may always be found viawww.ietf.org/meetings. I hope to see you there. As a longtime researcher and as founder of Vigil Security, LLC, in Herndon, Virginia, Russ Housley is no stranger to Internet security or the standards-development process. As the new IETF chair, Russ brings 25 years’ experience in security protocols, certificate management, cryptographic key distribution, and high-assurance design and development practices. Prior to accepting the IETF chair position, Russ served as Security Area director, and prior to that he chaired the Secure MIME (S/MIME) working group. His past work experiences include positions with the Air Force Data Services Center (AFDSC), Xerox Special Information Systems (XSIS), SPYRUS, and RSA Laboratories. Russ served as editor for several cornerstone Internet public key infrastructure (PKI) standards, including RFC 3280. In November 2004, Russ was recognised by the IEEE 802.11 working group for his contributions to IEEE 802.11i-2004, which fixes the severe security shortcoming of the Wired Equivalent Privacy (WEP). He is co-author of Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (John Wiley & Sons, 2001) and is listed as an author on 36 RFCs. Russ received a B.S. in computer science from Virginia Tech in 1982 and an M.S. in computer science from George Mason University in 1992.]]> 1040 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/farewell-from-the-outgoing-iab-chair/ Mon, 07 May 2007 16:44:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1042 As I’ve steadfastly refused to grow a grey beard, I will claim I’m too young to take full retirement! But, after five years of chairing the Internet Architecture Board (IAB), I am pleased to step down and pass the task into the capable hands of Olaf Kolkman. Any number of jokes can be made about the A in IAB standing for administration or appeal – and it is a fact that the IAB has several roles to fulfil in those areas. However, the IAB has remained true to its mandate to provide oversight of the architecture for the protocols and procedures used by the Internet. As the scope of the Internet grows, so does the architectural oversight challenge. Over the past five years, we’ve worked to meet that growing challenge by leveraging the 13-member IAB to provide leadership and guidance of architectural discussions in the open consensus environment of the IETF. The challenge of providing focused architectural leadership is not going to lessen in the coming years, particularly as the Internet hits some growing pains, such as the current discussions about routing and addressing issues and internationalisation. I am confident that Olaf will provide the thoughtful guidance needed for the IAB to take those issues on and provide oversight, even as the reality remains that the Internet is for, and built by, everyone: we can all be contributing to the discussions of sound Internet architecture.]]> 1042 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-incoming-iab-chair/ Mon, 07 May 2007 16:45:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1044 Writing this report, which is my first for the IETF Journal, is one of the many tasks I inherited from Leslie when I took over as Internet Architecture Board (IAB) chair during the IETF meeting in Prague. Only when I received the token did I begin to appreciate the extent of my predecessor’s achievements. I will not make an attempt to enumerate all of Leslie’s many achievements, but I think it is good to explicitly recognise her critical role in the reorganisation of the IETF over the past few years. In her role as IETF Administrative Oversight Committee (IAOC) member, she was a driving force in formalising the relations between the IETF and the RFC editor. In her role as IAB chair, she set the bar pretty high. It will be a challenge to match the quality and quantity of her efforts. During this IETF there were two mutations in the IAB’s membership. Both David Meyer and Bernard Aboba retired, while Danny McPherson and Barry Leiba joined the IAB. Traditionally, shortly after the change of its members, the IAB organises a retreat to assess its previous year’s work and to begin planning new activities. That retreat will take place 31 May-1 June in the Boston area. As of this writing, the agenda is not set, but, no doubt, two topics will get attention and both will be framed around the question of what the IAB can, will, and needs to do as a follow-up to the two IAB workshops held in 2006: the workshop on unwanted traffic and the routing and addressing workshop. (Both reports will be in the RFC editor queue when this publication goes to press.) Based on activities during IETF 68, it is clear that the routing and addressing workshop unleashed a lot of energy. It is also clear that the community is still trying to get a grip on the exact problem and on the scope of the solution. The IAB and the Internet Engineering Steering Group (IESG) have established a routing and addressing directorate to assist in the coordination of efforts, as well as the establishment and maintenance of communications between the various stakeholders and the IETF leadership. While the IETF works on a better understanding of the problem and on scoping the solution space, there will no doubt emerge architectural issues that require better understanding and the determination of where the technical role for the IAB is. In the meantime, the IAB will also try to assess whether and how it can play a proactive role in this effort. Olaf Kolkman was born and raised in the Netherlands. He was trained as an astronomer but his interest in Internet technology took hold around 1996. He joined the RIPE NCC in 1997, where he became involved in the test-traffic project. That project brought him in contact with the IETF and he attended his first meeting in Munich. After acting as operations manager he became systems architect in 2000, responsible for DNSSEC deployment at the NCC. In 2005 he joined NLnet Labs, a R&D foundation, as chief executive. He is an IAB member since March 2006.]]> 1044 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-7/ Mon, 07 May 2007 16:46:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1046 Note: This is not a complete report of the plenary sessions; rather, it is a summary of the highlights of the discussions. All IETF 68 presentations can be found on IETF’s website At IETF 68, the operations and administrative plenary session consisted of two parts: The first consisted of the usual updates on administrative and operational IETF issues. The second was dedicated to the status of the routing and addressing problem (ROAP). IETF 68 attendees heard from Morgan Sackett – a representative of VeriLAN, the company providing network as well as network operations centre (NOC) services for the meeting – who gave a brief presentation that described the general network layout. Attendees also heard from Jon Lindberg, vice president of Secretariat Services, who gave an elevator speech about NeuStar’s services. NeuStar Secretariat Services (NSS) organises the IETF meetings and is responsible for tools development and the overall IT infrastructure. Brian Carpenter presented Jon with a plaque of contribution to NeuStar for hosting IETF 68, a gesture recently introduced at the meetings to recognise IETF meeting host organisations. IETF Stats Brian provided a summary report, including updates from the IETF Administrative Director (IAD), the Internet Assigned Numbers Authority (IANA), and the RFC Editor. The March 2007 meeting was attended by 1,200 people, which is roughly the same number of people who attended the meeting in Dallas one year ago. The number of countries increased, though, from 36 at the meeting in Dallas to 45 at the meeting in Prague. Participants from the United States are still in the majority but constituted only about a third of the participants compared with about half last time. Since IETF 67, three new working groups (WGs) have been created, and six WGs have been closed. This leaves approximately 120 WGs currently active. See more statistics under Facts & Figures. The RFC Editor published 95 RFCs since the last IETF meeting. Brian noted the improvements in the RFC editor queue and other improvements (see full report on the IAOC Web site) The new contract with the RFC Editor is imminent. IANA processed 1,160 IETF related requests since the last meeting, 81 of which were requests for port number. This is worrisome because the number of ports is finite. Since the service-level agreement (SLA) was signed between IANA and IAOC and the IAB, IANA is now ramping up its implementation. The IANA staff has worked especially hard to improve tools and metrics. The IAD reported that the total meeting income for IETF 67 in San Diego was $799,000. The total direct meeting expenses amounted to $438,000. This leaves a surplus of $361,000 that was contributed to the IETF Administrative Support Activity (IASA). It is important to note that over the year, the IASA needs to build up about 50% surplus on meetings toward secretariat activities. The numbers for 2007 are on track so far. The status of the IAOC action points from the last meeting is as follows:

• The new RFC Editor contract is close to be finalised.
• An SLA has been signed with IANA.
• An RFI on secretariat services has been issued.
• RFC copyright transfers from ISOC to the IETF Trust have been completed.
• An agreement has been reached to attach open-source license to Secretariat tools; source files have been received.
• IETF is a registered trademark.
• Document retention policy has been defined and implemented.

News and Notes Following Brian’s reports, Andrew Lange, chair of the Nominations Committee (NomCom), gave an update on the results of the NomCom. All voting members and liaison members worked hard and kept the best interests of the IETF as a whole as their guiding principle. As the NomCom removed Russ Housley for consideration as Security Area director by appointing him to the IETF chair position, it noted a dearth of candidates for the Security AD position. This resulted in an additional call for nominations for the Security Area position. From this call a large number of candidates was generated, with eight of them willing to serve. Andrew discussed a few key issues being faced by the NomCom. There has been a significant decline in the number of volunteers for the NomCom in recent years, and the NomCom chair expressed concerns about this. Another problem is what Andrew called the Strong Incumbent Syndrome, wherein strong, well-respected incumbents appear to dominate and few other people are stepping forward. Finally, there seems to be a growing tension between openness and confidentiality. Andrew suggested that an amendment be made to the NomCom guidelines laid out in RFC 3777, which would make the list of willing candidates – or even all nominated candidates – public. Daniel Karrenberg, chair of the ISOC Board of Trustees, reiterated a comment Andrew made: “You get the governance you deserve.” He recognised all of the outgoing IAB and Internet Engineering Steering Group (IESG) members. All of them will receive in the mail a plaque of recognition. Brian and Russ celebrated the passing of the dots, a tradition in which Brian hands over his IETF chair dot – which appears on his badge – to the new IETF chair, Russ Housley. In his presentation as incoming chair, Russ said he is on a steep learning curve and that he welcomes any input on how to do a good job as IETF chair. In closing, Russ said everyone has a slightly different view of the Internet. He welcomes suggestions on how to help figure out what his goals are and how to “achieve my goals in your part of the Internet.” During the following IAOC open-mic session, Lucy Lynch, outgoing IAOC chair, recognised everyone who is leaving the IAOC and welcomed the new members. She further announced that Dave Crocker and Steve Crocker are the first two volunteers who signed their RFCs over to the IETF trust to ensure that the IETF continues to have as much scope as possible to extend and revise the protocols specified in the RFC series. Dave and Steve stepped up to the podium and each signed an open-ended license for the RFCs they authored. They encouraged others to do the same. Daniel thanked the IAOC for an excellent and professional job over the past three years. Leslie Daigle, former chair of the IAB and member of the IAOC, agreed and then reminded everyone that this conversation would have been inconceivable a few years ago. “Congratulations to us all!” she said. Focus on ROAP Part 2 of the plenary was dedicated entirely to the routing and addressing problem (ROAP), which was discussed during the last IETF plenary session and at many other meetings. This session was led by the Internet and Routing Area directors. Brian Carpenter gave a presentation that illustrated where we are with this problem and what the IETF can and intends to do about it. To better understand the context for the recent activities, it is worth looking at the historical time line: 1962 Packet switching invented 1974 Internet concept invented ~1978 Internet Protocol designed ~1988 Border Gateway Protocol (BGP) designed 1992 Classless Inter-Domain Routing (CIDR) designed 1995 IPv6 designed Attendees interact at IETF 68 Since 1995 there has been growing concern about such issues as scaling, transparency, multihoming, renumbering, provider independence, traffic engineering, and the impact IPv6 has on the Internet and the routing system. In 2006, the IAB held a workshop to discuss routing and addressing issues. See the full report. An important architectural principle is that a network should be able to implement reasonable internetworking choices without unduly impacting other networks’ operations. The issue at hand on the architectural level is that today certain implementations need to be handled in ways that threaten that principle. This is the root cause of ISP problems and end-site dissatisfaction. The question is, What can be done to harmonise the network to that architectural principle? Brian mentions the “tragedy of the commons from provider-independent address usage” as an illustration of that problem. There are a number of technical goals, both on the end-user level and on the ISP level. On one hand, end users want to connect to multiple ISPs while maintaining support for current traffic engineering capabilities. They also want to change ISPs without major switching costs. ISPs, on the other hand, want to keep the BGP table size and dynamics within their routers’ operational capabilities. ISPs also want the ability to match traffic engineering flows with their business needs. An overall technical goal is to support end-to-end session transparency. Another issue is scaling: Today, 200.000 Internet BGP routes and several times more customers and virtual private network (VPN) routes are common. A goal for 2050 could be to connect 10 billion end nodes with 10 million multihomed customers. Can we get there at a reasonable cost for vendors, Internet service providers, and end users? And what should the five-year goal be? A number of sessions at various recent meetings – such as at the regional operators meetings, the DARPA R&A workshop, NSF/OECD workshop, and the TERENA workshop – were held to raise awareness of the problem. Within the IETF community, activities are being organised to address the issue, including a Routing and Addressing Directorate, which was formed recently. In addition, the Routing research group has been rechartered (see more details later in this article), and the Routing and Addressing mailing list ram@ietf.org has become quite active. During IETF 68, a number of meetings were organised to address the issue not only during the plenary session but also during the open Internet and the open Routing Area meetings. With BGP4 in use with little change since 1994, there is growing concern about the growth of the BGP routing table. This is related primarily to the size and update rate as well as to the impact that multihoming has on the routing table. The problem exists in both IPv4 and IPv6. Attendees at the IAB workshop in October 2006 looked at hardware trends that raise economic and engineering concerns about the size of the Forwarding Information Base (FIB). Another issue raised was a problem with transparency. Since 1981, the upper layers of the network stack have assumed that a thing that looks like an address is an address. For instance, application programmers often assume that an IP address is a valid end-system identifier that can also be passed on to third parties. Consequently, problems arise when addresses are viewed merely as locators. NAT, STUN and other applications attempt to deal with this problem in their own ways, which lead to newer problems. The historical reliance on address transparency creates specific difficulties for multihoming and traffic engineering. There are a few areas for which solutions can be developed:

• Router and microelectronics designers can work on engineering to help solve the RIB/FIB scaling problem.
• BGP adjustments and better operational practices could help improve the update dynamics.
• Traffic engineering, multihoming, end-to-end transparency, and mobility would benefit from architectural changes. Identifier/locator split and/or multilevel locators form a hopeful approach.

All of those developments are orthogonal to both IPv6 deployment and application-level namespace issues. What can the IETF do? It can provide a forum for open problem analysis and development of solutions by vendors, operators, and users working in concert. And the Internet Research Task Force (IRTF) can help with research. In the short term, routing-table growth is only an engineering issue. While routing dynamics need to be better understood, this is likely also an engineering issue and can possibly be addressed by stronger pushback in the ISP community as well as through implementation and protocol improvements. Thus, there is reason to believe that we do not have a short-term technology problem, even though it will continue to be hard work and will have an impact on business decisions. However, architectural problems remain. The IETF can help with short-term protocol work, such as better tuning BGP to meet today’s challenges. The IETF can also help by looking into architectural changes, such as the identifier/locator split and multilevel locators. As an overall plan, it has been suggested that the IETF work on all of the above levels (short-term incremental improvements as well as architectural changes) and continue the dialogue with the operators community. The introductory presentation by Brian Carpenter was followed by a lively and animated discussion. Some people felt this problem is still not taken seriously enough and encouraged “the IETF to be bolder in tackling this problem,” as Ted Hardie put it. Many people suggested that the problem be addressed on multiple levels. There are a number of things that can be done today to work on BGP dynamics, such as operational practices and certain routing policies or tweaks in implementations and protocols. And there are more-fundamental architectural changes – such as splitting the locator from the identifier – that won’t come without costs. The trade-offs are not yet well understood. But “it is good to know that there are engineering solutions to keep the Internet running in the meantime while we start working on some fundamental changes,” said Ross Callon, one of the Routing Area directors. Dave Ward, the other Routing AD recognised Dave Meyer, who has been working over the past few years to bring this problem to light. Dave Meyer thanked the IETF for the applause but pointed out that we’ve already known about this development for 15 years and cannot wait another 15 years. He emphasised that this is not a discussion about incremental improvement to BGP , which needs to be done anyway. “This is a controversial topic, and it will be hard to get IETF consensus,” said Dave. “Do we have any way forward in our process to deal with this?” Other people agreed, expressing concern that it is not clear what the right processes are to make architectural changes to the Internet. The general consensus was that this issue is too important to leave to the IESG or to the IAB; it should be worked on by the entire community. One participant mentioned that almost any architectural change will have costs, but this one might have significant impacts on security. Security implications need to be looked at early on in the process. Summary of Progress Made Much has been done in the past six months with regard to ROAP – a clear sign that the IETF now takes this problem seriously. Daniel Karrenberg suggested that in the discussion, the IETF should also look back and learn from past experiences. “There was a panic about routing-table growth that gave us CIDR,” he said during the plenary. “We needed a quick fix, and we did a quick fix. There was a panic about IP address space running out that gave us IPv6. And some of the ‘features’ IPv6 brings us is because we rushed it.” However, it will take several years to develop, implement, and deploy any new architecture, and no one solution or tool will solve all problems; it might be necessary to apply different sets of tools in order to solve different parts of the problem. Some have expressed concern that the IETF may have already constricted itself to a small problem space: routing (and small incremental changes) and addressing (big fundamental changes). In general, however, there is agreement that for short-term solutions, the focus should be on routing and that for the longer-term solutions, a lot more will be involved. Collaboration between all IETF areas will be necessary. Additional concern about operators and users not being able to pay for continuing updates of hardware led to a discussion about the implication of architectural changes on business decisions, with an emphasis on the need for new architecture to take existing business models into account. “We have to make sure we deal with the architecture in some way that does not lead into high costs and short lifetime of equipment,” said R�diger Volk. On the other hand, it might be unrealistic to assume that one can make fundamental changes and keep all the existing business models. “The Internet got started by breaking the then existing business models completely,” said Bob Hinden. “It could be that this will also happen today. We should not be constrained by the way people do business today.” The IETF 68 Technical Plenary, held on the following evening, began with an update by Internet Research Task Force chair Aaron Falk on the activities of the IRTF. Aaron’s presentation was followed by Aiko Pras of the University of Twente, The Netherlands, who serves as chair of the Networking Management research group (nmrg). Aiko reported on a workshop held in October 2006 in Utrecht, which brought together researchers, operators, vendors, and technology developers to identify future directions of network and service-management research. The workshop was jointly organised by the IRTF nmrg and the European Network of Excellence for the Management of Internet Technologies and Complex Services (EMANIC). The work is expected to result in recommendations for research directions that are worth exploring over the next five years. The work is not intended to define the management standards that are needed now. A number of challenges in this area were identified at the workshop:

1. Management models: The Manager-Agent approach (client-server) and hierarchical management (DisMan, TMN) are well understood. What is not yet understood are issues such as fully distributed management (P2P, ad-hoc) and self-technologies (auto-configuration, stability of control loops).
2. Distributed monitoring: A track number or quality of VoIP calls as well as a way to find the best proxies and peers (P2P) are needed. The goal is to develop a lightweight, distributed monitoring layer that offers aggregates of local information to applications.
3. Data analysis and visualisation: It is possible to create topology maps for small networks and statistic time series plots. There are difficulties with the creation of maps for large, multi-layer networks, the visualisation of anomalies and real-time, interactive visualisation techniques.
4. Economic aspects of network management: Most researchers tend to focus on technical solutions. There is limited research into the operational costs of such technologies. Network Management is risk management.
5. Uncertainty and probabilistic approaches: Many researchers focus on deterministic approaches and yet scalability problems might need more probabilistic approaches. How does one decide between probabilistic and deterministic approaches?
6. Ontologies: The data modelling is believed to be understood. There is still more research needed in areas such as how ontologies can be effectively used to automate the implementation of management interfaces as well as how ontologies can help check or enforce policies and behaviour.
7. Behaviour of managed systems: Management models usually represent a state (MIBs, CIM). More research is needed to model and manage behaviour, such as normal versus abnormal behaviour, detection of resource failure, and the design of self-stabilising systems. As a follow-up to the nmrg workshop, an Internet-Draft will be written describing outcomes and an overview article will be submitted to the IEEE ComMag.

Internationalisation in an IETF Context One of the more complex and challenging issues facing the IETF – and the Internet more generally – today served as the basis for discussion during the remainder of the technical plenary session: Internationalisation of the Internet in the context of the IETF. “There is an entire set of human Internet users who cannot use the Internet the way we do,” said Ted Hardie of the IETF’s interest in the issue. “We would like to change that.” As part of the technical plenary, a small team of experts – Leslie Daigle, Patrik Fältström, Ted Hardie, John Klensin, Xiaodong Lee, and Pete Resnick – presented slides, explained the issues, and answered questions. Tackling internationalisation is an ambitious undertaking – one that at times can be complicated by questions that are more philosophical or linguistic than they are technical. After all, it would be unrealistic to expect the IETF to attempt to develop a standard for helping one group understand the language of another if they don’t speak that language. Still, there is a lot that the IETF can do to improve international accessibility. As John has often said, “The IDN issues are tractable as long as we keep a clear focus on what problems we are trying to solve and what areas of the general topic actually need solving and can be solved.” In a high-level introduction to the topic, Leslie shed light on the core set of issues associated with internationalisation and protocol design and offered a broader perspective on RFC 4690, Review and Recommendations for Internationalised Domain Names (IDN). She challenged a widely held assumption within the IETF that the topic does not concern those who are not involved in the applications area when, in fact, the technical issues associated with IDN touch many areas. She said that while there is no clear problem statement, there are, in fact, a variety of problems that promise to become bigger problems over time. “This portion of the technical plenary is meant as a heads-up on what may be coming into the IETF as new work,” she said. The problems and concerns associated with IDN underscore the difficulties with which language is translated into code. In an attempt to put internationalisation into context for the IETF, Ted showed a clip from the movie Charade, in which Audrey Hepburn and Cary Grant are asked to transfer an orange from under their chin to another person without using their hands. The clip demonstrates with humour how communication often relies on the ability to understand one or more languages as well as body language, context, and tone. In terms of IDN, the question is much larger and more complex than how characters are coded. The question is, How do we create character sequences and applications that depend on language use and context for accuracy and usability? As Ted pointed out to the audience, the clip’s protocol description was in at least four different languages, but only two were close to complete. To know that, though, one would have to recognise and understand all of them. And, in the end, you can’t internationalise a chin or an orange. As Ted said, there are specific instances when context is essential. Those include protocol descriptions, protocol elements, and human elements, the last of which is the most important and perhaps the most difficult. As spelled out in his slides, things that we may assume are protocol elements can sometimes be human elements and vice versa. That means that in some contexts, internationalisation is completely inappropriate; in others, it’s necessary to understand how much context is available in order to do proper design. As the movie clip demonstrates, rapid language switching requires context switching. If you can’t identify the context (or the language), you’re going to have a problem. If the Internet is to be truly global, it must be relevant on a local level. For many, that means a Domain Name System that is functional regardless of language and useful regardless of context. In RFC 4690, it is stated that “While IDNs have been advocated as the solutions to a wide range of problems. . . . They are no more and no less than DNS names, reflecting the same requirements for use, stability, and accuracy as traditional ‘hostnames’ but using a much larger collection of permitted characters. In particular, while IDNs represent a step toward an Internet that is equally accessible from all languages and scripts, they, at best, address only a small part of that very broad objective. There has been controversy – since IDNs were first suggested – over how important they will actually turn out to be; that controversy will probably continue. Accessibility from all languages is an important objective; hence it is important that our standards and definitions for IDNs be smoothly adaptable to additional scripts as they get added to the Unicode character set.” In his presentation, John provided an overview of current IDN work within the IETF and emphasised the importance of advancing work on IDNA (Internationalising Domain Names in Applications). He said changes may need to be made in IDNAbis (the term for the successor to RFC3490 and related specifications), such as further clarification of terminology and separation of the user interface and language issues from the protocol, since the DNS deals only with strings of characters without any language identification or a requirement to conform to the syntax of any specific language. That would mean that in IDNAbis, character-to-character mappings become the responsibility of the user interface and not the protocol. “Most reasonable user interfaces won’t need to be changed," he said. “The protocol should be able to work with different versions of Unicode and, hence, would not be restricted to specific Unicode versions." Some have suggested that more characters be added for functionality and that a larger number of characters be allowed to appear in registered strings. John expressed the hope that IDNAbis would allow for better treatment of bidirectional languages, such as Arabic languages that read from right to left. He also expressed confidence that the new work would lead to a protocol that would be easier to understand and explain. The discussion that followed offered several examples of how confusion over internationalisation is evident even within the IETF. In one case, a participant asked a question in connection with the concept of Internationalised Resource Identifiers (IRI)s. Observing that the deployment community is not clear about whether it’s possible to use non-ASCII characters in IRIs being passed in protocols, the participant asked if all the right things were done with regard to terminology. “You’ve just fallen into the same trap as the last questioner, which is, you used the word characters,” said Pete. “IRIs are the things on the side of the bus with the funny characters. What goes in protocols are URIs [Uniform Resource Identifiers]. Generally speaking, those have octets in them; actually, they have 7bit filled octets in them. Well, sometimes they’re filled, and sometimes they’re not.” “Maybe you now understand why we had headaches for the past three years,” said Patrik. Unicode, as John pointed out, is concerned only with standardised code points; in other words, it does not specify how to draw characters or how to address fonts or context. For example, the criteria given in the Unicode Standard for assignment of code points excludes the assignment of codes to font variations on the same character. However, for the base Latin alphabetic characters, additional code points are assigned for mathematical uses; in other words, code points are assigned to characters that visually and within a specific mathematical context are the same as their base counterparts – except for such attributes as bold and italic, which meet any reasonable definition of font variations. As John said, one cannot distinguish those characters from others except that they are defined in the Unicode description as mathematical. “Given the context that Unicode essentially expects, these are not the base characters and a font difference at all, but mathematical symbols,” he said. “That’s a problem, because in our environment it causes complications.” For ordinary IETF text string purposes, one must either map these mathematical characters into the base ones or forbid them entirely. Either choice comes with problems, but in terms of IDNAbis, we concluded that it is better to forbid them in the protocol, leaving mappings, if any, to the user interfaces. John said in a separate discussion that there are other Unicode assignment rules that are not completely orthogonal to each other and that there are issues of some type with almost every script and language. “Difficulties arise when there is inconsistency in the application of the Unicode Consortium’s own rules,” he said. According to Harald Alvestrand, the IETF cannot claim expertise in character set coding and should not attempt to do so; that, he said, is the responsibility of the Unicode Consortium, even if its work doesn’t give us a complete solution to internationalisation issues. Patrik responded that there is no need for the IETF to hold off on working on the IDN and IDNA issues it is prepared to address or on internationalisation issues more generally. He believes there is a clear boundary between the Unicode Consortium and the IETF. “What we are doing is, relying on the data the Unicode Consortium is providing,” he said. “We are referencing their expertise for the classification of each of the Unicode characters.” The conversation shifted to the potential for fragmentation of the Internet with IDN, particularly if different scripts are allowed. One participant raised the question of whether the worldwide operation of the Internet could be disrupted if e-mails are written in a script the recipient does not understand. In terms of content of messages, this situation has existed for more than a decade and has caused no more, and no fewer, problems than incompatibilities among languages traditionally do. The risks obviously increase if one is presented with domain names, IRIs, or e-mail addresses that one can’t understand or, worse, that one’s terminal device cannot render. Obviously, nothing the IETF can do about internationalisation will solve the problems of people communicating with each other by using languages that neither party speaks. However, the bigger and more relevant issue is the considerable number of people in the world who still cannot communicate on the Internet, even with other people who share their language and writing system. By adding more functionality that would facilitate the use of other languages, many more people would be able to benefit from the Internet. “We are actually worried about that problem, and what we’re attempting to do in the internationalised e-mail address working group is to come up with a form of e-mail address that, if it gets to you and you’re not in on the game of fancy e-mail addresses with all sorts of interesting characters in them, you’ll at least be able to reply and get back to me," said Pete. Even so, other concerns persist, including the risk that different applications might deal with internationalisation in ways that will, once again, cause incompatibility and create problems for the users. “While those types of problems might exist today,” said Andrew Sullivan from the floor, “the scope of confusion will be significantly higher if people start trying to communicate across language and script borders.” Another concern is the possibility that if the new IDNAbis becomes standard, names registered under the old IDNA may no longer be valid. “This might indeed happen,” said Patrik. “However, most of the names that will become invalid are corner cases, and only people who are interested in phishing use them.” John agreed, adding that the vast number of labels that will not be valid in the new system were not valid under the old system – a system that included guidelines from the Internet Engineering Steering Group (IESG) and the Internet Corporation for Assigned Names and Numbers (ICANN) – either. “The old system was just more permissive,” he said. “The new system will standardise more and allow for fewer borderline cases.” In reality, most of the issues are related to localisation and not internationalisation or multilingualism. “The purpose of our work is to include the people who cannot participate in the Internet today because we are failing to make it possible for them to localise properly,” said Ted. IAB News and Notes Following the long and lively discussion on internationalisation, Leslie gave an update on recent IAB developments. A number of documents have been published or are in the publication queue, including reports on the IAB workshops on unwanted traffic and routing and addressing. There is also a document on the process for publication of IAB RFCs being published (draft-iab-publication-00.txt). The IAB has appointed Bob Hinden to the IETF Administrative Oversight Committee (IAOC) and has renewed Aaron Falk’s chairmanship of the IRTF. Aaron has been appointed to serve as chair for another two years. At the conclusion of the technical plenary, Leslie handed the IAB chairmanship over to Olaf Kolkman, who thanked Leslie for her outstanding work and presented her with a gift. The session ended with a long round of applause and standing ovations for Leslie from the plenary attendees.

New BoF Meetings Descriptions and agendas for all BoF meetings can be found here.Applications Area fsm: Formal State MachinesGeneral Area sava: Source Address Validation Architecture Internet Area tictoc: Timing over IP Connection and Transfer of Clock RAI Area bliss: Basic Level of Interopreability for SIP Services rtpsec: RTP Secure Keying Security Area ifare: IPSec FAilover and REdundancy

NomCom Results Incoming IESG Members

Russ Housley** IETF Chair/General Area Mark Townsley* Internet Area Ron Bonica Ops & Mgmt Area Jon Peterson* RAI Area Dave Ward Routing Area Tim Polk Security Area Lars Eggert* Transport Area Incoming IAB Members Barry Leiba Loa Andersson* Kurtis Lindqvist* Danny McPherson Dave Thaler* Lixia Zhang* Incoming IAOC Members Jonne Soininen* *returning incumbent ** moved from Security Area

 ]]> 1046 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/update-on-dns/ Mon, 07 May 2007 16:47:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1049 1. DNSEXT WG Within the DNS Extensions working group, work is progressing steadily. A number of Internet-Drafts, including the ones on DNS Security Extensions (DNSSEC) Hashed Authenticated Denial of Existence (NSEC3) and DNS Name Server Identifier Option (NSID), have passed Last Call and are making their way to standard, experimental, or informational requests for comments (RFCs). For complete details, please consult the minutes and/or the WG status tracker. DNAME Scott Rose gave a presentation on the DNAME clarification draft. This document is chartered by the WG to update RFC 2672, and it addresses issues that people have had with the original specification and implementation or operational experience. It also provides a clearer understanding of DNS and aliasing in general. The editors have started an issues tracker and are looking for feedback on the issues. DNS Hardening An Internet-Draft was adopted as a work item that explains how resolvers can be made less vulnerable to spoofed DNS responses without adding protocol extensions such as DNSSEC. There were critical remarks about the lack of terminology and missing operational considerations. Several people stepped forward to improve the draft, and it is expected to be ready for Last Call this coming summer. The 2929bis Template Argument This is an experiment for allocation of new Resource Record (RR) types. The idea is that a lightweight process – for instance, a recommendation by a designated expert – might be sufficient to decide whether a new Resource Record should be allocated. One lesson learned is that 2929bis needs to be updated in order to establish what is expected of the expert and what the boundaries of the expert are. In addition, it was decided that the process should be reviewed by the Internet Assigned Numbers Authority (IANA) and that the template may still need to be tweaked. Once the experiment has been completed, the area director will schedule it for an evaluation by the Internet Engineering Steering Group (IESG). Is There a Future for DNSSEC? Many drafts related to DNSSEC have been completed or are expected to be completed soon. The question is whether the DNSEXT WG should be closed or whether it should live on in some form. Typically, once the work is done, a WG is abandoned. One argument against abandoning the group is that the DNSEXT WG is often asked to comment on proposals done by other groups. Another is that it might be good to have the WG around to help advance the DNSSEC RFCs from proposed standard to the next level: draft standard. There have been cases where a WG is in a dormant state-for instance, the Point-to-Point Protocol (PPP) WG-or, in the case of the provreg WG, has maintained an active mail list for these purposes. 2. DNSOP WG The DNS Operations WG is still very active and in fact ran out of time during the meeting. Some of the older Internet-Drafts, such as DNS Response Size Issues, are moving forward. Reverse Mapping Although lively discussions are still happening in this area, the discussion about the need for reversed mapping is expected to come to some close. The Internet- Draft is expected to be ready soon for WG Last Call. AS112 in a Box Work Continues AS112 is the popular term for how to deal with DNS queries that actually shouldn’t happen – such as queries for the reverse mapping of private address space defined in RFC 1918, which managed to escape a local network and make it into the Internet. The project, named after the origin Autonomous System 112, consists of a loosely coupled anycast cloud that responds to these queries to take load off the root name servers. (See http://public.as112.net for a description.) To date, there is no detailed explanation available for end users or potential contributors. The WG is trying to fill that gap by creating a first document about it. The document “Help, I’m Attacked by prisoner.iana.org” is expected to go to the IESG soon. The need to explain how the current process surrounding the AS112 system actually works was identified. New Work Items Now that the WG has reached almost of all its milestones, there is still work to do in DNS operations. First, the management of large and distributed clusters of name servers is becoming more common but currently lacks automated, nonproprietary support for configuration and synchronisation. A similar problem arises for the remote control of DNS secondary servers. The WG is now going to examine the need to address various DNS operational scenarios. Two ICANN committees – the Root Server System Advisory Committee (RSSAC) and the Security and Stability Advisory Committee (SSAC) – jointly started an investigation earlier this year on how adding AAAA Resource Records for the root name servers would influence the DNS resolver priming process. While their results have been promising, it turned out that the priming process itself – although current practice – isn’t fully specified and poses some questions related to DNSSEC. Lixia Zhang presented some research on the effect of TTL (time-to-live) values for so-called infrastructure records – name server and address records – on the resolvability of a domain during longer periods of failure. While there is a general trend to treat DNS data more dynamically, there are side effects on both the infrastructure and the leaves in the DNS tree if the feature of caching is defeated by very low TTL values. This will be further investigated by the WG. 3. ENUM WG The ENUM WG, dealing with the mapping of telephone numbers into the DNS, expected an interesting debate on the future of infrastructure ENUM, a supplement to the core ENUM protocol aimed at providers of telephony services. Just before the IETF meeting there was some confusion about the state of consensus as well as the political implications (for details, refer to Geoff Huston’s excellent article onhttp://ispcolumn.isoc.org/2007-03/infra-enum.html), but this was resolved at least to the extent that the WG maintained its consensus, and other considerations will be taken into account as appropriate during the evaluation process. Two other items are remaining for the ENUM WG: in response to various ENUM service registrations and in preparation of a closedown of the WG, guidelines are developed on how to write and review ENUM service specifications. The second major remaining task is an update of the base ENUM specification, for which a draft has already been published that tries to overcome some of the drawbacks of the Naming Authority Pointer (NAPTR)-based design in response to real-world deployment experiences.

Note: For an in-depth look at DNS infrastructure, see the March 2007 issue of the Internet Protocol Journal at www.cisco.com.

]]> 1049 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/more-roap-routing-and-addressing-at-ietf68/ Mon, 07 May 2007 16:49:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1051 workshop report is close to completion, and there is also the author’s informal report of impressions gained at the workshop. IETF 68 saw some further steps in analysis of these issues, and during the week there was a plenary session on routing and addressing as well as meetings of the Internet and Routing Areas devoted to aspects of routing and addressing. This is a report of these sessions plus some conjecture as to what lies ahead along this path. Plenary ROAP: The Plenary Session on Routing and Addressing The plenary session at IETF 68 presented an overview of the topic, looking at the previous initiatives in routing and addressing as well as providing some perspectives on the current status of work in this area. Routing and addressing, in the context of the Internet, has been visited on a number of occasions over the years, starting with the shift from the original 8/24 network and host part addressing to the Class A, B, and C addressing structures and the subsequent shift to the prefix-plus-length concepts of classless addressing. In the routing area, there was the adoption of a peer model of routing with the introduction of BGP (Border Gateway Protocol) and the shift in BGP to support classless addressing in the form of CIDR (Classless Interdomain Routing). And, of course, there has been the design of IPv6. However, there still remain the concerns that this is not completed work and that the technology is not in an ideal state to scale by further orders of magnitude without further refinement. There are concerns regarding the scalability of routing, the transparency of the network, renumbering issues, provider-based addressing and provider lock-in, service and traffic engineering, and routing capabilities, to name but a few issues that are relevant and challenging today and that appear to be even more so for the Internet of tomorrow. Are there architectural principles that are relevant here? In the large, diverse but coupled set of networks that collectively define the Internet, it appears that each component network should operate within a general principle of containment or insulation of impact. The principle is that each network should be able to implement reasonable choices in its local configuration without undue impact on the operation or range of choices available to all other networks. In other words, each network should be able to make such local configuration choices relatively independently of the choices made by any other network. The relevant issue here lies in balancing this principle against the operation of the network as a whole, which can be seen as a binding of networks together as a coherent entity that supports consistent and robust communications paths through this collection of networks. We do not use a routing technology that effectively isolates individual network elements from each other or even manages to localise the external impacts of local choices. On the contrary, far from being a protocol that damps instability, BGP manages to be a highly effective amplifier of the noise components of routing events. So while it is a remarkably useful information dissemination protocol with considerable flexibility, the properties of BGP in an ever-more-connected world with ever-finer granularity of information raise some questions about BGP’s scaling properties. Will the imposed noise of the protocol’s behaviour completely swamp the underlying information content? Will we need to deploy significantly larger routers to support a much larger routing protocol load but need to route across a network of much the same size as today’s network? The prospect here is that routing may become far less efficient because as we increase the degree of interconnection and the information load simultaneously, the inability to insulate network elements from each other and the inability to effectively localise information create a disproportionately higher load in network routing. In addition to these observations about routing, there is the continuing suspicion that the semantic load of addresses in the Internet architecture, whereby an address conveys simultaneously the concepts of who, where, and how has some side effects that cause complexity in other aspects of the network – including routing, of course. To what extent the semantic intent of endpoint identity, (or “id”) can be pulled apart from the semantic intent of network location and forwarding lookup token, (or “loc”) is a question of considerable interest. While the current IP address semantics removes the need to support an explicit mapping operation between identity and location, the cost lies in the inability to support an address plan that is cleanly aligned to network topology and in the inability to cleanly support functionality associated with device or network mobility. In the end, it’s the routing system that carries the consequent load here. The issues in this area include evaluation of the extent to which identity can be separated from location, and the impact of such a measure on the operation of applications. How much of today’s Internet architecture would be impacted by such a change, and what would be the resultant benefits if this were to be deployed? Would the benefits of such a deployment be realised directly by those actors who would be carrying the costs? Is deployment a complete and disruptive phase shift in the Internet, or are there mechanisms that support incremental deployment? Are we looking at one single model of such an id/loc split, or should we think about this in a more general manner with a number of potential id/loc splits? Besides consideration of these general architectural principles and their application in routing and addressing, there are also more-specific sets of objectives that relate to Internet actors. For users, there are objectives here about maximising the user’s service and provider choices without cost escalation; and for service providers, there are the objectives of using cost-effective technologies that can accommodate a broad diversity of both current and projected business needs, as well as the very real need to maximise the value of existing investments in network plant and operational capability. Behind this is the observation that the routing and addressing space is not infinitely flexible and that, on the contrary, it forms a highly constrained space. Part of the motivation behind the id/loc splits is to take some of the inflexibility of the id part of an address, in which persistence is a key attribute, and remove that from the locator part of an address. In split id/loc terms, a mobile device is one that maintains a constant identity but changes locators. Multihoming can be expressed in id/loc terms as a single identity simultaneously associated with two or more locators; traffic engineering can be expressed in terms of locator attributes without reference to identifiers, and so on. Obviously, the study of the topic of routing and addressing and the related aspects of name space attributes and mapping and binding properties is one with a very broad scope. The larger question posed here is whether this is an issue whose resolution can be deferred to a comfortably distant future or whether we are seeing some of these issues affect the network of the here and now. Are we accelerating toward some form of near-term technical limit that will cause a significant disruptive event within the deployed Internet, and will volume-based network economics hold, or will bigger networks start to experience disproportionate cost bloat or worse? Is it time to become alarmed? Well, there is the certainty of exhaustion of the unallocated IPv4 address pool in the coming years, but the sense of alarm in routing and addressing is more about whether there are real limits in the near future over the capability of continuing to route the Internet within the deployed platform by using the current technologies and by working within current cost performance relationships irrespective of whether the addresses in the packet headers are 32 bits or 128 bits in size. There was a strong sense of “Don’t panic!” in the plenary presentation, with the relatively confident expectation that BGP will be able to carry the Internet’s routing load over the next three to five years without the need for major protocol surgery and that Moore’s Law would continue to ensure that the capacity and speed of hardware would track the anticipated growth rates. There was the expectation that the current technologies and cost performance parameters would continue to prevail in this time frame. However, the subsequent plenary discussion exposed the viewpoint that such a prediction does not imply cause for complacency and that some sense of urgency is warranted given the criticality of this topic, the high level of uncertainty when looking at even near-term growth prospects, and the ease with which this industry adopts a comprehensive state of denial over pending events irrespective of their potential severity. What we are up against as we consider these objectives as they relate to a future Internet is the relentless expansion of the network. Today the Internet sits in an order of size of dimension of around 10⁹. There are some 1.6 x 10⁹ routed addresses in the Internet and an estimate of between 10⁸ and 10⁹attached devices. If we look out as far as four decades to around 2050, we may be looking at 10¹¹ to 10¹⁴ connected devices. (Yes, there’s a large uncertainty factor in such projections!) Can we take the Internet along such a trajectory from where we are today? And if that’s the objective, then how can we phrase our objectives over the next five years that are steps along this longer-term path? The immediate steps at the IESG level have been to take the IAB’s initiative and work with a focus group – the Routing and Addressing Problem Directorate – to refine the broad space into a number of more-specific work areas, or “problem statements,” and undertake a role of coordination and communication across the related IETF activities. In addition, as there is a relatively significant research agenda posed by such long-term questions, the Routing Research Group of the Internet Research Task Force has been rechartered and, judging by participation at its most recent meeting just prior to IETF 68, effectively reinvigorated to investigate various approaches to routing that take us well beyond tweaking the existing routing tool set. Internet ROAP: The Internet Area Meeting The Internet Area meeting concentrated on aspects of this approach of supporting an identifier/locator split within the architecture of the Internet, and, specifically, on the internetworking layer of the protocol stack, and on gathering some understanding as to whether this approach would assist with routing scaling. One of the key considerations in this area involves working through what could be called boundary conditions of the study. For example, is this purely a matter for protocol stacks within an endpoint, or are distributed approaches that have active elements within the network also part of the consideration? To what extent should a study consider mobility, traffic engineering, network address translations, and minimum-transmission-unit (MTU) behaviour? What appears to be clear at the outset is that this is not a clean-slate network, and any approach should be deployable on the existing infrastructure; should use capability negotiation to trigger behaviours so that deployment can be incremental and piecemeal and allow existing applications and their identity referential models to operate with no changes; and, hopefully, should have a direct benefit to those parties who decide to deploy the technology. From the routing perspective, the overall desire is to reduce the growth rates of the interdomain routing space. The desired intent is to reduce the amount of information associated with locators so that locators reflect primarily network topology in such a way that the locators can be efficiently aggregated within the routing system that attempts to maintain a highly stable view of the network’s topology. The resultant system must be able to express, in routing terms, most of the flexibility we see in today’s system, perhaps on a more ubiquitous scale. This includes site multihoming across multiple providers, ease of provider switching and locator renumbering (assuming that locators may include some provider-based hierarchy), support for mobility, roaming and traffic engineering, and allowing for session resilience across various locator switch events. In and of themselves, these objectives form a challenging set – but not the complete set – of objectives. In addition, it is necessary that these outcomes be achieved within tight cost constraints and volume economics that allow for scaling without disproportionate cost escalation. Plus, of course, such systems should be resilient to various currently known – and currently unknown – forms of hostile attack. 1. The RIB, or routing information base, is a router’s internal data structure that stores the current state of reachability information (or “routes,” where a route is defined as a unit of information that pairs a destination address prefix with the attributes of a path to that destination) as provided by the operation of the routing protocol and local policies. In BGP there are three notional RIB sets: an Adj-Rib-In, used for storing routes received from BGP; a peer, the Loc-RIB, representing the routes selected for use by the local BGP instance; and an Adj-RIB-Out, which contains routes that are announced to a BGP peer. RIBs contain bindings of next-hop addresses to routes. The FIB, or forwarding information base, is the data structure for making local forwarding decisions; it contains a set of address prefixes and the associated local forwarding action, conventionally denoted as an interface identifier. A FIB contains bindings of addresses (or address prefixes) to interfaces. Today’s system uses two critical mapping databases to support the discovery of the binding between identifiers and addresses. The Domain Name System (DNS) is used for mapping between a human-oriented name space used at the application level (domain names) and IP addresses, and the routing database in each router is used for mapping from addresses to particular local forwarding decisions (the forwarding mapping from the RIB to the FIB¹ data structures). The current mapping system assumes stable endpoints with simple resource requirements and rudimentary security. When we consider in further detail the implications of disambiguating aspects of identity from those of network location, we must recognise that there are a number of dimensions to such a study, including the structure of the spaces, the mapping functions, and the practicalities of any form of deployment of such a technology. The first of these topics consists of the desired properties and structure of these distinct identification and locator spaces. Should the identity space be a flat space of token values, or should it use some internal structure within the token that matches some distribution hierarchy? Is identity something that is embedded into a device at the point of manufacture (such as IEEE-48 MAC addresses) – or at the point of deployment (such as domain names)? Is uniqueness a statistically likely outcome – or one that is ensured through the structure of the token space? Are there properties of the identity space that aid or hinder the security properties of the use functions in terms of mapping and referral operations? Is there necessarily one identifier space or are there potentially many such spaces? There are similar questions regarding a dedicated locator space, particularly related to the time and space properties of locator tokens. The next critical topic appears to be how an identity-mapping function relates to the forwarding-mapping function. Assuming that the existing name spaces remain unaltered, the resultant framework appears to require distinct name-to-identifier mappings, identifier-to-locator mappings, and locator-to-forwarding mappings. Where these mapping functions should be performed, who should perform these functions, when they should be performed, what should be the duration of the validity of the outcomes, whether the mapping-function outcomes are relative or universal, the scope and level of granularity in time and space of the map elements, the security of these mapping functions, and whether there is a simple operation or multiple operations in each mapping function all remain undefined at this point. There are also the issues of whether the mapping is explicit or implicit, of what evidence of a previous mapping operation is held in a packet in a visible manner, and of what is occluded from further inspection once the mapping operation has been performed. What level of state is required in each host, and is there true end-to-end transparency and at what level? To illustrate some of the dimensions here, a particular approach to an identifier/locator split could see identifiers in the role of the end-to-end-tokens that are used by upper levels of the protocol stack, where identifiers are preserved in such a manner that both parties to a packet exchange use the same identifier pair for each transmitted packet, while locators would have to be more elastic in intent and various identifier-to-locator and even locator-to-locator mappings could be performed while the packet is in transit. Another approach would take a more constrained view of locators and attempt to protect the initial locator value in such a way that any attempts to alter that value during transit would be detected and discarded by the receiver. The other aspect to consider here is what one presentation termed the incentive structure, where it was advocated that the most-effective incentives are those in which local change is performed as a means of alleviating local pain. This would indicate that routing scalability is predominantly a concern of service providers, whereas host mobility and service multihoming and session resilience are matters of concern to the host and service provider and consumer. It’s also useful in an incentive structure that benefit be realised unilaterally, in that one party’s efforts at deployment provide local benefit for that party without regard to the actions of others, so that the problems of initial deployer penalties and lockstep are avoided. It is likely, at least at this stage of the study, that there is a diversity of approaches to such a split both in the intended roles of identifier and location tokens and in their means of binding. Already in the HIP (host-identity- protocol) and SHIM6 approaches we’ve seen a difference of approach, wherein the SHIM6 approach coops locators as identifiers on a per-host-pair basis, while the HIP approach uses a persistent identity value that cannot assume the role of a locator. The expectations at this stage of the study are that further ideas will surface here and that such ideas are helpful rather than distracting. It is unclear whether a single solution can emerge from this activity or whether different actors have sufficiently different sets of relative priorities so that multiple approaches, each of which expresses different prioritisation of functionality, are viable longer-term outcomes. The critical consideration here is that it is unlikely that scaling routing over the longer term to a very much larger network is simply a matter of just changing the operation of the routing system itself. Real leverage in this area appears to also require an understanding of the meaning of the objects, or addresses, that are being passed within the routing system. The motivation for opening up the identifier/locator space within the Internet Area appear to be strongly tied to the notion that if you can unburden some of the roles of the addresses used in routing and can treat these routed tokens as unadorned network locality tokens, then you gain some additional capability in routing. The intended outcomes include being able to group ‘equivalent’ locators together and thereby reduce the number of elements being passed within the routing system, ensure that the locator set readily maps into local forwarding actions, and hopefully, reduce the amount of dynamic change that is propagated in routing. It would also be useful if such an approach facilitates traffic engineering, site multihoming, various forms of mobility, and roaming. It might also be possible to remove from the application’s end-to-end model the consideration of not just endpoint locality but also the tokens used in the transport protocol, thereby proving a different approach to IPv4 and IPv6 interoperability. At this juncture there is no unity or even clarity of the exact requirements of system design, let alone solutions for this work. Exploration of the interdependencies of mapping functions, the properties of identity and locator spaces, and the ways in which mapping functions can be supported in this environment is still at an early stage. Routing ROAP: The Routing Area Meeting The last of these ROAP sessions at IETF 68 was that of the Routing Area.The first part of the Routing ROAP session looked at trends in the routing system during 2005 and 2006. The overall trend appears to be a system that is increasingly densely interconnected and carrying more information elements, each of which expresses finer levels of granularity in reachability. As an example of some of the relativities here, it was reported that the amount of address space advertised in 2006 increased by 12% from January 2006 to December 2006, while the number of advertised Autonomous Systems increased by 13% and the number of advertised prefixes increased by 17% over the same period. The report also considered the dynamic behaviour of the routing space, looking at various distributions of the 90 million prefix updates that had been recorded for the year. One of the major aspects of BGP updates in both 2005 and 2006 is the skewed distribution of updates, whereby, in 2006, 10% of the announced prefixes are the subject of 60% of the BGP updates, and 60% of the announced prefixes generate just 10% of all updates. By using known control prefixes, it appears that BGP appears to be an effective noise amplifier, whereby a single origin event can generate a considerably larger set of updates at the measurement point. There appear to be two forms of dynamic BGP load: the BGP “supernova”, which burst with an intense BGP update load over some weeks and then disappeared, and “background radiation” generators that appear to be unstable at a steady update rate for months or even the entire year. With respect to scaling of the BGP routing environment, it appears that one form of approach is to look in further detail at this subset of prefixes and ASs that are associated with the overall majority of BGP updates. One approach is to investigate whether damping of unstable prefixes in some fashion, or detecting routing instability that is an artefact of origination withdrawal, or deployment of propagation controls on advertisements would be effective in reducing the overall dynamic load of BGP updates. This approach represents a behavioural change in local instances of BGP that reduce the potential for unnecessary updates to be propagated beyond a need-to-know-now radius. Another approach is to consider changes to BGP in terms of additional attributes to BGP updates, such as a withdrawal-at-origin flag, or selective advertisement of next-best path, both of which are intended to limit the span of advertised intermediate transitions while the BGP distance vector algorithm converges to a stable state. Again, the considerations of deployment were noted, where the Internet’s routing system is now a large system with considerable inertia. The implication is that any change to the routing system needs to use mechanisms that allow for piecemeal incremental deployment and whose incremental benefit is realised by those who deploy. One potential case study of such a change is the 4-Byte AS Number deployment. It appears that we could improve our understanding of the operational profile of the routing space – particularly by looking at the various forms of pathological routing behaviours and comparing these against the observations of known control points. Such a study may also lead to more-effective models of projections of the size of the routing space in the near-term and medium-term future and allow some level of quantification as to what the concept “scaling of the routing space” actually implies. The second part of the Routing ROAP session took a look at the current status of the routing world, updating some of the observations made at the IAB Routing Workshop and outlining some further perspectives on this space. One critical perspective on BGP is the behaviour of BGP under load. BGP uses TCP (transmission control protocol) as its transport protocol. This is a flow-controlled protocol, whereby the sender must await an advertisement of reception capability from the receiver (an advertised “window”) before being able to send data. When this session is uncongested, a BGP speaker sends updates as fast as they are locally generated (depending on the Minimum Route Advertisement Interval (MRAI) timer). When the transmission is congested, a local send buffer of queued updates forms. Unlike conventional applications that treat TCP as a simple black box, most BGP implementations use state compression on these update queues. As a simple example, the queuing of a prefix withdrawal should remove any already queued but as yet unsent prefix attribute updates for this prefix. This state compression of the advertisement queue should be on a peer-by-peer basis, so that a congested BGP peer does not slow down an uncongested peer. The implication is that the load characteristics of BGP alter as the load level increases, and BGP attempts to ensure that its peer receives the latest state information only when the peer signals (via TCP flow control) that it is not keeping pace with the update rate. Another critical factor is the nature of “convergence” in BGP. Convergence is at least an O(n)-sized issue, where n is the number of discrete routing entries. This may appear daunting, but the real question is: How important is convergence? The presentation included the claim that this was BGP’s biggest, yet least important, problem. Convergence delays can be mitigated by graceful restart, nonstop routing, and fast reroute. One of the measures that exacerbates convergence is the use of route reflectors, whose model of information hiding is intended to reduce the number of BGP peer sessions and the total BGP update load, but what benefits they achieve come at the cost of slower convergence, with a higher message rate during the intermediate-state transitions. Perhaps it is appropriate to consider small-scale changes to BGP behaviour so as to mitigate the transient BGP update bursts caused by path hunting, including the already mentioned withdrawal-at-origin notification and propagation of backup paths. One approach is to take the current set of potential tools that are proposed to addresses or that mitigate various BGP pathologies and prune this set by looking at those that align cost and benefit in deployment, allow piecemeal incremental deployment, and have beneficial changes to the load properties of BGP. The approach advocated here is based on the perspectives that BGP is not in danger of imminent collapse and that there is still considerable headroom for BGP operation in today’s Internet. This allows the IDR Working Group of the IETF to focus on measures that include tools and behaviours that tweak the current behaviour of BGP in ways that could mitigate some of the more excessive behaviours of BGP. And it gives the Routing Research Group the latitude to study the broader topics of fundamental changes that may be associated with novel routing and addressing architectures. More ROAP? So, is there some urgency here in looking at this problem? It’s not clear that the problem is pressing, in that it is likely that the Internet will still be around tomorrow and probably the day after tomorrow as well. However, like many other issues in which there are complex feedback loops with internal amplification factors, it may not be apparent that there is a near-term problem with the health of the routing system until such time as the problems have already surfaced – and by then, dire warnings of impending trouble are just too late! Also, by the time that that stage is arrived at, there is no time to think about the various approaches to the space and the relative drawbacks and merits of each, because the pressure to simply deploy any measure to mitigate the issue becomes overwhelming. The routing space is a classic example of the commons, where each party is free to generate as many or as few routing entries as it sees fit and is also free to adjust these entries as often as it sees fit. This allows each party to use routing to solve a multitude of business issues, including, for example, using routing to perform load balancing of traffic over a set of transit providers, or using a spot market in Internet transit services, or creating differentiated transit offerings by using more-specific routes and selective advertisements. The ultimate cost of these local efforts in optimising business outcomes through the loading of the routing system is not necessarily a cost that is imposed back on the originating party. The ultimate cost lies in the increasing bloat in the routing system and the consequent escalation in costs across the entire network in supporting the routing system. There are no routing police, nor is there a routing market. There is no way to impose administrative controls on the global routing system, nor have we been able to devise an economic model of routing wherein the incremental costs of local routing decisions are visible to the originator as true economic costs for the business and wherein the benefit of conservative and prudent use of the routing system reaps economic dividends in terms of relatively lower costs for the business. Like the commons, there are no effective feedback mechanisms to impose constraint on actors in the routing space, and also like the commons, there is the distinct risk that the cumulative effect of local actions in routing creates a situation that pushes the routing system – either as a whole or in various locales – into a nonfunctioning state. It appears that there are a number of avenues of approach here for efforts to place some constraints on the potential expansion of the routing system. What is less than clear is the ultimate value of such approaches in the context of the future Internet. Is making a functionally richer endpoint protocol stack a course of action that sits comfortably within a world of communicating RFID (radio-frequency-identification) labels? Is the lack of a routing market and an associated routing economy such a fundamental weakness that no technical efforts to alleviate the situation can gain traction in a world dominated by the desire to perform local optimisations in the cheapest possible manner? Have we already constructed a massive multi-trillion-dollar industry that now uses business models that assume particular routing behaviours, and would efforts to alter those behaviours simply founder because of trenchant resistance to change in the business models within the communications industry? Whether it needs a sense of urgency to motivate the work or a sense that there can and should be a better way of planning a future than via crude crisis management, the underlying observation is that the routing and address world is fundamental to tomorrow’s Internet. Unless we make a concerted effort to understand the various interdependencies and feedback systems that exist in the current environment and understand the interdependences that exist between network behaviours and routing and addressing models, then I’m afraid the true potential of the Internet will always lie within our vision but frustratingly just beyond our grasp. Yes, more ROAP, please! Further Reading This is the set of references to further material on this topic, as presented in the plenary session. www.ietf.org/internet-drafts/draft-iab-raws-report-01.txt http://submission.apricot.net/chatter07/slides/future_of_routing/apia-future-routing-john-scudder.pdf http://submission.apricot.net/chatter07/slides/future_of_routing/apia-future-routing-jari-arkko.pdf www3.ietf.org/proceedings/07mar/agenda/intarea.txt www3.ietf.org/proceedings/07mar/agenda/rtgarea.txt www1.tools.ietf.org/group/irtf/trac/wiki/RRG www.ietf.org/IESG/content/radir.html]]> 1051 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-update/ Mon, 07 May 2007 16:50:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1053 1053 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dhcpv6-bake-off/ Mon, 07 May 2007 16:51:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1055

The first axis covered X-versus-Y tests, whereby each client was put in front of each server to verify basic interoperability.

The second axis covered client tests in which the host interactions with IPv6 stateless autoconfiguration and router advertisements were explored.

The third axis targeted relays/servers tests building increasingly complex network topologies, including a series of up to three relays, multicast relaying and high availability, and redundancy achieved through a set of anycast DHCPv6 servers.

The key take away from the bake off is that the basic DHCPv6 technology works very well. One implementation, designed by someone who’d never attended an IETF meeting before, interoperated well with implementations performed by more-seasoned IETF participants, experiencing only minor bugs, which were quickly corrected on-site. This is certainly a tribute to the quality of RFC 3315, the DHCPv6 specification. However, problems with RFC 3315 arose, including 16 issues that were discovered and discussed in the course of the bake off. While the issues were varied and diverse, the most significant ones are described here.

• Interaction with router advertisement. An option describing the length of the prefix associated with the assigned address would be helpful.
• Interaction with the Domain Name System (DNS). The DHCPv6 client would benefit from feedback from the DHCPv6 server performing dynamic DNS update on its behalf.
• Client/server interactions and the semantics of the negotiation of certain parameters, which raises the question: What should happen when a client requests a particular address and the server does not agree to the request?
• Relay/server interaction. What is the best way to keep track of the different levels of relaying, and how and when – if at all – should multicast be used?

The issues were again discussed with the DHC working group during the IETF meeting in Prague, and the discussions will be documented through an Internet-Draft that could become the basis for an update to RFC3315. Many thanks go to the RIPE NCC for organisational support of the workshop (networking hardware and staff to help run tests) as well as for the meeting venue; to ISC for the organisation of the test plan; to the Comcast crew that made the bake off possible; and, of course, to the participants, who came from three continents, and to their employers. Given the success of the bake off and the unanimous feedback from the participants, we are now considering organising a second DHCPv6 bake off to be held this coming fall, tentatively scheduled for the week before IETF 70 in Vancouver, Canada. The exact location is still to be determined.

Bake OffThe term bake off is jargon and stands for interoperability testing. See RFC1025 by Jon Postel for a more detailed explanation of the term: In the early days of the development of TCP and IP, when there were very few implementations and specifications were still evolving, the only way to determine if an implementation was correct was to test it against other implementations and then argue that the results demonstrated that your implementation worked. These tests and discussions could, in those early days, as likely change the specification as change the implementation. There were a few times when this testing was focused, bringing together all known implementations and running through a set of tests in hopes of demonstrating the N squared connectivity and correct implementation of the various tricky cases. These events were called bake offs. For more information…

 ]]> 1055 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/interactive-connectivity-establishment/ Tue, 07 Nov 2006 17:07:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1088 This article does not attempt to provide a complete summary of all IETF activities in this area. It reflects the author’s personal perspective on some current highlights. The Session Initiation Protocol (SIP) has seen widespread usage on the Internet for voice over IP (VoIP). It sets up, manages, and tears down billions of minutes of calls each year, and the number continues to rise. However, deployment of SIP has not been without its challenges. Perhaps most significant among those challenges is traversal through network address translator (NAT) and through firewall devices, which have become commonplace on the Internet and within private IP networks. To date, this problem has been solved through proprietary and expensive techniques that have had a negative impact on security and interoperability. The IETF has responded by developing a new specification called Interactive Connectivity Establishment (ICE). ICE is a form of peer-to-peer NAT traversal that works as an extension to SIP. In this article, we review the NAT traversal problem, we touch on alternative solutions, and we briefly overview how ICE works. Introduction Work on the Session Initiation Protocol first began in the IETF in the mid-1990s. It initially targeted supporting invitations to large-scale multicast conferences on the mbone (multicast backbone) but quickly found its primary application for the signalling of point-to-point voice over IP. It was published as RFC 25431 in 1999 and was revised in June 2002 as RFC 32612, one of the longest RFCs ever to be produced by the IETF but also one of the most successful. SIP has seen widespread usage and deployment in both the public Internet and private IP networks. Billions of minutes of VoIP calls each year are managed by SIP. SIP is used in small-enterprise PBX systems, consumer VoIP services such as Vonage and SunRocket, telephony backbone networks, and enterprise collaboration services. There are hundreds of independent implementations, dozens of open-source code bases, and even a magazine dedicated to the technology. By all metrics, SIP has been a success. However, its success has not come without difficulties. Perhaps most significant among them has been the proliferation of network address translator and firewall devices. SIP was designed before those devices became commonplace, and consequently, it does not operate successfully through NAT as originally specified. As NAT and firewalls proliferated, the market responded by adding several proprietary components and techniques to VoIP networks. These include application-layer gateways (ALGs) embedded within NAT and firewall devices, as well as externalised ALGs known as session border controllers (SBCs). Though they provided a path for the growth of VoIP on the Internet, they brought a host of problems with them, and a standardised solution was required. The IETF responded to this need by the creation of a new specification that augments SIP with robust and low-cost NAT traversal. This specification, Interactive Connectivity Establishment⁽³⁾, was produced by the mmusic working group in the newly formed Real-time Applications and Infrastructure (RAI) Area. ICE is in its final stages of specification and should be complete in early 2007. What Is the Problem, Anyway? Figure 1: NAT Operation NAT operates by rewriting the IP addresses in the IP headers as packets pass from one interface to the other. When a packet is sent from the “inside” of the NAT toward the “outside”, the source IP address and port are rewritten from the address space on the inside (usually, private IP address space) into the address space on the outside. Similarly, packets from the outside to the inside have the destination address and port rewritten from the address space on the outside to the one on the inside. Typically, NAT will rewrite the addresses by maintaining a table of bindings that map each internal IP address and port to an external IP address and port. A binding is created dynamically when the first packet from a particular internal IP address and port arrives at the NAT. The process is shown pictorially in Figure 1. This kind of translation works just fine for many protocols. HTTP, POP, and SMTP, for example, work fine through such devices. Things break down for protocols that carry IP addresses and ports in the payload of the packet itself – an area not touched by the NAT. Protocols such as SIP, whose job is to establish multimedia sessions between hosts on the Internet, fundamentally require IP addresses and ports in their payload. For these protocols, the NAT completely breaks their operation. A simple example can help illustrate. Consider Alice, who wishes to place a call to Bob. This is done in SIP by sending an SIP INVITE message. The INVITE message contains Alice’s IP address and port where Alice expects to receive media packets. When Bob receives the message and answers the call, he sends his media packets to that IP address and port. This allows the latency-sensitive multimedia traffic to make its way directly from Bob to Alice. If Alice is behind a NAT, her INVITE message will contain a private address. As the SIP message passes through the NAT, the NAT will rewrite the source IP address of the SIP packet but will not touch its contents. When the message arrives for Bob, the address indicated within its payload will, in most cases, not be reachable by him. Consequently, media traffic will not flow. The Market Responds The market quickly responded to the traffic flow problem with several solutions. The two most common are the application layer gateway and the session border controller. An ALG is an application-layer component whose functionality is resident in the NAT itself. The NAT inspects SIP packets as they transit the NAT. Instead of just ignoring the content of the packets, as a normal NAT does, the ALG translates the IP addresses within the body of the SIP message, matching them with the translated source IP address. In some regards, this is the obvious solution to the problem. The NAT is the element that broke SIP, so it should fix it. It is completely transparent to SIP clients and servers. SIP ALGs have found usage primarily in enterprise environments. However, they are far from representing an ideal solution. Because the ALG needs to inspect and modify the SIP packets, many of SIP’s security mechanisms – such as SIP over transport-layer security (TLS) (SIPs) and SIP identity⁽⁴⁾-break when used with an ALG. Indeed, these security mechanisms need to be disabled for the ALG to operate. The reason is simple: the ALG operates like “a man in the middle,” and its modification of SIP packets cannot be differentiated from a man-in-the-middle attack. ALGs also make it extremely difficult to introduce extensions to SIP. The ALG needs to be SIP aware and must be programmed with all SIP functions that might affect NAT traversal. Since the ALG is part of the router itself, this results in SIP functionality’s being built into the network. Adding an extension to SIP that interacts with NAT traversal requires support from every single NAT that might possibly see SIP messages. In essence, the Internet itself must be upgraded as well. This is contrary to the very notion of IP, which separates the network from the applications that run on top of it. Finally, ALGs have been proven sources of problems in implementation and interoperability. They frequently implement only subsets of the required functionality, breaking more-complex cases. When problems do occur, diagnosing them is nearly impossible, since the ALG is invisible to the rest of the SIP network. Instead of relying on ALGs, most SIP networks have made use of a close cousin of the ALG: the session border controller. The SBC does many of the same things an ALG does: It receives SIP packets and rewrites those portions of the message that contain IP address information. However, whereas an ALG is transparent and modifies packets as they pass through the NAT, the SBC looks to the outside world like an SIP proxy and is the direct target for SIP requests. Because it is not a transparent intermediary, it does not break SIP security mechanisms meant to operate between SIP elements, such as SIP over TLS. However, since the SBC does still modify SIP packets, it does break other SIP security techniques, such as SIP identity. Unlike ALGs, which require every NAT device in the network to be upgraded, a VoIP provider can simply add an SBC to its network without changing the SIP clients, the SIP servers, or the NAT devices in the rest of the network. This makes SBCs relatively easy to deploy, which is the primary reason for their success in the market. However, SBCs share many of the problems of ALGs, including breaking SIP security mechanisms and making it difficult to introduce SIP extensions. The latter deficiency is particularly problematic, since one of the key strengths of SIP’s design – and one of the reasons for its success in the market – has been that flexibility and adaptability. SBCs make SIP networks much more rigid. The IETF to the Rescue The first attempt was called midcom (Middlebox Communications)⁽⁵⁾. Midcom allows an SIP proxy server to communicate with NAT or a firewall to ask it for explicit translation and pinhole services. However, the proxy is still required to modify the SIP message, resulting in many of the same problems that SBCs had. Worse still, midcom works only in a rigid set of topologies where the proxy server knows the location of the NATs and firewalls and has a strong trust relationship with them. This limited its applicability, and consequently midcom has seen limited usage. The next specification that was produced was simple traversal of User Datagram Protocol (UDP) through NAT (STUN)⁽⁶⁾. With STUN, the SIP client generates a STUN request to a STUN server on the public Internet. This request causes the NAT to allocate a binding to the client. The STUN server sends a response to the client and, within its body, returns the source IP address and port of the request as seen by the STUN server. The client then uses this IP address and port in its SIP messages. STUN has the benefit of being extremely lightweight and scalable. It avoids all of the security pitfalls of SBCs and ALGs. However, it does not work through certain types of NAT, and it fails in topologies where both caller and called party happen to be behind the same NAT. This limits its applicability. To broaden the applicability, a companion protocol called Traversal Using Relay NAT (TURN)⁽⁷⁾ was developed. As with STUN, a client sends a request to a TURN server prior to making a call. The TURN server returns to the client an IP address and port that it can use as the destination for media. The client includes the IP address and port in its signalling messages. However, the IP address and port provided by the TURN server are those of the TURN server itself, which acts as a relay by forwarding packets to and from the client. In essence, the TURN server is like a virtual private network (VPN) server, but running at the UDP layer rather than the IP layer. Though TURN works in more cases than STUN does, TURN is expensive, since it requires the provider to relay media for every SIP call. This also increases voice latency. What was needed was a technology that somehow combined the benefits of STUN and TURN without their drawbacks. ICE Is Nice ICE was first submitted as an individual draft in February 2003 and was adopted as a deliverable of the IETF mmusic working group in October 2003. Having gained increased interest over the years, ICE is finally near completion after two rewrites and several redesigns. ICE provides NAT and firewall traversal capabilities for any type of session-oriented protocol, though it has been designed to work with SIP and its companion protocol, the Session Description Protocol (SDP). ICE makes use of STUN and TURN and provides a unifying framework around them. ICE is extremely robust, providing traversal under even the most complex topologies. It is also optimal, in that it will make use of intermediate relays (the TURN server) only when nothing else works. ICE also supports Transmission Control Protocol (TCP) media sessions, such as those used for shared whiteboards or application sharing. Even though ICE has not yet reached RFC status, there are already several large-scale deployments supporting hundreds of thousands of users. There are implementations in several soft-phone clients. The essential idea of ICE is relatively straightforward. Rather than pick just STUN or just TURN for a particular call, a client will obtain IP addresses and ports by using both techniques, including both addresses – in addition to ports allocated from local interfaces – into the SIP call-setup messages. Each of these is called a candidate and represents a potential point of communications for the agent. When the SIP call-setup request arrives, the called party does the same thing, including numerous addresses in the SIP response. At that point, the agents begin a process of connectivity checks. These are STUN messages sent from one agent to the other, probing to find a particular pair of addresses that work. Once a pair is found, the probes cease, and media can begin to flow. The detailed operation of ICE can be broken into six steps: gathering, prioritizing, encoding, offering and answering, checking, and completing. Step 1: Gathering Prior to making a call, the caller begins gathering IP addresses and ports, each of which is a potential candidate for communications. The first such candidate is gathered from interfaces on the host. If the host is multihomed, the agent gathers a candidate from each interface. Candidates from interfaces on the host (including virtual interfaces) are called host candidates. Next, the agent contacts a STUN server from each host interface. The result will be a set of server-reflexive candidates. These are IP addresses that route to the outermost NAT between the agent and the STUN server, which is typically on the public Internet. Finally, the agent obtains relayed candidates from TURN servers. These IP addresses and ports reside on the relay servers. As an optimisation, the TURN protocol allows a client to learn its relayed and server-reflexive candidates at the same time. Step 2: Prioritizing Once the agent has gathered its candidates, it assigns each of them a priority value. Priorities are from 0 to 2 to the power of 31 minus 1, with larger numbers denoting higher priority. The priorities are computed by means of a formula that combines preferences for types of candidates (where the types are host, relayed, and server reflexive) along with preferences for each host interface. Typically, the lowest priority is given to the relayed candidates, since sending media through a relay is expensive and increases voice latency. When a host is multihomed, it typically prefers one interface to another for communications. For example, a VPN interface might be preferred to an Ethernet interface in order to keep intracompany voice communications on a private enterprise network. Step 3: Encoding With its candidates gathered and prioritised, the agent constructs its SIP INVITE request to set up the call. The body of the SIP request contains an SDP message that conveys the information needed for transmitting the media content of the call. This includes the types of media codecs, their parameters, and the IP addresses and ports to be used. ICE extends SDP by adding several new SDP attributes. The most important of them is the candidate attribute. For each media stream signalled in the SDP, there is a candidate attribute for each candidate the agent has gathered. The attribute contains the IP address and port for that candidate as well as the priority and type of candidate (host, server reflexive, or relayed). The SDP also contains credential information that is used to secure the STUN messaging, which will commence later. Step 4: Offering and Answering Once the calling agent has constructed its SIP INVITE request with the SDP payload, it sends the request to the called party. The SIP network delivers the request to the called party. Assuming the called party also supports ICE, the called party holds off on ringing the phone. However, it performs the same gathering, prioritizing, and encoding that the caller performed. The called party then generates a provisional SIP response. Such a response indicates to the caller that the request is being processed but that processing has not been completed. The provisional response contains an SDP with the candidates that the called party has gathered. The SIP network delivers the provisional response to the caller. Step 5: Checking At this point, the caller and called party have exchanged SDP messages. Each is therefore aware of the set of candidates for each media stream that will make up the call. (There may be more than one media stream; in videophones, for example, there would be an audio stream and a video stream.) In this next step, ICE performs the bulk of its work. Each agent pairs each of its candidates with a candidate from its peer. The result is a list of candidate pairs. If each agent provided three candidates for a media stream, there would be a total of nine candidate pairs for that media stream. Each agent computes a priority for the candidate pair by combining the priority of each candidate in the pair. For ICE the objective is to determine a candidate pair for which media will successfully flow in each direction. If many candidate pairs work, the objective is to select the highest-priority pair. Since the priority of each candidate (and consequently, the pair) is largest for those with fewest intermediate relays (whether they be an NAT or a TURN server), the highest-priority pair will also be the one that provides the most direct path for media traffic. To verify that a candidate pair works, ICE makes use of a STUN transaction from each agent towards the other, called a connectivity check. The STUN transaction uses the IP addresses and ports in the candidate pair – the same IP addresses and ports that will be used for the transmission of media. Considering again our example of Alice and Bob, Alice sends a STUN request from one of her candidates to one of Bob’s candidates. If the STUN request is received, Bob generates a response that reaches Alice. If Alice gets Bob’s response, she knows she can send a packet from her candidate to Bob’s candidate and that Bob will be able to receive it. Since she got a response, she also knows that packets from Bob are able to reach her. Thus, the STUN transaction serves to verify bidirectional reachability for a candidate pair. If Bob performs his own transaction, he can verify bidirectional reachability as well. (Note that the receipt of a request from Alice is not sufficient; it doesn’t indicate to Bob whether his response reached Alice.) Since the STUN transactions are sent on the same IP addresses and ports that will eventually be used for media traffic, there is a need to demultiplex the STUN and media by using something besides the port. STUN has several fields built into its headers that allow it to be demultiplexed from arbitrary application traffic. In an ideal world, the UDP and TCP port could be used to multiplex. However, NAT has effectively made the port numbers part of the IP layer, since they now are significant in the routing of IP datagrams. Since the number of candidate pairs grows by the square of the number of candidates, the performing of the checks for each pair in parallel is problematic. Instead, ICE performs the checks sequentially. The candidate pairs are ordered by priority, and every 20 milliseconds, each agent generates a STUN transaction for the next pair in the list. In addition, when an agent receives a STUN request on a candidate pair, it immediately generates a STUN transaction in the reverse direction. This is called a triggered check, and it improves the responsiveness of ICE. Step 6: Completing Once a check is completed, the agent knows it has found a pair that will work for media traffic. Since the checks are done in priority order, the first one to be completed will usually be the highest-priority pair that works. One of the agents, typically the caller, will generate a final check toward the other agent, confirming that the pair is the one selected. This allows for each agent to unambiguously communicate which pair will ultimately be used for media. Once this final transaction has been sent, the called agent can now ring the phone. All of the processing so far – the gathering and all of the connectivity checks – takes place prior to the called party’s phone even ringing. This means that ICE has the side effect of increasing call-setup delays. This is ICE’s primary drawback. However, the increase in delay tends to be proportional to the complexity of the situation. For a basic voice call between two endpoints on the public Internet, with no intervening NAT, ICE adds to the call setup only a single round-trip time that is inconsequential. By avoiding ringing the phone until the ICE checks have been completed, ICE can guarantee that when the called party does answer, media will successfully flow in each direction. ICE therefore eliminates ghost rings – cases where the phone rings but the users hear nothing when they answer the phone. Ghost rings are common problems in VoIP and are almost always caused by NAT and firewall traversal problems. Once the phone rings, the called party answers. This generates an SIP 200 OK final response, confirming acceptance of the call. When callers get a 200 OK, they send an SIP ACK. If ICE negotiation results in the selection of a candidate pair that differs from the default IP address and port carried in the SDP (the default is used for communicating with non-ICE endpoints), the caller performs an SIP re-INVITE to update the default. This is done for the benefit of intermediate SIP elements that are not ICE aware but that need to know where media is being sent. Concluding Remarks ICE is one of the most important extensions produced to date for SIP. Indeed, it is considered one of its few core extensions – those expected to be used by every SIP client for every SIP call8. Though designed for SIP, ICE is applicable to any session-oriented protocol. Indeed, ICE is currently in deployment with a non-SIP protocol. Work is also in progress to apply it to the Real-Time Streaming Protocol (RTSP), used for streaming media control. ICE’s importance goes beyond just robust NAT traversal. ICE adds significant security to SIP overall, eliminating a key DoS attack (the voice hammer), which can be launched by using SIP networks as amplifiers. With all of these benefits, it’s not hard to see why ICE is likely to be a cornerstone of all SIP networks in the near future.

References 1. M. Handley, H. Schulzrinne, E. Schooler, J. Rosenberg. “SIP: Session Initiation Protocol.” IETF RFC 2543, March 1999. 2. J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, E. Schooler. “SIP: Session Initiation Protocol.” IETF RFC 3261, June 2002. 3. J. Rosenberg. “Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols.” IETF Internet Draft draft-ietf-mmusic-ice-12, October 2006. 4. J. Peterson, C. Jennings. “Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP).” IETF RFC 4474, August 2006. 5. P. Srisuresh, J. Kuthan, J. Rosen-berg, A. Molitor, A. Rayhan. “Middlebox Communication Architecture and Framework.” IETF RFC 3303, August 2002. 6. J. Rosenberg, J. Weinberger, C. Huitema, R. Mahy. “STUN – Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators (NATs).” IETF RFC 3489, March 2003. 7. J. Rosenberg, R. Mahy, C. Huit-ema. “Obtaining Relay Addresses from Simple Traversal underneath NAT (STUN).” IETF Internet Draft draft-ietf-behave-turn-02, October 2006. 8. J. Rosenberg. “A Hitchhiker’s Guide to the Session Initiation Protocol (SIP).” IETF Internet Draft draft-ietf-sip-hitchhikers-guide-01, October 2006.

This article is based on a presentation given by Jonathan Rosenberg during IETF 67.]]> 1088 0 0 0 258 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iasaiaoc-update/ Tue, 07 Nov 2006 17:09:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1090   The Internet Administrative Oversight Committee (IAOC) met for two days in January to review IETF Administrative Support Activity’s (IASA’s) progress during 2006, to establish goals for 2007, and to begin planning for the transition of IAOC members in March 2007. As much as half of the current IAOC membership may change after the next IETF meeting, scheduled for March 2007 in Prague. Steve Crocker and I will both be stepping down, Jonne Soininen’s two-year term as a NomCom appointee is up, Brian Carpenter will not be re-upping as IETF Chair, and Leslie Daigle’s position as Internet Architecture Board (IAB) chair is subject to change after new IAB members are seated in Prague. With respect to 2006, some of the notable IASA accomplishments included:

• Surviving the rains in Dallas, which christened the first IETF meeting organised via our new operating model, which has the IETF Administrative Director (IAD) working with Neustar Secretariat Service (NSS)
• Repeating that success again in Montreal and San Diego.
• Closing in on our goal of being at least 12 months ahead with respect to upcoming IETF meetings; Ray Pelletier has already announced the dates and locations for the first two IETF meetings of 2007
• Getting community input and consensus on the dates of all future IETF meetings to the end of 2010
• Establishing a good working relationship with the new Secretariat team, such as NSS. Among the accomplishments this year is the negotiation of a multiyear, multimeeting hotel contract with Hilton International. This contract is a significant improvement over past (one-time) hotel contracts, and by holding five of our next 15 meetings at Hilton locations, the IETF will see substantial cost saving.
• Receiving quarterly transfers of IETF-related intellectual property rights (IPR) from the Internet society into the IETF Trust
• Issuing a request for proposals (RFP) for RFC Editor services, accepting three bids, and executing a memorandum of understanding (MoU) with one of those bidders.
• Issuing a Network Services RFP to enable outsourcing the Network Operations Centre (NOC) for any future IETF meeting where the host does not want to provide the meeting network
• Finalising revisions to the IPR boilerplate text to be put onto new I-Ds and RFCs; the IPR WG finished work on this during 2006, and all future contributions to the RFC series will be identified as contributions to the IETF Trust, per the language in RFC 4748
• and much more (see IASA pages at http://iaoc.ietf.org)

Looking ahead, items for the IAOC “to do” in the first half of 2007 include:

• Converting the MoU for RFC Editor Services into a formal contract (target is to complete this before March 2007)
• Selecting a winning bidder from the responses to the Network Services RFP, and develop running code in Prague
• Issuing a request for information (RFI) for IETF support services (target date is before Prague); based on the responses to that RFI, revise the statement of work (SoW) for secretariat and meeting services before going to RFP
• Continuing development of support tools, such as extensions to the ID-tracker
• Reviewing IASA progress, and revise the IAOC charter based on the requirements of the original IASA best current practices (BCP), such as RFC 4071
• Welcoming new members to the IAOC (in Prague)

On a personal note, I have truly enjoyed my time with the IAOC. I think we have accomplished a lot and our internal relationships have been a constant reminder of all that is best about the IETF “way” of working. I wish the new IAOC much success in the future, and know that both returning members and the IETF community will support the new team as they take over the reins in Prague. My own time with the IAOC has been challenging, entertaining, occasionally exasperating, and ultimately very rewarding. I would encourage everyone in the IETF community to take their turn participating in these all important “housekeeping” issues.]]> 1090 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-67-irtf-report/ Tue, 07 Nov 2006 17:10:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1092 During the Technical Plenary at IETF 67, Aaron Falk, chair of the Internet Research Task Force (IRTF), reported on the status of all currently active Internet research groups (RGs). Highlights of several are described here. Delay-Tolerant Networking Research Group (dtnrg) Thirteen drafts are currently active within the DTN RG, with the DTN Architecture document in the process of being finalised. The research group met during IETF 67 and conducted an interoperability test to test the following:

• 4 Languages: C++, Java, C#, C
• 4 Operating systems: Symbian cell phone, MacOS, Linux, Win32.net
• 4 Machines: Mac, PC, Nokia 770 PDA, Nokia cell phone

All tests demonstrated successful interoperability. In addition, a 9 DTN-hop linear network was demonstrated during the IETF meeting. In a related note, an experiment on the use of DTN in (very) northern Sweden used DTN to provide Internet access for Saami reindeer herders. End-Middle-End Research Group (eme) The EME RG was chartered following a birds-of-a-feather (BoF) session at IETF 66 in July 2006. The goal, according to its charter, is to “provide a way for end-to-end communication to explicitly address middleboxes, so that their behaviour can be understood, monitored and controlled.” As a next step, an architecture will be developed, considering design choices and deployment. End-to-End Research Group (end-2-end) A meeting of this RG is planned for February 2007 in the United Kingdom. Host Identity Protocol Research Group (hip) The HIP-over-NAT problem statement completed Internet Research Steering Group (IRSG) review and is now in the RFC Editor queue. The RG recently started a discussion on how to encourage more HIP experimentation The HIP RG is planning to meet at IETF 68. Internet Congestion Control Research Group (iccrg) The ICC RG is currently developing a catalogue of congestion control in the RFC series. The focus is not on TCP, where a road map already exists, but on ECN, UDP, DCCP, and multicast. The ICC RG is planning a meeting on 12 February 2007 in Los Angeles with a workshop on Protocols for Fast, Long-Distance Networks (PFLDnet). Meeting information can be found here. IP Mobility Optimisation Research Group (mobopts) The MOBOPTS RG has opened Last-Call for the document titled Unified L2 Abstractions for L3-Driven Fast Handover. Other topics for the RG include multicast and IPv6 mobility and location privacy. Network Management Research Group (nmrg) The NM RG most recently met in Utrecht, Netherlands, in October 2006. Research in this area has undergone several changes over the past few years, producing new challenges. Addressing the challenges over a time frame of five years was one of the topics covered at the meeting. Additional network management research was recommended, including monitoring, anomaly detection, behaviour modelling, probabilistic management approaches, and algorithms for handling management data. Detailed minutes are here. A position statement, agenda, and presentations are online here. The Peer-to-Peer Research Group (p2prg) The P2P RG is currently discussing the future direction of the group. Routing Research Group (rrg) The R RG met at IETF 67 and discussed an extended report on the work of the subgroup conducting scalability research. It is questionable whether interest exists in continuing this RG. Chair Avri Doria has issued a call for interest, pointing out that the R RG is looking for good routing research ideas. “There are lots of graduate students with no real local inspiration who would love to work on some inspired ideas,” she said. Scalable, Adaptive Multicast Research Group (samrg) The SAM RG met at IETF 67 as well as during the peer-to-peer multicast workshop during the IEEE Consumer Communications and Network Conference in January 2007 in Las Vegas. To date there are three active Internet-Drafts that encompass requirements, a problem statement, and a survey. Transport Modelling Research Group (tmrg) The TM RG is preparing for publication of a document titled “Metrics for the Evaluation of Congestion Control Mechanisms.” The group is planning to have this document passed to the IRSG to become an Informational RFC by the time of IETF 68, scheduled for March 2007 in Prague. The group is also planning to complete a document titled “Tools for the Evaluation of Simulation and Testbed Scenarios.” The document on best-current-practice scenarios is now a draft. Within this RG, there may possibly be a long period of additions, feedback, and disagreement. The following RGs are not currently active: Anti-Spam RG (possibly due to the Domain Keys Identified Mail [DKIM] WG) and Internet Measurement RG (which may be dead). For more information about the IRTF, please see www.irtf.org.]]> 1092 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/news-from-the-irtf/ Tue, 07 Nov 2006 17:30:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1118 Alain Aina at IETF66 Photo: Michuki Mwangi The ultimate achievement for a technical engineer is the opportunity to participate at the highest level of Internet development, perhaps even serve as a co-author of an RFC. To most Internet engineers, the IETF is a revered organisation and involvement is regarded as a career high. We felt that our participation at the IETF meeting in Montreal was both a personal achievement and a motivational experience. It gave life to a process that we had experienced only on mailing lists. Having had the opportunity to be at the meeting, we were able to appreciate the passion and the energy that are put into the IETF for the good of the Internet. The 66th IETF meeting was held at the Palais des congrès in Montreal, Canada. The conference facility was large enough that with a total attendance of 1,257, it was difficult to comprehend a meeting of this magnitude. In Africa, most ICT-related meetings do not draw large numbers of participants, except for the WSIS, ITU, and ATU meetings. However, only at the IETF plenary meetings and the breakfast sessions could one appreciate the sheer number of participants. During the plenary, for example, the wireless network was challenged as a result of the large concentration of people in one room at one time. Nonetheless, being newcomers to the meeting, we must admit that the level of organisation was exceptional despite the numbers. It’s no wonder that the IETF budget runs into the thousands of dollars. Due to our keen interest in the DNS and IPv6, which is a result of our involvement in the African ccTLD and Internet Registry arena, we were interested in attending the working groups on the Internet operations and routing areas. Some of the issues concerning the deployment of DNS-SEC and IPv6 for our region were of particular interest to us. We learned that the Kenyan (.ke) and the Senegalese (.sn) ccTLD Registries have formal plans to commence DNSSEC trials in the near future. We also learned that AfriNIC, the African Regional Internet Registry, is currently undergoing IPv6 training in the region, with the aim of creating the necessary awareness and expertise for deployment. However, in order to appreciate the protocols functionalities, involvement in IETF discussion groups has helped unearth and clarify the challenges faced by those involved in deployment. By attending the IETF meetings, the reality of the issues is made even clearer through the deliberations on their impacts at the Working Group sessions. Of interest were the discussion on the AS112 draft and the DNS reflector attacks drafts that bring to the fore operational concerns as they apply to the DNS. The two drafts have proposed implementation recommendations that are, in our opinion, worth consideration. Initiating discussions within our region on these two drafts seems like a fair starting point for generating sufficient interest in the IETF activities. Finally, we noticed a large number of participants from the Asian region and were disappointed to see that, other than the two of us, there were no African participants. Increasing participation at IETF meetings from among African nations will be challenging and possible only through increased awareness of the meetings’ activities and role. A similar issue was raised at the plenary meetings in regard to the location of future IETF meetings. There were varied opinions as to why considerations should or should not be given to hosting meetings in developing countries and regions. Ultimately, it was felt that hosting the IETF meetings in a region that draws many participants was of more value than hosting a meeting in a location where there would be little participation. Unfortunately, if that was the primary criterion, it would virtually eliminate any possibility of hosting an IETF meeting in Africa. This makes it even more of a challenge to the communities in those regions to become active contributors to the future of Internet protocols and standards development, and not just consumers of the Internet. We wish to take this opportunity to thank ISOC for making our participation at the IETF 66 meeting possible. Further, we wish to thank our mentors, Joe Abley, Jaap Akkerhuis, John Crain, Lucy Lynch, Frederico Neves and ISOC staff members Mirjam Kühne and Matthew Shears for ensuring that we settled in without much ado.]]> 1118 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/tcpip-25th-anniversary/ Tue, 07 Nov 2006 17:37:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1122

While Vint Cerf and Robert Kahn were widely credited with the design of TCP/IP, many others involved in the ARPANET project made significant contributions. According to Vint Cerf, “The core of the documents was RFC 675 from December 1974 authored by Carl Sunshine, Yogen Dalal and me. The subsequent sequence of documents leading up to RFC 791 and 793 had the benefit of quite a few hands, including the participation of Dave Clark, Jon Postel, Bob Braden, Ray Tomlinson, Bill Plummer, Jim Mathis, as well as other early implementers of TCP.” Of course, at the time, many other unnamed contributors who participated in the debate. Original 1982 IP Transition Workbook Photo: Daniel Karrenberg Since the RFC series was launched in 1969 by Steve Crocker at UCLA, it has continued as the public archive of the Internet’s fundamental technology. Since 1977 it has been hosted by the Information Sciences Institute of USC. ARPA funding ended in 1998, at which time ISOC took over, as its first major funding effort for Internet standards. Since the end of 2005, the RFC Editor has been supported by the IETF Administrative Support Activity, which is hosted and partly funded by the Internet Society.

 

The long-serving RFC Editor, Jon Postel, passed away in 1998. His close colleague throughout all these years Joyce Reynolds said: “Operating systems and computers have changed over the years, but Jon’s perseverance about the consistency of the RFC style and quality of the documents remained true.” Many friends and colleagues remember him at www.postel.org/remembrances. “We can’t yet say that the Internet is mature, "says Brian Carpenter, chair of the IETF, "but it’s a great tribute to the pioneers that the two most basic specifications that were published a quarter of a century ago are still largely valid today. I hope the IP version 6 standard will do as well.” Stanford Plaque commemorating early work done on TCP/IP in 1973-1975 Courtesy of Vint Cerf]]> 1122 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf64-review-plenary-sessions/ Thu, 07 Dec 2006 18:19:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1176 Operations and Administrative Plenary Brian Carpenter, the chairman of the IETF, opened the plenary by reminding everybody that we are approaching the 20th anniversary of the IETF. In January 1986 the first IETF meeting was held in San Diego, US, with 15 attendees. Now, almost 20 years later, there were 1291 attendees from 40 countries. It is interesting to note that exactly one year ago 1,309 people from only 26 countries attended the IETF in Washington DC. The IESG has some pretty good tools now, and is planning to review their own efficiency and working methods before IETF65. Narrative minutes of IESG meetings can now be found at: http://www.ietf.org/IESG/iesg-narrative.html There is also a new IESG projects page at: http://unreason.com/jfp/iesg-projects.html At IETF64 Brian organised the pesci BoF (Process Evolution Commitee for the IETF) to operate in design team mode as a way to bootstrap some progress on IETF process change. The outcomes will be submitted to the rough consensus process. The initial goal was to identify a list of principles for the change process: http://www.rfc-editor.org/internet-drafts/draft-davies-pesci-initial-considerations-00.txt Brian ended his report with the announcement that Vint Cerf and Bob Kahn received the US Presidential Medal of Freedom (together with Muhammad Ali, Aretha Franklin, Alan Greenspan and others). According to the official press release (http://www.whitehouse.gov/news/releases/2005/11/20051103-5.html) they were awarded the medal as a result of their having “designed the software code that is used to transmit data over the Internet”. The next IETF meeting (IETF65) will be held in Dallas, Texas, USA, 19-24 March 2006. The Summer IETF will be held 9 – 14 July. The venue has not been finalised yet. Host address Ed Juskevicius, representing Nortel, the host of this IETF, gave some insight into the tasks and challenges of an IETF host. They range from finding a suitable venue, fulfilling extensive network requirements all the way to providing tee shirts and an exciting social event. Ed thanked the many sponsors, advisors, volunteers and the NOC team. IAD update Ray Pelletier, the IETF Administrative Director (IAD) presented the IETF budget for 2006. Of note is the increase in budget for the RFC editor provided by ISOC. By providing these additional resources, it is expected to reduce the RFC editing backlog. Ray also confirmed that Foretec, the organisation that has provided secretariat and meeting support to the IETF since 1998, is being acquired by Neustar. A service contract between Neustar and the IETF Administrative Support Activity (IASA) for taking on the secretariat functions and the meeting organisation is under negotiation. Editor’s note: an agreement is now in place – see the article on page 1 for details. In December, the IAD will visit the RFC Editor and IANA for further discussions on improving efficiency and integration with IETF secretariat operations. In 2007 a Request for Proposal (RFP) for the secretariat and meeting support will be issued. An RFP for the RFC editor function will be issued in 2006. IAOC update Lucy Lynch, the chair of the IETF Administrative Oversight Committee (IAOC), followed with an update on the IAOC activities. Recent activities include negotiations of the terms of the IETF trust and setting up a model license agreement for the trust assets. With respect to the IETF trust, the IAOC reached substantial agreement with CNRI and ISOC. Right after the meeting the IAOC chair sent a call for consensus to the IETF mailing list asking for community affirmation of the IETF Trust document. A list of frequently asked questions on trust matters has been developed by the IAOC:http://koi.uoregon.edu/~iaoc/docs/TrustFAQv1.1.txt More information on the structure of the IASA, the IAOC members, minutes of IAOC meetings and more details about the IETF trust can be found here: http://koi.uoregon.edu/~iaoc/ RFC Editor update Joyce Reynolds, representing the RFC Editor, reported on recent activities. Since the last IETF 105 documents (3000 pages) were published. People are working hard to reduce the backlog and results can be seen now. The RFC Editor collaborated on an experiment to introduce editing earlier in the IETF process. The results were presented during the techspec BoF at this IETF. Joyce further reported that delays introduced by normative references to as-yet-unapproved documents have become a major problem. Therefore the RFC Editor has decided not to work on a document until those references have been resolved. The publication queue is now automatically updated at http://www.rfc-editor.org/queue.html IANA update Barbara Roseman, operations manager of the Internet Assigned Numbers Authority (IANA), gave an update on IANA’s recent activities. David R. Conrad joined the IANA as General Manager in October. IANA now has seven staff members. Most requests are now handled within 30 days. There are still a number of older requests though. Barbara encouraged everyone who has a request pending that is older than 30 days to contact the IANA at iana@iana.org. The IANA will be working with the IESG to agree on time frames in which to complete requests and will report back to the community on the performance against those goals. With the new staffing level, Barbara said she is confident that the IANA is in a position now to address the full diversity of their responsibilities. Process and Tools (PROTO) team update Allison Mankin, one of the team leaders of the Process and Tools (PROTO) team, reported on the work of the team. Operational guidelines for WG chairs have been developed and many WG chairs are in fact using them. Since the guidelines have been published about a year ago, a lot of useful feedback has been received by the PROTO team. In fact, during this IETF new tools have been used to allow WG chairs to upload presentations and proceedings directly to the IETF web site. The PROTO team is encouraging all WG chairs to review and use the guidelines (current version: draft-ietf-proto-wgchair-doc-shepherding-05.txt) and to provide feedback to proto-team@ietf.org The PROTO team is also looking for two or three additional team members. More information about the PROTO team can be found at: http://mip4.org/proto/ A new web page directly linked from the IETF web site is under development. NomCom update Ralph Droms, the chair of the NomCom 2005, introduced this year’s Nominations Committee and encouraged people to provide nominations for open IESG and IAB positions. More information can be found at http://www.ietf.org/nomcom/index.html Open mike After these updates, the IESG, as well as the IAD and IAOC chair, joined moderator Fred Baker on stage for a period of open mike discussion. A number of different issues were raised. The first was related to individual submissions to the RFC editor and how they could be handled more efficiently. Bob Braden from the RFC Editor pointed out that it is IETF policy that IETF documents take precedence and with the current backlog, it is difficult to process individual submissions faster. Some suggestions were made to either lower the level of review for non standards documents or possibly create a lable or page for documents that would show the status of a document. The next comments were addressed to the IAOC. Some people felt that there is not enough transparency and that the community is not involved in the decision making process early enough. Others disagreed and stated that prior to the formation of the IASA the IETF community was never involved in decisions regarding IETF operations. The IASA was specifically formed to take responsibility for these administrative matters, and the way in which the IAOC is working with the community is a great improvement. Lucy Lynch, the IAOC chair, pointed out that all minutes and other IAOC documents are published in a timely manner on the IAOC web site. However, some decisions involve negotiations with third parties and cannot be discussed openly. Another issue that was raised was that whether a WG chooses solution A, B or both often depends as much on how the WG is run as on the technical merits of A versus B. There are more inwardly focussed WGs with narrow objectives vs WGs that consciously look outwards at the big picture. And even though RFC 2418 makes it clear that every WG can chose their method of working depending of the amount and the type of work, this issue should not be underestimated and might be a topic for the IAB and the IESG to look at. Technical Plenary After Leslie Daigle, chair of the IAB, opened the technical plenary session, Aaron Falk, the chairman of the Internet Research Task Force (IRTF) gave an update on the work of the IRTF. As reported at the last IETF, the IRTF is reaching out to the research community. In order to attract more researchers to actively work in the IRTF, Aaron published an article in the ACM Computer Communication Review: http://www.acm.org/sigs/sigcomm/ccr/archive/2005/october/p69-falk.pdf Two new Research Groups have been set up: one on Transport Modelling (TMRG) and one to work on Internet Congestion Control (ICCRG). In addition to that there are currently ten Research Groups active in the IRTF. In the future there might be new work on small-group multicast. The Routing RG held a meeting with the IAB to review the status of the research. Aaron has also been working with the IETF attorney to find out if the IETF Intellectual Property Rights (IPR) policy could be applied to the IRTF. Finally, the IRTF started to use the Friday afternoon slots for RG meetings. At this IETF the Host Identity Protocol Research Group (hiprg) met. The next presenter was David McGrew who gave a report on recent findings of the Crypto Forum Research Group (CFRG). The discussion on specific cryptography mechanisms concluded with a suggestion for people active in the security area to publish a document with recommendations for specific mechanisms (also see the article by Eric Rescorla in this issue of the IETF Journal). The IAB Chair Leslie Daigle provided an expanded update at IETF64. Taking the opportunity of the NomCom cycle (looking for next year’s IAB members) she provided an overview of the IAB’s documented responsibilities and used that to give context to reported IAB activities (see ‘News from the IAB’ for a full IAB report). IAB Town Hall Session During the open Town Hall session following the techncial presentations, a number of issues were raised and recommendations made to the IAB. During this IETF week, IAB members took an active role in BoF meetings. In fact all BoF meetings are attended by at least one IAB member. It has been suggested though that the IAB would be even more actively involved in the formation on BoFs to get an early architectural review of new work brought into the IETF. Overall, the community appreciates the IAB taking a more active role in the early stages of BoF and WG meetings. Also the IAB documents are seen to be useful. A suggestion was made to create clearer guidelines for the formation of BoF meetings. Sometimes people who bring new work into the IETF think they have to shape the BoF or WG by themselves whereas in fact, it is a community issue. It is important to understand the architecture and the big picture early on in the process. It was felt that a closer partnership between the IESG, the IAB and the BoF organisers is needed. This was followed by a discussion on increased complexity in the transport layer and the risk to lose interoperability of various protocols. Some people felt however that this is an integral part of the IETF: “We don’t do systems, we do pieces. We never say that all this works on the same box.” said Bob Hinden. This has to be considered carefully when implementing. “If we want to change this, this would fundamentally change the work of the IETF,” Bob Hinden added. He suggested to document this clearly (possibly as an IAB document?). Pekka Nikander, a member of the IAB believes that in this context the identifier/locator split is the right approach. “If we want to have mobility and multi-homing at the same time, we need a new layer of indirection,” said Pekka. He suggests to continue this disucssion on the new mailing list: architecture-discuss@ietf.org. The last topic brought up during this plenary session was related to the work and charter of the cross registry information service protocol (crisp) WG and the question if crisp can also be applied to Routing Registries. Leslie pointed out that crisp is focused on domain and address, but not on routing registries. Kurtis Lindqvist added that “there is a fundamental difference between an address object and routing objects.” The Regional Internet Registries are actually working on a certificate mechanism to address the issue of route authentication. In that context one should not forget that the routing topology looks different in different parts of the world: “In the ISP community in Japan hierarchical route management is an accepted concept.” stated George Michaelson, co-chair of the crisp WG. But globally this is not the case. In closing, Alex Zinin, one of the Routing Area Directors reminds people not to confuse hierarchy of routing and hierachy in address allocation: “For routing, hierarchy is not needed, aggregration is what is important. As far as address allocation goes, the address space has to be managed.” Alex said. All presentations given during the IETF 64 plenary session can be found at:http://www.ietf.org/meetings/past.meetings.html]]> 1176 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/calendar/ Mon, 27 Nov 2006 16:20:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1478 IETF 68 18 – 23 March 2007 Host: NeuStar Location: Prague, Czech Republic IETF 69 22 – 27 July 2007 Host: Motorla Location: Chicago, IL, US IETF 70 2 – 7 December 2007 Host: TBD Location: America/Asia IETF 71 9 – 14 March 2008 Host: TBD Location: North America (Provisional)]]> 1478 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-9/ Mon, 27 Nov 2006 16:21:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1480 Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file.

Date: 2006-11-01 – Approved by the IESG as Proposed Standard Title: OCSP Extensions to IKEv2 URL: http://www.ietf.org/internet-drafts/draft-myers-ikev2-ocsp-05.txt Date: 2006-11-04 – Approved by the IESG as Draft Standard Title: Privacy Extensions for Stateless Address Autoconfiguration in IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-privacy-addrs-v2-05.txt Date: 2006-11-05 – Last Call (Deadline: 2006-11-24) / Proposed Standard (draft-ietf-iptel-trunk-group) Title: Representing trunk groups in tel/sip Uniform Resource Identifiers (URIs) URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-trunk-group-09.txt Date: 2006-11-05 – Last Call (Deadline: 2006-11-24) / Proposed Standard (draft-ietf-iptel-trunk-group) Title: Representing trunk groups in tel/sip Uniform Resource Identifiers (URIs) URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-trunk-group-09.txt Date: 2006-11-05 – Last Call (Deadline: 2006-11-19) / Experimental RFC (draft-ietf-hip-base) Title: Host Identity Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-base-06.txt Date: 2006-11-08 – Approved by the IESG as Proposed Standard Title: Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE) URL: http://www.ietf.org/internet-drafts/draft-ooms-v6ops-bgp-tunnel-06.txt Date: 2006-11-08 – Approved by the IESG as Proposed Standard Title: Media Type Registration of RTP Payload Formats URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3555bis-part2-02.txt Date: 2006-11-09 – Approved by the IESG as Proposed Standard Title: RIPv2 Cryptographic Authentication URL: http://www.ietf.org/internet-drafts/draft-rja-ripv2-auth-06.txt Date: 2006-11-09 – Last Call (Deadline: 2006-12-07) / Informational RFC (draft-allen-sipping-poc-p-answer-state-header) Title: The P-Answer-State Header Extension to the Session Initiation Protocol (SIP) for the Open Mobile Alliance (OMA) Push to talk over Cellular (PoC) URL: http://www.ietf.org/internet-drafts/draft-allen-sipping-poc-p-answer-state-header-04.txt Date: 2006-11-13 – Last Call (Deadline: 2006-11-27) / Proposed Standard (draft-ietf-tsvwg-tcp-mib-extension) Title: TCP Extended Statistics MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-tcp-mib-extension-12.txt Date: 2006-11-13 – Approved by the IESG as Experimental RFC Title: OSPF Link-local Signaling URL: http://www.ietf.org/internet-drafts/draft-nguyen-ospf-lls-06.txt Date: 2006-11-14 – Last Call (Deadline: 2006-11-28) / Proposed Standard (draft-ietf-rohc-rfc3095bis-framework) Title: The RObust Header Compression (ROHC) Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc3095bis-framework-03.txt Date: 2006-11-14 – Approved by the IESG as Proposed Standard Title: IPsec Security Policy Database Configuration MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-07.txt Date: 2006-11-14 – Approved by the IESG as Proposed Standard Title: Aggregation of RSVP Reservations over MPLS TE/DS-TE Tunnels URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-dste-05.txt Date: 2006-11-14 – Approved by the IESG as Proposed Standard Title: IPsec Security Policy Database Configuration MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-07.txt Date: 2006-11-14 – Approved by the IESG as Proposed Standard Title: Aggregation of RSVP Reservations over MPLS TE/DS-TE Tunnels URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-dste-05.txt Date: 2006-11-16 – Approved by the IESG as Informational RFC Title: Requirements for an IPsec Certificate Management Profile URL: http://www.ietf.org/internet-drafts/draft-ietf-pki4ipsec-mgmt-profile-rqts-07.txt Date: 2006-11-17 – Approved by the IESG as Proposed Standard Title: Specification of the IPFIX Protocol for the Exchange URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-protocol-24.txt Date: 2006-11-20 – Approved by the IESG as Proposed Standard Title: PWE3 ATM Transparent Cell Transport Service URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-cell-transport-06.txt Date: 2006-11-20 – Approved by the IESG as Proposed Standard Title: Definitions of Managed Objects for IEEE 802.3 Medium Attachment Units (MAUs) URL: http://www.ietf.org/internet-drafts/draft-ietf-hubmib-rfc3636bis-05.txt Date: 2006-11-20 – Approved by the IESG as Informational RFC Title: Security Threats to Network-Based Localized Mobility Management URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-threats-04.txt Date: 2006-11-20 – Re: Informational RFC to be: draft-irtf-mobopts-ro-enhancements-08.tx / nformational RFC to be: draft-irtf-mobopts-ro-enhancements-08.txt Title: e: Informational RFC to be: draft-irtf-mobopts-ro-enhancements-08.txt URL: http://www.ietf.org/internet-drafts/draft-irtf-mobopts-ro-enhancements-08.txt Date: 2006-11-22 – Last Call (Deadline: 2006-12-06) / Proposed Standard (draft-ietf-mpls-rsvp-te-p2mp) Title: Extensions to RSVP-TE for Point-to-Multipoint TE LSPs URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-rsvp-te-p2mp-06.txt Date: 2006-11-22 – Last Call (Deadline: 2006-12-06) / Proposed Standard (draft-ietf-mpls-rsvp-te-p2mp) Title: Extensions to RSVP-TE for Point-to-Multipoint TE LSPs URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-rsvp-te-p2mp-06.txt Date: 2006-11-22 – Last Call (Deadline: 2006-12-06) / Proposed Standard (draft-ietf-ccamp-gmpls-rsvp-te-call) Title: Generalized MPLS (GMPLS) RSVP-TE Signaling Extensions in support of Calls URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-rsvp-te-call-01.txt Date: 2006-11-27 – Last Call (Deadline: 2006-12-11) / BCP (draft-narten-ipr-3979-3rd-party-fix) Title: Clarification of the 3rd Party Disclosure procedure in RFC 3979 URL: http://www.ietf.org/internet-drafts/draft-narten-ipr-3979-3rd-party-fix-00.txt Date: 2006-11-27 – Last Call (Deadline: 2006-12-11) / Experimental RFC (draft-ietf-dccp-tfrc-voip) Title: TCP Friendly Rate Control (TFRC): the Small-Packet (SP) Variant URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-tfrc-voip-07.txt Date: 2006-11-27 – Approved by the IESG as Proposed Standard Title: Encapsulation of MPLS over Layer 2 Tunneling Protocol Version 3 URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-over-l2tpv3-03.txt Date: 2006-11-27 – Approved by the IESG as Informational RFC Title: Network Mobility Route Optimization Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-nemo-ro-problem-statement-03.txt Date: 2006-11-28 – Approved by the IESG as Proposed Standard Title: The Extensible Markup Language (XML) Configuration Access Protocol (XCAP) URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-xcap-12.txt Date: 2006-11-29 – Last Call (Deadline: 2006-12-13) / Proposed Standard (draft-ietf-tsvwg-sctp-padding) Title: Padding Chunk and Parameter for SCTP URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctp-padding-02.txt Date: 2006-12-04 – Last Call (Deadline: 2006-12-21) / Proposed Standard (rfc3989) Title: MIDCOM Protocol Semantics URL: http://www.ietf.org/rfc/rfc3989.txt Date: 2006-12-04 – Last Call (Deadline: 2006-12-18) / Proposed Standard (draft-ietf-pkix-srvsan) Title: Internet X.509 Public Key Infrastructure Subject Alternative Name for expression of service name URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-srvsan-03.txt Date: 2006-12-04 – Approved by the IESG as Proposed Standard Title: Managed Objects of Ethernet Passive Optical Networks (EPON) URL: http://www.ietf.org/internet-drafts/draft-ietf-hubmib-efm-epon-mib-06.txt Date: 2006-12-04 – Approved by the IESG as Informational RFC Title: Problem Statement for Network-based Localized Mobility Management URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-nohost-ps-05.txt Date: 2006-12-04 – Approved by the IESG as Informational RFC Title: Network Mobility Support Terminology URL: http://www.ietf.org/internet-drafts/draft-ietf-nemo-terminology-06.txt Date: 2006-12-04 – Approved by the IESG as Informational RFC Title: Goals for Network-based Localized Mobility Management (NETLMM) URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-nohost-req-05.txt Date: 2006-12-07 – Last Call (Deadline: 2006-12-21) / Proposed Standard (draft-ietf-rohc-sigcomp-impl-guide) Title: Implementer’s Guide for SigComp URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-sigcomp-impl-guide-09.txt Date: 2006-12-07 – Last Call (Deadline: 2007-01-04) / Proposed Standard (draft-manral-ipsec-rfc4305-bis-errata) Title: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) URL: http://www.ietf.org/internet-drafts/draft-manral-ipsec-rfc4305-bis-errata-02.txt Date: 2006-12-07 – Last Call (Deadline: 2006-12-21) / Proposed Standard (draft-ietf-radext-filter) Title: RADIUS Filter Rule Attribute URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-filter-06.txt Date: 2006-12-11 – Last Call (Deadline: 2007-01-08) / Proposed Standard (draft-solinas-ui-suites) Title: Suite B Cryptographic Suites for IPsec URL: http://www.ietf.org/internet-drafts/draft-solinas-ui-suites-00.txt Date: 2006-12-11 – Last Call (Deadline: 2006-12-31) / Informational RFC (draft-ietf-dna-link-information) Title: Link-layer Event Notifications for Detecting Network Attachments URL: http://www.ietf.org/internet-drafts/draft-ietf-dna-link-information-05.txt Date: 2006-12-11 – Approved by the IESG as Proposed Standard Title: Packetization Layer Path MTU Discovery URL: http://www.ietf.org/internet-drafts/draft-ietf-pmtud-method-11.txt Date: 2006-12-11 – Last Call (Deadline: 2006-12-25) / Informational RFC (draft-ietf-widex-requirements) Title: Widget Description Exchange Service (WIDEX) Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-widex-requirements-03.txt Date: 2006-12-13 – Last Call (Deadline: 2007-01-03) / Proposed Standard (draft-ietf-rohc-formal-notation) Title: Formal Notation for Robust Header Compression (ROHC-FN) URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-formal-notation-13.txt Date: 2006-12-13 – Approved by the IESG as Proposed Standard Title: Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE) URL: http://www.ietf.org/internet-drafts/draft-ooms-v6ops-bgp-tunnel-07.txt Date: 2006-12-15 – Last Call (Deadline: 2007-01-06) / Proposed Standard (draft-ietf-lemonade-compress) Title: The IMAP COMPRESS Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-compress-06.txt Date: 2006-12-18 – Approved by the IESG as Informational RFC Title: Network Mobility Support Goals and Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-nemo-requirements-06.txt Date: 2006-12-18 – Approved by the IESG as Experimental RFC Title: TCP Friendly Rate Control (TFRC): the Small-Packet (SP) Variant URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-tfrc-voip-07.txt Date: 2006-12-18 – Approved by the IESG as Proposed Standard Title: Exclude Routes – Extension to RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-te-exclude-route-06.txt Date: 2006-12-18 – Approved by the IESG as Proposed Standard Title: Padding Chunk and Parameter for SCTP URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctp-padding-02.txt Date: 2006-12-18 – Approved by the IESG as Proposed Standard Title: Exclude Routes – Extension to RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-te-exclude-route-06.txt Date: 2006-12-18 – Approved by the IESG as Proposed Standard Title: The RObust Header Compression (ROHC) Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc3095bis-framework-04.txt Date: 2006-12-18 – Last Call (Deadline: 2007-01-15) / Proposed Standard (draft-altman-telnet-starttls) Title: Telnet START-TLS Option URL: http://www.ietf.org/internet-drafts/draft-altman-telnet-rfc2941bis-02.txt Date: 2006-12-19 – Last Call (Deadline: 2007-01-07) / Proposed Standard (draft-ietf-dhc-paa-option) Title: DHCP options for PANA Authentication Agents URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-paa-option-05.txt Date: 2006-12-22 – Last Call: draft-barany-eap-gee (3GPP2 Generic EAP Encapsulation (GEE) Protocol) to Experimental RF / Call: draft-barany-eap-gee (3GPP2 Generic EAP Encapsulation (GEE) Protocol) to Experimental RFC Title: ast Call: draft-barany-eap-gee (3GPP2 Generic EAP Encapsulation (GEE) Protocol) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-barany-eap-gee-04.txt Date: 2006-12-22 – Last Call: draft-bonica-internet-icmp (Modifying ICMP to Support Multi-part Messages) to Proposed Standar / Call: draft-bonica-internet-icmp (Modifying ICMP to Support Multi-part Messages) to Proposed Standard Title: ast Call: draft-bonica-internet-icmp (Modifying ICMP to Support Multi-part Messages) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-bonica-internet-icmp-14.txt Date: 2006-12-22 – Last Call: draft-barany-eap-gee (3GPP2 Generic EAP Encapsulation (GEE) Protocol) to Experimental RF / Call: draft-barany-eap-gee (3GPP2 Generic EAP Encapsulation (GEE) Protocol) to Experimental RFC Title: ast Call: draft-barany-eap-gee (3GPP2 Generic EAP Encapsulation (GEE) Protocol) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-barany-eap-gee-04.txt Date: 2006-12-27 – Last Call: draft-daigle-unaptr (Domain-based Application Service Location Using URIs and the Dynamic Delegation Discovery Service (DDDS)) to Proposed Standar / Call: draft-daigle-unaptr (Domain-based Application Service Location Using URIs and the Dynamic Delegation Discovery Service (DDDS)) to Proposed Standard Title: ast Call: draft-daigle-unaptr (Domain-based Application Service Location Using URIs and the Dynamic Delegation Discovery Service (DDDS)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-daigle-unaptr-01.txt Date: 2007-01-02 – Last Call: draft-ietf-opes-smtp-security (Integrity, privacy and security in OPES for SMTP) to Informational RF / Call: draft-ietf-opes-smtp-security (Integrity, privacy and security in OPES for SMTP) to Informational RFC Title: ast Call: draft-ietf-opes-smtp-security (Integrity, privacy and security in OPES for SMTP) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-opes-smtp-security-02.txt Date: 2007-01-03 – Approved by the IESG as Proposed Standard Title: SMTP Submission Service Extension for Future Message Release URL: http://www.ietf.org/internet-drafts/draft-vaudreuil-futuredelivery-04.txt Date: 2007-01-04 – Approved by the IESG as Informational RFC Title: Long-Term Archive Service Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-ltans-reqs-10.txt Date: 2007-01-04 – Last Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions for Distributed Authoring – WebDAV) to Proposed Standar / Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions for Distributed Authoring – WebDAV) to Proposed Standard Title: ast Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions for Distributed Authoring – WebDAV) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-webdav-rfc2518bis-17.txt Date: 2007-01-05 – Last Call: draft-ietf-enum-vcard (IANA Registration for vCard Enumservice) to Proposed Standar / Call: draft-ietf-enum-vcard (IANA Registration for vCard Enumservice) to Proposed Standard Title: ast Call: draft-ietf-enum-vcard (IANA Registration for vCard Enumservice) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-vcard-05.txt Date: 2007-01-05 – Approved by the IESG as Informational RFC Title: Architecture for IP Flow Information Export URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-architecture-12.txt Date: 2007-01-09 – Approved by the IESG as Informational RFC Title: Key Change Strategies for TCP-MD5 URL: http://www.ietf.org/internet-drafts/draft-bellovin-keyroll2385-04.txt Date: 2007-01-10 – Approved by the IESG as Proposed Standard Title: RADIUS Delegated-IPv6-Prefix Attribute URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-delegated-prefix-05.txt Date: 2007-01-10 – Last Call: draft-harrington-text-mib-doc-template (A Template for Documents Containing a MIB Module) to BC / Call: draft-harrington-text-mib-doc-template (A Template for Documents Containing a MIB Module) to BCP Title: ast Call: draft-harrington-text-mib-doc-template (A Template for Documents Containing a MIB Module) to BCP URL: http://www.ietf.org/internet-drafts/draft-harrington-text-mib-doc-template-02.txt Date: 2007-01-10 – Approved by the IESG as Proposed Standard Title: Declarative Public Extension Key for iSCSI Node Architecture URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-iscsi-nodearch-key-03.txt Date: 2007-01-10 – Last Call: draft-harrington-text-mib-doc-template (A Template for Documents Containing a MIB Module) to BC / Call: draft-harrington-text-mib-doc-template (A Template for Documents Containing a MIB Module) to BCP Title: ast Call: draft-harrington-text-mib-doc-template (A Template for Documents Containing a MIB Module) to BCP URL: http://www.ietf.org/internet-drafts/draft-harrington-text-mib-doc-template-02.txt Date: 2007-01-10 – Approved by the IESG as Proposed Standard Title: Declarative Public Extension Key for iSCSI Node Architecture URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-iscsi-nodearch-key-03.txt Date: 2007-01-10 – Approved by the IESG as Informational RFC Title: Hash and Stuffing: Overlooked Factors in Network Device Benchmarking URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-hash-stuffing-08.txt Date: 2007-01-11 – Last Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standar / Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standard Title: ast Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-mib-v2-09.txt Date: 2007-01-11 – Approved by the IESG as Informational RFC Title: TDM over IP URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-tdmoip-06.txt Date: 2007-01-11 – Last Call: draft-kelly-ipsec-ciph-sha2 (Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec) to Proposed Standar / Call: draft-kelly-ipsec-ciph-sha2 (Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec) to Proposed Standard Title: ast Call: draft-kelly-ipsec-ciph-sha2 (Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-kelly-ipsec-ciph-sha2-01.txt Date: 2007-01-12 – Last Call: draft-ietf-eai-framework (Overview and Framework for Internationalized Email) to Informational RF / Call: draft-ietf-eai-framework (Overview and Framework for Internationalized Email) to Informational RFC Title: ast Call: draft-ietf-eai-framework (Overview and Framework for Internationalized Email) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-eai-framework-04.txt Date: 2007-01-12 – Last Call: draft-legg-xed-asd (Abstract Syntax Notation X (ASN.X)) to Proposed Standar / Call: draft-legg-xed-asd (Abstract Syntax Notation X (ASN.X)) to Proposed Standard Title: ast Call: draft-legg-xed-asd (Abstract Syntax Notation X (ASN.X)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-legg-xed-asd-xerei-03.txt Date: 2007-01-15 – Last Call: draft-ietf-lemonade-deployments (Deployment Considerations for lemonade-compliant Mobile Email) to BC / Call: draft-ietf-lemonade-deployments (Deployment Considerations for lemonade-compliant Mobile Email) to BCP Title: ast Call: draft-ietf-lemonade-deployments (Deployment Considerations for lemonade-compliant Mobile Email) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-deployments-04.txt Date: 2007-01-15 – Last Call: draft-ietf-hip-mm (End-Host Mobility and Multihoming with the Host Identity Protocol) to Experimental RF / Call: draft-ietf-hip-mm (End-Host Mobility and Multihoming with the Host Identity Protocol) to Experimental RFC Title: ast Call: draft-ietf-hip-mm (End-Host Mobility and Multihoming with the Host Identity Protocol) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-mm-04.txt Date: 2007-01-15 – Last Call: draft-ietf-dnsext-rollover-requirements (Requirements related to DNSSEC Trust Anchor Rollover) to Informational RF / Call: draft-ietf-dnsext-rollover-requirements (Requirements related to DNSSEC Trust Anchor Rollover) to Informational RFC Title: ast Call: draft-ietf-dnsext-rollover-requirements (Requirements related to DNSSEC Trust Anchor Rollover) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-rollover-requirements-04.txt Date: 2007-01-15 – Last Call: draft-ietf-l2tpext-failover (Fail Over extensions for L2TP “failover”) to Proposed Standar / Call: draft-ietf-l2tpext-failover (Fail Over extensions for L2TP “failover”) to Proposed Standard Title: ast Call: draft-ietf-l2tpext-failover (Fail Over extensions for L2TP “failover”) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-failover-11.txt Date: 2007-01-15 – Last Call: draft-ietf-dnsext-trustupdate-timers (Automated Updates of DNSSEC Trust Anchors) to Proposed Standar / Call: draft-ietf-dnsext-trustupdate-timers (Automated Updates of DNSSEC Trust Anchors) to Proposed Standard Title: ast Call: draft-ietf-dnsext-trustupdate-timers (Automated Updates of DNSSEC Trust Anchors) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-trustupdate-timers-05.txt Date: 2007-01-15 – Approved by the IESG as BCP Title: Clarification of the 3rd Party Disclosure procedure in RFC 3979 URL: http://www.ietf.org/internet-drafts/draft-narten-ipr-3979-3rd-party-fix-00.txt Date: 2007-01-15 – Approved by the IESG as Proposed Standard Title: RSVP-TE Extensions in support of End-to-End Generalized Multi-Protocol Label Switching (GMPLS) Recovery URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-recovery-e2e-signaling-04.txt Date: 2007-01-15 – Approved by the IESG as BCP Title: Clarification of the 3rd Party Disclosure procedure in RFC 3979 URL: http://www.ietf.org/internet-drafts/draft-narten-ipr-3979-3rd-party-fix-00.txt Date: 2007-01-15 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 Operation with IKEv2 and the revised IPsec Architecture URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-ikev2-ipsec-08.txt Date: 2007-01-15 – Approved by the IESG as Proposed Standard Title: GMPLS Based Segment Recovery URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-segment-recovery-03.txt Date: 2007-01-15 – Approved by the IESG as Informational RFC Title: A Uniform Resource Name (URN) Namespace for the International Organization for Standardization (ISO) URL: http://www.ietf.org/internet-drafts/draft-goodwin-iso-urn-01.txt Date: 2007-01-15 – Approved by the IESG as Proposed Standard Title: DHCP options for PANA Authentication Agents URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-paa-option-05.txt Date: 2007-01-16 – Last Call: draft-heard-rfc4181-update (RFC 4181 Update to Recognize the IETF Trust) to BC / Call: draft-heard-rfc4181-update (RFC 4181 Update to Recognize the IETF Trust) to BCP Title: ast Call: draft-heard-rfc4181-update (RFC 4181 Update to Recognize the IETF Trust) to BCP URL: http://www.ietf.org/internet-drafts/draft-heard-rfc4181-update-00.txt Date: 2007-01-16 – Approved by the IESG as Proposed Standard Title: A Timezone Option for DHCP URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-timezone-option-05.txt Date: 2007-01-16 – Approved by the IESG as Informational RFC Title: Requirements for Multicast in L3 Provider-Provisioned VPNs URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-ppvpn-mcast-reqts-10.txt Date: 2007-01-16 – Last Call: draft-ietf-mipshop-cga-cba (Enhanced Route Optimization for Mobile IPv6) to Proposed Standar / Call: draft-ietf-mipshop-cga-cba (Enhanced Route Optimization for Mobile IPv6) to Proposed Standard Title: ast Call: draft-ietf-mipshop-cga-cba (Enhanced Route Optimization for Mobile IPv6) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-cga-cba-02.txt Date: 2007-01-17 – Approved by the IESG as Proposed Standard Title: Formal Notation for Robust Header Compression (ROHC-FN) URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-formal-notation-13.txt Date: 2007-01-17 – Approved by the IESG as Proposed Standard Title: SONET/SDH Circuit Emulation over Packet (CEP) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-sonet-14.txt Date: 2007-01-17 – Last Call: draft-ietf-smime-escertid (ESS Update: Adding CertID Algorithm Agility) to Proposed Standar / Call: draft-ietf-smime-escertid (ESS Update: Adding CertID Algorithm Agility) to Proposed Standard Title: ast Call: draft-ietf-smime-escertid (ESS Update: Adding CertID Algorithm Agility) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-escertid-04.txt Date: 2007-01-18 – Approved by the IESG as Informational RFC Title: Framework and Requirements for Layer 1 Virtual Private Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-framework-05.txt Date: 2007-01-18 – Approved by the IESG as Proposed Standard Title: Implementer’s Guide for SigComp URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-sigcomp-impl-guide-10.txt Date: 2007-01-19 – Last Call: draft-nottingham-atompub-feed-history (Feed Paging and Archiving) to Proposed Standar / Call: draft-nottingham-atompub-feed-history (Feed Paging and Archiving) to Proposed Standard Title: ast Call: draft-nottingham-atompub-feed-history (Feed Paging and Archiving) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-nottingham-atompub-feed-history-08.txt Date: 2007-01-23 – Last Call: draft-ietf-mip4-mobike-connectivity (Secure Connectivity and Mobility using Mobile IPv4 and MOBIKE) to BC / Call: draft-ietf-mip4-mobike-connectivity (Secure Connectivity and Mobility using Mobile IPv4 and MOBIKE) to BCP Title: ast Call: draft-ietf-mip4-mobike-connectivity (Secure Connectivity and Mobility using Mobile IPv4 and MOBIKE) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-mobike-connectivity-02.txt Date: 2007-01-24 – Last Call: draft-ietf-tsvwg-sctp-auth (Authenticated Chunks for Stream Control Transmission Protocol (SCTP)) to Proposed Standar / Call: draft-ietf-tsvwg-sctp-auth (Authenticated Chunks for Stream Control Transmission Protocol (SCTP)) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-sctp-auth (Authenticated Chunks for Stream Control Transmission Protocol (SCTP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctp-auth-07.txt Date: 2007-01-24 – Last Call: draft-ietf-pim-bidir (Bi-directional Protocol Independent Multicast (BIDIR-PIM)) to Proposed Standar / Call: draft-ietf-pim-bidir (Bi-directional Protocol Independent Multicast (BIDIR-PIM)) to Proposed Standard Title: ast Call: draft-ietf-pim-bidir (Bi-directional Protocol Independent Multicast (BIDIR-PIM)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-bidir-08.txt Date: 2007-01-24 – Last Call: draft-ietf-avt-hc-over-mpls-protocol (Protocol Extensions for Header Compression over MPLS) to Proposed Standar / Call: draft-ietf-avt-hc-over-mpls-protocol (Protocol Extensions for Header Compression over MPLS) to Proposed Standard Title: ast Call: draft-ietf-avt-hc-over-mpls-protocol (Protocol Extensions for Header Compression over MPLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-hc-over-mpls-protocol-07.txt Date: 2007-01-24 – Last Call: draft-ietf-iptel-tgrep (A Telephony Gateway REgistration Protocol (TGREP)) to Proposed Standar / Call: draft-ietf-iptel-tgrep (A Telephony Gateway REgistration Protocol (TGREP)) to Proposed Standard Title: ast Call: draft-ietf-iptel-tgrep (A Telephony Gateway REgistration Protocol (TGREP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-tgrep-08.txt Date: 2007-01-24 – Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standar / Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard Title: ast Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-siemborski-rfc1734bis-10.txt Date: 2007-01-24 – Last Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standar / Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standard Title: ast Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-siemborski-rfc2554bis-07.txt Date: 2007-01-25 – Approved by the IESG as Informational RFC Title: Framework for Transcoding with the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-framework-05.txt Date: 2007-01-25 – Last Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standar / Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standard Title: ast Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-mib-v2-09.txt Date: 2007-01-25 – Approved by the IESG as Experimental RFC Title: Mobile IPv4 Regional Registration URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-reg-tunnel-04.txt Date: 2007-01-25 – Last Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standar / Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standard Title: ast Call: draft-ietf-pim-mib-v2 (Protocol Independent Multicast MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-mib-v2-09.txt Date: 2007-01-26 – Last Call: draft-ietf-hubmib-efm-mib (Definitions and Managed Objects for OAM Functions on Ethernet Like Interfaces) to Proposed Standar / Call: draft-ietf-hubmib-efm-mib (Definitions and Managed Objects for OAM Functions on Ethernet Like Interfaces) to Proposed Standard Title: ast Call: draft-ietf-hubmib-efm-mib (Definitions and Managed Objects for OAM Functions on Ethernet Like Interfaces) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-hubmib-efm-mib-05.txt Date: 2007-01-29 – Last Call: draft-ietf-smime-cms-mult-sign (Cryptographic Message Syntax (CMS) Multiple Signer Clarification) to Proposed Standar / Call: draft-ietf-smime-cms-mult-sign (Cryptographic Message Syntax (CMS) Multiple Signer Clarification) to Proposed Standard Title: ast Call: draft-ietf-smime-cms-mult-sign (Cryptographic Message Syntax (CMS) Multiple Signer Clarification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-mult-sign-02.txt Date: 2007-01-29 – Approved by the IESG as Draft Standard Title: Extensible Provisioning Protocol (EPP) URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-epp-rfc3730bis-04.txt Date: 2007-01-29 – Approved by the IESG as Proposed Standard Title: iSCSI Extensions for RDMA Specification URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-iser-06.txt Date: 2007-01-29 – Approved by the IESG as Informational RFC Title: The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) URL: http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-06.txt Date: 2007-01-29 – Approved by the IESG as Proposed Standard Title: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) URL: http://www.ietf.org/internet-drafts/draft-manral-ipsec-rfc4305-bis-errata-03.txt Date: 2007-01-29 – Approved by the IESG as Proposed Standard Title: iSCSI Extensions for RDMA Specification URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-iser-06.txt Date: 2007-01-29 – Approved by the IESG as Informational RFC Title: Media Type Registrations for OEBPS Package File (OPF) URL: http://www.ietf.org/internet-drafts/draft-conboy-mime-opf-00.txt Date: 2007-01-29 – Re: Informational RFC to be: draft-zorn-radius-keywrap-12.tx / nformational RFC to be: draft-zorn-radius-keywrap-12.txt Title: e: Informational RFC to be: draft-zorn-radius-keywrap-12.txt URL: http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-12.txt Date: 2007-01-30 – Approved by the IESG as Proposed Standard Title: IPv6 Deployment Scenarios in 802.16(e) Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-filter-08.txt Date: 2007-01-30 – Approved by the IESG as Proposed Standard Title: IPv6 Deployment Scenarios in 802.16(e) Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-filter-08.txt Date: 2007-01-30 – Approved by the IESG as Informational RFC Title: IPv6 Transition/Co-existence Security Considerations URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-security-overview-06.txt Date: 2007-01-30 – Approved by the IESG as Informational RFC Title: IPv6 Transition/Co-existence Security Considerations URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-security-overview-06.txt Date: 2007-01-30 – REVISED ANNOUNCEMENT Approved by the IESG as Proposed Standard Title: RADIUS Filter Rule Attribute URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-filter-08.txt Date: 2007-01-31 – Re: Informational RFC to be: draft-irtf-dtnrg-arch-08.tx / nformational RFC to be: draft-irtf-dtnrg-arch-08.txt Title: e: Informational RFC to be: draft-irtf-dtnrg-arch-08.txt URL: http://www.ietf.org/internet-drafts/draft-irtf-dtnrg-arch-08.txt Date: 2007-01-31 – Re: Informational RFC to be: draft-deoliveira-diff-te-preemption-06.tx / nformational RFC to be: draft-deoliveira-diff-te-preemption-06.txt Title: e: Informational RFC to be: draft-deoliveira-diff-te-preemption-06.txt URL: http://www.ietf.org/internet-drafts/draft-deoliveira-diff-te-preemption-06.txt Date: 2007-01-31 – Re: Informational RFC to be: draft-irtf-dtnrg-arch-08.tx / nformational RFC to be: draft-irtf-dtnrg-arch-08.txt Title: e: Informational RFC to be: draft-irtf-dtnrg-arch-08.txt URL: http://www.ietf.org/internet-drafts/draft-irtf-dtnrg-arch-08.txt Date: 2007-01-31 – Last Call: draft-ietf-syslog-protocol (The syslog Protocol) to Proposed Standar / Call: draft-ietf-syslog-protocol (The syslog Protocol) to Proposed Standard Title: ast Call: draft-ietf-syslog-protocol (The syslog Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-08.txt Date: 2007-01-31 – Approved by the IESG as Informational RFC Title: IPv6 Enterprise Network Analysis – IP Layer 3 Focus URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-ent-analysis-07.txt Date: 2007-01-31 – Last Call: draft-ietf-syslog-protocol (The syslog Protocol) to Proposed Standar / Call: draft-ietf-syslog-protocol (The syslog Protocol) to Proposed Standard Title: ast Call: draft-ietf-syslog-protocol (The syslog Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-08.txt Date: 2007-01-31 – Last Call: draft-ietf-pwe3-wildcard-pw-type (Wildcard Pseudowire Type) to Proposed Standar / Call: draft-ietf-pwe3-wildcard-pw-type (Wildcard Pseudowire Type) to Proposed Standard Title: ast Call: draft-ietf-pwe3-wildcard-pw-type (Wildcard Pseudowire Type) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-wildcard-pw-type-02.txt]]> 1480 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellowship-program-3/ Mon, 27 Nov 2006 16:22:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1482 here.]]> 1482 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-bof-meetings-3/ Mon, 27 Nov 2006 16:23:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1484 www.ietf.org/meetings/past.meetings.html General Area: edu – Education RAI Area: mediactrl – Media Server Control p2p-sip – Peer to Peer Support for Session Initiation Protocol Security Area: spkm – NFSv4 and Low Infrastructure Public Key Based GSS Security Mechanisms keyprov – Provisioning of Symetric Keys Transport Area: pcn – Pre-Congestion Notification]]> 1484 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-10/ Mon, 27 Nov 2006 16:32:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1491 http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-signaling-08.txt Date: 2006-06-07 – Last Call (Deadline: 2006-06-21) / Proposed Standard (draft-ietf-simple-xcap) Title: The Extensible Markup Language (XML) Configuration Access Protocol (XCAP) URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-xcap-11.txt Date: 2006-06-12 – Approved by the IESG as Proposed Standard Title: OSPF Version 2 Management Information Base URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-mib-update-11.txt Date: 2006-06-12 – Approved by the IESG as Draft Standard Title: Multiprotocol Extensions for BGP-4 URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc2858bis-10.txt Date: 2006-06-14 – Last Call (Deadline: 2006-06-28) / Informational RFC (draft-ietf-dkim-threats) Title: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-threats-03.txt Date: 2006-06-14 – Last Call (Deadline: 2006-07-12) / Experimental RFC (draft-ash-alt-formats) Title: Proposed Experiment: Normative Format in Addition to ASCII Text URL: http://www.ietf.org/internet-drafts/draft-ash-alt-formats-02.txt Date: 2006-06-14 – Last Call (Deadline: 2006-06-28) / Proposed Standard (draft-ietf-sipping-transc-conf) Title: The Session Initiation Protocol (SIP) Conference Bridge Transcoding Model URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-conf-03.txt Date: 2006-06-14 – Last Call (Deadline: 2006-06-28) / Informational RFC (draft-ietf-sipping-transc-framework) Title: Framework for Transcoding with the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-framework-04.txt Date: 2006-06-15 – Last Call (Deadline: 2006-07-12) / Experimental RFC (draft-ash-alt-formats) Title: Proposed Experiment: Normative Format in Addition to ASCII Text URL: http://www.ietf.org/internet-drafts/draft-ash-alt-formats-02.txt Date: 2006-06-23 – Last Call (Deadline: 2006-07-07) / Proposed Standard (draft-ietf-dnsext-nsid) Title: DNS Name Server Identifier Option (NSID) URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-nsid-02.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Virtual Private LAN Services Using LDP URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-vpls-ldp-09.txt Date: 2006-06-26 – Approved by the IESG as Informational RFC Title: Service Requirements for Layer 2 Provider Provisioned Virtual Private Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-requirements-07.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP and TCP Headers URL: http://www.ietf.org/internet-drafts/draft-fenner-iana-exp-2780-05.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Atom Threading Extensions URL: http://www.ietf.org/internet-drafts/draft-snell-atompub-feed-thread-12.txt Date: 2006-06-26 – Approved by the IESG as Proposed Standard Title: Atom Threading Extensions URL: http://www.ietf.org/internet-drafts/draft-snell-atompub-feed-thread-12.txt Date: 2006-06-26 – Approved by the IESG as Informational RFC Title: Considerations on the IPv6 Host density Metric URL: http://www.ietf.org/internet-drafts/draft-huston-hd-metric-02.txt Date: 2006-06-27 – Approved by the IESG as Proposed Standard Title: Transport Layer Security (TLS) Authorization Extensions URL: http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-07.txt Date: 2006-07-05 – Approved by the IESG as Informational RFC Title: Requirements for Path Computation Element (PCE) Discovery URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-discovery-reqs-05.txt Date: 2006-07-05 – Approved by the IESG as Proposed Standard Title: Virtual Private LAN Service (VPLS) Using BGP for Auto-discovery and Signaling URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-vpls-bgp-08.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: IKEv2 Clarifications and Implementation Guidelines URL: http://www.ietf.org/internet-drafts/draft-eronen-ipsec-ikev2-clarifications-09.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: GigaBeam High-Speed Radio Link Encryption URL: http://www.ietf.org/internet-drafts/draft-housley-gigabeam-radio-link-encrypt-02.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: Terminology for Benchmarking Network-layer Traffic Control Mechanisms URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-dsmterm-13.txt Date: 2006-07-10 – Approved by the IESG as Informational RFC Title: RTP Payload Format for H.263 using RFC2190 to Historic status URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2190-to-historic-06.txt Date: 2006-07-11 – Last Call (Deadline: 2006-08-08) / Proposed Standard (draft-melnikov-imap-search-ret) Title: IMAP4 extension to SEARCH command for controlling what kind of information is returned URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-search-ret-03.txt Date: 2006-07-13 – Last Call (Deadline: 2006-07-27) / BCP (draft-ietf-dnsop-bad-dns-res) Title: Observed DNS Resolution Misbehavior URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-06.txt Date: 2006-07-19 – Approved by the IESG as Informational RFC Title: Registration of media type audio/mobile-xmf URL: http://www.ietf.org/internet-drafts/draft-kosonen-mobile-xmf-mediatype-01.txt Date: 2006-07-20 – Approved by the IESG as Proposed Standard Title: Internet X.509 Public Key Infrastructure Subject Identification Method (SIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-sim-08.txt Date: 2006-07-24 – Last Call (Deadline: 2006-08-07) / Experimental RFC (draft-ietf-imapext-annotate) Title: IMAP ANNOTATE Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-imapext-annotate-15.txt Date: 2006-07-24 – Last Call (Deadline: 2006-08-07) / Proposed Standard (draft-ietf-sieve-spamtestbis) Title: SIEVE Email Filtering: Spamtest and Virustest Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-spamtestbis-05.txt Date: 2006-07-24 – Approved by the IESG as Informational RFC Title: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-threats-03.txt Date: 2006-07-24 – Approved by the IESG as Proposed Standard Title: Encapsulation Methods for Transport of ATM Over MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-atm-encap-11.txt Date: 2006-07-25 – Last Call (Deadline: 2006-08-22) / Informational RFC (draft-fenner-obsolete-1264) Title: RFC 1264 is Obsolete URL: http://www.ietf.org/internet-drafts/draft-fenner-obsolete-1264-02.txt Date: 2006-07-25 – Approved by the IESG as Proposed Standard Title: The Virtual Fabrics MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-vf-mib-02.txt Date: 2006-07-25 – Last Call (Deadline: 2006-08-08) / Proposed Standard (draft-ietf-simple-message-sessions) Title: The Message Session Relay Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-msrp-relays-08.txt Date: 2006-07-26 – Last Call (Deadline: 2006-08-09) / Proposed Standard (draft-ietf-ccamp-crankback) Title: Crankback Signaling Extensions for MPLS and GMPLS RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-crankback-05.txt Date: 2006-07-26 – Approved by the IESG as Proposed Standard Title: DDP/RDMAP Security URL: http://www.ietf.org/internet-drafts/draft-ietf-rddp-security-10.txt Date: 2006-08-01 – Approved by the IESG as Informational RFC Title: Requirements for IETF Technical Publication Service URL: http://www.ietf.org/internet-drafts/draft-mankin-pub-req-11.txt Date: 2006-08-01 – Approved by the IESG as Informational RFC Title: SSH Public Key File Format URL: http://www.ietf.org/internet-drafts/draft-ietf-secsh-publickeyfile-13.txt Date: 2006-08-02 – Approved by the IESG as Proposed Standard Title: Real-time Application Quality of Service Monitoring (RAQMON) Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-rmonmib-raqmon-framework-16.txt Date: 2006-08-03 – Last Call (Deadline: 2006-08-17) / Proposed Standard (draft-ietf-midcom-mib) Title: Definitions of Managed Objects for Middlebox Communication URL: http://www.ietf.org/internet-drafts/draft-ietf-midcom-mib-08.txt Date: 2006-08-07 – Last Call (Deadline: 2006-08-21) / BCP (draft-ietf-ospf-iana) Title: IANA Considerations for OSPF URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-iana-01.txt Date: 2006-08-07 – Approved by the IESG as Informational RFC Title: CellML Media Type URL: http://www.ietf.org/internet-drafts/draft-miller-media-type-cellml-05.txt Date: 2006-08-07 – Approved by the IESG as Proposed Standard Title: IKE and IKEv2 Authentication Using ECDSA URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-auth-ecdsa-06.txt Date: 2006-08-09 – Last Call (Deadline: 2006-08-23) / Draft Standard (draft-ietf-idr-rfc3065bis) Title: Autonomous System Confederations for BGP URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc3065bis-05.txt Date: 2006-08-09 – Last Call (Deadline: 2006-08-23) / Proposed Standard Title: Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE) URL: http://www.ietf.org/internet-drafts/draft-ooms-v6ops-bgp-tunnel-06.txt Date: 2006-08-10 – Last Call / Proposed Standard (draft-ietf-avt-rfc3555bis) Title: Media Type Registration of RTP Payload Formats URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3555bis-04.txt Date: 2006-08-10 – Last Call / Proposed Standard (draft-ietf-avt-rfc3555bis) Title: Media Type Registration of RTP Payload Formats URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3555bis-04.txt Date: 2006-08-10 – Last Call (Deadline: 2006-08-24) / Proposed Standard (draft-ietf-sipping-gruu-reg-event) Title: Registration Event Package Extension for Session Initiation Protocol (SIP) Globally Routable User Agent URIs (GRUU) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-gruu-reg-event-06.txt Date: 2006-08-10 – Approved by the IESG as Experimental RFC Title: IETF Operational Notes URL: http://www.ietf.org/internet-drafts/draft-alvestrand-ipod-03.txt Date: 2006-08-11 – Last Call (Deadline: 2006-09-08) / Informational RFC (draft-jaganathan-rc4-hmac) Title: The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows URL: http://www.ietf.org/internet-drafts/draft-jaganathan-rc4-hmac-03.txt Date: 2006-08-11 – Last Call (Deadline: 2006-08-25) / Informational RFC (draft-ietf-netlmm-nohost-req) Title: Goals for Network-based Localized Mobility Management (NETLMM) URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-nohost-req-04.txt Date: 2006-08-14 – Last Call (Deadline: 2006-08-28) / Proposed Standard (draft-ietf-crisp-iris-lwz) Title: A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-lwz-06.txt Date: 2006-08-14 – Last Call (Deadline: 2006-08-28) / Proposed Standard (draft-ietf-crisp-iris-common-transport) Title: A Common Schema for Internet Registry Information Service Transfer Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-common-transport-03.txt Date: 2006-08-14 – Last Call (Deadline: 2006-08-28) / Proposed Standard (draft-ietf-crisp-iris-xpc) Title: XML Pipelining with Chunks for the Information Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-xpc-04.txt Date: 2006-08-14 – Approved by the IESG as Informational RFC Title: Mounting Web Distributed Authoring and Versioning (WebDAV) servers URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-mount-05.txt Date: 2006-08-18 – Last Call (Deadline: 2006-09-01) / Informational RFC (draft-ietf-l3vpn-ppvpn-mcast-reqts) Title: Requirements for Multicast in L3 Provider-Provisioned VPNs URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-ppvpn-mcast-reqts-08.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Informational RFC (draft-ietf-l3vpn-ce-based) Title: An Architecture for Provider Provisioned CE-based Virtual Private Networks using IPsec URL: http://www.ietf.org/internet-drafts/draft-declercq-l3vpn-ce-based-as-00.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Informational RFC (draft-ietf-pwe3-cesopsn) Title: Structure-aware TDM Circuit Emulation Service over Packet Switched Network (CESoPSN) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-cesopsn-07.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Informational RFC (draft-ietf-pwe3-tdmoip) Title: TDM over IP URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-tdmoip-05.txt Date: 2006-08-21 – Approved by the IESG as Proposed Standard Title: Graceful Restart Mechanism for BGP URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-restart-13.txt Date: 2006-08-21 – Approved by the IESG as Proposed Standard Title: The Session Initiation Protocol (SIP) Conference Bridge Transcoding Model URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-conf-03.txt Date: 2006-08-21 – Approved by the IESG as Proposed Standard Title: The Session Initiation Protocol (SIP) Conference Bridge Transcoding Model URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-transc-conf-03.txt Date: 2006-08-21 – Approved by the IESG as Informational RFC Title: OAM Requirements for Point-to-Multipoint MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-p2mp-oam-reqs-01.txt Date: 2006-08-21 – Approved by the IESG as Informational RFC Title: OAM Requirements for Point-to-Multipoint MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-p2mp-oam-reqs-01.txt Date: 2006-08-21 – Last Call (Deadline: 2006-09-04) / Proposed Standard (draft-ietf-pwe3-sonet) Title: SONET/SDH Circuit Emulation over Packet (CEP) URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-sonet-13.txt Date: 2006-08-23 – Last Call (Deadline: 2006-09-20) / Proposed Standard (draft-melnikov-imap-expunged) Title: IMAP4 extension for reporting expunged messages URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-expunged-01.txt Date: 2006-08-23 – Approved by the IESG as Informational RFC Title: ISDN subaddress encoding type for tel URI URL: http://www.ietf.org/internet-drafts/draft-munakata-iptel-isub-type-04.txt Date: 2006-08-24 – Last Call (Deadline: 2006-09-07) / Experimental RFC (draft-ietf-mip4-reg-tunnel) Title: Mobile IPv4 Regional Registration URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-reg-tunnel-03.txt Date: 2006-08-24 – Approved by the IESG as Proposed Standard Title: An additional mode of key distribution in MIKEY: MIKEY-RSA-R URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-mikey-rsa-r-07.txt Date: 2006-08-24 – Approved by the IESG as Proposed Standard Title: IMAP4 extension to SEARCH command for controlling what kind of information is returned URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-search-ret-03.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-ccamp-rsvp-te-exclude-route) Title: Exclude Routes – Extension to RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-te-exclude-route-05.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-ccamp-rsvp-te-exclude-route) Title: Exclude Routes – Extension to RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-te-exclude-route-05.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-mpls-lsr-self-test) Title: Label Switching Router Self-Test URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsr-self-test-06.txt Date: 2006-08-25 – (Deadline: 2006-09-08) / Title: Label Switching Router Self-Test URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsr-self-test-06.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-ccamp-rsvp-restart-ext) Title: Extensions to GMPLS RSVP Graceful Restart URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rsvp-restart-ext-05.txt Date: 2006-08-25 – Approved by the IESG as Proposed Standard Title: RTP Payload for DTMF Digits, Telephony Tones and Telephony Signals URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2833bis-15.txt Date: 2006-08-25 – Last Call (Deadline: 2006-09-08) / Proposed Standard (draft-ietf-mmusic-fec-grouping) Title: Forward Error Correction Grouping Semantics in Session Description Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-fec-grouping-05.txt Date: 2006-08-28 – Approved by the IESG as Proposed Standard Title: Common Policy: A Document Format for Expressing Privacy Preferences URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11.txt Date: 2006-08-28 – Approved by the IESG as Proposed Standard Title: Common Policy: A Document Format for Expressing Privacy Preferences URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-25) / BCP (draft-carpenter-rescind-3683) Title: Progressive Posting Rights Supsensions URL: http://www.ietf.org/internet-drafts/draft-carpenter-rescind-3683-01.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-11) / Proposed Standard (draft-ietf-sasl-gssapi) Title: The Kerberos V5 (“GSSAPI”) SASL mechanism URL: http://www.ietf.org/internet-drafts/draft-ietf-sasl-gssapi-07.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-25) / BCP (draft-carpenter-rescind-3683) Title: Progressive Posting Rights Supsensions URL: http://www.ietf.org/internet-drafts/draft-carpenter-rescind-3683-01.txt Date: 2006-08-28 – Last Call (Deadline: 2006-09-12) / Proposed Standard (draft-ietf-idr-as4bytes) Title: BGP Support for Four-octet AS Number Space URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-as4bytes-12.txt Date: 2006-08-28 – Approved by the IESG as Experimental RFC Title: Multiple Authentication Exchanges in IKEv2 URL: http://www.ietf.org/internet-drafts/draft-eronen-ipsec-ikev2-multiple-auth-02.txt Date: 2006-08-29 – Last Call (Deadline: 2006-09-12) / Proposed Standard (draft-ietf-mmusic-sdp-media-content) Title: The SDP (Session Description Protocol) Content Attribute URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-media-content-05.txt Date: 2006-08-30 – Approved by the IESG as BCP Title: Observed DNS Resolution Misbehavior URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-06.txt Date: 2006-08-30 – Last Call (Deadline: 2006-09-13) / BCP (draft-ietf-grow-anycast) Title: Operation of Anycast Services URL: http://www.ietf.org/internet-drafts/draft-ietf-grow-anycast-04.txt Date: 2006-08-30 – Approved by the IESG as Proposed Standard Title: NP Parameters for the “tel” URI URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-tel-np-11.txt Date: 2006-08-31 – Last Call (Deadline: 2006-09-14) / Informational RFC (draft-ietf-l3vpn-vpn-vr) Title: Network based IP VPN Architecture Using Virtual Routers URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-vpn-vr-03.txt Date: 2006-08-31 – Last Call (Deadline: 2006-09-14) / Experimental RFC (draft-ietf-hip-base) Title: Host Identity Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-base-06.txt Date: 2006-08-31 – Last Call (Deadline: 2006-09-14) / Proposed Standard (draft-ietf-dnsext-dnssec-experiments) Title: DNSSEC Experiments URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-experiments-03.txt]]> 1491 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/security-and-protocols/ Fri, 07 Dec 2007 16:04:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=981 Read their presentation.

Vancouver, site of IETF 70 Photo Credit: Mirjam Kühne, with permission

The subject stimulated good discussions at IETF 70 and raises some interesting issues, particularly as it relates to Internet security and security protocols. While opinions may vary about whether security protocols developed by the IETF are successful, security remains a topic close to IETF’s heart. For more than 10 years, every document has been required to include a section on security considerations. Still, the enormous amounts of unwanted traffic on the Internet cause concern. A few years ago, the Internet Architecture Board held a workshop on the subject. In this issue of the IETF Journal, we feature an updated summary of the workshop, including a number of important facts and notable observations. Also in this issue you’ll read about João Damas’s and Frederico Neves’s solution to a long-standing security hole in the Domain Name System, which is described in their article The Perfect Attack. Typically, the IETF Journal features short updates of the ongoing activities of Internet Research Task Force research groups. In this issue, we are pleased to offer more-detailed reports of those activities, including current work, achievements, and future plans. We would also like to call attention to a number of newcomers who have contributed to this issue of the IETF Journal. One is Tomas Carlsson, who, in addition to an in-depth report on the IETF 70 fellows, offers an analysis of IETF culture. Another is Bryan Ford, an MIT student who reports on new directions in the Transport Area. We thank all of our contributors to this issue, and we wish you fun reading. And, as always, we welcome both your comments and your contributions for future issues.]]> 981 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-20/ Fri, 07 Dec 2007 16:05:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=983

Russ Housley, IETF Chair

The IETF returned to Vancouver, Canada, in December 2007 for IETF 70. The Westin Bayshore, site of our previous visit to Vancouver, has excellent facilities for the IETF. With 1,114 people attending from 37 countries, the meeting was, by all accounts, successful, with progress made in many working groups (WGs). Cisco Research and Microsoft served as hosts for the event, and the site network was subcontracted to VeriLAN Networks. Sponsors included BC.NET, Eyeball, Huawei, and Telus. On behalf of the IETF, I’d like to express my gratitude and appreciation to our hosts and sponsors for their outstanding contributions. As usual, the IETF depends on a team of dedicated volunteers, which this time included a group of programmers who helped with the development of software tools that are used by the IETF on the Saturday before the meeting. The week was filled with the usual mixture of working group meetings, BoF (birds-of-a-feather) sessions, research group meetings, and, as always, many side meetings. It was interesting to hear from Stephen Wolff of Cisco Research Center, who talked about the early days of the IETF. He was one of the 21 people who attended IETF 2! He recalled a time when 160 million packets per week was considered significant and when the first gigabit research networks were set up. He expressed hope that today’s network research initiatives, such as GENI and FIND, will lead to similar advancements. He also mentioned that unsolicited proposals for network research are welcomed by Cisco. Since IETF 69, 3 new WGs were chartered and 15 WGs were closed. Approximately 115 WGs are currently chartered. Since July 2007, the WGs and their individual contributors produced 421 new Internet-Drafts and generated 967 updated Internet-Drafts. The Internet Engineering Steering Group approved 106 Internet-Drafts for publication as RFCs. The RFC Editor published 103 new RFCs. I’m happy to announce the winner of the IETF Secretariat services RFP. At the Wednesday evening plenary session, staff members from NeuStar Secretariat Services (NSS) received a standing ovation for their years of dedicated service. The winner was named too. Association Management Solutions (AMS) will begin providing Secretariat services in early 2008. On a sad note, we recently lost a longtime IETF participant. Jun-ichiro “Itojun” Hagino passed away on 29 October 2007 at the age of 37. The “IPv6 Samurai” will be missed. He will be remembered for many things, including his contributions to the KAME project, which developed the IPv6 implementation that is now in FreeBSD, NetBSD, OpenBSD, and MacOS X. On a happier note, at the Wednesday evening plenary session the IETF community offered thanks to Mark Foster, chief technology officer of NeuStar, for the pivotal role he played in the administrative restructuring of the IETF. Without Mark’s assistance, the restructuring would have taken much longer and would have been much more painful. I personally appreciate his dedicated support to the IETF community. Again, thanks, Mark. During IETF 69, one of the hot topics in the several sessions and many hallway discussions was IPv6 adoption, which remained a hot topic at IETF 70. The hope was to identify tasks the IETF can do to facilitate a smooth adoption. In the past, the IETF has taken the approach that IPv6 adoption would happen naturally, before the IPv4 address space was exhausted. However, there is an increasing realisation that this is not the case. The last IPv4 address block will most likely be allocated by the Internet Assigned Numbers Authority before widespread IPv6 deployment occurs. There were a number of varying opinions and lively discussions on the topic. Ultimately, no consensus was reached on what the IETF can do right now to expedite IPv6 deployment. It is clear to me that there will continue to be much speculation and energetic debate, but I continue to believe the IETF has a valuable contribution to make in this area. I look forward to seeing all of you at IETF 71 in Philadelphia on 9-14 March 2008 and at IETF 72 in Dublin, which is scheduled for 27 July-1 August 2008. Scheduling information for upcoming IETF meetings.

New BoF Meetings Descriptions and agendas for all BoF meetings.Internet Area csi: Cga & Send Extensions savi: Source Address Validation Improvements tictoc: Timing over IP Connection and Transfer of Clock Real-Time Applications and Internet Area peppermint: Provisioning Extensions in Peering Registries for Multimedia Interconnection Routing Area rl2n: Routing for Low Power and Lossy Networks Transport Area safe: Self-Address Fixing Evolution

 ]]> 983 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/paving-the-way-for-ipv6/ Sun, 07 Oct 2007 16:24:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1012 At a joint IESG-IAB meeting, participants discussed the deployment of IPv6, the state of the IPv4 address pool, the challenges of both, and what the IETF can do about it all. While predictions about timing may vary, there is virtually no disagreement that IPv4 addresses will, at some point, become unavailable. This concern has been the subject of debate and discussion among participants of the IETF and others for more than two decades. It also has been the key driver in the development and deployment of a number of new technologies, including IPv6. The IETF Journal was invited to join the discussion as part of a joint IAB-IESG meeting held in July in Chicago at IETF 69. What follows is a report by the IETF Journal on what transpired during that single meeting, one of several on this important topic. The discussion was led by Kurtis Lindqvist and Jari Arkko. IPv4 Address Space Allocation and Policies IPv4 PA (provider-aggregatable) allocations flow from IANA to the RIRs (Regional Internet Registries), which include the RIPE NCC, ARIN, APNIC, LACNIC, and AFRINIC. From there, address space flows to the LIRs (Local Internet Registries) and then trickles down to the end users. Similarly, IPv4 PI (provider-independent) allocations begin with IANA and then flow to the RIRs. From there, address space is assigned directly to end users. Each RIR is responsible for forming its own address allocation policy within its regional community in an open, bottom-up process. Today, IANA allocates address blocks of /8 to the RIRs, and it plans to continue allocating sufficient IPv4 address space to support RIR registration needs for at least 18 months. Visit the IANA allocation policy (PDF). When Will the IPv4 Address Space Become Exhausted?   In May 2007, Geoff Huston announced that his model for determining the projected date of IANA unallocated IPv4 address exhaustion has changed. As reported at www.potaroo.net, the new predictive model is based on a quadratic equation, which, he believes, offers a closer fit to the underlying data set. Here the exhaustion point is the date that the first RIR exhausts its available pool of addresses and no further addresses are available in the IANA unallocated pool to replenish the RIRs’ pool. The data available suggests a best-fit predictive model whereby this will occur in January 2011. A related prediction is the exhaustion of the IANA unallocated number pool, which this model predicts will occur in June 2010. In a report titled A Pragmatic Report on IPv4 Address Space Consumption, Tony Hain describes a slightly different methodology for arriving at predictions regarding the time constraints for the exhaustion of IPv4 address space. As Tony writes, “Depending on the model chosen, the nonlinear historical trends . . . covering the last 5- and 10-year data show that the remaining 64 /8s will be allocated somewhere between 2009 and 2016, [assuming there is] no change in policy or demand.” Regardless of the differing methodologies and assumptions, both Geoff and Tony have been vocal advocates for the need to “commence investment in IPv6-based service infrastructure,” as Geoff describes it in a response to Tony’s projections. The abounding sense of urgency related to the deployment of IPv6 within the IETF community, as Kurtis points out, affects-and is affected by-both policy and market forces. “The dates tell us how much time we have, and the RIRs must come up with a good model or a process to handle [the transition],” he says. As one attendee mentioned, RIRs are allocating addresses under the current model, and as long as the model doesn’t change dramatically, reasonable predictions can be made, but the RIRs are beginning to see policy change requests, which could alter those predictions. The question that is most on the minds of the IETF community is, What will it take for the market to begin the deployment of IPv6? At some point, the costs of obtaining IPv4 address space will be higher than the costs of deploying IPv6. Transition to IPv6 is fraught with challenges-including the expense of new equipment- but the biggest challenge appears to be that there is no seamless way to transition back and forth from IPv4 to IPv6. IANA and the RIRs are actively encouraging their communities to deploy IPv6. ARIN and LACNIC, as well as ICANN, have all published statements promoting the move to IPv6. While the proposal by ARIN to set a date for IPv4 termination was not adopted, the discussion within the RIRs remains active. Implications for the Future of the Internet As Kurtis and Jari explained, perhaps the most significant implication of IPv4 exhaustion on the Internet is that NAT (network address translation) is “here to stay." Other predictions regarding the implications of IPv4 address- space exhaustion for the next phase of the Internet include:

• Some IPv6 deployment
• Some kind of market space forming for addresses
• Security of routing becoming more interesting

More routing pain; smaller prefix blocks Some of the political implications are likely to include:

• The appearance of last-chance-allocation panic
• Discussions about address allocation policies
• Debates about fairness between different parties, such as old/new users, different registries, IANA versus registries, and developed world versus developing world
• Market creation to be driven by political and legal battles

What Is the Role of the IETF? Deciphering the role of the IETF with regard to IPv4 address space depletion and the deployment of IPv6 was a large part of the discussion at the IAB-IESG meeting. Kurtis and Jari outlined a number of aspects that fall outside the IETF’s purview, such as consideration of the allocation rate of existing address space (a discussion that should happen within the RIR communities) and policies that affect how that address space gets allocated (also the responsibility of IANA and the RIRs, which all have active and open discussion forums for debating those policies). Other aspects not applicable to the IETF include the possible address space markets (which should be left to registries, contracts, and the courts) and NATs and IPv6, which may well be IETF issues. The area that Kurtis and Jari said they believe does fall under the auspices of the IETF is delivery of the technical components that the address space market will require. As they pointed out, NATs are “a fact of life,” and they should continue to be taken into account. The deployment of any significant new technology on the Internet, such as IPv6, “is going to be painful.” Both suggested it may be time to take another look at IPv6 transition mechanisms. “Things related to IPv6 will have to be fixed as deployment goes on," said Jari. “This is maintenance work, and the IETF is good at that.” Kurtis agreed, adding that transition mechanisms exist but they often require purchasing new equipment, handling implementation issues, and training staff, all of which requires considerable investment. What the IETF may need to consider is whether there is anything it can do to make the transition easier. “This is what we have to solve,” Kurtis said. According to Joe Abley, the perception is that the only generic transition mechanism is dual stack, but the dual stack solution could double the cost for companies and organisations. “In many cases,” he said, “it is easier to implement only IPv6, but there is no good way to get back to the IPv4 Internet from there.” Achieving that, he said, could solve the problem. Elwyn Davies suggested that in light of there being no interworking transition mechanism, it might make sense to go back and develop one that works better than NAT-PT (network address translation-protocol translation). “It would be easier if IPv4 were a special case in IPv6,” said Elwyn. “Then we would not have the interworking issues between the two networks. But that is not the case.”   So what can the IETF do about the diminishing IPv4 address space in and the smoothing of the transition to IPv6? Distributing the remaining IPv4 address space is the responsibility of the RIR community. If the RIRs need any technology support, such as in the case of classless interdomain routing (CIDR), the IETF is there to help. With regard to the transition mechanisms, it would probably be best to wait and see what the market is doing. If it turns out that the existing mechanisms don’t work or that people have difficulties with them, then the IETF will have to look at that. It may be true that there is little the IETF can do apart from encouraging the market to be proactive in testing and deploying IPv6. However, what drives the market today are economics and regulation. With that in mind, Dave Thaler suggested that the IETF consider providing review of the technical setup and requirements of government agencies. “IETF participants or working groups could help find out what the market demand is going to be-particularly by looking at what large government agencies are rolling out,” he said. “A lot of the other things are outside the scope of the IETF.”]]> 1012 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-21/ Sun, 07 Oct 2007 16:25:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1014 By all accounts, IETF 69 was a success. Held in a grand hotel in downtown Chicago, we had in attendance 1,146 people from 40 countries. In spite of the noise from ongoing renovations to the hotel, progress was made in a number of working groups. IETF 69 was hosted by Motorola, and the site network was subcontracted to Verilan Networks. As always, we depended on a team of dedicated volunteers. The week was filled with the usual mixture of working group meetings, BoF (birds-of-a-feather) sessions, research group meetings, and countless side meetings. It was interesting to hear from Ken Zdunek, vice president of networks research at Motorola, which hosted IETF 42 in Chicago as well. Ken talked about the ways in which Chicago and the Internet have changed over the past nine years. Since IETF 68, two new WGs were chartered and 10 WGs were closed. During that time, the WGs and their individual contributors produced 436 new drafts and generated 946 updated drafts. There are still approximately 120 chartered WGs. The Internet Engineering Steering Group approved 96 drafts for publication as requests for comments (RFCs). The RFC Editor published 103 new RFCs. The RFC Editor contract was renewed with the University of Southern California’s Information Sciences Institute (ISI). As most of you know, ISI has filled this role since the RFC series began. An RFC Editor style guide has been published and is available here. In addition, the IETF Secretariat Services request for proposals (RFP) was released on schedule, and the goal is to award one or more contracts in October 2007. The tools team did an outstanding job of rewriting all tools that do not require login-so as to resolve security flaws in those tools. As a next step, tools that require login will be rewritten to deal with their security issues. One of the hot topics at IETF 69 was the transition from IPv4 to IPv6. The hope was to identify specific actions the IETF can take to facilitate a smooth transition. In the past, the IETF has operated on the assumption that the transition will occur before the IPv4 address space is exhausted. However, there is an increasing realisation that this may not be the case. The discussions at IETF 69 were attempts to revisit the topic. A variety of opinions were expressed, and a lively discussion ensued at the plenary, but ultimately, no consensus was reached on what the IETF can do right now. I believe this discussion will continue and that the IETF has a valuable contribution to make in this area. I look forward to seeing you at IETF 70 in Vancouver on 2-7 December 2007 and at IETF 71 in Philadelphia on 9-14 March 2008. As always, here are scheduling information for upcoming IETF meetings.]]> 1014 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-19/ Sun, 07 Oct 2007 16:26:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1016 The Internet Architecture Board (IAB) has a number of responsibilities, one of which is to maintain relationships between the IETF and external organisations. RFC 2850 describes the process in the following manner:

The IAB acts as representative of the interests of the IETF and the Internet Society in technical liaison relationships with other organisations concerned with standards and other technical and organisational issues relevant to the world-wide Internet.

Relationships The IETF has an intensive relationship with the Telecommunication Standardisation Sector of the International Telecommunication Union (ITU-T). In addition to serving as general liaison to the organisation, we have liaisons for MPLS (Multiprotocol Label Switching), NGN (Next Generation Network), and Study Group 15. We invited the ITU-T leadership to an informal meeting on the Saturday prior to the Chicago IETF for the sole purpose of getting to know the faces behind the e-mail addresses and to have an informal discussion about the things that drive our respective organisations. The get-together was motivated by the notion that collaboration is most effective and fruitful when personal contacts are established. Several topics were discussed during the meeting. One in particular had to do with IETF concern over the use by Transport MPLS of the MPLS Ethertype, which was formally raised by the end of the week. SeeT-MPLS use of the MPLS Ethertypes. Both the informal discussion and the liaison on T-MPLS are examples of how the working relationship between ITU-T and the IETF proceeds on a day-today basis. On a more strategic level, the IAB has responded to a questionnaire in which the ITU was seeking input on its role in Internet policy and standards development. In our response, we reiterated that the IETF is the standards organisation responsible for a number of the topics covered in the questionnaire and that the IETF has mechanisms in place for the ITU-T and the ITU membership to participate in the work. Architectural work Since the previous issue of the IETF Journal, a number of IAB architectural documents have appeared as RFCs:

• RFC 4840: Multiple Encapsulation Methods Considered Harmful
• RFC 4903: Multi-Link Subnet Issues
• RFC 4907: Architectural Implications of Link Indications
• RFC 4924: Reflections on Internet Transparency

The IAB also held a retreat, kindly hosted by Harvard University, where we discussed ongoing business and possible future work. Although concrete work items have not yet crystallised, our discussions have focused on fundamental Internet protocol issues, such as the routing and addressing problem, IPv6 deployment, and architectural problems associated with Network Address Translation. I don’t think it is a coincidence that these are the same topics that happened to have been discussed during the technical plenary at IETF 69 in Chicago. I have also observed that these are topics on which folks within the IETF-and hence also within the IAB-have different perspectives, particularly in how they view both the problems and the possible solutions. See you all at IETF 70 in Vancouver in December.  ]]> 1016 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-support-for-ipv6-deployment/ Sun, 07 Oct 2007 16:28:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1020 Early Days and Design Decisions Note: There are a number of resources on the Internet that cover the early history of IPv6. Google is your friend if you’re interested. From its beginning, IPv6 was the creation of a group of talented engineers who were working in a difficult area: attempting to design a protocol for an unknown future. It has been nearly 20 years since the IETF began considering the problem of IPv4 address exhaustion.See the Running out of Internet addresses?. Serious work on ways to deal with the problem began more than 15 years ago. While the Internet was certainly successful at the time, it was still used mostly by technical professionals. Identifying the “end of life” for IPv4 was the first in a long series of issues identified and dealt with by the engineers working in the IETF. Several new technologies, ranging from minor tweaks of IPv4 to completely new approaches to addressing and routing, were proposed to deal with the problem. Following the usual IETF process, a number of decisions were made in those early days. For instance:

• There would be no “?ag days” to switch from one protocol to the next.
• A longer, but still fixed-length, address would be required.
• Addresses would continue to be used in a hierarchy.
• Routing would be basically the same..

Other components were added to IPv6, such as multiple addresses per interface, address autocon?guration, and multicast support. This is understandable, considering the prevailing assumption that IPv6 would be the “?nal” version of IP-at least for the lifetime of the people designing it. There was an effort to limit the number of changes and additions, but many made it in.For any given decision, you can argue that it was the wrong one. For any given feature, you can argue that it is unnecessary or poorly specified. People did then! That doesn’t mean that IPv6 as a whole is poorly designed, however, or that it fails to meet the goals set out for it. Transition Plans and Tools The core IPv6 protocol was defined in 1995. Even before that, a lot of thought had been given to how the Internet would switch from using IPv4 to using IPv6. Shortly after the IPv6 protocol became an RFC, other RFCs were published that documented ideas and tools to help with the transition. The engineers who designed and implemented IPv6 knew that real-world network administrators would still have to change their networks and that advice and tools that would make the work easier were essential. The ng-trans working group was created as a place to work on those technologies as well as to coordinate with the 6bone project (more on the 6bone later). At the time, and as it is today, it was understood that there is no one-size-?ts-all method for converting to IPv6. Every network is unique, and each would experience different problems in an e?ort to migrate to IPv6. So more than one idea was explored, and each was documented. If you look at the old ngtrans page, See Next Generation Transition (ngtrans) – you will see that there are quite a few RFCs on the subject, some of which cover multiple scenarios. From one point of view, the ngtrans working group was unsuccessful; IPv6 is not widely used, and it certainly has not replaced IPv4. On the other hand, the working group did meet its stated goals. There are now a number of defined mechanisms that are useful in implementing IPv6 networks. Even today, though, nobody knows how IPv6 will actually get adopted, nor does anyone know what it will look like when it does. Ten years ago, I was told that IPv6 would arrive from the edges and move in. Now I hear it will arrive at the core and move to the edges. Rather than being negligent, the engineers within the IETF actually did the best thing possible, which is to consider IPv6 transition in many different environments, some of which would turn out to be used infrequently. There was no way to know which of these environments would be the most common, so extra e?ort was spent to try to cover them all. IETF^TM Brand Dog Food When a company uses the product it makes, that phenomenon is sometimes called eating your own dog food. The IETF is mainly a standards-making organisation, not a product development company or a network operations company. However, the IETF does have computers on the Internet. And thousands of people attend IETF meetings. And the IETF has always made some e?ort to use the standards it develops, including the IPv6 standards. Using IPv6 at IETF meetings has not always been painless. At many past IETF meetings, I had to disable IPv6 connectivity on my computer because the routing went through such a poorly connected system of IPv6 tunnels that it was basically unusable. Nevertheless, this is exactly the kind of operational experience that results in useful information. As the field has grown explosively, specialisation has set in, and market pressures have risen, there has been less and less operator participation in the IETF," Harald Alvestrand noted back in 2003: IESG proposed statement on the IETF mission A long-standing complaint about the IETF is that there is not enough operator participation. Whether this is true or not, the IETF has tried to get some of its own experience, at least in recent years. The IETF has not always been a first adopter (as recently as two years ago, the IETF servers were not IPv6 reachable – See IETF servers aren’t for testing thread – but it’s often an early adopter). 6bone Shortly after the first IPv6 RFCs were published, a group of engineers created a test bed network called the 6bone. While the 6bone was not an IETF project, many of the 6bone participants were also active in the IETF, and there are RFCs that document the address allocation and operation of the network. Originally started to test standards and implementations, the 6bone evolved into a test bed for operations and, finally, into an almost-production-quality network (See RFC 2772). The end of the 6bone, on 06-06-2006, is a sign of its success. An Internet-wide IPv6 test network is no longer needed, as IPv6 is used more widely on the “real” Internet now than it ever was on the 6bone. Coordination Even before IPv6 appeared for the first time on the Internet, the IETF was coordinating with the Internet Assigned Numbers Authority (IANA) and with the RIRs.The IANA maintains not only a number of registries that are necessary for IPv6 to function, including the address space registry itself, but also other IPv6-related information, such as DHCPv6 option codes or ICMPv6 parameters. Most of the interaction between the IETF and the IANA is straightforward, because the IANA is an administrative body and able to implement the recommendations of the IETF when appropriate. Coordination with the RIRs is more complex, as each RIR has its own policies and methods for updating policies. In many ways, working with an RIR is similar to working with the IETF. Discussions occur on open mailing lists, and consensus is generally required for decisions to be made. This means that the policies are bottom-up and that they reflect the requirements of the network operator community. But creating new policies or changing existing policies is difficult in this environment; it requires considerable education, on the part of both the IETF and the RIR communities. The IETF and the RIRs worked closely together during the development of the first IPv6 policies to ensure that the technical requirements were met. The RIRs have all had working IPv6 policies for years now. Coordination between the operator communities and the IETF is still important, but it now follows the regional RIR policy development procedures. Conclusion The IETF has done a lot to make it easier for the people using the Internet to adopt IPv6. The IETF mission is to produce documents (see RFC 3935), and from this point of view, the IETF has done exactly what it should. Documents will not by themselves cause people to adopt IPv6. Software must be developed, networks built, users educated, and policies updated. At the end, IPv6 adoption is largely a business decision, and money saved by using IPv6 may motivate the work. These activities often depend on the documents the IETF produces, but they are outside the IETF mission. Individuals in the IETF and the organisations they work for can do a lot to encourage IPv6 adoption outside the scope of the IETF. New standards are being produced to create and extend protocols, and recommendations are made for developers, users, and operators, and these should not try to duplicate the work already done. Remember the work that has already been done when considering what the IETF can do for IPv6.]]> 1020 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-type-0-routing-header/ Sun, 07 Oct 2007 16:29:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1022 For decades, the benefits and drawbacks of this capability have been discussed. During that time, the IPv4 Loose and Strict Source Routing options (LSSR and SSR) and the IPv6 Type 0 Routing Header extension (RH0 ) have been implemented in IP stacks. However, IPv4 network administrators have gotten into the habit of preventing the processing of source routing options on routers, which has resulted in the default disabling of source routing in most IPv4 devices. As more IPv6 testing and deployment gets conducted, the more serious negative security impacts associated with the Type 0 Routing Header are becoming better understood. As a result, the IETF has begun taking action to deprecate the mechanism in the IPv6 specification. This overview of the process provides a good illustration of how the IETF works and what makes it such a unique standardisation body; that is, following a rough consensus, a draft providing a pragmatic response to a security problem has been published. Threats There are a number of potential consequences associated with the ability of a user to select the path followed by its packets in the routing infrastructure, ranging from network discovery to denial-of-service (DoS) attacks. Some are described in IPv6 Type 0 Routing Header Security (PDF), but more can be found in a document titled “Deprecation of Type 0 Routing Headers in IPv6,” which is a work in progress (available on www.ietf. org). The most significant consequence-the one that led to the deprecation of the mechanism in the IPv6 protocol-is a DoS attack, which is described briefly later. Under IPv4, the source routing mechanism is implemented as an option that synthetically carries a list of the waypoint addresses through which the packet will travel. The size of the list is inherently limited by the maximum size of IPv4 options (40 bytes), which leaves room for, at most, nine addresses. Under IPv6, source routing is implemented as an extension header, which is found between the IPv6 header and the upper-layer payload. As with IPv4, it is seen mainly as a list of waypoint addresses that the packet will visit on its path to its final destination. Unlike IPv4, the number of addresses in IPv6 is limited only by the maximum size of the packet. On paths with a Maximum Transmission Unit (MTU) of 1,500 bytes, one can inject packets containing up to 90 waypoints. This is a renewed version of the old IPv4 source routing threat, but perhaps doped on steroïds: the amplification effect is indeed 10 times worse. When a packet that includes a routing header arrives at the destination found in the destination field of the IPv6 header, the node inspects the routing header and, by default, forwards the packet to the next waypoint. This behaviour was true for most routers as well as for some host operating systems, at least until a few months ago. Since no filtering or limitations are typically implemented with regard to that behaviour, some specific lists of addresses in the RH0 extensions can lead the packet to oscillate between two selected routers (used as waypoints), creating an amplification attack on the path between the two targets. An attacker with a 2 Mbit/s upload link can saturate a 100 Mbit/s link. What happened? During a presentation at the CanSecWest 2007 Security Conference in April 2007, a number of threats with regard to the IPv6 Type 0 Routing Header extension were described, including the negative impacts on Internet infrastructure elements. That information probably filled the gap between what attendees were hearing at the conference and the numerous theoretical warnings that had been proclaimed by researchers in the IPv6 community. In light of the recent momentum gained by IPv6, the presentation generated a lot of publicity, resulting in a number of articles being published on SecurityFocus (“Experts Scramble to Quash IPv6 Flaw,” by Robert Lemos, 9 May 2007), on Dark Reading (“Five Security Flaws in IPv6,” by Kelly Jackson Higgins, 8 May 2007), on eWeek (“IPv6 Headers Problem Revealed,” by Lisa Vaas, 4 May 2007), and on Techworld (“IETF Moves against IPv6 Threat,” by Matthew Broersma, 14 May 2007), among others. The publicity also led to Security Advisories for major end hosts and router operating systems. Most of the advisories blamed the IPv6 specification and not the implementation. Soon after the event, the Open Source community took measures to deactivate default processing of the mechanism, including Linux 2.6 kernel (after 2.6.20.9) and most flavours of BSD. After a time, Apple patched its kernel for preventing RH0 processing (10.4.10 security update). As of this writing, Cisco and Juniper have not yet altered the defaults on their products. Presenters at the CanSecWest 2007 Security Conference also warned against a practical threat directed toward anycast architectures, such as the F instances of the IPv6 root name servers. As a result, the operators of the F root server (the Internet Systems Consortium) took immediate action by dropping, without further processing, all packets that include an RH0 extension. The information has also been relayed to operators of other root name servers. IETF Response On 23 April 2007, two days after the CanSecWest Security Conference, the issue appeared on the IETF dns-ops and ipv6-ops working group mailing lists. A few hours later, it was being discussed on the IETF IPv6 working group mailing list (ipv6@ietf.org). On 25 April 2007, IPv6 WG chairs Robert Hinden and Brian Haberman officially raised the issue to the IPv6 WG. In parallel with those discussions, two drafts were quickly assembled for review by the IPv6 working group. The first one, by Joe Abley, advocated for deprecation of the mechanism. The second one, by Pekka Savola and Georges Neville-Niel, proposed that a disable-by-default behaviour be implemented. With the working group widely in favour of deprecation, on 14 May 2007 the IPv6 WG requested that the two drafts be combined. At the time of this writing, the draft is a work in progress. Conclusion The consensus reached by the IETF regarding the deprecation of the RH0 mechanism from the IPv6 specification comes as a welcome, albeit late, conclusion to the source routing threat. The positive aspects of this decision are most notably:

• Early discovery and subsequent remediation, which prevented potential exploitation against production networks;
• Limited impact with regard to current implementations’ changes for deactivation or removal; and
• A gain in terms of future stack implementation through reduced complexity, size, and development time requirements.

It is also expected that future proposals for source-routing-related mechanisms (through a new type of Routing Header) will be followed with great care within the IETF. Special thanks to Merike Kaeo and Joe Abley for thier contributions to this article.]]> 1022 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-retrospective-view-of-nat/ Sun, 07 Oct 2007 16:31:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1024 Introduction NAT commonly refers to a box that interconnects a local network to the public Internet, where the local network runs on a block of private IPv4 addresses as specified in RFC 1918. In the original Internet architecture design, each IP address is defined to be globally unique and globally reachable. In contrast, a private IPv4 address is meaningful only within the scope of the local network behind a NAT and, as such, the same private address block can be reused in multiple local networks, as long as those networks do not directly talk to each other. Instead, they communicate with each other-and with the rest of Internet-through NAT boxes. Like most unexpected successes, NAT’s ubiquitous adoption was not foreseen when the idea first emerged more than 15 years ago (RFC 1287 and RFC 1335). Back then, had anyone foreseen where NAT would be today, it is possible that the NAT deployment itself might have followed a different path: one that was better planned and standardised. The set of Internet protocols that have developed over the past 15 years might have also evolved differently, and we might have seen less overall complexity in the Internet than what we have today. Although the clock cannot be turned back, I believe it’s a worth-while exercise to revisit the history of NAT so that we may learn some useful lessons. It may also be worthwhile to assess-or reassess-the pros and cons of NAT, as well as to take a look at where we are today in our handling of NAT and how best to proceed into the future. I would like to emphasise that this writing represents a personal view, and my recall of history is likely to be incomplete and to contain errors. My personal view on this subject has also changed substantially over time, and it may continue to evolve, as we are all in a continuing process of understanding this fascinating and dynamically changing Internet. How NAT Works

Lixia Zhang and Tony Li at IETF 69 in Chicago

As I mentioned earlier, IP addresses were designed to be globally unique and globally reachable. This property of the IP address is a fundamental building block in supporting the Internet’s end-to-end architecture. Until very recently, almost all of the Internet protocol designs, especially those below the application layer, have been based on the aforementioned IP address model. However, the explosive growth of the Internet in early 1990s not only signalled the danger of IP address space exhaustion but also created an instant demand on the IP addresses: suddenly, connecting large numbers of user networks and home computers demanded IP addresses instantly and in large quantity. Such demand could not possibly be met by going through the regular IP address allocation process. NAT came into play to meet that instant high demand. Because NAT was not standardised before its wide deployment, a number of different NAT products exist today, each with somewhat different functionality and different technical details. Since this article is about the history of NAT deployment-and not an explanation of how to traverse specific NAT boxes-I will describe a popular NAT implementation as an illustrative example. Interested readers may visit Wikipedia to find out more about various NAT products. A NAT box N has a public IP address for its interface connecting to the global Internet and a private address facing the internal network. N serves as the default router for all of the destinations that are outside the local NAT address block. When internal host H sends an IP packet P to a public IP destination address D in the global Internet, the packet will be routed to N. N translates the private source IP address in P‘s header to its public IP address and adds an entry to its internal table that keeps track of the mapping between the internal host and the outgoing packet. This entry represents a piece of state, which enables all subsequent packet exchanges between H and D. For example, when D sends a packet P’ in response to P, P’ will arrive at N, and N can find the corresponding entry from its mapping table and replace the destination IP address-which is its own public IP address-with the real destination address H, so that P’ will be delivered to H. This mapping entry times out after a certain period of idleness, which is normally set to a vendor-specific value. In the process of changing the IP address carried in the IP header of each passing packet, a NAT box must also recalculate the IP header checksum-as well as the transport protocol’s checksum-if it is calculated based on the IP address, as in the cases for TCP and UDP check-sums. From this description, it is easy to see the major benefit of NAT: one can connect a large number of hosts to the global Internet by using a single public IP address. Other benefits of NAT also became clear over time, as discussed in more detail later. At the same time, a number of NAT’s drawbacks can also be identified immediately. First and foremost, NAT changed the end-to-end communication model of the Internet architecture in a fundamental way: Instead of allowing any host to talk directly to any other host on the Internet, hosts behind a NAT now must go through the NAT to reach others, and all communications through a NAT box can be initiated only by an internal host first in order to set up the mapping entries. In addition, since ongoing data exchange depends on the mapping entry kept at the NAT box, the box represents a single point of failure: if the NAT box crashes, it may lose all of the existing state, and the data exchange between all of the internal and external hosts will have to be restarted. This is in contrast to the original IP’s goal of delivering packets to their destinations as long as any physical connectivity exists between the source and destination. Furthermore, because NAT alters the IP addresses carried in a packet, all protocols that are dependent on IP addresses are affected. In certain cases, such as TCP checksum, which includes IP addresses in the calculation, the NAT box can hide the address change by recalculating the TCP checksum when forwarding a packet. For some of the other protocols that make direct use of IP addresses, such as IPSec, the protocols can no longer operate on the end-to-end basis as originally designed; for some application protocols that embed IP addresses in the application data, application-level gateways are needed to handle the IP address rewrite. As discussed later, NAT also introduced some other drawbacks that surfaced only recently. A Recall of NAT History I started graduate school at Massachusetts Institute of Technology to work on network research at the same time as RFC 791, the Internet Protocol Specification, was published in September 1981. Thus I was fortunate to witness the most fascinating unfolding of this new system called the Internet. During the next 10 years, the Internet grew rapidly. RFC 1287, Towards the Future Internet Architecture, was published in 1991 and is probably the first RFC that raised the concern about IP address space exhaustion in a foreseeable future. RFC 1287 also discussed three possible directions for extending IP address space. The first one pointed to a direction similar to today’s NAT:

Replace the 32 bit field with a feld of the same size but with different meaning. Instead of being globally unique, it would now be unique only within some smaller region …

RFC 1335, published in May 1992, provides a more elaborate description of the use of internal IP addresses (in other words, private IP addresses) as a solution to IP address exhaustion. The first paper describing the NAT idea, “Extending the IP Internet Through Address Reuse,” appeared in the January 1993 issue of Computer Communication Review and was published a year later as RFC 1663. Although these RFCs may be considered forerunners in the development of NAT, as explained later, for various reasons the IETF did not take actions to standardise NAT. The invention of the Web further accelerated Internet growth in the early 1990s. The explosive growth underlined the urgency to take action toward solving both the routing scalability and the address shortage problems. The IETF took several follow-up steps, which eventually led to the launch of the IPng development effort. I believe the expectation at the time was to get a new IP developed within a few years, followed by a quick deployment. However, the actual deployment during the next 10 years took a rather unexpected path. The planned solution As pointed out in RFC 1287, the continued growth of the Internet exposed strains in the Internet architecture as originally designed, the two most urgent of which were routing system scalability and exhaustion of IP address space. Since long-term solutions require a long lead time to develop and deploy, efforts started on developing both a short-term solution and a longterm solution to those problems. Classless Inter-Domain Routing, or CIDR, was proposed as a shortterm solution. CIDR removed the class boundaries embedded in the IP address structure, thus enabling more efficient address allocation, which helped extend the lifetime of IP address space. CIDR also facilitated routing aggregation, which slowed the growth of the routing table. However, as stated in RFC 1481, IAB Recommendation for an Intermediate Strategy to Address the Issue of Scaling, “This strategy (CIDR) presumes that a suitable longterm solution is being addressed within the Internet technical community.” Indeed, a number of new IETF working groups that started in late 1992 aimed at developing a new IP as a longterm solution, and the Internet Engineering Steering Group (IESG) set up a new IPng area in 1993 to coordinate the efforts. CIDR was rolled out quickly, which effectively slowed the growth of the global Internet routing table. Because it is a quick fix, CIDR did not address emerging issues in routing scalability-in particular, the issue of site multihoming. A multihomed site would want to be reachable through any of its multiple provider networks. In the existing routing architecture, this requirement translates into having the prefix, or prefixes, of the site listed in the global routing table, thereby rendering provider-based prefix aggregation ineffective. (Interested readers are referred to the article “An Overview of Multihoming and Open Issues in GSE,” published in the September 2006 issue of the IETF Journal for a more detailed description on multihoming and its impact on routing scalability.)

The creation of the IPng working group (later renamed to IPv6) was announced on 7 November 1994.

The new IP development effort, on the other hand, took much longer than anyone imagined when the effort first began. At the time of this writing, the IETF is finally wrapping up the IPv6 working group, almost 13 years after its establishment. The IPv6 deployment has also been slow in coming. As of today, there have been a small number of IPv6 trial deployments. There is one known operational deployment in a provider network, but there are no known commercial user sites that use IPv6 as the primary protocol for their Internet connectivity. If one day someone sits down to write an Internet protocol development history, it would be very interesting to look back and understand the major reasons for the slow development and adoption of IPv6. But even without doing any research, one could say with confidence that NAT played a major role in meeting the IP address need that arose out of the Internet growth, which at least deferred the demand for a new IP. The unplanned reality While largely unexpected, NAT has played a major role in the explosive growth of Internet access; in fact, the growth of the Net turned in large part on NAT growth. Nowadays it is common to see multiple computers, or even multiple LANs, in a single home. It would be unthinkable for every home to obtain multiple IP addresses from its network service provider. Instead, a common setting for home networking is to install a NAT box that connects one home network or multiple home networks to a local provider. Similarly, most enterprise networks deploy NAT as well. It is also well-known that countries with large populations, such as India and China, have most of their hosts behind NAT boxes; the same is true for countries that got connected to the Internet only recently. Without NAT, the IPv4 address space would have been exhausted a long time ago. For reasons discussed later, the IETF did not standardise NAT implementation or operations. However, despite the lack of standards, NAT was implemented by multiple vendors, and the deployment spread like wild?re. This is because NAT has several attractions, as described here. Why NAT Succeeded NAT started as a short-term solution while we were waiting for a new IP to be developed as the longer-term solution. The first set of recognised NAT advantages were stated in RFC 1918: With the described scheme many large enterprises will need only a relatively small block of addresses from the globally unique IP address space. The Internet at large benefits through conservation of globally unique address space which will effectively lengthen the lifetime of the IP address space. The enterprises benefit from the increased flexibility provided by a relatively large private address space. Today, NAT is believed to offer advantages well beyond that modest claim. Essentially, the mapping table of a NAT provides one level of indirection between hosts behind the NAT and the global Internet. As the popular saying goes, “Any problem in computer science can be solved with another layer of indirection.” This one level of indirection enables the following features associated with NAT:

• NAT can unilaterally be deployed by any end site, without any coordination from anybody else.
• One can use a large block of private IP addresses-up to 16 million-without asking for permission, and one can connect to the rest of the Internet by using only asingle allocated IP address. In fact, for most user sites, it is difficult to get an IP address block that is much bigger beyond their immediate need.
• This one level of indirection means that one never needs to worry about renumbering the internal network when changing providers-other than renumbering the NAT box.
• Similarly, a NAT box also makes multihoming easy. One NAT box can be connected to multiple providers and use one IP address from each provider. Not only does the NAT box shelter the connectivity to multiple ISPs from all the internal hosts, but also it does not require any of its providers to "punch a hole" in the routing announcement (such as making an ISP deaggregate its address block). Such a hole punch would be needed if the multihomed site takes an IP address block from one of its providers and asks the other providers to announce the prefix.
• This one level of indirection is also perceived as one level of protection, because external hosts cannot directly initiate communication with hosts behind a NAT, nor can they easily ?gure out the internal topology.

Last, but not least, another important reason for NAT’s quick adoption is that its gains were realised on day one, while its potential drawbacks showed up only slowly and lately. The other side of the NAT NAT disallows the hosts behind a NAT from being reachable by external hosts and hence disables them from being a server. However, in the early days of NAT deployment, many people believed they would have no need to run servers behind a NAT. Thus this architectural constraint was viewed as a security feature and believed to have little impact on users or network usage otherwise. For example, RFC 1335 gave four reasons for the use of private addresses:

1. In most networks, the majority of the trafic is confined to its local area networks. This is due the nature of networking applications and the bandwidth constraints on internetwork links.
2. The number of machines that act as Internet servers, i.e., running programs waiting to be called by machines in other networks, is often limited and certainly much smaller than the total number of machines.
3. There are an increasingly large number of personal machines entering the Internet. The use of these machines is primarily limited to their local environment. They may also be used as “clients” such as ftp and telnet to access other machines.
4. For security reasons, many large organisations, such as banks, government departments, military institutions and some companies, may only allow a very limited number of their machines to have access to the global Internet. The majority of their machines are purely for internal use.

As time goes on, however, the above reasoning has largely been proved wrong. Today, network bandwidth is no longer a fundamental constraint. In the past few years, VoIP (voice over IP) has become a popular application. VoIP changed the communication paradigm from client-server to a peer-to-peer model, meaning that any host may call any other host. Given that more than half of the Internet hosts are behind NAT, a number of NAT traversal solutions need to be developed in order to support VoIP. A number of other recent peer-to-peer applications, such as BitTorrent, have also become popular recently, and each has to develop its own NAT traversal solution. In addition to the change of application patterns, a few other problems also arise due to NAT’s use of private IP addresses. For instance, a number of business acquisitions and mergers have run into situations where two networks behind NAT needed to be interconnected, but, unfortunately, they were running on the same private address block, resulting in address conflicts. Another problem emerged more recently. The largest allocated private address block is 10.0.0.0/8, commonly referred to as “net 10.” The business growth of some provider and enterprise networks is leading to, or has already resulted in, the net 10 address exhaustion. An open question facing these networks is what to do next. One provider network migrated to IPv6; a number of others simply decided on their own to use another unallocated IP address block. It is also a common misperception that a NAT box makes an effective firewall. This may be due partly to the fact that in places where NAT is deployed, firewall function is often implemented in the NAT box. A NAT box alone, however, does not make an effective firewall. Numerous home computers behind NAT boxes have been compromised and have been used as launchpads for spam or DDoS attacks. Firewalls set up control policies on both incoming and outgoing packets to minimise the chances of internal computers’ getting compromised or being abused. Making a firewall serving as a NAT box does not make it more effective in fencing off bad packets; good control polices do. Why the IETF Missed the Opportunity to Standardise NAT During the decade following NAT’s deployment, a big debate arose in the IETF community about whether NAT should, or should not, be deployed. Due to its use of private addresses, NAT moved away from the IP’s basic model of providing end-to-end reachability between any hosts, thus representing a fundamental departure from the original Internet architecture. This debate went on for years. As late as April 2000, a message posted to an IETF mailing list stated that NATs are “architecturally unsound” and that the IETF and the IESG “should in no way endorse their use or development.” Whoever posted that message was certainly not alone in holding that position. These days most people would accept the position that the IETF made a mistake not to standardise NAT early on. How did we miss the opportunity? A simple answer could be that the crystal ball was cloudy. I believe that a little digging would reveal a better understanding of the factors that clouded our eyes at the time. From my personal viewpoint, the following factors played a major role. First, I believe the feasibility of designing and deploying a brandnew IP was misjudged, as were the time and effort needed for such an undertaking. Those who were opposed to standardising NAT had hoped to get a new IP developed in time to meet the needs of a growing Internet. However, the miscalculation was off by perhaps an order of magnitude. While the development of a new IP was taking its time, Internet growth did not wait. NAT is simply an inevitable consequence, which the IETF community failed to see clearly at the time. Another closely related factor was an inadequate understanding on how to make engineering trade-offs. Architectural principles should be treated as guidelines for problem solving; they help guide us toward developing better overall solutions. However, when the end-to-end reachability model was interpreted as an absolute rule, it ruled out NAT as a feasible means to meet the demand for IP addresses at the time. Furthermore, viewing the architectural model in an absolute way contributed to the one-sided view of NAT’s drawbacks-hence the lack of a full appreciation about NAT’s advantages as covered earlier, let alone any effort to develop a NAT solution that can minimise NAT’s impact on end-to-end reachability. The misjudgment on NAT cost us dearly. While the big debate went on, NAT deployment was rolled out, and the absence of a standard led to a number of different behaviors among various NAT products. A number of new Internet protocols were also developed or finalised during this time-such as IPSec, SAP, and SIP, to name a few. All of their designs were based on the original model of IP architecture, wherein IP addresses are assumed to be globally unique and reachable. When those protocols became ready for deployment, they faced a world that was mismatched with their design. Not only did they have to solve the NAT traversal problem, but also the solution had to deal with a variety of NAT box behaviors. Although NAT has been accepted as a reality today, not all of the confusions around NAT deployment have been clarified. One example is the recent debate over Class-E address block usage. Class-E refers to the IP address block 240.0.0.0/4 that has been on reserve until now. As such, many existing router and host implementations block the use of Class-E addresses. Putting aside the issue of required router and host changes to facilitate Class-E usage, the fundamental debate is whether the address block should go to the public address allocation pool or to the collection of private address allocations. The latter would give those networks that face net-10 exhaustion a much bigger private address block to use. However, this gain is also one of the main arguments against it, which is raised in an effort to press those networks to migrate to IPv6 instead of staying with NAT. Such a desire sounds familiar, because similar arguments had been used against NAT standardisation in the past. If the past is any indication of the future, we should know that pressures do not dictate protocol deployment; rather, economical feasibility does. This argument does not imply that migrating to IPv6 has no economical feasibility. On the contrary, I believe it does. New efforts are needed both in protocol developments (in order to make it a reality) and in documentations (to show clearly the short- and long-term gains from moving to IPv6). What Can and Should Be Done Now? The long-ago predicted IPv4 address space exhaustion is finally upon us today, yet the IPv6 deployment is barely visible on the horizon. What can and should the IETF do to enable the Internet to grow along the best path into future? I hope the review of NAT history helps shed some light on the answer. First, we should recognise not only that IPv4 NAT is widely deployed today but also that some forms of network address translation boxes will be likely with us forever. We should have a full appraisal on the pros and cons of such boxes; the discussion earlier on IPv4 NAT merely serves as a starting point.

Historical status means that a protocol is considered obsolete and thus removed from the Internet standard protocol set.

We should not view all network address translation approaches as a “bad thing” that must be avoided at all cost. Several years ago, an IPv4 to IPv6 transition scheme called Network Address Translation-Protocol Translation (NAT-PT, RFC2766) was developed but later classified to historical status-due mainly to concerns that (1) it works much in the same way as an IPv4 NAT does and (2) it doesn’t handle all of the transition cases. However, in view of IPv4 NAT history, it seems worthwhile to revisit that decision. IPv4, as well as IPv4 NAT, will be with us for years to come. NAT-PT seems to offer a unique value in bridging IPv4-only hosts and applications with IPv6-enabled hosts and networks. There have also been discussions on the desire to perform address translations between IPv6 networks, which deserve further attention. The Internet would be better off with well-engineered standards and operational guidelines for bridging the IPv4 and IPv6 worlds and for traversing IPv4 and IPv6 NATs that aim at maximising interoperability rather than repeating IPv4 mistakes. Accepting the existence of NAT in today’s architecture does not mean we simply take the existing NAT traversal solutions as given. Instead, we should fully explore the NAT traversal design space to steer the solution development toward adherence to the Internet architecture model. A new effort in this direction is the NAT Traversal through Tunneling (NATTT) project.

Read also on the NATTT Web site

Contrary to most existing NAT traversal solutions, which are server based and protocol specific, NATTT aims to provide generic, incrementally deployable NAT traversal support for all applications and transport protocols. Last, but not least, I believe it is important to understand that successful network architectures can and should change over time. All new systems start small. Once successful, they grow larger. The growth will bring the system to an entirely new environment that the original designers may not have envisioned, together with a new set of requirements that must be met. In order to properly adjust a successful architecture, we must have a full understanding of such an architecture’s key building blocks as well as the potential impacts of any changes to them. I believe the IP address is this kind of key building block that touches-directly or indirectly-all other major components in the Internet architecture. The impact of IPv4 NAT, which changed IP address semantics, provides ample evidence. During IPv6 development, much of the effort also involved a change in IP address semantics, such as the introduction of new concepts like that of the link-local address and the site-local address. The site-local address was later abolished and partially replaced by Unique Local IPv6 Unicast Addresses (ULA), another new type of IP address. The debate over the exact meaning of ULA is still going on. The original IP design clearly defined an IP address as being globally unique and globally reachable and identified an attachment point to the Internet. As the Internet architecture evolves, proposals to change the original IP address de?nition continue to arise. What should be the de?nition, or de?nitions, of an IP address today? I believe an overall examination of IP address’s role in today’s changing architecture deserves special attention at this critical time in the Internet’s growth. Acknowledgment I sincerely thank Mirjam Kühne for her encouragement and patience in helping put this article together. I also thank Wendy Rickard for her hard work in making the article more readable.]]> 1024 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/update-on-routing-and-addressing-at-ietf-69/ Sun, 07 Oct 2007 16:32:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1026 ⁽¹⁾, held in October 2006 in Amsterdam, rekindled interest in scalable routing and addressing architectures for the Internet. Among the many issues driving current interest are concerns about the scalability of the routing system and the imminent depletion of the IPv4 address space. This article is a summary of the Routing Research Group (RRG) meeting at IETF 69 in Chicago, where discussions took place about the proposals designed to address the problems and issues that were identified in Amsterdam. Since the Amsterdam workshop, several proposals have emerged that attempt to address concerns expressed both there and elsewhere⁽²⁾. In general, those proposals are based on the so-called ID/Locator separation⁽³⁾, which makes the assumption that separating the endpoint identification and routing locator functions of the IP address will lead to advantages for aggregatability (our only real tool to make the core routing system scale), mobility, and security. Among the proposals presented at the RRG meeting at IETF 69 were eFIT⁽⁴⁾, LISP⁽⁵⁾, and Six/One⁽⁶⁾ (an interesting hybrid incorporating elements of shim67 and 8+8/GSE).⁽⁸⁾ Note that these proposals seek a degree of incremental deployability, and in general they assume that the core routing system will not change. In addition, several of the proposals also require a system to map from “ID” to “Locator.” (Proposals presented in the mapping space included APT⁽⁹⁾, LISP-CONS⁽¹⁰⁾, and NERD).⁽¹¹⁾ Most of the existing routing and addressing proposals leverage the one or more levels of indirection inherent in the ID/Locator separation idea to create one or more new namespaces. In most cases, two namespaces are utilised. One namespace-the End-point Identifiers (or EIDs)-is used to address hosts. The other space, known as Routing Locators (or RLOCs), is used for packet routing across a transit domain. The goal of this indirection is to allow efficient aggregation in the RLOC space (which can be thought of as the current Default Free Zone, or DFZ) in order to provide persistent identity in the EID domain and, in some cases, to provide for secure and efficient mobility. The RRG meeting in Chicago focused on the current set of proposals in this space, which fall into two broad categories: (1) map-and-encap and (2) address rewriting. The approaches differ depending on whether the translation occurs through address rewriting or tunneling and, in one case (Six/One), depending on where the indirection is implemented. The proposals are outlined as follows. Proposals Map-n-encap The general idea behind so-called map-and-encap (written map-n-en-cap) schemes, as originally described by Bob Hinden and Steve Deering, is that there are two address spaces: one used within a domain (the EID space) and one used to transit between domains (the RLOC space). The hope is that since the RLOC space is, in theory, decoupled from nontopologically assigned EID space, map-n-encap schemes will provide for efficient aggregation of the RLOC space-that is, the global routing state. In the map-n-encap scheme, when a packet is generated, both its source and its destination “addresses” are taken from the site’s EID space. When a packet is addressed to a destination in another domain, it traverses the domain’s infrastructure to a border router (or other border element). The border router maps the destination of the EID to an RLOC, which corresponds to an entry point in the destination’s domain (hence the need for an EID-to-RLOC mapping system; mapping proposals are discussed later). This is the “map” phase of map-n-encap. The border router then encapsulates the packet and sets the destination address to the RLOC returned by the mapping infrastructure (if any; it may be statically configured as well). This is the “encap” phase of the map-n-encap model. Note that since map-n-encap works by appending a new header on an existing IP packet, it can work with both IPv4 and IPv6. While the destination EID is mapped to an RLOC in all of the proposals discussed here, the source EID in the packet may be treated differently within each proposal; specifically, it may or may not be mapped to an RLOC in the encapsulated packet. When the packet arrives at the destination border router, it is decapsulated and sent on to its destination. Note that this suggests that EIDs may need to be routable in some scope-most likely scoped to the local domain. Two map-n-encap proposals were discussed at the RRG meeting: Enable Future Internet Innovation through Transit Wire, or eFIT(12), and the Locator/ID Separation Protocol, or LISP⁽¹³⁾. The idea behind eFIT is that user networks and transit networks are separated in terms of both addressing and routing. User networks use EIDs, and transit networks use RLOCs. In eFIT, user and transit network routing domains are also separated. One of the interesting features of this proposal is that provider routing does not interact with routing in the user domains, which is different from the Border Gateway Protocol (BGP), wherein user networks “peer” with provider networks using the same routing protocol and address space. In particular, there is no routing protocol operating across the links between the user networks and the transit core. In contrast, LISP does not propose any classification of address spaces beyond the EID and RLOC spaces. (More specifically, it has no concept of user or transit network spaces.) Rather, in the LISP formulation, a site is assigned an EID prefix from which it addresses its hosts. When a host wants to send a packet to a remote domain, both the source and the destination in the packet contain an EID. At the domain boundary, routers do the same map-n-encap operation as described earlier. Another major difference between LISP and eFIT is that LISP assumes there will be no changes to the core routing infrastructure. That is, LISP is transparent to the BGP infrastructure, whereas eFIT introduces boundaries between the user and the transit core networks that are not present in the current interdomain (BGP) routing architecture. In particular, eFIT specifies that “There is no routing protocol operating across the links between the user networks and the transit core,” which represents a change from the current architecture. It is worth noting that map-n-en-cap schemes have the benefit of not requiring host changes or changes to the core routing infrastructure. However, there is some difference in opinion over whether the encapsulation overhead of map-n-encap schemes is problematic or not. Address Rewriting The idea behind the address rewriting schemes-which were proposed originally by Dave Clark and later by Mike O’Dell⁽¹⁴⁾-is to take advantage of the 128-bit IPv6 address and use the top 64 bits as the routing locator (otherwise known as routing goop, or RG) and the lower 64 bits as the endpoint identifier. In this scheme, when a host emits a packet destined for another domain, the source address contains its identifier (frequently an IEEE MAC address) in the lower 64 bits and a special value (a unique “unspecified” value) in the RG. The destination address contains the fully specified destination address. (It has been proposed that the Domain Name System [DNS] would be used to find the destination address, but then how does one find the address of the DNS servers?) When a packet destined for a remote domain arrives at the local domain’s egress router, the source RG is filled in (forming a full 128-bit address) and the packet is routed to the remote domain. On ingress to the remote domain, the destination RG is rewritten with the unspecified value. This ensures that the host doesn’t know what its network prefix is and, as such, enables the renumbering that would be required to maintain the congruence between prefix assignment and physical network topology that is required for the kind of “aggressive envisioned” in the 8+8/GSE specification. Six/One was the address rewriting approach presented at the RRG meeting. Six/One is interesting because it borrows ideas from both shim6 and 8+8/GSE. In particular, Six/One borrows the shim6 concept that multihomed edge networks use provider-assigned addressing space from each of their providers and that hosts can use addresses from all of their providers interchangeably without breaking active transport sessions. Six/One borrows the 8+8/GSE idea of rewriting the high-order bits while packets are in fiight. It also introduces the concept of edge networks. An edge network can independently route packets between two attached hosts, and predictably, edge networks connect to transit networks for global connectivity. In Six/One, a host’s addresses differ only in their high-order bits (in much the same way as they do in 8+8/GSE). However, in a Six/One, an edge network (or other service provider) may change the address in a packet depending on the provider to which the packet is being routed. As a result, the destination address a host puts into a packet serves as a suggestion to the edge network about which provider the host’s packets should be routed to. The edge network may choose to either follow that suggestion or rewrite the high-order bits of the address in accordance with a provider of its own choice. Note that this is different than in shim6, where the host selects the transit network; in Six/One, edge networks retain the ability to select a particular provider via rewriting. Hosts adapt to address rewrites in that they modify subsequent packets accordingly before injecting them into the network. Unlike 8+8/GSE, Six/One also adds to packets certain information that enables the receiving hosts to reverse address rewrites. What’s new about Six/One is that regardless of address changes, an edge network can also use the added information to identify a remote host. The main difference between Six/One and 8+8/GSE, then, is that hosts are aware of their full addresses (including the RG) and can suggest a network provider to their local domain (in the much same way that is enabled by the shim6 protocol). One of the many interesting aspects of the Six/One proposal is that it combines the host-based locator selection feature of shim6 with a modified version of the address-rewriting approach of 8+8/GSE. Finally, note that unlike the map-n-encap solutions described earlier, a Six/One host looks up the entire 128-bit address of the destination host in the DNS (which may return multiple AAAA records for the destination). Therefore, like shim6, no additional mapping system is needed. Mapping Systems Since both map-n-encap and rewriting schemes rely on the addition of a level of indirection to the addressing architecture, it is necessary to map from the locally used address (EID) to the routing locator (RLOC). In the case of the map-n-encap schemes, it is a direct translation: an EID gets mapped to an RLOC. The situation is subtly different for the rewriting schemes: in general, such schemes must look up the entire destination address (which usually resides in the DNS) but it also must somehow find the source RG when rewriting the source address at a domain border. Six/One is a hybrid, since in that model the hosts know their entire address (including the RG), which can be looked up in the DNS, a property that is shared by shim6. In the case of map-n-encap schemes, an EID-to-RLOC mapping service is required to make the service scale reasonably. (Could the same database be used to lookup RGs in the 8+8/GSE case?) There are three important parameters to consider in the creation of the architecture for a mapping service: the rate of updates to the database, the state required to be held by the mapping service, and the latency incurred during lookup. That is, a mapping system must minimise rate x state while still optimising lookup latency. Because most estimates put the size of the mapping database at O(10 10), the implication is that the update rate must be small. (Note that this is a primary reason that current mapping proposals do not incorporate reachability information into the mapping database.) In addition, the choice of push versus pull also has an effect on latency: if you push the entire database close to the edge, you improve lookup latency at the cost of increased state, and if you build a service that requires a mapping request in order to find an authoritative server for that mapping (in other words, pull), you reduce state in the core but you also increase latency. This suggests that a hybrid push/pull architecture might be the most effective. Regardless, architects need to take care not to import the dynamics (and hence the concomitant problems) of the routing system into the mapping database. If that were to happen, we wouldn’t have solved the problem; we would have only moved it. Three mapping services were discussed at the RRG meeting: APT (A Practical Transit Mapping Service)15, NERD (a Not-so-Novel EID to RLOC Database)16, and LISP-CONS (a Content Distribution Overlay Network Service for LISP)17. The proposals can be broadly classified as either push or pull (though LISP-CONS might be considered a hybrid protocol) based on how they distribute the database. Both APT and NERD are push protocols; that is, they push the mapping database to the edges for distribution. APT and NERD differ primarily (1) in how far toward the edge network the database is propagated (for example, APT has the concept of a default mapper so that some nodes can carry less than the complete database, whereas in NERD all nodes hold the complete database; in APT, the default mapper also winds up in the data path whenever it is used); (2) in database format (the APT database format isn’t specified, and NERD uses XML); and (3) in how the database is distributed and maintained (APT uses BGP, and NERD uses HTTP). On the other hand, LISP-CONS is primarily a pull protocol. That is, mappings must be pulled (via a query mechanism) from the authoritative severs. The actual EID-to-RLOC mappings reside in authoritative Content Access Resources (CARs), and mapping queries and replies traverse a hierarchical overlay from requester to the authoritative CAR (and back). Conclusions Over the past 15 years, two major architectural approaches to the IP/Locator split have emerged: map-n-en-cap and address rewriting. Proposals regarding both of those approaches were presented at the IETF 69 RRG meeting. While much progress has been made since the IAB Routing and Addressing workshop in October 2006 in Amsterdam, significant unresolved issues remain within all of the proposals, including the question of whether the ID/Locator separation solution is actually the best approach to a scalable Internet routing architecture. Other questions remain, such as whether map-n-encap schemes are superior to rewriting schemes such as 8+8/GSE. And what about host-based schemes, such as Six/One? How do these schemes interact with other protocols being developed in this space, such as shim6 or HIP18). Finally, since in most cases these schemes require another name resolution (ID to Locator lookup), there are questions about how best to build such a resolution system and whether such a system can be built in a scalable way that also is secure and minimises latency. Concerns about the scalability of the routing system, the effect of IPv6 on that scalability, and the rapid depletion of the IPv4 “free address pool” have fueled a growing interest in this area as well as in the broader topic of scalable routing and addressing architectures for the Internet. More work needs to be done in the areas of security and mobility. And a deeper understanding of cost/benefit relationships-as in, Who bears the cost and who stands to benefit?-would prove useful. More generally, even transition mechanisms are not well understood. It all adds up to a very interesting set of RRG meetings for IETF 70. References:

1. D. Meyer et al., “Report from the IAB Workshop on Routing and Addressing,” RFC (Request for Proposal) 4984.
2. T. Narten et al., “Routing and Addressing Problem Statement,” draft-narten-radir-problem-statement-00.txt.
3. N. Chiappa, “Endpoints and Endpoint Names: A Proposed Enhancement to the Internet Architecture,” http://ana.lcs.mit.edu/~jnc//tech/endpoints.txt
4. D. Massey, L. Wang, B. Zhang, and L. Zhang, “A Proposal for Scalable Internet Routing and Addressing,” draft-wang-ietf-efit-01.txt
5. D. Farinacci et al., “Locator/ID Separation Protocol (LISP),” draft-farinacci-lisp-03.txt
6. C. Vogt, “Six/One: A Solution for Routing and Addressing in PIPv6,” draft-vogt-rrg-six-one-00.txt
7. E. Nordmark, “Shim6: Level 3 Multihoming Shim Protocol for IPv6,” draft-ietf-shim6-proto-08.txt
8. M. O’Dell, “GSE-an Alternate Addressing Architecture for IPv6,"http://www.watersprings.org/pub/id/draft-ietf-ipngwg-gseaddr-00.txt
9. D. Jen et al., “APT: A Practical Transit Mapping Service,” draft-jen-apt-00.txt
10. D. Meyer et al., “LISP-CONS: A Content Distribution Overlay Network Service for LISP,” draft-meyer-lisp-cons-02.txt
11. D. Massey, L. Wang, B. Zhang, and L. Zhang, “A Proposal for Scalable Internet Routing and Addressing,” draft-wang-ietf-efit-00.txt.
12. Ibid
13. Farinacci, op. cit.
14. O’Dell, op. cit

 ]]> 1026 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-chicago-arranges-for-experts-panel-at-ietf-69/ Sun, 07 Oct 2007 16:34:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1028 Together with chapter members, ISOC Chicago chapter panellists gathered at IETF 69 with ISOC president Lynn St. Amour (seated, fourth from left). Pictured (seated) are moderator Bill Slater (third from left) and panellists Olaf Kolkman (fifth from left) and Brian Carpenter (far right). Also pictured (standing, second row) are panellists Lixia Zhang (fourth from left), and Danny Pherson (far right). Not pictured, Dave Oran.

What do you see as current threats to the Internet, and how are they being addressed within the IETF? Danny: Unwanted Traffic and Security crosses all areas of the IETF. There is a lot of work going on in many IETF working groups on this topic, from infrastructure security for DNS and routing systems to application layer security. We’ve got a great deal of work to do and there’s no ‘silver bullet.’ It’s all about layered security and incremental advances. Dave: Making protocols less susceptible to threats is also important. Very often, adding features that are intended to prevent threats can be counterproductive. Some of those mechanisms overreact, such as by not allowing any traffic to pass through. Therefore, we need to be sufficiently aware of the work going on in other areas in the IETF. Olaf: There are a number of areas where problems arise because of the content of the data being transmitted and the IETF is not able to prevent that bad content from occurring in the payload of the protocols, as happens with viruses, botnets, and spam. The IETF develops protocols through which entities communicate regardless of the content of the communication. You can include protection mechanisms when developing the protocol, such as DKIM, but you cannot foresee what might be the actual data that is being transmitted. Brian: This is an important point. For example, when the mail protocol delivers spam, it’s doing exactly what it’s supposed to do-at least from a protocol point of view. How does the work of ICANN affect the IETF and its work? Brian: The IETF does not engage in politics. There’s an MoU [memorandum of understanding] between the IETF and ICANN that draws a precise line: IANA assigns technical parameters according to instructions it gets from the IETF, except for policy questions related to the assignment of TLDs and IP address space-unless those TLDs and IP addresses are used for purely technical purposes. As long as we stay within those boundaries, things are clear for the IETF, so we don’t need to care about what TLD is delegated and why. What are the big challenges for the future of the Internet in both the near term and the long term, and how do you propose to meet those challenges? Lixia: It’s always hard to predict the future, but looking at the past can offer some hints for the future. Back in the early days of networking, there were two difficult problems: congestion and routing. Over the years, we seem to have gotten a good handle on the congestion problem: not only did we develop successful congestion control protocols, but also several technological advances helped out tremendously. Congestion control can prevent congestion collapses, but good performance requires adequate bandwidth, which is met by technology advances. Routing, however, remains a major problem today-not because we’ve made no progress but because the problem has changed: the goal used to be picking the best or shortest path. Nowadays data must follow paths that cost the least money, and complex policies were introduced in the routing. In addition, the global routing table is growing out of control. Late last year we passed the 200,000 threshold. Today we have 240,000 entries, which is faster than linear growth. Aside from the ongoing routing challenge, we also now face the relatively new challenge of network security. This is a much tougher problem than scalability is. However, we shouldn’t be surprised that we have a security problem today. Some research papers say the original design of the Internet did not take security into account, but that assessment is not entirely fair. Initially, the Internet was designed for a specific environment it was supposed to work in. And the original designers of the Internet did a great job, which is the reason the Internet has been able to grow to its current size. We should keep in mind, however, that good design is not the sole enabler: Without the evolution of technology-especially the technology of affordable and ever-faster computers-the Internet would not have been able to grow as big or as quickly as it did. Unfortunately, the adage that “Everything that can be used can also be abused” applies to the Internet. Affordable computers with Internet connectivity have enabled innovation and changed society, but they also have been used for more dubious purposes. Olaf: Indeed, the Internet grew more than anyone expected. As a result, there needs to be serious reimplementation to make scaling properties better so the Internet can scale for the next 15 to 20 years. Such reimplementation not only needs to happen but also needs to be paid. We also want the Internet to be affordable to everyone, which is a challenge. The Internet is an important mechanism to make information accessible to everyone-including people in developing countries-but we shouldn’t forget that solving the scalability issues will create more complexity. In the near term, in addition to the routing problem, we’re still working on IPv4 and with the fact that IPv4 address space is limited and will run out fairly soon. IPv6 has been developed, and we expected that it would get picked up by the industry. Now the deployment to IPv6 is becoming more and more important and some problems associated with that transition are more pressing. Brian: There’s a strong temptation for ISPs to keep their dinosaur business models alive and to protect their walled gardens-that is, closed service with lower quality that cannot fully reach the Internet. WiMAX could become such a limited service, but I’m not sure the IETF can do anything about that except preach. Dave: I agree. This is a substantial danger, and one that could cause serious fragmentation. But I see other challenges as well. The first is that the nature of peer-to-peer traffic today is substantially different from what we’ve seen before. The traffic profile is substantially different, and only now are we starting to understand it both economically and technically. Peer-to-peer traffic has the effect of finding spare bandwidth wherever it can and using it, the result being that an ISP adds capacity, and before it can make any profit from the increased capacity, the bandwidth is already being consumed by peer-to-peer traffic. What is peer-to-peer traffic? It means that people are sharing data, legally or otherwise. From a technical standpoint, they form on a dynamic community that makes available everything they are interested in, and allows the community to get the data in small pieces from each other. The traffic patterns look much more random, and traffic engineering is much more challenging. Another challenge is the evolution of mobile devices. Today a very small fraction of those devices is Internet enabled, but the number is likely to grow dramatically. Yet another challenge is what I refer to as the Internet of things. The number of those devices can be extremely large. Every light-bulb, switch, and so on will have the potential to be Internet enabled. Danny: I believe mobility and scalability are going to put pressure on the Internet. Another challenge is the convergence of various security threats. For example, the perception is that your ISP is sending ‘filthy water’, and you think, All this junk is coming down my pipe, isn’t there anything my ISP can do to filterit out? No, there isn’t anything they can do, or at least doing so is much more complex than most folks realise. Much of the infrastructure does not allow segmentation of traffic or services based on individual users. Then there are consumer privacy rights, providing a subscriber with the ability to clean their system, and regulatory and other service requirements, such as maintaining availability of VoIP-enhanced 911 services. Brian: Botnets are serious threats to the Internet, as described in the Unwanted Traffic Report. We don’t know how to deal with the botnet problem. However, it’s important to point out that it’s not a problem of the network; it’s a problem of the end system. Marcos Sanz (ISOC chapter member): I’ve read the Unwanted Traffic Report and, since then, I’ve had nightmares. Can someone offer some comforting words so I can get back my sleep? Olaf: If after reading the Unwanted Traffic Report you’re having sleepless nights, then the report was a success. People need to be woken up. We also need to reach out to people outside the technical community, and we’re working with ISOC to do just that. Brian: Many enterprises and organisations spend a lot of money to keep unwanted traffic out of their networks. But this is a small price to pay compared with not doing business on the Net at all. Olaf: It’s cynical, but the bad guys are interested in keeping the Net running because they want to use it to do their bad business.Danny: We’ve performed a lot of analysis on those security threats. Network congestion-inducing worms, such as Slammer, are not used so much anymore, mainly because they melted parts of the network when propagating and they were far too visible. Nowadays, threats happen much more quietly; they fly under the radar while compromising and remotely administering systems, rather than appearing as loud infection and propagation vectors. Much of the threat today is economically motivated and, believe it or not, the miscreants often provide service-level availability agreements as well. If the network is not up, they can’t collect their spoils. Olaf: People who engage in this kind of activity are highly skilled. They probably cash big paychecks. How many IPv6 addresses are there, and is there a name for this number? Olaf: 340 undecillion – 3.5. x 1038, or 340 trillion trillion trillion. That’s not the number of addresses that is truly usable. It’s basically chopped into halves: 64 bits identify a station, and 64 bits identify the individual network where the station sits. Still, with many trillions of addresses, we don’t think we’ll run out of addresses very soon.Is the impact of the IPv4-to-IPv6 transition comparable to Y2K-the switch from 1999 to 2000? Are there reasons, from an end-user perspective, that we need to be concerned about the transition? Brian: The transition from IPv4 to IPv6 is different from the Y2K switch, primarily because there is no drop-dead date. Still, in terms of strategic planning, one should start now. In a few years, the Regional Internet Registries will not have IPv4 addresses to hand out. People think there will be a market for IPv4 address space, but at some point it will be cheaper to switch to IPv6. But as I said, this will not happen on a certain date, like in the case of Y2K.There is one way, however, in which it’s the same as Y2K: you have to check to see if the router and the rest of your equipment and software are IPv6 compatible. The devil is in the details. Dave: Actually, the problem is much worse than Y2K. Much of the industry is still only building IPv4. There are 2 million to 4 million Cisco IP phones that have little or no ability to be field upgraded to run IPv6. They don’t even have enough memory to run dual stack. There are millions of devices being built every month by myriad manufacturers that are not IPv6 capable. Danny: One of the big challenges with IPv6 is related to translating between IPv6 and IPv4. Strict use of transition is the wrong term. There will be IPv6, and we need to provide for solutions that ease deployment burdens, such as enhanced NAT-PT, but IPv4 will still be around for a very long time. Brian: The good news is that people are starting to understand that something has to be done. Olaf: But people really need to start looking at their networks to see what needs to be done in order to move over to IPv6.^It’s possible that by 2016, Moore’s law will become void due to the limitations of physics and the current manufacturing technologies-such as photolithography. It is projected that the impact of this on the computing world will be a requirement to write better and more-optimised software, because we could be stuck with the latest, fastest processor for several years. Does the IETF foresee any such potentially disruptive events in the world of the Internet in the coming years? Brian: we’re going to be moving toward more parallel processing as well as other mechanisms. We also have to work on power issues. Otherwise, the computer will simply be melting. Dave: This will hit the router community long before 2016. A lot of parallelism will have to be developed, such as channelised inverse multiplexing.WiFi and WiMAX are everywhere. The average person might think this is magic. Are there other technologies on the horizon? Is there a model to make this kind of thing profitable? Danny: If it’s not a strict-access, services-based subscription model and the question is, Who is subsidising WiFi and WiMAX? the answer is likely “the advertisers,” or at least the folks who find advertising revenue. The providers will give you access, but it’s demographic-based advertising that’s paying for it. There are economic motivators here as well, I assure you. Olaf: This kind of advertising-sponsored access is a typical use case for the World Wide Web and not for applications that run over IP. Lixia: The value of the Internet is in its applications. If we step up a level and look at a bigger picture, we may see a different view regarding whether [offering ubiquitous wireless access] is something to be subsidised or something that will return value in another way. In the early days, people kept looking for ‘killer applications’ but the reality has taught us better: No one can predict what the next killer applications will be. The only thing we know for sure is that they will come. Look at MySpace, YouTube, and Facebook. Those killer apps keep popping up out of nowhere. Their inventors were nobodies. Look at Wikipedia, which serves as a showcase of what the online community as a whole can accomplish. You give connectivity to people, and you open the door to infinite innovations in great applications.]]> 1028 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report-6/ Sun, 07 Oct 2007 16:35:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1030 Below are summaries of several updates on the Internet Research Groups (RGs), as reported during the Technical Plenary at IETF 69. Currently, 14 research groups are working on topics related to Internet protocols, applications, architecture, and technology. Some groups have significant ties to IETF work; others, not so much. Most groups are open, and all maintain open mailing lists. There is room for overlap in scope, and the management style within each is diverse. A recently published document describes the IRTF RFC review and publication process (draft-irtf-rfcs-01). One new IRTF RFC has been published since IETF 68: RFC 4838, Delay-Tolerant Networking Architecture. At IETF 69 in Chicago, seven of the 14 RGs met. Below is a summary of some recent events as well as developments reported by some of the RGs during the IETF 69 technical plenary. Anti-Spam RG (asrg) The RG is currently working on DNS Black Lists. There is some progress toward publishing the DNS Black List definitions draft. A DNS Black List Guidelines draft may follow. The AS RG is also seeking interest in the taxonomy of anti-spam strategies. Crypto Forum Research Group (cfrg) This RG published a new message authentication code called VMAC: Message Authentication Code Using Universal Hashing. On the mailing list are discussions on a variety of technical issues (AES-based KDFs, AEAD, SIV draft). Delay-Tolerant Networking Research Group (dtnrg) The DTN Architecture document has been published as RFC 4838. In addition, there are 17 drafts in the queue, with four nearing RFC readiness. At an interim meeting that took place in Dublin in May, much of the discussion was related to security. The RG also met during IETF 69, where the discussion focused mostly on reliability and neighbour discovery. The next in-person meeting is planned for IETF 71 in March 2008 in Philadelphia. End-Middle-End Research Group (eme) The EME RG held a joint meeting with HIP RG at IETF 69, resulting in a number of suggestions for joint activities. EME can complement the HIP RG work on providing name space as well as the development of a mechanism for relaying policy requests. It could also help HIP with Network Address Translation traversal research. There is a potential for future collaboration with HIP to conduct some larger-scale experiments. Host Identity Protocol Research Group (hip) A joint meeting with the EME RG was held to explore possible architectural synergy. The purpose of the joint meeting was to explore the relationship between HIP and EME architectures, because there has been interest within the HIP community with middlebox-oriented architectures and because some in the HIP community believe that namespaces such as the EME namespace will need to be built on top of the cryptographic host names. In addition to this joint discussion, three new proposals were presented at that meeting: two related to HIP as part of the P2PSIP architecture, and one related to the applicability of the shim6 REAP protocol to HIP. The next planned meeting of the RG is at IETF 70 in Vancouver, Canada. Internet Congestion Control Research Group (iccrg) After an interim meeting earlier this year and lively discussions on the mailing list, the ICC RG decided to meet during IETF 69. Currently, the RG is working mainly on two documents:

• One is a survey of current congestion control RFCs with the intention to provide congestion control designers with a guide to related work.
• The other is a survey of open congestion control research issues.

In addition, the RG is starting to look at congestion control proposals for the IETF Transport area. The next in-person meeting is planned in conjunction with PFLDnet 2008. Internet Measurement Research Group (imrg) Date and location for the workshop called Application Classification and Identification (WACI) has been set for 3 October 2007 at BBN Technologies in Cambridge, Massachusetts. IP Mobility Optimisation Research Group (mobopts) The document titled Unified L2 Abstractions for Fast Handovers has completed Internet Research Steering Group (IRSG) review. The RG met at IETF 69 and is now working on location privacy and mobility and on multicast mobility. Network Management Research Group (nmrg) At IETF 68, the group discussed adaptive monitoring work that permits trade-offs between overhead and accuracy. In the meantime, some work has been done on management trace analysis. Apart from that, the RG was pretty quiet since IETF 68 in Prague, and it is now considering future workshops and meetings. Peer-to-Peer Research Group (p2prg) The P2P RG is looking for both new chairs and new work items that will then be fed into the charter of the RG. Routing Research Group (rrg) This RG has been active recently, particularly on the ram@irtf.org mailing list but also as part of a full-day meeting during IETF 69. A number of proposals have been submitted with the aim of bringing some of the design goals into alignment. Please see a more detailed description of the current work of the RRG on page 21. Scalable, Adaptive Multicast Research Group (samrg) The SAM RG met during IETF 69 and discussed the current active drafts:

• SAM framework
• Application-Layer Multicast (ALM) Router on PlanetLab

The next meeting is planned for IETF 71. Transport Modelling Research Group (tmrg) The document titled Evaluation Metrics for Congestion Control is now in IRSG review. A new document, titled An NS2 TCP Evaluation Tool Suite, along with a Web page with simulation scripts, is currently under discussion.For more information about the Internet Research Task Force, see www.irtf.org/.]]> 1030 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/not-being-there/ Mon, 07 May 2007 16:52:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1057 proceedings of this meeting I found this:

Packet Audio Experiment Thanks to the organizing efforts of Steve Casner (ISI) and Steve Deering (Xerox), and the behind-the-scenes efforts of Van Jacobson and others, we had a very exciting demonstration of the DARPA packet audio experiment in San Diego. These stalwart experimentors set up IP multicast tunnels through the NSFnet backbone, and broadcast the Plenary proceedings of the IETF to multiple sites across the Internet. Sweden, UK, and Australia all took part in this exercise.We even had a brief 2-way communication, in which several remote listeners spoke to the assembled Plenary. The quality was not perfect. Some sites had much better reception than others. For some sites, the broadcast was apparently unintelligible at times. Still, for all its imperfections, this demonstration was an impressive promise of services to come. Some of us speculated that this new technology might play an important role in helping to deal with our future growth. For example, if the Proceedings of the Plenary (and perhaps even certain Working Groups) could be made available as a reliable Internet service, especially if it provided a robust 2-way interaction, it might give prospective attendees an alternative way to participate, rather than flying to attend the meeting in person. The “Information Age” could truly be at hand! One of the traditional strengths of the Internet community is that we use the technology we are developing to assist that very development. This exciting packet audio demonstration offers the promise of adding to that tradition. We hope to see more packet audio, and perhaps even packet video, experiments at the IETF in the future.

So far, we haven’t reached the level of support that creates an immersive telepresence for remote participants, but we have managed to make some progress with practical measures to support remote participation. Multicast audio feeds, which started in 1992, continued for some years, to be replaced by a two-channel video and audio multicast feed by the late ’90s. Beginning with IETF 63 in 2005, the streaming media moved to an eight-channel audio feed, also moving away from multicast to a unicast audio-streaming service. This means that all IETF working group sessions, BoF sessions, and plenary sessions are now part of the streaming audio service. In recent times, Jabber has started to extend its pervasive reach into IETF meeting rooms, and these days – in addition to using a scribe to take the minutes of each working group session – the working group chairs are asked to find a willing volunteer to act as a jabber scribe, noting the meeting in real time. This was taken one step further in the SIPPING working group at IETF 68, with a stenographer providing a full transcript of the session in the jabber room in real time. Not only does this make the jabber service really useful as both a real-time feed and a meeting record, but also it is invaluable for non-native English speakers, because often, the written transcript provides a means to readily resolve some of the uncertainties that are caused by the variety of accents, acronyms, unfamiliar use of terms, local dialects, and the speed of verbal delivery. And working group chairs have become more aware of the need to publish both session agendas and the presentation packs to be presented in the session well before the scheduled time of the session, thereby giving the remote audience the opportunity to match the audio feed and the jabber log to the material being presented at the face-to-face meeting. If you are familiar with the IETF format and familiar with the accents and colloquialisms of the usual contributors in your favourite working groups, then in terms of your being part of the audience, these tools are good enough to give you an excellent feel for what is happening at the face-to-face meeting. Indeed it probably matches the level of sensory input you have while being in the room with your head down making notes on your laptop. These days the Internet is clearly robust enough to support an excellent quality of audio streaming, and the diligence of working group participants to use the microphones in the room and announce their names before speaking is really helpful for remote listeners. The online presentations allow you to keep track of the progress of the presentation, and the experience is pretty much the equivalent of being there. What is still somewhat frustrating is that the sense of being there is limited to being a member of the audience rather than a participant on the whole. Yes, you can attempt to ask questions into the jabber room, and – depending on the session and the state of the microphone queue in the room – you may be fortunate enough to have your question read out to the microphone and to have an answer provided. Simple questions can be posed-and answered-in this manner, but as an effective form of interaction with a dialogue between the remote participants and those in the room, this is not an ideal solution. And then there’s the other important part of the IETF face-to-face meeting: face-to-face interactions throughout the week. No, it’s just not possible to participate remotely at the Social Event, which, I understand, was an especially notable event in Prague! And corridor conversations and of course the many fine lunches and dinners are not directly accessible either, when you’re sitting over a laptop in the middle of the night. Yes, the work of the IETF is meant to happen on the mailing lists, and physically being there at IETF meetings is not intended to be an essential precondition for effective participation in the IETF. And we do try hard to actually make that the case. But the IETF is as much about “us” as a community of people with a common interest in Internet technology as it is about mailing lists and processes, and while it’s the unique and fascinating technical agenda that draws many of us into the IETF in the first place, it’s actually the rich social fabric and the strong, even tribal, sense of “us" as a community of people with common interests that keep many of us contributing to the IETF for far longer than we may have originally envisaged. And for that, while not being there from time to time is probably unavoidable, it is the being there that makes working in the IETF all the more valuable and enjoyable. Remote Resources for IETF 68

• The Working Group and Plenary session agendas and presentations for IETF 68 can be found athttps://datatracker.ietf.org while the material is being assembled during April 2007, and then the material will be published as proceedings at: www3.ietf.org/proceedings/07mar/.
• The audio streaming for IETF 68 is described at http://videolab.uoregon.edu/events/ietf/ietf68.html, and the recordings for each of the eight channels are archived athttp://limestone.uoregon.edu/ftp/pub/videolab/media/ietf68.
• The logs of the jabber chat rooms are referenced at the IETF text conferencing home page, atwww.ietf.org/meetings/text_conf.html.
• And of course a large set of really useful tools can be found at http://tools.ietf.org.

]]> 1057 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report-7/ Mon, 07 May 2007 16:53:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1060 Below are summaries of several updates on the Internet Research Groups (RGs), as reported during the Technical Plenary at IETF 68. Anti-Spam RG (asrg) The asrg published a couple of drafts and had some energetic discussions about them on the mailing list:

• BCP on DNS-Based Blacklists
• Criteria for Proposed Techniques for the Management of Spam

Delay-Tolerant Networking Research Group (dtnrg) There is a meeting planned in Dublin on 21-22 May 2007 for the purpose of making progress in the areas of routing, key management, and applications. The document titled DTN Architecture is in the RFC Editor queue. Another document, titled DTN Bundle Protocol Spec, has finished Internet Research Steering Group (IRSG) review. In addition, the RG review on LTP, a transport protocol for interplanetary-scale delays, has been finished. End-Middle-End Research Group (eme) The eme RG has circulated the first draft of a requirements document and is planning to meet at IETF 69 in Chicago. End-to-End Research Group (end2end) The End-to-End Research Group met at University College London, on 26-27 February 2007. The agenda included a half day revisiting the topic of congestion control. Again, some of the leadership of the Congestion Control Research Group and other experts on the subject joined and led a discussion on the most challenging problems in this space. The group spent another half day in discussion of future network architecture, including reports on the NSF FIND program and the Eiffel effort in Europe, and held additional discussion on the nature of architecture, the scope of the term network, the question of what it means (or whether one ought) to be doing so-called architecture research, and other related questions. The meeting concluded with several talks on miscellaneous topics, including revisiting an extension to the end-to-end questions. Host Identity Protocol Research Group (hip) The hip RG met in Prague during IETF 68 to discuss such issues as Lightweight HIP and HIP & Mobility. A number of topics-including Application Programming Interface (API), Network Address Translation (NAT), and other application drafts-have been moved to the IETF HIP WG. The stability of HIP implementations is improving. The RG is now concentrating more on experiments. Internet Congestion Control Research Group (iccrg) The iccrg met in Los Angeles on 12-13 February 2007. The RG is working with the IETF Transport Area directors on evaluating and publishing the congestion control proposals. It is also developing a draft providing an overview of existing congestion-control-related RFCs. Many other issues are currently being discussed on the mailing list, such as fairness concepts and corruption loss. A meeting on these topics is planned for IETF 69 in Chicago in June. Internet Measurement Research Group (imrg) The imrg is planning to hold a workshop on 4 October 2007 to discuss classifying traffic by application or application type regardless of whether standard ports, tunnelling, or encryption is employed in an attempt to evade classification. Watch the IMRG and IPPM mailing lists for an announcement. IP Mobility Optimisation Research Group (mobopts) The IRTF RFC 4651 – A Taxonomy and Analysis of Enhancements to Mobile IPv6 Route Optimisation – was published recently. The document, titled Unified L2 Abstractions for Fast Handovers, has completed RG review. The group is now working on location privacy, multicast, and mobility as well as policy implications on mobility. Network Management Research Group (nmrg) The RG organised a workshop in October 2006 to identify network management research challenges for the next five years. See a workshop summary in the plenary report. The group is also finalising a draft on Simple Network Management Protocol (SNMP) trace exchange formats and considerations. During its meeting at IETF 68, the group discussed adaptive monitoring work that permits trade-offs between overhead and accuracy. Peer-to-Peer Research Group (p2prg) A group member has authored a Survey of Research toward Robust Peer-to-Peer Networks. Also, the RG is involved in a very active discussion on a P2P session initiation protocol (SIP). Routing Research Group (rrg) The Routing RG has been rechartered and has two new co-chairs: Lixia Zhang and Tony Li. The RG met during IETF 68 and is now discussing goals and proposals for new routing and addressing architectures. (See also More ROAP) Scalable, Adaptive Multicast Research Group (samrg) The samrg held an interim meeting in January 2007 at the workshop on Peer-to-Peer Multicasting (P2PM 07). There are currently three active drafts: problem statement, requirements, and hybrid framework. The group is also doing some preliminary experimental work on PlanetLab. Transport Modelling Research Group (tmrg) The tmrg submitted a Metrics document to the IRSG to be considered as an Informational RFC. The IRTF as a whole is currently revising the IRTF RFC review and publication process. For more information about the IRTF, please see www.irtf.org.]]> 1060 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-5/ Sat, 27 Oct 2007 15:57:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1463 Fall 2007-IETF 70 2-7 December 2007 Hosts: Microsoft and Cisco Research Location: Vancouver, BC, Canada Spring 2008-IETF 71 9-14 March 2008 Host: Comcast Location: Philadelphia, PA, USA Summer 2008-IETF 72 27 July-1 August, 2008 Host: TBD Location: Europe (Provisional) Fall 2008-IETF 73 November 16-21, 2008 Host: Google Location: Minneapolis, MN, USA]]> 1463 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/update-from-the-nomcom/ Sat, 27 Oct 2007 15:59:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1466 NomCom Members 2007 Derek Atkins Fred Baker, ISOC Liaison Steven Blake Christopher Boulton Ian Chakeres Lakshminath Dondeti, Chair Lars Eggert, IESG Liaison Ole Jacobsen Andrew Lange, Advisor Simon Leinen Danny McPherson, IAB Liaison Attila Takacs Thomas Whalsh Craig White Dan Wing During IETF 69, the NomCom collected feedback on member qualifications. Candidate interviews and community feedback will take place at IETF70 in Vancouver. Number of people eligible to volunteer: ~900+ Number of volunteers: 108 The number of volunteers increased following a decrease in 2005 and 2006. This is a good sign. There is still a limited number of candidates for open positions in the IESG, IAB and IAOC. There could be a number of reasons why this would be, including the time commitment that’s required. There might also be a mismatch of the requirements for the positions (or at least a perceived one). Finally, potential candidates might think that the ‘incumbants are doing a fine job’ and therefore hesitate to volunteer. The NomCom encourages the community to provide feedback to the NomCom at nomcom07@ietf.org on issues such as:

• desirable qualifications for positions
• possible time commitment
• how IESG, IAB and other parts of the IETF are functioning

More input and more candidates would be helpful for the NomCom and for the whole IETF. The following positions are up for considerations for the next term: IAOC Ed Juskevicius IAB Leslie Daigle Elwyn Davies Kevin Fall Olaf Kolkman David Oran Eric Rescorla IESG Jari Arkko (Internet area) Ross Callon (Routing area) Cullen Jennings (Real-time Applications and Infrastructure area) Lisa Dusseault (Applications area) Sam Hartman (Security area) Dan Romascanu (Operations and Management area) Magnus Westerlund (Transport area)]]> 1466 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-7/ Sat, 27 Oct 2007 16:00:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1468 Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file.

Date: 2007-08-02 – Last Call: draft-ietf-sip-ice-option-tag (Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-ice-option-tag (Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-ice-option-tag (Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ice-option-tag-02.txt Date: 2007-08-02 – Last Call: draft-ietf-ccamp-inter-domain-pd-path-comp (A Per-domain path computation method for establishing Inter-domain Traffic Engineering (TE) Label Switched Paths (LSPs)) to Proposed Standar / Call: draft-ietf-ccamp-inter-domain-pd-path-comp (A Per-domain path computation method for establishing Inter-domain Traffic Engineering (TE) Label Switched Paths (LSPs)) to Proposed Standard Title: ast Call: draft-ietf-ccamp-inter-domain-pd-path-comp (A Per-domain path computation method for establishing Inter-domain Traffic Engineering (TE) Label Switched Paths (LSPs)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-inter-domain-pd-path-comp-05.txt Date: 2007-08-02 – Last Call: draft-ietf-sip-ice-option-tag (Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-ice-option-tag (Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-ice-option-tag (Indicating Support for Interactive Connectivity Establishment (ICE) in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ice-option-tag-02.txt Date: 2007-08-02 – Last Call: draft-ietf-ccamp-lsp-stitching (Label Switched Path Stitching with Generalized Multiprotocol Label Switching Traffic Engineering (GMPLS TE)) to Proposed Standar / Call: draft-ietf-ccamp-lsp-stitching (Label Switched Path Stitching with Generalized Multiprotocol Label Switching Traffic Engineering (GMPLS TE)) to Proposed Standard Title: ast Call: draft-ietf-ccamp-lsp-stitching (Label Switched Path Stitching with Generalized Multiprotocol Label Switching Traffic Engineering (GMPLS TE)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-lsp-stitching-06.txt Date: 2007-08-04 – Last Call: draft-ietf-manet-iana (Internet Assigned Numbers Authority (IANA) Allocations for the Mobile Ad hoc Networks (MANET) Working Group) to Proposed Standar / Call: draft-ietf-manet-iana (Internet Assigned Numbers Authority (IANA) Allocations for the Mobile Ad hoc Networks (MANET) Working Group) to Proposed Standard Title: ast Call: draft-ietf-manet-iana (Internet Assigned Numbers Authority (IANA) Allocations for the Mobile Ad hoc Networks (MANET) Working Group) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-manet-iana-05.txt Date: 2007-08-04 – Last Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standar / Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standard Title: ast Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-saintandre-rfc4622bis-01.txt Date: 2007-08-04 – Last Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standar / Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standard Title: ast Call: draft-saintandre-rfc4622bis (Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-saintandre-rfc4622bis-01.txt Date: 2007-08-16 – Last Call: draft-ietf-avt-profile-savpf (Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)) to Proposed Standar / Call: draft-ietf-avt-profile-savpf (Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)) to Proposed Standard Title: ast Call: draft-ietf-avt-profile-savpf (Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-profile-savpf-11.txt Date: 2007-08-16 – Last Call: draft-ietf-avt-profile-savpf (Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)) to Proposed Standar / Call: draft-ietf-avt-profile-savpf (Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)) to Proposed Standard Title: ast Call: draft-ietf-avt-profile-savpf (Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-profile-savpf-11.txt Date: 2007-08-17 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 bootstrapping in split scenario URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-bootstrapping-split-07.txt Date: 2007-08-17 – Last Call: draft-ietf-mip6-cn-ipsec (Using IPsec between Mobile and Correspondent IPv6 Nodes) to Proposed Standar / Call: draft-ietf-mip6-cn-ipsec (Using IPsec between Mobile and Correspondent IPv6 Nodes) to Proposed Standard Title: ast Call: draft-ietf-mip6-cn-ipsec (Using IPsec between Mobile and Correspondent IPv6 Nodes) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-cn-ipsec-05.txt Date: 2007-08-21 – Approved by the IESG as Proposed Standard Title: A Uniform Resource Name (URN) for Emergency and Other Well-Known Services URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-service-urn-07.txt Date: 2007-08-21 – Approved by the IESG as Proposed Standard Title: A Uniform Resource Name (URN) for Emergency and Other Well-Known Services URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-service-urn-07.txt Date: 2007-08-21 – Approved by the IESG as Proposed Standard Title: Registration Event Package Extension for Session Initiation Protocol (SIP) Globally Routable User Agent URIs (GRUUs) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-gruu-reg-event-09.txt Date: 2007-08-21 – Approved by the IESG as Proposed Standard Title: Presence Authorization Rules URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-presence-rules-10.txt Date: 2007-08-21 – Approved by the IESG as Informational RFC Title: The Session Initiation Protocol (SIP) and Spam URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-spam-05.txt Date: 2007-08-21 – Approved by the IESG as Proposed Standard Title: IPv6 Transition in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-v6-transition-07.txt Date: 2007-08-23 – Last Call: draft-ietf-enum-calendar-service (A Telephone Number Mapping (ENUM) Service Registration for Internet Calendaring Services) to Proposed Standar / Call: draft-ietf-enum-calendar-service (A Telephone Number Mapping (ENUM) Service Registration for Internet Calendaring Services) to Proposed Standard Title: ast Call: draft-ietf-enum-calendar-service (A Telephone Number Mapping (ENUM) Service Registration for Internet Calendaring Services) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-calendar-service-03.txt Date: 2007-08-23 – Last Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RF / Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RFC Title: ast Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-weiler-dnssec-dlv-iana-00.txt Date: 2007-08-23 – Last Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RF / Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RFC Title: ast Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-weiler-dnssec-dlv-iana-00.txt Date: 2007-08-23 – Approved by the IESG as Proposed Standard Title: RADIUS Extension for Digest Authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-rfc4590bis-02.txt Date: 2007-08-27 – Approved by the IESG as Proposed Standard Title: IMAP URL Scheme URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-rfc2192bis-09.txt Date: 2007-08-27 – Approved by the IESG as Proposed Standard Title: Ethernet in the First Mile Copper (EFMCu) Interfaces MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-hubmib-efm-cu-mib-08.txt Date: 2007-08-27 – Approved by the IESG as Proposed Standard Title: Label Switched Path Stitching with Generalized Multiprotocol Label Switching Traffic Engineering (GMPLS TE) URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-lsp-stitching-06.txt Date: 2007-08-27 – Approved by the IESG as BCP Title: Email Submission Operations: Access and Accountability Requirements URL: http://www.ietf.org/internet-drafts/draft-hutzler-spamops-08.txt Date: 2007-08-27 – Approved by the IESG as Proposed Standard Title: Multiplexing RTP Data and Control Packets on a Single Port URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-and-rtcp-mux-07.txt Date: 2007-08-29 – Last Call: draft-ietf-mip6-vsm (Mobile IPv6 Vendor Specific Option) to Proposed Standar / Call: draft-ietf-mip6-vsm (Mobile IPv6 Vendor Specific Option) to Proposed Standard Title: ast Call: draft-ietf-mip6-vsm (Mobile IPv6 Vendor Specific Option) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-vsm-01.txt Date: 2007-08-30 – Last Call: draft-ietf-magma-mgmd-mib (Multicast Group Membership Discovery MIB) to Proposed Standar / Call: draft-ietf-magma-mgmd-mib (Multicast Group Membership Discovery MIB) to Proposed Standard Title: ast Call: draft-ietf-magma-mgmd-mib (Multicast Group Membership Discovery MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-magma-mgmd-mib-10.txt Date: 2007-08-30 – Approved by the IESG as Informational RFC Title: Using SRP for TLS Authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-14.txt Date: 2007-09-06 – Last Call: draft-ietf-ipfix-protocol (Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information) to Proposed Standar / Call: draft-ietf-ipfix-protocol (Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information) to Proposed Standard Title: ast Call: draft-ietf-ipfix-protocol (Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-protocol-26.txt Date: 2007-09-06 – Approved by the IESG as Proposed Standard Title: On the Use of Channel Bindings to Secure Channels URL: http://www.ietf.org/internet-drafts/draft-williams-on-channel-binding-04.txt Date: 2007-09-10 – Last Call: draft-ietf-ipcdn-pktc-signaling (Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs)) to Proposed Standar / Call: draft-ietf-ipcdn-pktc-signaling (Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs)) to Proposed Standard Title: ast Call: draft-ietf-ipcdn-pktc-signaling (Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipcdn-pktc-signaling-15.txt Date: 2007-09-10 – Last Call: draft-ietf-ipv6-deprecate-rh0 (Deprecation of Type 0 Routing Headers in IPv6) to Proposed Standar / Call: draft-ietf-ipv6-deprecate-rh0 (Deprecation of Type 0 Routing Headers in IPv6) to Proposed Standard Title: ast Call: draft-ietf-ipv6-deprecate-rh0 (Deprecation of Type 0 Routing Headers in IPv6) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-deprecate-rh0-01.txt Date: 2007-09-10 – Approved by the IESG as Proposed Standard Title: The Archived-At Message Header Field URL: http://www.ietf.org/internet-drafts/draft-duerst-archived-at-09.txt Date: 2007-09-11 – Approved by the IESG as Proposed Standard Title: The syslog Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-23.txt Date: 2007-09-11 – Approved by the IESG as Informational RFC Title: Security Threats and Requirements for Emergency Call Marking and Mapping URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-security-threats-05.txt Date: 2007-09-11 – Last Call: draft-ietf-simple-prescaps-ext (Session Initiation Protocol (SIP) User Agent Capability Extension to Presence Information Data Format (PIDF)) to Proposed Standar / Call: draft-ietf-simple-prescaps-ext (Session Initiation Protocol (SIP) User Agent Capability Extension to Presence Information Data Format (PIDF)) to Proposed Standard Title: ast Call: draft-ietf-simple-prescaps-ext (Session Initiation Protocol (SIP) User Agent Capability Extension to Presence Information Data Format (PIDF)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-prescaps-ext-08.txt Date: 2007-09-11 – Approved by the IESG as Proposed Standard Title: Transport Layer Security (TLS) Session Resumption without Server-Side State URL: http://www.ietf.org/internet-drafts/draft-salowey-tls-rfc4507bis-01.txt Date: 2007-09-11 – Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BC / Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP Title: ast Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are-evil-04.txt Date: 2007-09-11 – Approved by the IESG as Experimental RFC Title: Bundle Protocol Specification URL: http://www.ietf.org/internet-drafts/draft-irtf-dtnrg-bundle-spec-10.txt Date: 2007-09-11 – Last Call: draft-ietf-simple-xml-patch-ops (An Extensible Markup Language (XML) Patch Operations Framework Utilizing XML Path Language (XPath) Selectors) to Proposed Standar / Call: draft-ietf-simple-xml-patch-ops (An Extensible Markup Language (XML) Patch Operations Framework Utilizing XML Path Language (XPath) Selectors) to Proposed Standard Title: ast Call: draft-ietf-simple-xml-patch-ops (An Extensible Markup Language (XML) Patch Operations Framework Utilizing XML Path Language (XPath) Selectors) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-xml-patch-ops-03.txt Date: 2007-09-11 – Approved by the IESG as Informational RFC Title: Multiple Dialog Usages in the Session Initiation Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-dialogusage-06.txt Date: 2007-09-13 – Last Call: draft-mealling-epc-urn (A Uniform Resource Name Namespace For The EPCglobal Electronic Product Code (EPC) and Related Standards) to Informational RF / Call: draft-mealling-epc-urn (A Uniform Resource Name Namespace For The EPCglobal Electronic Product Code (EPC) and Related Standards) to Informational RFC Title: ast Call: draft-mealling-epc-urn (A Uniform Resource Name Namespace For The EPCglobal Electronic Product Code (EPC) and Related Standards) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-mealling-epc-urn-02.txt Date: 2007-09-14 – Approved by the IESG as Informational RFC Title: Infrastructure ENUM Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-infrastructure-enum-reqs-04.txt Date: 2007-09-14 – Approved by the IESG as Informational RFC Title: DNSSEC Lookaside Validation (DLV) URL: http://www.ietf.org/internet-drafts/draft-weiler-dnssec-dlv-04.txt Date: 2007-09-17 – Approved by the IESG as Proposed Standard Title: Bootstrap Router (BSR) Mechanism for PIM URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-sm-bsr-12.txt Date: 2007-09-18 – Approved by the IESG as Proposed Standard Title: IPv6 Router Advertisement Flags Option URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-ra-flags-option-02.txt Date: 2007-09-19 – Approved by the IESG as Proposed Standard Title: Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-fixes-08.txt Date: 2007-09-20 – Last Call: draft-ietf-pana-pana (Protocol for Carrying Authentication for Network Access (PANA)) to Proposed Standar / Call: draft-ietf-pana-pana (Protocol for Carrying Authentication for Network Access (PANA)) to Proposed Standard Title: ast Call: draft-ietf-pana-pana (Protocol for Carrying Authentication for Network Access (PANA)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pana-pana-18.txt Date: 2007-09-24 – Last Call: draft-ietf-ippm-bw-capacity (Defining Network Capacity) to Informational RF / Call: draft-ietf-ippm-bw-capacity (Defining Network Capacity) to Informational RFC Title: ast Call: draft-ietf-ippm-bw-capacity (Defining Network Capacity) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-bw-capacity-05.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: ENUM Validation Information Mapping for the Extensible Provisioning Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-validation-epp-06.txt Date: 2007-09-24 – Re: Informational RFC to be: draft-saleem-msml-05.tx / nformational RFC to be: draft-saleem-msml-05.txt Title: e: Informational RFC to be: draft-saleem-msml-05.txt URL: http://www.ietf.org/internet-drafts/draft-saleem-msml-05.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: ENUM Validation Information Mapping for the Extensible Provisioning Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-validation-epp-06.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-aes-ccm-and-gcm-03.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: IP Multicast MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-ip-mcast-mib-07.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: ENUM Validation Information Mapping for the Extensible Provisioning Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-validation-epp-06.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-aes-ccm-and-gcm-03.txt Date: 2007-09-24 – Approved by the IESG as Proposed Standard Title: IP Multicast MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-ip-mcast-mib-07.txt Date: 2007-09-25 – Last Call: draft-malis-sonet-ces-mpls (SONET/SDH Circuit Emulation Service over MPLS (CEM) Encapsulation) to Histori / Call: draft-malis-sonet-ces-mpls (SONET/SDH Circuit Emulation Service over MPLS (CEM) Encapsulation) to Historic Title: ast Call: draft-malis-sonet-ces-mpls (SONET/SDH Circuit Emulation Service over MPLS (CEM) Encapsulation) to Historic URL: http://www.ietf.org/internet-drafts/draft-malis-sonet-ces-mpls-09.txt Date: 2007-09-25 – Approved by the IESG as Proposed Standard Title: Pseudowire Virtual Circuit Connectivity Verification (VCCV) A Control Channel for Pseudowires URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-vccv-15.txt Date: 2007-09-25 – Third Last Call: draft-housley-tls-authz-extn / Last Call: draft-housley-tls-authz-extns Title: hird Last Call: draft-housley-tls-authz-extns URL: http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-07.txt Date: 2007-09-25 – Approved by the IESG as Proposed Standard Title: Server-based Certificate Validation Protocol (SCVP) URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-33.txt Date: 2007-09-25 – Last Call: draft-lepinski-dh-groups (Additional Diffie-Hellman Groups for use with IETF Standards) to Informational RF / Call: draft-lepinski-dh-groups (Additional Diffie-Hellman Groups for use with IETF Standards) to Informational RFC Title: ast Call: draft-lepinski-dh-groups (Additional Diffie-Hellman Groups for use with IETF Standards) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-lepinski-dh-groups-01.txt Date: 2007-09-27 – Last Call: draft-ietf-behave-nat-icmp (NAT Behavioral Requirements for ICMP protocol) to BC / Call: draft-ietf-behave-nat-icmp (NAT Behavioral Requirements for ICMP protocol) to BCP Title: ast Call: draft-ietf-behave-nat-icmp (NAT Behavioral Requirements for ICMP protocol) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-nat-icmp-05.txt Date: 2007-09-27 – Last Call: draft-ietf-behave-p2p-state (State of Peer-to-Peer(P2P) Communication Across Network Address Translators(NATs)) to Informational RF / Call: draft-ietf-behave-p2p-state (State of Peer-to-Peer(P2P) Communication Across Network Address Translators(NATs)) to Informational RFC Title: ast Call: draft-ietf-behave-p2p-state (State of Peer-to-Peer(P2P) Communication Across Network Address Translators(NATs)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-p2p-state-04.txt Date: 2007-09-28 – Last Call: draft-ietf-sipping-ipv6-torture-tests (Session Initiation Protocol (SIP) Torture Test Messages for Internet Protocol Version 6 (IPv6)) to Informational RF / Call: draft-ietf-sipping-ipv6-torture-tests (Session Initiation Protocol (SIP) Torture Test Messages for Internet Protocol Version 6 (IPv6)) to Informational RFC Title: ast Call: draft-ietf-sipping-ipv6-torture-tests (Session Initiation Protocol (SIP) Torture Test Messages for Internet Protocol Version 6 (IPv6)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-ipv6-torture-tests-03.txt Date: 2007-09-28 – Last Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Placement) to Proposed Standar / Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Placement) to Proposed Standard Title: ast Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Placement) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfsdirect-06.txt Date: 2007-09-28 – Last Call: draft-ietf-nfsv4-rpcrdma (RDMA Transport for ONC RPC) to Proposed Standar / Call: draft-ietf-nfsv4-rpcrdma (RDMA Transport for ONC RPC) to Proposed Standard Title: ast Call: draft-ietf-nfsv4-rpcrdma (RDMA Transport for ONC RPC) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-rpcrdma-06.txt Date: 2007-09-28 – Last Call: draft-ietf-sigtran-rfc4233update (TEI Query Request Number Change) to Proposed Standar / Call: draft-ietf-sigtran-rfc4233update (TEI Query Request Number Change) to Proposed Standard Title: ast Call: draft-ietf-sigtran-rfc4233update (TEI Query Request Number Change) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sigtran-rfc4233update-01.txt Date: 2007-09-28 – Last Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RF / Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RFC Title: ast Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfs-rdma-problem-statement-07.txt Date: 2007-09-28 – Last Call: draft-ietf-sigtran-rfc4233update (TEI Query Request Number Change) to Proposed Standar / Call: draft-ietf-sigtran-rfc4233update (TEI Query Request Number Change) to Proposed Standard Title: ast Call: draft-ietf-sigtran-rfc4233update (TEI Query Request Number Change) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sigtran-rfc4233update-01.txt Date: 2007-09-28 – Last Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RF / Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RFC Title: ast Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfs-rdma-problem-statement-07.txt Date: 2007-09-28 – Last Call: draft-garcia-simple-presence-dictionary (The Presence-Specific Static Dictionary for Signaling Compression (Sigcomp)) to Proposed Standar / Call: draft-garcia-simple-presence-dictionary (The Presence-Specific Static Dictionary for Signaling Compression (Sigcomp)) to Proposed Standard Title: ast Call: draft-garcia-simple-presence-dictionary (The Presence-Specific Static Dictionary for Signaling Compression (Sigcomp)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-garcia-simple-presence-dictionary-06.txt Date: 2007-09-28 – Last Call: draft-ietf-nfsv4-rpcrdma (RDMA Transport for ONC RPC) to Proposed Standar / Call: draft-ietf-nfsv4-rpcrdma (RDMA Transport for ONC RPC) to Proposed Standard Title: ast Call: draft-ietf-nfsv4-rpcrdma (RDMA Transport for ONC RPC) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-rpcrdma-06.txt Date: 2007-09-28 – Last Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Placement) to Proposed Standar / Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Placement) to Proposed Standard Title: ast Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Placement) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfsdirect-06.txt Date: 2007-10-01 – Approved by the IESG as Informational RFC Title: Dynamic Host Configuration Protocol Options Used by PXELINUX URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-pxelinux-03.txt Date: 2007-10-01 – Last Call: draft-ietf-tsvwg-diffserv-class-aggr (Aggregation of DiffServ Service Classes) to Informational RF / Call: draft-ietf-tsvwg-diffserv-class-aggr (Aggregation of DiffServ Service Classes) to Informational RFC Title: ast Call: draft-ietf-tsvwg-diffserv-class-aggr (Aggregation of DiffServ Service Classes) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-diffserv-class-aggr-04.txt Date: 2007-10-01 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-auth-enveloped-06.txt Date: 2007-10-03 – Approved by the IESG as Proposed Standard Title: Applying Signaling Compression (SigComp) to the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-sigcomp-sip-08.txt Date: 2007-10-03 – Last Call: draft-adolf-dvb-urn (A Uniform Resource Name (URN) Namespace for the Digital Video Broadcasting Project (DVB)) to Informational RF / Call: draft-adolf-dvb-urn (A Uniform Resource Name (URN) Namespace for the Digital Video Broadcasting Project (DVB)) to Informational RFC Title: ast Call: draft-adolf-dvb-urn (A Uniform Resource Name (URN) Namespace for the Digital Video Broadcasting Project (DVB)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-adolf-dvb-urn-00.txt Date: 2007-10-05 – Last Call: draft-ietf-tsvwg-ecn-mpls (Explicit Congestion Marking in MPLS) to Proposed Standar / Call: draft-ietf-tsvwg-ecn-mpls (Explicit Congestion Marking in MPLS) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-ecn-mpls (Explicit Congestion Marking in MPLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-ecn-mpls-02.txt Date: 2007-10-08 – Last Call: draft-ietf-avt-avpf-ccm (Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF)) to Proposed Standar / Call: draft-ietf-avt-avpf-ccm (Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF)) to Proposed Standard Title: ast Call: draft-ietf-avt-avpf-ccm (Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-avpf-ccm-09.txt Date: 2007-10-08 – Last Call: draft-ietf-avt-avpf-ccm (Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF)) to Proposed Standar / Call: draft-ietf-avt-avpf-ccm (Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF)) to Proposed Standard Title: ast Call: draft-ietf-avt-avpf-ccm (Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-avpf-ccm-09.txt Date: 2007-10-08 – Last Call: draft-ietf-avt-rtp-evrc-wb (RTP payload format for EVRC-WB codec and media subtype updates for EVRC-B codec) to Proposed Standar / Call: draft-ietf-avt-rtp-evrc-wb (RTP payload format for EVRC-WB codec and media subtype updates for EVRC-B codec) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-evrc-wb (RTP payload format for EVRC-WB codec and media subtype updates for EVRC-B codec) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-evrc-wb-03.txt Date: 2007-10-08 – Last Call: draft-ietf-avt-topologies (RTP Topologies) to Informational RF / Call: draft-ietf-avt-topologies (RTP Topologies) to Informational RFC Title: ast Call: draft-ietf-avt-topologies (RTP Topologies) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-topologies-06.txt Date: 2007-10-08 – Last Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RF / Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RFC Title: ast Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-levin-mmusic-xml-media-control-11.txt Date: 2007-10-08 – Last Call: draft-ietf-xcon-framework (A Framework for Centralized Conferencing) to Proposed Standar / Call: draft-ietf-xcon-framework (A Framework for Centralized Conferencing) to Proposed Standard Title: ast Call: draft-ietf-xcon-framework (A Framework for Centralized Conferencing) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-xcon-framework-09.txt Date: 2007-10-08 – Last Call: draft-ietf-avt-rtp-evrc-wb (RTP payload format for EVRC-WB codec and media subtype updates for EVRC-B codec) to Proposed Standar / Call: draft-ietf-avt-rtp-evrc-wb (RTP payload format for EVRC-WB codec and media subtype updates for EVRC-B codec) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-evrc-wb (RTP payload format for EVRC-WB codec and media subtype updates for EVRC-B codec) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-evrc-wb-03.txt Date: 2007-10-08 – Last Call: draft-ietf-avt-rtp-vorbis (RTP Payload Format for Vorbis Encoded Audio) to Proposed Standar / Call: draft-ietf-avt-rtp-vorbis (RTP Payload Format for Vorbis Encoded Audio) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-vorbis (RTP Payload Format for Vorbis Encoded Audio) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-vorbis-07.txt Date: 2007-10-08 – Last Call: draft-ietf-rmt-bb-fec-ldpc (Low Density Parity Check (LDPC) Staircase and Triangle Forward Error Correction (FEC) Schemes) to Proposed Standar / Call: draft-ietf-rmt-bb-fec-ldpc (Low Density Parity Check (LDPC) Staircase and Triangle Forward Error Correction (FEC) Schemes) to Proposed Standard Title: ast Call: draft-ietf-rmt-bb-fec-ldpc (Low Density Parity Check (LDPC) Staircase and Triangle Forward Error Correction (FEC) Schemes) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-bb-fec-ldpc-06.txt Date: 2007-10-08 – Approved by the IESG as Proposed Standard Title: Deprecation of Type 0 Routing Headers in IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-deprecate-rh0-01.txt Date: 2007-10-08 – Approved by the IESG as Informational RFC Title: A Uniform Resource Name (URN) Namespace for the Society of Motion Picture and Television Engineers (SMPTE) URL: http://www.ietf.org/internet-drafts/draft-edwards-urn-smpte-02.txt Date: 2007-10-08 – Approved by the IESG as Proposed Standard Title: Protocol for Carrying Authentication for Network Access (PANA) URL: http://www.ietf.org/internet-drafts/draft-ietf-pana-pana-18.txt Date: 2007-10-08 – Approved by the IESG as Informational RFC Title: A Uniform Resource Name (URN) Namespace for the Society of Motion Picture and Television Engineers (SMPTE) URL: http://www.ietf.org/internet-drafts/draft-edwards-urn-smpte-02.txt Date: 2007-10-08 – Approved by the IESG as Proposed Standard Title: IGP Routing Protocol Extensions for Discovery of Traffic Engineering Node Capabilities URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-te-node-cap-05.txt-05.txt Date: 2007-10-08 – Approved by the IESG as Proposed Standard Title: Rejecting Anonymous Requests in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-acr-code-05.txt Date: 2007-10-08 – Last Call: draft-creed-ogc-urn (A URN namespace for the Open Geospatial Consortium (OGC)) to Informational RF / Call: draft-creed-ogc-urn (A URN namespace for the Open Geospatial Consortium (OGC)) to Informational RFC Title: ast Call: draft-creed-ogc-urn (A URN namespace for the Open Geospatial Consortium (OGC)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-creed-ogc-urn-02.txt Date: 2007-10-08 – Last Call: draft-ietf-eap-netsel-problem (Network Discovery and Selection Problem) to Informational RF / Call: draft-ietf-eap-netsel-problem (Network Discovery and Selection Problem) to Informational RFC Title: ast Call: draft-ietf-eap-netsel-problem (Network Discovery and Selection Problem) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-eap-netsel-problem-08.txt Date: 2007-10-10 – Approved by the IESG as Proposed Standard Title: RTP Payload Format for Generic Forward Error Correction URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-ulp-23.txt Date: 2007-10-10 – Approved by the IESG as Proposed Standard Title: The Incident Object Description Exchange Format URL: http://www.ietf.org/internet-drafts/draft-ietf-inch-iodef-14.txt Date: 2007-10-11 – Last Call: draft-wilde-sms-uri (URI Scheme for GSM Short Message Service) to Proposed Standar / Call: draft-wilde-sms-uri (URI Scheme for GSM Short Message Service) to Proposed Standard Title: ast Call: draft-wilde-sms-uri (URI Scheme for GSM Short Message Service) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-wilde-sms-uri-13.txt Date: 2007-10-11 – Last Call: draft-ietf-rmt-bb-fec-rs (Reed-Solomon Forward Error Correction (FEC) Schemes) to Proposed Standar / Call: draft-ietf-rmt-bb-fec-rs (Reed-Solomon Forward Error Correction (FEC) Schemes) to Proposed Standard Title: ast Call: draft-ietf-rmt-bb-fec-rs (Reed-Solomon Forward Error Correction (FEC) Schemes) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-bb-fec-rs-04.txt Date: 2007-10-11 – Last Call: draft-ietf-smime-bfibecms (Using the Boneh-Franklin and Boneh-Boyen identity-based encryption algorithms with the Cryptographic Message Syntax (CMS)) to Proposed Standar / Call: draft-ietf-smime-bfibecms (Using the Boneh-Franklin and Boneh-Boyen identity-based encryption algorithms with the Cryptographic Message Syntax (CMS)) to Proposed Standard Title: ast Call: draft-ietf-smime-bfibecms (Using the Boneh-Franklin and Boneh-Boyen identity-based encryption algorithms with the Cryptographic Message Syntax (CMS)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-bfibecms-07.txt Date: 2007-10-11 – Last Call: draft-ietf-smime-ibearch (Identity-based Encryption Architecture) to Proposed Standar / Call: draft-ietf-smime-ibearch (Identity-based Encryption Architecture) to Proposed Standard Title: ast Call: draft-ietf-smime-ibearch (Identity-based Encryption Architecture) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-ibearch-05.txt Date: 2007-10-12 – Last Call: draft-ietf-behave-rfc3489bis (Session Traversal Utilities for (NAT) (STUN)) to Proposed Standar / Call: draft-ietf-behave-rfc3489bis (Session Traversal Utilities for (NAT) (STUN)) to Proposed Standard Title: ast Call: draft-ietf-behave-rfc3489bis (Session Traversal Utilities for (NAT) (STUN)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-rfc3489bis-11.txt Date: 2007-10-15 – Approved by the IESG as Informational RFC Title: BT’s eXtended Network Quality RTP Control Protocol Extended Reports (RTCP XR XNQ) URL: http://www.ietf.org/internet-drafts/draft-hunt-avt-rtcpxnq-01.txt Date: 2007-10-15 – Approved by the IESG as Proposed Standard Title: Obtaining and Using Globally Routable User Agent (UA) URIs (GRUU) in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-gruu-15.txt Date: 2007-10-15 – Approved by the IESG as Proposed Standard Title: Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-protocol-26.txt Date: 2007-10-15 – Approved by the IESG as Proposed Standard Title: Inter domain Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering – RSVP-TE extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-inter-domain-rsvp-te-07.txt Date: 2007-10-15 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 Experimental Messages URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-experimental-messages-03.txt Date: 2007-10-15 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 Vendor Specific Option URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-vsm-03.txt Date: 2007-10-16 – Last Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RF / Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RFC Title: ast Call: draft-ietf-nfsv4-nfs-rdma-problem-statement (NFS RDMA Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfs-rdma-problem-statement-07.txt Date: 2007-10-16 – Approved by the IESG as Proposed Standard Title: OSPF Protocol Extensions for Path Computation Element (PCE) Discovery URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-disco-proto-ospf-08.txt Date: 2007-10-16 – Approved by the IESG as Informational RFC Title: Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems URL: http://www.ietf.org/internet-drafts/draft-martin-ibcs-07.txt Date: 2007-10-16 – Approved by the IESG as Proposed Standard Title: IS-IS Protocol Extensions for Path Computation Element (PCE) Discovery URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-disco-proto-isis-08.txt Date: 2007-10-16 – Approved by the IESG as Proposed Standard Title: Sieve: An Email Filtering Language URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-3028bis-13.txt Date: 2007-10-16 – Approved by the IESG as Full Standard Title: Augmented BNF for Syntax Specifications: ABNF URL: http://www.ietf.org/internet-drafts/draft-crocker-rfc4234bis-01.txt Date: 2007-10-18 – Last Call: draft-klensin-unicode-escapes (ASCII Escaping of Unicode Characters) to BC / Call: draft-klensin-unicode-escapes (ASCII Escaping of Unicode Characters) to BCP Title: ast Call: draft-klensin-unicode-escapes (ASCII Escaping of Unicode Characters) to BCP URL: http://www.ietf.org/internet-drafts/draft-klensin-unicode-escapes-06.txt Date: 2007-10-18 – Last Call: draft-ietf-smime-cades (CMS Advanced Electronic Signatures (CAdES)) to Informational RF / Call: draft-ietf-smime-cades (CMS Advanced Electronic Signatures (CAdES)) to Informational RFC Title: ast Call: draft-ietf-smime-cades (CMS Advanced Electronic Signatures (CAdES)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cades-06.txt Date: 2007-10-22 – Last Call: draft-korhonen-mip6-service (Service Selection for Mobile IPv6) to Informational RF / Call: draft-korhonen-mip6-service (Service Selection for Mobile IPv6) to Informational RFC Title: ast Call: draft-korhonen-mip6-service (Service Selection for Mobile IPv6) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-korhonen-mip6-service-04.txt Date: 2007-10-22 – Last Call: draft-ietf-psamp-framework (A Framework for Packet Selection and Reporting) to Informational RF / Call: draft-ietf-psamp-framework (A Framework for Packet Selection and Reporting) to Informational RFC Title: ast Call: draft-ietf-psamp-framework (A Framework for Packet Selection and Reporting) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-psamp-framework-12.txt Date: 2007-10-22 – Last Call: draft-ietf-psamp-protocol (Packet Sampling (PSAMP) Protocol Specifications) to Proposed Standar / Call: draft-ietf-psamp-protocol (Packet Sampling (PSAMP) Protocol Specifications) to Proposed Standard Title: ast Call: draft-ietf-psamp-protocol (Packet Sampling (PSAMP) Protocol Specifications) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-psamp-protocol-08.txt Date: 2007-10-22 – Last Call: draft-ietf-psamp-sample-tech (Sampling and Filtering Techniques for IP Packet Selection) to Proposed Standar / Call: draft-ietf-psamp-sample-tech (Sampling and Filtering Techniques for IP Packet Selection) to Proposed Standard Title: ast Call: draft-ietf-psamp-sample-tech (Sampling and Filtering Techniques for IP Packet Selection) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-psamp-sample-tech-10.txt Date: 2007-10-22 – Approved by the IESG as Proposed Standard Title: Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs) URL: http://www.ietf.org/internet-drafts/draft-ietf-ipcdn-pktc-signaling-15.txt Date: 2007-10-22 – Approved by the IESG as Proposed Standard Title: IMAP4 Extensions for Quick Mailbox Resynchronization URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-reconnect-client-06.txt Date: 2007-10-25 – Approved by the IESG as Proposed Standard Title: ENUM Validation Token Format Definition URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-validation-token-04.txt Date: 2007-10-26 – Last Call: draft-ietf-l2vpn-oam-req-frmk (L2VPN OAM Requirements and Framework) to Informational RF / Call: draft-ietf-l2vpn-oam-req-frmk (L2VPN OAM Requirements and Framework) to Informational RFC Title: ast Call: draft-ietf-l2vpn-oam-req-frmk (L2VPN OAM Requirements and Framework) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-oam-req-frmk-09.txt Date: 2007-10-26 – Last Call: draft-cheshire-ipv4-acd (IPv4 Address Conflict Detection) to Proposed Standar / Call: draft-cheshire-ipv4-acd (IPv4 Address Conflict Detection) to Proposed Standard Title: ast Call: draft-cheshire-ipv4-acd (IPv4 Address Conflict Detection) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-cheshire-ipv4-acd-05.txt Date: 2007-10-26 – Last Call: draft-ietf-l2vpn-vpls-mcast-reqts (Requirements for Multicast Support in Virtual Private LAN Services) to Informational RF / Call: draft-ietf-l2vpn-vpls-mcast-reqts (Requirements for Multicast Support in Virtual Private LAN Services) to Informational RFC Title: ast Call: draft-ietf-l2vpn-vpls-mcast-reqts (Requirements for Multicast Support in Virtual Private LAN Services) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-vpls-mcast-reqts-05.txt Date: 2007-10-26 – Last Call: draft-ietf-shim6-failure-detection (Failure Detection and Locator Pair Exploration Protocol for IPv6 Multihoming) to Proposed Standar / Call: draft-ietf-shim6-failure-detection (Failure Detection and Locator Pair Exploration Protocol for IPv6 Multihoming) to Proposed Standard Title: ast Call: draft-ietf-shim6-failure-detection (Failure Detection and Locator Pair Exploration Protocol for IPv6 Multihoming) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-shim6-failure-detection-09.txt Date: 2007-10-26 – Last Call: draft-ietf-l2vpn-vpls-bridge-interop (VPLS Interoperability with CE Bridges) to Informational RF / Call: draft-ietf-l2vpn-vpls-bridge-interop (VPLS Interoperability with CE Bridges) to Informational RFC Title: ast Call: draft-ietf-l2vpn-vpls-bridge-interop (VPLS Interoperability with CE Bridges) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-l2vpn-vpls-bridge-interop-02.txt Date: 2007-10-26 – Last Call: draft-ietf-pwe3-pw-mib (Pseudowire (PW) Management Information Base) to Proposed Standar / Call: draft-ietf-pwe3-pw-mib (Pseudowire (PW) Management Information Base) to Proposed Standard Title: ast Call: draft-ietf-pwe3-pw-mib (Pseudowire (PW) Management Information Base) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-pw-mib-12.txt Date: 2007-10-26 – Last Call: draft-ietf-pwe3-pw-tc-mib (Definitions for Textual Conventions and for Managing Pseudowires over PSN) to Proposed Standar / Call: draft-ietf-pwe3-pw-tc-mib (Definitions for Textual Conventions and for Managing Pseudowires over PSN) to Proposed Standard Title: ast Call: draft-ietf-pwe3-pw-tc-mib (Definitions for Textual Conventions and for Managing Pseudowires over PSN) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-pw-tc-mib-12.txt Date: 2007-10-29 – Last Call: draft-ietf-avt-rfc2833biscas (Definition of Events For Channel-Oriented Telephony Signalling) to Proposed Standar / Call: draft-ietf-avt-rfc2833biscas (Definition of Events For Channel-Oriented Telephony Signalling) to Proposed Standard Title: ast Call: draft-ietf-avt-rfc2833biscas (Definition of Events For Channel-Oriented Telephony Signalling) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2833biscas-05.txt Date: 2007-10-29 – Last Call: draft-ietf-avt-rfc2833biscas (Definition of Events For Channel-Oriented Telephony Signalling) to Proposed Standar / Call: draft-ietf-avt-rfc2833biscas (Definition of Events For Channel-Oriented Telephony Signalling) to Proposed Standard Title: ast Call: draft-ietf-avt-rfc2833biscas (Definition of Events For Channel-Oriented Telephony Signalling) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2833biscas-05.txt Date: 2007-10-29 – Last Call: draft-ietf-geopriv-revised-civic-lo (Revised Civic Location Format for PIDF-LO) to Proposed Standar / Call: draft-ietf-geopriv-revised-civic-lo (Revised Civic Location Format for PIDF-LO) to Proposed Standard Title: ast Call: draft-ietf-geopriv-revised-civic-lo (Revised Civic Location Format for PIDF-LO) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-revised-civic-lo-06.txt Date: 2007-10-30 – Approved by the IESG as Proposed Standard Title: MIB for the UDP-Lite protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-udplite-mib-03.txt Date: 2007-10-30 – Approved by the IESG as Proposed Standard Title: Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-ice-19.txt Date: 2007-10-31 – Last Call: draft-ietf-mipshop-handover-key (Distributing a Symmetric FMIPv6 Handover Key using SEND) to Proposed Standar / Call: draft-ietf-mipshop-handover-key (Distributing a Symmetric FMIPv6 Handover Key using SEND) to Proposed Standard Title: ast Call: draft-ietf-mipshop-handover-key (Distributing a Symmetric FMIPv6 Handover Key using SEND) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-handover-key-03.txt]]> 1468 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellowship-program/ Sat, 27 Oct 2007 16:02:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1470 IETF fellows and mentors in Chicago

Sandra L. Céspedes is professor of information technology at ICESI University in Colombia. She is interested in the work of a number of IETF working groups, including ipv6, mipshop, sip, and manet. Sandra was mentored by Alain Durand, who is director of the office of the chief technology officer at Comcast. Originally from Nepal, Raj Gurung is a graduate student in computer science at Western Illinois University. He, too, is interested in a number of working groups, including manet, mpls, IPv6, and dhc. Raj was mentored by Dave Meyer, director of advanced research and development at Cisco. Both Martín Germán and Alberto Castro are graduate students at the Universidad de la República Oriental del Uruguay. They have actively participated in the PCE working group. Jean-Louis Leroux of France Télécom, who is also active in the PCE WG, served as mentor for both fellows. The Internet Society expresses its gratitude to the IETF 69 mentors as well as those who served on the fellowship application review and selection committee, including James Galvin, Jaap Akkerhuis, Alain Patrick Aina, Sanjaya, and Frederico Neves. Special thanks to Afilias and Google for their sponsorship of the fellowship program. Support for this important program by businesses and organisations is welcome. Read complete information about the program, including sponsorship benefits.]]> 1470 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-6/ Sun, 27 May 2007 16:05:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1472 Summer 2007-IETF 69 22-27 July 2007 Host: Motorola Location: Chicago, IL, USA Fall 2007-IETF 70 2-7 December 2007 Host: TBD Location: Vancouver, BC, Canada Spring 2008-IETF 71 9-14 March 2008 Host: Comcast Location: Philadelphia, PA, USA IETF 72 27 July-1 August, 2008 Host: TBD Location: Asia (Provisional)]]> 1472 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-8/ Sun, 27 May 2007 16:11:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1474 Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file.

Date: 2007-02-02 – Approved by the IESG as Proposed Standard Title: Multi-Topology (MT) Routing in OSPF URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-mt-08.txt Date: 2007-02-05 – Last Call: draft-ietf-geopriv-radius-lo (Carrying Location Objects in RADIUS) to Proposed Standar / Call: draft-ietf-geopriv-radius-lo (Carrying Location Objects in RADIUS) to Proposed Standard Title: ast Call: draft-ietf-geopriv-radius-lo (Carrying Location Objects in RADIUS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-radius-lo-10.txt Date: 2007-02-05 – Last Call: draft-ietf-geopriv-radius-lo (Carrying Location Objects in RADIUS) to Proposed Standar / Call: draft-ietf-geopriv-radius-lo (Carrying Location Objects in RADIUS) to Proposed Standard Title: ast Call: draft-ietf-geopriv-radius-lo (Carrying Location Objects in RADIUS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-radius-lo-10.txt Date: 2007-02-05 – Last Call: draft-ietf-rohc-tcp (RObust Header Compression (ROHC): A Profile for TCP/IP (ROHC-TCP)) to Proposed Standar / Call: draft-ietf-rohc-tcp (RObust Header Compression (ROHC): A Profile for TCP/IP (ROHC-TCP)) to Proposed Standard Title: ast Call: draft-ietf-rohc-tcp (RObust Header Compression (ROHC): A Profile for TCP/IP (ROHC-TCP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-tcp-16.txt Date: 2007-02-05 – Last Call: draft-ietf-sip-connected-identity (Connected Identity in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-connected-identity (Connected Identity in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-connected-identity (Connected Identity in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-connected-identity-04.txt Date: 2007-02-05 – Approved by the IESG as Informational RFC Title: Document Shepherding from Working Group Last Call to Publication URL: http://www.ietf.org/internet-drafts/draft-ietf-proto-wgchair-doc-shepherding-09.txt Date: 2007-02-05 – Last Call: draft-ietf-imss-fc-rscn-mib (Fibre Channel Registered State Change Notification (RSCN) MIB) to Proposed Standar / Call: draft-ietf-imss-fc-rscn-mib (Fibre Channel Registered State Change Notification (RSCN) MIB) to Proposed Standard Title: ast Call: draft-ietf-imss-fc-rscn-mib (Fibre Channel Registered State Change Notification (RSCN) MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-rscn-mib-02.txt Date: 2007-02-05 – Last Call: draft-ietf-imss-fc-zs-mib (Fibre-Channel Zone Server MIB) to Proposed Standar / Call: draft-ietf-imss-fc-zs-mib (Fibre-Channel Zone Server MIB) to Proposed Standard Title: ast Call: draft-ietf-imss-fc-zs-mib (Fibre-Channel Zone Server MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-zs-mib-03.txt Date: 2007-02-05 – Approved by the IESG as Proposed Standard Title: Netnews Article Format URL: http://www.ietf.org/internet-drafts/draft-ietf-usefor-usefor-12.txt Date: 2007-02-07 – Approved by the IESG as Proposed Standard Title: Extended ICMP to Support Multi-part Messages URL: http://www.ietf.org/internet-drafts/draft-bonica-internet-icmp-16.txt Date: 2007-02-07 – Last Call: draft-iesg-sponsoring-guidelines (Guidance on Area Director Sponsoring of Documents) to Informational RF / Call: draft-iesg-sponsoring-guidelines (Guidance on Area Director Sponsoring of Documents) to Informational RFC Title: ast Call: draft-iesg-sponsoring-guidelines (Guidance on Area Director Sponsoring of Documents) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-iesg-sponsoring-guidelines-01.txt Date: 2007-02-07 – Approved by the IESG as Proposed Standard Title: Extended ICMP to Support Multi-part Messages URL: http://www.ietf.org/internet-drafts/draft-bonica-internet-icmp-16.txt Date: 2007-02-07 – Last Call: draft-ietf-crisp-iris-dchk (A Domain Availability Check (dchk) Registry Type for the Internet Registry Information Service (IRIS)) to Proposed Standar / Call: draft-ietf-crisp-iris-dchk (A Domain Availability Check (dchk) Registry Type for the Internet Registry Information Service (IRIS)) to Proposed Standard Title: ast Call: draft-ietf-crisp-iris-dchk (A Domain Availability Check (dchk) Registry Type for the Internet Registry Information Service (IRIS)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-dchk-06.txt Date: 2007-02-08 – Approved by the IESG as Informational RFC Title: MIKEY General Extension Payload for OMA BCAST LTKM/STKM Transport URL: http://www.ietf.org/internet-drafts/draft-dondeti-msec-mikey-genext-oma-04.txt Date: 2007-02-08 – Last Call: draft-mcwalter-uri-mib (Uniform Resource Identifier (URI) MIB) to Proposed Standar / Call: draft-mcwalter-uri-mib (Uniform Resource Identifier (URI) MIB) to Proposed Standard Title: ast Call: draft-mcwalter-uri-mib (Uniform Resource Identifier (URI) MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-mcwalter-uri-mib-02.txt Date: 2007-02-08 – Last Call: draft-mcwalter-langtag-mib (Language Tag MIB) to Proposed Standar / Call: draft-mcwalter-langtag-mib (Language Tag MIB) to Proposed Standard Title: ast Call: draft-mcwalter-langtag-mib (Language Tag MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-mcwalter-langtag-mib-01.txt Date: 2007-02-08 – Last Call: draft-mcwalter-uri-mib (Uniform Resource Identifier (URI) MIB) to Proposed Standar / Call: draft-mcwalter-uri-mib (Uniform Resource Identifier (URI) MIB) to Proposed Standard Title: ast Call: draft-mcwalter-uri-mib (Uniform Resource Identifier (URI) MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-mcwalter-uri-mib-02.txt Date: 2007-02-08 – Last Call: draft-mcwalter-langtag-mib (Language Tag MIB) to Proposed Standar / Call: draft-mcwalter-langtag-mib (Language Tag MIB) to Proposed Standard Title: ast Call: draft-mcwalter-langtag-mib (Language Tag MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-mcwalter-langtag-mib-01.txt Date: 2007-02-12 – Approved by the IESG as Proposed Standard Title: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec URL: http://www.ietf.org/internet-drafts/draft-kelly-ipsec-ciph-sha2-01.txt Date: 2007-02-12 – Approved by the IESG as Informational RFC Title: Suite B Cryptographic Suites for IPsec URL: http://www.ietf.org/internet-drafts/draft-solinas-ui-suites-01.txt Date: 2007-02-12 – Last Call: draft-wing-behave-symmetric-rtprtcp (Common Local Transmit and Receive Ports (Symmetric RTP)) to Informational RF / Call: draft-wing-behave-symmetric-rtprtcp (Common Local Transmit and Receive Ports (Symmetric RTP)) to Informational RFC Title: ast Call: draft-wing-behave-symmetric-rtprtcp (Common Local Transmit and Receive Ports (Symmetric RTP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-wing-behave-symmetric-rtprtcp-01.txt Date: 2007-02-14 – Last Call: draft-ietf-eap-keying (Extensible Authentication Protocol (EAP) Key Management Framework) to Proposed Standar / Call: draft-ietf-eap-keying (Extensible Authentication Protocol (EAP) Key Management Framework) to Proposed Standard Title: ast Call: draft-ietf-eap-keying (Extensible Authentication Protocol (EAP) Key Management Framework) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-eap-keying-18.txt Date: 2007-02-14 – Last Call: draft-kunze-rfc2413bis (The Dublin Core Metadata Element Set) to Informational RF / Call: draft-kunze-rfc2413bis (The Dublin Core Metadata Element Set) to Informational RFC Title: ast Call: draft-kunze-rfc2413bis (The Dublin Core Metadata Element Set) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-kunze-rfc2413bis-05.txt Date: 2007-02-14 – Last Call: draft-wilde-text-fragment (URI Fragment Identifiers for the text/plain Media Type) to Proposed Standar / Call: draft-wilde-text-fragment (URI Fragment Identifiers for the text/plain Media Type) to Proposed Standard Title: ast Call: draft-wilde-text-fragment (URI Fragment Identifiers for the text/plain Media Type) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-wilde-text-fragment-06.txt Date: 2007-02-14 – Last Call: draft-kunze-rfc2413bis (The Dublin Core Metadata Element Set) to Informational RF / Call: draft-kunze-rfc2413bis (The Dublin Core Metadata Element Set) to Informational RFC Title: ast Call: draft-kunze-rfc2413bis (The Dublin Core Metadata Element Set) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-kunze-rfc2413bis-05.txt Date: 2007-02-15 – Last Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standar / Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standard Title: ast Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-format-10.txt Date: 2007-02-15 – Last Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standar / Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standard Title: ast Call: draft-ietf-6lowpan-format (Transmission of IPv6 Packets over IEEE 802.15.4 Networks) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-format-10.txt Date: 2007-02-15 – Last Call: draft-ietf-6lowpan-problem (6LoWPAN: Overview, Assumptions, Problem Statement and Goals) to Informational RF / Call: draft-ietf-6lowpan-problem (6LoWPAN: Overview, Assumptions, Problem Statement and Goals) to Informational RFC Title: ast Call: draft-ietf-6lowpan-problem (6LoWPAN: Overview, Assumptions, Problem Statement and Goals) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-problem-07.txt Date: 2007-02-15 – Approved by the IESG as Informational RFC Title: Local Network Protection for IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-06.txt Date: 2007-02-15 – Last Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standar / Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standard Title: ast Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-policy-11.txt Date: 2007-02-15 – Approved by the IESG as Proposed Standard Title: Domain-based Application Service Location Using URIs and the Dynamic Delegation Discovery Service (DDDS) URL: http://www.ietf.org/internet-drafts/draft-daigle-unaptr-02.txt Date: 2007-02-16 – Last Call: draft-klensin-norm-ref (Handling Normative References for Standards Track Documents) to BC / Call: draft-klensin-norm-ref (Handling Normative References for Standards Track Documents) to BCP Title: ast Call: draft-klensin-norm-ref (Handling Normative References for Standards Track Documents) to BCP URL: http://www.ietf.org/internet-drafts/draft-klensin-norm-ref-03.txt Date: 2007-02-21 – Approved by the IESG as Proposed Standard Title: Generic Aggregate Resource ReSerVation Protocol (RSVP) Reservations URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-ipsec-05.txt Date: 2007-02-21 – Approved by the IESG as Proposed Standard Title: Generic Aggregate Resource ReSerVation Protocol (RSVP) Reservations URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-ipsec-05.txt Date: 2007-02-21 – Approved by the IESG as Experimental RFC Title: An IPv6 Prefix for Overlay Routable Cryptographic Hash Identifiers (ORCHID) URL: http://www.ietf.org/internet-drafts/draft-laganier-ipv6-khi-07.txt Date: 2007-02-21 – Approved by the IESG as Proposed Standard Title: DomainKeys Identified Mail (DKIM) Signatures URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-base-10.txt Date: 2007-02-21 – Approved by the IESG as Historic Title: Domain-based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys) URL: http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-06.txt Date: 2007-02-21 – Approved by the IESG as Proposed Standard Title: DomainKeys Identified Mail (DKIM) Signatures URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-base-10.txt Date: 2007-02-23 – Last Call: draft-zeilenga-ldap-entrydn (The LDAP entryDN Operational Attribute) to Proposed Standar / Call: draft-zeilenga-ldap-entrydn (The LDAP entryDN Operational Attribute) to Proposed Standard Title: ast Call: draft-zeilenga-ldap-entrydn (The LDAP entryDN Operational Attribute) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-entrydn-01.txt Date: 2007-02-26 – Last Call: draft-siemborski-imap-sasl-initial-response (IMAP Extension for SASL Initial Client Response) to Proposed Standar / Call: draft-siemborski-imap-sasl-initial-response (IMAP Extension for SASL Initial Client Response) to Proposed Standard Title: ast Call: draft-siemborski-imap-sasl-initial-response (IMAP Extension for SASL Initial Client Response) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-siemborski-imap-sasl-initial-response-06.txt Date: 2007-02-26 – Last Call: draft-ietf-lemonade-search-within (WITHIN Search extension to the IMAP Protocol) to Proposed Standar / Call: draft-ietf-lemonade-search-within (WITHIN Search extension to the IMAP Protocol) to Proposed Standard Title: ast Call: draft-ietf-lemonade-search-within (WITHIN Search extension to the IMAP Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-search-within-03.txt Date: 2007-02-26 – Last Call: draft-ietf-isis-admin-tags (A Policy Control Mechanism is IS-IS Using Administrative Tags) to Proposed Standar / Call: draft-ietf-isis-admin-tags (A Policy Control Mechanism is IS-IS Using Administrative Tags) to Proposed Standard Title: ast Call: draft-ietf-isis-admin-tags (A Policy Control Mechanism is IS-IS Using Administrative Tags) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-admin-tags-03.txt Date: 2007-02-26 – Last Call: draft-ietf-idr-avoid-transition (Avoid BGP Best Path Transitions from One External to Another) to Proposed Standar / Call: draft-ietf-idr-avoid-transition (Avoid BGP Best Path Transitions from One External to Another) to Proposed Standard Title: ast Call: draft-ietf-idr-avoid-transition (Avoid BGP Best Path Transitions from One External to Another) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-avoid-transition-04.txt Date: 2007-02-26 – Last Call: draft-ietf-isis-caps (IS-IS Extensions for Advertising Router Information) to Proposed Standar / Call: draft-ietf-isis-caps (IS-IS Extensions for Advertising Router Information) to Proposed Standard Title: ast Call: draft-ietf-isis-caps (IS-IS Extensions for Advertising Router Information) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-caps-07.txt Date: 2007-02-26 – Last Call: draft-ietf-isis-link-attr (Definition of an IS-IS Link Attribute sub-TLV) to Proposed Standar / Call: draft-ietf-isis-link-attr (Definition of an IS-IS Link Attribute sub-TLV) to Proposed Standard Title: ast Call: draft-ietf-isis-link-attr (Definition of an IS-IS Link Attribute sub-TLV) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-link-attr-03.txt Date: 2007-02-26 – Last Call: draft-ietf-pim-sm-bsr (Bootstrap Router (BSR) Mechanism for PIM) to Proposed Standar / Call: draft-ietf-pim-sm-bsr (Bootstrap Router (BSR) Mechanism for PIM) to Proposed Standard Title: ast Call: draft-ietf-pim-sm-bsr (Bootstrap Router (BSR) Mechanism for PIM) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-sm-bsr-10.txt Date: 2007-02-26 – Approved by the IESG as Proposed Standard Title: Wildcard Pseudowire Type URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-wildcard-pw-type-02.txt Date: 2007-02-26 – Approved by the IESG as BCP Title: RFC 4181 Update to Recognize the IETF Trust URL: http://www.ietf.org/internet-drafts/draft-heard-rfc4181-update-00.txt Date: 2007-02-26 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Multiple Signer Clarification URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-mult-sign-03.txt Date: 2007-02-26 – Approved by the IESG as Proposed Standard Title: Enhanced Route Optimization for Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-cga-cba-03.txt Date: 2007-02-26 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Multiple Signer Clarification URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-mult-sign-03.txt Date: 2007-02-26 – Approved by the IESG as Proposed Standard Title: Enhanced Route Optimization for Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-cga-cba-03.txt Date: 2007-02-26 – Approved by the IESG as BCP Title: RFC 4181 Update to Recognize the IETF Trust URL: http://www.ietf.org/internet-drafts/draft-heard-rfc4181-update-00.txt Date: 2007-02-26 – Approved by the IESG as Informational RFC Title: Codepoint Registry for The Flags Field in the Resource Reservation Protocol Traffic Engineering (RSVP-TE) Session Attribute Object URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-iana-rsvp-session-flags-01.txt Date: 2007-02-26 – Re: Experimental RFC to be: draft-nagami-mip6-nemo-multihome-fixed-network-03.tx / xperimental RFC to be: draft-nagami-mip6-nemo-multihome-fixed-network-03.txt Title: e: Experimental RFC to be: draft-nagami-mip6-nemo-multihome-fixed-network-03.txt URL: http://www.ietf.org/internet-drafts/draft-nagami-mip6-nemo-multihome-fixed-network-03.txt Date: 2007-02-26 – Re: Informational RFC to be: draft-joslin-config-schema-17.tx / nformational RFC to be: draft-joslin-config-schema-17.txt Title: e: Informational RFC to be: draft-joslin-config-schema-17.txt URL: http://www.ietf.org/internet-drafts/draft-joslin-config-schema-17.txt Date: 2007-02-27 – Approved by the IESG as Draft Standard Title: Autonomous System Confederations for BGP URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc3065bis-06.txt Date: 2007-02-27 – Approved by the IESG as Informational RFC Title: A Uniform Resource Name (URN) Namespace for Extensions to the Extensible Messaging and Presence Protocol (XMPP) URL: http://www.ietf.org/internet-drafts/draft-saintandre-xmpp-urn-03.txt Date: 2007-02-27 – Last Call: draft-ietf-v6ops-natpt-to-historic (Reasons to Move NAT-PT to Historic Status) to Informational RF / Call: draft-ietf-v6ops-natpt-to-historic (Reasons to Move NAT-PT to Historic Status) to Informational RFC Title: ast Call: draft-ietf-v6ops-natpt-to-historic (Reasons to Move NAT-PT to Historic Status) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-natpt-to-historic-00.txt Date: 2007-02-28 – Last Call: draft-bagnulo-multiple-hash-cga (Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs)) to Proposed Standar / Call: draft-bagnulo-multiple-hash-cga (Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs)) to Proposed Standard Title: ast Call: draft-bagnulo-multiple-hash-cga (Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-02.txt Date: 2007-02-28 – Last Call: draft-ietf-mpls-icmp (ICMP Extensions for MultiProtocol Label Switching) to Proposed Standar / Call: draft-ietf-mpls-icmp (ICMP Extensions for MultiProtocol Label Switching) to Proposed Standard Title: ast Call: draft-ietf-mpls-icmp (ICMP Extensions for MultiProtocol Label Switching) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-icmp-08.txt Date: 2007-02-28 – Approved by the IESG as Informational RFC Title: Benchmarking Terminology for Resource Reservation Capable Routers URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-benchres-term-08.txt Date: 2007-02-28 – Approved by the IESG as Informational RFC Title: Recommendations for Filtering ICMPv6 Messages in Firewalls URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-icmpv6-filtering-recs-03.txt Date: 2007-02-28 – Approved by the IESG as Informational RFC Title: Recommendations for Filtering ICMPv6 Messages in Firewalls URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-icmpv6-filtering-recs-03.txt Date: 2007-02-28 – Approved by the IESG as Informational RFC Title: Using IPsec to Secure IPv6-in-IPv4 Tunnels URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-ipsec-tunnels-05.txt Date: 2007-02-28 – Approved by the IESG as Informational RFC Title: Using IPsec to Secure IPv6-in-IPv4 Tunnels URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-ipsec-tunnels-05.txt Date: 2007-03-01 – Approved by the IESG as Proposed Standard Title: Authenticated Chunks for Stream Control Transmission Protocol (SCTP) URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctp-auth-08.txt Date: 2007-03-01 – Last Call: draft-ietf-v6ops-natpt-to-historic (Reasons to Move NAT-PT to Historic Status) to Informational RF / Call: draft-ietf-v6ops-natpt-to-historic (Reasons to Move NAT-PT to Historic Status) to Informational RFC Title: ast Call: draft-ietf-v6ops-natpt-to-historic (Reasons to Move NAT-PT to Historic Status) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-natpt-to-historic-00.txt Date: 2007-03-01 – Approved by the IESG as Proposed Standard Title: Authenticated Chunks for Stream Control Transmission Protocol (SCTP) URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctp-auth-08.txt Date: 2007-03-01 – Last Call: draft-ietf-behave-tcp (NAT Behavioral Requirements for TCP) to BC / Call: draft-ietf-behave-tcp (NAT Behavioral Requirements for TCP) to BCP Title: ast Call: draft-ietf-behave-tcp (NAT Behavioral Requirements for TCP) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-tcp-05.txt Date: 2007-03-01 – Last Call: draft-mule-ietf-cablelabs-collaboration (CableLabs – IETF Standardization Collaboration) to Informational RF / Call: draft-mule-ietf-cablelabs-collaboration (CableLabs – IETF Standardization Collaboration) to Informational RFC Title: ast Call: draft-mule-ietf-cablelabs-collaboration (CableLabs – IETF Standardization Collaboration) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-mule-ietf-cablelabs-collaboration-03.txt Date: 2007-03-01 – Last Call: draft-wing-behave-symmetric-rtprtcp (Common Local Transmit and Receive Ports (Symmetric RTP)) to BC / Call: draft-wing-behave-symmetric-rtprtcp (Common Local Transmit and Receive Ports (Symmetric RTP)) to BCP Title: ast Call: draft-wing-behave-symmetric-rtprtcp (Common Local Transmit and Receive Ports (Symmetric RTP)) to BCP URL: http://www.ietf.org/internet-drafts/draft-wing-behave-symmetric-rtprtcp-02.txt Date: 2007-03-02 – Last Call: draft-ietf-enum-im-service (A Telephone Number Mapping (ENUM) Service Registration for Instant Messaging (IM) Services) to Proposed Standar / Call: draft-ietf-enum-im-service (A Telephone Number Mapping (ENUM) Service Registration for Instant Messaging (IM) Services) to Proposed Standard Title: ast Call: draft-ietf-enum-im-service (A Telephone Number Mapping (ENUM) Service Registration for Instant Messaging (IM) Services) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-im-service-01.txt Date: 2007-03-02 – Last Call: draft-ietf-simple-presence-rules (Presence Authorization Rules) to Proposed Standar / Call: draft-ietf-simple-presence-rules (Presence Authorization Rules) to Proposed Standard Title: ast Call: draft-ietf-simple-presence-rules (Presence Authorization Rules) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-presence-rules-09.txt Date: 2007-03-02 – Approved by the IESG as Proposed Standard Title: Representing trunk groups in tel/sip Uniform Resource Identifiers (URIs) URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-trunk-group-10.txt Date: 2007-03-05 – Approved by the IESG as Informational RFC Title: IP Address Location Privacy and Mobile IPv6: Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-location-privacy-ps-06.txt Date: 2007-03-05 – Last Call: draft-ietf-pkix-lightweight-ocsp-profile (Lightweight OCSP Profile for High Volume Environments) to Proposed Standar / Call: draft-ietf-pkix-lightweight-ocsp-profile (Lightweight OCSP Profile for High Volume Environments) to Proposed Standard Title: ast Call: draft-ietf-pkix-lightweight-ocsp-profile (Lightweight OCSP Profile for High Volume Environments) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-08.txt Date: 2007-03-07 – Last Call: draft-ietf-avt-ulp (RTP Payload Format for Generic Forward Error Correction) to Proposed Standar / Call: draft-ietf-avt-ulp (RTP Payload Format for Generic Forward Error Correction) to Proposed Standard Title: ast Call: draft-ietf-avt-ulp (RTP Payload Format for Generic Forward Error Correction) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-ulp-21.txt Date: 2007-03-07 – Approved by the IESG as Proposed Standard Title: TCP Extended Statistics MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-tcp-mib-extension-15.txt Date: 2007-03-08 – Last Call: draft-ietf-ltans-ers (Evidence Record Syntax (ERS)) to Proposed Standar / Call: draft-ietf-ltans-ers (Evidence Record Syntax (ERS)) to Proposed Standard Title: ast Call: draft-ietf-ltans-ers (Evidence Record Syntax (ERS)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ltans-ers-12.txt Date: 2007-03-08 – Approved by the IESG as Proposed Standard Title: Bi-directional Protocol Independent Multicast (BIDIR-PIM) URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-bidir-09.txt Date: 2007-03-09 – Last Call: draft-ietf-16ng-ipv6-link-model-analysis (Analysis o / Call: draft-ietf-16ng-ipv6-link-model-analysis (Analysis of Title: ast Call: draft-ietf-16ng-ipv6-link-model-analysis (Analysis of URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv6-link-model-analysis-03.txt Date: 2007-03-09 – Last Call: draft-ietf-xcon-bfcp-connection (Connection Establishment in the Binary Floor Control Protocol (BFCP)) to Proposed Standar / Call: draft-ietf-xcon-bfcp-connection (Connection Establishment in the Binary Floor Control Protocol (BFCP)) to Proposed Standard Title: ast Call: draft-ietf-xcon-bfcp-connection (Connection Establishment in the Binary Floor Control Protocol (BFCP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-xcon-bfcp-connection-04.txt Date: 2007-03-09 – Approved by the IESG as Proposed Standard Title: Protocol Independent Multicast MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-mib-v2-10.txt Date: 2007-03-09 – Approved by the IESG as Proposed Standard Title: BGP Support for Four-octet AS Number Space URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-as4bytes-13.txt Date: 2007-03-09 – Approved by the IESG as Proposed Standard Title: Protocol Independent Multicast MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-mib-v2-10.txt Date: 2007-03-12 – Last Call: draft-ietf-16ng-ipv6-over-ipv6cs (IPv6 Over the IP Specific part of the Packet Convergence sublayer in 802.16 Networks) to Proposed Standar / Call: draft-ietf-16ng-ipv6-over-ipv6cs (IPv6 Over the IP Specific part of the Packet Convergence sublayer in 802.16 Networks) to Proposed Standard Title: ast Call: draft-ietf-16ng-ipv6-over-ipv6cs (IPv6 Over the IP Specific part of the Packet Convergence sublayer in 802.16 Networks) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv6-over-ipv6cs-08.txt Date: 2007-03-12 – Last Call: draft-ietf-16ng-ipv6-over-ipv6cs (IPv6 Over the IP Specific part of the Packet Convergence sublayer in 802.16 Networks) to Proposed Standar / Call: draft-ietf-16ng-ipv6-over-ipv6cs (IPv6 Over the IP Specific part of the Packet Convergence sublayer in 802.16 Networks) to Proposed Standard Title: ast Call: draft-ietf-16ng-ipv6-over-ipv6cs (IPv6 Over the IP Specific part of the Packet Convergence sublayer in 802.16 Networks) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv6-over-ipv6cs-08.txt Date: 2007-03-12 – Last Call: draft-ietf-tcpm-tcp-antispoof (Defending TCP Against Spoofing Attacks) to Informational RF / Call: draft-ietf-tcpm-tcp-antispoof (Defending TCP Against Spoofing Attacks) to Informational RFC Title: ast Call: draft-ietf-tcpm-tcp-antispoof (Defending TCP Against Spoofing Attacks) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-antispoof-06.txt Date: 2007-03-12 – Last Call: draft-ietf-atompub-protocol (The Atom Publishing Protocol) to Proposed Standar / Call: draft-ietf-atompub-protocol (The Atom Publishing Protocol) to Proposed Standard Title: ast Call: draft-ietf-atompub-protocol (The Atom Publishing Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-atompub-protocol-14.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Protocol Extensions for Header Compression over MPLS URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-hc-over-mpls-protocol-08.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Protocol Extensions for Header Compression over MPLS URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-hc-over-mpls-protocol-08.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Definitions and Managed Objects for OAM Functions on Ethernet Like Interfaces URL: http://www.ietf.org/internet-drafts/draft-ietf-hubmib-efm-mib-06.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: HTTP Extensions for Distributed Authoring – WebDAV URL: http://www.ietf.org/internet-drafts/draft-ietf-webdav-rfc2518bis-18.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Connected Identity in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-connected-identity-05.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Fibre Channel Registered State Change Notification (RSCN) MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-rscn-mib-02.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Fibre-Channel Zone Server MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-zs-mib-03.txt Date: 2007-03-12 – Approved by the IESG as Informational RFC Title: Integrity, privacy and security in OPES for SMTP URL: http://www.ietf.org/internet-drafts/draft-ietf-opes-smtp-security-03.txt Date: 2007-03-12 – Approved by the IESG as Informational RFC Title: Integrity, privacy and security in OPES for SMTP URL: http://www.ietf.org/internet-drafts/draft-ietf-opes-smtp-security-03.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Fibre-Channel Fabric Configuration Server MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-fcs-mib-02.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Fibre-Channel Fabric Configuration Server MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-imss-fc-fcs-mib-02.txt Date: 2007-03-12 – Approved by the IESG as Informational RFC Title: Requirements for a Mechanism Identifying a Name Server Instance URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-serverid-08.txt Date: 2007-03-12 – Approved by the IESG as Experimental RFC Title: Abstract Syntax Notation X (ASN.X) URL: http://www.ietf.org/internet-drafts/draft-legg-xed-asd-07.txt Date: 2007-03-12 – Approved by the IESG as Informational RFC Title: Use of Hash Algorithms in IKE and IPsec URL: http://www.ietf.org/internet-drafts/draft-hoffman-ike-ipsec-hash-use-06.txt Date: 2007-03-12 – Approved by the IESG as Proposed Standard Title: Routing extensions for discovery of Multiprotocol (MPLS) Label Switch Router (LSR) Traffic Engineering (TE) mesh membership URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-automesh-04.txt Date: 2007-03-12 – Last Call: draft-martin-ibcs (Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems) to Informational RF / Call: draft-martin-ibcs (Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems) to Informational RFC Title: ast Call: draft-martin-ibcs (Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-martin-ibcs-03.txt Date: 2007-03-13 – Last Call: draft-ietf-openpgp-rfc2440bis (OpenPGP Message Format) to Proposed Standar / Call: draft-ietf-openpgp-rfc2440bis (OpenPGP Message Format) to Proposed Standard Title: ast Call: draft-ietf-openpgp-rfc2440bis (OpenPGP Message Format) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-19.txt Date: 2007-03-14 – Last Call: draft-ietf-krb-wg-tcp-expansion (Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP) to Proposed Standar / Call: draft-ietf-krb-wg-tcp-expansion (Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP) to Proposed Standard Title: ast Call: draft-ietf-krb-wg-tcp-expansion (Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-tcp-expansion-01.txt Date: 2007-03-14 – Approved by the IESG as Proposed Standard Title: Mobile IPv4 Message String Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-message-string-ext-03.txt Date: 2007-03-14 – Last Call: draft-williams-on-channel-binding (On the Use of Channel Bindings to Secure Channels) to Proposed Standar / Call: draft-williams-on-channel-binding (On the Use of Channel Bindings to Secure Channels) to Proposed Standard Title: ast Call: draft-williams-on-channel-binding (On the Use of Channel Bindings to Secure Channels) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-williams-on-channel-binding-01.txt Date: 2007-03-14 – Last Call: draft-ietf-krb-wg-tcp-expansion (Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP) to Proposed Standar / Call: draft-ietf-krb-wg-tcp-expansion (Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP) to Proposed Standard Title: ast Call: draft-ietf-krb-wg-tcp-expansion (Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-tcp-expansion-01.txt Date: 2007-03-14 – Approved by the IESG as Proposed Standard Title: Mobile IPv4 Message String Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-message-string-ext-03.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: RObust Header Compression (ROHC): A Profile for TCP/IP (ROHC-TCP) URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-tcp-16.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-lwz-08.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: XML Pipelining with Chunks for the Information Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-xpc-06.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: XML Pipelining with Chunks for the Information Registry Information Service URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-xpc-06.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: Extensions to OSPF for Advertising Optional Router Capabilities URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-cap-10.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: Extensions to OSPF for Advertising Optional Router Capabilities URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-cap-10.txt Date: 2007-03-15 – Approved by the IESG as Proposed Standard Title: A Common Schema for Internet Registry Information Service Transfer Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-common-transport-05.txt Date: 2007-03-15 – Approved by the IESG as Informational RFC Title: A URN Namespace for GEANT URL: http://www.ietf.org/internet-drafts/draft-kalin-geant-urn-namespace-01.txt Date: 2007-03-15 – Approved by the IESG as Informational RFC Title: PCE Communication Protocol (PCECP) Specific Requirements for Inter-Area Multi Protocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcecp-interarea-reqs-05.txt Date: 2007-03-15 – Approved by the IESG as Informational RFC Title: A URN Namespace for GEANT URL: http://www.ietf.org/internet-drafts/draft-kalin-geant-urn-namespace-01.txt Date: 2007-03-16 – Last Call: draft-ietf-pwe3-aii-aggregate (AII Types for Aggregation) to Proposed Standar / Call: draft-ietf-pwe3-aii-aggregate (AII Types for Aggregation) to Proposed Standard Title: ast Call: draft-ietf-pwe3-aii-aggregate (AII Types for Aggregation) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-aii-aggregate-02.txt Date: 2007-03-16 – Approved by the IESG as Informational RFC Title: 6LoWPAN: Overview, Assumptions, Problem Statement and Goals URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-problem-08.txt Date: 2007-03-16 – Approved by the IESG as Informational RFC Title: IANA Considerations for PPP over Ethernet (PPPoE) URL: http://www.ietf.org/internet-drafts/draft-arberg-pppoe-iana-03.txt Date: 2007-03-16 – Approved by the IESG as Informational RFC Title: 6LoWPAN: Overview, Assumptions, Problem Statement and Goals URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-problem-08.txt Date: 2007-03-16 – Approved by the IESG as Proposed Standard Title: Fail Over extensions for L2TP “failover” URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-failover-12.txt Date: 2007-03-16 – Approved by the IESG as Informational RFC Title: IANA Considerations for PPP over Ethernet (PPPoE) URL: http://www.ietf.org/internet-drafts/draft-arberg-pppoe-iana-03.txt Date: 2007-03-16 – Approved by the IESG as Informational RFC Title: 6LoWPAN: Overview, Assumptions, Problem Statement and Goals URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-problem-08.txt Date: 2007-03-16 – Approved by the IESG as Proposed Standard Title: Fail Over extensions for L2TP “failover” URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-failover-12.txt Date: 2007-03-18 – Approved by the IESG as Proposed Standard Title: Crankback Signaling Extensions for MPLS and GMPLS RSVP-TE URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-crankback-06.txt Date: 2007-03-18 – Approved by the IESG as BCP Title: Avoiding Equal Cost Multipath Treatment in MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-ecmp-bcp-03.txt Date: 2007-03-18 – Approved by the IESG as BCP Title: Change Process for Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Protocols and Procedures URL: http://www.ietf.org/internet-drafts/draft-andersson-rtg-gmpls-change-08.txt Date: 2007-03-18 – Approved by the IESG as Draft Standard Title: Neighbor Discovery for IP version 6 (IPv6) URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-2461bis-11.txt Date: 2007-03-18 – Approved by the IESG as Informational RFC Title: Overview and Framework for Internationalized Email URL: http://www.ietf.org/internet-drafts/draft-ietf-eai-framework-05.txt Date: 2007-03-18 – Approved by the IESG as Informational RFC Title: Reasons to Move NAT-PT to Historic Status URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-natpt-to-historic-00.txt Date: 2007-03-20 – Approved by the IESG as BCP Title: IANA Considerations for OSPF URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-iana-03.txt Date: 2007-03-20 – Approved by the IESG as BCP Title: IANA Considerations for OSPF URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-iana-03.txt Date: 2007-03-20 – Approved by the IESG as Draft Standard Title: LDP Specification URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-rfc3036bis-04.txt Date: 2007-03-21 – Last Call: draft-ietf-ips-isns-mib (Definitions of Managed Objects for iSNS (Internet Storage Name Service)) to Proposed Standar / Call: draft-ietf-ips-isns-mib (Definitions of Managed Objects for iSNS (Internet Storage Name Service)) to Proposed Standard Title: ast Call: draft-ietf-ips-isns-mib (Definitions of Managed Objects for iSNS (Internet Storage Name Service)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-isns-mib-11.txt Date: 2007-03-27 – Approved by the IESG as Proposed Standard Title: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX URL: http://www.ietf.org/internet-drafts/draft-ietf-pki4ipsec-ikecert-profile-12.txt Date: 2007-03-27 – Approved by the IESG as Proposed Standard Title: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX URL: http://www.ietf.org/internet-drafts/draft-ietf-pki4ipsec-ikecert-profile-12.txt Date: 2007-03-28 – Last Call: draft-ietf-rmt-fec-bb-revised (Forward Error Correction (FEC) Building Block) to Proposed Standar / Call: draft-ietf-rmt-fec-bb-revised (Forward Error Correction (FEC) Building Block) to Proposed Standard Title: ast Call: draft-ietf-rmt-fec-bb-revised (Forward Error Correction (FEC) Building Block) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-fec-bb-revised-06.txt Date: 2007-03-28 – Approved by the IESG as Informational RFC Title: QoS Signaling in a Nested Virtual Private Network URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-vpn-signaled-preemption-02.txt Date: 2007-04-02 – Approved by the IESG as Informational RFC Title: Address Resolution Mechanisms for IP Datagrams over MPEG-2 Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-ipdvb-ar-06.txt Date: 2007-04-03 – Approved by the IESG as Proposed Standard Title: The Message Session Relay Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-message-sessions-19.txt Date: 2007-04-03 – Approved by the IESG as Informational RFC Title: Softwire Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-problem-statement-03.txt Date: 2007-04-03 – Approved by the IESG as Proposed Standard Title: IS-IS Extensions for Advertising Router Information URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-caps-07.txt Date: 2007-04-05 – Last Call: draft-ietf-inch-iodef (The Incident Object Description Exchange Format) to Proposed Standar / Call: draft-ietf-inch-iodef (The Incident Object Description Exchange Format) to Proposed Standard Title: ast Call: draft-ietf-inch-iodef (The Incident Object Description Exchange Format) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-inch-iodef-11.txt Date: 2007-04-07 – Approved by the IESG as Experimental RFC Title: DNSSEC Opt-In URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-opt-in-09.txt Date: 2007-04-07 – Approved by the IESG as Proposed Standard Title: SMTP Service Extension for Authentication URL: http://www.ietf.org/internet-drafts/draft-siemborski-rfc2554bis-09.txt Date: 2007-04-09 – Approved by the IESG as Proposed Standard Title: AII Types for Aggregation URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-aii-aggregate-02.txt Date: 2007-04-09 – Approved by the IESG as Proposed Standard Title: Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs) URL: http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-03.txt Date: 2007-04-09 – Approved by the IESG as Proposed Standard Title: Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs) URL: http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-03.txt Date: 2007-04-09 – Approved by the IESG as BCP Title: Handling Normative References to Standards Track Documents URL: http://www.ietf.org/internet-drafts/draft-klensin-norm-ref-04.txt Date: 2007-04-09 – Approved by the IESG as Informational RFC Title: Link-layer Event Notifications for Detecting Network Attachments URL: http://www.ietf.org/internet-drafts/draft-ietf-dna-link-information-06.txt Date: 2007-04-09 – Approved by the IESG as Proposed Standard Title: AII Types for Aggregation URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-aii-aggregate-02.txt Date: 2007-04-09 – Approved by the IESG as Proposed Standard Title: Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs) URL: http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-03.txt Date: 2007-04-09 – Approved by the IESG as BCP Title: Handling Normative References to Standards Track Documents URL: http://www.ietf.org/internet-drafts/draft-klensin-norm-ref-04.txt Date: 2007-04-09 – Approved by the IESG as Informational RFC Title: Link-layer Event Notifications for Detecting Network Attachments URL: http://www.ietf.org/internet-drafts/draft-ietf-dna-link-information-06.txt Date: 2007-04-09 – Approved by the IESG as Proposed Standard Title: AII Types for Aggregation URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-aii-aggregate-02.txt Date: 2007-04-11 – Approved by the IESG as Proposed Standard Title: Generalized MPLS (GMPLS) RSVP-TE Signaling Extensions in support of Calls URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-rsvp-te-call-04.txt Date: 2007-04-12 – Last Call: draft-shacham-sipping-session-mobility (Session Initiation Protocol (SIP) Session Mobility) to Informational RF / Call: draft-shacham-sipping-session-mobility (Session Initiation Protocol (SIP) Session Mobility) to Informational RFC Title: ast Call: draft-shacham-sipping-session-mobility (Session Initiation Protocol (SIP) Session Mobility) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-shacham-sipping-session-mobility-03.txt Date: 2007-04-16 – Approved by the IESG as Proposed Standard Title: Dialstring parameter for the Session Initiation Protocol Uniform Resource Identifier URL: http://www.ietf.org/internet-drafts/draft-rosen-iptel-dialstring-05.txt Date: 2007-04-16 – Approved by the IESG as Informational RFC Title: A Framework for Supporting Emergency Telecommunications Services (ETS) Within a Single Administrative Domain URL: http://www.ietf.org/internet-drafts/draft-ietf-ieprep-domain-frame-08.txt Date: 2007-04-17 – Approved by the IESG as BCP Title: Symmetric RTP/RTCP URL: http://www.ietf.org/internet-drafts/draft-wing-behave-symmetric-rtprtcp-03.txt Date: 2007-04-19 – Last Call: draft-ietf-ipfix-reducing-redundancy (Reducing Redundancy in IPFIX and PSAMP Reports) to Informational RF / Call: draft-ietf-ipfix-reducing-redundancy (Reducing Redundancy in IPFIX and PSAMP Reports) to Informational RFC Title: ast Call: draft-ietf-ipfix-reducing-redundancy (Reducing Redundancy in IPFIX and PSAMP Reports) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-reducing-redundancy-03.txt Date: 2007-04-19 – Last Call: draft-ietf-ipfix-reducing-redundancy (Reducing Redundancy in IPFIX and PSAMP Reports) to Informational RF / Call: draft-ietf-ipfix-reducing-redundancy (Reducing Redundancy in IPFIX and PSAMP Reports) to Informational RFC Title: ast Call: draft-ietf-ipfix-reducing-redundancy (Reducing Redundancy in IPFIX and PSAMP Reports) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-reducing-redundancy-03.txt Date: 2007-04-19 – Last Call: draft-ietf-ipfix-biflow (Bidirectional Flow Export using IPFIX) to Informational RF / Call: draft-ietf-ipfix-biflow (Bidirectional Flow Export using IPFIX) to Informational RFC Title: ast Call: draft-ietf-ipfix-biflow (Bidirectional Flow Export using IPFIX) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-biflow-04.txt Date: 2007-04-23 – Approved by the IESG as Proposed Standard Title: Information Model for IP Flow Information Export URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-info-15.txt Date: 2007-04-23 – Approved by the IESG as Proposed Standard Title: Definitions of Managed Objects for iSNS (Internet Storage Name Service) URL: http://www.ietf.org/internet-drafts/draft-ietf-ips-isns-mib-11.txt Date: 2007-04-23 – Approved by the IESG as Proposed Standard Title: IMAP Extension for SASL Initial Client Response URL: http://www.ietf.org/internet-drafts/draft-siemborski-imap-sasl-initial-response-06.txt Date: 2007-04-23 – Approved by the IESG as Proposed Standard Title: Forward Error Correction (FEC) Building Block URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-fec-bb-revised-07.txt Date: 2007-04-23 – Approved by the IESG as Informational RFC Title: The P-Answer-State Header Extension to the Session Initiation Protocol for the Open Mobile Alliance Push-to-talk over Cellular URL: http://www.ietf.org/internet-drafts/draft-allen-sipping-poc-p-answer-state-header-05.txt Date: 2007-04-24 – Last Call: draft-camarillo-sipping-profile-key (The Session Initiation Protocol (SIP) P-Profile-Key Private Header (P-Header)) to Informational RF / Call: draft-camarillo-sipping-profile-key (The Session Initiation Protocol (SIP) P-Profile-Key Private Header (P-Header)) to Informational RFC Title: ast Call: draft-camarillo-sipping-profile-key (The Session Initiation Protocol (SIP) P-Profile-Key Private Header (P-Header)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-camarillo-sipping-profile-key-01.txt Date: 2007-04-25 – Last Call: draft-ietf-sipping-spam (The Session Initiation Protocol (SIP) and Spam) to Informational RF / Call: draft-ietf-sipping-spam (The Session Initiation Protocol (SIP) and Spam) to Informational RFC Title: ast Call: draft-ietf-sipping-spam (The Session Initiation Protocol (SIP) and Spam) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-spam-04.txt Date: 2007-04-26 – Last Call: draft-ietf-sipping-dialogusage (Multiple Dialog Usages in the Session Initiation Protocol) to Informational RF / Call: draft-ietf-sipping-dialogusage (Multiple Dialog Usages in the Session Initiation Protocol) to Informational RFC Title: ast Call: draft-ietf-sipping-dialogusage (Multiple Dialog Usages in the Session Initiation Protocol) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-dialogusage-06.txt Date: 2007-04-26 – Approved by the IESG as Proposed Standard Title: IANA Registration for vCard Enumservice URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-vcard-06.txt Date: 2007-04-26 – Approved by the IESG as Informational RFC Title: Defending TCP Against Spoofing Attacks URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-antispoof-06.txt Date: 2007-04-27 – Last Call: draft-ietf-pwe3-vccv (Pseudo Wire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standar / Call: draft-ietf-pwe3-vccv (Pseudo Wire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standard Title: ast Call: draft-ietf-pwe3-vccv (Pseudo Wire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-vccv-13.txt Date: 2007-04-27 – Last Call: draft-ietf-pwe3-ms-pw-requirements (Requirements for Multi-Segment Pseudowire Emulation Edge-to-Edge (PWE3)) to Informational RF / Call: draft-ietf-pwe3-ms-pw-requirements (Requirements for Multi-Segment Pseudowire Emulation Edge-to-Edge (PWE3)) to Informational RFC Title: ast Call: draft-ietf-pwe3-ms-pw-requirements (Requirements for Multi-Segment Pseudowire Emulation Edge-to-Edge (PWE3)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-ms-pw-requirements-05.txt Date: 2007-04-27 – Approved by the IESG as Informational RFC Title: Analysis of IPv6 Link Models for 802.16 based Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv6-link-model-analysis-03.txt Date: 2007-04-27 – Approved by the IESG as Informational RFC Title: CableLabs – IETF Standardization Collaboration URL: http://www.ietf.org/internet-drafts/draft-mule-ietf-cablelabs-collaboration-03.txt Date: 2007-04-30 – Last Call: draft-ejzak-sipping-p-em-auth (Private Header (P-Header) Extension to the Session Initiation Protocol (SIP) for Authorization of Early Media) to Informational RF / Call: draft-ejzak-sipping-p-em-auth (Private Header (P-Header) Extension to the Session Initiation Protocol (SIP) for Authorization of Early Media) to Informational RFC Title: ast Call: draft-ejzak-sipping-p-em-auth (Private Header (P-Header) Extension to the Session Initiation Protocol (SIP) for Authorization of Early Media) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ejzak-sipping-p-em-auth-03.txt Date: 2007-04-30 – Last Call: draft-ejzak-sipping-p-em-auth (Private Header (P-Header) Extension to the Session Initiation Protocol (SIP) for Authorization of Early Media) to Informational RF / Call: draft-ejzak-sipping-p-em-auth (Private Header (P-Header) Extension to the Session Initiation Protocol (SIP) for Authorization of Early Media) to Informational RFC Title: ast Call: draft-ejzak-sipping-p-em-auth (Private Header (P-Header) Extension to the Session Initiation Protocol (SIP) for Authorization of Early Media) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ejzak-sipping-p-em-auth-03.txt Date: 2007-04-30 – Last Call: draft-ietf-sip-e2m-sec (End-to-middle Security in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-e2m-sec (End-to-middle Security in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-e2m-sec (End-to-middle Security in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-e2m-sec-05.txt Date: 2007-04-30 – Last Call: draft-ietf-sip-e2m-sec (End-to-middle Security in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-e2m-sec (End-to-middle Security in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-e2m-sec (End-to-middle Security in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-e2m-sec-05.txt Date: 2007-04-30 – Last Call: draft-ietf-sip-fork-loop-fix (Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies) to Proposed Standar / Call: draft-ietf-sip-fork-loop-fix (Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies) to Proposed Standard Title: ast Call: draft-ietf-sip-fork-loop-fix (Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-fork-loop-fix-05.txt]]> 1474 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellowship-program-2/ Sun, 27 May 2007 16:13:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1476 Education section on www.isoc.org.]]> 1476 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-ietf-goes-ipv6-native-at-ietf-71/ Mon, 07 Jul 2008 15:52:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=960 IETF 71 IPv4 outage Wiki page

When the room is full of Internet engineers who would like to do something, this is not the sort of question that bears much discussion in the abstract. So, when Rohan Mahy leaned over during the IETF 70 plenary meeting and whispered, “Why don't we just shut off IPv4 during the next plenary?” I instantly urged him to make that suggestion to the IETF chair. Russ Housley didn't waste time: Upon confirmation of the technical feasibility of such an activity, Russ put the plan to the community in December. With that, people were given notice: An opportunity for community spirit was upon us; computers and/or home networks and resources should be readied. The initial reaction to the plan was mixed, but it helped refine the parameters of the experiment. Wireless IPv6-only connectivity would be available (by choice) through the entire week, so that people could get prepared. The IPv4 outage would be limited to one hour, and it would be implemented only in the plenary room's wireless coverage itself. The IETF meeting network crew is well versed in providing IPv6 connectivity, so it was clear from the outset that IPv6 networking would not be the challenge – beyond the usual need to plan carefully. Introducing network changes in the middle of an operational meeting requires planning and care. Instead, the biggest question mark was user reluctance. In many ways, this mirrors the state of IPv6 diffusion in the world today. As planning was under way in the early months of the year, similar IPv6 events were announced and executed in other meetings (NANOG and APRICOT each had IPv6-only hours). The intended experience of the IETF event was different, as reflected in the choice not to provide IPv4/IPv6 protocol translation (NAT-PT). Stepping beyond questions of transition, the intent was to provide engineers with some firsthand experience in working with IPv6 in the wild. As Shane Kerr noted in his article on the IETF and IPv6 in IETF Journal Volume 3, Issue 2, “eating our own dog food” is the only way for Internet engineers to fully grasp and prioritize the range of issues that can and should be addressed in order to continue to support the practical deployment of IPv6. The early announcement of the event clearly motivated several IETF attendees to prepare. While some IETF attendees use IPv6 on a regular basis, many do not, so the event was largely intended to target those engineers for whom this was going to be new ground. Some made sure their home networks and Internet resources were IPv6 capable in time for the event. Even some of the regular IPv6 users had surprises when they were attached to an IPv6-only network, such as problems associated with missing IPv6 DNS glue records for their domains. The big news of the day was Google’s announcement – at the IETF meeting – of an IPv6-accessible site for its search engine (http://ipv6.google.com). In true IETF fashion, rumours were circulating in advance of the announce-ment, including detections of Google IPv6 routing announcements and DNS entries indicating that Google was up to something. The reality is that engineers at Google had been working hard to address both technical issues and skepticism, using the IETF event as a target for the delivery of an IPv6-accessible site. Google's announcement in the plenary drew a round of appreciative applause from attendees. Lorenzo Colitti showcased the work as an illustration of what is possible with IPv6. According to Lorenzo, it hadn't been difficult, since all of the necessary pieces were available, but it had required persistence. He urged other organisations not to be afraid and to press on with IPv6. One of the biggest technical hurdles was known in advance of the IETF meeting; that is, that Windows XP does not (natively) support DNS resolution over IPv6. Since the IETF event was not providing NAT-PT, this slowed down a number of attendees: Windows XP users with IPv6 turned on could connect to other sites over the Internet – but only by manually entering the IPv6 address. Elwyn Davies, for one, was determined not to be stumped. Early in the week, he set out to run BIND on his Windows XP notebook to provide IPv6-capable DNS resolution for his notebook's applications, but he soon discovered a bug in BIND. Fortunately, Mark Andrews of ISC was quickly able to provide an interim fix for the code. This is the sort of playful engineering that made the event fun as well as useful. At its peak, about 190 computers were connected to the IPv6-only network during the IETF 71 IPv6-only hour, reaching out to a combined total of some 750 different global IPv6 addresses. Relatively few glitches were reported, though there were some challenges with global routing. This is not surprising, given that IPv6 deployment is still only as diffused as the very early days of the Internet.

IPv6 Wiki page

IETF 71 meeting host Comcast was also using the week as an opportunity to run IPv6-related networking experiments. Fully supportive of IPv6 deployment, Comcast's Alain Durand is also focusing on transition issues and supporting large-access networks even as IPv4 addresses become scarcer. To that end, a separate network was available to those IETF attendees who knew where to find it in the form of a double-NATed IPv4-IPv6-IPv4 network; with that network, attendees could connect to it as an IPv4 network and access the rest of the IPv4 Internet (only). However, the packets were carried across an intervening IPv6 network, transparently to either end. The full model and motivation are provided in draft-durand-v6ops-natv4v6v4. The NATing from IPv4 to IPv6 and then back to IPv4 (the double NAT) may introduce issues for some types of applications. It could also potentially cause a reduction in network performance. This particular network's availability was announced about 30 minutes into the IPv6 event, by which time folks who had not been able to get onto the IPv6 network for one reason or another were quite willing to test its performance. In the end, response to the IPv6 event was quite positive. IETF attendees expressed enthusiasm for what they learned about IPv6 as well as interest in repeating the effort. During the Thursday technical plenary, suggestions were made to continue with having IPv6 events during future IETF plenaries or perhaps similarly showcasing other technologies in need of review and airing. As always, the challenge is to find a balance between providing a solid operational network, upon which the meetings and attendees depend, and providing an experimental environment in which engineers can play on real-scale networks. No single one of these IPv6 events is going to cause an instant uptick in the amount of IPv6 activity on the Internet. However, such events are breaking down the barriers of fear, uncertainty, and doubt and enabling core Internet engineers and operators to discuss how to deploy IPv6 rather than questioning whether IPv6 is deployable. For the IETF, the value of this event will be seen in ongoing working group meetings, as more participants have their own firsthand IPv6 usage experience to draw on.]]> 960 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-19/ Mon, 07 Jul 2008 15:53:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=962 Russ Housley, IETF Chair

The week was filled with the usual mixture of working group (WG) meetings, BoF (birds-of-a-feather) sessions, research group (RG) meetings, and as always, many side meetings. Since IETF 70, five new WGs were chartered and two WGs were closed. There are now approximately 120 WGs. Between the meetings, the WGs and their individual contributors produced 337 new Internet-Drafts and generated 881 updated Internet-Drafts. The Internet Engineering Steering Group approved 50 Internet-Drafts for publication as RFCs. The RFC Editor published 73 new RFCs. This was the first meeting supported by the new IETF secretariat vendor: Association Management Solutions (AMS). By all accounts, AMS did an out-standing job. Thanks for all of the hard work and quick study.

New BoF Meetings Descriptions and agendas for all BoF meetingsApplications Area esds: Extensible Supply-chain Discovery Service idn: International Domain Names General Area Pufi: Procedures Update for IETF Operations and Management Area Canmod: Comparing Approaches to NETCONF Modeling Real-time Applications and Infrastructure Area Rucus: Reducing Unwanted Communications using SIP Peppermint: Provisioning Extensions in Peering Registries for Multimedia INTerconnection Security Area Kmart: Key Management for Routing Protocols

One of the hot topics during the several sessions and many hallway discussions at IETF 71 was IPv6 adoption (the discussion in the V6OPS WG meeting about requirements for NAT-PT was especially lively). Throughout the week, an IPv6-only network was available to enable attendees to experience the Internet without IPv4. At the Wednesday evening plenary, the IPv4 wireless network was turned off. As part of the experiment, two hours before the plenary, ipv6.google.com became available. A lot of hard work went into making this site and others available in time. The general consensus was that there was much to be learned from the experiment. An IPv6-only wireless network will be available at future meetings.   I look forward to IETF 72 in Dublin (27 July-1 August) and IETF 73 in Minneapolis (16-21 November 2008). Here is Scheduling information for the next IETF meetings. I look forward to seeing you there.]]> 962 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-17/ Mon, 07 Jul 2008 15:54:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=964 Olaf Kolkman, IAB Chair

Architectural documents usually start their lives because of a particular interest in an architectural topic by one or more IAB members. Those architectural topics are usually triggered by ongoing work in the IETF, where one could claim that an architectural principle has been violated or that there are various architectural choices to be made. I hurry to say that there is neither a big book with architectural principles nor a blueprint with all of the design principles available to the IAB – or anybody else. So, what makes an issue an architectural issue is usually in the eye of the observer. An architectural document is valuable if such document tries to step away from the issue of the day, if it takes a stab at rationalizing the design trade-offs, and if it provides architectural directions. Directions-plural-because often there are multiple ways to approach a problem, and depending on the environment, one may need to make trade-offs between several architectural principles and pragmatism. IAB members are not, and should not be, the only ones able to identify, analyse, and document architectural issues and directions. It occasionally happens that other IETF participants solicit an architectural Internet Draft for IAB consideration. Also, after considering an issue, the IAB may find it has insufficient in-depth knowledge of the specifics of an issue. In those cases, it reaches out to let specialists help define the various directions and trade-offs. Architectural documents are published as RFCs after IAB consensus. However, the IAB does not publish its architectural documents without some form of public review. Usually, the intent to publish a document is announced on the IETF announcement list, and feedback is solicited. If you want to know more about the process by which the IAB publishes architectural and other IAB stream documents, I refer you to RFC4548 (“Process for Publication of IAB RFCs”). At the moment of writing this column two drafts are about to be finalised for publication: “Design Choices When Expanding DNS” and “What Makes For a Successful Protocol?” while “Principles of Internet Host Configuration” is on the nomination for an IETF call for comments. As always, your comments on specific documents or on areas where the IAB might consider publication of architectural consideration documents are welcome.

IETF 71 Facts and FiguresRegistered attendees: 1,131 Countries: 49 New WGs: 5 Closed WGs: 2 WGs Chartered: 120 New Internet-Drafts: 337 Updated Internet-Drafts: 881 IETF Last Calls: 60 Approvals: 50 (Nov 2007 – Feb 2008) 73 RFCs published of which

• 52 standards tracks
• 1 BCP

80 Internet-Drafts submitted for publication

• 52 submitted by the IETF

IANA Actions (Nov 2007 – Feb 2008) Processed ~1,240 IETF-related requests of which:

• 761 Private Enterprise Numbers
• 92 Port Numbers
• 92 Port Numbers
• 125 TRIP ITAD Numbers
• 30 media-type requests

 ]]> 964 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-18/ Fri, 07 Dec 2007 16:07:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=985

Olaf Kolkman, IAB Chair

The technical plenary during IETF 69 in Chicago did not include a technical presentation. During the open-microphone session at that IETF, a number of people in the audience expressed dissatisfaction with the lack of a substantive technical presentation. In contrast, IETF 70 in Vancouver featured two technical topics that were sufficiently thought provoking to stimulate lively debate. The technical plenary serves as a forum in which the Internet Architecture Board (IAB) reports and receives feedback from the community. The IAB chair’s report, the IRTF (Internet Research Task Force) chair’s report, and the open- microphone session are fixed agenda items. These agenda items serve a purpose similar to those of the IAOC (Internet Administrative Oversight Committee) and the IESG (Internet Engineering Steering Group) administrative plenary sessions: they serve as a meaningful and effective way for the IAB to receive feedback from and undergo scrutiny by the community. In addition to those agenda items, the IAB looks for presentations that inform the IETF of technical topics or developments the community should be aware of or that require further discussion. Often, these sorts of presentations relate directly to work that is ongoing within the IAB. One example is the session on internationalisation that was featured at IETF 68 in Prague. It was inspired by the earlier publication of RFC 4690¹. Dave Thaler’s presentation on protocol successes in Vancouver is another example; clearly, some of the protocols that we design have been much more successful than others. The IAB has been working to try to understand which factors lead to success. Its goal is to help make current and future protocol work more successful. The paper titled “What Makes For a Successful Protocol?”² represents the current state of our thinking (see page 20). We welcome yours. Sometimes the topics presented at the technical plenary are of wide interest but not directly related to the IETF’s or the IAB’s agenda. An example of that was the presentation in Vancouver on power consumption of network elements, a topic that is starting to attract a lot of interest but that is not something that we in the IETF have heretofore considered when designing protocols or systems. We hope it was useful to hear someone who is actively researching power consumption reflect on the power consumption issues in IETF protocols and networks in general. When selecting plenary topics and speakers, we always aim for presentations that are entertaining, informative, and thought provoking and that will lead to healthy group discussion. Of course, defining suitable topics and finding good speakers are continuing challenges for which the IAB welcomes suggestions.  

1. RFC 4690: Review and Recommendations for Internationalized Domain Names (IDNs), Klensin, Fältström, Karp, and the IAB.
2. What Makes For a Successful Protocol? D. Thaler, B. Aboba, and the IAB.

 ]]> 985 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-5/ Fri, 07 Dec 2007 16:08:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=987

Mirjam Kühne

Following a warm welcome by IETF chair Russ Housley, Stephen Wolff of the Cisco Research Center, one of the hosts of IETF 70 together with Microsoft, gave a presentation in which he reflected on Internet research. Stephen’s participation in the IETF goes back to its beginnings. Stephen recalled that at the second meeting of the IETF in April 1986-which was considerably smaller than today’s meetings and which had a much smaller network-a presentation by Bob Hinden showed the actual size of the Internet: “131 Networks, 85+ Gateways, 160,000,000 packets/week.” At the time, there was not a lot of Internet-related research and there weren’t many textbooks on networking. In fact, the entire library of Internet-related books would most likely have fit on one shelf. However, even at that time, Stephen said, the Internet was a rich source of problems. On the technical side there were routing failures, collapses through congestion, fast long-distance networks, and lack of security. But there were nontechnical problems as well. In his presentation Stephen described one particular research project-the Gigabit Testbeds (1990-1995)-that was of particular interest. Done in cooperation with CNRI (the Corporation for National Research Initiatives) and funded by 20 million USD over five years, Craig Partridge called it “How Slow Is One Gigabit per Second?” With a total of five testbeds, the project had mixed success, but according to Stephen, the community gained a much better understanding of the challenges of speed over long distances. Much has happened since. Today there are two big research projects:

1. GENI (Global Environment for Network Innovation), which, with a budget of approximately 367 million USD, is much larger in scope than the Gigabit Testbeds project but similarly organised, and
2. FIND (Future Internet Network Design), a major, new, long-term initiative of the NSF NETS research programme and that has a budget of 30 million-40 million USD per year.

Together they add up to more than 40 different projects. “Many of them are good,” said Stephen, who encouraged everyone who is interested in research to look over the programmes at http://find.isi.edu. There also is the work of the Internet Research Task Force (IRTF). A number of IRTF research groups (RGs) have funded FIND proposals, such as dtnrg, eme, end2end, mrg, p2prg, and rrg. The Crypto Forum RG (cfrg) seeded the GCM mode for IPSec (RFC 4106) and UMAC message authentication (RFC 4418). Stephen closed his presentation by welcoming unsolicited proposals to the Cisco Research Center. Following Stephen’s presentation was the Network Operations Center (NOC) report, which was presented by Morgan Sackett of VeriLAN. The NOC was again run by VeriLAN staff and volunteers. Upstream connectivity was provided by Telus and BCNET. An IPv6 tunnel was set up to ISC. Once again, the NOC did a fantastic job. The network operated without disruptions during the entire meeting. Lakshminath Dondeti, chair of the Nominations Committee (NomCom), introduced the new NomCom members and gave a status report. The NomCom regularly sends requests for feedback about the various candidates. The return rate is, at best, 12 percent and, at worst, 4 percent. This is not good enough. More feedback is needed in the future. Community input is crucial for this process to work effectively. Henrik Lewkovetz put together some extremely useful tools. Lakshminath thanked Henrik and the NomCom members for all the work they have put into this process.

Recognitions

A number of people were recognised for their contributions to the IETF and the Internet. Mark Foster, chief technology officer of NeuStar, was recognised for his pivotal role in the administrative restructuring of the IETF. Without his assistance, the restructuring would have taken much longer and would have been much more difficult.

Jon Postel Award

The Jon Postel Award Committee announced that the 2007 Jon Postel Award was given to Nii Quaynor for “his vision and pioneering work that helped countless others to spread the Internet across Africa.”

Jon Postel Award Winner Nii Quaynor Photo Credit: Peter Löthberg, with permission

The award is traditionally presented to an individual who has made outstanding contributions in service to the data communications community and to honor an individual who, like Jon Postel, has provided sustained and substantial technical contributions, service to the community, and leadership. With respect to leadership, the committee places particular emphasis on candidates who, in addition to their own individual accomplishments, have supported and enabled others to achieve success. Nii established the first Internet services in West Africa in 1993. He is the founding chair of AfriNIC, the African numbers registry, and has been convener of the African Network Operators Group (AfNOG) since 2000. Earlier in his career, Nii established the computer science department at the University of Cape Coast in Ghana in 1979. He was awarded a Ph.D. in computer science from the State University of New York at Stony Brook in 1977 and worked at Digital Equipment Corporation from 1977 to 1992. Currently, Nii is chair of Network Computer Systems in Ghana and professor of computer science at the University of Cape Coast. Nii thanked ISOC and the IETF, saying he felt humbled by the award and by what it represents. “Africa thanks ISOC and the IETF for this recognition. Africa will be very pleased with this contribution.” He thanked his colleagues in Africa who supported his efforts and pushed him along. He also recognised the IETF community for contributing in such areas as how the number and name resources have been defined, which has helped Africa’s underlying understanding and its self-organisation. Nii plans to use the award of 20,000 USD to establish a new fund for technical engineers in Africa. The fund will be managed by AfriNIC and AfNOG.

Stats and Updates

In his IETF chair report, Russ Housley provided some meeting statistics as well as an update on IANA and RFC activities. He also thanked the team of volunteers responsible for the audio streaming. The IETF received outstanding support from the Network Resource Startup Center and the University of Oregon. Kurtis Lindqvist, chair of the IETF Administrative Oversight Committee (IAOC), reported that the Association Management Solutions (AMS) secretariat has won the RFP for the IETF Secretariat services. A transition plan is being worked out. The IAOC thanked the staff of NeuStar Secretariat Services. The 2008 IETF budget was submitted to the ISOC Board of Trustees and was approved shortly after IETF 70. Ray Pelletier, IETF administrative director, announced that contracts with venues are already in place for meetings in 2008. In fact, the entire meeting-planning process is now happening with much longer lead times. After a survey of the IETF community, it was decided to follow a 3-2-1 model with respect to meeting locations: Within two years there will be three meetings in North America, two meetings in Europe, and one meeting in Asia. This seems to be appropriate for meeting the needs of attendees. At the end of his presentation, Ray acknowledged the ISOC Fellowship Programme, which brings engineers from developing countries to IETF meetings. All costs are covered by ISOC. Each fellow is paired with an experienced IETF participant, who acts as a mentor for that fellow. Many thanks to the mentors and sponsors of the programme. (See page 9 for more information about the ISOC 70 fellows and mentors.)

Open Mic

A short discussion regarding tools development took place at the beginning of the open-mic session, which was directed mainly toward the IAOC. While tools development and maintenance falls within the responsibility of the IETF Secretariat, the volunteer effort to develop tools is still seen as critically important both to save money and because it is a hands-on community effort. Some people would like to see a plan for moving forward with tools development and maintenance and learn more about how the plan will support the community. The IAOC is working on both the plan and a license agreement. With regard to the IETF Trust, Ray said that while the IAOC has not kept an inventory of the nearly 2,000 RFCs that have by now been signed to the Trust, all names are listed on the IAOC Web site. In addition, businesses have signed their RFCs over to the Trust, which means that all documents that have been published by employees of a company are automatically signed over to the Trust. It is estimated that approximately half of all RFCs are by now signed over to the IETF Trust, which is a positive development.

Discussion on NAT and IPv6 Continues

Network address translation (NAT) was a topic again raised during the plenary session. The behave working group (WG) was chartered to define how NATs can behave more reasonably and according to specification. One of the properties would be incremental deployability. One speaker was concerned that incremental changes to NATs would be the wrong approach. On the other hand, there are currently ongoing discussions within the STUN (Simple Traversal of UDP through NATs) and ICE (Interactive Connectivity Establishment) communities that describe why a general solution will not work. Those discussions will have to be continued by the appropriate working groups. IPv6 also remains a big topic for the IETF. Even though at this IETF meeting, IPv6 deployment was not officially on the IESG or IAB plenary agenda, there were several discussions both during various working group meetings and in the hallways. IESG member Ross Callon said he hopes that at some point “the pain will be high enough to deploy IPv6.” Sam Hartman, one of the two security area directors, disagreed, saying, “IPv6 is being incrementally deployed and is catching on where it has value.” He wondered whether it really makes that much sense for everyone, at some point, to switch over to IPv6. Another attendee added that deployment of IPv6 is not always straightforward, leading to agreement that better documentation is needed and that the IETF community could help with that. Jari Arkko, an IESG member who is active in the area of IPv6, reiterated that the IETF can also help by making sure all the necessary pieces are in place so that users can deploy IPv6. The v6ops WG is looking into whether all transition mechanisms are in place. Outside the IETF, education is needed, and the IETF is working with ISOC to address that issue. Overall, it was expressed that it is necessary to understand that no true transition is possible. IPv4 and IPv6 are disjoint address spaces. Proper mechanisms for moving between the two versions are essential. What followed was a discussion about what would motivate people to use IPv6 in their networks. Some people believe only a killer application or more features will help. Others disagree, saying nobody is going to develop an application that runs only on an infrastructure that hardly anyone uses yet. The biggest benefit of IPv6 is a much bigger address space. Alain Durand summarised it as follows: “The motto for many years has been ‘Bandwidth, bandwidth, bandwidth.’ Now the motto has changed to ‘Address space, address space, address space.’ It’s as simple as that.” However, the immediate address shortage of IPv4 has been fixed by introducing NAT. Large corporations that need a lot of address space are starting to use IPv6, now that there aren’t enough IPv4 addresses. Adiel Aklogan, CEO of AfriNIC, the African numbers registry, agrees that IPv6 is indeed happening and that the IETF has been doing a lot to encourage people to use it. “All RIRs are working with their communities on that,” he said. “Maybe the IETF can help by sending the right message to the operators community that the protocol is ready.” Echoing much of the discussion at IETF 69 in Chicago, it was concluded in Vancouver that most of the IETF’s work on IPv6 has been completed. What is left to do is education. And vendors need to be encouraged to implement IPv6. “There are some bugs and issues with IPv6 equipment,” said Jari. “With more users, those will be fixed faster. It’s a matter of time.”

Technical Plenary

The technical part of the plenary session at IETF 70 was devoted primarily to two technical presentations. The first one, called What Makes For a Successful Protocol, was presented by Dave Thaler (see page 20). The authors were applauded by attendees for their excellent work in this area, and the presentation was followed by a constructive and lively discussion. It was suggested that not only the IESG but also working groups need to be paying attention to this work so that newer protocols have a better chance at becoming successful. Economical alignment and deployability are now already being used as criteria for successful protocol design in some WGs. This is a positive development, as Olaf Kolkman noted. Leslie Daigle warned that technical superiority is not necessarily a factor for becoming successful. As she explained, older protocols that were brought into the IETF could also be more successful because at that time new work was more elastic and more experimental in nature. It was easier to bring in new ideas. “Nowadays we have to check if things are successful before we start, looking at them in order to not bring the whole industry down,” she said. “This is a challenge.” Dave Thaler emphasised that success often doesn’t become clear until sufficient time has passed. “In hindsight it’s easy to tell what is successful,” he said. “It’s much more difficult when you’re designing it. Sometimes you just can’t tell. It may be successful later for other reasons,” Bob Hinden added. Some interesting suggestions were made during the discussion: For example, one could identify those protocols that were developed outside the IETF and what factors influenced the decision to not take them on as IETF work items. Some of them became successes. One could look at those cases and see why they became successful and why they were developed elsewhere. Another speaker mentioned that one reason protocols are successful outside the IETF could be that protocols have a high turnover rate and suggested that perhaps one should look at how to adopt protocols into the IETF. There are also cases where efforts were made to kill a protocol but it survived nonetheless. What were the reasons for that? Is it possible that working groups sometimes try too hard to predict what is going to be successful? Olaf gave DNSSEC some thought in that context. “This has been in the IETF for a long time,” he said. “One success criterion is whether there is a perceived benefit. This is very hard to sell for a security mechanism. There is very little the IETF can do except make the case that some things are important. Then the marketplace decides.” “There are always various demands on a protocol,” said Mark Crispin in closing. “The processes of the past cannot be applied today. Are there other organisations that have a faster turnaround and the same diversity as we have? Our diversity is our strength.” The second technical presentation covered a topic that is a bit unusual for the IETF but was received positively. It was called Energy Engineering for Protocols and Networks, and it was presented by Bruce Nordman, a researcher at the Environmental Energy Technologies Division of Lawrence Berkeley National Laboratory. “Why might we care about energy engineering?” asked Elwyn Davies as he introduced Bruce. “Is there a way-when we design protocols-to keep the amount of total energy use down?” Bruce presented a number of statistics demonstrating that most energy is used at the edges and that energy use is affected by applications and protocols-and not just hardware. A number of research projects are exploring that topic, including a project called Energy-Efficient Ethernet and one called Network Presence Proxying, which focuses on the significant amount of energy that is used when devices are idle. Bruce is currently working with the industry to draft the content of a proxying standard. For more information. A related initiative is an NSF/FIND project called Energy-Aware Network Architecture. What can the IETF do to help reduce energy usage? Bruce made a number of suggestions that IETF engineers and network operators could act on to save energy:

• Facilitate multiple forms of reduced presence (instead of always assuming full presence of all edge devices)
• Enable optional reduced speeds (instead of assuming network links always run at maximum speed)
• Expose knowledge of acceptable latencies
• Determine when and how to facilitate slower acceleration
• Facilitate powering-down links when capacity is not needed (instead of maximising interconnections)

Sidewalk signage in Vancouver Photo Credit: Mirjam Kühne, with permission

The IETF can also ask itself which existing and developing protocols have features that inadvertently work against energy savings and, conversely, which protocols facilitate energy savings. “Could there be some guiding principles that might ensure that protocols maximise energy?” he asked. “And could existing protocols be modified to follow those principles in future revisions?” In closing, Bruce suggested the IETF community make energy savings an integral part of protocol design, just like security. The IETF has two WGs dealing with related issues: 6lowpan (IPv6 over Low-Power WPAN) and, possibly, rl2n (Routing for Low Power and Lossy Networks). The latter was a BoF at IETF 70 and might soon become a WG.]]> 987 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-interview-with-isoc-fellow-subramanian-moonesamy/ Fri, 07 Dec 2007 16:09:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=989

Tomas Carlsson

“Now I got to put a face to all strong people from the mailing lists,” said Subramanian Moonesamy, the man from exotic Mauritius. While the rest of the world dreams of visiting this mythic island country, SM, as he is called, had one of his dreams fulfilled when he attended IETF 70 in Vancouver as part of the ISOC Fellowship to the IETF programme. Think of Earth as a ball of wool. Then think about pushing a knitting needle in where Vancouver would be. At the other side of the ball is where Mauritius is located, a 2,000-square-kilometre island east of Madagascar. The knitting needle is a good metaphor, representing the ideal connection to the U.S. IP backbone. For more than five years, SM has been active in several IETF mailing lists. And while he has made comments on and suggestions for drafts, he never thought he would ever attend a meeting. “It seemed very far away,” SM said. “I have to travel for 24 hours to get to the United States. And such a trip is also very expensive.” The ISOC fellowship programme made the trip possible, and the IETF Journal took the opportunity to interview a person from a country generally unknown within the IP world. SM is aware of his uniqueness. One of the first questions he would ask was, “Do you know something about Mauritius?” Most of us would have to admit that all we knew was gleaned from vacation advertisements, where the country is described as an island paradise. For SM, the visit to Canada was quite a contrast. He had encounters with snow, with cold days, and with ice on the pavements. Inevitably, SM caught a cold after a few days. We met at an Indian restaurant on a main street of the city’s center where we talked a bit about Mauritian culture, including the country’s food traditions. The mix of African and Asian food sounded promising. SM served as a good ambassador for Mauritius.

ISOC Fellow Subramanian Moonesamy Photo Credit: Tomas Carlsson, with permission

Unavoidably, the talk turned to the Internet and its current state in Mauritius. Even if Internet penetration among the 1.3 million people living in Mauritius seems substantial, less than 23 percent of the population has broadband connections. According to SM, there are three Internet service providers and one national gateway. The administrator of the top-level domain is a private company called Internet Direct. For each name registered, it charges 65 USD, a price that is not likely to speed up Internet usage. Actually, when we checked the registration fee of other registrars, it was even 267 USD. SM was reluctant to talk about his opinion on this and said he better not comment on it. SM is a freelance consultant for Eland Systems. He has chosen not to become an employee, because he’s in favor of the freedom that being independent brings. “It means that I can be ‘nice’ to my customers,” he said. “I do not have to sell expensive solutions, but, rather, the best one. Then customers come back, and in the long run it is a better business.” SM designs appliances for virtual private networks, firewalls, antispam, and e-mail used by bigger companies. His mission, he said, is to assemble software and hardware, do some code authoring, and then adjust it to the requirements of the customer. He finds it very important to be up-to-date with the latest standards, and he follows with great interest certain working groups, including SMTP, DKIM, EAI, DNSOP, IPR, SIEVE, and SASL. “I found that a lot of work gets done when people meet in the corridors. Sometimes I found people to be younger than they seemed to be when I was only reading their mail,” SM observed. He talked about the lack of body language in e-mail and how a physical meeting makes it possible to see that people are not angry even when they disagree.

Tomas Carlsson is a freelance journalist who specialises in writing about Internet technologies in Sweden.

“I found the people in the IETF working group meetings open, sharing, and cooperative,” he said, “just like Internet people used to be. They were also surprisingly open to different cultures." In the past, SM travelled mostly to African countries for business. For him, the trip to Vancouver opened up a wider working field. If the world of the Internet doesn’t currently run to Mauritius, at least Mauritians can reach out to the world.]]> 989 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/fellows-motivated-to-become-more-involved/ Fri, 07 Dec 2007 16:10:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=991

IETF fellows and mentors in Vancouver Photo Credit: Thomas Carlsson, with permission

Becoming more active in IETF working groups is the goal of all five participants in the ISOC Fellowship to the IETF programme after their visit to Vancouver for IETF 70. “I will spread more information about the IETF to colleagues at home,” said Fellow Pedro Torres. The IETF Journal chatted with each of the fellows, focusing on their perceptions of the meeting and on the status of the Internet in their countries. Pedro manages an Internet-based academic backbone as well as an Internet exchange point and a metropolitan area network. His home city of Curitiba, Brazil, is in the Parana region, which is smaller in poulation than all of São Paulo. Pedro is concerned about the relatively few IETF-meeting participants from Africa and South America. “We use the standards but do not participate in creating the solutions,” he said. He hopes to increase his knowledge of the work of the IETF among his colleagues as well as in his geograph-ic region. He also hopes to develop better relations with other countries, both through person-to-person contacts within the industry and through the creation of more and better access points. Those ambitions explain his interest in LAPLA/LACNIC-the NIC of Latin America and the Caribbean-and its associated mailing list. Eduardo Ascenço Reis of São Paulo is a network analyst at CBTC, a telecommunications company in Brazil. He faces considerable challenges at a higher level of networking, which explains his interest in routing, IPv6, and TCP management. “I have been fairly passive in the working groups until now,” he said, “but with the help of my mentor, Scott Brim, I feel more integrated in the groups.” Frederico Faria works with customers throughout South America and the Caribbean. "Not many people in Brazil are aware of how the IETF working groups gather folks from different parts of the world to discuss Internet development," he said. “The discussions are open and mature, and the people are welcoming and encouraging. However, I have noticed that the IETF lacks strong links between working groups. Some are trying to solve the same problems, which could be avoided with more cooperation among the groups.” Veaceslav Sidorenco’s home country of Moldova has only 22,000 broadband connections. Internet penetration is near 20 percent, an exceptionally high number considering that only 30 percent of the population has wired telephones. Veaceslav has been committed to realising the potential of the Internet since the 1980s. While he is now a UNDP-expert in the government and has given classes in RFC theory, he has never before participated in an IETF working group. He is now helping with the management of RENAM, the Research and Educational Networking Association for 8 universities and 20 research institutions. He IETF fellows and mentors in Vancouver Photo by Tomas Carlssonis also involved in building a network operation centre and a computer emergency incident response centre, and he is actively participating in an effort to start an ISOC chapter in Moldova. In addition to the challenges of understanding IETF processes and culture as a newcomer, some of the fellows face challenges even in just getting themselves to the meeting. Processing times and requirements for obtaining travel visas can be long and onerous, especially for individuals from developing countries. Since the inception of the programme, a few fellows have needed to reschedule their meeting attendance because of such delays.

Tomas Carlsson is a freelance journalist who specialises in writing about Internet technologies in Sweden.

“ISOC assists the fellows before and during the visa application process, but sometimes the consulates are very slow in responding,” said Karen Rose, ISOC’s director of education and programmes. “We have added more time into our programme schedule to minimise this kind of disappointment, but if a problem arises, we always offer the fellow an opportunity to attend the next IETF meeting.”

ISOC 70 Fellows and Mentors

• Frederico Faria, Brazil Mentor: Frederico A. C. Neves, Chief Technical Officer at Nic.br, Brazil
• Subramanian Moonesamy, Mauritius Mentor: John Klensin, independent consultant, U.S.
• Eduardo Ascenço Reis-Brazil Mentor: Scott Brim, Senior Consulting Engineer, Cisco, U.S.
• Veaceslav Sidorenco, Moldova Mentor: Jaap Akkerhuis, Network Research Engineer, NLnetLabs, the Netherlands
• Pedro Rodrigues Torres-Júnior, Brazil Mentor: Henk Uijterwaal, Senior Project Manager, RIPE NCC, the Netherlands

 ]]> 991 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/unwanted-traffic/ Fri, 07 Dec 2007 16:11:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=993 The Underground Network Economy The most important message from the Unwanted Internet Traffic workshop was that the enormous volume of unwanted traffic is a symptom of a vast criminal underground economy that is a parasite on both open technology and the innovative culture of the Internet as it has developed over the past 20 years.

From Anarchy to Criminality

Early in the life of the Internet, unwanted traffic was largely an expensive nuisance. Much of it was generated by so-called script kiddies, who had no clear motive beyond demonstrating to their equally mindless peers their ability to cause mayhem. While the consequences for the networks and hosts that were targeted were generally immediate and catastrophic, often resulting in significant economic loss for the victims, the attackers profited little or, in most cases, not at all. Over the past few years, the situation has altered dramatically. The anarchic hackers of the past have been harnessed or have been displaced by criminals who seek to use the Internet for illicit gain. The underground network economy that has developed within the Internet mirrors the underground economy in the physical world: tools of the [criminal] trade are created and sold to other criminals; stolen information is fenced for use in further criminal activity; and routes are created through which the illicit proceeds can be laundered to enable the criminals to benefit from their activities. The underground network economy has evolved quickly, changing from an initial barter system into a gigantic shopping mall for tools and information. This has led to a rapid shift in the nature of unwanted traffic and the ways in which the traffic affects the network. It is now a fully integrated and persistent subculture that sucks many billions of dollars out of the legitimate network economy by exploiting the commercial growth of e-business. It is no longer in the interests of these types of criminals to destroy or significantly damage the network; as with any parasite, the parties responsible are absolutely dependent on the continued existence and availability of the network to supply their income.

Subverting the Network

The marketplace for the underground network economy is typically hosted on IRC (Internet Relay Chat) servers that provide access to “stores” that sell the tools that are needed to operate in the underground economy. Easily available is strong encryption software for e-mail and other communications tools, both of which allow deals to be closed with little risk of detection. Consequently, it is no longer necessary to be a skilled programmer to be a successful miscreant in the underground economy. The malware, bot code, and access to compromised hosts or Web servers can be bought off the shelf, and some of the profits can be used to finance new tools and to set up “dirty” Internet service providers to host IRC servers and fraudulent Web sites. The network itself provides the means to turn the available tools and stolen information into real assets. In the simplest case, electronic funds transfer can be used to drain money from online bank accounts directly into short-lived accounts – often in another country, which makes it diffucult to trace or recover the money. More-sophisticated schemes use stolen credit cards to purchase goods that are redirected or resold through money-laundering services that obscure the trail that leads to the beneficiary. The international nature of the Internet, the absence of audit trails, and the ease with which anonymity can be achieved are important features of the network, but they also facilitate misuse. One of the key weapons used by criminals consists of compromised hosts, also known as bots or zombies. Networks of bots (botnets, for short) are created by exploiting security flaws in networked machines or by inducing naive users to install in their machines certain backdoor remote control capabilities of which they are unaware. Remotely controlled bots can then be used either as means of capturing valuable personal or financial information from the users of the machine or as ways of generating further unwanted traffic, such as e-mail spam or distributed denial-of-service (DDoS) attacks that cannot easily be traced to their true origins. In most cases, bots do not cause major disruption to the hosting machine by either obviously disrupting operations or clogging the machine’s network connection with large amounts of unwanted traffic. The objective in most cases is to provide a resource that can be used by the miscreants for as long as possible. To make a medical analogy, unwanted traffic no longer creates an acute disease in the compromised host; rather, it creates chronic carriers that may go undiagnosed for a long time and that act as sources of infection that can perpetuate the problem. A major reason that the underground economy is so successful is the ease with which botnets can be created. Miscreants view them as expendable resources, and they are rarely bothered by operators who may see what they’re doing. As long as their cash flow is not significantly impacted, miscreants simply move on to new venues when ISPs take action to clean up bots and protect their customers. However, taking out one of the IRC servers might provoke a severe and ruthless attack on the ISP, typically through the use of botnets to launch a DDoS attack targeting the ISP’s network. In this way, the attackers create an example that might intimidate other ISPs into leaving them alone.

Simplicity and Power versus Vulnerability and Ignorance

The end-to-end architecture of the Internet emphasises the flexibility of implementing new applications in the end system while keeping the network itself as simple as possible. The network neither enhances nor interferes with end system data flows. The success and adaptability of the Internet demonstrate the power of this model but can also make life easy for those who operate in the underground economy. The concentration of capabilities in a large number of end hosts means there is an enormous field of complex systems available for launching an attack. Inevitably, complex systems are difficult to analyse and protect. Consequently, it is not surprising that the majority of hosts are to a greater or lesser extent vulnerable to compromise. Miscreants maximise the return on their investment by exploting vulnerabilities in the most common platforms, such as Microsoft Windows; the volume of exploits reported is a measure of the system’s market penetration rather than its lack of security. Many of these complex systems are owned and controlled by ordinary people who come from all walks of life and who eagerly jump into the exciting online world but are rarely given the training to fully understand the implications of the systems they own. The operating systems and applications they are using are generally designed to hide the complexities of the system so that the users are not deterred from making use of the system. As a result, a large proportion of users fail to anticipate how such a great invention as the Internet can be readily abused, and they do not understand that their system can be compromised without their being aware. It is therefore not surprising that the Internet now has a considerable number of compromised hosts where the owners are not aware that a compromise has happened. Although a large percentage of those machines are home PCs, evidence shows that corporate servers or backbone routers – even government firewalls – have also fallen victim to compromise.

Editor’s Note This article is based on discussions at an IAB workshop held in March 2006. The full report of that workshop has been published as RFC 4948.Work to address the issues here is active and on-going. The IETF has the following working groups addressing some of the problems identified here:

• Operational Security (OPSEC) WG
• Routing Protocol Security (RPSEC) WG
• Secure Inter-domain Routing (SIDR) WG

Much of it extends well beyond the technical sphere of IETF specifications. See, for example, some efforts by the U.S. Federal Bureau of Investigation. A commentary on that effort is available from Arbor Networks, which is engaged in measuring, researching, and proposing paths forward. More information… Further information and resources are available from Team Cymru Resources.

Running under the Radar

Although some of the consequences of the flood of unwanted traffic – such as spam e-mails and DDoS attacks – are all too visible, many other types of unwanted traffic are hard to detect and counter. Hosts are now quietly subverted and linked to botnets while leaving their normal functionality and connectivity essentially unimpaired. Bots and the functions they perform are often hard to detect – especially since owners and operators are oblivious to their presence. And detection may well come too late, because the bot may have already carried out the intended (mal)function. The presence of large numbers of quiet bots in compromised hosts is a particularly challenging problem for the security of the Internet. Not only does the resulting stolen (financial) information lead to enormous economic losses, but also there does not appear to be a quick fix for the problem. The fix needs to be applied at places that see little or no local benefit from the solution. For example, the owner of a machine infected with a bot may not care about fixing the problem if the bot has negligible impact on the way the machine performs for the owner. As long as the owner can keep playing online games, the owner may not be interested in applying a time-consuming and potentially technically complex fix, even though the public interest is endangered. Simplicity at the core of the network and the nature of the routing system can also make life easier for attackers. IP is specifically designed to minimise the amount of state information needed in the data plane to forward traffic from one end to the other. The network core does not record audit trails for individual traffic streams unless special measures have been planned in advance, such as when the police request lawful interception of some particular traffic. A major strength of the Internet is its ability to provide seamless interconnection among an effectively unlimited number of parties and with no constraints on where the parties are located geographically. The simplicity of the core combined with worldwide access means not only that there is essentially no limit on what a host can use the network to do, but also that there is no trace – after the event – of what a host may have done. Currently, there is virtually no effective tool available to provide either problem diagnosis or packet traceback. This makes tracking DDoS attacks and other generators of unwanted traffic launched from multiple compromised hosts labor-intensive, requiring sophisticated skills. Even if the compromised hosts and the controller of the botnet can be located, it is likely that more than one organisation has responsibility for the machines and networks involved, which makes investigation difficult. Compounding the problems associated with the high cost and the lack of incentive to report security attacks (see below) is the fact that attacks are rarely traced to their real roots.

The On-Ramp

The Internet is designed to be both friendly and flexible so that it does not constrain new applications that could be developed for and deployed in end systems. Such a design is, of course, a double-edged sword: capabilities that make it easy to develop useful new applications can be just as easily misused to create unwanted traffic. The aspects of Internet architecture that can be exploited to insinuate unwanted traffic onto the Internet are quite complex. Trying to ensure that the Internet remains open to innovation while denying access to unwanted traffic requires a deep understanding of the ways the Internet is intended to work and of the complex value judgments that need to be applied in order to balance the ease of use with the danger of misuse.

Known Vulnerabilities

According to a survey conducted by Arbor Networks, the first two vulnerabilities discussed here are currently believed to be the most critical for the Internet. Other possibilities certainly exist, and the ones that are most commonly exploited shift in the continuing tussle between miscreants and security experts. Lying about Traffic Source Addresses. In the past, many attacks on networks using unwanted traffic relied on injecting packets with a forged IP source address. Receivers might then be deceived about the source of questionable packets and might therefore accept packets they would not have accepted if the packets’ true source were known, or they may direct return traffic to the forged source address, making them part of a DDoS attack (reflection attack). This process is called address spoofing. The prevalence of botnets that can launch various attacks using the real address of the bot means that address spoofing is no longer as important a technique as it used to be, but many attacks – especially reflection attacks – still use spoofed addresses. Hijacking Inter-Domain Routing. Attacks can be launched on the Border Gateway Protocol (BGP), which routes Internet traffic between administrative domains. Various attacks can lead to traffic that gets misrouted, but a particularly insidious attack injects routes for IP addresses that are not in genuine use. Because the existence of these routes provides a measure of acceptability for packets sourced from the bogus IP addresses, attackers can use these addresses to source spam messages. Since the additional routes do not affect normal packet delivery and since careful selection of the address prefix used can hide the bogus route among genuine ones, the bogus routes often have little chance of being noticed. Misusing Web Protocols. The HTTP (Hypertext Transfer Protocol) used for accessing Web servers is now frequently used as a general-purpose transport protocol for applications that have little or nothing to do with the World Wide Web. The reason is that one of the ways attackers identify vulnerable systems is to perform a port scan. The standard transport protocols – UDP and TCP – used in the Internet identify communication end points on a host with a 16-bit port number. Targeted systems are challenged by trying to start a communication using every possible UDP and TCP port number in turn. If the communication can be started, it may give the attacker a wedge with which to pry open the security on the system. The system management reacts by closing down all unused ports to incoming communications, especially at firewalls. This has, in turn, led to difficulties for new applications that use previously unused ports and that need to have packets traverse firewalls. Applications designers have responded by reusing the HTTP communication channel, which can be pretty much relied on to be open in any firewall. However, transporting everything over HTTP does not block attacks; it simply moves the vulnerability from one place to another, and the miscreants are following. Everyone Comes from Everywhere. On the Internet it used to be possible to get some indication of the authenticity of traffic coming from a specific sender based, for example, on the number of hops between routers that had been traversed. Each arriving packet contains a Time to Live (TTL) count, and packets that have followed the same route from a static source would have the same original TTL value decremented by the same amount, resulting in an almost constant value of TTL on arrival. A change in the TTL value for a source without a corresponding change in routing could be interpreted as meaning that the traffic with a different TTL was potentially bogus. More recently, hosts have become mobile, and a change in TTL value may simply indicate that the host has moved, with the roaming putting more or fewer hops between the source and the destination. Similarly, multihoming of a network can mean that two or more different values for the TTL are equally valid. Thus, changes in TTL value can no longer be seen as indications that traffic has been subverted, even if the underlying routing is unchanged. Difficulties Authenticating Identities. Authentication of users and machines attaching to networks as it is used today is far too complex to be feasible for users to use effectively. Consider a scenario in which a customer’s handset is initially on a corporate wireless network. If that customer steps out of the corporate building, the handset may get connected to the corporate network through a GPRS cellular telephone network. The handset may then roam to a wireless LAN when the user enters a public area with a hotspot. The authentication mechanisms are usually tied to the type of data link layer used; the mechanisms use different credentials for each type, with different semantics; and there is little or no linkage between the authentication databases used with the different technologies or with policy databases that control what a user may do when attached to a network. Consequently, we need authentication tools for unifying and simplifying this authentication infrastructure and that can cope with cases when the underlying data link layer technology changes quickly – possibly during a single application session – to ensure that users and applications will not be surprised when operations that are allowed at one moment fail a little later, once the attachment point has changed.

The Scale of the Problem

Unwanted traffic is a major problem for network owners and operators today both because of the volume and because of the ubiquitous adverse impact of the traffic on normal operations. The workshop did not look in any detail at the actual volumes of traffic: a look at almost any e-mail in-box is evidence enough that the volumes of spam alone are very large. This section looks briefly at how specific types of network are affected.

Everywhere Is Affected

There are a variety of types of unwanted traffic on the Internet today. The IAB workshop concentrated on DDoS and spam. The impact of unwanted traffic depends on the nature of the network domain through which it is flowing, but it affects almost every part of the network adversely. The global nature of the Internet and the ease of ubiquitous connectivity allow miscreants to originate unwanted traffic from almost anywhere in the network and to target victims who are equally widely distributed. Attackers are interested in finding targets that offer maximal returns with minimal efforts. Regions with lots of high-speed, high-bandwidth user connections but poorly managed end hosts are ideal targets for originating DDoS traffic.

Effects on Specific Domains

Backbone Providers. Backbone providers are primarily in the commodity business of packet forwarding. Since they do not support end users directly, spam and malware are not major concerns. Some times backbone routers become compromised, but this is not currently a major problem. Thus the impact of unwanted traffic is measured chiefly through the effect of DDoS traffic on network availability. Backbone networks are generally well provisioned with high-capacity links and are therefore not normally affected by DDoS attacks. A 5 Gbps attack that would challenge most access networks can usually be absorbed without noticeable impact. On the other hand, the fact that the backbone can handle this traffic amplifies the effect on the backbone’s access customers. A multihomed customer is highly likely to suffer from aggregated DDoS traffic arriving from all directions through its multiplicity of connections. Access Providers. From the access providers’ viewpoint, the most severe impact of unwanted traffic is on their customer support load. Access providers have to deal directly with end users. Residential customers in particular see the access provider as their IT help desk, and the competitive nature of the business means that a single call can possibly wipe out any profits the provider might have made from the customer. Enterprise Networks. Enterprises perceive many different categories of unwanted traffic. Apart from accidentally created traffic resulting from misconfiguration, a large part of the deliberately created unwanted traffic is usually just a background nuisance for enterprises because such traffic absorbs bandwidth, computing, and storage resources. Spam and peer-to-peer traffic that is not related to company business are good examples. Some of the remaining unwanted traffic may have an unknown purpose, but the big problems are caused by what is often a small volume of malicious traffic, such as traffic that spreads malware. The damage that results from undetected malicious traffic can be very costly and can take a lot of highly skilled effort to remedy. Today, malicious traffic is often stealthy and can be obscured by encryption or can masquerade as legitimate traffic. Existing detection tools may be ineffective against this kind of traffic, and as with bots, stealth worms may open backdoors on hosts but remain dormant for long periods without causing any noticeable detrimental effects. This kind of traffic has the potential to be the gravest threat to an enterprise. On the other hand, an enterprise may become the target of a DDoS attack, often focusing on its customer-facing Web servers. Such an attack can transform unwanted traffic from a background nuisance to a critical constraint on the enterprise's ability to do business for the duration of the attack. For civilian businesses, this risks loss of customer confidence and in addition, has longer-term implications for the business, but for infrastructure and government services there can be political or terrorist motivations with the intention to affect the stability of the state. Detecting such an attack and dealing with it as soon as possible can be vital to the survival of the enterprise: advance planning is key to managing a DDoS attack because there is little time to react once an attack starts, and the traffic has to be suppressed before it concentrates on the target resources, which may mean having tools installed by the service providers feeding the enterprise.

Unwanted Traffic and Internet Infrastructure Services

The Internet needs certain infrastructure services – such as provision of the Domain Name System (DNS) – that are potentially vulnerable to DDoS attacks. Participants at the workshop heard reports of increasingly significant DDoS attacks on the servers that handle the root of the domain hierarchy as well as the .com and .net top-level domains. Those attacks lead to disruption of critical services, and the situation is likely to get worse because the daily peaks of DNS usage have been growing at a much faster rate than the number of Internet users. This trend is expected to continue. The increasing load on the DNS infrastructure has led to an increase in complexity that potentially makes greater targets for attacks.

Defenses: Available but Relatively Ineffective

The Internet is not totally defenseless against the attacks from the underground economy. It is unfortunate that for a variety of reasons, many of the defenses are not as effective as they might be. Many of the reasons are economic and political rather than technical, inpurpose, including lack of resources, a perception that the benefits of deployment are felt by organisations other than those that have to bear the costs, and the need for coordination between competing organisations to achieve best results. Analysis of the reasons for the ineffectiveness of the Internet’s defenses is critical to the design of future effective approaches to the unwanted-traffic problem.

Problems for Today’s Defenses

Although there are some techniques available to protect against the known vulnerabilities, a number of inadequacies exist in the tools themselves; more critically, a number of the tools that vendors and standards organisations have produced do not get used, and the scale of deployment of the tools of the remainder is inadequate, as is education of users and operators in the secure usage and operation of the Internet. Generally, operators do not have adequate tools for diagnosing network problems. Current approaches rely primarily on the skills and experience of operators that use time-consuming manual operations. Better and automated tools would help; the same is true for tools that help by mitigating attacks.

Lack of Incentives for Countering Unwanted Traffic

A common theme that runs through the analysis of how unwanted traffic affects networks outside the enterprise is the lack of incentives for network operators to deploy security measures. That lack is due mainly to the low return on investment from what are essentially preventive measures. Expressed in the workshop discussion of the underground economy was an unwillingness to report fraud due to commercial sensitivity. That sensitivity also applies to the reporting of security incidents by network operators who fear that their reputations – or the reputations of their customers – would be damaged. Network reputation is key to gaining new customers, and so, minimising the amount of publicity given to security incidents is important to service providers’ survival. As a result, investment in prevention is minimal, and mitigation work tends to be local so as to avoid releasing commercially sensitive information, thereby hamstringing efforts to coordinate responses to attacks or to track malicious activity. Notwithstanding the inadequacies of the available techniques, the view of the IAB workshop was that a significant reduction of unwanted traffic could be achieved with the limited tools available if those tools were deployed extensively and were operated correctly. Educating users to be more demanding and to lobby for judicious application of government regulation may assist in the incentivisation of providers to deploy the tools.

Available Defensive Techniques

Countering DDoS in the Backbone. At the time of the workshop there was no effective diagnosis and there was only a limited supply of mitigation tools that could help backbone providers fight DDoS attacks. That situation has changed over the past two years, and many providers are offering managed DDoS security services that deliver cleaned traffic to attached customer or lower-level provider sites based on traffic pattern learning, which allows recognition and filtering of abnormal patterns that signal a DDoS attack before they concentrate on the target. On the other hand, these solutions are designed to aid particular customers who are willing to pay for the extra service, and because of the perceived low return on investment, there is still little incentive for the backbone provider to deploy these solutions for every connection. Know Your Sources. The IETF documented current best practices for filtering out incoming traffic with spoofed-source addresses in BCP 38 (RFC 2827), “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing.” Many routers support this type of filtering as well as the updated version for multihomed networks in BCP 84 (RFC 3704). Network operators have not deployed these techniques universally – at least partially because of the lack of incentive resulting from the heavy management costs of maintaining the filtering and because of the need to ensure that legitimate traffic is not accidentally filtered out. Although source spoofing is no longer the indispensable tool of the underground economy that it once was, more widespread use of BCP 38 and 84 filtering can still make attacks using spoofed addresses unprofitable and facilitate traceback of attacks. Managing Access: Customer Behaviour. Access providers routinely offer free security software to customers in the hope of avoiding future help calls after a security break-in. Unfortunately, customers are often not educated about the need to install security software, and even when they are, they may lack the skills to correctly configure a complex system. Customer behaviour in the face of security breaches is depressing:

• All customers behave in essentially the same way.
• Notifying customers that they have a problem has little effect on whether they take action to repair the breach.
• Patching of breaches works in the same way as radioactive decay. A fixed proportion (about 40 percent) of remaining vulnerable systems are patched every month after the patch becomes available. In the large population of Internet hosts, this leaves a significant number that will be vulnerable for the rest of their working lives.
• Lack of understanding often leads to compromised systems’ being replaced rather than being repaired, but this ignorance often leads to the occurrence of infections during installation of the replacement.

Maintaining Profitability in Enterprises. Enterprises, particularly large ones, are more willing to investigate security breaches than backbone or access providers are, because they can directly impact the enterprise’s operations and profitability. However, enterprise network operators are very wary of security solutions that generate false-positive alerts, because such alerts can be very costly to the enterprise if parts of the network have to be shut down unnecessarily. Most prefer prevention solutions to detection solutions because of this and are often willing to accept some missed alerts rather than significant false positives. Enterprises are motivated by potential losses to spend money on security tools. Consequently, a thriving market has emerged to meet the demand. Unfortunately, the tools offered provide mostly reactive solutions, such as regularly updated virus scanner databases for countering newly emerging vulnerability exploits, which leads to an ongoing arms race between security exploits and patching solutions. Workshop participants expressed concerns that this was not a sustainable situation because it does not enable us to get ahead of the attackers. Over-engineering the Infrastructure. At present, the only effective mitigation strategy for DDoS attacks on critical infrastructure services is over-engineering. There is some concern that the runaway growth of demand especially for DNS services is eroding the safety margins. The expected widespread deployment of IPv6 and deployment of the new DNS security extensions (DNSSEC) in the near future will bring new and potentially flawed software into widespread use that could be abused to generate new DDoS attacks.

Law and Regulation Playing Catch-up

In human society, legal systems provide protection from and deterrence for criminals. Laws and regulations aim to penalise criminal conduct after the fact, but if the likelihood of detection is low, the deterrent effect is also minimal. At present, the development of legal systems aimed at cyberspace crime is lagging behind the development of the crime that the legal systems are intended to deter, and the likelihood of detection of the real criminals is low. Some of the reasons for the ineffectiveness and slow development of the law of cyberspace include:

• The international scope of the problem. The Internet spans the globe, and crimes masterminded in one national jurisdiction may be executed by machines in one or more other countries, with victims in yet other jurisdictions. While some countries, particularly in the developed world, criminalise computer fraud and abuse, regulate unauthorised use of government and other critical infrastructure, and prohibit access to confidential information on protected computers, the laws are not uniform, which makes it difficult to prosecute criminals for offences carried out from other jurisdictions. There is also little political incentive to pursue criminals when the victims are not in the same national jurisdiction. Although there is a coalition between countries on collecting evidence of cybercrime worldwide, there is no rigorous way to trace unwanted traffic or to measure the consequences of cybercrime across national borders.
• Pinning down the responsible organisation. A single episode of unwanted traffic and the botnets that are responsible for much of the traffic can involve many different organisations, such as owners of hosts, enterprise networks, and service providers of various kinds. Many of these organisations would see themselves as innocent parties, and others, such as the owners of compromised hosts, see no incentive to take action. This makes it extremely difficult to either regulate effectively in advance to make life difficult for the criminals or to make any organisation responsible for cleaning up after an attack has been detected.
• Getting the legal definitions right. Lawmakers are generally unfamiliar with the new world of cyberspace, and therefore they often lack the technical understanding necessary to specify laws precisely and in such a way that they will actually target undesirable acts without limiting legitimate use of the network. As in many areas where there are active innovation and financial incentive, the underground economy will always be seeking to push the limits by using techniques that are borderline legal and conceal evidence through complexity. The lawmakers are inevitably playing catch-up in cyberspace.
• Quantifying the damage. Investigative authorities are already stretched, and so, active legal action tends to be restricted to cases where the harm caused exceeds a fairly high threshold. In the case of unwanted traffic, this generally means either significant damage to national infrastructure or a large, quantifiable monetary loss. Unfortunately, either (1) it is often difficult to quantify the loss, or, when financial institutions are involved, (2) there is a reluctance to admit the scale of the losses for fear of ongoing commercial damage. Consequently, much cybercrime is either not reported to the authorities or not investigated.
• Defining unwanted traffic. Creating capabilities to limit unwanted traffic can have unwanted side effects. It needs only a shift in the definition of unwanted to move from constraining the underground economy to facilitating censorship and limiting open access. Countries already differ over what is defined as unwanted traffic; and traffic that would be seen as wholly legitimate in many countries may result in criminal prosecutions elsewhere. There is a trade-off between having audit trails to facilitate forensic analysis and providing the means to enforce censorship. Building monitoring capabilities into the network will surely result in stronger pressure from legislators, requiring that operators actually carry out monitoring.

The workshop also emphasised that, while an effective legal system is necessary to create effective deterrence for and sanctions against the parasites, it is by no means sufficient on its own. It can work only in conjunction with effective user education as well as technical solutions to unwanted traffic prevention and detection. Only a well-informed and motivated user community can collectively establish a defense against unwanted traffic in cyberspace.

Consequences

The consequences of the large volumes of unwanted traffic on the Internet today are highly detrimental. The health of the network presents a picture that is far from rosy. There are no auditing systems to trace back to the sources of attacks.

• There are big economic incentives and a rich environment to exploit.
• There is no specific party to carry responsibility.
• There are problems of underdeployment of the limited defensive tools that are available.
• There are no well-established legal regulations to punish offenders.

The combination of these factors inevitably leads to ever-increasing types and volumes of unwanted traffic. However, the real threats are not the bots or DDoS attacks but the parasitic criminals behind them. Unwanted traffic is no longer aiming only for maximal disruption; in many cases, it is now a means to illicit ends, and its specific purpose is to generate financial gains for the miscreants. Their crimes cause huge economic losses, counted in multiple billions of dollars and growing.

IETF Journal editor Mirjam Kühne and friends attend the IETF 70 plenary session. Photo Credit: Peter Lötberg, with permission

The Internet community needs to increase its awareness of the problem of unwanted traffic and take action to make the network less friendly to this type of traffic. And it needs to do so without significantly reducing the flexibility of the network that has been the key factor in the economic success of the Internet. All Internet stakeholders can potentially contribute to the reduction of unwanted traffic. At a high level, actions should include the following

• Research into specific problems resulting from unwanted traffic, involving:
  • Sponsoring and funding agencies that prioritise this kind of research
  • Network operators, equipment vendors, and users who can identify the most important problems that require research effort and who can make sure that researchers are aware of them
  • Standards organisations, which should help coordinate communication between researchers and the rest of the community to identify the fundamental problems and standardise any solutions that may be found.
  • Development of a uniform global legal framework that will facilitate successful legal pursuit of the miscreants in the underground network economy across national borders. This work needs to be informed by the best possible technical expertise to ensure that it leaves Internet flexibility intact so far as is possible.
• Appropriate regulation to require that network operators take action to minimise the effects of unwanted traffic and that they share information that will lead to mitigation of attacks and will drive miscreants out of business
• Increased deployment of available tools, possibly aided by incentivisation through regulation or customer demand
• Vendors that provide more-appropriate default security settings in equipment so that end hosts are less vulnerable to subversion from the moment they are deployed and without the need for sophisticated configuration by users
• Vitally, improved education of users to make them more aware of the risks to their systems, to make them aware of the ways those risks can be mitigated, and to mobilise them so they’ll demand action from network operators when action is needed to support network security in both enterprises and homes

Many thanks to Lixia Zhang, Loa Andersson, and Danny McPherson for their feedback and review.

Above all, the Internet community needs to get ahead of the miscreants. At present, almost all activity for countering unwanted traffic is reactive, by ex post facto identification of malware and retroactive patching of security holes. Recently, there have been improvements in the use of traffic pattern analysis to identify attacks as they happen, but future work needs to be intelligence led, and it must concentrate on eliminating opportunities for miscreants before such opportunities are deployed.]]> 993 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-unique-political-soul-of-the-ietf/ Fri, 07 Dec 2007 16:13:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=995 IETF 70 attendees take a break to chat and catch up on e-mail. Photo Credit: Peter Lötberg, with permission

The word correct is key within the IETF. This is not to say that the goal is for everything that is said to be correct; the goal is to achieve the best technical standards, and within the IETF, doing so means adhering to the rules of engagement and accepted procedures that working group participants have long followed. “This is the correct way of doing it” is an oft-repeated mantra. Correct standards wouldn’t be engineered without the help of an overarching authority. Such authorities used to be Internet veterans with beards that have growth rates that are proportional to the cumulative list of assigned IP numbers. But I have noticed that the fashion has changed lately to one of more bald chins and cheeks. In the same way, over time, the focus changed in the different organisational elements. This is a healthy sign and one that demonstrates a changing reality. One could ask why it is necessary for the IETF to meet in person three times a year. Isn’t all the hard work that is done in each working group’s mailing list enough? The answer is no. I have seen research on the effectiveness of distance education. The result is that face-to-face interaction is necessary to keep the motivation, the passion, and the understanding among people strong. Face-to-face meetings are also the places people discover the extent to which chemistry translates into well-functioning groups. As ad hoc as they may seem, the personal connection that is found at IETF meetings makes it more likely that these groups will survive. At first, I found the IETF’s insistence on consensus and the humming as a method to determine rough consensus a bit silly. Eventually, though, the psychological effect grew on me. One can feel the strong hum of a majority in the chest, and no matter how logical your objections, that feeling cannot be erased. It will hold back every not-very-well-grounded opinion. It may not prevent situations where participants are objecting for the sake of objecting, but a good working group chair will in that case make sure the meeting proceeds. Within the IETF’s system, if I crave the cult status of having initiated, written, and published an IETF standard in the form of a finished RFC, I first have to convince an area director that we need to have a meeting – known as a birds-of-a-feather meeting – to discuss it. Even if I think it is a splendid idea, there will be no working group, no draft, and no nothing if I can’t come up with enough support to keep it going. The best way to get support for your ideas is to first gain respect for your knowledge. You will probably not get that respect in the short time you have at the microphone at the meetings. You earn it in the corridors, or at the late-night get-togethers in the lobby, or in the bar, or on the mailing lists. On the mailing lists in particular, concrete and clever comments and contributions will result in people fighting to hear your opinion. This is the essence of the third political system: Anyone – no matter their social or cultural background – can take a leadership position within and make a contribution to the IETF system. If you earn respect, if you demonstrate that you are knowledgable, then you will be heard. But it takes time, commitment, and a willingness to participate in a direct democratic system. The entire IETF standards-building process is based on individual contributions that ultimately lead to teamwork. In other words, if you demonstrate wisdom, others will team up around your idea.]]> 995 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/what-makes-for-a-successful-protocol/ Fri, 07 Dec 2007 16:14:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=997 Defining success What does it mean for a protocol to be successful? Is a protocol successful if it has met its original goals but is not widely deployed? Perhaps, but for purposes of this article, we define a successful protocol as one that both meets its original goals and is widely deployed. Perhaps the best examples of successful protocols are IPv4 (RFC 791), TCP (RFC 793), HTTP (RFC 2616), and DNS (RFC 1035). Success, however, is multidimensional. When designed, a protocol is not intended only for some range of purposes; it is also designed to be used on a particular scale. Therefore, the two most important measurements by which a protocol can be evaluated, as shown in Figure 1, are purpose and scale.

Figure 1.

According to those metrics, a successful protocol is one that is used for its original purpose and at its originally intended scale. A wildly successful protocol is one that exceeds its original goals either in terms of purpose (it is used in scenarios that extend beyond the initial design) or in terms of scale (it is deployed on a scale much greater than originally envisaged) or in terms of both; that is, the protocol has overgrown its bounds and has ventured out into the wild. If we apply those definitions, then a protocol such as HTTP is defined as wildly successful because it exceeded its design in both purpose and scale. Another example of a wildly successful protocol is IPv4. Although it was designed for all purposes (“Everything over IP and IP over Everything”), it has been deployed on a far greater scale than it was originally designed to meet. Still another example is ARP (Address Resolution Protocol). Originally designed for a more general purpose (namely, resolving network-layer addresses to link layer addresses regardless of media type or network-layer protocol), ARP was widely deployed for a narrower scope of uses (resolution of IPv4 addresses to Ethernet MAC addresses). More recently, it has been adopted for other uses, such as detecting network attachment (DNAv4 [RFC 4436]). Like IPv4, ARP is deployed on a much greater scale (in terms of number of machines but not in terms of numbers on the same subnet) than originally expected. As with most success stories, to be wildly successful can be both good and bad. A wildly successful protocol is one that solves more problems or that addresses more scenarios or devices than originally intended or envisioned. When this happens, it may mean it’s time to revise the protocol to better accommodate the new space. However, if a protocol is used for purposes other than the one for which it was designed, there can be undesirable side effects – such as performance problems. The design decisions that are appropriate for the intended purpose may be inappropriate for another purpose. Worse, wildly successful protocols tend to become popular, which means they can be attractive targets for attackers.

When failure becomes an option

Unlike a major motion picture, which can be dubbed a failure at the box office within a week or two of theatrical release, the failure of a protocol can be determined only after a sufficient amount of time has passed – generally 5 to 10 years for an average protocol. To be considered a failure, a protocol must be lacking in three key areas:

• Mainstream implementation (little or no support in hosts, routers, or other classes of relevant devices),
• Deployment (devices that support the protocol are not deployed, or, if they are, the protocol is not enabled), and
• Use (the protocol may be deployed but there are no applications or scenarios that actually use the protocol).

It’s important to note that at the time a protocol is first designed, there is of course no implementation, deployment, or use, which is why it’s important to allow sufficient time to pass before evaluating the success or failure of a protocol.

Identifying success factors

A series of case studies examined by the authors laid the groundwork for determining the key factors that contribute to a successful or a wildly successful protocol as well as the relative importance of those factors. Note that just as a successful protocol may not necessarily include all of the factors, a failed protocol could very well include some of the factors that determine success. Positive net value (meeting a real need). The success of a protocol depends largely on the notion that the benefits of deploying the protocol (monetary or otherwise) outweigh the costs – such as the costs of hardware, operations, configuration, and management – as well as costs associated with any changes to the business model that might be required. A few key benefits might include pain relief (lower cost than before), opportunities to enable new scenarios (though this type has a higher risk of failure than the other types), and incremental improvements (for example, better video quality). Success seems more likely when the natural incentive structure is aligned with the deployment requirements – that is, when those who are required to deploy, manage, or configure a protocol are the same as those who gain the most benefit. In other words, it’s best if there is significant positive net value at each organisation where a change is required. Incremental deployability. A protocol is incrementally deployable if early adopters gain some benefit even if the rest of the Internet does not support the protocol. It also appears that protocols that can be deployed by a single group or team have a greater chance of success than do those that require cooperation across organisations (or, worse, those that require a flag day where everyone has to change simultaneously). Open code availability. Perhaps the next most important technical consideration is that a protocol have freely available implementation code. This may have been the case when deciding between IPv4 and IPX, the latter of which at the time was, in many ways, the technically superior of the two. Freedom from usage restrictions. A protocol is far more likely to succeed if anyone who wishes to implement or deploy it can do so without legal or financial hindrance. Within the IETF, this point often comes up when choosing among competing technologies; for example, the one with no known intellectual property restrictions is the one most likely to be chosen even if it’s technically inferior. Open specification availability. What remains true for all RFCs – and has contributed to the success of protocol specifications both within and outside the IETF – are protocol specifications that are made available to anyone who wishes to use them. This might include worldwide distribution (accessible from anywhere in the world), unrestricted distribution (no legal restrictions on getting the specification), permanence (remains even after the creator is gone), and stability (doesn’t change). Open maintenance processes. The protocol is maintained by open processes; mechanisms exist for public comment; and participation by all constituencies affected by the protocol is possible. Good technical design. The protocol follows good design principles that lead to ease of implementation and interoperability.

What makes a protocol wildly successful?

The following factors do not seem to significantly affect initial success, but they can affect whether a protocol is wildly successful. Extensible. An extensible protocol is one that carries general-purpose payloads and options or easily accommodates the addition of new payload and option types. Such extensibility is desirable for protocols that are intended for application to all purposes, such as IP. However, for protocols designed for a specialised purpose, extensibility should be considered carefully. No hard scalability bound. Protocols that have no inherent limit near the edge of the originally envisioned scale are more likely to be wildly successful in terms of scale. Threats sufficiently mitigated. Protocols with security flaws may still become wildly successful provided they are extensible enough to allow the flaws to be addressed in subsequent revisions. However, the combination of security flaws and limited extensibility tends to be deadly.

Conclusion

It can’t be emphasised enough that the most important factor that contributes to the success of a protocol is that the protocol fill a real need. It also helps if the protocol can be deployed incrementally. When there are competing proposals of comparable benefit and deployability, open specifications and code become increasingly significant success factors. Open source availability is initially more important to success than is open specification maintenance. In most cases, technical quality was not a primary factor with regard to initial success. The initial design of many protocols that have become successful would not pass IESG review today. Technically inferior proposals can win if they are openly available. Factors that do not seem to be significant in determin ing initial success (but that may affect wild success) include good design, security, and having an open-specification-maintenance process. Many of the case studies we evaluated concern protocols originally developed outside the IETF but that the IETF played a role in in improving after initial success was certain. While the IETF focuses on design quality, which is not a significant factor in determining initial protocol success, once a protocol succeeds, a good technical design may be key to its continuing success. Allowing extensibility in an initial design enables initial shortcomings to be addressed. Security vulnerabilities do not seem to limit initial success, most likely because vulnerabilities often attract attackers only after the protocol becomes deployed widely enough to become a useful target. Finally, open specification maintenance is not very important to initial success, because many successful protocols were initially developed outside the IETF or other standards bodies; they were, in fact, standardised later. In light of our conclusions, we recommend that the following questions be asked during the evaluation of a protocol design:

• Does the protocol exhibit the critical initial success factors?
• Are there customers (especially high-profile customers) that are ready to deploy the technology?
• Are there potential niches where the technology is compelling? If so, can complexity be removed to reduce cost?
• Is there a potential killer application? Or can the technology work underneath existing, unmodified applications?
• Is the protocol sufficiently extensible to allow potential deficiencies to be addressed in the future?

If it is not known whether the protocol will be successful, should the market decide first? Or should the IETF work on multiple alternatives and let the market decide among them? Are there success factors that may predict which among multiple alternatives is most likely to succeed? In the early stages of protocol design, evaluating the factors that may influence initial success is important in facilitating success. Similarly, efforts to revise or revive unsuccessful protocols should include an evaluation of whether the initial success factors (or enough of them) were present rather than focusing on wild success, which is not yet a problem. For a revision of a successful protocol, on the other hand, focusing on the wild-success factors is more appropriate.]]> 997 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/security-protocol-failures/ Fri, 07 Dec 2007 16:15:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=999 The dotCrime Manifesto: How to Stop Internet Crime, in which the question of how to fix these problems is considered.   The Internet is insecure, so what went wrong? Contrary to widely held belief, the reasons for Internet security protocol failure are not primarily technical. Failure to understand the risk model and to meet the actual user requirements are much more significant causes of security failure. The economics of security protocol deployment and security usability engineering are also key: a protocol might as well not exist if it is not used.

Is It Safe?

Is the Internet safe? To paraphrase Douglas Adams, yes, the Internet is perfectly safe: it’s the rest of us who have to worry. The Internet was built to meet a specific set of needs and be adaptable beyond those needs. Contrary to common assertion, security was a consideration early in the design of Internet architecture and protocols. Saltzer et al. addressed security at some length in their seminal end-to-end-arguments paper of 1981.⁽¹⁾ There are many reasons why cryptographic security was not embedded into the Internet from the first, not the least of them the limited computing power available. But even if more powerful machines had existed, the risks did not. There were no shops or banks on the primordial Internet. Military secrets were isolated on an essentially separate network – albeit not isolated enough, as subsequent events would prove.⁽²⁾ Although the primordial Internet lacked cryptographic security, it did have a strong and effective accountability mechanism. Access to the Internet required access to one of the tiny numbers of computers connected to it. Miscreants faced a real risk of consequences; a visit to the dean’s office, loss of computing privileges, and in extreme cases, expulsion. The Internet protocols were capable of scaling to support a billion users; the accountability mechanisms were not. At the same time, the Internet became, in Willie Sutton’s infamous phrase “where the money is.” Consequently, the need to urgently retrofit security to the Internet became sharply apparent – in particular, with the rise of the Web beginning in 1993. Yet here we are, 15 years later. Internet crime is a multibillion-dollar nuisance, and cybersecurity is a campaign issue in the U.S. presidential campaign.⁽³⁾ What went wrong?

Systems Failure

According to the traditional view, the first concern in security protocol design is to get the job done right. “Bad security is worse than no security.” But while this may have been true for Mary Queen of Scots and the Rosenbergs – executed as a result of misplaced faith in a faulty cipher – it is certainly not the major cause of Internet security failures. Mistakes matter rather less than is often supposed. The most elementary of errors – complete lack of any authentication capability – was discovered in SSL (Secure Sockets Layer) 1.0 just 10 minutes into the first public presentation on the design. That error was fixed in SSL 2.0, but this time the designers made no effort to obtain public review prior to release, and further design errors were identified. It wasn’t until the design of SSL 3.0 that an experienced designer of cryptographic protocols was engaged to evaluate the design – but for only 10 days.⁽⁴⁾ Rather more significant than the making of the mistake itself is an architecture that allows the mistake to matter. Lampson’s security reference monitor⁽⁵⁾ does not make it less likely that the programmer will make a mistake but does reduce the number of places where a mistake is likely to matter.

Failure Commitment

Fear of making a mistake has frequently led to security protocol design that takes far longer than it should. Despite breaking every accepted rule of open standards design, SSL and its IETF successor TLS (Transport Layer Security) are the only Internet security protocols to have achieved ubiquitous use. Getting the protocol specification as correct as possible should certainly be the first concern of the protocol designer who wants to find future employment, but nobody is served by the designer who is perpetually unable to commit to a design that can be tried in the real world.

Requirements Failure

The Internet is a work in progress, not an absolute truth. It was not the original purpose of the Internet to provide a communication network; it was to provide an environment for the research and development of computer networks. The World Wide Web was not imagined in 1980, nor were the security requirements for employing the Web as the ubiquitous engine of electronic commerce understood in 1995. It is only with experience of use that these requirements have become better understood. The IETF has produced four specifications for an end-to-end e-mail security protocol: PEM, MOSS, Open-PGP, and S/MIME. None is widely used. For many years it has been asserted that the lack of use of S/MIME was due to the inadequate deployment base of capable clients – despite the fact that Outlook, Thunderbird, Notes, AOL, and express variants thereof have all supported S/MIME for almost a decade. It is time to admit that one of the many reasons for this failure is that none of the end-to-end mail security protocols actually met users’ real requirements. Ease of deployment and use were far higher in most users’ list of real requirements than was the theoretical possibility of an attack by the mail server administration. And today, users who are concerned about the need for end-to-end security consider it in terms of the end-to-end life cycle of their confidentiality-sensitive documents.

Political Failure

Another reason for the failure of end-to-end e-mail security is political failure. S/MIME has widespread deployment, but Open-PGP is still the leader in mindshare.

Infrastructure Failure

Another commonly cited reason for the failure of end-to-end e-mail security protocols is the lack of a deployed, public key infrastructure (PKI), but this explanation may confuse cause for effect. There is a large and robust market providing PKI infrastructure for SSL – albeit a commercial, for-profit infrastructure rather than a free one. A more convincing explanation of the failure to establish an end-user PKI infrastructure is that both Open-PGP and S/MIME resort to what can only be described as hand-waving arguments wherein the question of public key discovery is concerned. If the Open-PGP web of trust is to be taken seriously, we should expect to see a rich maintenance protocol offering features similar to those being discussed in the areas of social networking and Identity 2.0. S/MIME lays the responsibility off onto PKIX, which in turn lays it off onto an entirely underspecified Lightweight Directory Access Protocol (LDAP) instantiation. The problem, then, is not merely the failure of the necessary PKI infrastructure to deploy, as is often claimed; we lack the necessary S/MIME infrastructure to make use of it even if it did.

Context Failure

Many security failures result from security by analogy. If a security control is adequate in one context, then it should be adequate in another context. If a four-digit PIN is good enough for securing an automatic teller machine (ATM) transaction, then it’s good enough for online banking. If sending passwords in the clear is good enough for FTP, then it’s good enough for HTTP. The problem with security by analogy is that while it can certainly be effective in identifying possible risks (i.e., if protocol A fails due to X, then look for the potential for X in protocol B), it is rather too easy to overlook significant differences in the context in which the protocols are applied. The PIN is only one factor in a two-factor authentication scheme in ATMs. Moreover, there is a maximum daily limit on withdrawal. In an online brokerage application, the PIN is the only authentication factor, and there is no transaction limit. The name of the Wired Equivalent Privacy (WEP) protocol used in securing IEEE 802.11b wireless Ethernet demonstrates another form of context failure. The designers of WEP assumed that the principal change in the security context of moving from a wired to a wireless LAN was the risk of disclosure. Consequently, they designed a protocol intended to provide a strong confidentiality protection wherein the authentication component consisted of a single secret key shared by every machine in the network. The practical security implications of this model included terminated employees’ surfing the corporation from the parking lot, among others.

Experience Failure

It is an old but true saying that familiarity breeds contempt. While almost everyone has an Internet security story to tell, the telephone network raises rather fewer concerns than it should. The security posture of the telephone system in virtually every industrialised country is predicated on the assumption that there is a single, monopoly operator whose employees are absolutely trustworthy. I have a fax machine in my office because some people insist that the Internet is not secure enough. The fax is served by a VoIP connection and forwards the messages to me by e-mail.

Usability Failure

Designing security protocols is not enough. If we wish to secure the Internet, we need people to use those protocols. Until recently, the field of security engineering usability was virtually ignored. Today it is much more widely appreciated as a security protocol that people do not use because people do not use what they cannot either use or understand. Much has been written about the need for end-to-end security. On the Internet the ends of the communication are the user’s brain and the person or organisation the user is interacting with. To provide end-to-end security, we must secure the last two feet between the user’s eyeballs and the screen. Secure Internet Letterhead⁽⁶⁾ was proposed with a view to that end: the customer recognises the bank by the bank’s brand on the ATM, the bank card, the branch, and so on. We should adopt the same cues on the Internet (e.g., via RFC 3709). Recognising the need for usability is much easier than achieving usability. The entire computing field is facing a usability crisis, and such techniques as exist tend to be designed by and for usability experts. Much work remains to be done before the techniques are part of every security engineer’s tool kit.

Accountability Failure

When the Internet crime wave first hit, a great deal of effort was put into consumer education. Such efforts frequently missed the point that Internet crime is neither the consumers’ fault nor the consumers’ responsibility. The design flaws are in the financial infrastructures and the Internet. Consumers were not responsible for the security design of either. Responsibility for security must lie with the party best able to provide it. Customers put their money in a bank because they believe that the bank is better able to keep the money safe than they are. If the bank starts telling customers that safety is customers’ responsibility, the bank undermines its own purpose. We cannot hope to hold a billion Internet users accountable for their actions, but we can hold ISPs accountable for allowing SYN floods and spoofed source address packets onto their networks, just as we now hold them accountable for spam. We cannot hold application providers accountable for every last bug in their systems, but we can hold them accountable for allowing the bugs to matter, and we can hold them accountable for systems whose default behaviour is to automatically run unknown programmes from unknown sources with full user privileges.

Deployment Failure

Perhaps the most common reason for Internet protocol failure is that the protocol is never used. Security specialists have been considering the economics of profit-driven Internet crime for some time. Recently, attention has focused on the economics of protocol deployment.(7) A study of deployment of the SSH protocol by Rosasco and Larochelle⁽⁸⁾ concluded that the reason for the protocol’s success lay not in the specific security features supported in the SSH protocol itself but in the additional, nonsecurity functionality that the SSH application made possible – in particular, the ability to tunnel X-Windows sessions using SSH. Many opportunities for applying this codeployment strategy remain untapped. Establishing an Internet Webcam session in the presence of firewalls and NAT remains a largely futile effort. In The dotCrime Manifesto⁽⁹⁾ I make the case that simplified network administration could be the killer application for Default Deny Infrastructure.

Conclusions

Despite our best efforts in applying our core skill sets, the Internet remains unacceptably insecure. Internet crime is a large and growing problem. Neither Internet crime nor the failure to deploy the necessary effective security protocols is an exclusively technical problem. We must therefore look beyond the narrow focus of our own expertise to other communities of experts that can help us. The list of problems to be addressed is reassuringly large: if we had no idea what the cause of the problem might be, we would have no way to fix it. While each cause of failure is significant, all are readily fixed once the problem is identified. All we need is the will to do so. Some have objected that these concerns are not engineering and thus lie outside the scope of the IETF. This is not my view. In Europe a person with mere domain expertise is known as a technician. Only once a candidate has demonstrated the ability to combine personal expertise with whatever other expertise is necessary (managerial, legal, commercial) to solve problems does the candidate qualify for the title engineer.

References

1. Jerome H. Saltzer, David P. Reed, and David D. Clark, s.l. End-to-End Arguments in System Design. IEEE Computer Society, 1981, Proceedings of the 2nd International Conference on Distributed Computing Systems, Paris, 1981, pp. 509-512.
2. Clifford Stoll. The Cuckoo’s Egg: Tracking a Spy through the Maze of Computer Espionage. s.l.: Pocket, 2000. 0743411463.
3. Rudolph Giuliani. The Resilient Society: A Blueprint for Homeland Security. Wall Street Journal. January 9, 2008
4. Paul C. Kocher. Personal communication
5. Butler Lampson. Hints for Computer System Design. 5, 1983, ACM Operating Systems Review, SIGOPS, vol. 17, pp. 33-48
6. Phillip Hallam-Baker, Secure Internet Letterhead (PDF). Presented at W3C Workshop on Transparency and Usability of Web Authentication
7. Ross Anderson and Tyler Moore. Information Security Economics – and Beyond (PDF). August 21, 2007
8. Nicholas Rosasco and David Larochelle. How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH (PDF). 2004
9. Phillip M. Hallam-Baker. The dotCrime Manifesto: How to Stop Internet Crime. s.l. Addison-Wesley Professional, 2008

 ]]> 999 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-perfect-attack/ Fri, 07 Dec 2007 16:16:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1001 The Perfect Attack The attack on Internet infrastructure that we are describing here makes use of the Domain Name System (DNS). The attack uses some of DNS’s necessary features for the profit of the attacker or its customer. The DNS is designed to use the UDP part of TCP/IP as its main transport. UDP is a perfect match for DNS due to the short question/answer exchange that is involved in most DNS queries and usually completed with the involvement of only one packet from client to server and one packet from server to client. This feature is one of the characteristics of DNS that makes it especially scalable, as there is usually none of the overhead of a session establishment during a DNS query/answer interaction. Because there is no state referring to the client in a DNS authoritative server, it’s possible for an authoritative DNS server to answer a high rate of incoming queries. Recursive servers – those that perform queries on behalf of their clients to walk the DNS tree and find the requested information – do have to maintain state while they issue the various queries that may be required to get the answer the client initially asked. Even with this added burden, a small number of recursive servers can handle large populations of clients because only a small portion will be performing queries at any given time. Recursive servers implement the caching mechanism (as described in DNS RFCs) and therefore can reduce the amount of external traffic required, as long as results from previous queries are readily at hand. This caching mechanism has worked very well over the years. On the other hand, the connectionless/stateless characteristics of DNS and its preferred underlying UDP transport are, as it happens, Achilles’ heels when it comes to differentiation of traffic arriving at a server. With DNS, a client is required to send a single packet to a server only in order to trigger a response by the server, with the corresponding work on the server side being performed. The effects on the server and network are therefore much more severe than the one-packet interaction of SYN attacks against TCP stacks popular some years ago. In addition, even though IP packets carry both a destination and a source address as part of their header information, the source address is generally looked at only once the packet arrives at its final destination and is used only as a means to address the reply sent by the destination server, if any is to be sent. The combination of these characteristics opens up the possibility for what are now called reflector attacks. In reflector attacks, a series of compromised hosts sends correctly formed DNS queries to recursive resolvers to which they have access over the network, but queries are crafted in such a way that the source IP address of the UDP packet is not that of the actual sending host but that of a victim. When the packet arrives at a recursive resolver, the answer is eventually sent out not to the host that sent the original packet but to the host with the faked source (now destination) address. By using a few of these recursive resolvers spread around the network, one can concentrate the streams of network traffic from the individual recursive resolver onto the victim in a way that can generate traffic levels that are unbearable for the target host or the networks it lives in, thereby causing the service to effectively collapse. The number of hosts used in the attack and their bandwidth can vary depending on what the attackers have at their disposal – sometimes preferring a few well-connected machines located on campus LANs with good Internet access and other times using botnets of hosts behind domestic broadband links. In all cases, careful distribution of traffic among originating hosts and recursive resolvers can make the traffic levels go undetected until the traffic gets close to the victim’s network and becomes focused on a single point. The victim always has a hard time because it is usually the network itself that gets saturated, and even if the network administrators were to block incoming traffic at their border routers, it is probably too late; by this point, their incoming links are probably saturated. The attack becomes a perfect attack when the victim is itself an authoritative name server. The server administrator is then faced with the problem of not being able to distinguish between real queries and attack traffic. Each of the recursive resolvers being used as reflectors is likely to also provide service for a community, and simply blocking traffic from one of the reflectors will render the service unavailable for the entire community served by it. Mitigating these attacks usually requires collaboration among the organisations responsible for the victim servers and the ISPs that carry the traffic, which attempt to trace traffic back to its origin and to find the command and control centre that coordinated the attacking hosts. So far, the usual reaction has been to increase capacity in order to increase the chances of surviving such an attack. While there are a number of forms these attacks may generate, only a few measures will be mentioned here that can be taken to at least help with closing the door to some of the possibilities. The first and easiest measure is to have the administrators of recursive resolvers configure their servers so that they provide service only for their intended audience and not the entire Internet. It is still quite common today to see a recursive resolver that will answer to any machine on the Internet – a holdover from older, gentler times. The IETF is trying to make a recommendation for these administrators in hopes of seeing some improvements. The recommendation is also geared toward DNS software vendors to alter their default parameters, so that service is by default provided only for a relevant default population – for example, those machines using the same IP prefixes as the server interfaces. It is good to see vendors taking action in this area already. The second and more difficult option is for ISPs to check the source IP address of packets in their networks and weed out the ones that shouldn’t be there. This can itself be tricky. While ISPs use knobs in their routing configurations, referred to as policy routing, which may inspect the source address in the packets for a variety of reasons, these source addresses are used mostly for traffic categorisation – for instance, for sending some source addresses or UDP/TCP ports via connections with more-controlled timing characteristics than other source addresses or ports have. A less frequent event is the utilisation of router capabilities that look at the source addresses of the packets to verify that they are within the set of addresses that should be seen coming in via a given router interface. In principle, only networks behind that interface should be sending packets to that interface, with their addresses as sources. This is generally the case for customer networks behind their ISP’s access routers or enterprises sending traffic through their office or campus routers to their upstream providers. The picture gets harder when ISPs with multiple peers are involved. When multiple paths are made possible for traffic exchange, asymmetric traffic is a definite possibility. Any such network is likely to see traffic intended for one destination exit via one path and the response enter the network via an entirely different path. This can be due to engineering considerations at the ISP in question or as a result of similar decisions made elsewhere in the network. Whatever the case, this is a feature that provides one of the pillars of resilience to the Internet and therefore should not been seen as a problem. Encouraging this sort of check and balance at the internal edges of the networks, where the core of the ISP network faces its customers, has the best chance of success. Most current router software for ISPs already includes features that allow this check to be performed without complex configuration and based on dynamic – rather than static and therefore harder-to-maintain – data. As can be seen, the involvement and cooperation of all parties are required for a complete solution to this sort of problem. While many will think this kind of coordination is a utopia, it is also one of the basic features of the Internet – the interconnected mesh of disparate networks out in the world.]]> 1001 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/directions-in-internet-transport-evolution/ Fri, 07 Dec 2007 16:18:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1003

Transport semantics is concerned with what transport abstraction the application writer sees or would like to build on. Described here is a new experimental transport protocol I presented at the meeting and how it compares with several existing transports.

Traffic management is concerned with mechanisms that allow transport endpoints to take advantage of available network bandwidth while being fair to other applications and users competing for network resources. This section summarises some of the key issues in defining fairness, as identified by Bob Briscoe in his presentation.

End/middle interaction is concerned with the interaction between the transport protocols at the endpoints, which traditionally assume that they have a clear end-to-end path provided by the IP layer, with middleboxes (such as NATs) and firewalls that intentionally obstruct or otherwise complicate this end-to-end path in various ways.

Transport Semantics

TCP introduced the ordered byte stream abstraction on which most Internet applications have been built. The conceptual simplicity, elegance, and flexibility of this minimalistic stream abstraction continue to be among TCP’s greatest strengths. Unfortunately, one of the basic assumptions embodied in this abstraction – that all bytes communicated in one direction as part of a given stream must always be delivered in order – creates practical performance problems for modern Internet applications that did not exist when TCP was designed. Because one lost packet in a TCP stream holds up all data queued behind it until the lost packet has been successfully retransmitted, TCP is almost unusable for real-time audio or video, in which it is much better just to drop and interpolate over isolated lost frames than to delay delivery of a whole series of frames. Modern Web browsers and other transaction-oriented applications similarly challenge TCP’s simple, totally ordered stream abstraction, with their need to submit many logically independent or parallel requests to one or more servers efficiently (for instance, to load all of the images and other embedded objects on a complex Web page). TCP forces applications to choose between (1) using one stream per transaction, as in HTTP 1.0, which can be inefficient due to the costs of creating and destroying short-lived streams, and (2) multiplexing many logical transactions onto a smaller pool of streams, as in HTTP 1.1, which creates the same head-of-line blocking problem, as in real-time media applications, where one lost packet delays delivery of all of the (potentially unrelated) transactions queued behind it on the same stream. TCP’s limitations have been recognised for years, and they constitute the motivating force behind the development of several alternative transport protocols, such as RDP, SCTP, and DCCP. While each one of the alternative transports tends to address heavily overlapping needs and problem areas, each one also takes a different approach to solving them. A common feature of all existing alternative transports is that they move away from TCP’s conceptually simple byte stream semantics and toward transport abstractions. DCCP provides unreliable, unordered delivery equivalent to UDP but with congestion control. RDP provides reliable, optionally sequenced message delivery with congestion control. SCTP provides reliable, optionally sequenced message delivery similar to RDP, but it also allows the application to associate each message with one of several logical streams within the application’s transport connection, thereby permitting messages on different streams to be delivered out of order. A common issue with all of these message-oriented transports is that their message abstraction does not scale arbitrarily the way that TCP’s byte stream abstraction does; instead, the application must break up large trans-actions into reasonably sized messages to avoid subtle performance problems or outright transport failures. This reasonable-size threshold is not generally well-defined and often varies with network conditions. At the Transport Area Open Meeting, I presented a new experimental transport called Structured Stream Transport (SST). Instead of moving away from TCP’s familiar, conceptually simple, and scalable byte-oriented stream abstraction like other alternative transports do, SST enhances TCP’s byte stream abstraction to permit applications to use streams in larger numbers easily and efficiently. With SST, for example, transaction-oriented applications like Web browsers need not either multiplex many transactions onto one TCP stream, as in HTTP 1.1, or retool to run on a message-oriented transport; instead, the application simply opens one new stream per transaction and relies on SST to implement those streams efficiently enough, whether it needs a few large streams, or a large number of short-lived streams, or some of each. An audio-streaming or video-streaming application on SST can preserve the transmission independence of separate frames simply by opening a new (rather short-lived) stream for each frame it wishes to transmit and using SST to take on the challenge of transmitting those ephemeral streams efficiently. Thus, SST’s philosophy is not to discard TCP’s serial byte stream abstraction but to adapt it to the demands of modern applications that demand nonserialised communication. SST’s main application-visible enhancement to TCP’s stream abstraction is what amounts to a fork operation, meaning that given any existing SST stream, either endpoint can initiate a new stream as a child of that existing stream. The other endpoint accepts this child stream by performing a listen and accept on its corresponding end of the parent stream rather than on a traditional listen socket. For example, a Web browser using SST might open a top-level stream to communicate with a particular Web server, and then open a child of that stream to fetch the HTML for a given page on that server, and then further fork a Web page’s HTML stream to load each of the embedded objects on that page. SST thus organises streams into a heredity structure – hence the term structured streams. Because SST preserves and communicates this heredity structure between the participating hosts, applications do not have to bind port numbers or authenticate each new stream: a child stream always starts with a clear communication context defined by the parent stream it is derived from. Once created, each SST stream is independent and provides semantics essentially identical to TCP streams, including reliable delivery, ordering, and flow control independent of all other streams. The SST protocol contains optimisations that allow the application to create and start sending data on new streams, with no three-way handshake delay as in TCP, and SST can destroy streams without maintaining their state for a four-minute TIME-WAIT period as in TCP. All SST streams between given pairs of endpoints automatically share congestion control state, thereby avoiding the performance costs of a separate slow start for each new stream. The application can limit the length of time a stream’s data is buffered for retransmission, which permits SST to be used for unreliable delivery when needed, such as when streaming media. For further details about the protocol, see my SIGCOMM paper.⁽¹⁾ A natural question, then, is, How does SST differ in practice from SCTP, which also supports the sharing of congestion control and some other transport state among multiple logical streams? In addition to the basic semantic difference between SST’s TCP-like streams of bytes and SCTP’s RDP-like streams of messages, there are two, key, pragmatic differences. First, an SCTP application cannot dynamically open or close individual streams; instead, it opens a connection representing all the streams it will need, and SCTP negotiates the number of streams to be multiplexed onto that connection only once during connection setup. Second, SCTP provides receiver-directed flow control only for the entire connection and not independently for individual streams. The application can receive only the next message available on any stream and cannot pick a particular stream on which to receive. This means that the receiver cannot hold off the sender’s transmission on one stream – such as in the case of a video file being downloaded for playing at a constant frame rate – while continuing to accept data on another stream, such as in the case of a file being downloaded to disk as quickly as the disk will accept it. SST streams, in contrast, work like fully independent TCP streams, only implemented more efficiently: the application can open and close them at any time and can read from some streams while holding off the sender on others. Could SST be implemented as a layer on top of SCTP? Yes and no. It may be relatively straightforward to implement SST’s hierarchical stream abstraction with dynamic open/close on top of SCTP, making use of SCTP’s fixed set of streams negotiated at connection time as a pool of low-level message streams on which to multiplex SST’s TCP-like byte streams. Making up for SCTP’s lack of independent per-stream flow control may be more difficult to do this way, however, because it would require the adaptation layer to maintain an additional set of send and receive buffers between SCTP’s and the application’s, thereby subjecting data to additional copying on the critical path. SST is still in an early experimental stage, and all transports other than TCP and UDP face serious deployment challenges due in part to the end/middle interaction issues discussed later. Nevertheless, the amount of effort expended over the past decade on alternative transports with relaxed ordering and delivery semantics suggests that there is clearly a widely perceived need for such alternatives to TCP, even if the best approach is not yet clear.

Traffic Management

A large portion of ongoing transport-related work both in the IETF and elsewhere is concerned with mechanisms for controlling the flow rate of network traffic. The goal is to permit applications to take full advantage of whatever bandwidth is available over a given path while ensuring that different applications and users share available bandwidth fairly and avoiding congestive collapse. The Internet’s traditional approach to traffic management has been via end-to-end congestion control implemented in such transports as TCP, by which the transport dynamically senses the amount of bandwidth available and adjusts its transmission rate to match. A large portion of Transport Area work both within and outside of the IETF is devoted to development of new congestion control algorithms or to refinement of existing ones. Unfortunately, the traditional end-to-end congestion control approach suffers from a serious flaw: since each transport endpoint has a limited view of the network, in which it sees only the results of its transmission attempts on particular end-to-end paths, the whole notion of fairness can be seen by a transport protocol only in terms of fairness between end-to-end flows. As Bob discussed in his presentation at the Transport Area Open Meeting, network operators tend to think of fairness not in terms of flow rate equality but in terms of volume accounting – in other words, in terms of how much traffic load a particular application or user is placing on the network regardless of whether that load consists of one end-to-end flow or many and regardless of whether the user causes the flow to be active continuously or intermittently. The problem with the traditional per-flow definition of fairness is exemplified by BitTorrent, an application that routinely uses dozens of concurrent TCP connections to different remote hosts. Each of those connections uses standard TCP congestion control and thus is entirely fair – in the per-flow sense – to other TCP applications. However, because BitTorrent’s dozens of flows in aggregate consume dozens of times the bandwidth of a competing application using only one flow and because all of its flows run continuously, it is perceived by users and administrators as extremely unfair to other applications. On the other hand, the volume-accounting view of fairness fails to take load variability into account. In other words, a given volume of traffic that causes considerable congestion during a time of peak load might cause little or no congestion at other times. Enforcing a simplistic view of fairness in terms of volume accounting can thus prevent applications from opportunistically taking advantage of available network capacity. ISPs are increasingly deploying traffic-rate control devices in the middle of the network. Those devices sometimes attempt to enforce a sense of fairness among different applications and/or users. Unfortunately, the rate-control policies the ISP can enforce effectively are limited by what an ISP’s routers can heuristically discover through deep-packet inspection; even when the ISP’s intentions in setting the rate-control policies are honorable, the results often do not really correspond to what either the ISP or its users expect, thereby causing confusion and anger. There are many difficulties in trying to come up with a truly workable notion of fairness for traffic management on the Internet. Bob proposes that deciding on such a notion is not the IETF’s job; instead, he says, the IETF should focus on developing design-time accounting metrics and management mechanisms that enable sensible resource-sharing policies to be enforced at run time.⁽²⁾ Whatever the case, finding a reasonable way to escape both the per-flow fairness mind-set of traditional congestion control and the congestion-insensitive volume-accounting mind-set of administrative traffic control mechanisms and synthesising them into a scheme that enables end-to-end transports to work with middle-of-the-network devices so as to create truly useful fairness policies represent the next big challenges to be addressed in the Transport Area.⁽³⁾

End/Middle Interaction

The IETF already has three working groups – MIDCOM, NSIS, and BEHAVE – that are concerned at least in part with improving the way traditionally end-to-end transports traverse and interact with middleboxes, such as NATs and firewalls. Several non-IETF projects, such as UPnP and NAT-PMP, take similar-but-different approaches to the middlebox interaction/traversal problem. Still another approach – extending STUN into a middlebox control protocol – was discussed at the SAFE BOF. Why did we end up with so many different approaches to solving the same problem? Because, as Lars pointed out in the open meeting, any of us can design a middlebox control protocol, but “nobody has designed one that anyone really wants to deploy.” We cannot simply hope that this problem will go away during the transition to IPv6, because even if NATs eventually disappear, firewalls are clearly here to stay. Many feel that NATs are here to stay, too, because of perceived benefits unrelated to IPv4 address space limitations such as administrative isolation/modularisation of address space and obfuscation of internal addresses from the viewpoint of external hosts. Furthermore, there appears to be renewed interest in using NAT to provide interoperability between the IPv4 and IPv6 universes. Because IPv6 is only now starting to see widespread deployment, it is still somewhat malleable, so now would be a great time to make any changes required to enable IPv6 transport protocols to work well over NATs and firewalls. One possible explanation for the lack of deployment of current middlebox control/interaction protocols is simply that the need for them is not yet great enough, but perhaps it will be soon. As IPv4 address space pressure increases, the cost of static IP addresses will increase, and higher-profile players will start seeking cost-effective solutions to give their hosts full functionality even from behind NATs. As multilevel NAT scenarios become more prevalent and adjacent network domains increasingly end up using overlapping private address spaces, current traversal solutions make legitimate traffic arrive at unintended destinations, creating both efficiency concerns and security concerns that may increase the pressure for explicit middlebox control. Mobility may also create pressure for the deployment of control protocols in order to reduce the power-draining keepalive traffic that current ad hoc traversal solutions require to hold their UDP bindings open. On the other hand, simply moving middleboxes and applications away from fixed-rate binding timers and keepalives and toward using binding timers with exponentially increasing periods might address the keepalive problem without explicit middlebox interaction.⁽⁴⁾ Therefore, on one hand, maintaining a wait-and-see attitude toward the current crop of middlebox control mechanisms and avoiding new work in this area until the waters clear up a bit might be an appropriate strategy. On the other hand, there are inherent risks with this strategy, mainly because most of the current mechanisms have limitations that may further increase the Internet’s brittleness if those protocols become widely deployed without undergoing more-careful analysis and standardisation. For example, some control protocols, such as UPnP and NAT-PMP, do not address multilevel scenarios at all, whereas others can, but only when adjacent private address spaces do not overlap. This suggests that one potentially worthwhile near-term project in this area is to perform a careful, mechanism-neutral, side-by-side analysis of the currently available middlebox interaction mechanisms, clearly identifying the limitations of each and the potential risks to the Internet’s future evolution if a given mechanism were to become the de facto standard for end/middle interaction. If we can’t identify the right middlebox control mechanism, at least we can try to consolidate what wisdom we do have on the alternatives. This should provide useful guidance for vendors and customers that may now or in the future be considering deployment of middlebox control mechanisms.

1. Structured Streams: A New Transport Abstraction, Bryan Ford. ACM SIGCOMM, August 2007.
2. For details on the proposal, see draft-briscoe-tsvwg-relax-fairness-00.txt and Bob Briscoe’s presentation slides.
3. Flow Rate Fairness: Dismantling a Religion, Bob Briscoe. ACM CCR 37(2) 63-74, April 2007.
4. A Simpler Way to Reduce Keepalive Traffic.

]]> 1003 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report-5/ Fri, 07 Dec 2007 16:19:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1005 Crypto Forum Research Group (cfrg) The CFRG serves as a bridge between theory and practice, bringing new cryptographic techniques to the Internet community and promoting an understanding of their use and applicability. It is a forum for discussing and analysing general cryptographic aspects of security protocols. IETF working groups (WGs) that are developing protocols that include cryptographic elements often find it useful to bring questions to the CFRG.

Current Work

Members of the CFRG recently discussed message authentication code (MAC) requirements, in the contexts of both draft-irtf-cfrg-fast-mac-requirements and the TCP-AO (TCP-Authentication Option) currently under design in the TCPM (TCP Maintenance and Minor Extensions) WG. New work such as SHA-1 and MD5 that makes digital signatures less vulnerable to attacks against hash functions was presented in draft-irtf-cfrg-rhash-01.txt.

New Work

New work in the form of draft-dharkins-siv-aes-01 has been reviewed, discussed, and revised. The work presents a new method for authenticated encryption that is more robust against misuse than most other modes are. It is under consideration in the TLS (Transport Layer Security) WG and other areas. The draft of “An Interface and Algorithms for Authenticated Encryption” was approved as an RFC. The work has been adopted by the TLS WG as the basis for its use of AES GCM (Advanced Encryption Standard Galois Counter Mode). It is being adopted for other IETF uses as well.

Future Work

The RG expects that a discussion of MAC candidates will follow the discussion of MAC requirements. References to some candidates have been provided.

Members of DTNRG are concerned with addressing the architectural and protocol design principles that arise from the need to provide interoperable communications with and among extreme and performance-challenged environments where continuous end-to-end connectivity cannot be assumed.

Delay-Tolerant Networking Research Group (dtnrg)

Members of the DTNRG are concerned with addressing the architectural and protocol design principles that arise from the need to provide interoperable communications with and among extreme and performance-challenged environments where continuous end-to-end connectivity cannot be assumed. In other words, is it possible to interconnect highly heterogeneous networks even if end-to-end connectivity may never be available? Examples of such environments are spacecraft, military and tactical programmes, certain forms of disaster response, underwater, and some forms of ad hoc sensor/actuator networks. Another example is Internet connectivity in places where performance may suffer, such as in parts of the world that are still developing. In 2007, the RG published two RFCs:

• RFC 4838: Delay Tolerant Networking Architecture (Informational)
• RFC 5050: Bundle Protocol Specification (Experimental)

Current Work

There are a few areas of current work that are fairly mature and are likely to be completed as RFCs in 2008:

• LTP (Licklider Transmission Protocol): a transport protocol for high-delay environments
• Security: authentication and privacy for the DTN (delay-tolerant networking) bundle protocol - There was agreement at a meeting held in Dublin to favour counter-node crypto because of its length-preserving properties. This becomes important when fragmentation is performed.

A Few Noteworthy Technical Items

• Structure of the namespace DTN uses URIs (Uniform Resource Identifiers) to identify endpoints, -which include a scheme. Ongoing discussion revolves around the semantics associated with such schemes and how applications make use of them.
• Bit-level reliability The bundle protocol does not currently contain a checksum or CRC (cyclic redundancy check) on the data (or blocks, which are similar to headers). Some of the folks involved in the RG would like to add this capability. [The security protocol uses a mechanism to ensure that bundle contents do not get modified either intentionally or unintentionally in transit, but some feel this approach may be too heavyweight.]
• Multicast Although this issue has received some attention in the past, not much activity has been seen recently. The interaction with multicast and custody transfer can be tricky, and it remains an area of investigation.

Future Work

The DTNRG will meet at IETF 71 in March 2008 in Philadelphia. Upcoming discussions are likely to include some of the aforementioned technical issues in addition to discussion of the future of one or more “reference implementations” (RIs) of the bundle protocol. At present, we have identified one RI, but there are now multiple implementations that were demonstrated to interoperate during a DTN interop held at IETF 67. Issues revolve around whether there should be more than one RI for different operating environments and what its real purpose or purposes may be, such as education, demonstration, and performance. For more information, see http://www.dtnrg.org and http://irtf.org/charter?gtype=rg&group=dtnrg.

End-Middle-End Research Group (emerg)

The goal of the End-Middle-End Research Group is to evaluate the feasibility and desirability of an architectural change to the Internet that allows explicit interactions with middleboxes, such as firewalls. We have considered a higher-level DNS-based naming scheme, in the manner of URIs, coupled with signalling protocols that are used to initiate and modify transport-level connections, such as TCP, UDP, SCTP, or DCCP flows. The aim is to investigate possible designs for a straw man experimental protocol. A joint meeting with the HIP RG took place at IETF 69 that was very successful. The EME NUTSS draft provides connectivity that keeps stakeholders in mind. NUTSS makes explicit policies of middles and ends. EME could help HIP with middlebox traversal because EME is a mechanism for relaying a policy request to the right box. Some people question whether EME should carry application semantics and whether modifications to the packets should be allowed. The complete minutes are available here. The group published a draft (draft-irtf-eme-francis-nutss-design-00.txt), but recently there has been no activity. Disbanding the RG is under consideration.

End-to-End Research Group (e2erg)

The E2ERG focuses on issues related to the end-to-end nature of communication. Historically, the group has focused its energies on one or more topics that are of particular interest to its members before moving on to another topic. Although the group is closed, it is sometimes necessary to invite other participants to meetings when there is an area of mutual interest. Two recent and current interests are (1) a review of the current state of congestion control and (2) questions about the provision of end-to-endness in an increasingly heterogeneous networking environment, particularly as it relates to management, routing, and characteristics of delivery services across qualitatively different subregions of the network. Typically, the group meets two or three times a year for two days at a time – at times and locations other than the times and locations of IETF meetings in order to avoid time conflicts. Most of the meetings have been in the United States, but the most recent meeting was in London. The next meeting will be in Cambridge, Massachusetts, in February 2008.

Host Identity Protocol Research Group (hiprg)

The IRTF HIP research group (HIPRG) complements the IETF HIP working group. Its two main goals are:

• To provide a forum for discussion and development of aspects of the HIP architecture that are still in research phase and not ready for working-group-level standardisation
• To stimulate, coordinate, discuss, and summarise experiments on deploying HIP; to provide feedback at some later date to the IAB and the IESG regarding the consequences and effects of wide-scale adoption of HIP. For the latter goal, the RG had planned to produce an experiment report, which currently exists in draft form (draft-irtf-hip-experiment-03.txt).

To date, most of the energy of the RG has been devoted to the first goal. There have been and continue to be various drafts on such issues as privacy extensions for HIP; basic and advanced NAT traversal; the i3 architecture and HIP; DHT (distributed hash table) as a HIP lookup service; process migration using HIP; SIP (session initiation protocol) and HIP interactions; TCP piggybacking of HIP messages; middlebox interactions; HIP and multicast; and network operator concerns with HIP. The RG has also pushed documents into the rechartered HIP WG (NAT traversal, legacy application support, native API) and has published its own IRTF-track document: “draft-irtf-hiprg-nat-04.txt.” There has been clear, ongoing interest on the part of a wide range of individuals and groups in studying how to extend the HIP architecture. It has been difficult, however, for the RG to make progress on goal number 2. The chairs observe that coordinating and conducting experiments – particularly those oriented toward answering deployment questions – are much more difficult tasks than originally thought, especially compared with extending HIP. Since 2006, the HIP RG chairs have encouraged additional collaborative experimentation and dissemination of results. The chairs believe that encouraging wider-scale experiments and collaborations for the purpose of answering specific deployment questions about HIP is a priority. There are three open-source implementations of HIP that continue to mature, which means that software availability will become less of a barrier over time. The HIP RG met at IETF 70 in Vancouver, Canada, and the group plans to meet again at IETF 71 in Philadelphia in March 2008. At its last meeting, the session featured a presentation of a few new HIP ideas regarding multicast and Internet connection sharing, updates on HIP projects and deployments, and discussions regarding the potential use of HIP as part of the peer-to-peer SIP overlay solution.

Internet Congestion Control Research Group (iccrg)

Ever since congestion control got included as part of TCP in 1988, this function has helped the Internet survive by ensuring its stable operation. However, it has long been agreed that this mechanism is not ideal; in fact, it shows deficiencies in the face of heterogeneous link properties, such as high capacities, long delays, or noise. Now, after almost two decades, it seems that the demand for more better-performing mechanisms has become so strong that people are beginning to use alternatives that do not adhere to the standard anymore. Because this can lead to adverse interactions among different mechanisms, it is a major goal of the ICCRG to move toward consensus regarding (1) which technologies are viable, long-term solutions for the Internet congestion control architecture and (2) what might be an appropriate cost/benefit trade-off. As a starting point for designers of new mechanisms, the group is currently working on two documents: a survey of congestion-control-related RFCs (which should help avoid reinventing the wheel) and an overview of open issues in the field of congestion control. A process for evaluating experimental congestion-control proposals has been crafted with the goal of arriving at a recommendation to the IETF regarding publication of such proposals as RFCs (this process is currently applied to two documents describing TCP variants – CUBIC and Compound TCP – and discussions are ongoing).

Network Management Research Group (nmrg)

The NMRG continues to study the behaviour of management protocols by using traces collected from operational networks. The number of traces available is steadily increasing, although we are still short of traces from enterprise networks where we expect a larger percentage of commercial management applications to be deployed. On the technical side, the NMRG is working on exchange formats for SNMP (Simple Network Management Protocol) traces (currently in second last call) and a common framework (and associated tools) for data aggregation/separation of SNMP traces (under active development by a small group, to be posted as an ID in January 2008). Based on this common framework, people analyse the periodic behaviour of SNMP traffic or they identify basic data retrieval algorithms used by management stations. Another aspect is the development of suitable online visualisation tools. The NMRG did hold a one-and-a-half-day-long meeting in November 2007, which was hosted by the University of Twente in the Netherlands. Another meeting was held last year in Prague. In October 2007, an IEEE Communications Magazine paper on research directions in network management was published that originated from a joint NMRG/EMANICS workshop held in October 2006. Several regular NMRG attendees also participated in a July 2007 seminar on autonomic management held at Dagstuhl in Germany. The SNMP measurement format ID is under second last call and will likely enter the IRTF publication process in January. The initial ID on data aggregation/separation will be posted in January 2008. It will then go through the RG process, which may mean that it gets last called in the summer. If things go well, it could be ready for the IRTF publication process in the second half of 2008. Thus, there will likely be a discussion about future work items during summer 2008.

Scalable Adaptive Multicast Research Group (samrg)

The SAMRG was formed in June 2006 and is cochaired by John Buford of Avaya Labs Research and Jeremy Mineweaser of Massachusetts Institute of Technology's Lincoln Laboratory. The scope of the RG is to research application layer multicast techniques that leverage native multicast and that can adapt to different application requirements. The SAMRG held two meetings in 2007: one was an interim meeting, which was held in January 2007 in conjunction with the P2P Multicasting Workshop; the other was a meeting held at IETF 69 in Chicago. The main result of the RG was development of the following drafts and publications related to work items in the charter of the RG:

• Problem statement and requirements draft-irtf-sam-problem-statement-01.txt draft-muramoto-irtf-sam-generic-require-01.txt
• Technology survey H. Yu, J. Buford. Advanced Topics in Peer-to-Peer Overlay “Multicast.” Encyclopaedia of Wireless and Mobile Communications (ed. B. Fuhrt), CRC Press, forthcoming.
• Framework for the SAM design draft-irtf-sam-hybrid-overlay-framework-01.txt A key part of the SAM framework involves leveraging the design of Automatic IP Multicast without Explicit Tunnels (AMT) (draft-ietf-mboned-auto-multicast-08) by extending it to permit ALM connection.
• Hybrid ALM protocol proposals, including: Waelrich and Schmidt: The Hybrid Shared Tree Architecture Lei, Fu, Yang, and Hogrefe: Dynamic Mesh-Based Overlay Multicast Protocol
• Test bed for SAM experimentation and demonstration Participants from WIDE have developed and tested an XCAST router on a private PlanetLab. The work is discussed in draft-muramoto-irtf-sam-exp-testbed-00.The XCAST (multidestination multicast) router is an element of the SAM framework due to the synergy between overlay routing and multidestination routing in the underlay network, which has demonstrated message savings of 30 percent. The topic will be covered in an article to be published in Computer Communications Journal called “Exploiting Parallelism in the Design of Peer-to-Peer Overlays,” by John Buford, Alan Brown, and Mario Kolberg.

The next SAMRG meeting is scheduled for IETF 71 in Philadelphia in March 2008. Goals for further work include moving the XCAST router to the public PlanetLab for use by the entire RG and integrating this with the extended version of AMT described in the SAM framework specification. For more information.

Routing Research Group (rrg)

The RRG is chartered to research routing and addressing technology that is not yet ready for engineering efforts. For the moment, the RRG has elected to focus on the problem of finding a scalable routing and addressing architecture for the Internet. In the current architecture, a multihomed site either injects one or multiple provider-independent address prefixes into the routing system from multiple locations or otherwise injects one or more prefixes it received from one provider into the routing system through other providers. Either case necessitates global scope for the address prefixes, and it results in a scalability issue. Locally scoped address prefixes are not sufficient, because legacy transport (TCP and UDP) connections use a specific prefix for connection identification, thereby tying the connection to a specific access link and creating a single point of failure. The primary thrust of most of the proposals currently before the group involves decoupling the location semantics from the identification semantics. Since rechartering in early 2007, the RRG has met three times and has heard approximately 20 different technical proposals or updates to proposals. The group continues to receive new proposals and to refine a number of existing proposals. The mailing list has been reasonably active. Currently, the goal is to drive the group to overall rough consensus through debate and comparison of proposals. The group plans to start the explicit windowing process in its next meeting (tentatively planned to coincide with IETF 71). The process is expected to take a year. During that time, new proposals are encouraged, and existing proposals are open for revision, potentially incorporating useful ideas from individual efforts and from the group's feedback. The group is interested in devising by the end of the meeting a single, scalable routing architecture that it can recommend to the IETF for further development.

Transport Modelling Research Group (tmrg)

The Transport Modelling Research Group is chartered to produce a series of documents on models for the evaluation of transport protocols. The documents will include a survey of models used in simulations, analysis, and experiments for the evaluation of transport protocols. The output of the group will also include a broad set of simulation test suites and a set of recommendations for test suites for experiments in test beds. The group's goal is to improve its methodologies for evaluating transport protocols. Recent accomplishments include the following:

• The first document from the TMRG, Metrics for the Evaluation of Congestion Control Mechanisms (draft-irtf-tmrg-metrics-11), is in the final stages of review by the Internet Research Steering Group.
• Gang Wang, Yong Xia, and David Harrison have produced an Internet-Draft on an NS2 TCP Evaluation Tool Suite (draft-irtf-tmrg-ns2-tcp-tool-00.txt), along with a Web page with simulation scripts. The document describes a tool for use in the ns-2 simulator for generating scenarios with typical topologies and traffic models and for evaluation of the results via a range of metrics.
• Lachlan Andrew organised a workshop in November at California Institute of Technology called the TCP Evaluation Suite Round Table, where scenarios for evaluating congestion control mechanisms were discussed. As a result of the workshop, a short paper titled “Towards a Common TCP Evaluation Suite” was written and submitted to PFLDnet2008 (the yearly workshop on Protocols for Fast Long-Distance Networks).

Future Work

Future plans include the further development of best-current-practice scenarios for the evaluation of congestion control mechanisms in simulators and test beds and building on the paper “Towards a Common TCP Evaluation Suite.” Plans also include completion of the Internet-Draft on Tools for the Evaluation of Simulation and Testbed Scenarios (draft-irtf-tmrg-tools-04). For more information about the IRTF.]]> 1005 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-6/ Fri, 07 Dec 2007 16:27:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1018 Unlike previous IETF meetings, the IETF 69 plenary did not feature a technical presentation. Olaf Kolkman explained that it can be a challenge to find good speakers and topics that are interesting and relevant enough for the entire IETF community. The open mic discussion that ensued prompted several suggestions, including one by Aaron Falk, chair of the Internet Research Task Force (IRTF), who proposed that more research topics be included, which, he said, might have the added benefit of encouraging more researchers to participate in the work of the IETF. Another participant added that it might be beneficial to have an IETF working group (WG) or an IRTF research group (RG) present its work to a wider audience, such as IETF plenary participants, if the scope of the work is not too narrow. In general, it was agreed that the session would benefit from presentations that coherently address the larger challenges for the Internet-such as IPv4 address exhaustion and cybercrime- but not only from a technical perspective. In other words, the IETF should be thinking more about benefits for end users instead of thinking only about engineering issues. Former Internet Architecture Board (IAB) chair Leslie Daigle supported that position, saying it would be good for IETF meeting planners to think about what makes a topic relevant to the IETF. For example, is it something that requires action on the part of the IETF? Or is it a topic of imminent importance to the community? “We tended to shy away from this in the past few years,” she said. IAB member Elwyn Davies added that the IAB is taking steps to address the wider community by, for example, working with ISOC to raise awareness of unwanted traffic. After a lively discussion about IPv6, firewalls, NAT (network address translation), and NAT traversal mechanisms, one participant commented that 10 years ago, when he started working in the IETF, he believed that the architectural principles, such as the end-to-end principle, represented a shared vision. Today, he said, there doesn’t seem to be much in the way of coherent work that spans multiple areas. Instead, narrow pieces of standards work are being done, all of which are driven by business and the marketplace. “Where is the endto- end-principle in applications these days?” he asked. “That underlying principle made the Internet grow the way it did. If this is not a shared vision anymore, this will have to be discussed.” In response, another participant suggested looking more at conclusions than at principles. “End-to-end was a conclusion,” he said. In the 1980s, he added, former IETF chair Dave Clark wrote a document that discussed where in the network might be the best point to put complexity. At the time, Dave came to the conclusion that complexity and management are best placed at the edges of the network, which meant that end to end was an important feature. Since then, circumstances have changed. Putting complexity at the edges is no longer a good idea; there are too many of them. Furthermore, neither is putting network management at the core of the Internet a good idea. The speaker suggested that today, complexity should be at the point between the intranets (internal networks) and the Internet. “That is the point network operators have control over and can manage,” he said. “Does that mean we need to get rid of old principles if they no longer apply? The most important goal is to keep the robustness of the Internet." On the subject of firewalls, Thomas Narten warned the IETF not to make the same mistake it made in earlier days. As Thomas explained, in the past the IETF did not make recommendations on the behaviour and use of firewalls, because firewalls were generally seen as “a bad thing.” This created a gap that was filled by the industry in a way that created inconsistencies. Consequently, firewalls do not work very well. “If we want the IETF to help make the Internet work better, we have to admit that we missed an opportunity with respect to firewalls,” he said. “Now we have the opportunity to influence firewall behaviour in IPv6.” The same, he said, applies to NATs. “The industry filled a gap because the IETF made no clear recommendations,” Thomas said. “This means there’s no predictability regarding how applications work. Now we’re having the same discussion with IPv6: Do we need NAT-PT [IPv6 NAT]? No, we don’t. But the reality is that people will create NATs in IPv6. The point is that with NAT-PT, we may be making a big mistake by leaving a vacuum out there.” Other speakers added that what seems to be missing is for the end hosts to tell the firewall what kind of traffic it wants to receive. (Note: NAT just happens to let traffic through, whereas the behaviour of a firewall is a policy decision.) This has not been developed or successfully deployed. Brian Carpenter referred to a paper by Mark Handley titled Why the Internet Only Just Works (PDF). As Handley says in the paper, the Internet is going to suffer growing pains as it moves from providing 80 percent of the functionality to providing more than 90 percent of the functionality, as called for by the new requirements. The track record, he writes, is not at all good. Historically, all of the major changes that were successful were implemented at the last minute. This, Brian pointed out, should not be a surprise. “There are always too many immediate issues to be concerned with to invest time and money on those that are not currently critical,” he said. “And consensus for architectural change is very hard to reach unless you’re faced with a specific and pressing problem.” Thomas agreed, adding that there is a brief window of one to three years before people will need to look at IPv6. Only in that short window can things be fixed, he said. “The IETF tends to work best when things really hit, and yes, things are starting to hit now.” A number of other issues were raised during the plenary, including the concern that there appears to be no formal procedure for revisiting older specifications or RFCs. In some cases, the WG, or even the entire IETF area, is no longer in existence, which makes it difficult to address requests to revise or revisit specifications. Following that was a lengthy discussion on an issue related to the IPv6 WG. Some disappointment was expressed that the WG did not meet during IETF 69 despite requests from within the WG. It’s expected that the WG will be rechartered to include maintenance issues, but it’s also possible that the group will take on new work, such as issues related to the deployment of IPv6. Some people felt that multiple WGs might be needed: one to address protocol work and others to address more-operational issues. In addition, the IPv4-to-IPv6 transition mechanisms may need to be revisited. One participant said he believed that the slow deployment of IPv6 is the result of its having been created inside the IETF instead of in cooperation with industry players. In most cases, when work comes to the IETF, a deployment constituency is already in place. IPv6, on the other hand, has been developed internally by the IETF with the assumption that it’s needed and that it will eventually be adopted by the market. With this in mind, the IETF will need to think about how to sell IPv6 to the world. Another topic raised during the open discussion was the update of RFC 2026, which describes the standards process. The RFC currently describes the standards process as a three-step procedure, but in reality, one or more steps are often omitted before the industry starts using it. Many folks within the IETF agree that the RFC should be updated to reflect how the standards process is realised in practice, which not only would be fairer to newcomers to the IETF but also would benefit the entire community. It was agreed, however, that any adjustments to the RFC should be viewed as a “process documentation correction” and not a change in the actual process. In other words, the underlying principles should be kept in place. One participant suggested that this be represented as an ongoing process and not as a three-step process, because many protocols will, in fact, never be completely finished (many require ongoing maintenance). In conclusion, it was agreed that when important documents, such as the standards procedure documents, get changed, one must be sure that the outcome is what the entire community wants. News and Announcements from the IAB and the IETF Reports from the IAB workshop on Unwanted Traffic and the workshop on Routing and Addressing are currently in the RFC Editor queue and will be soon published as RFCs. In addition, there are a few nonarchitectural documents:

• RFC 4844: The RFC Series and RFC Editor
• RFC 4845: Process for Publication of IAB RFCs
• RFC 4846: Independent Submissions to the RFC Editor

A number of personnel changes were announced at IETF 69. Ted Hardie has been appointed to the ISOC Board of Trustees. Loa Andersson is now IAB liaison to the Internet Engineering Steering Group. Danny McPherson has been appointed IAB liaison to the NomCom. Stewart Bryant will serve as liaison for ITU-MPLS. And Scott Brim has stepped down as liaison for ITU-NGN. It was announced that the ITU has been looking for input on its role in Internet policy and standards development. Those who are interested can find the IAB’s input. There was also an informal gathering between the IETF and the ITU on 21 July 2007. The goal of the meeting was primarily to get to know each other better and to develop personal working relationships so that future collaborations can be effective and fruitful. The next IAB retreat will cover the following topics:

• Routing and Addressing: Actively following developments and building common understanding of architectural issues
• IP Fundamentals: What assumptions are made in stacks and how they relate to original design goals; IP and NAT (architectural questions)
• Bridging gaps with partner organisations like ISOC, the IRTF and others

At the last IETF meeting, the IETF Trust produced a license agreement for authors who want to sign their RFCs over to the Trust. It is a bit disappointing to see that not many people have done that so far. The license agreements can be found on the IETF Administrative Support Activity (IASA) Web site. With respect to the IASA budget, there is a shortfall between the planned budget and the current income for meeting the budget line in 2007. However, special thanks are extended to Microsoft and Cisco Research for hosting IETF 70 in Vancouver, Canada.

New BoF MeetingsDescriptions and agendas for all BoF meetings Applications Area biff: Notification from Mail Stores httpbis: HyperText ransport Protocol Bis vcarddav: vCard and CardDAV Operations and Management Area apm: Application Performance Metrics nee: Netconf Extensions and Evolution xsdmi: XSD for accessing SMIv2 data models Security Area tam: Trust Anchor Management

IETF 69 Facts and FiguresRegistered attendees: 1146 Countries: 40 New WGs: 2 Closed WGs: 10 New Internet-Drafts: 436 Updated Internet-Drafts: 946 IETF Last Calls: 74 Approvals: 96 RFC Editor Actions (March-June 2007) 103 RFC published of which

• 47 standards track
• 5 BCP

IANA Actions (March-June 2007) Processed ~1900 IETF-related requests of which:

• 981 Private Enterprise Numbers
• 90 Port Numbers
• 124 TRIP ITAD Numbers
• 42 media-type requests

Completed IANA Actions for 84 documents becoming RFCs

 ]]> 1018 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-4/ Thu, 27 Dec 2007 15:36:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1452 IETF 71 9-14 March 2008 Host: Comcast Location: Philadelphia, PA, USA

IETF 72

27 July-1 August 2008 Host: Alcatel-Lucent Location: Dublin, Ireland

IETF 73

16-21 November 2008 Host: Google Location: Minneapolis, MN, USA

IETF 74

22-27 March 2009 Host: TBD Location: North America (Provisional)]]> 1452 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/doing-business-securely-in-an-insecure-world/ Thu, 27 Dec 2007 15:38:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1454 The Net Is a Dangerous Place, but We Can Do Things Safely Twenty years ago, it was considered rude to connect a UNIX machine to the Net without offering a password-free account named guest so that any passerby could use it. When I tell this to people who have less than 10 years of experience working with the Internet, they don’t believe me. Times have certainly changed. Today the Net is much less secure. In an environment where attacks are recurring events, where operating system and application vulnerabilities are discovered daily, and where bot-nets of 100,000 zombies attack, we still feel comfortable conducting financial and other private transactions worth billions of dollars on the Net. How is this possible? It’s possible because we have deployed tools and protocols that enable secure transactions in an insecure world. This philosophy is similar to that which explains how we were able to build a reliable network from a set of unreliable components: circuits may fail and equipment may have errors, but the packets route around these problems. So, what are the successful protocols and tools that have made the Net a safer place? Here are some of what I consider the most significant.

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

One would not consider sending credit card or other personal information over an unencrypted link. Encrypted and authenticated browsing, using https as opposed to http, are the bases on which almost all Internet commerce is founded. Even when a transaction is not facilitated by a browser, TLS (Transport Layer Security) – the new name for SSL (so that the IETF could make a “contribution”) – is used underneath most client-server exchanges.

SSH (Secure Shell)

Can you imagine having to telnet to a remote system today? The exposure to attack, password interception, and other potential dangers have made telnet a thing of the distant past, along with rsh (remote shell) and rpc (remote procedure call), among others. The SSH protocol and tool set – and SSHv2 in particular – now dominate this niche.

IPsec

VPN technology allows safe business transactions among branch offices, trusted vendors, road warriors, and telecommuters. IP Security (IPsec) in particular offers more than just seemingly private channels; it encrypts the data flowing over those channels, which multiprotocol label switching (MPLS), asynchronous transfer mode (ATM), and others do not. Aside from being complex and fragile, circuit emulators such as MPLS and ATM are unencrypted and therefore vulnerable to tapping because they are virtual networks, not virtual private networks.

Russ Housley and members of the IESG at the IETF 70 plenary Photo Credit: Peter Lötberg, with permission

Unfortunately, IPsec is only half a win. It is widely deployed in prepackaged and configured VPN devices, and it is usually managed by an ISP, security company, or local guru. It is the last that is the sore spot in IPsec. It requires a guru to configure. This is inexcusable and unnecessary, and until setup and maintenance become a lot easier, IPsec will remain a specialised corner and its promise will be only partially realised.

Pretty Good Privacy (PGP)

PGP allows us to exchange signed and strongly encrypted e-mail whose content cannot be repudiated; in other words, the sender cannot deny sending it. PGP can also be used to encrypt files on one’s hard drive. This free tool is so powerful that the U.S. government tried to suppress its export even harder than the efforts it usually makes. It’s also worth noting that trust in PGP is nonhierarchic (meaning, there is no central authority). PGP entities attest to each other’s identities in a web of trust, as opposed to adhering to a particular hierarchy. Therefore, it is quite decentralised and immune to compromise of root trust anchors.

X.509

X.509 certificates and the public key infrastructure to support them are used in browser authentication. The problem here is that because they are totally hierarchic, they are only as reliable as the Certifying Authority (CA) that issues them; and the commercial CAs that issue certificates have little financial incentive to make the effort to truly validate identity. There have been notable compromises of the X.509 certificate hierarchy. Use of X.509 certificates for attesting to IP address space ownership will be coming into use at the ARIN, APNIC, etc., and ISP levels in 2008.

S/MIME

There is a second, far less used, e-mail signing method that is used to some extent in the corporate world. Its function is similar to that of PGP, but it relies on an X.509 certificate hierarchy.

Summary

There are free, open-source tool kits for all of the tools and protocols described here, all of which are incorporated in browsers and e-mail packages. This is not to say there are no longer security threats on the Internet. Certainly, spam, DDoS, the Estonian DDoS, and the root DNS attack of 7 February 2007 are all very real and serious problems, but thanks to the good folks who gave us the protocols and tools described here and the applications that use them, we can walk safely through a dangerous city. Again, in the same way that we can build a reliable Internet out of unreliable components, we can build secure applications and services that work well in today’s highly insecure environment. This is a big win.]]> 1454 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-loses-participant-and-former-iab-member/ Thu, 27 Dec 2007 15:49:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1456 Jun-ichiro “Itojun” Hagino, pictured at BSDCan in May 2004 Photo Credit: Diane Bruce, with permission

Itojun will also be remembered as a kind and mild-mannered friend to many, a very helpful cross-cultural bridge, and a knowledgeable international foodie. “He seemed to be at his happiest when programming and when sharing a good meal,” said Randy Bush, a friend and colleague. In a brief, joint statement, IETF chair Russ Housley and IAB chair Olaf Kolkman recognised the valuable contributions Itojun had made to the IETF – particularly through his work in IPv6-related working groups. “He inspired many and will be missed,” the statement read.]]> 1456 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-6/ Thu, 27 Dec 2007 15:51:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1458 Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file.

Date: 2007-11-01 – Last Call: draft-ietf-avt-rfc3119bis (A More Loss-Tolerant RTP Payload Format for MP3 Audio) to Proposed Standar / Call: draft-ietf-avt-rfc3119bis (A More Loss-Tolerant RTP Payload Format for MP3 Audio) to Proposed Standard Title: ast Call: draft-ietf-avt-rfc3119bis (A More Loss-Tolerant RTP Payload Format for MP3 Audio) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3119bis-05.txt Date: 2007-11-02 – Approved by the IESG as Experimental RFC Title: EAP-IKEv2 Method URL: http://www.ietf.org/internet-drafts/draft-tschofenig-eap-ikev2-15.txt Date: 2007-11-05 – Approved by the IESG as Proposed Standard Title: Codec Control Messages in the RTP Audio-Visual Profile with Feedback (AVPF) URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-avpf-ccm-10.txt Date: 2007-11-05 – Approved by the IESG as Proposed Standard Title: Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP) URL: http://www.ietf.org/internet-drafts/draft-saintandre-rfc4622bis-01.txt Date: 2007-11-05 – Approved by the IESG as Informational RFC Title: RTP Topologies URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-topologies-06.txt Date: 2007-11-05 – Last Call: draft-arkko-rfc2780-proto-update (IANA Allocation Guidelines for the Protocol Field) to BC / Call: draft-arkko-rfc2780-proto-update (IANA Allocation Guidelines for the Protocol Field) to BCP Title: ast Call: draft-arkko-rfc2780-proto-update (IANA Allocation Guidelines for the Protocol Field) to BCP URL: http://www.ietf.org/internet-drafts/draft-arkko-rfc2780-proto-update-00.txt Date: 2007-11-05 – Approved by the IESG as Informational RFC Title: Overview of the Internet Multicast Routing Architecture URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-routingarch-12.txt Date: 2007-11-06 – REVISED Approved by the IESG as Informational RFC Title: RTP Topologies URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-topologies-07.txt Date: 2007-11-06 – Last Call: draft-goodwin-iso-urn (A Uniform Resource Name (URN) Namespace for the International Organization for Standardization (ISO)) to Informational RF / Call: draft-goodwin-iso-urn (A Uniform Resource Name (URN) Namespace for the International Organization for Standardization (ISO)) to Informational RFC Title: ast Call: draft-goodwin-iso-urn (A Uniform Resource Name (URN) Namespace for the International Organization for Standardization (ISO)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-goodwin-iso-urn-02.txt Date: 2007-11-07 – Last Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RF / Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RFC Title: ast Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-levin-mmusic-xml-media-control-12.txt Date: 2007-11-07 – Last Call: draft-ietf-sipping-toip (Framework for real-time text over IP using the Session Initiation Protocol (SIP)) to Informational RF / Call: draft-ietf-sipping-toip (Framework for real-time text over IP using the Session Initiation Protocol (SIP)) to Informational RFC Title: ast Call: draft-ietf-sipping-toip (Framework for real-time text over IP using the Session Initiation Protocol (SIP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-toip-08.txt Date: 2007-11-08 – Last Call: draft-ietf-sipping-service-examples (Session Initiation Protocol Service Examples) to BC / Call: draft-ietf-sipping-service-examples (Session Initiation Protocol Service Examples) to BCP Title: ast Call: draft-ietf-sipping-service-examples (Session Initiation Protocol Service Examples) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-service-examples-13.txt Date: 2007-11-08 – Last Call: draft-ietf-shim6-proto (Shim6: Level 3 Multihoming Shim Protocol for IPv6) to Proposed Standar / Call: draft-ietf-shim6-proto (Shim6: Level 3 Multihoming Shim Protocol for IPv6) to Proposed Standard Title: ast Call: draft-ietf-shim6-proto (Shim6: Level 3 Multihoming Shim Protocol for IPv6) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-shim6-proto-09.txt Date: 2007-11-09 – Last Call: draft-ietf-enum-cnam (IANA Registration for an Enumservice Calling Name Delivery (CNAM) Information and IANA Registration for URI typ / Call: draft-ietf-enum-cnam (IANA Registration for an Enumservice Calling Name Delivery (CNAM) Information and IANA Registration for URI type ‘pstndata’ URI type ‘pstn’) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-cnam-07.txt Date: 2007-11-09 – Last Call: draft-ietf-msec-ipsec-extensions (Multicast Extensions to the Security Architecture for the Internet Protocol) to Proposed Standar / Call: draft-ietf-msec-ipsec-extensions (Multicast Extensions to the Security Architecture for the Internet Protocol) to Proposed Standard Title: ast Call: draft-ietf-msec-ipsec-extensions (Multicast Extensions to the Security Architecture for the Internet Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-ipsec-extensions-06.txt Date: 2007-11-09 – Last Call: draft-ietf-sieve-notify-xmpp (Sieve Notification Mechanism: xmpp) to Proposed Standar / Call: draft-ietf-sieve-notify-xmpp (Sieve Notification Mechanism: xmpp) to Proposed Standard Title: ast Call: draft-ietf-sieve-notify-xmpp (Sieve Notification Mechanism: xmpp) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-notify-xmpp-06.txt Date: 2007-11-09 – Approved by the IESG as Informational RFC Title: Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-rfc3576bis-13.txt Date: 2007-11-09 – Approved by the IESG as Experimental RFC Title: Experiment in Exploratory Group Formation within the Internet Engineering Task Force (IETF) URL: http://www.ietf.org/internet-drafts/draft-aboba-sg-experiment-04.txt Date: 2007-11-09 – Last Call: draft-ietf-sieve-notify (SIEVE Email Filtering: Notifications) to Proposed Standar / Call: draft-ietf-sieve-notify (SIEVE Email Filtering: Notifications) to Proposed Standard Title: ast Call: draft-ietf-sieve-notify (SIEVE Email Filtering: Notifications) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-notify-10.txt Date: 2007-11-09 – Last Call: draft-ietf-shim6-hba (Hash Based Addresses (HBA)) to Proposed Standar / Call: draft-ietf-shim6-hba (Hash Based Addresses (HBA)) to Proposed Standard Title: ast Call: draft-ietf-shim6-hba (Hash Based Addresses (HBA)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-shim6-hba-04.txt Date: 2007-11-12 – Last Call: draft-sjdcox-cgi-urn (A URN namespace for the Commission for the Management and Application of Geoscience Information (CGI)) to Informational RF / Call: draft-sjdcox-cgi-urn (A URN namespace for the Commission for the Management and Application of Geoscience Information (CGI)) to Informational RFC Title: ast Call: draft-sjdcox-cgi-urn (A URN namespace for the Commission for the Management and Application of Geoscience Information (CGI)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-sjdcox-cgi-urn-00.txt Date: 2007-11-12 – Last Call: draft-evain-ebu-urn (A Uniform Resource Name (URN) Namespace for the European Broadcasting Union (EBU)) to Informational RF / Call: draft-evain-ebu-urn (A Uniform Resource Name (URN) Namespace for the European Broadcasting Union (EBU)) to Informational RFC Title: ast Call: draft-evain-ebu-urn (A Uniform Resource Name (URN) Namespace for the European Broadcasting Union (EBU)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-evain-ebu-urn-01.txt Date: 2007-11-13 – Approved by the IESG as Proposed Standard Title: Telephony Routing over IP (TRIP) Attribute for Resource Priority URL: http://www.ietf.org/internet-drafts/draft-carlberg-trip-attribute-rp-04.txt Date: 2007-11-14 – Last Call: draft-ietf-mip4-vpn-problem-solution (Mobile IPv4 Traversal Across IPsec-based VPN Gateways) to BC / Call: draft-ietf-mip4-vpn-problem-solution (Mobile IPv4 Traversal Across IPsec-based VPN Gateways) to BCP Title: ast Call: draft-ietf-mip4-vpn-problem-solution (Mobile IPv4 Traversal Across IPsec-based VPN Gateways) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-vpn-problem-solution-03.txt Date: 2007-11-14 – Approved by the IESG as Proposed Standard Title: An Interface and Algorithms for Authenticated Encryption URL: http://www.ietf.org/internet-drafts/draft-mcgrew-auth-enc-05.txt Date: 2007-11-15 – Last Call: draft-ietf-ecrit-lost (LoST: A Location-to-Service Translation Protocol) to Proposed Standar / Call: draft-ietf-ecrit-lost (LoST: A Location-to-Service Translation Protocol) to Proposed Standard Title: ast Call: draft-ietf-ecrit-lost (LoST: A Location-to-Service Translation Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-lost-06.txt Date: 2007-11-15 – Last Call: draft-ietf-ecrit-lost (LoST: A Location-to-Service Translation Protocol) to Proposed Standar / Call: draft-ietf-ecrit-lost (LoST: A Location-to-Service Translation Protocol) to Proposed Standard Title: ast Call: draft-ietf-ecrit-lost (LoST: A Location-to-Service Translation Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-lost-06.txt Date: 2007-11-15 – Last Call: draft-ietf-ecrit-dhc-lost-discovery (A Dynamic Host Configuration Protocol (DHCP) based Location-to-Service Translation Protocol (LoST) Discovery Procedure) to Proposed Standar / Call: draft-ietf-ecrit-dhc-lost-discovery (A Dynamic Host Configuration Protocol (DHCP) based Location-to-Service Translation Protocol (LoST) Discovery Procedure) to Proposed Standard Title: ast Call: draft-ietf-ecrit-dhc-lost-discovery (A Dynamic Host Configuration Protocol (DHCP) based Location-to-Service Translation Protocol (LoST) Discovery Procedure) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-dhc-lost-discovery-02.txt Date: 2007-11-15 – / Title: URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-dhc-lost-discovery-02.txt Date: 2007-11-15 – Last Call: draft-ietf-ecrit-mapping-arch (Location-to-URL Mapping Architecture and Framework) to Informational RF / Call: draft-ietf-ecrit-mapping-arch (Location-to-URL Mapping Architecture and Framework) to Informational RFC Title: ast Call: draft-ietf-ecrit-mapping-arch (Location-to-URL Mapping Architecture and Framework) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-mapping-arch-03.txt Date: 2007-11-16 – Last Call: draft-dondeti-oma-sip-sdp-attrs / draft-dondeti-oma-mmusci-sdp-attrs (Session Description Protocol (SDP) Attributes for OMA BCAST Service and Content Protection) to Informational RF / Call: draft-dondeti-oma-sip-sdp-attrs / draft-dondeti-oma-mmusci-sdp-attrs (Session Description Protocol (SDP) Attributes for OMA BCAST Service and Content Protection) to Informational RFC Title: ast Call: draft-dondeti-oma-sip-sdp-attrs / draft-dondeti-oma-mmusci-sdp-attrs (Session Description Protocol (SDP) Attributes for OMA BCAST Service and Content Protection) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-dondeti-oma-sip-sdp-attrs-02.txt Date: 2007-11-19 – Last Call: draft-ietf-mipshop-mis-ps (Mobility Services Transport: Problem Statement) to Informational RF / Call: draft-ietf-mipshop-mis-ps (Mobility Services Transport: Problem Statement) to Informational RFC Title: ast Call: draft-ietf-mipshop-mis-ps (Mobility Services Transport: Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-mis-ps-05.txt Date: 2007-11-19 – Last Call: draft-ietf-16ng-ps-goals (IP over 802.16 Problem Statement and Goals) to Informational RF / Call: draft-ietf-16ng-ps-goals (IP over 802.16 Problem Statement and Goals) to Informational RFC Title: ast Call: draft-ietf-16ng-ps-goals (IP over 802.16 Problem Statement and Goals) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ps-goals-03.txt Date: 2007-11-19 – Last Call: draft-ietf-pkix-2797-bis (Certificate Management Messages over CMS) to Proposed Standar / Call: draft-ietf-pkix-2797-bis (Certificate Management Messages over CMS) to Proposed Standard Title: ast Call: draft-ietf-pkix-2797-bis (Certificate Management Messages over CMS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-trans-06.txt Date: 2007-11-19 – Last Call: draft-ietf-dnsext-2929bis (Domain Name System (DNS) IANA Considerations) to BC / Call: draft-ietf-dnsext-2929bis (Domain Name System (DNS) IANA Considerations) to BCP Title: ast Call: draft-ietf-dnsext-2929bis (Domain Name System (DNS) IANA Considerations) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-2929bis-06.txt Date: 2007-11-19 – Approved by the IESG as Informational RFC Title: Network Discovery and Selection Problem URL: http://www.ietf.org/internet-drafts/draft-ietf-eap-netsel-problem-09.txt Date: 2007-11-19 – Last Call: draft-ietf-sip-multiple-refer (Referring to Multiple Resources in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-multiple-refer (Referring to Multiple Resources in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-multiple-refer (Referring to Multiple Resources in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-consent-framework-03.txt Date: 2007-11-19 – Approved by the IESG as Informational RFC Title: A Uniform Resource Name Namespace For The EPCglobal Electronic Product Code (EPC) and Related Standards URL: http://www.ietf.org/internet-drafts/draft-mealling-epc-urn-02.txt Date: 2007-11-19 – Approved by the IESG as Informational RFC Title: CMS Advanced Electronic Signatures (CAdES) URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cades-07.txt Date: 2007-11-19 – Approved by the IESG as Proposed Standard Title: DHCP Server Identifier Override Suboption URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-server-override-05.txt Date: 2007-11-19 – Approved by the IESG as Informational RFC Title: Session Initiation Protocol (SIP) Torture Test Messages for Internet Protocol Version 6 (IPv6) URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-ipv6-torture-tests-04.txt Date: 2007-11-19 – Approved by the IESG as Informational RFC Title: Additional Diffie-Hellman Groups for use with IETF Standards URL: http://www.ietf.org/internet-drafts/draft-lepinski-dh-groups-03.txt Date: 2007-11-19 – Approved by the IESG as Proposed Standard Title: The Presence-Specific Static Dictionary for Signaling Compression (Sigcomp) URL: http://www.ietf.org/internet-drafts/draft-garcia-simple-presence-dictionary-06.txt Date: 2007-11-19 – Approved by the IESG as Proposed Standard Title: Distributing a Symmetric FMIPv6 Handover Key using SEND URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-handover-key-03.txt Date: 2007-11-19 – Approved by the IESG as Proposed Standard Title: M-ISIS: Multi Topology (MT) Routing in IS-IS URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-wg-multi-topology-12.txt Date: 2007-11-19 – Approved by the IESG as Proposed Standard Title: TEI Query Request Number Change URL: http://www.ietf.org/internet-drafts/draft-ietf-sigtran-rfc4233update-02.txt Date: 2007-11-20 – Approved by the IESG as BCP Title: IP Multicast Requirements for a Network Address (and port) Translator (NAT) URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-multicast-12.txt Date: 2007-11-20 – Approved by the IESG as Proposed Standard Title: IANA Allocations for MANET Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-manet-iana-07.txt Date: 2007-11-20 – Approved by the IESG as Proposed Standard Title: Explicit Congestion Marking in MPLS URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-ecn-mpls-02.txt Date: 2007-11-20 – Approved by the IESG as Proposed Standard Title: A Per-domain path computation method for establishing Inter-domain Traffic Engineering (TE) Label Switched Paths (LSPs) URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-inter-domain-pd-path-comp-06.txt Date: 2007-11-26 – Approved by the IESG as Proposed Standard Title: Transmission of IPv6 via the IPv6 CS over IEEE 802.16 Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv6-over-ipv6cs-11.txt Date: 2007-11-26 – Approved by the IESG as Informational RFC Title: Aggregation of DiffServ Service Classes URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-diffserv-class-aggr-07.txt Date: 2007-11-26 – Approved by the IESG as Proposed Standard Title: Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF) URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-profile-savpf-12.txt Date: 2007-11-26 – Approved by the IESG as Informational RFC Title: State of Peer-to-Peer(P2P) Communication Across Network Address Translators(NATs) URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-p2p-state-06.txt Date: 2007-11-26 – Approved by the IESG as Informational RFC Title: Reclassification of RFC 3525 to Historic URL: http://www.ietf.org/internet-drafts/draft-taylor-megaco-obsol3525-01.txt Date: 2007-11-26 – Approved by the IESG as Proposed Standard Title: A Telephony Gateway REgistration Protocol (TGREP) URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-tgrep-09.txt Date: 2007-11-26 – Approved by the IESG as Proposed Standard Title: URI Fragment Identifiers for the text/plain Media Type URL: http://www.ietf.org/internet-drafts/draft-wilde-text-fragment-09.txt Date: 2007-11-26 – Last Call: draft-klensin-rfc2821bis (Simple Mail Transfer Protocol) to Draft Standar / Call: draft-klensin-rfc2821bis (Simple Mail Transfer Protocol) to Draft Standard Title: ast Call: draft-klensin-rfc2821bis (Simple Mail Transfer Protocol) to Draft Standard URL: http://www.ietf.org/internet-drafts/draft-klensin-rfc2821bis-06.txt Date: 2007-11-28 – Approved by the IESG as Informational RFC Title: Defining Network Capacity URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-bw-capacity-05.txt Date: 2007-11-28 – Approved by the IESG as Proposed Standard Title: A Policy Control Mechanism in IS-IS Using Administrative Tags URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-admin-tags-04.txt Date: 2007-11-29 – Last Call: draft-ietf-sipping-consent-format (A Document Format for Requesting Consent) to Proposed Standar / Call: draft-ietf-sipping-consent-format (A Document Format for Requesting Consent) to Proposed Standard Title: ast Call: draft-ietf-sipping-consent-format (A Document Format for Requesting Consent) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-consent-format-05.txt Date: 2007-11-29 – Last Call: draft-ietf-sipping-capacity-attribute (Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists) to Proposed Standar / Call: draft-ietf-sipping-capacity-attribute (Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists) to Proposed Standard Title: ast Call: draft-ietf-sipping-capacity-attribute (Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-capacity-attribute-05.txt Date: 2007-11-29 – Last Call: draft-ietf-sipping-uri-services (Framework and Security Considerations for Session Initiation Protocol (SIP) Uniform Resource Identifier (URI)-List Services) to Proposed Standar / Call: draft-ietf-sipping-uri-services (Framework and Security Considerations for Session Initiation Protocol (SIP) Uniform Resource Identifier (URI)-List Services) to Proposed Standard Title: ast Call: draft-ietf-sipping-uri-services (Framework and Security Considerations for Session Initiation Protocol (SIP) Uniform Resource Identifier (URI)-List Services) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-uri-services-07.txt Date: 2007-11-29 – Last Call: draft-ietf-sipping-pending-additions (The Session Initiation Protocol (SIP) Pending Additions Event Package) to Proposed Standar / Call: draft-ietf-sipping-pending-additions (The Session Initiation Protocol (SIP) Pending Additions Event Package) to Proposed Standard Title: ast Call: draft-ietf-sipping-pending-additions (The Session Initiation Protocol (SIP) Pending Additions Event Package) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-pending-additions-03.txt Date: 2007-11-30 – Last Call: draft-ietf-pkix-rfc3280bis (Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) to Proposed Standar / Call: draft-ietf-pkix-rfc3280bis (Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) to Proposed Standard Title: ast Call: draft-ietf-pkix-rfc3280bis (Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-09.txt Date: 2007-12-03 – Last Call: draft-ietf-ipdvb-ule-ext (Extension Formats for Unidirectional Lightweight Encapsulation (ULE) and the Generic Stream Encapsulation (GSE)) to Proposed Standar / Call: draft-ietf-ipdvb-ule-ext (Extension Formats for Unidirectional Lightweight Encapsulation (ULE) and the Generic Stream Encapsulation (GSE)) to Proposed Standard Title: ast Call: draft-ietf-ipdvb-ule-ext (Extension Formats for Unidirectional Lightweight Encapsulation (ULE) and the Generic Stream Encapsulation (GSE)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipdvb-ule-ext-06.txt Date: 2007-12-03 – Approved by the IESG as Proposed Standard Title: A Domain Availability Check (DCHK) Registry Type for the Internet Registry Information Service (IRIS) URL: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-dchk-09.txt Date: 2007-12-04 – Last Call: draft-shimaoka-multidomain-pki (Memorandum for multi-domain Public Key Infrastructure Interoperability) to Informational RF / Call: draft-shimaoka-multidomain-pki (Memorandum for multi-domain Public Key Infrastructure Interoperability) to Informational RFC Title: ast Call: draft-shimaoka-multidomain-pki (Memorandum for multi-domain Public Key Infrastructure Interoperability) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-shimaoka-multidomain-pki-11.txt Date: 2007-12-05 – Approved by the IESG as Proposed Standard Title: Mobility Header Home Agent Switch Message URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-ha-switch-06.txt Date: 2007-12-05 – Approved by the IESG as Experimental RFC Title: Host Identity Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-base-10.txt Date: 2007-12-10 – Last Call: draft-ietf-nea-requirements (Network Endpoint Assessment (NEA): Overview and Requirements) to Informational RF / Call: draft-ietf-nea-requirements (Network Endpoint Assessment (NEA): Overview and Requirements) to Informational RFC Title: ast Call: draft-ietf-nea-requirements (Network Endpoint Assessment (NEA): Overview and Requirements) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-05.txt Date: 2007-12-10 – Approved by the IESG as Informational RFC Title: Jitter considerations in Mobile Ad Hoc Networks (MANETs) URL: http://www.ietf.org/internet-drafts/draft-ietf-manet-jitter-04.txt Date: 2007-12-11 – Approved by the IESG as Proposed Standard Title: Reed-Solomon Forward Error Correction (FEC) Schemes URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-bb-fec-rs-05.txt Date: 2007-12-14 – Re: Historic to be: draft-malis-sonet-ces-mpls-09.tx / istoric to be: draft-malis-sonet-ces-mpls-09.txt Title: e: Historic to be: draft-malis-sonet-ces-mpls-09.txt URL: http://www.ietf.org/internet-drafts/draft-malis-sonet-ces-mpls-09.txt Date: 2007-12-15 – Last Call: draft-melnikov-imap-search-res (IMAP extension for referencing the last SEARCH result) to Proposed Standar / Call: draft-melnikov-imap-search-res (IMAP extension for referencing the last SEARCH result) to Proposed Standard Title: ast Call: draft-melnikov-imap-search-res (IMAP extension for referencing the last SEARCH result) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-search-res-06.txt Date: 2007-12-17 – Approved by the IESG as Proposed Standard Title: DNSSEC Hashed Authenticated Denial of Existence URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-nsec3-13.txt Date: 2007-12-18 – Last Call: draft-ietf-ippm-storetraceroutes (Information Model and XML Data Model for Traceroute Measurements) to Proposed Standar / Call: draft-ietf-ippm-storetraceroutes (Information Model and XML Data Model for Traceroute Measurements) to Proposed Standard Title: ast Call: draft-ietf-ippm-storetraceroutes (Information Model and XML Data Model for Traceroute Measurements) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-storetraceroutes-07.txt Date: 2007-12-18 – Approved by the IESG as Proposed Standard Title: A More Loss-Tolerant RTP Payload Format for MP3 Audio URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3119bis-05.txt Date: 2007-12-19 – UPDATED Last Call: draft-ietf-ippm-storetraceroutes (Information Model and XML Data Model for Traceroute Measurements) to Proposed Standar / ED Last Call: draft-ietf-ippm-storetraceroutes (Information Model and XML Data Model for Traceroute Measurements) to Proposed Standard Title: PDATED Last Call: draft-ietf-ippm-storetraceroutes (Information Model and XML Data Model for Traceroute Measurements) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-storetraceroutes-07.txt Date: 2007-12-19 – Last Call: draft-gulbrandsen-imap-enable (The IMAP ENABLE Extension) to Proposed Standar / Call: draft-gulbrandsen-imap-enable (The IMAP ENABLE Extension) to Proposed Standard Title: ast Call: draft-gulbrandsen-imap-enable (The IMAP ENABLE Extension) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-gulbrandsen-imap-enable-05.txt Date: 2007-12-19 – Approved by the IESG as BCP Title: ASCII Escaping of Unicode Characters URL: http://www.ietf.org/internet-drafts/draft-klensin-unicode-escapes-07.txt Date: 2007-12-21 – Last Call: draft-ietf-btns-prob-and-applic (Problem and Applicability Statement for Better Than Nothing Security (BTNS)) to Informational RF / Call: draft-ietf-btns-prob-and-applic (Problem and Applicability Statement for Better Than Nothing Security (BTNS)) to Informational RFC Title: ast Call: draft-ietf-btns-prob-and-applic (Problem and Applicability Statement for Better Than Nothing Security (BTNS)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-btns-prob-and-applic-06.txt Date: 2007-12-21 – Last Call: draft-ietf-btns-prob-and-applic (Problem and Applicability Statement for Better Than Nothing Security (BTNS)) to Informational RF / Call: draft-ietf-btns-prob-and-applic (Problem and Applicability Statement for Better Than Nothing Security (BTNS)) to Informational RFC Title: ast Call: draft-ietf-btns-prob-and-applic (Problem and Applicability Statement for Better Than Nothing Security (BTNS)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-btns-prob-and-applic-06.txt Date: 2007-12-21 – Last Call: draft-ietf-btns-core (Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec) to Proposed Standar / Call: draft-ietf-btns-core (Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec) to Proposed Standard Title: ast Call: draft-ietf-btns-core (Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-btns-core-05.txt Date: 2007-12-21 – Last Call: draft-ietf-btns-core (Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec) to Proposed Standar / Call: draft-ietf-btns-core (Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec) to Proposed Standard Title: ast Call: draft-ietf-btns-core (Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-btns-core-05.txt Date: 2008-01-02 – Last Call: draft-ietf-manet-packetbb (Generalized MANET Packet/Message Format) to Proposed Standar / Call: draft-ietf-manet-packetbb (Generalized MANET Packet/Message Format) to Proposed Standard Title: ast Call: draft-ietf-manet-packetbb (Generalized MANET Packet/Message Format) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-manet-packetbb-11.txt Date: 2008-01-02 – Last Call: draft-daboo-imap-annotatemore (IMAP METADATA Extension) to Proposed Standar / Call: draft-daboo-imap-annotatemore (IMAP METADATA Extension) to Proposed Standard Title: ast Call: draft-daboo-imap-annotatemore (IMAP METADATA Extension) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-daboo-imap-annotatemore-12.txt Date: 2008-01-02 – Last Call: draft-narten-successful-bof (Considerations for Having a Successful BOF) to Informational RF / Call: draft-narten-successful-bof (Considerations for Having a Successful BOF) to Informational RFC Title: ast Call: draft-narten-successful-bof (Considerations for Having a Successful BOF) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-narten-successful-bof-03.txt Date: 2008-01-02 – Last Call: draft-daboo-imap-annotatemore (IMAP METADATA Extension) to Proposed Standar / Call: draft-daboo-imap-annotatemore (IMAP METADATA Extension) to Proposed Standard Title: ast Call: draft-daboo-imap-annotatemore (IMAP METADATA Extension) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-daboo-imap-annotatemore-12.txt Date: 2008-01-02 – Last Call: draft-narten-successful-bof (Considerations for Having a Successful BOF) to Informational RF / Call: draft-narten-successful-bof (Considerations for Having a Successful BOF) to Informational RFC Title: ast Call: draft-narten-successful-bof (Considerations for Having a Successful BOF) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-narten-successful-bof-03.txt Date: 2008-01-02 – Last Call: draft-eastlake-ethernet-iana-considerations (IANA Ethernet Considerations) to BC / Call: draft-eastlake-ethernet-iana-considerations (IANA Ethernet Considerations) to BCP Title: ast Call: draft-eastlake-ethernet-iana-considerations (IANA Ethernet Considerations) to BCP URL: http://www.ietf.org/internet-drafts/draft-eastlake-ethernet-iana-considerations-05.txt Date: 2008-01-02 – Approved by the IESG as Proposed Standard Title: RTP payload format for Enhanced Variable Rate Wideband Codec (EVRC-WB) and media subtype updates for EVRC-B codec URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-evrc-wb-09.txt Date: 2008-01-02 – Approved by the IESG as Proposed Standard Title: Revised Civic Location Format for PIDF-LO URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-revised-civic-lo-07.txt Date: 2008-01-02 – Approved by the IESG as Informational RFC Title: Session Initiation Protocol (SIP) Session Mobility URL: http://www.ietf.org/internet-drafts/draft-shacham-sipping-session-mobility-05.txt Date: 2008-01-02 – Approved by the IESG as Informational RFC Title: Mobility Services Transport: Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-mis-ps-05.txt Date: 2008-01-02 – Approved by the IESG as Informational RFC Title: Service Selection for Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-korhonen-mip6-service-06.txt Date: 2008-01-02 – Last Call: draft-ietf-sipping-sbc-funcs (Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments) to Informational RF / Call: draft-ietf-sipping-sbc-funcs (Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments) to Informational RFC Title: ast Call: draft-ietf-sipping-sbc-funcs (Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-sbc-funcs-04.txt Date: 2008-01-02 – Approved by the IESG as Informational RFC Title: A URN namespace for the Commission for the Management and Application of Geoscience Information (CGI) URL: http://www.ietf.org/internet-drafts/draft-sjdcox-cgi-urn-00.txt Date: 2008-01-02 – Approved by the IESG as Informational RFC Title: A Uniform Resource Name (URN) Namespace for the International Organization for Standardization (ISO) URL: http://www.ietf.org/internet-drafts/draft-goodwin-iso-urn-03.txt Date: 2008-01-02 – Last Call: draft-ietf-manet-timetlv (Representing multi-value time in MANETs) to Proposed Standar / Call: draft-ietf-manet-timetlv (Representing multi-value time in MANETs) to Proposed Standard Title: ast Call: draft-ietf-manet-timetlv (Representing multi-value time in MANETs) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-manet-timetlv-04.txt Date: 2008-01-03 – Re: Informational RFC to be: draft-templin-rfc4214bis-05.tx / nformational RFC to be: draft-templin-rfc4214bis-05.txt Title: e: Informational RFC to be: draft-templin-rfc4214bis-05.txt URL: http://www.ietf.org/internet-drafts/draft-templin-rfc4214bis-05.txt Date: 2008-01-03 – Last Call: draft-brenner-dime-peem (Diameter Policy Processing Application) to Informational RF / Call: draft-brenner-dime-peem (Diameter Policy Processing Application) to Informational RFC Title: ast Call: draft-brenner-dime-peem (Diameter Policy Processing Application) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-brenner-dime-peem-01.txt Date: 2008-01-07 – REVISED Last Call: draft-brenner-dime-peem (Diameter Policy Processing Application) to Informational RF / ED Last Call: draft-brenner-dime-peem (Diameter Policy Processing Application) to Informational RFC Title: EVISED Last Call: draft-brenner-dime-peem (Diameter Policy Processing Application) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-brenner-dime-peem-01.txt Date: 2008-01-07 – Last Call: draft-klensin-net-utf8 (Unicode Format for Network Interchange) to Proposed Standar / Call: draft-klensin-net-utf8 (Unicode Format for Network Interchange) to Proposed Standard Title: ast Call: draft-klensin-net-utf8 (Unicode Format for Network Interchange) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-klensin-net-utf8-07.txt Date: 2008-01-07 – Last Call: draft-vanelburg-sipping-served-user (The Session Initiation Protocol (SIP) P-Served-User Private-Header (P-Header)) to Informational RF / Call: draft-vanelburg-sipping-served-user (The Session Initiation Protocol (SIP) P-Served-User Private-Header (P-Header)) to Informational RFC Title: ast Call: draft-vanelburg-sipping-served-user (The Session Initiation Protocol (SIP) P-Served-User Private-Header (P-Header)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-vanelburg-sipping-served-user-04.txt Date: 2008-01-08 – Approved by the IESG as Proposed Standard Title: Definitions of Managed Objects for Middlebox Communication URL: http://www.ietf.org/internet-drafts/draft-ietf-midcom-mib-11.txt Date: 2008-01-08 – Approved by the IESG as Proposed Standard Title: Middlebox Communications (MIDCOM) Protocol Semantics URL: http://www.ietf.org/internet-drafts/draft-ietf-midcom-rfc3989-bis-02.txt Date: 2008-01-08 – Approved by the IESG as Proposed Standard Title: Definitions of Managed Objects for Middlebox Communication URL: http://www.ietf.org/internet-drafts/draft-ietf-midcom-mib-11.txt Date: 2008-01-10 – Last Call: draft-cridland-imap-context (Contexts for IMAP4) to Proposed Standar / Call: draft-cridland-imap-context (Contexts for IMAP4) to Proposed Standard Title: ast Call: draft-cridland-imap-context (Contexts for IMAP4) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-cridland-imap-context-03.txt Date: 2008-01-11 – Approved by the IESG as Proposed Standard Title: Hash Based Addresses (HBA) URL: http://www.ietf.org/internet-drafts/draft-ietf-shim6-hba-05.txt Date: 2008-01-14 – Last Call: draft-ietf-ipcdn-pktc-eventmess (Management Event Management Information Base (MIB) for PacketCable- and IPCablecom-Compliant Devices) to Proposed Standar / Call: draft-ietf-ipcdn-pktc-eventmess (Management Event Management Information Base (MIB) for PacketCable- and IPCablecom-Compliant Devices) to Proposed Standard Title: ast Call: draft-ietf-ipcdn-pktc-eventmess (Management Event Management Information Base (MIB) for PacketCable- and IPCablecom-Compliant Devices) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipcdn-pktc-eventmess-12.txt Date: 2008-01-14 – Approved by the IESG as Informational RFC Title: Framework for MPLS-TE to GMPLS migration URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-mpls-gmpls-interwork-fmwk-05.txt Date: 2008-01-14 – Approved by the IESG as BCP Title: IANA Allocation Guidelines for the Protocol Field URL: http://www.ietf.org/internet-drafts/draft-arkko-rfc2780-proto-update-02.txt Date: 2008-01-15 – Last Call: draft-ietf-mediactrl-requirements (Media Server Control Protocol Requirements) to Informational RF / Call: draft-ietf-mediactrl-requirements (Media Server Control Protocol Requirements) to Informational RFC Title: ast Call: draft-ietf-mediactrl-requirements (Media Server Control Protocol Requirements) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mediactrl-requirements-03.txt Date: 2008-01-15 – Last Call: draft-ietf-simple-imdn (Instant Message Disposition Notification) to Proposed Standar / Call: draft-ietf-simple-imdn (Instant Message Disposition Notification) to Proposed Standard Title: ast Call: draft-ietf-simple-imdn (Instant Message Disposition Notification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-imdn-06.txt Date: 2008-01-15 – Last Call: draft-ietf-speermint-consolidated-presence-im-usecases (Presence & Instant Messaging Peering Use Cases) to Informational RF / Call: draft-ietf-speermint-consolidated-presence-im-usecases (Presence & Instant Messaging Peering Use Cases) to Informational RFC Title: ast Call: draft-ietf-speermint-consolidated-presence-im-usecases (Presence & Instant Messaging Peering Use Cases) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-speermint-consolidated-presence-im-usecases-03.txt Date: 2008-01-15 – Last Call: draft-ietf-netconf-notification (NETCONF Event Notifications) to Proposed Standar / Call: draft-ietf-netconf-notification (NETCONF Event Notifications) to Proposed Standard Title: ast Call: draft-ietf-netconf-notification (NETCONF Event Notifications) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-notification-11.txt Date: 2008-01-15 – Last Call: draft-iijima-netconf-soap-implementation (Experience of implementing NETCONF over SOAP) to Informational RF / Call: draft-iijima-netconf-soap-implementation (Experience of implementing NETCONF over SOAP) to Informational RFC Title: ast Call: draft-iijima-netconf-soap-implementation (Experience of implementing NETCONF over SOAP) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-iijima-netconf-soap-implementation-05.txt Date: 2008-01-15 – Last Call: draft-ietf-imapext-i18n (Internet Message Access Protocol Internationalization) to Proposed Standar / Call: draft-ietf-imapext-i18n (Internet Message Access Protocol Internationalization) to Proposed Standard Title: ast Call: draft-ietf-imapext-i18n (Internet Message Access Protocol Internationalization) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-imapext-i18n-14.txt Date: 2008-01-15 – Last Call: draft-ietf-enum-experiences (ENUM Implementation Issues and Experiences) to Informational RF / Call: draft-ietf-enum-experiences (ENUM Implementation Issues and Experiences) to Informational RFC Title: ast Call: draft-ietf-enum-experiences (ENUM Implementation Issues and Experiences) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-experiences-08.txt Date: 2008-01-17 – Approved by the IESG as Informational RFC Title: IPFIX Implementation Guidelines URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-implementation-guidelines-08.txt Date: 2008-01-17 – Approved by the IESG as Informational RFC Title: IPFIX Implementation Guidelines URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-implementation-guidelines-08.txt Date: 2008-01-17 – Approved by the IESG as Informational RFC Title: Interworking Requirements to Support operation of MPLS-TE over GMPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-mpls-gmpls-interwork-reqts-04.txt Date: 2008-01-21 – Last Call: draft-ietf-mip6-bootstrapping-integrated-dhc (MIP6-bootstrapping for the Integrated Scenario) to Proposed Standar / Call: draft-ietf-mip6-bootstrapping-integrated-dhc (MIP6-bootstrapping for the Integrated Scenario) to Proposed Standard Title: ast Call: draft-ietf-mip6-bootstrapping-integrated-dhc (MIP6-bootstrapping for the Integrated Scenario) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-bootstrapping-integrated-dhc-05.txt Date: 2008-01-21 – Last Call: draft-carpenter-rfc2026-changes (Changes to the Internet Standards Process defined by RFC 2026) to BC / Call: draft-carpenter-rfc2026-changes (Changes to the Internet Standards Process defined by RFC 2026) to BCP Title: ast Call: draft-carpenter-rfc2026-changes (Changes to the Internet Standards Process defined by RFC 2026) to BCP URL: http://www.ietf.org/internet-drafts/draft-carpenter-rfc2026-changes-02.txt Date: 2008-01-21 – Last Call: draft-ietf-mip6-hiopt (DHCP Option for Home Information Discovery in MIPv6) to Proposed Standar / Call: draft-ietf-mip6-hiopt (DHCP Option for Home Information Discovery in MIPv6) to Proposed Standard Title: ast Call: draft-ietf-mip6-hiopt (DHCP Option for Home Information Discovery in MIPv6) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-hiopt-10.txt Date: 2008-01-21 – Approved by the IESG as Informational RFC Title: IP over 802.16 Problem Statement and Goals URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ps-goals-04.txt Date: 2008-01-21 – Last Call: draft-ietf-mip4-nemo-v4-base (Network Mobility (NEMO) Extensions for Mobile IPv4) to Proposed Standar / Call: draft-ietf-mip4-nemo-v4-base (Network Mobility (NEMO) Extensions for Mobile IPv4) to Proposed Standard Title: ast Call: draft-ietf-mip4-nemo-v4-base (Network Mobility (NEMO) Extensions for Mobile IPv4) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-nemo-v4-base-07.txt Date: 2008-01-22 – Approved by the IESG as Informational RFC Title: IPv6 Implications for Network Scanning URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-scanning-implications-04.txt Date: 2008-01-22 – Last Call: draft-ietf-ipv6-compression-nego-v2 (Negotiation for IPv6 datagram compression using IPv6 Control Protocol) to Proposed Standar / Call: draft-ietf-ipv6-compression-nego-v2 (Negotiation for IPv6 datagram compression using IPv6 Control Protocol) to Proposed Standard Title: ast Call: draft-ietf-ipv6-compression-nego-v2 (Negotiation for IPv6 datagram compression using IPv6 Control Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-compression-nego-v2-01.txt Date: 2008-01-22 – Approved by the IESG as Informational RFC Title: 6to4 Reverse DNS Delegation Specification URL: http://www.ietf.org/internet-drafts/draft-huston-6to4-reverse-dns-07.txt Date: 2008-01-22 – Approved by the IESG as Informational RFC Title: Special-Use IPv6 Addresses URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-rfc3330-for-ipv6-04.txt Date: 2008-01-24 – Last Call: draft-ietf-hokey-erx (EAP Extensions for EAP Re-authentication Protocol (ERP)) to Proposed Standar / Call: draft-ietf-hokey-erx (EAP Extensions for EAP Re-authentication Protocol (ERP)) to Proposed Standard Title: ast Call: draft-ietf-hokey-erx (EAP Extensions for EAP Re-authentication Protocol (ERP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-hokey-erx-08.txt Date: 2008-01-24 – Last Call: draft-ietf-hokey-reauth-ps (Handover Key Management and Re-authentication Problem Statement) to Informational RF / Call: draft-ietf-hokey-reauth-ps (Handover Key Management and Re-authentication Problem Statement) to Informational RFC Title: ast Call: draft-ietf-hokey-reauth-ps (Handover Key Management and Re-authentication Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-07.txt Date: 2008-01-28 – Approved by the IESG as Informational RFC Title: Session Description Protocol (SDP) Attributes for OMA BCAST Service and Content Protection URL: http://www.ietf.org/internet-drafts/draft-dondeti-oma-mmusic-sdp-attrs-00.txt Date: 2008-01-28 – Approved by the IESG as Proposed Standard Title: The IMAP ENABLE Extension URL: http://www.ietf.org/internet-drafts/draft-gulbrandsen-imap-enable-05.txt Date: 2008-01-28 – Re: Informational RFC to be: draft-levis-provider-qos-agreement-04.tx / nformational RFC to be: draft-levis-provider-qos-agreement-04.txt Title: e: Informational RFC to be: draft-levis-provider-qos-agreement-04.txt URL: http://www.ietf.org/internet-drafts/draft-levis-provider-qos-agreement-04.txt Date: 2008-01-29 – Approved by the IESG as Proposed Standard Title: The EAP TLS Authentication Protocol URL: http://www.ietf.org/internet-drafts/draft-simon-emu-rfc2716bis-13.txt Date: 2008-01-29 – Approved by the IESG as Proposed Standard Title: SIEVE Email Filtering: Extension for Notifications URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-notify-12.txt Date: 2008-01-29 – Last Call: draft-ietf-msec-mikey-applicability (On the applicability of various MIKEY modes and extensions) to Informational RF / Call: draft-ietf-msec-mikey-applicability (On the applicability of various MIKEY modes and extensions) to Informational RFC Title: ast Call: draft-ietf-msec-mikey-applicability (On the applicability of various MIKEY modes and extensions) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-mikey-applicability-07.txt Date: 2008-01-30 – Last Call: draft-ietf-mipshop-fh80216e (Mobile IPv6 Fast Handovers over IEEE 802.16e Networks) to Informational RF / Call: draft-ietf-mipshop-fh80216e (Mobile IPv6 Fast Handovers over IEEE 802.16e Networks) to Informational RFC Title: ast Call: draft-ietf-mipshop-fh80216e (Mobile IPv6 Fast Handovers over IEEE 802.16e Networks) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-fh80216e-06.txt Date: 2008-01-30 – Last Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Proposed Standar / Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Proposed Standard Title: ast Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-02.txt Date: 2008-01-30 – Last Call: draft-ietf-mipshop-fh80216e (Mobile IPv6 Fast Handovers over IEEE 802.16e Networks) to Informational RF / Call: draft-ietf-mipshop-fh80216e (Mobile IPv6 Fast Handovers over IEEE 802.16e Networks) to Informational RFC Title: ast Call: draft-ietf-mipshop-fh80216e (Mobile IPv6 Fast Handovers over IEEE 802.16e Networks) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-fh80216e-06.txt Date: 2008-01-30 – Last Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Proposed Standar / Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Proposed Standard Title: ast Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-02.txt Date: 2008-01-30 – Last Call: draft-moriarty-post-inch-rid-soap (IODEF/RID over SOAP) to Proposed Standar / Call: draft-moriarty-post-inch-rid-soap (IODEF/RID over SOAP) to Proposed Standard Title: ast Call: draft-moriarty-post-inch-rid-soap (IODEF/RID over SOAP) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-soap-02.txt]]> 1458 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-70-facts-and-figures/ Thu, 27 Dec 2007 15:53:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1460 RFC Editor Actions (March-June 2007) 138 RFCs published of which

• 76 standards tracks
• 4 BCP

IANA Actions (Jul-Oct 2007)

Processed ~1,600 IETF-related requests of which:

• 844 Private Enterprise Numbers
• 93 Port Numbers
• 126 TRIP ITAD Numbers
• 24 media-type requests

]]> 1460 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/focus-on-ipv6-at-ietf-72/ Tue, 07 Oct 2008 15:28:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=925 Citywest Hotel Convention Center near Dublin, site of IETF 72 IPv6 was, once again, a hot topic, most notably during the Wednesday plenary, for which the Internet Architecture Board organized a panel to discuss IPv6. Panelists consisted of a number of IPv6 operators and experts, each of whom described their experiences deploying IPv6 within their networks and organizations. Read more about the panel discussion… In this issue, Shane Kerr takes a look at the IETF response to the DNS vulnerability that was discovered by Dan Kaminsky and that is often referred to as the Kaminsky Attack – Read more…. While the discussions within the IETF took place primarily within working groups, Shane offers a good look at the history of DNS security and a brief review of recent DNS security work as well as a compilation of IETF responses. Stepping outside the usual technical discussions, the IETF Journal sat down with IETF lawyer Jorge Contreras, who discussed his work with the IETF and, in particular, the latest developments in the field of intellectual property rights. Read the interview with Jorge. Once again, the IETF meeting played host to a number of engineers from various parts of the developing world. Their participation at IETF 72 was made possible through generous support by the Internet Society as part of its Fellowship to the IETF programme. This was also the first time that some of the earlier fellows returned to attend their second IETF meeting. See more about the fellows and their experiences. Thank you to the contributors to this issue. We wish everyone fun reading. And as always, we welcome both your comments and your contributions for future issues. This article was posted on 7 November 2008 .]]> 925 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meetings-related-to-peer-to-peer-and-bandwidth-management/ Tue, 07 Oct 2008 15:29:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=927 RAI Peer-to-Peer Infrastructure Workshop The one-day workshop began with a discussion that was designed to frame the issue and that included both the Internet service provider (ISP) and peer-to-peer (P2P) service operator viewpoints, as well as input with regard to additional scoping. Jason Livingood and Rich Woundy provided some technical perspective from their vantage point at Comcast, the cable service provider. Participants learned that Internet service providers are observing enough P2P application traffic in their networks to impact customers’ delay-sensitive applications and services, such as VoIP. The unacceptable customer experience occurs when one or more of a subscriber’s delay-sensitive applications are noticeably degraded in performance because other subscribers’ P2P applications are consuming all available bandwidth-that is, in excess of network planners’ expectations. While the ideal solution might be to ramp up the bandwidth for each customer, there are both technical and business reasons that such a solution is not generally feasible. For one, some P2P systems literally know no bounds, thereby making aggressive use of all available bandwidth. Jason and Rich’s goals for a better future include the following:

• Optimize to provide the best possible network experience for the broadest set of customers, which means minimizing or eliminating cross-customer service quality impacts.
• Enable continued Internet evolution in a manner that avoids a game of cat and mouse-that is, detection and mitigation of specific protocols.

On the other side of the issue were Stanislav Shalunov and Eric Klinker of BitTorrent, who offered the P2P perspective. After walking through some of the complexities they face in order to deliver the reliable and quick file sharing for which BitTorrent is known, they said there is a point where P2P and network operations sometimes run at odds with each other. When attempting to locate sources of file chunks, P2P networks look for the least common chunks, and they figure out where to get them. These are the less available chunks of what you’re downloading. However, from a network perspective, the location of these chunks may not be the most desirable. Stanislav and Eric observed that efficient choosing of peers could reduce transit traffic by more than 50 percent. The afternoon presentations showcased proposals for moving forward. Some of the proposals focused on P2P technologies and oracles, such as P4P: Provider Portal for (P2P) Applications, by Haiyong Xie and Laird Popkin; Traffic Localization, by Yu-Shun Wang; and ISP-Aided Neighbour Selection in P2P Systems, by Vinay Aggarwal. Others focused on network and bandwidth management approaches, such as Bob Briscoe’s Solving This Traffic Management Problem . . . and the Next, and the Next, which can be found here. The end of the day brought no immediate conclusions for IETF action items, but it did increase awareness and set the stage for BoF sessions to be held two months later at IETF 72.

ALTO BoF

The RAI area held the Application-Layer Traffic Optimization (ALTO) BoF in Dublin at IETF 72. Chaired by Enrico Marocco and Vijay K. Gurbani, the discussion focused on (1) possible approaches to exposing certain aspects of network topology to applications and (2) how P2P technologies might be enhanced to take advantage of that information. According to draft-marocco-alto-problem-statement-02.txt, “Many of the existing overlay networks are built on top of connections between peers that are established regardless of the underlying network topology. In addition to simply achieving suboptimal performance, such networks can lead to congestions and cause serious inefficiencies. . . . [T]raffic generated by popular P2P applications often crosses network boundaries multiple times, overloading links which are frequently subject to congestion.” Both the presentations and the discussion at the meeting focused on issues surrounding caching and peer selection (P2P application questions), as well as on bandwidth costs. A draft charter for a working group was proposed and discussed. However, while there was support for moving forward with this topic area, the sense of the room was that the draft charter did not adequately capture a clear problem statement that participants could support as IETF work. It was sent to the mailing list for refinement.

TANA BoF

The Transport Area held the Techniques for Advanced Networking Applications (TANA) BoF, chaired by Stanislav Shalunov and Gorry Fairhurst. The session focused on some of the transport-layer possibilities for supporting bandwidth-intensive applications. According to www.ietf.org/internet-drafts/draft-shalunov-tana-problem-statement-01.txt: “The TANA BoF is held to explore the problem space, to gauge the interest in the problems within the Transport area, and to see if the community and the area directors believe that it makes sense to form a TANA working group within the Transport area chartered to work on

1. standardizing end-to-end congestion control that enables advanced application to minimize the delay they introduce into the network and a protocol using it and
2. a document describing the current practice of peer-to-peer apps’ use of multiple transport connections and recommendations in this space”.

Discussion between those in the group included Jason’s review of ISP requirements and Laird’s review of P2P application requirements. A number of issues and angles were also discussed, and at the end of the meeting there was clear support for moving forward with work on the first item.]]> 927 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-18/ Tue, 07 Oct 2008 15:31:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=930 Russ Housley, IETF Chair

Held at City West in Dublin, in July 2008, IETF 72 was by all measures a highly successful meet-ing. With 1,183 people from 48 different countries in attendance, the week was filled with the usual mix of working group (WG) meetings, BoF (birds-of-a-feather) sessions, research group (RG) meetings, and, as always, many side meetings. Our host, Alcatel-Lucent, certainly made everyone feel welcome, and we had a wonderful time at the Guinness Storehouse on Tuesday evening. The network connecting City West to the rest of the Internet was provided by eircom, and the local network was provided by Alcatel-Lucent, with considerable support from volunteers. Since IETF 71, 5 new WGs were chartered and 11 WGs were closed, leading to approximately 115 chartered WGs in total. Between the meetings, the WGs and their individual contributors pro-duced 475 new Internet-Drafts and generated 1,071 updated Internet-Drafts. The Internet Engi-neering Steering Group approved 134 Internet-Drafts for publication as RFCs and the RFC Editor published 88 new RFCs. One of the hot topics during IETF 72 was the coexistence of IPv4 and IPv6. The discussions about requirements for NAT-PT (network address translation-protocol translation) in the Internet Area were especially lively. To aid in the discussion, an IPv6-only network was available through-out the week so people could see what the Internet would be like without IPv4. While the topic was not resolved, an interim meeting is being organized for early October in Montreal to continue the discussions. The meeting will cover topics that affect work ongoing in a number of WGs, including SOFTWIRE, V6OPS, and BEHAVE. At IETF 73, we expect to conduct a scheduling experiment that we hope will lead to the creation of additional meeting time for WGs. Instead of ending at 11:30 on Friday, we will end at 15:15. The after-lunch meeting slots will mean more than 16 additional hours of session time for WGs. Follow-ing the meeting, the IETF will evaluate the results of the experiment and determine whether a longer meeting is something we want to continue in the future. I look forward to IETF 73 in Minneapolis, which is scheduled for 16-21 November 2008, and will be hosted by Google, and to IETF 74 in San Francisco on 22-27 March 2009, which will be hosted by Juniper Networks. Scheduling information for future IETF meetings may always be found here. I look forward to seeing you at the meetings.]]> 930 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-16/ Tue, 07 Oct 2008 15:32:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=932 Olaf Kolkman, IAB Chair

“To the universal deployment of IPv6″ is the toast to which some of our colleagues have raised their glasses for nearly 10 years. That toast can be heard during unofficial events and gatherings at IETF meetings that have taken place since IETF 43, when, after an IPng working group session, some folks retreated to empty a few bottles of Scotch. The relevance of this factoid is linked to the technical plenary at IETF 72, during which the Internet Architecture Board (IAB) expressed interest in IPv6 deployment issues. In the context of the emerging completion of the IANA IPv4 registry, the IAB asked itself a number of questions such as, What are the actual deployment barriers in various environments ranging from Internet service providers (ISPs) to application service providers, to business enterprises, to end users? What are the approaches toward IPv4 completion contingency planning? What are the success factors inherent in the actual deployment of IPv6? and, What can the IAB do to hasten IPv6′s deployment? With those questions in mind, the IAB organized a plenary discussion to which we invited a number of folks who have key roles in the deployment of IPv6 in their organizations. Our intention was not only to try to address the questions asked here but also to inspire participants to go back home and assess how they could play their part in an IPv6 rollout. A report by the moderator, Gregory Lebovitz, appears on page 17. “On a personal note, it was difficult to find engineers who could shine a light on the deployment issues within business enterprises. I wonder how much that has to do with the fact that IPv6 has not yet made it onto those corporations’ agendas. To a certain extent, I understand how deployment of a new IP address family might not make it onto the agenda. It shouldn’t have to; IP infrastructure should just work. However, I find it hard to believe that at the chief technology officer (CTO) level, no conscious decision has been made about how to move forward with IPv4. It seems clear to me that as soon as IANA’s IPv4 registry is completed, the landscape of IPv4 allocation and assignment is going to change. If I were a CTO, it would make sense to me to have already made an analysis of how to move forward within that landscape. Could it be that CTOs are not tuned in to the issue? An entirely different and somewhat plausible explanation for the difficulty in finding engineers with experience in enterprise-scale IPv6 deployment is that those engineers are not participating in the IETF. The root cause for both of those explanations may be that IP addressing is a typical ISP issue and that engineers at ISPs may be more attuned to IPv4 address completion than are their counterparts in the business enterprises sector. These personal musings aside, the IAB is interested in hearing more adoption stories, specifically those in which barriers were encountered and overcome. We also want to hear about barriers that persist-especially those cases in which some IETF-related work might help, whether it’s a protocol, a best-current-practices document, informational material, or experimental work. In a future plenary we plan to report on both the lessons and the outstanding issues that we learned from those stories. Please send your stories to ipv6-adoption@iab.org. If your story speaks best to universal adoption of IPv6, then the tradition described in the first paragraph will be honoured and you will be provided with either a bottle of single-malt Scotch or a nonalcoholic beverage of your choice.]]> 932 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-3/ Tue, 07 Oct 2008 15:33:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=934 Mirjam Kühne

Note: This is not a complete report of the plenary sessions; rather, it is a summary of the highlights of the discussions. All IETF 72 presentations can be found here. Even though Irish is the native language of Ireland, English has become the dominant language, just like IP is the dominant language of networking,” said Kevin O’Callaghan, Ireland’s leader of Alcatel Ireland, which served as host organization for IETF 72. Kevin welcomed participants to Dublin and said he was honoured to address the meeting. “It is fundamental to allow Nets around the world to communicate,” he said. “The impacts on society have been truly beneficial.” On behalf of Alcatel-Lucent, which played a significant role in shaping the telecom infrastructure in Ireland, Kevin expressed his delight in having the opportunity to host and sponsor the IETF in Dublin. He was impressed by the number of people attending, the variety of organizations represented, and the number of languages being spoken. Ireland’s Green Party’s minister of energy Eamon Ryan, who oversees communications, energy, and natural resources, addressed the group, saying that for politicians, the objective is to provide access and ubiquitous connectivity that society can use for critical issues, such as health care, education, and enterprise. There have been difficulties in achieving that goal in Ireland, and the move to ubiquitous connectivity has been slower than desired. In fact, in the past few years, the country has been playing catch-up in the areas of domestic and public use of the Internet. However, a new era of investment has been ushered in, and Ireland is becoming recognized as a place where companies can more easily invest in connectivity. Mobile broadband pickup has accelerated at a comparatively high rate, and an open-access system has allowed flexible development of new applications. This has clearly given the country an advantage in the area of digital services. In his address, Minister Ryan echoed the sentiment of Vint Cerf, who suggested at a recent conference of the Organisation for Economic Cooperation and Development (OECD) that the development of the open-access system might necessitate a newer regulatory system than the one that grew up under the old phone systems. Minister Ryan said Ireland has challenged itself to apply new technologies with a view toward reduction of energy use. He said he’s very encouraged by this type of meeting, because the IETF has a model that uses democratic processes at its very core. Peter O’Connell, director of strategy and regulation at eircom, the company that provided connectivity at the IETF in Dublin, said it was impressive to see so many people of so many backgrounds agreeing on standards. Compared with similar companies worldwide, eircom may be small, but it is big by Irish standards. The company used to focus on voice, but now it focuses on broadband. Peter described the government as supportive of investment. “A policy platform that encourages investment is essential to the development of the Internet and to making both the Internet and the content that is available on the Internet accessible and affordable to the users,” he said.

IAB Update

Following Internet Research Task Force (IRTF) chair Aaron Falk’s update covering recent developments in the IRTF (details on page 33), Internet Architecture Board (IAB) chair Olaf Kolkman gave an update of IAB activities as follows:

Alcatel-Lucent managing director Kevin O’Callaghan

What Makes for a Successful Protocol has been published as RFC 5218 (see a related article in the IETF Journal, Volume 3, Issue 3, December 2007). Design Choices While Expanding the DNS is technically approved, but it needs one more round of editorial review before sending it to the RFC Editor. A number of documents are now works in progress, including Principles of Internet Host Configuration, for which a call for comments will be issued shortly. The document titled Headers and Boilerplates is related to the work on RFC 3932bis (Procedures for IESG and RFC Editor documents) and the IRTF stream definition. It is expected that these documents will reduce the necessity for IESG statements by providing clearer guidelines for document authors. There was quite a bit of activity in the area of Internet architecture. This past April, the IAB held a retreat in Stockholm, hosted by Netnod and Arceo. The retreat was designed as a workshop at which everyone brought up topics they wanted to discuss and after which a work plan was developed. A discussion on evolution of the IP model, including assumptions regarding which IP models are valid and which are not, was led by Dave Thaler. A discussion on peer-to-peer architecture was led by Gonzalo Camarillo. Gregory Lebovitz is leading an ongoing discussion on IPv6 deployment. In addition, there have been a number of organizational activities. Bert Wijnen stepped down as IEEE 802.1 liaison and has been replaced by Eric Gray. John Klensin has been appointed liaison within ISO/TC46. Lars Eggert is succeeding Mark Twonsley as IESG liaison to the IAB. The IAB thanks Bert for his many years of good service. IAB liaison shepherds are successfully helping track and communicate the activities of the IAB liaisons. Olaf showed a diagram of the structure of the joint working team on multiprotocol-label-switching (MPLS) extensions from the plenary session at IETF 71. He then reported on the joint working team of the ITU-T and the IETF, which is discussing issues related to MPLS. The team has issued a statement saying a transport profile for MPLS (MPLS-TP) will be developed that will take into account the ITU-T transport network requirements. The ITU-T will integrate MPLS-TP into the transport network and will align the current transport MPLS (T-MPLS) ITU recommendation with MPLS-TP. Further work on T-MPLS will be terminated. Another new organizational development is the IETF’s involvement with the OECD in cooperation with the Internet Society (ISOC). Together with ISOC and 15 other technical organizations, the IAB cosigned a memorandum on the future of the Internet in a global economy. The memorandum can be found athttp://isoc.org/pubpolpillar/docs/oecd-technical-community-memorandum.pdf. The IAB also participated in a technical forum on the future of the Internet Economy, which was organized prior to the OECD Ministerial meeting. Olaf reminded the audience that the IAB is responsible for maintaining and defining the RFC Editor model, whereas the IAOC is responsible for the implementation of the agreement between the IETF and the RFC Editor. The RFC Editor contract will be up for bids in 2009. To guarantee continuity, a comprehensive model is needed. To that end, the RFC Editor function will be split into four functions:

• Independent Stream Approver
• RFC Editor
• Production House
• Publisher

The RFC Editor and Independent Stream Approver roles are new components. They may all be part of one vendor, or they could be separate. The question is, How do we select the functions or vendors? One possibility is through a request for proposals; another is through a NomCom process. The IAB welcomes suggestions. The discussion took place on the RFC interest list, and a conclusion was planned for end of August. More details can be found on the IAB Web site. Finally, Olaf pointed out that the IAB has a new logo, which was designed by IAB executive director Dow Street. Typically, at IETF meetings an open-microphone session is part of each plenary. At IETF 72, the open-mic session was replaced by a technical panel titled IPv6 Experiences from the Field, in which five panellists described their experiences with IPv6 deployment in their particular environment. (See article page 17.)

Administrative Updates

IETF Trust administrative procedures have been revised, reviewed by the community, and adopted. The RFC series has been assigned an ISSN (International Standard Serial Number), which will make it easier for libraries and other archives to identify them. The Intellectual Property Rights (IPR) working group (WG) has been working on legal provisions for IETF documents. Even though a licence for code was previously developed by volunteers-the Nonprofit Open Source Licence 3.0 (OSL)-several issues have been raised by employees at for-profit enterprises. In the end, the trustees decided to replace OSL with the Berkeley Software Licence for volunteer code. (Additional details on this subject can be found on page 11.) Jonne Soininen, chair of the IETF Administrative Oversight Committee, and Ray Pelletier, IETF administrative director, gave an update on the financial status of the IETF and announced hosts of future IETF meetings. IETF 74 will be hosted by Juniper and take place in San Francisco. IETF 75 will be hosted by Swedish country code top-level domain .se and take place in Stockholm. IETF 76 will be hosted by the WIDE project and take place in Hiroshima, Japan. The high-level financial overview for 2008 looks fairly positive. A total of USD 650,000 in meeting sponsors has been secured by the Internet Society. Those three meetings will contribute USD 1.1 million to be invested in other secretariat activities, IETF Administrative Support Activity (IASA) activities, and RFC editor activities. ISOC will contribute USD 1.55 million to IASA’s 2008 budget from its organizational member contributions and other sources. Expenses are projected to be slightly under budget for 2008, and the contingency budget of USD 50,000 remains intact. Jonne also announced that during the remainder of 2008 and in 2009, a number of RFPs would be announced, including those for the meeting network contract, the RFC editor, and the IETF secretariat.

Edu Team Report

The Edu team is responsible for organizing the tutorial sessions on the Sunday prior to each IETF meeting. Its mission is to manage the internal education activities of the IETF and to offer training and other educational material that “improves the effectiveness of the IETF operations.” While the Newcomers Tutorial might be the best-known, there are three different types of tutorials:

• Process-oriented topics: bringing new work into the IETF and document life cycle
• Training on tools: XML2RFC and IETF tools
• Technical topics such as security, DNS, routing, and IPv6

The Edu team also organizes topical trainings for WG chairs during each IETF meeting. Recently, the Edu team Web site was transitioned to a new wiki site, which makes it more stable and easier to update. One open issue that comes up from time to time among Edu team members is the role of the technical tutorials and what the tutorials should cover: Should they be introductory-level cross-trainings for IETF participants or should they cover in-depth training on specific technologies? Should there also be training on timely or controversial issues or should the training focus on the technical knowledge needed to produce high-quality IETF specifications? The Edu team is seeking feedback on those questions and would welcome e-mail sent to edu-discuss@ietf.org.

IESG Open Mic

IETF 72 participants meet in hotel lobby

During the open-mic session on Thursday, a lengthy discussion focused on both the process and the usefulness of so-called PROTO write-ups-a particular way of providing feedback for Internet-Drafts submitted to the IESG. The IESG said the PROTO write-ups provide feedback that is helpful to IESG members, especially in areas where an IESG member is not expert in the subject area. A discussion followed about the practice of having the IESG make decisions during telephone chats and via other means-a practice that may not be as transparent to the community as it could be. According to Russ Housley, the IESG’s use of Data Tracker has made the entire process much more transparent. “Now, anyone can see the status of the review and see what comments need to be resolved for the document to progress,” he said. While most participants agreed that the tracker is a valuable tool, some suggested it could be enhanced so that it can be used more consistently. Russ confirmed that review of the tool is already on the to-do list for the IESG. IESG member Magnus Westerlund pointed out the need for more bottom-up review. “Cross-area reviews need to be happening,” he said. “Many of the issues that come up in a DISCUSS should be addressed early on in the review process.” A DISCUSS is a certain way for the IESG to provide feedback for an author of an Internet-Draft.

Internet pioneer Vient Cerf chats with IETF 72 attendees

IAB member and liaison to the IETF Loa Andersson said the problems that were being discussed stem from a relatively small number of DISCUSSes. He said he felt that, overall, the work is being done well. “I have been a WG chair for some time, and I have experienced a number of area directors,” he said. “Usually, the DISCUSS comments have helped improve the document.” At the end of the IESG open mic session, the suggestion was made that the IETF consider extending the meetings to Friday afternoon. Most of those who commented on the subject were opposed to that suggestion and made some other suggestions instead. For instance, one participant suggested the meetings start earlier in the mornings or that there be more calls between meetings. In general, it was felt that more work needs to be done outside the three meetings that are held each year. The discussion continued on mailing lists following IETF 72, and in the meantime, the IESG has decided to proceed with the suggestion at IETF 73 in Minneapolis and to provide meeting slots until 15:15 on that Friday.

IAB Open Mic

Shuttle takes IETF participants to Dublin

During the IAB open mic session, a participant asked what the IAB thinks about adding new congestion-control algorithms to TCP: Do we view an aggregated UDP/IP header as just the layer 3 datagram layer over which we run this TCP implementation, as opposed to sticking with TCP? Or are we using another congestion-controlled transport like SCTP or DCCP? This issue came up in the Techniques for Advanced Networking Applications (TANA) BoF that met during IETF 72. A variety of views were expressed by the IAB in response. On one hand, Stuart Cheshire said he thought it would be a good approach to “experiment with this at the user level running over UDP. Then, when the algorithm is worked out, it can bestandardized and then gradually made into the mainstream TCP implementations over a longer time frame, like five years.” This would recognize the tension that exists between the IETF, which makes long-term standards, and the companies that want to ship products. On the other hand, Dave Oran suggested that the community proceed with caution with regard to congestion control algorithms. “There is a balance to be struck,” he said. “Involvement of the sponsoring ADs and the relevant ICCRG [Internet Congestion Control Research Group] is important. Let’s move with much speed and low haste.” Then should one use UDP for peer-to-peer communication between peers that are stuck behind NAT gateways, and TCP for everything else? No, said Stuart, who answered that one can have NAT-to-NAT peer-to-peer communication equally well with either TCP or UDP. “The reason TANA wants a new congestion control algorithm is that they want something less aggressive than today’s TCP,” he said. “It has nothing to do with NAT gateways.” Scott Bradner remembered that when he was a transport AD, many people wanted to use UDP, that usually, it was a way to say that TCP was too heavy and too slow. He cautioned that one should “be very concerned about the underlying excuse.”

]]> 934 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/real-time-text/ Tue, 07 Oct 2008 15:34:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=937 See ref 1); that means that we send and receive audio and video continuously as we communicate, and we consider this as the normal way to converse with each other.

To the deaf or hard of hearing, real-time textfeels more like conversation

For most of us, text is a static medium. We use it to read newspapers and Web sites; we exchange text messages by using mobile phones; and we use instant messaging on our computers to communicate with each other while doing other tasks. When we need efficient conversation, we pick up the phone and call the person. But what do we do if we’re unable to use a telephone because we can’t hear or speak or because we’re in an environment or a situation where the use of voice is inappropriate, such as in a restaurant or during a meeting? What if we find ourselves in danger and need to contact the police without being heard? The solution is real-time text. For the majority, this will be a valuable additional communication medium besides audio and video. Real-time text can be used either as the only communication mode or together with audio and video, which is called total conversation (See ref 2). For those who are deaf or hard of hearing or who have a speech impairment, real-time text is an essential communication capability. This is especially true in the current era. Every day, we all depend more and more on the telephone for immediate contact. Social contacts are maintained, business is conducted, and even our safety depends on the telephone. With real-time text as a mainstream communication feature, Internet telephony is for everyone.

The Technology Behind Real-Time Text

Real-time text works by sending and receiving text on a character-by-character basis. The characters are sent immediately (within a fraction of a second) once typed and are then displayed immediately to the receiving person(s). This allows text to be used in the same conversational manner as voice. It’s like talking by using text. Real-time text that runs over IP networks is designed around the ITU T.140 real-time text presentation layer protocol. T.140 allows real-time editing of text, even in cases of backspacing and retyping. T.140 is based on the ISO 10646-1 character set, which is used by most IP text specifications, and it uses the UTF-8 format. This allows any language to be used with real-time text, in-cluding English, Chinese, and Russian. Real-time text uses the same real-time transport protocol (RTP) as voice over IP (VoIP) and video over IP. The text is encoded according to IETF RFC 4103 (RTP Payload for Text Conversation), which supports an optional error-correction scheme based on redundant transmission (as described in RFC 2198). This results in a very low end-to-end character loss across IP networks that have moderately high packet loss. (It also makes it very good for wireless accesses.) To improve efficiency, the text is buffered for 300-500 milliseconds before it is sent while still meeting the real-time text performance requirements of RFC 4103. The traffic load of real-time text at 30 characters per second is between 2 and 3 kilobits per second depending on the language used (including the overheads for RFC 4103 with the maximum level of redundancy, RTP, UDP and IP). Real-time text uses the standard session initiation protocol (SIP) (RFC 3261) and the session description protocol (SDP) (RFC 4566). SIP is used without any alteration; there is no difference between real-time text and VoIP for SIP. The real-time text encoding is identified by using the SDP media definition m=text. To ensure proper technical implementation and use of real-time text, RFC 5194 (see ref 3) lists the essential requirements for real-time text and defines a framework for implementation of all required functions based on SIP and RTP. This includes interworking between real-time text and existing text telephony on the public switched telephone network and other networks. The ECRIT IETF working group defines real-time text as one medium in the access to emergency services (see RFC 5012, draft-ietf-ecrit-phonebcp and draft-ietf-ecrit-framework). With the growing number of people with hearing and/or speech impairments, it would be prudent for multimedia emergency public-safety answering points in Europe (which uses 112) as well as in the United States and Canada (which use 911) to support real-time text.

Mainstream Use of Real-Time Text

The use of real-time text will not be limited to those who cannot use speech. Like captioning on TV, real-time text will be used more by people without disabilities than by those who have them. On phone calls, people can type in phone numbers, addresses, names, and other information better passed in text than dictated-especially when the two communicators have different accents. When using one line or otherwise occupied in a conference, a person can answer a second line in text only and receive a quick message or have a quick text conversation. When talking to an elderly parent, for example, a person can use text to supplement voice to make sure important information has been understood. In interactions with an interactive voice response system, instead of having to wait while the voice slowly reads out all the choices, real-time text can provide an almost instant list of the choices visually so users can immediately read and select the number they want to press. These and a myriad of other uses will become common as real-time text gets deployed as a natural and always present parallel communication mode on any voice phone call.

The Real-Time Text Taskforce

Launched on 30 July 2008, the Real-Time Text Taskforce (R3TF) is an independent open forum for engineers, motivated individuals, experts, companies, and organizations that wish to help test, implement, and advance the widespread adoption of the real-time text framework (see ref 4). Its goal is to ensure that real-time text is as readily available as voice for all users. The Internet Society is assisting in the effort by serving as an incubator of the R3TF. Having a single real-time text standard that is used everywhere would make access to communication services easier, and it would eliminate any potential interworking issues. Unfortunately, with the diverse types of communication networks and devices that are in use today, this is not possible. The R3TF will promote real-time text as the real-time text standard that most terminals and networks can either use native or easily interconnect with via gateways between different network borders. This means that alternative real-time text protocols may be used, but they must be able to interconnect via gateways with real-time text to ensure full interoperability. This will make possible the goal of real-time text being available everywhere. The R3TF will help facilitate the development of interworking test beds that will enable implementers to test how well their solutions comply with the standard. Moreover, the task force will facilitate the distribution of information about the technology, about the technology’s user requirements, and about the technology’s implementation, and it will act as an educator on related issues. The Web site of the R3TF is www.realtimetext.org.

The R3TF Is for Everyone

What can you do to help the R3TF?

• Add your knowledge and expertise to those of the R3TF so that the task force can grow real-time text and remove barriers to its implementation.
• Help prevent SIP networks from blocking real-time text traffic, even if they block VoIP traffic for internal reasons. In SIP networks and products, real-time text support, as described in RFC 4103, should be regarded as normal mainstream and possible now. Real-time text not only works now; it also is part of next-generation-network system specifications.
• For non-SIP network and products, ensure that the real-time text protocol/service used does interoperate with RFC4103.
• Build on the open-source client that supports real-time text (as well as VoIP and video) to implement clients for mobile/cellular terminals as well as computers.
• Include real-time text in your design and development of new services, such as voice and videoconference services, answering machine services, call centre services, language interpretation services, gateway services, network interconnection services, and emergency services. All of those services are enriched to higher usability via support of real-time text together with voice and sometimes video. Open-source components are available and should be continually improved when possible.
• Include real-time text in 112/911 emergency services when they move to IP networks. Authorities are already pushing for this in the European Union and the United States.
• Become an R3TF sponsor and encourage employees to participate in projects.

References

1. The International Telecommunication Union (ITU) defines real time in ITU-T F.700 Section 2.1.2.1. Real-time text is defined in ITU-T F.700 Annex A.3 and ITU-T F.703 Section 5.3.2.3.
2. Defined in ITU F.703 Section 7.2 and specified for the next-generation-network IP Multimedia Subsystem in 3rd Generation Partnership Project TS 26.114, Multimedia Telephony, Media Handling and Interaction.
3. RFC 5194 was published by the IETF as an informational document.
4. The Real-Time Text Taskforce is a project group separate from the IETF.

Arnoud van Wijk is disability projects coordinator for the Internet Society. Along with other researchers, Arnoud documented the technique for real-time text described in this article, combining existing IETF standards to facilitate text streaming over IP networks. He and Guido Gybels, director of New Technologies at RNID (www.rnid.org.uk), with contributions from other experts in communication and accessibility for people with disabilities, edited and coauthored Framework for Real-Time Text over IP Using the Session Initiation Protocol, which the IETF recently published as information document RFC 5194.

]]> 937 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/talking-with-jorge-l-contreras/ Tue, 07 Oct 2008 15:35:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=939 The attorney for the IETF talks with the IETF Journal about intellectual property, licensing, and what makes the IETF so unusual in the world of copyrights and copylefts.

IETF attorney Jorge L. Conteras

IETF Journal: How did you get involved in the IETF? Jorge L. Contreras: My firm, WilmerHale, has provided legal advice for the IETF from the early days. I took over from a partner who left about 10 years ago and have been working with IETF since then. IJ: Did you ever think you would be interested in Internet standards? JLC: I have an undergraduate degree in electrical engineering, so I was always interested in technical issues. But the law that applies to standards organizations was much less developed when I began practicing law in 1991. The first case to draw significant attention to intellectual property issues in standards organizations involved Dell Computer. In 1998, Dell participated in an SDO [standards development organization] that was creating a video bus standard. They did not comply with the IP policy of the SDO and then later tried to enforce their patents against other SDO participants. The U.S. Department of Justice brought an action against Dell, with the result that Dell’s patents were no longer enforceable. It was a significant result and one that really shook up the world of standards law. Today, most companies that come to the IETF are aware of the Dell case and a number of more recent cases that have elaborated on the issues first raised in Dell. IETF participants often have patents that affect standards developed at IETF, and so long as they disclose these patents in compliance with the IETF IPR [intellectual property rights] rules, they are fine. If they violate the rules, however, they risk the loss of patent rights, just as Dell did. IJ: Has the IETF ever been sued under patents? JLC: No, the IETF has never been sued for patent infringement. An SDO like IETF is just a forum in which participants can develop standards. IETF itself does not make or sell products, so it cannot actually infringe a patent. It is the implementers of a standard, who sell a product that implements the standard, who can be accused of infringing. That is not to say, though, that IETF is never involved in patent litigation. Because patents are increasingly important to the companies that send participants to IETF meetings, there are sometimes lawsuits between those companies. If the lawsuits involve patents covering standards that were developed at IETF, the IETF is often called upon to provide evidence regarding the IPR policies that were in effect at the time, the participants in certain working groups, and the contributions that various parties made to a standard. In such cases, the IETF is not a defendant but merely acts as the provider of information that is essential to resolution of the case. IJ: What other legal matters do you handle for IETF? JLC: I advise IETF on a wide range of legal issues. One issue that has gotten attention recently is the licensing of IETF software tools to the community. The tools can be created by companies contracted by the IETF-like the IETF Secretariat-or by volunteers. There is a strong desire to release the tools on an open-source basis, and I have worked with the tools team, the IAOC and the IETF Trust to evaluate various approaches that might satisfy the many constituencies involved with the IETF. For example, certain open-source developers favour the General Public License, or GPL, but commercial enterprises often have an aversion to the GPL because it is viewed as risky when distributed with proprietary software. As part of the process, we helped develop a new variant of the Open Software License [OSL] that could be used with nonprofit enterprises. There were objections to the license from for-profit enterprises. Finally, we settled on using the open-source BSD licence, but it took many rounds of discussion to get there. IJ: Is working with the IETF different from working with other organizations? JLC: Oh, yes, the IETF is unique. Often, it is not actually clear who the client is. The IETF is more a concept than an entity. The Internet Society [ISOC] is the organizational home of the IETF, and ISOC signs most of the contracts for services that the IETF needs, including everything from the RFC Editor and IETF Secretariat to contracts for hotel venues and network services. The IETF Trust is a different legal entity altogether. It is the custodian of the IPR owned by IETF, including software code, the IETF trademarks and logo, written records, and, most important, the RFC series itself. Now that the IETF Trust is up and running, it is also available to administer rights in older RFCs. Those rights are generally still with the RFC authors, but the Trust has set up a lightweight process for authors to license their old RFCs to the Trust. A number of companies and individual authors have already done that, and we are encouraging other active IETF participants to follow suit. IJ: Outside of the IETF, do you work with other standards bodies? JLC: I work for numerous companies that are involved with other standards groups, both large SDOs like IEEE and smaller consortia and special interest groups. I also get involved in projects that affect Internet standards groups, like ISOC’s establishment of the Public Interest Registry to become the domain name registry for the .org top-level domain. That was an interesting project, and I continue to advise organizations in that area. IJ: What’s been happening in the IETF’s IPR Working Group recently? JLC: The IPR WG has nearly completed a revision of the IETF IPR policy related to copyrights [currently at BCP 78]. The revised policy will make a lot of things easier to manage. For example, if someone wants to evolve an IETF RFC in an SDO other than IETF, there’s no way for IETF to grant that permission today. The other SDO must seek permission directly from the original document authors. In some cases, that is very difficult, because authors have left their companies, moved on to other projects, or, in some cases, passed away. For example, in one case, we transferred some of the 802.11 MIB work to IEEE. That took some doing, because some of the RFCs were quite old. In that case, IEEE had to go and contact the authors, so things took a little while. Under the new policy, the IETF Trust will be empowered to grant licenses-subject to specific guidance that has been given by the IETF community. IJ: How about the IETF’s patent policy? JLC: The patent policy is now codified at BCP 79. The IETF has a process whereby participants have to disclose their patents if the patents are related to work that is ongoing in an IETF working group. You can also disclose other people’s patents if you know they affect the work in a WG. If you know of a third-party patent that could affect the development of a certain protocol or standard, you can disclose it. In this way, the IETF is unusual: It does not require a patent holder to license its patent. The patent holder has to disclose it, but it is not obligated to license it. This has not discouraged companies from sending participants to IETF meetings, however. And in fact, many companies license their patents covering IETF standards for free. In some areas, however, there are lots of patents, and people do pay royalties on them. Not long ago, some IETF participants said they believed that a certain company’s patent would cover all of IPv6. It caused quite a stir in the community. I had several discussions with the company and tried to get them to commit to licence it for free. Eventually, they never specified what they thought the patent actually covers, and to my knowledge, they never licensed it. But I’m also unaware that they have ever tried to enforce the patent against implementers of IPv6, so that’s where it stands today. IJ: It sounds as if a lot of what you do is to manage people’s expectations about the IETF, is that right? JLC: Yes, the IETF is an unusual organization, and even though it’s very well-known, not many people-especially other lawyers-really understand how it all works. So I spend a lot of time talking to other lawyers about the IETF processes. These include both the in-house lawyers of IETF participants and lawyers for litigants that involve IETF standards, parties that IETF contracts with, and others. IJ: What about your book? Will there be a version 2? JLC: I’m chair of the Technical Standardization Committee of the American Bar Association’s Section of Science and Technology Law. In that capacity, I served as editor of our committee’s Standards Development Patent Policy Manual, which was published last year and is intended to offer a set of annotated, policy-neutral language that SDOs, consortia, and others can use in developing their own patent policies. A number of IETFers worked on the book project, and I am grateful for all of their help and insights. As is often the case, right after the publication there were changes to laws and regulations, new cases came up, and so on. So, yes, it will need an update, and I’m currently looking for volunteers to help with that project! More information about Jorge L. Contreras. List of Jorge L. Contreras’ publications. Jorge is the author of Standards Development Patent Policy Manual (paperback). Note: Standards Development Patent Policy Manual can also be found on Google Books.]]> 939 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-and-bandwidthintensive-activities/ Tue, 07 Oct 2008 15:36:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=941 www.savetz.com/articles/ibj_bunyip.php. The best path forward appears to be adual-pronged approach-in other words, finding ways to allow such applications as P2P technology-based ones to (1) fine-tune their use of network bandwidth availability and (2) identify more-palatable options for managing bandwidth in the face of overwhelmed network links. These are the types of activities the IETF considered in two BoF sessions at IETF 72 in Dublin (see page 1). As we engage in IETF activities on the topic-including BoF sessions and, eventually, working groups-it’s important to keep a few simple realities in mind. First, it’s not strictly about P2P technology itself. Second, the network impact might be local (as in, “My P2P participation is wrecking my neighbour’s VoIP [voice over Internet protocol]“) or transit (such as spikes in peering costs due to unexpected load). Third, there are different classes of reasons that the network operator may have no reasonable incentive or ability to adjust the network to meet demand. These include the constraint of dealing with significant, unmatched expenses (such as no additional revenue to offset the capital cost) or dynamically changing bandwidth demands. As an example of the latter, network operators have little or no control over which peer becomes a supernode in a P2P network. Note that none of this is to be confused with traffic unintended by any local customer (unwanted traffic, denial of service, etc.), which does not need accommodation so much as remediation. In today’s Internet, the broader impact of dealing with existing problems through traffic shaping, with its unintended consequences, or through tiered Internet access has the potential for a chilling effect on openness and innovation. The long view is that this sort of stretch in network demand is normal and, on a global level, healthy. By making a network to ship packets around, the model is about packet shipping; it’s not about making and maintaining highly specialized connections. To address the current issues, we need to consider approaches that not only solve the immediate problem but also are applicable beyond any particular application technology and that do not introduce such architectural complexity as to limit aspirant applications.]]> 941 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-72-welcomes-isoc-fellows/ Tue, 07 Oct 2008 15:37:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=943 ISOC Fellowship to the IETF programme fellows and mentors at IETF 72 in Dublin

Six technology specialists and researchers from Africa, Asia, and South America journeyed to Dublin, Ireland, for their first IETF meeting as part of the Internet Society’s (ISOC’s) Fellowship to the IETF programme. Guided by their mentors and supported by ISOC staff, the fellows had been selected from among dozens of applicants and given opportunities to sharpen their technical skills, indulge their interests, and meet face-to-face with colleagues and others whom they’d known only by reputation or by way of time spent on working group (WG) mailing lists. By all accounts, the fellows benefited considerably from the experience, bringing with them-and taking away-their own unique perspectives.

Meet the Fellows

Born and raised in a small city a few kilometers from Santiago, Chile, Hugo Salgado developed a passion for mathematics as a child. Although he began his studies by pursuing a degree in physics at the Universidad de Chile, in his third year he discovered the Internet and changed his major to computer science. Today he works for NIC Chile, the .cl country code top-level domain registry where he develops software written in Perl, maintains a few Web sites, and implements DNS-related technologies, such as IDN. Even though Internet security has become a passion of late, Hugo writes that it is the IDN work that interests him most. “We were the first Spanish TLD with IDN,” he writes, “so we are very concerned about the changes that came with IDNAbis.” Attending an IETF meeting was an eye-opener for Hugo. “Everyone was friendly and open-minded,” he said. “That makes for a very rich environment for developing ideas and to be creative in.” Following the trip, Hugo planned to participate in mailing list discussions and to spread the work of the IETF. “We are currently preparing our first informational RFC submission on the .cl extensions for EPP registration,” he added. Ali Hammad Akbar is an assistant professor in the department of computer science and engineering at the University of Engineering & Technology (UET), the largest engineering university in Pakistan. He also consults to UETs Al-Khawarizmi Institute of Computer Sciences, where he helped establish a research group called WATCHNETs (wireless and ad hoc actuator and sensor networks). No stranger to travel, the Pakistani native recently earned a Ph.D. in electrical engineering from Ajou University in South Korea, a master of science in electrical engineering from the University of New South Wales in Australia, and a bachelor’s degree in electrical engineering from the National University of Sciences and Technology in Pakistan. He is interested primarily in 6LoWPANs, particularly in mobility, security, and routing issues. (See page 16.) Mohamad Dikshie Fauzie conducts research in Internet measurement analyses in dual-stack IPv4/IPv6 environments at Keio University in Japan. Born and raised in Indonesia, Mohamad supplements his research with work as a School on Internet-Asia (SOI-Asia) operator at Bandung Institute of Technology, where he operates dual-stack IPv4 and IPv6 networks for real-time distance learning using IP multicast operation. He’s also actively involved in Indonesia’s IPv6 task force, a group consisting of academics, government representatives, and representatives from telecommunications companies and Internet service providers that are working to implement IPv6 in Indonesia. Attending IETF 72 helped Mohamad gain a better understanding of the problems associated with IPv6 deployment and Protocol Independent Multicast (PIM), an area that is critical to his research. He plans to use the knowledge he gained in Dublin as the basis for a report to Indonesia’s IPv6 task force about the latest developments. He also plans to write a report to SOI-Asia about the status of PIM-Sparse Mode. University professor and researcher Tamrat Bayle possesses a deeply held belief in the power of a robust information infrastructure to support his country’s IT industries. He also says he’s a strong believer in the IETF’s contribution to the success of the Internet. This native Ethiopian is an assistant professor and head of the Department of Information Technology at the College of Telecommunications and Information Technology of the Ethiopian Telecommunications Corporation. There he teaches graduate-level courses in advanced computer networks, data communications, mobile ad hoc networking, and wireless IP networks. He also advises on master’s degree theses and serves as a principal investigator on a project whose aim is to increase classroom interaction with mobile wireless technology.

Fellow Mohamad Dikshie (right) with mentor Erik Nordmark

Attending IETF 72 offered Tamrat a unique opportunity to enhance his knowledge and to contribute more integrally to the growth of the emerging IT industries in his country. “The Internet is the new frontier in our country,” he writes. “It is my strong belief that [attending] the IETF meeting will assist my country in general-and the Ethiopian Telecommunications Corporation in particular-in finding solutions for efficient and scalable internetworking needs.” In his role as internetworking coordinator with British Telecom in Venezuela, Alejandro Acosta was recently involved in the implementation of IPv6 within the company’s network running BGP, firewalls, Linux, and IP services, including SSH, Apache, and DNS. “My responsibilities in the company include everything related to the IP protocol,” Alejandro writes, “including devices, services, connections, troubleshooting, and VoIP using Open Source.” Since he was in high school, Alejandro has been interested in “everything related to computers and specifically with the Internet.” His main areas of interest today include IP, BGP, DNS, and routing protocols. “The IETF community has had a big impact on those fields and, therefore, on me,” he writes. Attendance at an IETF meeting not only brings Alejandro face-to-face with technologists working on the issues that interest him most; it also enables him to bring the knowledge he gains to the two national universities with which he works closely, as well as to the groups, such as LACNIC. Kumar Saurabh says the IETF is one of the main forces behind the evolution of the Internet and its associated standards. The software engineer at Sonus Networks in India is helping design and implement Border Gateway Function (BGF) by using H.248 protocol. He also works on Session Border Controllers (SBCs), which involves extensive application of the session initiation protocol (SIP) and which explains his interest in the IETF’s SIP working group.]]> 943 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/joining-the-ietf-fold/ Tue, 07 Oct 2008 15:38:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=945 An IETF 72 fellow reflects on working group politics, the culture of leadership, and the IETF dress code. I’d like to take this opportunity to express my sincere thanks and appreciation to the Internet Society and its sponsors for their sponsorship of the ISOC Fellowship to the IETF program and to the organizers at the IETF, who made it possible for me to participate in the 72nd meeting of the IETF. All of the travel, lodging, and hospitality arrangements extended during the stay were splendid and were handled very professionally. My indebtedness is to Leni Nazare, Martin Kupres, and Mirjam Kühne for their efforts. Though I was by and large familiar with the workings of IETF, I was indeed a newbie to its proceedings. In the past, I would wonder how working group (WG) ideas popped up: was it the WG chair who would spell out the seemingly Utopian ideas? Or was it the companies that would steer the chartering of the agenda items? It was only through firsthand experience at an IETF meeting that I became able to fully comprehend the working style: a clearly chalked-out agenda is thoroughly deliberated and firmed up through consensus on the mailing lists. Afterward, it gets floated for consideration at the IETF meeting. Objective synoptic presentations and question-and-answer sessions after each Internet-Draft expose the participants to a therapeutic forum wherein they reflect upon and make appropriate amends to their proposals. The ideas evolve through debate and candid comments, though at times these might seem like forays into an Internet war zone! Undoubtedly, the two consequent features of IETF meetings-synergy and proactivity-arise from honest debate that sometimes relegates courtesy to a lower priority. These are the people for whom the maxim holds true: “If violence is a sin, silence is a felony.” My doubts were further cleared up when I met my mentor, Prof. Carsten Bormann, a pleasant, modest, and knowledgeable person who maintained a characteristic silence unless provoked and who chaired the 6LoWPAN working group. While attending the meeting as a first timer, I found myself awkwardly overdressed-not at all in the getaway style of the majority of participants. Professor Bormann promptly commented in a lighthearted manner that of all of the participants, only two gentlemen were clad very formally-a dig on me, I realized! The meeting also afforded me interaction with other fellows from all over the globe. While exchanging notes with Hugo Salgado from South America and SM from Mauritius, I realized that such people from diverse backgrounds and of a multitude of ethnicities, who have will and potential, very often remain untapped contributors. Though their passions might find expression through an open call for participation on the IETF mailing lists, it is only through bursaries and fellowships that they can get recognition for their efforts. It was indeed very rewarding for us all to be part of such an activity. At times, my admiration for academic stalwarts has bordered on infatuation. And there could be no better place than the IETF meeting to get them all together. To my immense pleasure, I could meet Prof. David Culler and Samita Chakrabarty and attend talks by Pascal Thubert and Jean-Philippe Vasseur-people who work in subjects closely related to my interests and who are highly regarded. Likewise, it was quite motivating to see young scholars like Jonathan Hui and Phil Kevin at 6LoWPAN and ROLL working groups to present their works. Their success stories bespeak of their professional approach and relentless pursuits. With limited leisure time at my disposal, a city tour seemed like a good extracurricular activity, so I set out to hitchhike. While I went to the city centre in a more hop-on, hop-off mood, my touring spree turned out to be more academic. My visit to the highly acclaimed Trinity College and the National University of Ireland enabled me to meet some very good researchers in Dublin. Prof. Murphy from University College Dublin visiting faculty from Washington State University, and Prof. Sumit Roy were among the professors I met who work on IP-based wireless networks. I plan to take those initial interactions on to subsequent levels of rapport. As a whole, the experience of spending just about a week in the IETF folds proved remarkably eventful. It could, however, result in more than that. For instance, pursuit of an Internet-Draft together with my mentor-in order to explore ways and means of opening a new ISOC chapter in Lahore (my hometown) and offering talented minds for ISOC-all are merely the initial contemplations we wish to pursue.]]> 945 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-deployment-lessons-from-the-trenches/ Tue, 07 Oct 2008 15:39:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=947 IETF 72 panel discusses IPv6 deployment

During the IETF 72 technical plenary, the Internet Architecture Board (IAB) hosted a panel on the subject of IPv6 deployment. The five-member panel was composed of Internet community members who have firsthand experience with operational IPv6 deployments. They represent the perspectives of Regional Internet Registries, or RIRs; network operations teams; broadband services; content delivery services; and host applications. The panelists communicated their IPv6 adoption successes and hurdles, as well as their IPv4-depletion contingency plans, including carrier-grade network address translations (NATs), or CGNs, a concept that is currently under debate.

Motivation and Background

Studies suggest that the completion of IPv4 address allocations by IANA to the RIRs could occur as early as 2011 (seehttp://www.potaroo.net/tools/ipv4/). Regardless of the exact date, the idea of an empty storehouse will, without question, change the networking landscape. In an effort to prepare for that eventuality, various players are working toward widening and hastening IPv6 deployment. Some content providers are planning ahead by readying their content for IPv6 endpoint hits. Some of the service providers and broadband providers that saw the need started their efforts some time ago, and they’re now moving toward infrastructure and service delivery that can and will run on IPv6. Both face a bit of a chicken-and-egg problem: the content providers would move faster if they knew the operators had the services fully baked to deliver IPv6 eyeballs to the content. And the operators would invest more in their IPv6 services and infrastructure deployments if the content the end customer demanded were available and abundant. Enterprises are, in some way, the swing votes. Objectively, few enterprises have moved toward wide-scale deployments of IPv6. Some have IPv6 pilots; and a few have partial deployments, yet they may hit the v4 allocation cliff harder than either of the other two, aforementioned communities. This will leave enterprises in a costly scurry to rectify the situation at the last minute. IPv6 deployment in operational networks across the Internet is a work in progress. Transition mechanisms have existed and been deployed for years, including dual stacks and various translation and tunnelling mechanisms. Over time, more hosts and networks are moving to native IPv6 operations. Collectively, we now have several years of experience with both. The IAB established this plenary topic to provide background and input from those experienced with deployments and issues in order to empower the IETF community to do its part to encourage and facilitate the universal deployment of IPv6.

View from the RIRs

Mark Kosters, Chief Technology Officer, ARIN

RIR Allocations

Currently there are 39 IPv4 “/8″ address blocks (2^24, or 16,777,216 addresses) remaining in the IANA free pool that can be allocated by IANA to RIRs. In turn, the five RIRs that together cover the globe assign portions of the /8s to ISPs in their regions according to their local policies and practices. To give a sense of the allocation pace, in December 2004 there were 76 /8s remaining; in December 2005 there were 65; in December 2006 there were 55; in December 2007 there were 42; and in June 2008 there were 39. While the absolute number of allocations per year has remained somewhat constant, the percentage of remaining /8s being allocated is growing steadily each year. If, as one model predicts (http://www.potaroo.net/tools/ipv4/), the IANA free pool runs dry in December 2011, then IP address blocks that have never been allocated to RIRs will be allocated. That won’t mean end users or corporations will no longer be able to get IPv4 public addresses from their ISPs. It means the currently defined IANA free pool allocations will be completed. Rather than receiving this news as Chicken Little would-as an indication that the sky is falling-Mark urged us to look at it like the westward expansion of the United States in the 1800s. At that time it was possible to go out and get land from the government for only a small registration fee-land that had not been previously farmed. Today, you can still acquire a farm or a large piece of land; it just costs a lot more, and it will have been owned by others-whether or not they used it-thereby giving it a definite market value. And today there exists a complex and robust market for titling, brokering, and owning the land. Likewise, the days of IPv4 address “homesteading” are coming to an end, and many more stringent policies, and, perhaps, markets, will emerge for dealing with IP address use and propriety. The IPv6 address space, on the other hand, is a 128-bit space, of which IANA has given out very little. The homesteading of IPv6 has barely begun. The RIRs have been fairly active in the past few years in assigning IPv6 address blocks to their Local Internet Registries (LIRs) and ISPs, with RIPE NCC and APNIC being by far the most active. ARIN and APNIC were making similarly sized allocations since 2003-around the 40 to 50 mark per year-until 2007, when ARIN handled over a hundred IPv6 allocations. To date, RIPE NCC has dealt almost half of all of the IPv6 allocations-1,208-which equates to 33,041 /32s. The next closest is APNIC, with 580, accounting for 23,233 /32s, followed by ARIN with 496, LACNIC with 97, and AfriNIC with 47. These allocations are from the RIRs to providers. However, only ARIN, APNIC, and AfriNIC have actually assigned provider-independent (PI) address blocks to end sites directly. The RIPE NCC and LACNIC have not yet assigned PI IPv6 addresses; both have policy proposals in the works for doing so. PI address grants are held in tension because backbone routing for IPv6 has not yet reached the same scale and stability as those present in IPv4 BGP, and the community questions how much route bloat from PIs can be reasonably handled.

RIR Policy Development

With IPv4 allocation completion on the horizon, the volume of policy work by RIRs on this subject has ballooned. Fourteen policy proposals-almost half of the open proposals-concern IPv4 depletion policies. One of the proposals concerns global policy, which states that as IANA’s free allocations of /8s approach exhaustion, every RIR will get a /8. Another proposal deals with liberalizing the transfer policy for moving blocks of addresses between RIRs and LIRs and ISPs and organizations. In the IPv6 policy realm, proposals exist to make it easier to transition to and use IPv6. In the autonomous-system (AS) realm, the RIRs currently allocate a lot of 2-byte AS numbers. These would be exhausted in 2011 as well if the current allocation rate continues. There are 4-byte AS numbers available, but many parties have returned them because the network as a whole does not support them very well (e.g., BGP implementations and OSS systems). We need to encourage our vendors and ISPs to better support 4-byte ASs, because this is another hole-like the IPv4 depletion-looming on the Internet highway.

Building Awareness

In addition to policy and allocations, the RIRs conduct a fair amount of awareness and promotion work for IPv6. The RIRs have taken an aggressive stance on trying to move IPv6 adoption forward. They have issued position statements, delivered awareness-raising and educational workshops, conducted research on IPv4 allocations and IPv6 deployment, provided education and advice for governments and nongovernmental organizations, and hosted IPv6 networks during meetings, such as those of the IETF-all to help drive IPv6 adoption. “This is an important time of transition, and people need to participate,” Mark said in closing. “The registries’ policy development process is very bottom-up. So come join the effort.”

Lessons Learned from IPv6 Deployment

Alain Durand, Director of Internet Governance and IPv6 Architecture, Comcast Comcast, a large cable operator in the United States, began its IPv6 deployments several years ago with a two-phase approach. First, it is readying the infrastructure by using IPv6 for management of cable modem devices and network infrastructure. This paves the way for the second phase, wherein Comcast will offer home users IPv6 service to their endpoints. That second phase is now in planning stages, with some lab trials under way. The cable industry’s Data over Cable Service Interface Specification (DOCSIS) model assigns an IP address to each customer’s cable modem. This differs from DSL, wherein an individual modem does not have its own IP address. Cable operators thus use a lot of IP addresses and are very involved in allocation policy. Their move to IPv6 was somewhat motivated by the depleting IPv4 address space. They foresaw that in a few years an organization requesting a few IPv4 addresses for Web and mail servers might still easily get them, whereas a request to IANA for a large-scale allocation is likely to be turned down much sooner. Moving the modems’ management interfaces to IPv6 means that they each get a globally unique and routable IP address, thereby avoiding messy address overlaps or NATs. The company learned important lessons from its initial experiments with IPv6 deployment. The first lesson taught that starting early saves money. For example, including IPv6 early in the DOC-SIS 3.0 specifications in early 2005 ensured that products rolling out today include IPv6 at no extra cost. The second lesson was that the network buildout for IPv6 was easier than expected. Comcast started by adding IPv6 addresses on router interfaces-and nothing else. To its surprise, nothing bad happened. So Comcast left the network like that for several months. Next, it enabled IPv6 routing, ISIS, and BGP. Again, nothing bad happened. Not one outage occurred that was traced back to the IPv6 pieces. This was a critical step in building the confidence of the operations team, proving that IPv6 could run stably in a production dual stack network. Currently, IPv6 exists in both Comcast’s access and backbone networks.

Photo by Peter Lötberg

For Comcast the problem with IPv6 was not in the networking layers but in the application and services ecosystem around the layers, like their operations and support, management, billing, and third-party systems. Not only do many of those systems lack the required IPv6 support, but getting that support is not high on most vendors’ priority lists. Adapting the code doesn’t happen overnight. It takes implementation, testing, debugging, deploying, scaling, and stabilizing. It’s a linear process that can be accelerated only so much by applying additional resources. “Nine women can’t make a baby in one month,” quipped Alain, urging application vendors to get moving. Hosted or out-sourced services from third-party vendors are in a spot similar to applications, wherein many do not yet support IPv6. Seeing the IPv4 depletion ahead, the Comcast team is plotting a transition course that includes IPv4 access for quite some time. Once scarcity hits, the team imagines, a wide range of IPv4-only computers, devices, and operating systems will still exist in customers’ homes (e.g., Win95, 98, XP, PlayStations, Xboxes, and some consumer devices). Though more and more IPv6-ready equipment is entering homes, customers will not jettison the old IPv4-only equipment; they keep using the older devices. Also, the content on the Internet is almost exclusively IPv4. Recently, thanks to Google, we have some IPv6 content to look at, but not much. IPv4 hosts and content will need reachability for some time yet. Comcast’s plan therefore involves a dual-stack core, which Alain says should work well-at least until it’s no longer possible to get any more IPv4 addresses. “Following IPv4 completion, if you give all new customers IPv6 only, with no IPv4 support, then the IPv4-only devices can’t get out of the home, and new, IPv6-only devices can’t get to the predominant IPv4-only content on the Internet.” To counter that hitch, one might add the practice of NATing new customers with overlays of private addresses from the RFC 1918 blocks. This brings undesirable results, though, such as NATs piled one on top of the other, with multiple overlapping addresses to customers. While not impossible, NATing creates a lot of complexity-especially in management-and it makes the troubleshooting of customer issues much more difficult. In addition, traffic-engineering gyrations, such as source-based routing, might be necessary to handle the overlaps. Outages are usually linked to complexity in the network, so this increased complexity in the network is less than desirable. The Comcast team is looking at using tunnels and provisioning IPv6 to customers’ home gateways. This would enable Comcast to offer both IPv6 and IPv4 services to endpoints behind those gateways. IPv6 would run natively from hosts to IPv6 targets. IPv4 is delivered by first having the gateway speak IPv4 internally, and second, by transporting the IPv4 packet over the IPv6 infrastructure network via a tunnel. The IPv4 packet would be detunnelled inside the ISP network at a large v4-to-v4 NAT box, a CGN. That box translates the IPv4 packet to a globally routable IPv4 address and sends it off to the IPv4 target. Alain refers to this as a dualstack-lite service. (Work on this is occurring in the Softwire working group.) The advantage is that the infrastructure itself requires only IPv6 addresses for operated devices while allowing either IPv4-only or dual-stack hosts to reach IPv4-only content on the Internet. “This dual-stack-lite concept makes IPv6 services incrementally deployable,” claims Alain. “You don’t have to wait for the rest of the Internet-the content and applications-to move to IPv6 in order to roll out the service. You can deploy IPv6 in your own world and get some immediate benefit out of it.” The IETF’s most successful protocols over the past 15 years have been incrementally deployable, and that is Alain’s goal for networks transitioning to IPv6.

A Step-by-Step Transition Plan

Shin Miyakawa, Director of IP Technology Development at NTT Communications While sharing much of Alain’s view of the need for incremental deployment of IPv6 in the face of depleted IPv4 space, Shin cautioned against accepting a common misunderstanding about carrier-grade NAT. “Please do not get comfortable with the idea that a carrier-grade NAT will “˜solve’ our problems,” he warned. “Do not believe that if we have a CGN, we need not move to IPv6.” On the contrary: according to Shin, the CGN concept has significant and serious restrictions as well as implications for the Internet’s end-to-end design principle. “The last thing we would want is the existence of a CGN to slow IPv6 adoption,” he said. Instead, Shin suggests employing CGN as a backward-compatible mechanism for the purpose of speeding along IPv6 adoption. “It will do so by ensuring an incremental deployability mechanism that does not exclude or alienate v4 hosts [nor v4 content] once deployed,” he said. Once such a model is supported, network operators will be able to see a clear transition path to IPv6 that contains neither product cliffs nor flagship upgrades. Shin warned that the dual-stack lite’s CGN component may necessarily limit each customer’s number of concurrent sessions. TCP and UDP allow for only 65,535 total source ports per single IP address. As IPv4 addresses become scarce, a single public IPv4 address must support many CPE routers, each with several hosts behind it. How many hosts can be supported by one IPv4 address depends on the number of concurrent TCP and UDP connections being made by the average host.

Figure 1: When concurrent connections are reduced, an image may not be able to load appropriately

To illustrate that point, Shin offered the example of browser connections to a Google Maps display of San Francisco International Airport, an application that employs AJAX technology. One characteristic of AJAX is that it simultaneously makes many discreet HTTP connections from the host to the server in order to pull down different small “pieces” of the content all at the same time (see Figure 1). As Shin demonstrated, if the session count is limited to 30 concurrent connections, the map loads appropriately. If it is limited to 20, one block of the picture is missing. If it is limited to 15, only 35 percent of the picture’s blocks are successfully received. At a limit of 5 connections, the browser throws an error message. If each user needs only one such application connection at a time, then one IPv4 address would serve approximately 2,100 hosts. This 30-concurrent-connections number is for Google Maps only. The NTT Communications research team has observed iTunes opening 230-270, Amazon grabbing 90, YouTube pulling 90, and OCN’s Photo Friend consuming 170-200. If one estimates an average of 500 open connections from a host-allowing for no safety buffer-one could infer for a CGN deployment a user-to-IPv4-address ratio of about 130:1. An 8:1 ratio would allow for a worst case, of about 8,200 simultaneous per-user connections. And for a case where multiple computers are all connecting from the same customer premise, a 20:1 ratio would allow for a worst case of about 3,300. What is the right ratio to use? After warning of the CGN issues, Shin proceeded to offer a graphical, time-lapsed, step-by-step progression of how an operator might transition to an IPv6 network by using a dual-stack-lite ser-vice architecture. This transition plan offers incremental deployment and IPv4 backward compatibility. The operator starts by enabling IPv6 on its peering routers and backbone. Then the CGN element/function is added, which logically sits north of the operator’s access concentrator in the POP. The operator may then place a private IPv4 address on the CPE router’s provider-edge-facing (PE) interface. This IP will be NAT’ed by the CGN sitting in the operator infrastructure. This step addresses the decreasing availability of routable IPv4 addresses. Step two introduces IPv6 on the customer side of the CPE, a client-based Softwire tunnelling solution from the customer’s hosts, and a tunnelling concentrator in the POP. This solution encapsulates IPv6 over IPv4 by using L2TP as the encapsulating protocol. A client-side software component sits on the customer’s host, and a networking device sitting north of the CGN terminates the L2TP tunnel in the operator’s network. At this point, the deployed network supports dual-stack customer hosts and delivers to those hosts connectivity to both v4 and v6 content. As new customer deployments occur, Step 3 involves moving the Softwire v6-in-L2TP-over-v4 client function off the hosts and into the CPE router. This allows the clients sitting on the CPE’s private side to contain any or all of IPv4-only, IPv6-only, or IPv4/IPv6 dual-stack hosts while still providing access to either native v4 or native v6 Internet content. Step 4 upgrades the provider edge (PE) access concentrator to be IPv4/IPv6 dual stack. Note that the Softwire tunnelling mechanism is required only until such time as both the PE access concentrator and the CPE support v4/v6 dual stack. Once both can run IPv6 natively, the operator has no further need for the tunnelling mechanism. This captures the attractiveness of the proposed transition plan: any of the key pieces-PE access concentrator, CPE router, or end-host system-can be combined in any combination of their v4-only or dual-stack support, and still, the operator will be able to deliver a v4/v6 service. This provides true incremental deployability for operators, saving them from costly forklift upgrades (for end hosts, CPE gear, or access concentrators) and providing them with a grow-as-you-go transition. The CGN remains in the network until the provider was prepared to end the life of the IPv4 service. NTT is considering putting in place by spring 2010 a service as described earlier-before the IPv4 address completion. NTT is working with other ISPs on the same architecture, and such was discussed extensively at a recent Internet Area interim meeting on the v4-to-v6 topic. In the assistance of various enterprises, application service providers, schools, and governmental agencies with dual-stack deployments, Shin notes, externally facing systems (e.g., Web, e-mail, and DNS) must be IPv6 capable first; then the customers’ other, internal systems follow. In addition to the aforementioned dual-stack proposal, the NTT group in Japan has already deployed a commercialized IPv6 service to over 5 million customers. This solution uses a highly controlled (i.e., walled garden), all-IPv6 network, including endpoints, to deliver specialized value-based services to end users. What can the IETF do to hasten IPv6 adoption? According to Shin, first is an additional IPv4 private address space allocation for carrier/operator access network equipment that sits in the IETF’s internal infrastructure devices, behind a CGN. Next would be defining a simple security scheme for IPv6 (see page 23). Implementations of IPv6 DNS deployments need wider dispersion. Multiprotocol label switching (MPLS) with IPv6 support must exist in the network devices. Though commercially available IPv6 supporting firewalls have been available since NetScreen (now Juniper) released its in the early 2000s, other security devices-like IDP, IPS, and Web filtering-are still awaited, as are load balancers.

A Simple Call to Action

Lorenzo Colitti, Network Engineer and Researcher, Google Google has one of the only large content sites deploying IPv6 today. Explaining why the company made the investment, Lorenzo stated, “When the day comes that users have only IPv6, they will need to be able to get to Google. That’s the long-term view.” He identified several shorter-term reasons for the deployment, including lower latency and packet loss, AJAX applications breaking behind excessive NAT (as described in detail by Shin), and the irritation of NAT traversal mechanisms, such as STUN. The year 2011 is when Google foresees the RIR IPv4 address pool exhaustion to their ISPs and PIs, and they point to IPv6 as the only sensible solution. Starting as early as possible will ensure deployment is ready in time, if not well before. The Google IPv6 effort began as a side (20 percent) project on the part of a few employees. Once others caught wind of ipv6.google.com, they jumped in alongside Lorenzo and team, and now Gmail and News are IPv6 enabled too. They built a pilot network and ran the infrastructure at an IPv6 conference, proving that it worked. As more and more people wanted to get IPv6 running for their applications, the team grew and they scaled up the pilot. Even though it was a pilot, they dispelled the notion that it was experimental, which could lead to skimping on quality. The key lay in incremental growth. A pilot IPv6 network doesn’t have to be as scalable or as capable as an IPv4 network on day one, but it does need the same types of production services as soon as possible, as are found in IPv4 networks, including monitoring, support, documentation, written quality standards, and audits. Start small, and make steady progress. In addition, Lorenzo urged that, whenever possible, one should design the IPv6 deployment to be as similar as possible to one’s IPv4 network. “Every time I made a design decision that wasn’t the same as IPv4, it turned out to bite me down the road,” he said. Lorenzo counselled against the use of tunnels in interdomain routing, citing increased latency and difficulty in debugging. Also, today most IPv6 operators are indiscriminately giving transit to any other IPv6 operator, which slows convergence, increases round-trip times, and creates partial visibility for yours and others’ networks. Some transit providers have incomplete IPv6 routing tables that cause black holes for those routes. The solution is direct peering with quality IPv6 networks, yielding direct contacts by which to address and improve routing and connectivity issues. “Don’t assume the current IPv6 Internet works,” he said. “On the other hand, get involved. The only way to accelerate the progress is to accelerate the involvement.” Lorenzo’s IPv6 product feature/capability wish list included MPLS traffic engineering, mature load balancing, IPv4-style multihoming, and hardware processing for both 6to4 and extension header filtering. Lorenzo notes that today they have to drop at the edge of their network every IPv6 packet that is not clearly TCP, UDP or ICMP due to a lack of hardware filtering for extension headers. IPv6-style multiple-address multihoming has not worked well. Failovers break TCP connections. Lorenzo says HIP and SHIM6 do support failovers, but then new connections see timeouts; both lack load balancing or traffic engineering from the network side, which are features present in v4. Without those features it’s tough to make large-scale applications deployable. Lorenzo also says multihoming ought to be allowed using /48 prefixes. He expressed the need for /127′s on point-to-point links (currently prohibited by RFC 4291) to help avoid denial-of-service attacks, and VRRP for v6 because neighbor unreachability is not fast enough. NAT-PT is another item big on Lorenzo’s list because, he says, it will lead to an all-IPv6 network more quickly than dual-stack lite will. He argues that once IPv4 address allocations slow significantly, parts of the network will be able to serve hosts an IPv6 address only. Of course, all IPv4 content will not be served immediately on v6, so v6-only hosts will, for some time, still need to reach v4-only sites. Using something like NAT-PT transforms the content deployment problem into an application porting problem. However, NAT-PT is deprecated in RFC 4966. “All of the draw-backs of RFC 4966 are really drawbacks of NAT, and they are all present in v4 NAT too,” said Lorenzo. Like Shin, Lorenzo doesn’t like NATs-or the NAT mechanisms in NAT-PT. However, being an IPv6 champion, he feels that incremental transition mechanisms are key to hastened adoption. “If we want to reclaim the end-to-end principle, then we must do it with IPv6.” And in order to do that, Lorenzo called for a barebones standard that addresses a v6 host connecting to a v4 server. This would require a DNS application layer gateway. The focus should be on network-based translation scenarios, not on a host-based solution. “[End-to-end connectivity] can happen in v6 but not while we still have v4 around.” Lorenzo thinks NAT-PT’s presence will lower the value of IPv4 on hosts, and operators and users will opt for IPv6 hosts, with NAT-PT fronting the v4 applications. As soon as the content is v6, the NAT-PT function will be removed, and it’s pure v6 from there.

First Impressions Are Everything

Stuart Cheshire, Wizard without Portfolio at Apple Apple chose IPv6 link local addressing for the AirPort Express wireless base station because of the auto configuration features that require the user to do nothing to get LAN-based printing, streaming music, and network administration running. The solution has been more reliable and works better than IPv4 in a single-network home. The Internet, as Stuart pointed out, is a different story. Five elements interact to make an IPv6 solution work for the customer across the Internet: the operating system, application software (such as a Web browser), home network, ISP, and content (such as Web sites). Without any one piece, the solution fails. Content is the key. Without IPv6 content, ISPs have no incentive to carry IPv6. As Stuart said, if a customer cannot get IPv6 from the ISP, then there’s no reason for content accessible via IPv6. If the browser is not IPv6 enabled, then the customer will not be able to access IPv6 content and therefore will not purchase IPv6 connectivity. If the OS is not v6 ready, then apps can’t be either. Incentives must exist for all of the players. Apple’s incentive was the so-called coolness factor of IPv6, so now Apple’s OS, Apple’s browser, and most of Apple’s networking apps support it. “Now we must find compelling incentives for the other three pieces to support v6,” encouraged Stuart. “Or, at the very least, make sure there are no disincentives.” To drive home the point, Stuart described an application-level issue that Apple faced with regard to its Safari Web browser and certain performance delays associated with dual-stack clients. When a dual-stack-capable Web browser connects to the Internet, it first conducts an AAAA record lookup, then it does an A (Address) record lookup and tries an IPv6 connection. If that fails, it tries an IPv4 connection. Everything works as long as this series of events occurs quickly, including any failures. Unfortunately, lack of AAAA responses and IPv6 connection failures are common. Apple faced an issue regarding a big-name Web site. Customers complained that the site was really slow. Upon investigation, Apple discovered that the site’s DNS servers did not send valid responses to AAAA queries. Either such sites do not respond to an AAAA query, or they send back a mangled, malformed response. The connection sequence blocks are waiting for an answer that isn’t coming. The user perceives this as application slowness, which started occurring when the user’s computer first got an IPv6 address. The root issue is the getaddrinfo() API, which blocks waiting for an IPv6 address query that may never be answered. Because the problems first appeared when the ISP started offering IPv6 service, the issue landed in the ISPs’ laps. This is bad for the industry because both the customer and the ISP get a bad impression about IPv6. These thorny disincentives must be removed if we are to hasten deployment. Apple’s implementation now disassociates the IPv4 and IPv6 tracks. The tracks perform the AAAA and A queries in parallel, and they try the IPv4 and IPv6 http connections in parallel, taking the first response and resetting the second. Failures or hangs at either step, on either track, no longer hang the user experience. The getaddrinfo() API was the problem because it exposes addresses to the application when it shouldn’t. Applications don’t need to know about Ethernet addresses, and they don’t need to map IP addresses to Ethernet addresses; the kernel ought to do that for them with ARP. Likewise, an app should not be involved in mapping DNS names to addresses. The app should just tell the system, “Here are a name and an application/service. Please connect me to it.” Apple uses a connect-by-name API so that applications don’t even have to know or care whether the underlying connection is IPv4 or IPv6. Both Java and Windows have similar APIs. The moral, according to Stuart, is that as we move toward IPv6, when you build an app, avoid getaddrinfo() and such APIs. Instead, use concurrency and asynchrony. Yes, these new mechanisms will send extra packets and initially open more connections than will actually be used. The first one that succeeds will proceed, while the others will be reset. This is the right design decision for IPv6. “We are trading off a few extra packets and connections to vastly improve the user experience,” said Stuart. “And that’s the point: let’s make sure to remove the barriers to transition that might otherwise make people regret their first tentative steps into IPv6 deployment and use.”

IPv6 Panel Takes Questions from the Floor

What are the biggest operational issues percolating up from the network administration staff? Alain Durand: IPv6 addresses are difficult to type. I often ask people to write down an IPv6 address and read it back over the phone. Of all the attempts, only one person has succeeded in repeating the address correctly. So we must avoid IPv6 addresses as much as possible, and we must be more ardent DNS users. Shin Miyakawa: It’s not technical, but the lack of education of the customer-facing support staff. We don’t want the front-line staff answering support calls by saying, “What is IPv6? I don’t know anything about it.” Getting IPv6 into all the training manuals and achieving a basic level of familiarity across all levels of staff are the hardest things NTT has faced. Lorenzo Colitti: Failure to follow familiar IPv4 design principles. There is muscle memory there, and so people just naturally try to do an operation the v4 way, but then something breaks, or it doesn’t work. They don’t know why, and they don’t know where to find the answer. Training everyone that something must be done differently in this situation is a challenge and takes time. Putting safeguards in place, like deployment templates, helps keep people from such mistakes. Are you able to get the equipment you need? What are the equipment gaps? Alain: The back-office applications are the most difficult. Mark Kosters: The RIRs are putting our money where our mouths are by making our services available on IPv6. Some of the middle boxes such as load balancers are not really ready yet with their IPv6 support. Also, their technical support and best practices are not mature, so we do not get as much consultative assistance as we would expect. Are you driving IPv6 to your customers, or are your customers driving you to IPv6? Shin: We are pushing customers to use IPv6. We need IPv6 because we have a lack of resources from which to offer customers advanced services. Alain: Many customers want to access their e-mail, browse the Web, and download a video from YouTube. I don’t think they care whether this gets accomplished over IPv4, IPv6, or avian carrier [RFC 1149]. What matters is that we can keep the services of the Internet growing regardless of whether we have IPv4 or are out of v4 and need IPv6. Mark: The research is pretty conclusive that people see that IPv4 works now, and so they feel no need for IPv6. They see IPv6 as a capital cost for them. The question arises: Where does the money come from that will help us solve a problem that we don’t have right now? Gregory Lebovitz: It appears unanimous that we are driving IPv6, not the customers, because we need to produce new services that customers do want, and we do not have enough IPv4 addresses going forward to accomplish the task. We need IPv6 as an enabler. If customers are not begging us for IPv6, then the stakes are very high for us to make its presence very transparent to users-or risk its rejection. It has to be invisible and usable by the “grandmother living in the countryside,” as Shin says. NATs in the middle can break things and create walled gardens. Is it possible to demand that DOCSIS put NATs at the ends? Alain: DOCSIS is layer 2, not layer 3. We are not talking about centralized carrier NAT. The question is, Where is this divide in the network? I agree that this is bad and that it could provide a single point of failure and that NATs need to get close to the customer. I suggest talking to the application developers. Is it possible to do some analysis to figure out how much it will cost an end user to have a public IPv4 address? Could this be an incentive for using IPv6? Shin: NTT is currently that kind of research. Mark: There is a new policy proposal that is related to IPv4 address transfers. One aspect of transfer is market-based transfer, which currently is not allowed by RIR policy. ARIN asked a lawyer to look into this, and the answer is that an open market would be best. What is the state of readiness of IPv6 DHCP [Dynamic Host Configuration Protocol]? Alain: The DHCP community has worked quite a bit with vendors recently, and the results are quite promising. (Editor’s note: See articles on IPv6 DHCP back-offs in recent editions of the IETF Journal). Applications developers are waiting for the peer-to-peer readiness of IPv6. Do you see inbound connectivity to the home as compelling-enough motivation? Stuart: I agree that inbound connectivity is the only compelling reason to use IPv6. Everything else is currently also available on IPv4. So, the only reason is that it gives me unhindered peer-to-peer connectivity.

Related Links

• Introduction Email from the IAB
• IAB’s follow up email
• Audio stream archive Select “ietf72-ch3-wed-plenary.mp3″ The IPv6 panel starts at time 01:13:00 on the stream. Q&A (only 1/3 appears in the article) at 02:29:00
• Presentation archive: www.ietf.org/proceedings/08jul/plenaryw.html www.nttv6.jp/~miyakawa/IETF72 www.stuartcheshire.org/IETF72/
• One hypothetical model of an address allocation timeline
• Related drafts: draft-nishitani-cgn-00.txt draft-shirasaki-shared-adrs-00.txt draft-ietf-v6ops-cpe-simple-security-02

]]> 947 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-4/ Mon, 07 Jul 2008 15:55:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=966 Mirjam Kühne

As John described, Internet and communications technologies and their related applications have undergone considerable transformation since the early days of the Internet. In a few short decades, those changes made it possible for electronic communications to become a fact of life for many. In most of the developed regions of the world, the current generation of users is growing up with personal computers, cell phones, broadcast television, and access to digital media. On one hand, that kind of easy and affordable access means it’s possible to work from nearly any location, it’s easier to pursue an education, and it’s simpler to get everything from medical information to movie times. On the other hand, not only are we suffering from information overload, but 24-7 access to e-mail, instant messaging, and text messaging have blurred the line that separates our work and school lives from our personal lives. In fact, for many of us, it has become less about how to manage our online availability and more about how to manage our unavailability. This enormous capacity to internetwork and interoperate among devices through IP also has implications for the IETF and its work. One of those implications is the need to provide higher-speed connectivity. To that, John answered the call by an-nouncing an industry first: Comcast and Nortel are supporting a production demonstration of the industry's first 100Gbps DWDM (dense-wavelength-division-multiplexing) IP link. The link was tested at IETF 71 in Philadelphia and provided Internet connectivity for attendees for the final three days of the meeting. “The new focus is ensur-ing that everything going forward interoperates well with IP and the Internet from its very beginning,” said John.

Russ Housley gives John Schanz of of Comcast a thank you plaque for hosting IETF 71

The line meant a bit more preparation than usual, said Morgan Sack-ett, representing the Net-work Operations Centre, but he thanked the Comcast staff, the VeriLAN NOC staff, and all of the volunteers who had contributed to the success of the meeting's networking capability.

Updates and Administration

IAOC chair Kurtis Lindqvist reported that the IAOC has opened up discussions with the IAB about future RFC Editor functional components. As a result of those discussions, the IAOC has decided to start negotiations with the University of California’s Information Sciences Institute (ISI) for a continuation of its contract as the RFC Editor. The IAOC is aiming for an RFC’ed request for information followed by a request for proposal in approximately one year. Revenues consist of meeting fees (56 percent), hosting contributions (12 percent), and contributions from the Internet Society through its Organizational Members and the Public Interest Registry (32 percent). Expenses consist of meeting expenses (40 percent), secretariat services (30 percent), RFC Editor services (17 percent), and IASA operations (13 percent). An IAOC Call Tech Committee has been set up to look into reducing the costs associated with conference calls – for example, by using videoconferencing tools and VoIP technology. In addition, the IAOC now has a funding model subcommittee and a new revenue design team to look into other sources of income. The Nominations Committee (Nom-Com) report was presented by Nom-Com chair Lakshminath Dondeti, who published a detailed report in the form of an Internet-Draft prior to the meeting. This served as a good precedent for future NomCom chair. During the recent NomCom process, a conflict arose between the NomCom and the IAB when the IAB requested from the NomCom certain additional information about the candidates, and the NomCom, in an attempt to protect the privacy of the candidates, refused to provide the information. Scott Bradner was brought in as an arbiter, represent-ing the first time the NomCom arbitration process had ever been applied within the IETF. Scott described the process as it is defined in the document titled IAB and IESG Selection, Confir-mation, and Recall Process: Operation of the Nominating and Recall Commit-tees (RFC 3777). Ultimately, it was decided that the NomCom would provide redacted versions of the responses to one section of the questionnaire and that it would include testimony about anything the NomCom learned that would enhance the IAB's understanding of the responses. Scott further suggested that a new NomCom working group (WG) be formed to make recommendations about how best to clarify the role of the confirming body (in this case the IAB) as well as what data it can expect to see and what data will not be made available. He also suggested the questionnaire contain a section meant only for review by the NomCom and another one that can be used to provide additional information for the confirming body in the event that additional information is requested. This distinction, Scott suggested, should be made clear to the applicant on the form. In general, he expressed concern that the definition in RFC 3777 is too broad. Rob Austein, who served on the IAB for six years, agreed that the current standard for nominations raises more questions than it answers. “One is often handed a slate with very little information,” he said. “The IAB can either rubber-stamp it or ask for more information. At the moment the rules are very fuzzy. This has to be fixed.” Gregory Lebovitz, a new IAB member, said he appreciated that the IAB is trying to make the right decision and that all parties tried to do the right thing. “This is all healthy behaviour,” he said. “I am proud to be part of a community that is behaving like that.” While some attendees expressed dissatisfaction with the outcome of the arbiter process, it was generally agreed that to test that part of the dispute resolution process and to involve an arbiter were good decisions. There were quite a number of personnel changes again during IETF 71. Sam Hartman, who served as Security Area director for three years, and Kurtis Lindqvist, who served as chair of the IAOC for the past two years, received plaques and thank-yous from the Internet Society and the IETF in honor of their service . Pasi Eronen will take over as Security Area director, and Ole Jacobsen will join the IAOC as a new member. Jonne Soininen will be the new IAOC chair. Ed Juskevicius will act as chair for the IETF Trust. The NomCom also appointed four new IAB members, including Gonzalo Camarillo, Stuart Cheshire, Gregory Lebovitz, and Andy Malisplus Dow Street who will act as the Executive Director. IETF administrative director Ray Pelletier gave an update on the financial status of the IETF Administrative Sup-port Activity (IASA).

IAOC Q&A

A number of questions regarding the secretariat transition from NeuStar to AMS were addressed during the IAOC question-and-answer session, with some attendees raising concerns about the IETF Web site as well as security issues related to the transition of the IETF secretariat from one organization to the other. “While I’m extremely pleased by the efficiency with which AMS and the support/advisory team recovered from problems,” said John Klensin, “I'd like to be sure that (1) we do enough analysis of what happened so we are much better prepared for any future transition not just in terms of quality of software and operations but also in terms of transitional procedures and (2) we continue to work on being sure that the IETF is setting a proper example for the community by following the kinds of good practices we recommend to others.” Kurtis agreed that the transition was fairly smooth. However, security-related issues need to be discussed with the IETF administrative director, and the infrastructure needs to be in place to address unforeseen events. On a separate subject, the issue was raised about how increasingly difficult it has become to enter the United States, especially for those participants who are required to have a visa. One participant expressed concern that visa problems might also affect one's eligibility for positions such as membership on the NomCom (NomCom members are required to attend at least three out of the previous five meetings) and raised the possibility that the rules be changed to reflect a distinction between becoming eligible and staying eligible. It was also suggested that meetings be held in locations outside the United States, such as Canada. Unfortunately, visa issues are common even outside the United States, and there will always be people who will not be able to attend an IETF meeting. To accommodate them, IETF meetings need to be held in a diversity of places. Another solution to this problem would be to make it easier to participate remotely.

The cheesesteak capital offers a warm welcome to visitors

Jonne Soininen said the IAOC is aware of the problem but explained that the IETF meeting is often restricted by what the host has to offer. It would be good to have a better idea of how many people are affected by visa problems. Everybody who has visa problems is encouraged to inform Ray Pelletier, who is collecting this data. During the IESG open mic session, concern was raised that when evaluating individual submissions, the IESG uses a different set of criteria from the set it uses when it reviews documents that come out of a WG, but that those criteria are not explicitly defined. There seem to be certain assumptions: that WG documents undergo a more formal review process by the WG before being submitted to the IESG and that individual submissions must therefore be evaluated more strictly by the IESG. Ted Hardie raised another issue related to IESG activities by noting that there had been a recent series of decisions in which the IESG appeared to be enforcing its technical agenda or preferences without fostering community consensus. While he said he understood the history of those decisions, his concern was that this practice could become a pattern. He added that he was afraid “this will frustrate people and move activity out of the IETF.” Sam Hartman, who was an IESG member until IETF 71, agreed it is important for the IESG to ask the community, “Are you sure about this? Is this consensus? and Did you talk to other parts of the community?” After that, the area director must be convinced that there is, indeed, informed consensus. Another participant agreed that the IESG serves a valuable function in making sure that new protocols don't break the Internet but said that at times the process appears arbitrary. “We fixed the problem that the process was too long, but now we have the problem that people feel it is too risky to bring work to the IETF because things sometimes get held up for unclear reasons,”? said Randy Gellens. It was also suggested that a document be drafted for authors, describing good practices on how to read an IESG review and how to reply. Direct dialogue often helps as well.

IAB/Technical Plenary

After Aaron Falk gave an update of the work of the Internet Research Task Force (see page 21), Olaf Kolkman gave a summary of recent IAB activities. There are a number of IAB documents in process. Principals of Internet Host Configuration and What Makes for a Successful Protocol are almost finished. The IAB has also reviewed DNS Choices and is intending to publish it. It is now soliciting such feedback from the community. RFC 4845 describes a method for soliciting feedback from the community. It is not a Last Call, but all community input is taken seriously.

Scott Bradner speaking about the NomCom process at IETF 71

A large part of the IAB's work goes into administrative issues and interorganizational relations. The IAB responded to a request for information by the U.S. Department of Commerce regarding the possibility of private-sector handoff. It restated its relation to and interest in the IETF protocol parameters, as maintained by the Internet Assigned Numbers Authority. During the private- sector handoff, the role of the IETF must be recognized. The IAB also provided feedback to a request for public com-ments on the stability of the DNS while adding new generic Top Level Domains (gTLDSs). The IAB provided reference to RFC 2620 and suggested review by ICANN on a per gTLD basis. The IAB also continued to work with the ITU-T on transport multiprotocol label switching (T-MPLS). After IETF 70, an ad hoc group was established to work with ITU-T Study Group 13, and a lot of work has been done since to en-sure beneficial outcomes for both organizations. The coordination was a success, and the ad hoc group has concluded. A joint project team has been established consisting of roughly 20 specialists and an ITU-T and MPLS interoperability design team sponsored by the routing area. It was set up to assist the ITU in choosing between two op-tions: to move T-MPLS into the IETF (taking into account mutual requirements) or to establish a clean separation of name, EtherType, and other code points. Find more details on page 16. Fred Baker thanked the outgoing IAB members Leslie Daigle, Eric Rescorla, Elwyn Davies and Kevin Fall and gave each of them a plaque.

Technical Presentation on IPTV

Members of the IAOC

By way of introduction, Barry Leiba mentioned a newspaper article that described a partnership between TiVo, a producer of digital video recorders, and YouTube. One aspect of the two presentations is that this technology is using a protocol stack that was developed in the IETF to provide video over a private network. Barry introduced Marshall Eubanks from AmericaFree.TV as well as Keith Ross, professor of computer science at Polytechnic University in Brooklyn, New York. In the discussion following the presentations, people have asked why most developments in this area happen in Asia (China in particular) and Europe. One explanation is that there are many more local TV stations and channels in China. The channels are not centralized, which encourages people to distribute more data. Furthermore, the govern-Members of the IAOCPhoto by Peter Löthbergment operates TV stations, and peer-to-peer (P2P) systems are not illegal. Another topic that interested people was the tit-for-tat algorithm Keith described in his presentation. Originally developed in gaming theory, this algorithm is now used also for P2P systems like BitTorrent. The tit-for-tat algorithm works between two trading parties – for instance, when two parties want the same video and one has pieces the other wants and vice versa. So far, this is the only successfully implemented algorithm. There is some research about incentives in P2P systems, and the incentive “I trade with you only if you trade with me” seems to be the one that is working best. “There is no trust required because it is immediate,” said Keith.

IAB Open Mic Session

A large part of the IAB open mic session was devoted to the IPv4 outage experiment. Most participants were pleased with the experiment and suggested similar exercises at future IETF meetings. Someone suggested it would have been useful to conduct such an experiment six or eight years ago, and in fact it was then being signalled as an important topic by the IAB; however, it was difficult to get attention at that time. Now there is enough critical mass. In addition, the technology has moved on since then. “We could have talked about it in the past only hypothetically; now we can get our hands dirty,”? said Leslie Daigle. Lixia Zhang agreed that there are many differences between then and now. Then the limitations of network address translation were not as obvious; there were not as many P2P applications; and, perhaps more important, there was not as much pressure because the IPv4 address space was not as scarce as it is now.

In response to concerns expressed at previous meetings about the lack of food during IETF meeting breaks, Fred Baker hands Eric Rescola an especially large cookie from IETF 71

Most of the open issues now are deployment issues and not related to the protocol as such or to the network architecture. Another topic raised was a perceived lack of operational experience in the IAB and the IETF as a whole. This has been a concern for quite a while now, and the IAB continues to actively reach out to the operational community. There will be a survey to find out more about operational requirements. On the other hand, it seems to be the case that operators are well aware of what is going on at the IETF, and they comment when they feel the need. Dave Oran urged the IAB to look at the problem that peer-to-peer applications will always find new bandwidth and that “they will suck it up as soon as they find it.”? The payback for new bandwidth is much less clear today. Dave proposed the IAB should look at that from both operational and architectural points of view. “Otherwise, it could happen that providers block applications versus users' trying to work around that,” he said.]]> 966 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/idna-revisited/ Mon, 07 Jul 2008 15:56:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=968 IDN Controversies Adopted in 2003, Internationalized Domain Names in Applications, RFC 3490, and associated documents, com-monly known as IDNA2003, was the first attempt at creating a truly multilingual Domain Name System (DNS) by making it possible to read and write domain names with characters that fall outside the ASCII repertoire. The protocol was based on the then-current version of Unicode, and it was designed to achieve maximum backward compatibility with the existing DNS. While the IDNA2003 initiative was by and large successful, a newer version of Unicode (version 3.2) has since been released, and a number of concerns about the protocol's potential limitations and defects have been raised. Some of those concerns may have been the results of unrealistic expectations: domain names, for example, don't generally map well into languages, and Unicode presents its own set of constraints. One problem that is fundamentally unsolvable in the general case is that there are characters in several scripts that simply look too much like other characters. That inevitably leads to confusion. Some of that confusion exists even among basic Latin characters. For example, unless fonts are chosen carefully, the zero and the letter O or the number 1 and the letter I may look too much alike for any user to easily recognize and discern. In response to growing concerns about the ability of IDNA2003 to lead to a truly international DNS, the Internet Architecture Board issued RFC 4690 in September 2006. That document attempted to summarize the general problems and issues that were being discussed. It was also intended to present a framework for future development work, including the need to migrate to newer versions of Unicode. As IDN expert and IDNA WG participant John Klensin frequently points out, there are numerous issues connected to IDNs – in addition to the one mentioned earlier – that may not be capable of being resolved. Many of those may be more about the culture and traditions of language and writing systems than the results of technical limitations. As John warns, “We shouldn't expect to write literature in domain names.” Regardless of the validity of the com-plaints, dealing with newer versions of Unicode was generally recognized as an imperative, along with a handful of oth-er issues that could contribute to more expanded applicability of IDN. Around the time that RFC 4690 was published, a design team began working on a set of proposed revisions to the protocol. The revision was strongly influenced by discussions being conducted on an open mailing list including thousands of messages containing recommendations for revisions and adjustments. To date, the IDNAbis WG is reviewing the design team’s documents and deciding whether to pursue the recommendations offered by the team or to choose another path.

Key Issues

What are some of the key issues with regard to IDNA? At the IDNA BoF session in Philadelphia, John presented three. The first has to do with important characters and scripts that were excluded from the original IDN standard largely because they did not appear in Unicode 3.2. The proposed new model generalizes from the original LDH (letter-digit-hyphen) rule that was established in the first version of the DNS. That rule allows only letters, digits, and embedded hyphens but no punctuation or symbols. So far, the WG remains committed to retaining that rule, even though speakers of a particular language may regard the entire orthography of that language to be critical if effective communications are to be achieved. The DNS, as John points out, is about mnemonics, “not about writing novels,”? which means that some compromises should be expected. As part of the first issue, while the IDNA2003 working group made an ef-fort to include as many Unicode characters as possible, doing so may have resulted in a handful of problems. Those problems are real to users of a language, even if the language has only a small number of speakers. Again, compromises are necessary. As John said, it may be equally important to “avoid the trap of thinking everything can fit into the DNS.”? In particular, the IETF “does not have a consensus mechanism for solving orthographic or linguistic disputes,”? he said. The second set of issues involves scripts or individual characters that may have been inadvertently mishandled in IDNA2003. One example is the final form Sigma in Greek, which is not only a distinct character; it is also one that has significance for those who read and write in Greek. Unfortunately, the final form Sigma is not represented in IDNA2003. There are those who argue passionately that the omission should be corrected. To that John suggests that while the IETF does not have a way to resolve such disputes, “we should listen and try to encourage people to find a way to resolve the complaints.” The third set of issues involves the actual structure of IDNA2003, which is Unicode-version dependent. Unfortunately, applications can't recognize which version of Unicode is being used, and as a result, code points are being looked up that aren't defined. “It isn't easy to understand what is permitted and what isn’t, which makes extensibility and forward compatibility poor,” said John. Concern has also been expressed that IDNA2003 is confusing with regard to terminology. For example, the standard is applied to labels, not to fully qualified domain names (FQDNs). Questions also remain concerning right-to-left (bidi) scripts and label separators. “There is a difference between mapping label separators and other parts of the FQDN,” said John. “Label separator mappings, if any, may need to be understood by even non-IDNA applications.” Compatibility between the two versions is a matter of perspective, says John, because what goes on the wire doesn't change that much between IDNA2003 and the new IDNA2008, but what is permitted to go into the IDNA system does change. New terms – such as U-labels, A-labels, and LDH labels – get introduced to reduce confusion in other areas. BoF chair Harald Alvestrand agreed that separators are key issues for IDNA, but he also said that in a more general sense, the problems are related to protocol issues. The most important differences, said John, lie in trying to define rules and mechanisms to which one can conform rather than an algorithm one can implement. “In some ways, the new approach is simpler, because as compared to IDNA2003, the mappings are gone and conversion to and from the punycoded version is symmetric and information preserving,” he said.

Proposed Changes to IDNA In April 2008, the Network working group released an Internet Draft with proposed high-level changes from IDNA2003 to IDNA200x based on the IDNA design team documents. Those changes include:

1. Update base character set from Unicode 3.2 to Unicode version-agnostic
2. Separate the definitions for the “registration” and “lookup” activities
3. Disallow symbol and punctuation characters except where special exceptions are necessary
4. Remove the mapping and normalization steps from the protocol and have them instead done by the applications themselves, possibly in a local fashion, before invoking the protocol
5. Change the way that the protocol specifies which characters are allowed in labels from “humans decide what the table of code points contains” to “decision about code points are based on Unicode properties plus a small exclusion list created by humans
6. Introduce the new concept of characters that can be used only in specific contexts.
7. Allowing typical words and names in languages such as Dhivehi and Yiddish to be expressed
8. Make bidirectional domain names (delimited strings of labels, not just labels standing on their own) display in a nonsurprising fashion
9. Make bidirectional domain names in a paragraph display in a nonsurprising fashion
10. Remove the dot separator from the mandatory part of the protocol

Changes Proposed by Individuals in the Working Group In addition to the changes above, individuals in the working group have proposed high-level changes. These include:

• Add conversion between traditional and simplified Chinese characters
• Add guidelines or requirements for registration of character variants, along the lines of RFC 3743

This work is being discussed on the mailing list at idna-update@alvestrand.no. Also see draft-hoffman-idna200x-topics-03.

The issue of mappings appears to be critical in a number of respects. As explained in draft-ietf-idnabis-rationale-00.txt, which was posted in May 2008, issues in domain name identification and processing arise because IDNA2003 specified that several characters be treated as equivalent to the ASCII period (dot, full stop) character used as a label separator. As the draft states, “If a domain name appears in an arbitrary context (such as running text), one may be faced with the requirement to know that a string is a domain name in order to adjust for the different forms of dots but also to have traditional dots to recognize that a string is a domain name – an obvious contradiction.”? The IDNA2008 model removes all of these mappings and interpretations – including the equivalence of different forms of dots – from the protocol, leaving such mappings to local processing. “This should not be taken to imply that local processing is optional or can be avoided entirely. Instead, unless the programme context is such that it is known that any IDNs that appear will be either U-labels or A-labels (representation in Unicode or encoded in ASCII using punicode encoding), some local processing of apparent domain name strings will be required both to maintain compatibility with IDNA2003 and to prevent user astonishment.”?

Bidi

One of the great challenges of IDNs is the ability to represent domain names in languages that are written from right to left (RTL), such as Arabic and Hebrew , and that have those names behave consistently and make sense in context. In IDNA2003, the rule is that the label can be RTL only if the first and last characters of each one are RTL. The problem, according to Harald, arises when confronted with nonspacing (or combining) marks. Some languages, including Yiddish and Dhivehi (the official language of the Maldives), have words that end with a combining mark that has no direction. Under IDNA2003 it is not possible to use such words, and because of that, it is not possible to use those languages. In response, Harald and Cary Karp proposed a new set of rules (in draft-ietf-idnabis-bidi-00.txt), which permits nonspacing marks at the end of a label and makes other changes. It was discovered, however, that some ASCII labels that appear next to some RTL labels could break.

Recommendations

Drawing on RFC 4690 and the WG drafts, John suggested several goals be met in the next version of IDNA, which was referred to as IDNA200x prior to the IETF 71 in Philadelphia and IDNA2008 since then. Those goals include a version of IDNA that is:

• Unicode-version agnostic
• Easier to understand
• More predictable with regard to what happens when languages and scripts are applied
• More adaptable to local conditions (realistic interoperability)

Those who are following IDN-and especially those who are working with it-are encouraged to understand that domain name internationalization is not just about the IDNA protocol and character rules. There are, in fact, many areas of responsibility that are required so as to make the system work well, including the standard protocol, the cooperation of registries and zone administrators at all levels of the DNS (as well as the need for registry restrictions), the need to educate registrants in order to minimize confusion, and the need to engage look-up implementers (and the developers of related applications). “The common sense that users need to possess to make IDNA a functional reality may require some education in order to develop,”? said John. “You can't solve confusion, but you can provide better tools.”?

Summary

The work of the current IDN WG, called the IDNABIS WG, is to ensure the practical stability of the validity of algorithms for IDNs. It is currently or-ganized as four Standards Track documents. The charter of the WG is meant to untie IDNA from specific versions of Unicode using algorithms that define validity based on Unicode properties. Other goals include separating requirements for valid IDNs at time of regis-tration versus at resolution time, revising bidirectional algorithms to produce a deterministic answer as to whether or not a label is allowed, determining whether bidirectional algorithms should allow additional mnemonics labels, and permitting effective use of some scripts that were inadvertently excluded by the original protocols. The IDNABIS WG remains commit-ted to preserving and using the current Domain Name System and no substantially new protocols or mechanisms are expected.]]> 968 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellow-vincent-ngundi-at-home-at-the-ietf/ Mon, 07 Jul 2008 15:57:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=970 An engineer from Kenya speaks with the IETF Journal about becoming an Internaut and making his way to the IETF. “Long live this noble initiative,” declares Vincent Ngundi when speaking about the ISOC Fellowship to the IETF programme. The native Kenyan travelled the long road from Nairobi to Philadelphia in March for IETF 71, and unlike many other fellows, the transition from one culture to another was not too much of a shock for him.

ISOC Fellow Vincent Ngundi in Johannesburg at the AfTLD AGM

Although my face-to-face meeting with Vincent was brief, his comfort level was obvious; in fact, he was hardly the picture of the awestruck, small-town Internaut trying to fit in with the big guys. “To my utter surprise, I was totally comfortable,” he said. Vincent’s easygoing manner most likely explains his comfort level, and it should prove an asset to his professional life. As administrative manager of the Kenya Network Information Centre (KENIC), Vincent coordinates and manages the day-to-day operations of the public/private partnership (its board membership is drawn from the public sector, the private sector, and civil soci-ety). But it wasn’t always smooth sailing. Vincent confesses that the transition from a position that was purely technical to one that is administrative was not easy. “At first, the challenge had to do with balancing the technical aspect of the job with the business side, but I’ve learned a lot on the job, and all is OK now,” he said. Vincent’s interest in technology began early, back when he was in primary school. Born in Nairobi in 1978, Vincent has lived in Kenya all of his life. His father is a retired army colonel; his mother is a former flight attendant with East African Airways. “At first I wanted to be an astronaut,” he said. “Being very good in sciences, I thought a career in engineering would be the way to go.” He entered the University of Nairobi’s architecture programme but quickly realized that architecture wasn’t what he wanted to do. After consulting with friends and colleagues, he settled on computer science, even in the face of numerous social and economic challenges in the country, including lack of awareness of the Internet, illiteracy, the cost of access, and poor electricity distribution. “I have never regretted my decision,” he said. Today, Vincent holds a bachelor of science degree from the university and is currently enrolled in a master of science programme in computer science there as well. He joined KENIC as an intern, immediately following graduation in August 2004. “I was an intern for eight months and later was employed as systems engineer in April 2005,” he said. Moving quickly through the ranks, Vincent was promoted to technical manager of KENIC in April 2007. In September 2008, he was named administrative manager. “The Internet has always amazed me, and after joining KENIC, I took to learning as much as I could about Internet technologies,” he said. Since joining KENIC, Vincent has been able to gain a wealth of information and knowledge about the Internet, both through his own initiative and with the help of colleagues, workshops, seminars, and meetings like the IETF. Vincent became interested in the IETF during his search to understand how the Internet works. “I always thought there was some big organization out there that managed the Internet and its technologies,” he said. “Further research brought me to the IETF, a humble entity based more or less on the model for developing open-source software.” Vincent learned about the fellowship programme from the ISOC mailing list and from IETF Journal editor Mirjam Kühne. “I have been a member of the ISOC mailing list as well as other mailing lists, such as AfNOG, AfriNIC, ICANN, and others for a while now,” he said. In preparation for the Philadelphia meeting, Vincent familiarized himself with mailing list discussions that interested him and read material that was sent to him by his mentor, Shane Kerr, who is working for Afilias. “Further,” he said, “I went through the programme agenda, marking out the sessions that interested me and consulted with former fellows, including Michuki Mwangi and Alain Aina.” Clearly, Vincent’s proactive nature made it possible for him to approach his first-time experience at the IETF with confidence. He believes his comfort level may also be attributed to the “remarkable introduction by the ISOC staff” as well as the efforts of his mentor, “but the experience was way better than I expected,” he said. “The people were great. And Philadelphia is lovely.” Vincent has several suggestions for folks who are attending an IETF meeting for the first time. “Decide what working groups you want to attend and follow, then familiarize yourself with the discussions on the mailing lists. Gather from your mentor as much information as possible. Plan to be at the meetings in time for the newcomers’ tutorial and the session on writing an RFC. And remember that Mirjam and Leni will be important contacts before, during, and after the IETF meeting.”]]> 970 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-come-to-philadelphia-for-ietf-71/ Mon, 07 Jul 2008 15:58:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=972 Report from the ISOC Fellowship Programme As part of its long tradition of helping build technical capacity in less-developed countries, the Internet Society (ISOC) Fellowship to the IETF programme continues to bring technologists from developing regions to IETF meetings. In March 2008, six Fellows attended IETF 71 in Philadelphia. ISOC covers the cost of attending the meeting and pairs each Fellow with an IETF veteran, who serves as their meeting mentor. ISOC extends opportunities for organizations to become sponsors of this important programme. Sponsorship demonstrates a commitment to technical capacity building in less-developed regions and shows support for extending participation in the IETF to those in developing countries. It also creates opportunities to build contacts with technologists and potential regional leaders who are highly knowledgeable about conditions in developing countries. Those who are interested in becoming an ISOC Fellowship to the IETF sponsor should contact ISOC at fellow-sponsor@isoc.org.

ISOC Fellows and Mentors at IETF 71 in Philadelphia

The Fellows attending IETF 71 came from Bangladesh, Ethiopia, Haiti, India, Kenya, and Pakistan. They included:

• Max Larson Henry (Haiti), Faculty Member, Faculte des Sciences, Universite d'Etat d'Haiti (mentor: Stephane Bortzmeyer, AFNIC)
• Mohibul Hasib Mahmud (Bangladesh), Manager, Network Routing, BRAC BDMail Network Ltd. (bracnet) (mentor: George Michaelson, APNIC)
• Dessalegn Mequanint Yehuala (Ethiopia), Lecturer/Researcher, Computer Science Department, Addis Ababa University (mentor: Dave Meyer, Cisco)
• Vincent Ngundi (Kenya), Technical Manager, Kenya Network Information Center (KeNIC) (mentor: Shane Kerr, Afilias)
• Mudivedu Shroff Rajesh (India), Network and Systems Administrator, Indian Institute of Science (mentor: Dave Knight, Afilias)
• Asim Zaheer (Pakistan), Mentor Graphics and part-time graduate student, Lahore University of Management Sciences (LUMS) (mentor: Hesham Soliman, Elevate Technologies)

Those interested in applying for Fellowship should review the programme overview.]]> 972 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-with-itu-t-the-mpls-transport-profile-case/ Mon, 07 Jul 2008 15:59:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=974 History For a number of years, the ITU-T has been designing a label-switched protocol for transport networks, which provide the wide-area connectivity on which other services – such as IP or phone networks – run. The ITU-T chose to adapt the IETF’s MPLS to this task and introduced a protocol suite known as T-MPLS. Late in the ITU-T design and specification cycle there were a number of liaison exchanges between the ITU-T and the IETF concerning the technology. In response, the chairs of the MPLS, PWE3, BFD, and CCAMP working groups (WGs), as well as the Routing and Internet area directors, attended a number of ITU-T meetings. During the process, the IETF became increasingly concerned that incompatibility between IETF MPLS and ITU-T T-MPLS would lead to what Stewart Bryant, PWE3 co-chair, had previously described as a “train wreck on the Internet.” Those concerns led the chairs of the IESG and the IAB to take the unprecedented step of sending a liaison to the ITU-T, stating that either T-MPLS should become a fully compliant MPLS protocol, standardized under the IETF process (so-called Option 1) or it should become a completely separate protocol with a new name and a new set of code points (so-called Option 2).

“Given the complexity of today's networks, it is inevitable that we will, from time to time, see conflicts in approaches. This is natural. Quickly agreeing on a common way forward is imperative. And at we have done so is an indication of the great spirit of cooperation between IETF and ITU that has been built over many years of collaboration.”Malcolm Johnson, Director, ITU Telecommunication Standardization Bureau

Both options were discussed at an ITU-T meeting of Question 12 Study Group 15 in Stuttgart, Germany, where it was proposed that an ITU-T-IETF joint working team (JWT) be formed to evaluate the issues and make a recommendation to ITU-T management on the best way forward. The first meeting of the JWT oc-curred during the ITU-T Geneva plenary this past February. An IETF design team and an ITU-T focus group supported the JWT. As a result of the work of the JWT and the resulting agreement on how to move forward, the fears that a set of next-generation network transport specifications developed by ITU-T could cause interoperability problems have been allayed.

“Given the complexity of today's networks, it is inevitable that we will, from time to time, see conflicts in approaches. This is natural. Quickly agreeing on a common way forward is imperative. And at we have done so is an indication of the great spirit of cooperation between IETF and ITU that has been built over many years of collaboration.”

Malcolm Johnson, Director, ITU Telecommunication Standardization Bureau

The JWT Recommendation

Early in the process, members of the JWT realized it was possible to design a solution to the transport network re-quirements without changes to the MPLS architecture. To prove the feasibility of a solution to the transport network requirements that fully conformed to the IETF MPLS architecture, the JWT constructed a straw man design framework. The design framework demonstrated that it is possible to adapt the IETF MPLS architecture to satisfy the needs of the transport network with only minimal changes in the IETF MPLS architecture, thereby demonstrating the considerable flexibility of the IETF design. While the straw man can be used to provide the starting point for development of the solution, the details for the entire solution will be considered during the IETF standardization process. In addition, there will be strict adherence to the MPLS change process. Given that a viable solution to the transport network requirements has been demonstrated, the JWT reached consensus to recommend the first option: that the ITU and the IETF agree to work together and bring transport requirements into the IETF and extend IETF MPLS forwarding, OAM (operation, management, and maintenance), protection, control plane protocols, and network management to meet the requirements through the IETF Standards Process. The JWT concluded that this would be the best way to (1) fulfill the mutual goal of improving the functionality of both the transport networks and the In-ternet and (2) ensure complete interoperability and architectural soundness (see http://www.itu.int/ITUT/news-log/CategoryView,category,Study%20Group%201...). Furthermore, it was recommended that the technology should now be known as the Transport Profile for MPLS (MPLS-TP) and that future work in the IETF on this subject should focus on the definition and design of the MPLS-TP. It was also agreed that the ITU-T would focus on the integra-tion of MPLS-TP into the transport network – which would put the current T-MPLS Recommendations into alignment with MPLS-TP – and that the ITU-T would terminate work on current T-MPLS. The JWT found no reason to investigate the option of working independently on a solution, now that the teams were working diligently to find solutions that were compatible with IETF MPLS architecture.

MPLS Transport Profile Requirements

As described earlier, in the designing of a solution to the transport network requirement, it is necessary to consider five elements:

1. Forwarding
2. OAM
3. Protection
4. Control plane
5. Network management

The operators of transport networks require that label-switched paths (LSPs) and pseudowires (PWs) be configured statically via the management plane. This is to allow the equipment to be configured by using a centralized management system that connects to equipment out of band with respect to the data plane. If a control plane is used for the configuration of the LSPs/PWs, then failure and recovery of the control plane are not allowed to impact the forwarding plane, which is akin to a requirement to sup-port nonstop routing and nonstop forwarding in the IP world. Service providers are also requesting consistent OAM capabilities for multi-layered network and interworking of the different layers and technologies, such as Layer 2, pseudowire, and label-switched path. They want to be able to offer MPLS label-switched paths and pseudowires as a part of their transport service offerings and not to use them just to provide higher-level services, such as virtual private networks. In order to do that, they must be able to seamlessly manage label-switched paths and pseudowires at different nested levels. This is known as tandem connection monitoring (TCM), and it is used, for example, when a la-bel-switched path of pseudowire crosses multiple administrations. Currently, MPLS and pseudowires provide a generalized protection mechanism that operates in a mesh network topology and provides one-plus-one (data on active and standby path) or one-to-one (data only on active path) protection. Service providers building transport networks have in the past used a hybrid of fast convergence and fast reroute – particularly in specialist topologies, such as rings. To support transport networks, it may therefore be necessary to provide additional protection mechanisms. Service providers also need the OAM and the data traffic to be congruent. This is provided in pseudowires through the use of a multiplexing mechanism called the associated channel header (ACH), which allows the OAM to be multiplexed transparently over the same LSP as the pseudowire. MPLS has no equivalent general-purpose OAM multiplexing mechanism. As requirements on forthcoming solutions for the MPLS TP, the IETF inserted that no modification to the MPLS forwarding architecture should be needed and that a solution should be based on existing pseudowire and LSP constructs. In response, the JWT proposed a new method of carrying an ACH over an MPLS LSP. This small extension to the IETF MPLS architecture was the only additional mechanism that the JWT needed to postulate. It also makes it possible to have a common OAM mechanism between pseudowires and LSPs. Thus, operational complexity and overhead are dramatically reduced, and both IETF technologies are enhanced. The OAM-data congruency is particularly challenging in the case of link aggregation groups and equal-cost mul-tipath support. However, transport network designers do not normally apply these techniques. In the short term, at least, it is suggested that the LSPs and PWs used in transport network applica-tions avoid these topology constructs. In general, to avoid losing LSP head-end information, transport networks require that bidirectional point-to-point paths be congruent and that there be no LSP merging – in other words, no use of LDP multipoint-to-point signalling. Multicast services operate only as point-to-multipoint services and not as multipoint-to-multipoint services. The JWT was unable to reach consensus on whether penultimate hop popping needed to be excluded from the design. The straw man design framework as-sumes that PHP is not used, but this is the subject of ongoing investigation. When protection switching (fast re-route) is in use, the OAM function is responsible for monitoring the label-switched path or pseudowire and initi-ates path recovery actions. It was a requirement that IP forward-ing not be required to support OAM or data packets, although an out-of-band management network running IP was considered outside the scope of the fea-sibility study. The transport network has to be capable of being used with static provisioning systems or with a control plane. On one hand, when static provisioning was used there had to be no dependency on routing or signalling, such as GMPLS or IGP, RSVP, BGP, and LDP. On the other hand, the mechanisms and capabilities used must be able to interoperate with existing MPLS and pseudowire control and forwarding planes. With the addition of the MPLS Transport Profile, the spectrum of services that MPLS now supports is illus-trated in Figure 1 (page 19), which is taken from the JWT report.

The Straw Man Design Framework

The straw man design framework proposed by the JWT can be found at www.ietf.org/MPLS-TP_overview-22.pdf. In creating the straw man MPLS transport profile architecture the technical feasibility study by the JWT and IETF MPLS Interoperability Design Team introduced two new constructs: the first was the definition of a new MPLS reserved label – the MPLS-TP alert label (TAL) – and the second was the definition of a Generic Associated Channel (GE-ACH). The GE-ACH is a generalization of the ACH mechanism already defined for pseudowires to allow the mechanism and protocols that run over it to be used in both a pseudowire context and an MPLS LSP context. The GE-ACH allows OAM packets to be directed to an intermediated node on an LSP/PWE via a suitable combination of label stacking or proper TTL setting. The use of this approach allowed the OAM channel to be introduced into MPLS without any modification to the existing MPLS forwarding design (a design invariant). There already exists an OAM alert reserved label (label 14), which was considered for use as the TAL, but the JWT believed that reusing this label would detract from the simplicity of the proposed design and that reclaiming it would be difficult in the short term due to existing deployments. The JWT therefore recommended the allocation of a new MPLS reserved label to the TAL. For various reasons, the designers speculated that this would be label 13 (Stewart's lucky number), and the terms TAL and label now seem to be synonymous. The Generic Associated Channel functionality supports the FCAPS functions that need to be supported by providing the encapsulation needed to carry OAM, APS, and ECC packets across the network. Thus, it is proposed that PWE3 and MPLS use the same mechanism to carry OAM traffic, but necessarily with a different method of indicating to the receiving equipment that the OAM payload is present in the packet. This mechanism (ACH) can be unified for LSPs and PWE, enabling the same functionality for both as well as ease of implementation. The GE ACH would use code points from PW ACH space but not necessarily for PW purposes. Bringing ACH functionality into LSPs begins to blur the architec-tural line between an MPLS LSP and an MPLS pseudowire. The functional differences between an MPLS LSP and an MPLS PW must, however, be retained in the architecture. There may be specific differences that are discovered in the design phase. For reasons of security and congestion, ACH functionality for LSP and pseudowires should be limited to only OAM, APS, and ECC management-channel data. To illustrate how these new mechanisms are applied, Figure 2 below shows how LSP, multisegment pseudowire, and tandem connection monitoring OAM will be added to the MPLS architecture. Further examples can be found in the full report of the JWT. As can be seen in Figure 1, there is consistency between the OAM for pseudowires and LSPs. It was shown that a great deal of IETF protocol, design, and architectural reuse can be employed to solve the transport-network requirements and that no fundamental change to the IETF MPLS architecture was considered necessary.

Figure 1

Future Organization of the Work

It is proposed that the MPLS interop design team, the JWT, and the ad hoc T-MPLS groups continue to operate as described in the ITU-T document that created them (SG 15 TD515/PLEN). As stated in the document, they are expected (1) to facilitate the rapid exchange of information between the IETF and ITU-T; (2) to ensure that the work is progressing, with a consistent set of priorities to identify gaps/inconsistencies in the solutions under development; (3) to propose solutions for consideration by the appropriate WG/Question; and (4) to provide guidance when work on a topic is stalled or technical decision must be mediated. It should be noted that none of the groups have the authority to create or modify IETF RFCs or ITU-T Recommendations. Any such work must be handled through the normal processes and channels of the respective standards bodies. For the new cooperative venture to work, direct participation in the work by experts from the IETF and ITU-T is required. For example, an IETF MPLS Interoperability Design Team needs to be chartered so as to produce an MPLS-TP architectural documentation hierarchy. However, all documents would then progress in the appropriate IETF WGs according to the usual procedures. It is assumed that ITU-T participants will be active members of the design teams and that drafts will be reviewed by the ITU-T prior to completion of WG last call. ITU-T review will be handled by correspondence, and the results of the review will be conveyed via a liaison statement. Review by cor-respondence will avoid delaying WG last call to align with an ITU-T SG/ experts meeting. Early allocation of RFC numbers and IANA code points once a document has completed IESG review are also expected to expedite the joint standards work. The normative definition of the MPLS-TP that supports the ITU-T transport network requirements will be captured in IETF RFCs. The ITU-T will develop Recommendations for allowing MPLS-TP to be integrated with current transport equipment and networks. It will, with the agreement of the IETF, define any ITU-T specific functionality within the MPLS-TP ar-chitecture, using the (G)MPLS change process (RFC 4929), and will revise ex-isting Recommendations to align with MPLS-TP. The normative definition of the MPLS-TP that supports the ITU-T transport network requirements will be captured in IETF RFCs. The ITU-T will:

• Develop recommendations that allow MPLS-TP to be integrated with current transport equipment and networks
• Specify any ITU-T-specific functionality within the MPLS-TP architecture – via the MPLS change process (RFC 4929)
• Revise existing Recommendations to align with MPLS-TP via the MPLS change process

ITU-T MPLS-TP Recommendations will rely on normative references to RFCs. Final text for consent will be provided to the IETF for review, and initiation of the AAP process should be timed so that members can base their AAP comments on an appropriate IETF WG consensus review of the consented text. Early communication among liai-sons and the JWT should make it possible to avoid major comments on the final documents; for example, the draft Recommendation for consent should be sent to the IETF for review prior to the SG meeting that plans to approve them.

Figure 2

Conclusion

The IETF and ITU have agreed that they will work together to extend IETF MPLS functionality to address the needs of the transport network. The work will move forward in the recognition that the sole design authority for MPLS resides within the IETF and that the domain of expertise for transport network infrastructure resides within ITU-T SG 15. The agreement to work together to design MPLS-TP resolves the issue of the ITU-T design’s being incompatible with widely deployed IETF MPLS technology. “We do not often encounter concerns that make ITU-T designs noninteroperable with IETF designs, so we had to improvise a structure in which to effectively embed the problem solving in our processes,” said IAB chair Olaf Kolkman. “All in all, it has been somewhat of a rough ride, but the outcome is satisfactory because of hard work and a goal-oriented approach by everybody involved.” IETF chair Russ Housley agreed, expressing optimism over the outcome. “I see this as a significant milestone in the cooperation between the ITU-T and the IETF.” It is also, of course, a major milestone in the history of MPLS and the design of transport networks. Loa Andersson has been active in several standards organizations for more than 15 years. He is now a co-chair of the MPLS WG and a member of the IAB. Stewart Bryant has been active in the IETF, ITU-T SGs 13 and 15, and IEEE 1588. He is now co-chair of the PWE3 and TICTOC WGs and is IETF liaison representative to the ITU-T for MPLS issues.]]> 974 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report-4/ Mon, 07 Jul 2008 16:01:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=976 What follows are summaries of several upates on the Internet Research Groups (RGs), some of which were reported during the Technical Plenary at IETF 71. Currently, 14 RGs are working on topics related to Internet protocols, applica-tions, architecture, and technology. Some groups have significant ties to IETF work; others, not so much. Most RGs are open, and all maintain open mailing lists. There is room for overlap in scope between RGs, and the management style within each group is diverse. Suggestions for new work for the Internet Research Task Force (IRTF) are being considered. The IAB is seeking an IRTF RG on unwanted traffic mitigations (an e-mail will be going out to the research community). There is also interest in an RG on network visualization. Finally, there is continued interest in an RG on a Quality of Service policy framework. Three IRTF drafts are in the RFC Editor's queue. Eight drafts are in the process of being published. A draft to establish an IRTF RFC stream is under development and should be published in the near future. Seven RGs met at IETF 71. Following is a summary of recent develop-ments as well as developments reported by RGs during the IETF 71 technical plenary.

Anti-Spam RG (asrg)

The ASRG could possibly be resurrected following a meeting at IETF 71 in Philadelphia. There is interest in finishing two drafts:

• Description of mechanisms used for DNS blacklists
• A best current practices on blacklist operations

The RG has set up a wiki on spam mitigation techniques that is now being populated and that may evolve into a document analysing why some of those techniques should not be used. The wiki is located at http://wiki.asrg.sp.am.

Delay-Tolerant Networking RG (dtnrg)

The DTN implementations have found broad application, including, for instance, among nomadic and arctic users, for commercial use (LEO satellites), and for Defense Advanced Research Projects Agency (DARPA) mobile networks. The RG recently published two RFCs and 16 Internet-Drafts. At IETF 71 the RG organized a BarBoF to discuss establishing a community-based reference DTN implementation.

Host Identity Protocol RG (hip)

The RFC editor has published the document “NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication” as RFC 5207. Several new drafts on extending HIP have been presented:

• The use of certificates in HIP
• A HIP-based mobile router
• Security Parameter Index-based network address translation

The RG continues the discussion on legacy NAT and HIP-aware middlebox traversal (with possible P2P-SIP applicability).

Internet Congestion Control RG (iccrg)

The ICCRG has been reviewing congestion control proposals for the Transport Area, such as Compound TCP and CUBIC. Work on the two surveys contin-ues: one addresses current congestion control RFCs, and the other looks at open congestion control research issues. The RG plans to initiate a discussion on TCP slow-start enhancements.

Mobility Optimizations RG (moboptsrg)

The MOBOPTSRG is finishing two documents: one on location privacy for mobile IPv6 and the other on handover preauthentication. Work on multicast mobility continues, including the development of a problem statement, which is nearly done. Some recommendations were made at IETF 70 in Vancouver.

Network Management RG (nmrg)

The NMRG has begun studying the behaviour of management protocols by using network traces. For this work, the RG is seeking collaborators from enterprise networks. The group is also in the process of finalizing a document specifying SNMP trace exchange formats and specifying a format for aggregation of SNMP messages. The IAB has asked the NMRG to seek feedback from the operators community – for instance, at NANOG or RIPE meetings.

Routing RG (rrg)

There has been a lot of activity within the RRG, as evidenced by the nearly 1,000 messages on the mailing list since IETF 70. The RG is now evaluating several routing architecture proposals and is working to build consensus toward a recommendation by March 2009. The goal is to create a recommendation for a specific architecture rather than create a concrete proposal.

Scalable, Adaptive Multicast RG (samrg)

The SAMRG is currently working on two drafts. First is a protocol for hybrid multicast; the second involves applying P2P-SIP overlays to multicast. The RG is encouraging prototyping. There is a tentative plan to have an interim meet-ing at MILCOM 2008. The meeting would then be coordinated with a special session on P2P overlays. For more information about the Internet Research Task Force, visit http://www.irtf.org.]]> 976 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-3/ Sun, 27 Jul 2008 15:23:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1446 IETF 72 27 July – 1 August 2008 Host: Alcatel-Lucent Location: Dublin, Ireland IETF 73 16 – 21 November 2008 Host: Google Location: Minneapolis, MN, USA IETF 74 22 – 27 March 2009 Host: TBD Location: San Francisco, CA, USA IETF 75 26 – 31 July 2009 Host: .SE Location: Stockholm, Sweden]]> 1446 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-5/ Sun, 27 Jul 2008 15:24:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1448 Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file.

Date: 2008-03-05 – Approved by the IESG as Informational RFC Title: NFS RDMA Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfs-rdma-problem-statement-08.txt Date: 2008-03-05 – Last Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Dat / Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data Title: ast Call: draft-ietf-nfsv4-nfsdirect (NFS Direct Data URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfsdirect-07.txt Date: 2008-03-05 – Last Call: draft-ietf-nfsv4-rpcrdma (Remote Direct Memory Acces / Call: draft-ietf-nfsv4-rpcrdma (Remote Direct Memory Access Title: ast Call: draft-ietf-nfsv4-rpcrdma (Remote Direct Memory Access URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-rpcrdma-07.txt Date: 2008-03-05 – Last Call: draft-ietf-eai-dsn (Internationalized Deliver / Call: draft-ietf-eai-dsn (Internationalized Delivery Title: ast Call: draft-ietf-eai-dsn (Internationalized Delivery URL: http://www.ietf.org/internet-drafts/draft-ietf-eai-dsn-06.txt Date: 2008-03-06 – Approved by the IESG as ent Action: ‘Diameter Policy Processing Title: Diameter URL: http://www.ietf.org/internet-drafts/draft-brenner-dime-peem-01.txt Date: 2008-03-10 – Last Call: draft-ietf-eai-smtpext (SMTP extension fo / Call: draft-ietf-eai-smtpext (SMTP extension for Title: ast Call: draft-ietf-eai-smtpext (SMTP extension for URL: http://www.ietf.org/internet-drafts/draft-ietf-eai-smtpext-11.txt Date: 2008-03-10 – Approved by the IESG as ent Action: ‘Media Server Control Protocol Title: Media Server URL: http://www.ietf.org/internet-drafts/draft-ietf-mediactrl-requirements-04.txt Date: 2008-03-10 – Approved by the IESG as Informational RFC Title: XML Schema for Media Control URL: http://www.ietf.org/internet-drafts/draft-levin-mmusic-xml-media-control-13.txt Date: 2008-03-11 – Approved by the IESG as ent Action: ‘Handover Key Management and Title: Handover K URL: http://www.ietf.org/internet-drafts/draft-ietf-hokey-reauth-ps-09.txt Date: 2008-03-11 – Approved by the IESG as col Action: ‘GSS-API Internationalization and Title: GSS-API Interna URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-domain-based-names-06.txt Date: 2008-03-12 – Last Call: draft-hansen-4468upd-mailesc-registry (A Registr / Call: draft-hansen-4468upd-mailesc-registry (A Registry Title: ast Call: draft-hansen-4468upd-mailesc-registry (A Registry URL: http://www.ietf.org/internet-drafts/draft-hansen-4468upd-mailesc-registry-04.txt Date: 2008-03-12 – Last Call: draft-ietf-l1vpn-basic-mode (Layer 1 VPN Basic Mode / Call: draft-ietf-l1vpn-basic-mode (Layer 1 VPN Basic Mode) Title: ast Call: draft-ietf-l1vpn-basic-mode (Layer 1 VPN Basic Mode) URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-basic-mode-04.txt Date: 2008-03-12 – Last Call: draft-ietf-l1vpn-bgp-auto-discovery (BGP-base / Call: draft-ietf-l1vpn-bgp-auto-discovery (BGP-based Title: ast Call: draft-ietf-l1vpn-bgp-auto-discovery (BGP-based URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-bgp-auto-discovery-04.txt Date: 2008-03-12 – Last Call: draft-ietf-l1vpn-ospf-auto-discovery (OSPF Base / Call: draft-ietf-l1vpn-ospf-auto-discovery (OSPF Based Title: ast Call: draft-ietf-l1vpn-ospf-auto-discovery (OSPF Based URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-ospf-auto-discovery-05.txt Date: 2008-03-12 – Last Call: draft-ietf-ospf-multi-area-adj (OSPF Multi-Are / Call: draft-ietf-ospf-multi-area-adj (OSPF Multi-Area Title: ast Call: draft-ietf-ospf-multi-area-adj (OSPF Multi-Area URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-multi-area-adj-07.txt Date: 2008-03-12 – Last Call: draft-ietf-ospf-ospfv3-graceful-restart (OSPFv / Call: draft-ietf-ospf-ospfv3-graceful-restart (OSPFv3 Title: ast Call: draft-ietf-ospf-ospfv3-graceful-restart (OSPFv3 URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-graceful-restart-07.txt Date: 2008-03-12 – Last Call: draft-ietf-ospf-ospfv3-update (OSPF for IPv6) t / Call: draft-ietf-ospf-ospfv3-update (OSPF for IPv6) to Title: ast Call: draft-ietf-ospf-ospfv3-update (OSPF for IPv6) to URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-update-18.txt Date: 2008-03-12 – Last Call: draft-ietf-pim-join-attributes (Format for using TLV / Call: draft-ietf-pim-join-attributes (Format for using TLVs Title: ast Call: draft-ietf-pim-join-attributes (Format for using TLVs URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-join-attributes-03.txt Date: 2008-03-12 – Last Call: draft-ietf-pim-lasthop-threats (Host Threats t / Call: draft-ietf-pim-lasthop-threats (Host Threats to Title: ast Call: draft-ietf-pim-lasthop-threats (Host Threats to URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-lasthop-threats-03.txt Date: 2008-03-12 – Approved by the IESG as col Action: ‘Certificate Management Messages over Title: Certificate Managem URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-2797-bis-07.txt Date: 2008-03-12 – Last Call: draft-ietf-ospf-rfc2370bis (The OSPF Opaque LS / Call: draft-ietf-ospf-rfc2370bis (The OSPF Opaque LSA Title: ast Call: draft-ietf-ospf-rfc2370bis (The OSPF Opaque LSA URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-rfc2370bis-02.txt Date: 2008-03-12 – Last Call: draft-ietf-pim-bsr-mib (PIM Bootstrap Router MIB) t / Call: draft-ietf-pim-bsr-mib (PIM Bootstrap Router MIB) to Title: ast Call: draft-ietf-pim-bsr-mib (PIM Bootstrap Router MIB) to URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-bsr-mib-04.txt Date: 2008-03-14 – Last Call: draft-freed-sieve-environment (Sieve Email Filtering / Call: draft-freed-sieve-environment (Sieve Email Filtering: Title: ast Call: draft-freed-sieve-environment (Sieve Email Filtering: URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-environment-04.txt Date: 2008-03-17 – Last Call: draft-ietf-sieve-notify-mailto (Sieve Notificatio / Call: draft-ietf-sieve-notify-mailto (Sieve Notification Title: ast Call: draft-ietf-sieve-notify-mailto (Sieve Notification URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-notify-mailto-06.txt Date: 2008-03-17 – Last Call: draft-ietf-mip4-vpn-problem-solution (Mobile IPv / Call: draft-ietf-mip4-vpn-problem-solution (Mobile IPv4 Title: ast Call: draft-ietf-mip4-vpn-problem-solution (Mobile IPv4 URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-vpn-problem-solution-05.txt Date: 2008-03-17 – Approved by the IESG as col Action: ‘Internet Message Access Protocol Title: Internet Messag URL: http://www.ietf.org/internet-drafts/draft-ietf-imapext-i18n-15.txt Date: 2008-03-17 – Approved by the IESG as col Action: ‘Network Mobility (NEMO) Extensions Title: Network Mobility URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-nemo-v4-base-11.txt Date: 2008-03-19 – Last Call: draft-wu-sava-testbed-experience (SAVA Testbed an / Call: draft-wu-sava-testbed-experience (SAVA Testbed and Title: ast Call: draft-wu-sava-testbed-experience (SAVA Testbed and URL: http://www.ietf.org/internet-drafts/draft-wu-sava-testbed-experience-04.txt Date: 2008-03-19 – Approved by the IESG as ent Action: ‘Mobile IPv6 Fast Handovers over IEEE Title: Mobile IPv6 Fast Ha URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-fh80216e-07.txt Date: 2008-03-19 – Last Call: draft-funk-eap-ttls-v0 (EAP Tunneled TL / Call: draft-funk-eap-ttls-v0 (EAP Tunneled TLS Title: ast Call: draft-funk-eap-ttls-v0 (EAP Tunneled TLS URL: http://www.ietf.org/internet-drafts/draft-funk-eap-ttls-v0-04.txt Date: 2008-03-19 – Last Call: draft-ietf-ipr-outbound-rights (Advice to th / Call: draft-ietf-ipr-outbound-rights (Advice to the Title: ast Call: draft-ietf-ipr-outbound-rights (Advice to the URL: http://www.ietf.org/internet-drafts/draft-ietf-ipr-outbound-rights-06.txt Date: 2008-03-21 – Approved by the IESG as col Action: ‘Sieve Email Filtering: Body Title: Sieve Emai URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-body-09.txt Date: 2008-03-24 – Last Call: draft-ietf-ipr-3978-incoming (Rights Contributor / Call: draft-ietf-ipr-3978-incoming (Rights Contributors Title: ast Call: draft-ietf-ipr-3978-incoming (Rights Contributors URL: http://www.ietf.org/internet-drafts/draft-ietf-ipr-3978-incoming-08.txt Date: 2008-03-24 – Approved by the IESG as ent Action: ‘A Uniform Resource Name (URN) Title: A Uniform Re URL: http://www.ietf.org/internet-drafts/draft-evain-ebu-urn-03.txt Date: 2008-03-27 – Re: Informational RFC to be: draft-irtf-hiprg-nat-04.tx / nformational RFC to be: draft-irtf-hiprg-nat-04.txt Title: e: Informational RFC to be: draft-irtf-hiprg-nat-04.txt URL: http://www.ietf.org/internet-drafts/draft-irtf-hiprg-nat-04.txt Date: 2008-03-27 – Approved by the IESG as col Action: ‘The Transport Layer Security (TLS) Title: The Transport Lay URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc4346-bis-10.txt Date: 2008-03-31 – Last Call: draft-ietf-rserpool-asap (Aggregate Server Acces / Call: draft-ietf-rserpool-asap (Aggregate Server Access Title: ast Call: draft-ietf-rserpool-asap (Aggregate Server Access URL: http://www.ietf.org/internet-drafts/draft-ietf-rserpool-policies-08.txt Date: 2008-03-31 – Last Call: draft-ietf-rserpool-overview (An Overview o / Call: draft-ietf-rserpool-overview (An Overview of Title: ast Call: draft-ietf-rserpool-overview (An Overview of URL: http://www.ietf.org/internet-drafts/draft-ietf-rserpool-overview-05.txt Date: 2008-03-31 – Last Call: draft-ietf-rserpool-threats (Threats Introduced b / Call: draft-ietf-rserpool-threats (Threats Introduced by Title: ast Call: draft-ietf-rserpool-threats (Threats Introduced by URL: http://www.ietf.org/internet-drafts/draft-ietf-rserpool-threats-09.txt Date: 2008-04-01 – Last Call: draft-hautakorpi-sipping-uri-list-handling-refuse / Call: draft-hautakorpi-sipping-uri-list-handling-refused Title: ast Call: draft-hautakorpi-sipping-uri-list-handling-refused URL: http://www.ietf.org/internet-drafts/draft-hautakorpi-sipping-uri-list-handling-refused-03.txt Date: 2008-04-01 – Approved by the IESG as col Action: ‘A Telephone Number Mapping (ENUM) Title: A Telephone Numb URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-calendar-service-04.txt Date: 2008-04-01 – Approved by the IESG as col Action: ‘RObust Header Compression Version 2 Title: RObust Header Comp URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc3095bis-rohcv2-profiles-06.txt Date: 2008-04-01 – Last Call: draft-ietf-iptel-tel-reg (The Internet Assigne / Call: draft-ietf-iptel-tel-reg (The Internet Assigned Title: ast Call: draft-ietf-iptel-tel-reg (The Internet Assigned URL: http://www.ietf.org/internet-drafts/draft-ietf-iptel-tel-reg-05.txt Date: 2008-04-02 – Last Call: draft-ietf-lemonade-convert (IMAP CONVERT extension / Call: draft-ietf-lemonade-convert (IMAP CONVERT extension) Title: ast Call: draft-ietf-lemonade-convert (IMAP CONVERT extension) URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-convert-17.txt Date: 2008-04-03 – Last Call: draft-ietf-rmt-bb-norm-revised (Multicas / Call: draft-ietf-rmt-bb-norm-revised (Multicast Title: ast Call: draft-ietf-rmt-bb-norm-revised (Multicast URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-bb-norm-revised-04.txt Date: 2008-04-03 – Approved by the IESG as col Action: ‘INTERNET MESSAGE ACCESS PROTOCOL – Title: INTERNET MESSAGE URL: http://www.ietf.org/internet-drafts/draft-ietf-imapext-sort-20.txt Date: 2008-04-03 – Last Call: draft-resnick-2822upd (Internet Message Format) t / Call: draft-resnick-2822upd (Internet Message Format) to Title: ast Call: draft-resnick-2822upd (Internet Message Format) to URL: http://www.ietf.org/internet-drafts/draft-resnick-2822upd-06.txt Date: 2008-04-04 – Approved by the IESG as col Action: ‘Guidelines for Writing an IANA Title: Guidelines fo URL: http://www.ietf.org/internet-drafts/draft-narten-iana-considerations-rfc2434bis-09.txt Date: 2008-04-07 – Last Call: draft-ietf-tsvwg-rsvp-user-error-spec (User-Define / Call: draft-ietf-tsvwg-rsvp-user-error-spec (User-Defined Title: ast Call: draft-ietf-tsvwg-rsvp-user-error-spec (User-Defined URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-user-error-spec-06.txt Date: 2008-04-07 – Approved by the IESG as ent Action: ‘IPv6 Benchmarking Methodology for Title: IPv6 Benchmarkin URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-ipv6-meth-05.txt Date: 2008-04-08 – Last Call: draft-ietf-mipshop-4140bis (Hierarchical Mobile IPv / Call: draft-ietf-mipshop-4140bis (Hierarchical Mobile IPv6 Title: ast Call: draft-ietf-mipshop-4140bis (Hierarchical Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-4140bis-02.txt Date: 2008-04-08 – Re: Experimental RFC to be / xperimental RFC to be: Title: e: Experimental RFC to be: URL: http://www.ietf.org/internet-drafts/draft-irtf-mobopts-l2-abstractions-07.txt Date: 2008-04-09 – Last Call: draft-ietf-lemonade-msgevent (Internet Message Stor / Call: draft-ietf-lemonade-msgevent (Internet Message Store Title: ast Call: draft-ietf-lemonade-msgevent (Internet Message Store URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-msgevent-05.txt Date: 2008-04-11 – Last Call: draft-ietf-mpls-ldp-capabilities (LDP Capabilities / Call: draft-ietf-mpls-ldp-capabilities (LDP Capabilities) Title: ast Call: draft-ietf-mpls-ldp-capabilities (LDP Capabilities) URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-ldp-capabilities-02.txt Date: 2008-04-11 – Last Call: draft-ietf-mpls-ldp-interarea (LDP extension fo / Call: draft-ietf-mpls-ldp-interarea (LDP extension for Title: ast Call: draft-ietf-mpls-ldp-interarea (LDP extension for URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-ldp-interarea-03.txt Date: 2008-04-11 – Last Call: draft-ietf-mpls-multicast-encaps (MPLS Multicas / Call: draft-ietf-mpls-multicast-encaps (MPLS Multicast Title: ast Call: draft-ietf-mpls-multicast-encaps (MPLS Multicast URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-multicast-encaps-07.txt Date: 2008-04-11 – Last Call: draft-ietf-mpls-number-0-bw-te-lsps (A Link-Typ / Call: draft-ietf-mpls-number-0-bw-te-lsps (A Link-Type Title: ast Call: draft-ietf-mpls-number-0-bw-te-lsps (A Link-Type URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-number-0-bw-te-lsps-09.txt Date: 2008-04-11 – Last Call: draft-ietf-mpls-upstream-label (MPLS Upstream Labe / Call: draft-ietf-mpls-upstream-label (MPLS Upstream Label Title: ast Call: draft-ietf-mpls-upstream-label (MPLS Upstream Label URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-upstream-label-04.txt Date: 2008-04-11 – Last Call: draft-snell-atompub-bidi (Atom Bidirectiona / Call: draft-snell-atompub-bidi (Atom Bidirectional Title: ast Call: draft-snell-atompub-bidi (Atom Bidirectional URL: http://www.ietf.org/internet-drafts/draft-snell-atompub-bidi-06.txt Date: 2008-04-14 – Approved by the IESG as ent Action: ‘IPv6 Deployment Scenarios in 802.16 Title: IPv6 Deployment Sc URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-802-16-deployment-scenarios-07.txt Date: 2008-04-14 – Approved by the IESG as ent Action: ‘Mobile IPv6 Fast Handovers for 3G Title: Mobile IPv6 Fast URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-3gfh-07.txt Date: 2008-04-14 – Approved by the IESG as col Action: ‘Mobile IPv4 Traversal Across Title: Mobile IPv4 URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-vpn-problem-solution-05.txt Date: 2008-04-15 – Last Call: draft-monrad-sipping-3gpp-urn-namespace (A Unifor / Call: draft-monrad-sipping-3gpp-urn-namespace (A Uniform Title: ast Call: draft-monrad-sipping-3gpp-urn-namespace (A Uniform URL: http://www.ietf.org/internet-drafts/draft-monrad-sipping-3gpp-urn-namespace-01.txt Date: 2008-04-16 – Last Call: draft-ietf-pce-brpc (A Backward Recursive PCE-base / Call: draft-ietf-pce-brpc (A Backward Recursive PCE-based Title: ast Call: draft-ietf-pce-brpc (A Backward Recursive PCE-based URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-brpc-09.txt Date: 2008-04-16 – Last Call: draft-ietf-pce-pcep (Path Computation Element (PCE / Call: draft-ietf-pce-pcep (Path Computation Element (PCE) Title: ast Call: draft-ietf-pce-pcep (Path Computation Element (PCE) URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcep-12.txt Date: 2008-04-17 – Re: Experimental RFC to be / xperimental RFC to be: Title: e: Experimental RFC to be: URL: http://www.ietf.org/internet-drafts/draft-blanchet-v6ops-tunnelbroker-tsp-03.txt Date: 2008-04-17 – Approved by the IESG as col Action: ‘EAP Extensions for EAP Title: EAP E URL: http://www.ietf.org/internet-drafts/draft-ietf-hokey-erx-14.txt Date: 2008-04-23 – Last Call: draft-ietf-bfd-base (Bidirectional Forwardin / Call: draft-ietf-bfd-base (Bidirectional Forwarding Title: ast Call: draft-ietf-bfd-base (Bidirectional Forwarding URL: http://www.ietf.org/internet-drafts/draft-ietf-bfd-base-08.txt Date: 2008-04-23 – Last Call: draft-ietf-geopriv-radius-lo (Carrying Locatio / Call: draft-ietf-geopriv-radius-lo (Carrying Location Title: ast Call: draft-ietf-geopriv-radius-lo (Carrying Location URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-radius-lo-19.txt Date: 2008-04-23 – Last Call: draft-ietf-bfd-generic (Generic Application of BFD / Call: draft-ietf-bfd-generic (Generic Application of BFD) Title: ast Call: draft-ietf-bfd-generic (Generic Application of BFD) URL: http://www.ietf.org/internet-drafts/draft-ietf-bfd-generic-04.txt Date: 2008-04-23 – Last Call: draft-ietf-geopriv-http-location-delivery (HTT / Call: draft-ietf-geopriv-http-location-delivery (HTTP Title: ast Call: draft-ietf-geopriv-http-location-delivery (HTTP URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-http-location-delivery-07.txt Date: 2008-04-23 – Last Call: draft-ietf-bfd-mpls (BFD For MPLS LSPs) to Propose / Call: draft-ietf-bfd-mpls (BFD For MPLS LSPs) to Proposed Title: ast Call: draft-ietf-bfd-mpls (BFD For MPLS LSPs) to Proposed URL: http://www.ietf.org/internet-drafts/draft-ietf-bfd-mpls-05.txt Date: 2008-04-23 – Last Call: draft-ietf-avt-rtp-hdrext (A general mechanism fo / Call: draft-ietf-avt-rtp-hdrext (A general mechanism for Title: ast Call: draft-ietf-avt-rtp-hdrext (A general mechanism for URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-hdrext-15.txt Date: 2008-04-23 – Last Call: draft-ietf-bfd-v4v6-1hop (BFD for IPv4 and IPv / Call: draft-ietf-bfd-v4v6-1hop (BFD for IPv4 and IPv6 Title: ast Call: draft-ietf-bfd-v4v6-1hop (BFD for IPv4 and IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-bfd-v4v6-1hop-08.txt Date: 2008-04-23 – Last Call: draft-ietf-bfd-multihop (BFD for Multihop Paths) t / Call: draft-ietf-bfd-multihop (BFD for Multihop Paths) to Title: ast Call: draft-ietf-bfd-multihop (BFD for Multihop Paths) to URL: http://www.ietf.org/internet-drafts/draft-ietf-bfd-multihop-06.txt Date: 2008-04-25 – Last Call: draft-ietf-tsvwg-emergency-rsvp (Resource ReSerVatio / Call: draft-ietf-tsvwg-emergency-rsvp (Resource ReSerVation Title: ast Call: draft-ietf-tsvwg-emergency-rsvp (Resource ReSerVation URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-emergency-rsvp-07.txt Date: 2008-04-28 – Approved by the IESG as Proposed Standard Title: OSPF Multi-Area Adjacency URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-multi-area-adj-09.txt Date: 2008-04-28 – Approved by the IESG as Proposed Standard Title: NFS Direct Data Placement URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-nfsdirect-08.txt Date: 2008-04-28 – Approved by the IESG as ent Action: ‘PKCS #8: Private-Key Information Title: PKCS #8: Privat URL: http://www.ietf.org/internet-drafts/draft-kaliski-pkcs8-00.txt Date: 2008-04-29 – Approved by the IESG as col Action: ‘Sieve Email Filtering: Environment Title: Sieve Email Filte URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-environment-05.txt Date: 2008-04-29 – Last Call: draft-ietf-rtgwg-ipfrr-spec-base (Basi / Call: draft-ietf-rtgwg-ipfrr-spec-base (Basic Title: ast Call: draft-ietf-rtgwg-ipfrr-spec-base (Basic URL: http://www.ietf.org/internet-drafts/draft-ietf-rtgwg-ipfrr-spec-base-12.txt Date: 2008-04-29 – Last Call: draft-ietf-sipping-overload-reqs (Requirements fo / Call: draft-ietf-sipping-overload-reqs (Requirements for Title: ast Call: draft-ietf-sipping-overload-reqs (Requirements for URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-overload-reqs-02.txt Date: 2008-04-30 – Approved by the IESG as col Action: ‘MIP6-bootstrapping for the Integrated Title: MIP6-bootstrapping f URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-bootstrapping-integrated-dhc-06.txt Date: 2008-04-30 – Last Call: draft-freed-sieve-date-index (Sieve Email Filtering / Call: draft-freed-sieve-date-index (Sieve Email Filtering: Title: ast Call: draft-freed-sieve-date-index (Sieve Email Filtering: URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-date-index-11.txt Date: 2008-04-30 – Last Call: draft-ietf-sieve-editheader (Sieve Email Filtering / Call: draft-ietf-sieve-editheader (Sieve Email Filtering: Title: ast Call: draft-ietf-sieve-editheader (Sieve Email Filtering: URL: http://www.ietf.org/internet-drafts/draft-ietf-sieve-editheader-11.txt Date: 2008-05-01 – Approved by the IESG as ent Action: ‘EAP Tunneled TLS Authentication Title: EAP Tunneled T URL: http://www.ietf.org/internet-drafts/draft-funk-eap-ttls-v0-05.txt Date: 2008-05-01 – Approved by the IESG as ent Action: ‘Framework for real-time text over IP Title: Framework for real- URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-toip-09.txt Date: 2008-05-02 – Last Call: draft-ietf-syslog-tc-mib (Textual Conventions fo / Call: draft-ietf-syslog-tc-mib (Textual Conventions for Title: ast Call: draft-ietf-syslog-tc-mib (Textual Conventions for URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-tc-mib-07.txt Date: 2008-05-02 – Last Call: draft-ietf-dccp-rfc3448bis (TCP Friendly Rate Contro / Call: draft-ietf-dccp-rfc3448bis (TCP Friendly Rate Control Title: ast Call: draft-ietf-dccp-rfc3448bis (TCP Friendly Rate Control URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-rfc3448bis-06.txt Date: 2008-05-05 – Approved by the IESG as col Action: ‘Datagram Transport Layer Security Title: Datagram Transpo URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-dtls-06.txt Date: 2008-05-08 – Approved by the IESG as col Action: ‘A Framework for Centralized Title: A Framewor URL: http://www.ietf.org/internet-drafts/draft-ietf-xcon-framework-11.txt Date: 2008-05-09 – Last Call: draft-ietf-pim-lasthop-threats (Host Threats t / Call: draft-ietf-pim-lasthop-threats (Host Threats to Title: ast Call: draft-ietf-pim-lasthop-threats (Host Threats to URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-lasthop-threats-04.txt Date: 2008-05-09 – Approved by the IESG as Proposed Standard Title: The OSPF Opaque LSA Option URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-rfc2370bis-05.txt Date: 2008-05-09 – Approved by the IESG as col Action: ‘Definition of Events For Title: Definit URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc2833biscas-05.txt Date: 2008-05-12 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 Fast Handovers URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-fmipv6-rfc4068bis-07.txt Date: 2008-05-12 – Approved by the IESG as ent Action: ‘Applicability Statement for Layer 1 Title: Applicability Stat URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-applicability-basic-mode-05.txt Date: 2008-05-12 – Approved by the IESG as ent Action: ‘OSPF Database Exchange Summary List Title: OSPF Database Exch URL: http://www.ietf.org/internet-drafts/draft-ogier-ospf-dbex-opt-03.txt Date: 2008-05-12 – Approved by the IESG as Proposed Standard Title: PIM Bootstrap Router MIB URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-bsr-mib-06.txt Date: 2008-05-13 – Last Call: draft-ietf-ltans-ers-scvp (Using SCVP to Conve / Call: draft-ietf-ltans-ers-scvp (Using SCVP to Convey Title: ast Call: draft-ietf-ltans-ers-scvp (Using SCVP to Convey URL: http://www.ietf.org/internet-drafts/draft-ietf-ltans-ers-scvp-06.txt Date: 2008-05-13 – Approved by the IESG as Title: The ‘news’ and ‘nntp’ URI Schemes URL: http://www.ietf.org/internet-drafts/draft-ellermann-news-nntp-uri-11.txt Date: 2008-05-13 – Last Call: draft-dharkins-siv-aes (SIV Authenticated Encryptio / Call: draft-dharkins-siv-aes (SIV Authenticated Encryption Title: ast Call: draft-dharkins-siv-aes (SIV Authenticated Encryption URL: http://www.ietf.org/internet-drafts/draft-dharkins-siv-aes-02.txt Date: 2008-05-13 – Last Call: draft-kato-camellia-ctrccm (Camellia Counter mod / Call: draft-kato-camellia-ctrccm (Camellia Counter mode Title: ast Call: draft-kato-camellia-ctrccm (Camellia Counter mode URL: http://www.ietf.org/internet-drafts/draft-kato-camellia-ctrccm-01.txt Date: 2008-05-13 – Last Call: draft-kato-ipsec-camellia-modes (The Additiona / Call: draft-kato-ipsec-camellia-modes (The Additional Title: ast Call: draft-kato-ipsec-camellia-modes (The Additional URL: http://www.ietf.org/internet-drafts/draft-kato-ipsec-camellia-modes-07.txt Date: 2008-05-13 – Last Call: draft-ietf-idr-route-filter (Outbound Rout / Call: draft-ietf-idr-route-filter (Outbound Route Title: ast Call: draft-ietf-idr-route-filter (Outbound Route URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-route-filter-16.txt Date: 2008-05-14 – Last Call: draft-ietf-enum-vmsg (IANA Registration o / Call: draft-ietf-enum-vmsg (IANA Registration of Title: ast Call: draft-ietf-enum-vmsg (IANA Registration of URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-vmsg-02.txt Date: 2008-05-14 – Last Call: draft-ietf-enum-softswitch-req (ENUM-based Softswitc / Call: draft-ietf-enum-softswitch-req (ENUM-based Softswitch Title: ast Call: draft-ietf-enum-softswitch-req (ENUM-based Softswitch URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-softswitch-req-02.txt Date: 2008-05-14 – Last Call: draft-ietf-sipping-race-examples (Example calls flow / Call: draft-ietf-sipping-race-examples (Example calls flows Title: ast Call: draft-ietf-sipping-race-examples (Example calls flows URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-race-examples-05.txt Date: 2008-05-14 – Approved by the IESG as col Action: ‘Session Initiation Protocol (SIP) Title: Session Initiati URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-prescaps-ext-10.txt Date: 2008-05-15 – Last Call: draft-ietf-ospf-ospfv3-traffic (Traffic Engineerin / Call: draft-ietf-ospf-ospfv3-traffic (Traffic Engineering Title: ast Call: draft-ietf-ospf-ospfv3-traffic (Traffic Engineering URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-traffic-11.txt Date: 2008-05-15 – Approved by the IESG as ent Action: ‘On the applicability of various MIKEY Title: On the applicability URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-mikey-applicability-09.txt Date: 2008-05-16 – Approved by the IESG as Proposed Standard Title: OSPF for IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-update-23.txt Date: 2008-05-16 – Approved by the IESG as Proposed Standard Title: OSPFv3 Graceful Restart URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-graceful-restart-08.txt Date: 2008-05-16 – Approved by the IESG as col Action: ‘BGP-based Auto-Discovery for Layer-1 Title: BGP-based Auto-Disc URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-bgp-auto-discovery-05.txt Date: 2008-05-20 – Approved by the IESG as ent Action: ‘Guidelines for IP Flow Information Title: Guidelines for IP URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-testing-05.txt Date: 2008-05-21 – Approved by the IESG as ent Action: ‘Network Endpoint Assessment (NEA): Title: Network Endpoint URL: http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-07.txt Date: 2008-05-23 – Approved by the IESG as col Action: ‘DHCP Options for Home Information Title: DHCP Options for URL: http://www.ietf.org/internet-drafts/draft-ietf-mip6-hiopt-17.txt Date: 2008-05-23 – Last Call: draft-cain-post-inch-phishingextns (Extensions t / Call: draft-cain-post-inch-phishingextns (Extensions to Title: ast Call: draft-cain-post-inch-phishingextns (Extensions to URL: http://www.ietf.org/internet-drafts/draft-cain-post-inch-phishingextns-04.txt Date: 2008-05-27 – Approved by the IESG as ent Action: ‘SAVA Testbed and Experiences to Date’ Title: SAVA Testbed and Exp URL: http://www.ietf.org/internet-drafts/draft-wu-sava-testbed-experience-06.txt Date: 2008-05-27 – Approved by the IESG as Title: Multiple Signatures in S/MIME URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-multisig-05.txt Date: 2008-05-27 – Approved by the IESG as col Action: ‘A Backward Recursive PCE-based Title: A Backward Re URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-brpc-09.txt Date: 2008-05-27 – Approved by the IESG as col Action: ‘RTP Payload Format for Vorbis Encoded Title: RTP Payload Format f URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-vorbis-09.txt Date: 2008-05-27 – Re: Informational RFC to be: draft-guy-iax-04.tx / nformational RFC to be: draft-guy-iax-04.txt Title: e: Informational RFC to be: draft-guy-iax-04.txt URL: http://www.ietf.org/internet-drafts/draft-guy-iax-04.txt Date: 2008-05-27 – Approved by the IESG as col Action: ‘Templates for Internet Drafts Title: Templates fo URL: http://www.ietf.org/internet-drafts/draft-harrington-text-mib-doc-template-06.txt Date: 2008-05-28 – Last Call: draft-ietf-tls-rsa-aes-gcm (AES-GCM Cipher Suites fo / Call: draft-ietf-tls-rsa-aes-gcm (AES-GCM Cipher Suites for Title: ast Call: draft-ietf-tls-rsa-aes-gcm (AES-GCM Cipher Suites for URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-rsa-aes-gcm-03.txt Date: 2008-05-28 – Last Call: draft-ietf-tls-ecc-new-mac (TLS Elliptic Curve Ciphe / Call: draft-ietf-tls-ecc-new-mac (TLS Elliptic Curve Cipher Title: ast Call: draft-ietf-tls-ecc-new-mac (TLS Elliptic Curve Cipher URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-new-mac-07.txt Date: 2008-05-29 – Approved by the IESG as col Action: ‘A Registry for SMTP Enhanced Mail Title: A Registry for S URL: http://www.ietf.org/internet-drafts/draft-hansen-4468upd-mailesc-registry-05.txt Date: 2008-05-29 – Approved by the IESG as ent Action: ‘Requirements for GMPLS-Based Title: Requirement URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-mln-reqs-11.txt Date: 2008-05-29 – Approved by the IESG as ent Action: ‘Requirements for address selection Title: Requirements for URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-addr-select-req-07.txt Date: 2008-05-29 – Approved by the IESG as Proposed Standard Title: IMAP CONVERT extension URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-convert-20.txt Date: 2008-05-29 – Approved by the IESG as col Action: ‘TCP Friendly Rate Control (TFRC): Title: TCP Friendly Rat URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-rfc3448bis-06.txt Date: 2008-05-29 – Approved by the IESG as col Action: ‘OSPF Based Layer 1 VPN Title: OSPF URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-ospf-auto-discovery-06.txt Date: 2008-05-30 – Approved by the IESG as Proposed Standard Title: Proxy Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-proxymip6-18.txt Date: 2008-05-30 – Approved by the IESG as Proposed Standard Title: Layer 1 VPN Basic Mode URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-basic-mode-05.txt Date: 2008-05-30 – Approved by the IESG as col Action: ‘Extensible Authentication Protocol Title: Extensible Authen URL: http://www.ietf.org/internet-drafts/draft-ietf-eap-keying-22.txt]]> 1448 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dhcpv6-is-getting-to-be-a-mature-technology/ Sun, 27 Jul 2008 15:29:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1450 1450 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/multipath-tcp/ Sun, 07 Jun 2009 14:30:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=849 Adjusting to Path Properties through Congestion Control Multipath TCP (MPTCP) involves modifying TCP to give it the capability to send a given packet over a given path. It then runs the regular NewReno congestion control algorithms separately for each path, so each path has its own congestion window that reflects the path's available bandwidth. Therefore, MPTCP can send (1) many packets over paths with a large congestion window and/or a small round-trip-time (RTT) and (2) fewer packets over paths that have a small window and/or a large RTT. This way, a multipath TCP can automatically-and quickly-adjust to congestion in the network, moving traffic away from congested paths and toward uncongested paths. Routers can also distribute packets over multiple paths, but routers have no end-to-end congestion information. Additionally, routing protocols that change routing based on link utilization have never gained a foothold because they can cause dangerous oscillations as they move traffic to idle links, which can then become congested, move traffic back, and so on. Another concern over having routers distribute packets that belong to the same flow (TCP session) over multiple paths is that different paths have different RTTs, which means that packets will arrive out of order. When this happens, the fast-retransmit algorithm that is part of the Reno set of congestion control algorithms will do what its name suggests. When packets n+1, n+2, and n+3 arrive but packet n is still missing (three duplicate acknowledgements), TCP concludes that packet n was lost, and it retransmits it without waiting for a timeout. It also assumes that sending was happening too fast, so it reduces its sending rate by halving the congestion window, which lowers the number of packets that can be in flight before the receiver acknowledges that it has received earlier packets. However, if packet n was sent over a path with a slightly larger RTT than the path used for sending packets n+1, n+2, and n+3, n probably was not lost, so there was no need to retransmit and reduce the sending rate. To prevent this issue, routers work hard to avoid sending-over multiple paths-packets belonging to a single flow (see RFC 2992). Multipath TCP can solve this issue by simply executing the fast-retransmit algorithm for each path separately.

Fairness and Resource Pooling

A more challenging issue is that of fairness. Suppose there are two paths between points A and B; let's call them left (l) and right (r). Flow X takes the left path, flow Y takes the right path, and flow Z is a multipath TCP flow that uses both paths, with a subflow Zl over the left and a subflow Zr over the right. Assuming normal congestion control, Zl will compete on an even footing with X, such that both Zl and X get half the available bandwidth on the left path (in the absence of other traffic). The same is true for Zr and Y. This means that the total send rate of Z (Zl + Zr) is double that of X or Y. This is a little unfair, but not to an alarming degree. However, what if a multipath TCP thinks it has five paths, but in reality all of these paths share a bottleneck? In this case, the multipath flow will take five times as much bandwidth as other flows, which falls squarely outside the limits of what is acceptable. Presumably, paths toward the same destination will regularly share a common bottleneck, and there is no obvious fast and reliable way to detect this condition. As a result, on one hand, multipath TCP requires a way to couple the congestion control state of the different subflows such that MPTCP is reasonably fair to unmodified TCP flows when multiple MPTCP subflows share a bottleneck. On the other hand, MPTCP must be sufficiently aggressive so that it is at least as fast as unmodified TCP on the fastest path. For instance, in the previous example, if the left path has a bandwidth of 100 Mbps, and the right path, 10 Mbps, the fact that MPTCP flow Z starts to lose packets at around 5 Mbps over the right path should not get in the way of subflow Zl's reaching about 50 Mbps on the left path, or Z will be slower than X. Obviously, users will be reluctant to deploy multipath TCP if it performs worse than unmodified TCP! A step beyond “first do no harm to my own performance”? and “be fair on shared bottlenecks”? is the notion of resource pooling. Suppose a network operator has deployed a number of parallel links, and several MPTCP flows run over two of those links each. With the appropriate coupling of the per-subflow congestion control for each multipath TCP flow, the packet loss rates that NewReno congestion control uses to adapt to the network bandwidth will equalize, and the set of links will start to behave as a single resource. Assume again the earlier example, but now with 100 Mbps on both paths. Perfect resource pooling would mean that X takes 67 Mbps on the left path; Y, 67 Mbps on the right path; and Z, 33 Mbps on each path for a total of 66 Mbps. This is the same as would happen on a single 200 Mbps path. Compare this to the situation today, where a network operator bundles two links. In the best-case scenario, two flows would each get 50 Mbps on a shared link, and the other flow would get the full 100 Mbps on the other link. But the situation where three flows share one link and run at 33 Mbps each while the second link remains idle is also relatively common. According to the literature, it takes about 1,000 sessions to get good utilization out of a set of bundled links.

Improved Resilience

In addition to potentially providing more bandwidth for the multipath user and resource pooling, as well as improved utilization for the network operator, MPTCP may also improve resilience; in other words, if one path fails, MPTCP can continue to work over an alternative path. On one hand, presumably, the routing system would detect such a path failure and repair it, but routing protocols take 30 (OSPF) to 90 (BGP) seconds to detect a failure. Multipath TCP, on the other hand, could detect a failure within a few round-trip times. This does require some smart retransmission algorithms. TCP must deliver data to the receiving application in the original order, so if packet n is lost, packets n+1, n+2, and so on must be buffered by the receiver until packet n is retransmitted successfully. Therefore, it is important to avoid retransmitting packets on a broken path. And waiting for a normal timeout on one path can slow down progress on other paths if the receive buffer fills up and the subflows using the other paths must stop sending.

The Drafts

There are currently two multipath TCP drafts. On one hand, draft-ford-mptcp-multi-addressed-00: TCP Extensions for Multipath Operation with Multiple Addresses adds a mechanism to TCP to explicitly add new subflows to an established TCP session, where each subflow has its own source and destination addresses. For this to work, at least one end (preferably both ends) must have at least two addresses, and both ends must implement the multipath TCP extensions. Packets are sent down different paths by addressing them to the different destination addresses available for the remote system. The multiaddressed multipath TCP has a second sequence number space carried in TCP options, so that the regular seqnum and acknowledgement fields can remain compatible with existing middleboxes such as NATs (network address translations). On the other hand, draft-van-beijnum-1e-mp-tcp-00: One-ended multipath TCP is one ended; in other words, it modifies only the sender. This means that like regular TCP, only a single source address and a single destination address are supported. This means there is no easy way to send packets down different paths. However, if the one-ended multipath TCP is deployed in content networks that have multiple links to the Internet by using provider independent address space, this could work. In one instance, a server could have two interfaces, where the packets transmitted over one interface are sent through one Internet connection, and the packets transmitted over another interface are sent over another Internet connection. This solution takes advantage of the fact that congestion control, including fast retransmit, is implemented in the TCP sender, so it is possible to use multiple paths without changing the receiver, as long as the receiver uses selective acknowledgements (SACK, RFC 2018). This solution assumes that middleboxes, such as firewalls and NATs, are deployed only at the receiving end, where the two paths have converged, so the middlebox sees normal TCP traffic. An intriguing avenue for future development would be modifying routers such that when they need to distribute packets over multiple links or paths, they do so based on the path selection choices made by multipath TCP on the sending host. Doing so would make it possible to gain MPTCP benefits without the need for multiple addresses or multiple connections to the Internet. However, in order to do that, an MPTCP host would have to include information about the desired path in the IP or TCP header where routers can find it to base their path selection decisions on. Unfortunately, there aren't any unused bits in the IPv4 or IPv6 headers, and TCP options have the disadvantage of not being in a fixed place, thereby making it harder for a router to inspect those. For this reason, and because requiring changes to both hosts and routers makes deployment a lot harder, it was decided to not work on involving routers in multipath TCP for the time being in the pre-BoF discussions.

Why TCP?

As discussed earlier, using congestion control to adjust to the available bandwidth on each path is a powerful advantage of implementing the multipath capability in the transport layer. But why TCP, and not a new or separate protocol? For instance, the Stream Control Transmission Protocol (SCTP, RFC 4960) already supports using multiple addresses, thereby making it easier to use multiple paths at the same time. However, as currently defined, SCTP uses only one path at a time, and it switches to another path only after the current path fails. There has been a fair amount of academic work on multipath SCTP under the moniker CMT (concurrent multipath transmission). SCTP CMT shares the same basic issues with congestion control fairness and performance and retransmission policies as multipath TCP does, but the amount of protocol work required is minimal, since SCTP already supports multiaddressing. Unfortunately, moving existing applications from TCP to SCTP involves a number of challenges, such as making SCTP work through NATs, the need to modify applications, and lack of an easy way to negotiate SCTP versus TCP between a client and a server. In addition, SCTP uses a much more complex packet format than TCP does and a CRC32 checksum that is expensive to compute in software, making SCTP less appropriate for high-bandwidth applications. None of the issues is insurmountable, but together they make adoption of SCTP as a TCP alternative a challenge. As such, implementing multipath in TCP, which is used for about 85 percent of all Internet traffic, is a more attractive deployment strategy. See also Multipath TCP discussions.

References

• M. Mathis, J. Mahdavi, S. Floyd and A. Romanow; TCP Selective Acknowledgment Options; RFC 2018; October 1996.
• C. Hopps; Analysis of an Equal-Cost Multi-Path Algorithm; RFC 2992; November 2000.
• D. Wischik, M. Handley, M. Bagnulo; The Resource Pooling Principle; ACM SIGCOMM Computer Communication Review archive; October 2008.
• J. Iyengar, K. Shah, P. Amer, R. Stewart; Concurrent Multipath Transfer Using SCTP Multihoming; SPECTS 2004, San Jose, California; July 2004.
• A. Ford, Ed., C. Raiciu, M. Handley, S. Barre; TCP Extensions for Multipath Operation with Multiple Addresses; draft-ford-mptcp-multiaddressed-00; May 2009.
• I. van Beijnum; One-ended multipath TCP; draft-van-beijnum-1e-mp-tcp-00; May 2009.

]]> 849 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-past-meets-the-present-at-ietf-73/ Sat, 07 Feb 2009 15:08:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=896 View of Minneapolis, site of IETF 73. Photo by Peter Löthberg

Since it was first published some 30 years ago, the IP model has emerged as one of the most influential technological developments of our time. As it turns out, its evolution is also one of the more interesting stories in the history of the Internet. At IETF 73, Internet Architecture Board member Dave Thaler gave a well-received presentation called Evolution of the IP Model, which was based on an Internet-Draft published last November. An article based on the presentation, which Dave adapted specifically for the IETF Journal, appears on this page. Jon Postel was remembered throughout the week, most notably at a private dinner in Minneapolis commemorating the 10-year passing of Jon and honouring this year's winner of the Internet Society's Jonathan B. Postel Service Award. Jon's memory also was deeply felt during the Plenary, particularly when Dave, as part of his presentation, invoked Jon's famous credo: Be con-servative in what you send; be liberal in what you receive. This edition of the IETF Journal features several other articles of note. Fred Baker offers a new perspective on the transition from IPv4 to IPv6. Kevin Chege of the Kenya Education Network and Mat Ford give us an inside look at the impact of bandwidth-intensive applications on low-bandwidth regions of the global network. Leslie Daigle discusses Internet security and stability in her piece about unwanted traffic on the Internet. And Geoff Huston returns with an in-depth look at the role that resource certification may play in inter-domain routing. We hope you enjoy this issue!]]> 896 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/evolution-of-the-ip-model/ Sat, 07 Feb 2009 15:09:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=898 Figure 1: The model exposed by IP to higher-layer protocols and applications

In the technical plenary, the Internet Architecture Board (IAB) presented its work on the Evolution of the IP (Internet Protocol) model. For purposes of this work, the IP model refers to the service model exposed by the IP layer to upper-layer protocols and applications (figure 1). That is, the IP model can be viewed either as a set of behaviours that can be relied on by higher layers or as a set of expectations that higher layers have around IP. In this sense, it is similar to a loosely defined contract that has evolved over time.

A Short History Lesson

Dave Thaler speaking at the technical plenary at IETF 73. Photo by Peter Löthberg

In the beginning, IP was first published in 1978 as an Internet Experiment Note (IEN). At the time, IENs were a separate series from RFCs but later merged into the RFC series. After several updates as IENs, IP became RFC 760 in 1980; and finally, the one we cite today, RFC 791, was published in 1981. There was considerable evolution in IP during those three years. The evolution didn’t stop there, however, and the IP model has continued to change over the years to meet new demands. Some of those changes were intentional. Some were because we found deficiencies. Others were the result of new capabilities. Often, the changes were a consequence of trying to do something else. By 1989, there was already some confusion concerning the IP model. RFC 1122 was written in an effort to clear up some of that confusion as well as to extend the service model. There are plenty of other RFCs that offered advice on various specific aspects of the IP model, and as a result, to gain an understanding of the IP model, one needed to search many RFCs. Another RFC appeared in 2004, which is probably the one that is closest in spirit to this work. That one-RFC 3819-offered advice for link-layer protocol designers on how to minimize the impact on layers above the link layer. Hence, it dealt with the service model at the bottom of IP, whereas the present work deals with the service model at the top of IP. Through it all, many applications and higher-layer protocols have been built on top of IP. Besides the things that were actually documented in those RFCs, they made various assumptions about IP. Those assumptions today are not listed in one place. They’re not necessarily that well-known. They’re not necessarily thought about when changes are being made. And, as we’ll see, increasingly they’re not even true. The goals of the IAB work were first, to collect these assumptions (or, increasingly, myths) in one place-or at least provide references to the various other places that already have them-and second, to document to what extent those assumptions are true and to what extent they are not. Beyond that, we were interested in providing some guidance for the community. The collected assumptions were previously presented to various subsets of this community. For example, much of the information about the assumptions was presented in the Internet area meeting at IETF 72 in Dublin, and another subset was presented in the EXPLISP BoF. The IAB solicited input from the community-or at least those subsets of the community-so we could go off and come up with guidance. We have now done that between Dublin and Minneapolis. The focus in the technical plenary was thus to discuss the IAB guidance as a working session.

Assumptions

The basic IP service model described in RFC 791 indicated that senders are able to send to an address without signalling a priori. Receivers can listen on some address they’ve already obtained-without signalling a priori. Packets can be of variable size, and there’s no guarantee of reliability, ordering, or lack of duplication. That’s the model that we held up as the great IP service model. That left a lot unstated, however. RFC 1122 added some clarification-for example, with respect to defining the notion of strong-host (or end-system) versus weak-host models, both of which were allowed and supported on different platforms. On one hand, in the strong-host model, when a host sends a packet from a particular source address, it has to send the packet out on an interface that corresponds to that source address. Similarly, if a packet comes in to a particular destination address, it has to arrive on an interface corresponding to that destination address, or the host will drop it. In the weak-host model, on the other hand, the host can send and receive packets on any interface. Routers, for example, follow the weak-host model when forwarding is enabled. So while RFC 1122 added some clarification, we had two different behaviours and so ended up with two different variants of the IP model. Since different platforms implemented different behaviours, applications could not rely on a single behaviour. Even with RFC 1122 and other RFCs, many other assumptions made by upper-layer protocols and applications are not well documented. Such assumptions or myths generally fall into four categories: assumptions about IP connectivity, assumptions about addressing, assumptions about upper-layer protocol extensibility, and assumptions about security. When talking about claims that may or may not be true, Snopes.com has a nice model that includes a claim, examples, and a status of true or false or partially true. We will use this same model below. Note that all of the assumptions we will talk about are at best partially true, but that hasn’t stopped applications from making the assumption anyway.

Assumptions about IP Connectivity

The document covers a number of connectivity-related assumptions, three of which we will mention here by way of example. Claim: Reachability is symmetric, or “If I can reach you, you can reach me.” Some examples of upper-layer protocols and applications that do this include request-response protocols; in other words, if a request can reach you right now, then the response can come back to me. That’s a fairly small time window. Then there are much broader assumptions, such as, “If I can reach you today, then you can reach me tomorrow.” There are lots of reasons that this is not entirely true. For example, we have NATs, firewalls, one-way media such as satellite links, and even wireless situations such as 802.11 ad hoc mode, whereby if my radio is stronger than yours, I can get a packet to you, but you can’t get one back to me. There have also been some efforts to try to make this claim be more true. For example, RFC 3077 was one effort to help restore this for some of these cases. Today, request and response paradigms usually work, but not callbacks over a much longer time frame. Claim: Reachability is transitive, or “If I can reach you and you can reach her, then I can reach her.” The same sorts of things (NATs, firewalls, packet radio technologies, etc.) interfere with this assumption too, so today you not only have lack of symmetry, but you also have lack of transitivity. Claim: The latency of the first packet that you send to a destination is typical of what you’ll see after that. This assumption is commonly made when picking from a set of candidate servers or addresses. Many applications and protocols send a packet to each of them and then use the one that responds first, assuming that it’s the best one to talk to. A number of things interfere with that assumption today. First, the first packet may have additional latency due to a routing-related cache miss in an intermediary (e.g., ARP or flow-based routers). While resolving the next hop, the packet may be queued in the meantime. When comparing two different destinations, if one of them needs to do a resolution and one doesn’t, there can be a difference from what you might expect. Second, there are a number of protocols that have the notion of path switching. For example, we see this in Mobile IPv6, Protocol Independent Multicast-Sparse Mode (PIM-SM), the Multicast Source Discovery Protocol (MSDP), and various Routing Research Group proposals, wherein packets initially follow one path and then quickly switch to a more efficient path. That means the first burst may have a much longer latency than subsequent packets do. If you have another destination that is already switched, you might unduly think that one is closer, but it might not be. So, as a result, if you make that assumption, you can end up with, in some cases, highly suboptimal choices, and that can result in longer paths, lower throughput, and a higher load on the Internet. In terms of IAB guidance around IP connectivity-related assumptions, we first observed that the reasons they are no longer true-or at least much less true-tend to fall into two categories: either they are effects of something done at the link-layer independent of IP or they are effects of things done specifically by network-layer technologies. Usually, the link-layer effects are not intentionally trying to break IP. Designers don’t set out trying to invent a link type that is difficult to run IP over, but it’s when defining IP over them that we inadvertently create problems. RFC 3819 gives good advice to link-layer designers about what they can do. The other piece of guidance that the IAB added for those of us who define IP over various link types is that we try to recognize the gaps mentioned in the document and compensate for them as much as is practical. Examples of where the IETF has actually made attempts at doing this is RFC 3077, which attempts to compensate for unidirectional links such as satellite links, and RFC 2491, which attempted to compensate for non-broadcast-capable links. A notable gap today is in the area of compensating for lack of transitivity, such as with IP over 802.11 ad hoc mode.

IETF 73 plenary attendees line up at the mic. Photo by Peter Löthberg

As for network-layer technologies that interfere with these assumptions, in the IETF we like the notion of reachability. We say that everyone should be able to talk to everyone. That’s true, of course, until we start getting stuff we don’t like getting. Most of us then realize we don’t actually want to be reachable by everyone; we want to be reached only by the good guys. The notion of restricting reachability to only some portion of those who might want to communicate with us is already a part of the current IP model. An example is with IPsec (Internet Protocol Security), which is now a core part of IP itself. The point is that blocking communication to or from unauthorized parties is legitimate. When reachability is affected for reasons beyond simply restricting access to authorized parties only, the IETF should attempt to proactively avoid such hindrances for new technologies-or solve them for existing technologies (e.g., 802.11 ad hoc). Referring back to figure 1, the IP model is what is exposed to the transport layer and above on the source and destination. One approach designers sometimes use to avoid some of the effects (e.g., non-transitivity) of odd link types is to hide the link from hosts that run upper-layer protocols and applications and use such links only between routers. We give the following principle, with wording inspired by another principle from the late Jon Postel: “When defining a protocol, be liberal in what effects you accept from lower layers, and conservative in what effects you cause to upper layers.” Using the general principle, being liberal and conservative, we have roughly two categories of work. Perhaps half of the work in the IETF is around the network layer and below, and half is around the transport layer and above. Many of us are actually in both camps. Work at the higher layer should avoid making the assumptions when practical-and at least consider them in the writing of requirements and applicability statements. Work at lower layers should avoid making the assumptions be less true when practical and similarly document any remaining effects on the assumptions made by upper layers so that other designers and administrators are aware of the impact. Note the use of the word practical earlier. To illustrate what we mean by this, let’s look at a specific example. IAB RFC 4903 on multilink subnet issues talks about non-broadcast multi-access (NBMA) links. An example of an NBMA link is 6to4, which is not intended to go across a particular network but across the Internet. It doesn’t support multicast, but we often don’t have multicast deployed across the public Internet anyway. So 6to4 is an example wherein trying to add multicast over it may not be practical. It would add complexity that would not be needed until you actually have wide-area multicast that would be needed across the same environment.

Assumptions about IP Addressing

Claim: Addresses are stable over long periods of time. Once upon a time, that was mostly true, at least until we started having things like the Dynamic Host Configuration Protocol (DHCP) and hosts that move around. In common application programming interfaces (APIs), such as the sockets API that many of us use, applications call a name resolution API, such as gethostbyname or getaddrinfo, and then connect to one or more resolved addresses. When a name is resolved in DNS, the requester gets back a time to live (TTL) together with the addresses, but this TTL is not present in the API, and so, applications may cache the answers for longer than indicated by the DNS, resulting in eventual communication with the wrong entity. We also see some efforts that are intentionally, or as a side effect, trying to restore this assumption to some effect. Proxy Mobile IPv6 (RFC 5213), for example, tries to restore it for some level of mobility within a network. Protocols such as Mobile IP and the Host Identity Protocol (HIP) try to provide stable addresses to some extent by adding an additional stable address that an application can use. Hence, if applications that make this assumption use the stable address, then they work better. Claim: A host has only one address and one interface. Unfortunately, there exist many applications that resolve a name to a set of addresses and then simply pick the first one and use it. We saw this in a lot of applications when we started porting them to use IPv6, for example. Other applications use an address to identify a user or a machine and get confused if multiple users or multiple machines use the same address or if the same user or machine uses multiple addresses. Another common problem is that there are many DHCP options for per-machine information, whereas DHCP options are obtained over a particular interface from a particular network, and often, it’s not mentioned how the host then converts per-interface information (such as a set of DNS servers) to machine-wide information when it gets multiple answers from different interfaces or networks. So, of course, this assumption is much less true today. Many hosts have multiple interfaces, and hosts have both IPv4 and IPv6 addresses even if they have only one interface. The use of virtual private networks (VPNs) is also fairly common and results in multiple interfaces. To some extent, protocols like Mobile IP and HIP are trying to restore this by adding another “address” that applications that make this assumption can use and be isolated from the use of multiple other addresses the host may have. Claim: An “address” used by an application is the same as the “address” used for routing. What some call an ID/locator split is an example of when this is not true. Many applications have assumptions, however incorrect they may be, about the relationship between proximity in the address space and proximity in the topology. That is, if you and I have similar addresses, you must be close to me, and hence you’re a better peer to talk to than someone with an address that appears to be much less similar.

IETF 73 plenary audience. Photo by Peter Löthberg

Similarly, some applications or protocols have a service select addresses to put in a referral to a client based on the client’s address and how it relates to the potential candidates’ addresses. This assumption is certainly not true with tunnelling to and from hosts, because applications see the address in the inner IP header, whereas routing uses the address in the outer IP header. Similarly, it is not true with IP/locator split schemes that split them at a host. Again, the assumptions mentioned earlier are examples that serve to motivate the guidance that follows, and more assumptions are discussed in the draft. So, what does the IAB think about these? If we look back at architectural principles of the Internet, there’s a good statement in RFC 1958: “In general, user applications should use names rather than addresses.” If only that were true! Today we have many APIs that unnecessarily expose addresses to applications, and many applications have to deal with the concept of an address only because they need to use it to open a transport connection instead of being able to connect by name, as Stuart Cheshire discussed in the plenary in Dublin. Today it’s often an implementation issue, not a protocol issue, but there are also protocols defined to carry only IP addresses instead of carrying names when doing a referral or request for a later callback.

Figure 2: Steve Deering’s hourglass showing the “waist” of the Internet

In general, anything that’s already dependent on some naming system should try to avoid using addresses and use only names. As a side effect, this happens to ease the transition to IPv6 because applications that know nothing about IP addresses generally work without changes.

Assumptions about Upper-Layer Extensibility

Claim: New transport-layer protocols can work across the Internet. Figure 2 shows the hourglass from Steve Deering’s presentation at the IETF 51 plenary back in 2001 regarding the “waist” of the Internet. Besides TCP and UDP, it shows “”¦”. The IP model is not static, and neither are other layers. Some applications use raw sockets and make this assumption-or at least want this assumption to become more true. But today devices such as NATs and firewalls support only UDP and TCP or, even worse, support only HTTP. As a result, many applications and protocols (such as the whole Web Services architecture) today are built on top of HTTP instead of TCP or UDP, and we even see IP over HTTP, resulting in an architecture more like that shown in figure 3. Claim: If one stream to a destination can get through, then so can others. For example, you have applications that open multiple connections to get better throughput, and you have applications such as FTP that open separate connections for data and control. However, a number of factors may interfere with that assumption. Some firewalls may block specific ports, for example. Also, some middleboxes keep per-connection state and may run out of memory or ports when an application attempts multiple connections. This has come up in discussions of carrier-grade NATs, for example. Just because you can get one, doesn’t necessarily mean you can get a hundred.

Figure 3: An updated hourglass showing an architecture often seen today

In considering these assumptions, we observe that RFC 791 doesn’t actually describe what the requirements were, but there’s a great paper by Dave Clark referenced in the document that does list the requirements that were discussed when IP was first designed. One such requirement was to support the widest possible range of applications by supporting a variety of types of service at the transport level. The issues with this today arise either in the name of security-or as a side effect of something else, such as address shortage-and the same guidance applies as for the IP connectivity-related assumptions.

Assumptions about Security

In terms of security, the examples are well-known, including modifications to packets in transit, privacy, and forged source addresses. Fortunately, RFC 3552, which talks about how to write security considerations, already has excellent guidance for what people should do about these assumptions. It’s also worth mentioning that changes to any assumptions, not just assumptions about security itself, can impact security if some application or upper-layer protocol bases its behaviour on that assumption. For example, consider an application that binds to an IP address, running on a host with two interfaces: one on a “safer” network and one on some untrusted network that you don’t want to do certain things on. If the application binds to an address on the good network, will it see only traffic that comes in across the good network? There are applications that assume this is the case. We saw earlier, however, that this is true for strong-host systems and false for weak-host systems. As a result, great care should be taken when making an assumption less true. Upper layers should also carefully consider the impact of basing security on any such assumption. Of course, many assumption violations are actually done in the name of security even though they break some applications.

Conclusions

Unless you can enumerate all possible applications that are run, any changes to the assumptions listed in the document will probably break some applications. We’ve realized that it becomes harder and harder over time to evolve the IP model, because there are more and more things that might have assumptions built in. Still, the IP model is not static, and continuing to evolve it to meet new demands is important. Changes must be made with extreme care, however. Adding functionality that has no impact unless the upper layer asks for it is generally safe, but fewer entities will actually use it. For those who make changes to the network layer or below, write down the effects on upper layers-for example, as part of requirements and applicability statements. For those who work on technologies at the transport layer or above, avoid these assumptions whenever practical, and if you do depend on any, write them down-for example, in requirements and applicability statements.]]> 898 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-17/ Sat, 07 Feb 2009 15:10:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=900 Russ Housley, IETF Chair

I am pleased to report that IETF 73, which was held in Minneapolis in November 2008, was a highly successful meeting. While the total number of attendees was down (937), the number of countries represented was up (52). Many people attribute the reduced attendance to the global economic down-turn. That may be true, yet the work of the IETF remains relevant, and the people who came were enthusiastic. Many working groups made significant progress in Minneapolis. Google was the meeting host and certainly made everyone feel welcome. The social event was well attended, and everyone had a fun, game-filled evening. The site network was subcontracted to VeriLAN Networks, whose staff, working with a group of dedicated volunteers, provided a very sound network. The week was filled with the usual mixture of working group (WG) meetings, birds-of-a-feather sessions, research group meetings, and, as always, many side meetings. Since IETF 72, two new WGs were chartered and five WGs were closed. We have about 115 chartered WGs. Between the meetings, the WGs and their individual contributors produced 389 new Internet-Drafts and updated 887 Internet-Drafts, some of them more than once. The Internet Engineering Steering Group approved 75 Internet-Drafts for publication as RFCs. The RFC Editor published 97 new RFCs. During IETF 73, one of the hot topics during the several sessions and many hallway discussions was IPv4 and IPv6 coexistence. The discussion of re-quirements for NAT-PT (network address translation-protocol translation) continues from the previous meeting. Throughout the week, an IPv6-only network was available for those who were interested in experiencing the Internet without IPv4. Using WebEx, several WGs conducted an experiment aimed at accommo-dating remote participants. In one WG session, a presentation was made by a participant in another location. In the plenary, WebEx was used in addition to the usual audio streaming to enable remote participants to follow the presentations. Enabling fruitful remote participation is one way the IETF will ensure that important work gets accomplished despite the potential for reduced meeting attendance brought on by the global economic downturn. I wish to extend a special thank-you to the authors of Beautiful Security, a new book being published by O'Reilly Media. All contributing authors are donating all royalties to the IETF. This contribution is greatly appreciated. I look forward to IETF 74 in San Francisco on 22-27 March 2009 and IETF 75 in Stockholm on 26-31 July 2009. Scheduling information regarding the next IETF meetings may always be found here. I look forward to seeing you there.

New BoF Meetings Descriptions and agendas for all BoF meetingsApplications Area oauth: Open Web Authentication Internet Area multimob: Multicast Mobility

 ]]> 900 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-15/ Sat, 07 Feb 2009 15:11:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=902 The Internet Architecture Board (IAB) has a number of responsibilities, one of which is to maintain the relationships between the IETF and external organizations. RFC 2850 describes the process in the following manner: The IAB acts as representative of the interests of the IETF and the Internet Society in technical liaison relationships with other organizations concerned with standards and other technical and organizational issues relevant to the world-wide Internet.” Not completely coincidentally, these are the same words I used when I opened this column in the October 2007 issue of the IETF Journal. I was recently reminded of that role when Sha Zukan, undersecretary of the United Nations, invited the IETF and the IAB, through the Internet Society (ISOC), to provide an annual performance report on the steps the organization has taken toward “enhanced cooperation” on public policy issues pertaining to the Internet (PDF).

Olaf Kolkman

Enhanced cooperation is a term that was coined during the 2005 World Summit on the Information Society. It is a fairly political term that can be seen as an attempt to shift the focus from control over the Internet to discussions about the roles of policy makers, governments, and other stakeholders. It is clear that the IETF has a role in promoting enhanced cooperation, particularly since we are one of the stakeholders in what is commonly referred to as the Internet's multistakeholder model. The IAB cooperates with ISOC to explain, clarify, and improve that model; in other words, multiple stakeholders cooperate to take their responsibility in managing and maintaining their part of the Internet's technical and policy environment. The stakeholders involved include various SDOs (standards-development organizations), such as the IETF, as well as the RIRs (Regional Internet Registries), ICANN (the Internet Corporation for Assigned Names and Numbers), user communities, and governmental and intergovernmental organizations. With the multistakeholder model in mind, the IAB report (PDF) highlighted the open and international nature of the IETF and its relationship to other organizations. It emphasized our commitment to the open development and evolution of the Internet protocol suite, and it underscores ISOC's vision of an Internet that benefits all people throughout the world. The role of the IETF within the multistakeholder model is a serious one. It takes real effort to participate responsibly in the various initiatives that are related to the multistakeholder process. Fortunately, ISOC is assisting us by handling the public policy and governance issues that concern the IETF. They do so by tracking developments, such as those within the Internet Governance Forum, and by flagging issues on which the IAB needs to take action on behalf of the IETF. That process allows us to focus on technical issues, such as assumptions about the evolution of the IP model, one of the IAB's technical work items, on which, I think it is fair to say, we had a successful technical plenary at this past meeting.]]> 902 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report-2/ Sat, 07 Feb 2009 15:12:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=904 Google’s Chris DiBona (left) accepts a plaque from IETF chair Russ Housley. Photo by Peter Löthberg

Note: This is not a complete report of the plenary sessions; rather, it is a summary of the highlights of the discussions. All IETF 73 presentations can be found here.

Following a few opening comments, Olaf introduced Chris DiBona of Google, which served as the host of IETF 73. “We’re proud to be hosting this event,” said Chris. “I use that term carefully and deliberately. We’re proud be-cause of the important work you do.” Chris described the IETF as a place where open source and open standards are enhanced. “The work you do,” he said, “is what keeps the Internet free.” The technical plenary was turned over to IAB member Dave Thaler, who gave a presentation on the history and evolution of the IP model. (See article by Dave based on his talk.) The presentation, which generated overwhelmingly positive feedback among attendees, elaborated on Dave’s recently sub-mitted Evolution of the IP Model Internet-Draft (draft-iab-ip-model-evolution-01.txt). “A couple of years ago,” said Dave, “Lixia [Zhang] once commented that while we talk about these assumptions, maybe someone should write down what this service model is. That is partly what got this started.” In addition to his detailed discussion of the IP service model and how it has evolved over time, Dave described how the Internet-Draft documents the properties of the IP layer as they are seen by upper-layer protocols and applications. The document also looks at properties that, if changed, could cause problems, and it provides much-needed guidance for protocol designers and implementers. “This work is well done,” said Dave Crocker during the question-and-answer portion of the technical plenary. “It is reflective, integrative, and practical. By turning out a paper with lessons learned, we are reminded that there are indeed lessons we need to learn.” John Klensin agreed, emphasizing the importance of taking a pragmatic and sober approach to the creation of a historical record. “Too often, institutional memory can get lost and be replaced by mythology,” he said. Drawing heavily on the wisdom of the late Jon Postel, Dave Thaler encour-aged IETF participants to frame their understanding of the evolution and future development of the IP model around Jon’s oft-repeated quote: “Be liberal in what effects you accept, and conservative in what effects you cause.”

Administrative Updates

As part of the administrative portion of the IETF 73 plenary, IETF chair Russ Housley announced that the “code sprint” on the Saturday before the meeting “was a big success.” Deployed during the week were Datatracker 2.09 and then version 2.12. Russ pointed out that the interface “has a new look and feel” and that even more would be happening in the coming weeks. He publicly thanked all of those involved, including Glen Barney, Lars Eggert, Pasi Eronen, Bill Fenner, Jelte Jansen, Tero Kivinen, Henrik Levkowetz, Alexey Melnikov, Chris Newman, Robert Sparks, and Magnus Westerlund. Russ also announced that all of the royalties of the soon-to-be published book Beautiful Security by John Viega, et al, are being donated to the IETF.

IAOC Report

An IAOC operations report from the IETF Administrative Oversight Committee (IAOC), which was put together by IAOC chair Jonne Soininen and IETF ad-ministrative director Ray Pelletier, reviewed the IETF’s financial position for the past year and announced that the organization is expected to break even in 2008. Unfortunately, registration revenues have been underperforming over the past few meetings, due mainly to a reduction in registrations. Jonne and Ray noted that registration revenue for IETF 73 was down sharply, approxi-mately USD 115,000 below budget. The revenue forecast for 2009 is expected to be USD 3.6 million. Meeting attendance is expected to decline, and registration fees are expected to increase from USD 635 to USD 675. Interim meetings could add approximately USD 328,000 in registration revenue. Ray and Jonne anticipate expenses in 2009 to reach USD 5.4 million, due in large part to the impact of several extraordinary expenses, such as USD 261,000 in interim meeting expenses and a USD 210,000 increase in IT infrastructure enhancement costs.

IETF 73 participants meeting in the hotel lobby. Photo by Peter Löthberg

Given the uncertainties of the global economy, the IAOC has proposed contingency plans for 2009. Assuming that meeting attendance falls by 20 to 30 percent, expenses can be cut in some areas, such as food and beverages; some equipment costs and support travel; and credit card fees. It was pointed out, however, that a number of other expenses couldn’t be reduced, such as expenses for the Information Sciences Institute contract for RFC Editor services, expenses for the Association Management Solutions contract for secretariat services, the Network Operations Centre (NOC) expenses for meetings, and the IETF Trust expenses. The discussion over dealing with budget shortfalls generated a number of comments by attendees. Dave Crocker expressed the need to increase opportunities for remote meetings, as opposed to relying so heavily on the larger IETF meetings. Russ responded that while there is a lot of work going into a remote meeting scheduled for the Real-Time Applications and Infrastructure area in January 2009, in the Internet area the interim meeting was creating a significant burden for the organizers. “We want to experiment with shifting this burden away from the working-group chairs to the secretariat,” he said. Meeting hosts are being sought for all meetings beginning in 2010. Companies interested in hosting an IETF meeting should contact Drew Dvorshak at dvorshak@isoc.org.

IETF Trust

Ed Juskevicius delivered a report on the IETF Trust, beginning with an announcement of legal provisions pertaining to IETF documents. Work on a new policy, as requested by the community in RFC 5377, has been completed, and the effective date of the new policy was set for 10 November 2008 (to coincide with the publication of RFC 5377 and RFC 5378). Read the newly published Legal Provision policy… New boilerplate language, which is now required for all new submissions to the IETF, was announced, and a transition plan for including the text in new submissions was approved. According to the policy, new submissions can use either the old or the new copyright text through 16 December 2008. After 01h00 UTC on that day, only submissions with the new boilerplate language will be accepted. The IETF Trust has started work on the updating of applicable document generating and verifying tools and templates for the new boilerplate text. The new text is as follows: “Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved”. This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documentsin effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this docu-ment. Additional boilerplate text for some documents includes the following:

Submission Compliance for all Internet-Drafts

This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79.

Derivative Works and Publication Limitations

(See Section 6.c of “Legal Provisions” policy.) Two different sets of text are possible for use on some working group documents (but never on any standards-track document. A brief discussion on the need to police the IETF logo and trademark followed, with some concern expressed by Ed over a handful of cases where the IETF logo is being used in social networking venues. Ed pointed out that it’s necessary to notify the offenders or risk losing the trademark. While there was general agreement among attendees over the need to police the IETF logo, a few issues were raised in response to the discussion about copyrights. During the question-and-answer portion of the plenary, Sam Hartman questioned the validity of the copyright process. “What happens if I am updating an old document, with the old license, or if I change jobs, and due to an employment contract, I don’t own the license?” he asked. According to Sam, 99 percent of the old documents were developed under the previous intellectual property-rights policy, which, he said, granted fewer rights. “I, as the author of an update, can’t give you rights that weren’t provided in the old document,” he said. Margaret Wasserman agreed with Sam that the new policy might need to be reviewed. “Let’s say, for example, that at some point someone wants to make a new type of IPv6 address,” she said. “And suppose we can’t find Bob Hinden. How can we give his rights to the IETF Trust for the expanded license when all he gave before were the more restrictive rights?” After some debate over whether the potential glitches in the new policy presented a problem for the IETF process, Jonne Soininen responded that he would look into the issue.

NomCom Report

Nominations Committee (NomCom) chair Joel Halpern said he was pleased with the response to the recent call for volunteers. The IETF NomCom makes appointments to fill open slots on the IAOC, the IAB, and the IESG (Internet Engineering Steering Group). Ten people are selected randomly from a pool of volunteers and there has been a critical need over the past year for volun-teers. For more information… By November 2008, 99 qualified volunteers had expressed an interest in serving. Of those, 10 members were selected and all are serving. The list of members can be found here. Currently, the NomCom is collecting feedback on issues related to areas, collective bodies, processes, and individuals, and it invites community feed-back and input on any other areas community members count as important. To date, feedback has been solicited from a number of individuals. Joel ex-pressed interest in hearing from folks the committee might not think to ask. Feedback can be sent tonomcom08@ietf.org.

NOC Report

Noah Weis reported that VeriLAN staff and volunteers staffed the NOC. On Sunday, the guest room wireless network was successfully switched on, and all public areas were wireless. Special thanks were extended to the University of Minnesota, including Frank DiGravina, David Farmer, Tim Peiffer, and Dan Westacott, as well as to Cisco, Infobox, and Juniper for the network hardware. In a question-and-answer session aimed at the IESG, Pete Resnick raised the issue of being better prepared for IETF meetings. Pete expressed concern that too many of the WG meetings are focusing on presentations rather than on interactive discussions. “Presentations are not the same as discussions,” Pete said. “The presentations need to be sent in advance so that the meeting time is devoted to the work.”

IETF 73 participants enjoyed a night out at Gameworks in Minneapolis. Photo by Peter Löthberg

“Pete makes an excellent point,” said Internet Research Task Force chair Aaron Falk, who said it is the responsibility of the WG chairs to make the best use of face time. “Area directors can help,” he said. “They could contact WG chairs in advance to see how they’re doing.” Not all agreed that this approach was prudent or even practical. Charles Perkins expressed some disapproval. “I don’t understand the emphasis on getting things done early,” he said. “The fact is, people are deadline driven. And they are working like crazy.” This article was posted on 23 February 2009 .]]> 904 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-attend-ietf-73/ Sat, 07 Feb 2009 15:14:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=906 Internet Society Fellowship to the IETF fellows, mentors, and ISOC staff attend IETF 73 in Minneapolis.

Before IETF 73, Terry Rupeni had a relatively good understanding of the work being done by the IETF. What he couldn't quite grasp was the work flow. After a few days, the mild-mannered engineer from Fiji was clearly in the flow, and he was becoming much more comfortable with the temperature, both inside and outside the hotel. As a newcomer to the IETF, Terry's trip to Minneapolis was made possible as part of the Internet Society (ISOC) Fellowship to the IETF programme. What did he think? “It's a little cold,” he said of the city. The temperature inside was a different story. “It can get a little hot in there,” Terry said, referring to both the working-group meetings and the plenary sessions. “Here people go right up to the mic,” he said. “Where I come from, it's not part of our culture to speak up in this manner. In Fiji, you don't voice your opinion in public.” Understanding the IETF from the inside out can be a cultural shock for many of the engineers who come from less-developed regions. IETF fellow Jean Philemon Kissangou, who serves as technical manager for an Internet service provider in the Republic of the Congo and as director on the Board of the regional Internet registry AfriNIC, imagined that IETF meetings were “a complicated thing.” Carlos Alberto Watson Carazon, who is from Costa Rica and who has attended LACNIC (Latin American and Caribbean Internet Addresses Registry) meetings, found the IETF experience uplifting. “The IETF respects opinions of people from other countries, and they respect other points of view,” he said. As the ISOC fellowship programme moves into its fourth year, the infusion of diverse cultures into IETF meetings is being felt both by fellows and by the IETF.

The Challenges Back Home

Being better prepared to tackle the challenges of managing or expanding access to the Internet in rural, remote, or developing regions is what motivates many of the fellows to apply to the fellowship programme. In Fiji, where Terry works as a network analyst at the University of the South Pacific, the Internet is still in its nascent stages. A government monopoly that ended nearly a year ago has given rise to four ISPs instead of one. The result has been increased competition and lower prices. Since the monopoly ended, Internet use has taken off in Fiji, mainly in the area of personal use, and Terry is quick to comment on the impact that that kind of use has had on the culture. People are learning to use Facebook, and e-mail is becoming the norm. And, as in most places, the mainstreaming of the Internet in Fiji has fundamentally changed how people in the country communicate. The challenge for engineers like Terry lies in how to expand access beyond cities and towns to rural areas, where access is generally limited. Since power supplies can be problematic, efforts are being made to explore solar energy as a way of powering networks, and the new ISPs are beginning to invest in wireless technologies. As a whole, when it comes to the Internet, Terry said that Fijians are interested and engaged. “There are not too many technological challenges,” he said. “We learn from developed countries. And more and more computers are coming from Malaysia.”

Fellow Jean Philemon Kissangou at IETF 73 in Minneapolis. Photo by Wendy Rickard

Philemon said that in the Congo, while access continues to be a problem in his country, the challenges he faces these days are IPv6 related. “Our network is only IPv4,” he said. “We need to adopt. I need to explain the benefits.” As in Fiji, it's been difficult to fund and build an infrastructure that would connect the rural regions of the Congo. Access in those areas is made available mainly via satellite, though Philemon said the government is now dedicated to laying down fibre. And while the Internet in the cities is increasingly available at Internet cafés and at some private companies, in schools, teachers complain that they don't have access. “Students would like to use the Internet, but they can't,” Philemon said. “Even within the government Internet use is limited.” In Carlos's corner of the world, Internet penetration is at roughly 24 percent. The problem, he said, is that in Costa Rica there are only two ISPs, and the government runs both of them. “With a government-controlled ISP,” he said, “getting connected can take up to six months.” Getting connected through a cable company is easier but considerably more expensive. Even so, said Carlos, cost is not the main issue; the main issue is access. “Most folks can afford the Internet,” he said. “They just can't easily get it.” Carlos believes strongly in the benefits the Internet offers, particularly in the areas of education, health care, and business development. He said he would like the government to do more to improve and expand access. “They should get behind open source,” which, he said, is not just more affordable but higher quality. The Polynesian island nation of Tuvalu is composed of four reef islands and five atolls. It is there that IETF 73 fellow Tenanoia Veronica Simona serves as an IT manager at the Tuvalu Telecommunication Corporation (TTC), one of two ISPs in the region (the other one is operated by the government). Currently, the Internet is available only on the main island of Funafuti, which is the capital of Tuvalu. According to Tenanoia, TTC provides WiFi connections primarily for government entities that are located outside the government building but also to some nongovernmental organizations. “As of last month” she wrote, “we have also started to provide ADSL connections to people at home.” Next they are targeting schools in general, but primary schools in particular. One of two secondary schools is currently accessing the Internet from Vaitupu, one of the outer islands. According to Tenanoia, the majority of the population isn't able to access the Internet yet, but she is hopeful that that will soon change. The challenge they face is their capacity to roll out the Internet to the outer islands, of which there are eight and all of which are separated by the Pacific Ocean. TTC is meeting that challenge by preparing to build a system that will prove capable enough to expand Internet access to the majority of the population in the outer islands. “We at TTC are trying to secure funds for this purpose,” she wrote. “It is our priority.” Tenanoia said the Internet is an important enabler in her part of the world. She said it can cut the cost of telephone communications, and it allows students to conduct research more quickly and efficiently than they can now. And, like the other fellows, she said access to the Internet is critical to adequate health care. “Our medical personnel are now able to conduct research online for solutions from the main hospital in Tuvalu,” she wrote.

Impressions from a Returning Fellow

“I was like an alien in Philadelphia,” Mohibul Hasib Mahmud said in between meetings at IETF 73. In Minneapolis, the IETF fellow from Bangladesh hit the ground running. Mohibul said the Internet is growing in his country, albeit slowly. He described it as an evolution in terms of technology development. Since 2006, though, it has been a revolution. That's when fibre was laid and Bangladesh was no longer dependent on satellite. Since then, usage has grown exponentially, in terms of both business and personal use. Working with an ISP is always challenging, said Mohibul. As a technologist, he must constantly grow with the infrastructure. Over the past year or two, subscriptions have increased, and there is a growing need for more IP addresses, so they work with the regional Internet registries. They also work hard to create services that would meet clients' needs, especially now that there are at least a couple of hundred ISPs in his country. According to Mohibul, regardless of the advances, penetration in his country is still too low and there's not much in the way of a telecom infrastructure. Internet access is available mainly in the cities, but even there, he said, there are problems, including a lack of computers. “Without computers,” he said, “there isn't much of a way to take advantage of the Internet.” Even with the challenges, Mohibul is pleased with the impact the Internet has had on communications in his country. “Lots of people go overseas for jobs,” he said. “Often, they are out of touch with family and friends for a long time. Telephoning is expensive. With the Internet, they are able to stay in touch.”

IETF 73 Fellows and Mentors

Jean Philemon Kissangou (Congo) Mentor: Alain Aina Carlos Watson Carazo (Costa Rica) Mentor: Roque Gagliano Tenanoia Veronica Simona (Tuvalu) Mentor: Fred Baker Terry Rupeni (Fiji) Mentor: David Farmer

IETF 73 Returning Fellows

Burmaa Baasansuren (Mongolia) Mohibul Hasib Mahmud (Banglasdesh) Veaceslav Sidorenco (Moldova)

 ]]> 906 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/jonathan-b-postel-service-award-granted-to-eslared/ Sat, 07 Feb 2009 15:16:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=908 Lois Postel, Postel Award winner Ermanno Pietrosemoli, and ISOC president Lynn St. Amour at the Postel Service Award ceremony in Minneapolis in November 2008. Photo by Kevin Craemer    Internet Society president Lynn St. Amour announced at the IETF 73 plenary that Fundación Escuela Latinoamericana de Redes (EsLaRed) had been granted the coveted Jonathan B. Postel Service Award. It is the first time in the 10-year history of the award that it has been given to an organization rather than to an individual. The 2008 award commemorates the 10-year passing of Internet pioneer Jonathan B. Postel, who is best known for being editor of the RFC series and for administering the Internet Assigned Numbers Authority (see article, next page). A private dinner and award ceremony, which took place later in the week, was attended by Jon Postel’s brother, Russ Postel, and Jon’s mother, Lois Postel, who presented the award to EsLaRed president Ermanno Pietrosemoli. Ermanno spoke of the announcement of the award as an emotional moment for both him and his organization. “We have been working for many years in the shadows, without much public fanfare or recognition,” he said. “This is a very special occasion, and I am very deeply grateful to the Internet Society and to the IETF, which have been supporting us for the past 10 years.” At the ceremony, Ermanno recalled having attended the INET meeting in Geneva in 1998, where he had the opportunity to meet and to get to know Jon, whom he described as a luminary. “I really feel very honoured to be somewhat humbly associated with his name,” he added. For the past 16 years, the little-known, Venezuela-based nonprofit EsLaRed has been training a new – and in some cases, the first – generation of Internet trainers and professionals, many of whom are forging Internet access in re-mote and under-served areas within and outside South America. EsLaRed’s efforts to facilitate scientific and technical progress in Latin America and the Caribbean have been instrumental in forming what is today a vibrant and dy-namic Internet community in the region. In August 2008, EsLaRed participated in the effort to build a high-speed, 162-kilometre long wireless network in Malawi. The network is being used to enhance medical and educational applications at the University of Malawi. EsLaRed is also responsible for the design of a wireless data network in the Galápagos Islands. What makes EsLaRed’s approach to network training unique is its insistence on teaching the technology that is available. “Even if we could afford more-sophisticated technologies, what would be the point?” Ermanno asked during an interview in Minneapolis. “It’s more important to have students master what they have and what they need to get the job done.” In one case, students were taught how to build an antenna out of a can, and then they were in-structed to take their antennas home and make them work. “Most of the time, people don’t see technology as belonging to them,” he said. “It’s not part of their daily life. So for them, to build an antenna and realize that it works makes a big difference in their lives.” Seeing the difference that the Internet makes on people’s lives has been a key motivator for both Ermanno and EsLaRed. “I’m very excited because we are in a part of the world that isn’t a hot spot for technology,” he said. “So we can see how the Intenet actually changes lives.” Since 1992, EsLaRed, with support from its worldwide and regional spon-sors, has conducted network training workshops nearly every year in locations throughout Latin America and the Caribbean, including Argentina, Brazil, the Dominican Republic, Ecuador, Mexico, and Peru. “We have been working at this for many years,” said Ermanno, “and it has been hard at times.” At the ceremony, Lynn read a statement called Remembering Jon that was prepared by Vint Cerf . “Always a strong believer in the open and bottom-up style of the Internet,” wrote Cerf, “Jon would . . . be pleased to see that the management of the Internet address space has become regionalized and that there are now five Regional Internet Registries cooperating on global policy and serving and adapting to regional needs as they evolve. He would be equally relieved to find that the loose collaboration of DNS root zone operators has withstood the test of time and the demands of a hugely larger Inter-net, showing that their commitment has served the Internet community well.”]]> 908 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/in-memory-of-jon-postel/ Sat, 07 Feb 2009 15:17:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=910 Jon Postel. Photo by Peter Löthberg

Last October marked the 10-year anniversary of the passing of Internet engineer, standard-bearer, and icon Jon Postel. While Jon's work contributed in countless ways to the advancement and smooth functioning of the Internet, it was his role as RFC editor-a role he created and held from April 7, 1969, until his untimely death on October 16, 1998-and his work with the IANA (Internet Assigned Numbers Authority) that are of particular significance to the IETF community. To those who knew him, Jon was a brilliant and astute engineer whose soft-spoken manner belied his dogged pursuit of excellence, a characteristic especially evident in his role as editor of the RFC document series. His feedback to authors was not confined to grammar and phrasing, for which he was a stickler; it included any potential inconsistencies, ambiguities, and duplications of effort. Jon's longtime colleague Joyce Reynolds, wrote in RFC 2555 that while operating systems and computers have changed over the years, “Jon's perseverance about the consistency of the RFC style and the quality of the documents remained true.” Equally impressive, especially in hindsight, was Jon's ability to anticipate the need for keeping track of the work. “Somehow, Jon knew, even 30 years ago, that it might be important to document what was done and why, to say nothing of trying to capture the debate for the benefit of future networkers wondering how we'd reached some of the conclusions we did (and probably shake their heads…),” wrote Vint Cerf, also in RFC 2555. It wasn't always easy. According to Jake Feinler, “Jon often took merciless flak from those who wanted to continue discussing and implementing, or those whose ideas were left on the cutting-room floor. Somehow he always managed to get past these controversies with style and grace and move on.” Jon not only edited the RFC series; he also authored or coauthored more than 200 of them (seehttp://www.postel.org/postel.html). In September 1981, he wrote RFC 791, which described the Internet Protocol, as well as RFC 792 (the Internet Control Message Protocol) and RFC 793 (Transmission Control Protocol). In 1982, he authored RFC 821, which defined the Simple Mail Transfer Protocol. According to Bob Braden, who worked with Jon at the Information Sciences Institute of the University of Southern California, there were many aspects of the IETF culture that matched Jon very well. “Dedication to making things that work, a neverending attempt to keep protocols as simple and powerful as possible, and a slight counter-cultural tinge all characterized Jon,” Bob wrote in a memo to the IETF after learning of Jon's passing. Jon's prescience, talent, and meticulous approach to his work are characteristics that stand out for many engineers and Internet developers from that time. “As far as I know,” wrote Bob, “Jon had no model to follow when he wrote RFCs 791, 792, and 793, yet the result was a model that I personally have spent nearly 20 years studying and trying to emulate. Jon's contribution was not just the skill and grace of his editorial style; in writing these documents, Jon determined much of the detailed content, interpreting and elaborating the ideas of others to produce one seamless whole.” In January 1980, Jon wrote the statement that many say most accurately described his philosophy toward life: “In general, an implementation should be conservative in its sending behaviour, and liberal in its receiving behaviour.” The comment, which appeared in RFC 760, was amended a year later by Jon in RFC 793 to the oft-repeated: “Be conservative in what you do; be liberal in what you accept from others.” On the 10-year anniversary of his passing, Vint, who wrote Jon's obituary and published it under the playful title of RFC 2468 (I Remember IANA), reminds us of the significance of that statement, not just for Jon, but also for the community at large. “[Although] he meant [it] in the context of detailed protocols, it also serves as a reminder that in a multistakeholder world, accommodation and understanding can go a long way towards reaching consensus or, failing that, at least toleration of choices that might not be at the top of everyone's list.” Vint has served as a prolific interpreter of Jon’s legacy, describing him as the network's Boswell.(1)However, it was Jon's “devotion to quality and his remarkable mix of technical and editing skills that permeate many of the more monumental RFCs that dealt with what we now consider the TCP/IP standards,” wrote Vint. “Many bad design decisions were reworked thanks to Jon's stubborn determination that we all get it “˜right.' As the editor, he simply would not let something go out that didn't meet his personal quality filter. There were times when we moaned and complained, hollered and harangued, but in the end, most of the time, Jon was right and we knew it.”   References: 1. James Boswell was an 18th Century Scottish lawyer, diarist, and author whose name has become a term used to describe a constant companion and observer. Read more…]]> 910 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv4ipv6-coexistence-and-transition/ Sat, 07 Feb 2009 15:18:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=912 This article in Japanese, translated by Miyata Tomoki The Internet faces a transition from its traditional IPv4 to IPv6, with a period of coexistence. Here is one technologist's view of the road ahead for the Internet Protocol and IP networks from the perspective of work happening in the IETF. The time is rapidly approaching when the last of the IPv4 address space will be allocated. Even though options are being considered that would enable the trading of IPv4 address space as a commodity (which has important implications for routing) as well as for sliding an ISP interconnection layer underneath the IP protocol, networks requiring new address space in large amounts will deploy IPv6. Therefore, some form of coexistence and, eventually, a transition are inevitable. To that end, the IETF has explored several transition mechanisms, most of which are described in RFC 4213. According to thefreedictionary.com, a transition is a “Passage from one form, state, style, or place to another.”? As such, a protocol transition from IPv4 to IPv6 requires two events:

• IPv6 must be turned on in routing, on application servers and services, and on the peer or client systems that use or participate in those services
• IPv4 must be turned off-at least in the network.

Two serious questions arise from that observation.

• How long a time period should be allowed between those events? Does one turn IPv4 off and IPv6 on simultaneously, or does one turn on IPv6, allow a time interval to elapse, and turn IPv4 off later? If the latter, how long a time interval is rational?
• How are IPv6 datagrams carried in an IPv4 network before IPv6 is turned on? How are IPv4 datagrams carried in an IPv6 network after IPv4 is turned off? There are two broad categories of solutions: tunnelling solutions and translation solutions.

IPv4/IPv6 Coexistence

From the IETF's perspective, the optimal approach for existing networks is to focus not on transition but on coexistence. Turn on IPv6 now and start using it; turn IPv4 off at some point in the future when it is no longer a business requirement. Therefore, in the opinion of the IETF, network administrators should:

• Turn on IPv6 routing in their existing IPv4 networks.
• Contract IPv6 service with their upstream, peer, and downstream neighbours.
• Use the IPv6 protocol in addition to IPv4 in their applications and services both on server equipment and on their clients.

In doing so, network administrators will likely find software and hardware that are old or for some reason cannot be upgraded. They should schedule those upgrades as their budget allows. The reason to support coexistence of this type should be obvious: If IPv6 isn't working or if another network does not yet support IPv6, the affected applications or services will remain available via IPv4. Providing coexistence in network layer routing can be accomplished in any one of three ways:

• Enabling IPv6 on routers that carry IPv4
• Enabling IPv6 on other routers as a parallel network internal to the customer-perceived network
• Enabling IPv6 on a separate parallel network directly visible to neighbouring networks and customers

Building parallel networks is obviously far more expensive than turning on IPv6 on the existing equipment.

Overlay Networks

To date, before native IPv6 routing and applications were turned on, IPv6 has been in use via overlay networks that were built using tunnels or multiprotocol label switching. Initially, 6BONE and 6NET routed IPv6 through static tunnels. Dynamic approaches have since been developed, though, such as 6to4 (RFC 3056), Teredo (RFC 4380), and ISATAP (RFC 5214). One solution that has been proposed for broadband access networks involves having the ISP continue to manage an IPv4 network, with IPv6 running as a tunnel overlay between the customer-provided-equipment (CPE) router and an ISP-identified tunnel endpoint. In this model the ISP does not offer native IPv6 service. As a transitional deployment step, the ISP indicates the IPv4 address of a tunnel endpoint to CPE routers when it configures them, and it includes an IPv6 prefix using DHCP-PD. This allows the ISP to traverse the parts of its network that are not yet ready to support native IPv6 forwarding. The tunnelling of IPv4 through IPv6 is analogous to the tunnelling of IPv6 through IPv4, though only static tunnels are defined at this point.

Translation Technologies

Translation between IPv4 and IPv6 is not generally considered a viable long-term strategy, if only because it begs the question of the size of the address. If IPv6-to-IPv4 translation is sufficient to address the systems to which a user needs access, then one needs only to reallocate the existing IPv4 address space to solve the problem. Translation is, however, generally recognized as a necessity in certain cases to provide connectivity between IPv6-only and IPv4-only systems or networks. The issues that arise relate in part to path- MTU (maximum-transmission-unit) detection, which is often problematic in IPv4 networks but is required in IPv6 networks. Other issues involve supporting applications that are not designed on a client/server architecture or that require a sophisticated firewall traversal mechanism. The Stateless IP/ICMP (Internet Control Message Protocol) Translation Algorithm (SIIT) (RFC 2765) is implemented in a translating router. The router advertises one or more IPv4 prefixes (perhaps host addresses) in IPv4 routing and a prefix in IPv6 routing. By defined transforms, it translates between IPv4 and IPv6 and between ICMP and ICMPv6. NAT-PT (RFC 2766) extends the SIIT concept with a DNS application layer gateway. The gateway replicates A records from the IPv4 network as AAAA records carrying SIIT-compliant addresses in the IPv6 domain and advertises A records for the IPv6 hosts with SIIT addresses in the IPv4 domain. Doing this statelessly, however, implies either host routing in the IPv6 network, which has scaling issues, or a small IPv6 domain-nominally a single LAN-attached to a much larger IPv4 domain, because the upper 96 bits of the address in the IPv6 domain are static. There is one problem with SIIT and NAT-PT: they are designed to enable small IPv6 islands to operate within a general IPv4 network, and they do not scale well in a more general deployment. Hence, the IETF is at this point working on next-generation translation technologies intended to support more general deployment, based on operational experience with SIIT, NAT-PT, and CERNET-CNGI's (China Education and Research Network-China Next-Generation Internet's) IVI prototype. This is expected to help larger networks deploy new services using IPv6-only networks before they become able to get all of their existing users to turn on IPv6. As IPv6 becomes generally deployed, the need for translation disappears and one can expect the technology to disappear, overtaken by events.

Issues and Objections

Specific objections surround the business issues associated with IPv4-to-IPv6 transition and coexistence, including the costs of transition, the readiness of the protocol and its implementations, and the larger problems of routing and addressing.

Business Matters

If, as forecasts project, it becomes necessary to deploy IPv6 in order to obtain large amounts of address space inexpensively, then a company that fails to deploy IPv6 fails to offer connectivity to those new markets. Geoff Huston and others project that instead of widescale IPv6 deployment, a market for IPv4 address space will develop, with providers leasing or selling address space among themselves. In short, IPv6 connectivity is likely to be cheaper to deploy than IPv4 connectivity in the long term, and the revenue that connectivity brings is likely to be the same regardless of protocol. With IPv6, longterm profit potential is likely to be greater.

Operational and Capital Costs

As previously noted, one way to minimize business risk when deploying IPv6 is to deploy it in a network separate from the one running user services for IPv4. Running IPv4 and IPv6 at the same time will cost more than running either one alone. Once IPv6 usage gets widely deployed in the network and IPv6 has been shown to be sufficient for the purpose, it would be wise to start removing IPv4 A and MX records in the DNS. This will enhance the use of IPv6 by taking IPv4 usage out of service, but it will do so without actually taking the service offline. If issues arise, restoring the DNS records restores IPv4 service. At some point, it should become clear that there is no IPv4 usage of the affected services, and IPv4 support is no longer a business requirement.

Protocol Implementation and Readiness

No doubt, in the process of deployment, issues will arise, just as they do when deploying services using IPv4. Eventually, IPv6 deployment and coexistence implies a transition from IPv4 to IPv6; if there is reason to step into coexistence, eventually there will be users with only IPv6 service, and communicating with them will force other networks to follow. In time, the business case for maintaining IPv4 connectivity will become questionable.

The Way Forward

As stated earlier, this author believes that IPv6 deployment will help address problems that the Internet is starting to experience and will experience in detail in a few years. From this author's perspective, the coexistence model is the least painful form of transition. It has monetary costs and other risks, but that is true of all transitions. This one also has a safety net built in, which more sudden approaches do not.]]> 912 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/kenet-a-bandwidth-management-case-study/ Sat, 07 Feb 2009 15:19:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=914 914 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/revisiting-unwanted-traffic/ Sat, 07 Feb 2009 15:21:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=916 “BGP route hijacking: in a survey conducted by Arbor Networks, route hijacking together with source address spoofing are listed as the two most critical vulnerabilities on the Internet. It has been observed that miscreants hijack bogon prefixes for spam message injections. Such hijacks do not affect normal packet delivery and thus have a low chance of being noticed.” “Everyone comes from Everywhere: in the earlier life of the Internet it had been possible to get some indication of the authenticity of traffic from a specific sender based for example on the Time To Live (TTL). The TTL would stay almost constant when traffic from a certain sender to a specific host entered an operators network, since the sender will “˜always' set the TTL to the same value. If a change in the TTL value occurred without an accompanying change in the routing, one could draw the conclusion that this was potential unwanted traffic. However, since hosts have become mobile, they may be roaming within an operator's network and the resulting path changes may put more (or less) hops between the source and the destination. Thus, it is no longer possible to interpret a change in the TTL value, even if it occurs without any corresponding change in routing, as an indication that the traffic has been subverted.” “Packet source address spoofing: there has been speculation that attacks using spoofed source addresses are decreasing, due to the proliferation of botnets, which can be used to launch various attacks without using spoofed source addresses. It is certainly true that not all the attacks use spoofed addresses; however, many attacks, especially reflection attacks, do use spoofed source addresses.” Key areas of routing infrastructure security work are being pursued in the SAVI (Source Address Validation Improvement) and SIDR/RPSEC (Secure InterDomain Routing/Routing Protocol Security) working groups. SAVI seeks to define a finer-grained mechanism for source IP address validation than ingress filtering. As described in its charter, “Partial solutions exist to prevent nodes from spoofing the IP source address of another node in the same IP link (e.g., the “˜IP source guard'), but are proprietary. The purpose of the ["¦] Working Group is to standardize mechanisms that prevent nodes attached to the same IP link from spoofing each other's IP addresses.” The potential for mischief with such within-network (“on link”) spoofing should not be discounted: compromised hosts could provide packets masquerading as critical infrastructure responses, such as spoofing gateway Address Resolution Protocol (ARP) packets and injecting false Dynamic Host Configuration Protocol (DHCP) responses, among others. Generally, having a finer granularity for validating source IP addresses and treating validation outcomes would be helpful in a number of situations. As part of network management policy options, depending on the situation, it might be desirable to block spoofed packets or merely log packets that appear to be spoofed. Therefore, the SAVI work is an important piece in the puzzle of preventing and mitigating unwanted traffic. RPSEC was chartered to document the security requirements for routing systems and, in particular, to produce a document on Border Gateway Protocol (BGP) security requirements. Complementarily, the scope of work in the SIDR working group is to formulate an extensible architecture for an interdomain routing security framework and developing security mechanisms that fulfil requirements that have been agreed on by the RPSEC working group. The first order of business for SIDR is to develop an architecture and framework for a repository to allow formal validation of routing activities. This will take the form of an accessible database of formally verifiable descriptions of who has the right to use particular IP addresses or to announce routes for a given autonomous system. Deploying this will require cooperation among the Regional Internet Registries, network operators, and others. However, it is the necessary foundation for secure interdomain routing, source address verification (beyond individual network boundaries), and other important routing security mechanisms. These working groups are active, and clearly, their output will be useful in addressing some of the vulnerabilities identified by the IAB workshop. SAVI results could certainly help mitigate issues in address spoofing at all levels. Securing the routing infrastructure would make it considerably harder to inject bogus routes into the global routing fabric. It is hard to overestimate the importance of the eventual win from developing and deploying these technologies: route hijacking, both deliberate and accidental, has happened on a global scale, and the ramifications were felt up through “Layer 9″ (global politics). Another area of longstanding infrastructure security development is, of course, DNSSEC (DNS Security). While the technology has been available for quite a while, there is now some movement toward deployment. Some ccTLDs, such as .se, have deployed it. One gTLD, .org, has announced plans to deploy it. And there are discussions about whether, or how, to sign the root itself-a critical step toward ensuring the feasibility of a complete DNSSEC infrastructure and permitting authentication of DNS results. While DNSSEC itself does not prevent spam or phishing, it is a critical piece of infrastructure that provides the foundation for reliable, trustable infrastructure that will address those issues more directly. While it is common to shrug and sigh at the inconvenience of unwanted traffic, it is an important area to address because it goes to the question of the Internet's evolution. The Internet has been developed, deployed, and built out based on a model of voluntary adherence to open standards and cooperative activity. That makes for an infrastructure that is immune to mandated change, which is both a feature and a challenge. The Internet is certainly no longer treated as the research network it was originally; it has become an integral part of the fabric of day-to-day lives, businesses, and civil organization in all developed-and many developing-countries. To preserve the characteristics of operation that facilitate innovation at the edges, we need to demonstrate that the Internet can, in fact, evolve to meet the increased requirements: more security, moving from implicit trust in its operators to reasonable expectations of trust of the infrastructure itself. Three years ago, the IAB workshop identified some key areas for concern. As noted earlier, the IETF's work has continued to develop more proactive, viable, infrastructure-securing technologies. The next, and perhaps most critical, step is to move toward global adoption and deployment of those technologies to address the network scourge that is unwanted traffic.  ]]> 916 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/resource-certification/ Sat, 07 Feb 2009 15:22:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=918 Public Key Cryptography One commonly used security technology is public key cryptography. As long as a suitable amount of vague hand waving is used, the technique can be easily explained. The approach uses a pair of keys, A and B. Anything enciphered with key A can be deciphered only with key B and vice versa, and knowledge of the value of one key does not lead to discovery of the value of the other key. Key A is kept as a closely guarded secret, while key B is openly published. If I want to send you a message that only you can decipher and read, I should encrypt it using your public key. If I want to send you a message that only I could've sent (nonrepudiation), then I'll generate a digital signature of the message by using my private key. That way any attempts to alter the message will also be detectable. This latter approach, of using keys to generate digital signatures of messages, lies at the heart of DNSSEC, because DNSSEC adds public keys and digital signatures to the DNS. A DNS query can generate a response that lists both the DNS answer and the digital signature of that answer. The DNS can also be queried to retrieve the public key that is used for signing all the components of that zone, so that the digital signature can be verified and the query agent can be assured that the response is a genuine one. But how can the key itself be verified? IN DNSSEC the hierarchical nature of the DNS itself is exploited by having each zone “parent” sign the keys of its delegated “children.” So the zone key can be verified by retrieving the parent's signature across that zone key, and so on to the root of the DNS. As long as the query agent knows beforehand the value of the public key used to sign the root zone of the DNS and as long as DNSSEC is used universally, all DNS responses can be verified in DNSSEC. While this approach works in the interlocked hierarchical structure of the DNS, when we turn our attention to securing the use of IP addresses and AS numbers in the context of interdomain routing, then there is no comparable hierarchy to exploit. In such cases a common solution is to turn to digital certificates. A digital certificate is a digitally signed public attestation by a certification authority that associates a subject's public key value with some attribute of the subject. A very typical application is in identity certification, where the certification authority is attestation that the holder of the private key whose matching public key is provided in the certificate has met the authority's certification criteria to be identified by a particular name. Digital certificates are useful because they are able to reduce the number of trust points in a security domain, so that each individual member of the domain does not have to validate identity and exchange public keys with every other member of the domain but can undertake a single transaction with a certification authority that is trusted by all the members of the domain. As long as every member of the domain carries the public key of the certification authority and can access all issued digital certificates, the members of the domain can verify each other's attestations and digital signatures. Of course, digital certificates are used for far more than attestations of identity and can encompass the authority to perform specific tasks, undertake particular roles, or grant permissions and right-of-use authorities. It is that last-use case that is relevant to resource certification.

Resource Certificates

A resource certificate is a conventional X.509 certificate that conforms to the PKIX profile (RFC 5280) with one critical component-namely, a certificate extension that lists a collection of IP number resources (IPv4 addresses, IPv6 addresses, and AS numbers) (RFC 3779). These certificates attest that by virtue of an associated resource allocation, the certificate's issuer has granted to the entity represented by the certificate's subject a unique right-of-use of the associated set of IP number resources listed in the certificate's extension. The unique right-of-use concept mirrors the resource allocation framework, where the certificate provides a means of third-party validation of assertions related to resource allocations (draft-ietf-sidr-arch). By coupling the issuance of a certificate by a parent Certification Authority (CA) to the corresponding resource allocation, a test of a certificate's validity including the IP number resource extension can also be interpreted as validation of that resource allocation. Signing operations that descend from that certificate can therefore be held to be testable-under the corresponding hierarchy of allocation. In other words, if you received your address block from a particular Regional Internet Registry (RIR), then only that RIR can issue a resource certificate for you that includes your public key and the allocated number resources. Anything you sign using your private key can be verified via the RIR's issued certificate. Unlike certificates that relate to attestations of identity, resource certificates are not necessarily longlived. When an additional allocation action occurs, the associated resource certificate is reissued with an IP number resource extension that matches the new allocation state. In the case of a reduction in allocated resources, the previously issued certificates are explicitly revoked once the new certificate is issued. In other cases there is no explicit revocation of the older certificates. The intention here is that any instrument signed by the subject's private key that relates to an assertion of resource control, whether it's a protocol message in a routing protocol or an administrative request to an ISP to route a prefix or an assertion of title over the right-of-use of a number resource, can be validated through the matching public key contained in the certificate and the IP number resource that are enumerated in this certificate. The resource certificate itself can be verified in the context of a resource certificate Public Key Infrastructure.

The Resource Certificate Public Key Infrastructure

The Resource Certificate Public Key Infrastructure (RPKI) describes the structure of the certification framework used by resource certificates. The intent of the RPKI is to construct a robust hierarchy of X.509 certificates that allows relying parties to validate assertions about IP addresses and AS numbers and their use. The structure of the RPKI as it relates to public use of IP number resources is designed to precisely mirror the structure of the distribution of addresses and ASs in the Internet, so a brief description of this distribution structure is appropriate. The Internet Assigned Numbers Authority (IANA) manages the central pool of number resources. The IANA publishes a registry of all current allocations. The IANA does not make direct allocations of number resources to end users or Local Internet Registries (LIRs). Instead, it allocates blocks of number resources to the RIRs. The RIRs perform the next level of distribution: allocating number resources to LIRs, National Internet Registries (NIRs), and end users. NIRs perform allocations to LIRs and end users, and LIRs allocate resources to end users (figure 1). The RPKI mirrors this allocation hierarchy. One interpretation of this model would see the IANA manage a root RPKI key, and using this key, the IANA would issue a selfsigned root certificate and also issue subordinate certificates to each of the RIRs, describing in the resource extension to the certificate the complete set of number resources that have been allocated to that RIR at the time of issuance. The certificate would also hold the public key of the RIR and would be signed by the private key of the IANA. Each RIR would issue certificates that correspond to allocations made by that RIR, where the resource extension to those certificates lists all the allocated resources, and the certificate includes the public key of the recipient of the resource allocation, signed with the private key of the RIR. If the recipient of the resource allocation is an LIR or an NIR, then it too would issue resource certificates in a similar vein (figure 2). The common constraint within this certificate structure is that an issued certificate must contain a resource extension that contains a subset of the resources that are described in the resource extension of the issuing authority's certificate. This corresponds to the allocation constraint that a registry cannot allocate resources that were not allocated to the registry in the first place. One implication of such constraint is that if any party holds resources allocated from two or more registries, then it will hold two or more resource certificates in order to describe the complete set of its resource holdings. Validation of a certificate within this RPKI is similar to conventional certificate validation within any PKI-namely, establishing a chain of valid certificates that are linked by issuer and subject from a nominated trust anchor Certification Authority (CA) to the certificate in question. The only additional constraints in the RPKI are that every certificate in this validation path must be a valid resource certificate and that the IP number resources described in each certificate are a subset of the resources described in the issuing authority's certificate. Within this RPKI, all resource certificates must have the IP addresses and AS resources present as well as marked as a critical extension. The contents of these extensions correspond exactly to the current state of IP address and AS number allocations from the issuer to the subject. Any holder of a resource who is in a position to make further allocations of resources to other parties must be in a position to issue resource certificates that correspond to these allocations. Similarly, any holder who wishes to use the RPKI to digitally sign an attestation needs to be able to issue an End Entity (EE) certificate to perform the digital signing operation. For that reason, all issued certificates that correspond to allocations are certificates with the CA capability enabled, and each CA certificate is capable of issuing subordinate CA certificates that correspond to further sub-allocations and subordinate EE certificates that correspond to generation of digital signatures on attestations. The RPKI makes conventional use of Certificate Revocation Lists (CRLs) to control the validity of issued certificates, and every CA certificate in the RPKI must issue a CRL according to the CA's nominated CRL update cycle. A CA certificate may be revoked by an issuing authority for a number of reasons, including key rollover, the reduction in the resource set associated with the certificate's subject, or termination of the resource allocation. To invalidate the authority or attestation that was signed by a given EE certificate, the CA issuing authority that issued the EE certificate simply revokes the EE certificate. Resource certificates are intended to be public documents, and all certificates and objects in the RPKI are published in openly accessible repositories. The set of all such repositories forms a complete information space, and it is fundamental to the model of securing the public Internet's interdomain routing system that the entire RPKI information space be available. Other uses of the RPKI might permit use of subsets, such as the single chain from a given end-entity certificate to a Trust Anchor, but routing security is considered against all known publicly routable addresses and AS numbers, and so all known resource certification outcomes must be available. In other words, the RPKI's intended use in routing contexts is not a case where each relying party may make specific requests for RPKI objects in order to validate a single object, but one where each relying party will perform a regular sweep across the entire set of RPKI objects in order to ensure that the relying party has a complete picture of the RPKI information space. This aspect of the RPKI represents some interesting challenges, in that rather than having a single CA publish all the certificates produced in a security application at a single point, the RPKI permits the use of many publication points in a widely distributed fashion. Each CA is able to issue RPKI objects and publish them using a locally managed publication point. It is incumbent upon relying parties to synchronise a locally managed cache of the entire RPKI information space at regular and relatively frequent intervals. For that reason, the RPKI has introduced an additional mechanism in its publication framework-namely, the use of a manifest to enable relying parties to determine whether they have been able to retrieve the entire set of RPKI published objects from each RPKI repository publication point or whether there has been some attempt to disrupt the relying party's access to the entire RPKI information set. It also implies that the RPKI publication point access protocols should support the efficient function of a synchronisation comparison, so that a locally managed cache of the RPKI needs call for the uploading of only those objects that have been altered since the previous synchronisation operation.

Signed Attestations and Authorities

The underlying intent of digital certificates-and resource certificates in particular-is in terms of supporting a transitive trust relationship that allows a relying party to verify the authenticity of a signed artefact through verification of the signer's key using the PKI. So the obvious question is, What artefacts are useful to sign? Much of the motivation for resource certificates has come from a desire to underpin efforts in securing aspects of interdomain routing. This goes well beyond securing the individual point-to-point connection used between BGP speakers and refers to the matter of verifying the authenticity of the payload of the BGP exchange. The specific question that may be posed is, How can a BGP speaker validate the authenticity of the route object being presented to it? The approach being studied by the SIDR working group is to use structured attestations, where, like the digital certificate itself, the attestation is structured in an ASN.1 digital object, and this object is signed using a signing formation that is itself a piece of structured ASN.1-namely, the Cryptographic Message Syntax (CMS) (RFC3852). The first of these attestations relates to the ability to verify the authenticity of the “origination” of an interdomain routing object. This refers to the address prefix and the originating AS, and the questions that this verification function is intended to answer are: Is this a valid address prefix and AS number? Have these resources been allocated through the IP number resource allocation process? Has the holder of the title of right-of-use” for the address prefix authorised the AS holder to originate a routing advertisement for this prefix? Here an address holder is authorising a particular ISP to generate a route announcement for the address holder's particular address prefix. In this case, the prefix holder would generate an EE resource certificate with the IP number resource extension spanning the set of addresses that match the address prefixes that are the intended subject of the routing authority and would place validity dates in the EE certificate that correspond to the intended validity dates of the routing authority. The signed authority document would contain the Autonomous System number that is being authorised in this manner; a description of the range of prefixes that the prefix holder has authorised; and the EE certificate. The document would be signed by the EE certificate's private key by using a CMS signing structure. The resultant object is published in the RPKI distributed publication repository as a Routing Origin Authorization (ROA). A relying party can validate the ROA by checking that the digital signature in the ROA is correct, indicating that the authority document has not been tampered with in any way since it was signed, that the resources in the associated EE certificate encompass the prefixes specified in the document, and that the EE certificate itself is valid in the context of the RPKI by verifying that there is an issuer/subject chain of valid certificates that link one of the relying party's nominated Trust Anchors to the EE certificate. The ROA itself is valid as long as the signing EE certificate is valid. To withdraw the authority prior to the expiration of the EE certificate, the ROA publisher can simply revoke the EE certificate. This leads to the concept of one-off-use EE certificates in the RPKI, where a key pair and a corresponding EE certificate are generated in order to sign a single attestation or authority. If the authority's lifetime is extended, the authority is reissued with a new EE certificate and with a new digital signature; and, as noted, the authority can be prematurely terminated through revocation of the EE certificate, so that at no stage is there a need to reuse the original signing private key. Once the private key has been used to sign this object, the key is destroyed, alleviating to some extent the total key management load. In any security system, knowledge of what is authorised is helpful, but knowledge of what has not been authorised is perhaps even more helpful. For ROAs there is a situation analogous to DNSSEC, where DNSSEC is most effective from a client's perspective once the entire DNS space is DNSSEC signed. Where there are gaps in the DNSSEC signing chains, the client is left in an uncertain state regarding the verification outcomes of the unlinked DNS subhierarchies. The same could apply to ROAs, in that in an environment where not every originated route object has a published ROA, the absence of an ROA does not necessarily indicate an unauthorized route origination. If one of the objectives of this study is to define a framework that can unambiguously identify the unauthorized use of IP number resources in routing (route hijacks) even in a world where ROAs are used in a piecemeal fashion, then one possible refinement to the ROA model is the introduction of a comparable negative authority, the Bogon Origin Attestation (BOA). In this case, the prefix holder generates a signed attestation, or BOA, in a manner similar to the ROA but does not provide any originating AS. Instead, the BOA refers to “all originating ASs” and has the semantic interpretation that any use in the routing space of this address prefix described in the BOA, or any more specific address prefix, should be regarded as unauthorized and the route should be discarded. While this makes the detection of route hijacks more direct in a world of piecemeal use of ROAs, there is now the added complication of having both positive and negative authorities. The proposed resolution of this is to use a relative priority rule that ROAs take precedence over BOAs, so that if both a valid ROA and a valid BOA exist that describe the origination component of a route, then the route can be regarded as authorised. It should be noted, however, that at this stage these concepts are works in progress, and are part of the SIDR working group's agenda of study, and the working group has not as yet reached any consensus position regarding the decision to advance these proposals onward along the Internet Standards Process. Also on the near-term horizon, SIDR is examining approaches to secure the AS Path in BGP updates. The RPSEC (Routing Protocol Security Requirements) working group has explored two approaches in this space. One involves an incremental multiple-signature technique that allows a receiver of a BGP update to verify that the AS path described in the update is matched by a sequence of interlocking AS digital signatures using the RPKI. At the same time as an AS adds its own AS to the AS path prior to further eBGP propagation of the route update, the AS would digitally sign over an analogous sequence of AS signatures. This approach allows a receiver to perform a match of the AS sequence in the AS Path with the AS number sequence identified in the AS signature block. A match here would indicate that the BGP update has indeed been sequentially passed along the sequence identified by the AS Path. This approach was originally proposed in the sBGP design and has attracted some comment related to the computation overhead associated with the application and validation of these AS Path signature sequences. An alternative approach has been one that is described by RPSEC as being less rigorous and refers to a “feasibility” check that checks that each pair of ASs represented in the AS Path has an associated verifiable assertion of inter-AS adjacency that is digitally signed by both ASs. It should also be noted that this activity of addressing aspects of improving the robustness of interdomain routing has some previous context. In many parts of the Internet, some degree of routing integrity is managed through the use of Internet Routing Registries (IRRs) and the publication of routing policies through the use of Routing Policy Specification Language (RPSL) objects. While opinions vary as to the robustness of the security offered by the IRR approach, at the very least it can mitigate some weakness in the routing system through the use of a second check that can be used to filter the information that is being provided in a BGP feed. The weaknesses in the IRR system tend to relate to the consistency, completeness, and authenticity of the IRR data. In many cases, trust in the integrity of the data relies on the admission practices of the IRR itself, and individual data objects cannot be verified by clients of the IRR. One possible way to address this has been through the use of Routing Policy System Security (RPSS) measures, but the adoption of these measures has not been widespread, and the question still remains for the client that even if an IRR object was authenticated upon admission, it does not mean that when the object is subsequently used by an IRR client, the information reflects the current situation, and the information could well be invalid or not reflect the current policies of the IRR object's author. One possible approach, being considered by the SIDR working group, is to implement the RPSS authentication models by using object signing in the context of the RPKI. For example, the RPSS assumption that routes should be announced only with the consent of the holder of the origin AS number of the announcement and with the consent of the holder of the address space implies in RPSS that both parties should authorise the entry of a route object into the IRR. Translating this into an analogous model by using the RPKI would require that a route object be signed with the digital signatures of both the AS holder and the address space holder, and a IRR client can verify this route object at the time of use by verifying both digital signatures. Either the address space holder or the AS holder can revoke its authorisation by revoking the EE certificate used to sign the route object, and the verification is independent of the particular IRR that has published the route object. It's also a possibility that the IRR itself can be folded into the RPKI distributed publication repository framework, as there is no particular requirement in such an environment for a disparate collection of IRRs with their own partial collections of routing policy information, although at this stage this is heading into the realm of more advanced speculation about the potential for application of resource certificates and digital signatures to RPSL and the IRR framework.

Putting Resource Certificates into Context

Resource certificates and the associated RPKI represent a major part of any effort to construct a secure interdomain routing framework. An RPKI, even partially populated with signed information, allows BGP speakers to make preferential selections to use routing information where the IP address block and the AS numbers being used are recognised as valid to use and that the parties using these IP addresses and AS numbers are properly authorised to so do. The RPKI can also be used to identify instances of unauthorized use of IP addresses and attempts to hijack routes. However, the RPKI represents only one part of a larger framework of securing interdomain routing, and the next step is that of applying the RPKI to the local BGP processing framework. There is also the need to move beyond validation of route origination and look at the associated issue of validation of the AS Path and potentially to consider the most challenging task: that of attempting to validate whether the initial forwarding decision associated with a route object actually represents the correct first hop along a usable forwarding path for packets to reach the network destination. The issues here include not only a consideration of what can be secured and validated but also issues of scalability and efficiency in terms of deployment cost. The various approaches to routing security studied so far offer a wide variety of outcomes in terms of the amount of routing information that is validated, the level of trust that can be placed in a validation outcome, and the overheads of generating and validating digital signatures on routing information. The next step appears to include the task of establishing an appropriate balance between the overheads of operating the security framework and the extent to which efforts to disrupt the routing system can be successfully deflected by such measures. The RPKI has been designed as a robust, simple framework. As far as possible, existing technologies and processes have been exploited, reflecting to some extent a level of conservatism on the part of the routing community and the difficulty in securing widespread acceptance of novel technologies.

References and Further Reading

The following documents provide further detail about the IETF work on resource certification. The Internet-Drafts listed here are still work in progress, and while they are reflective of the areas of activity of the SIDR working group, they do not necessarily represent finished work.

Internet-Drafts

Requirements [draft-ietf-rpsec-bgpsecrec] BGP Security Requirements, B. Christian, T. Tauber, eds., work in progress, Internet-Draft, draft-ietf-rpsec-10.txt, November 2008. The report of the consensus outcomes of the RPSEC working group in enumerating the requirements for securing interdomain routing. The outstanding topic in this report remains in the area of AS Path validation and the level of requirement associated with the two approaches described in the report. Architecture [draft-ietf-sidr-arch] An Infrastructure to Support Secure Internet Routing, M. Lepinski, S. Kent, work in progress, Internet-Draft, draft-ietf-sidr-arch-04.txt, November 2008. An overview of the RPKI approach, describing the RPKI, the distributed repository structure, and common operations. Resource Certificates [draft-ietf-sidr-res-certs] A Profile for X.509 PKIX Resource Certificates, G. Huston, G. Michaelson, R. Loomans, work in progress, Internet-Draft, draft-ietf-sidr-res-certs-15.txt, November 2008. The specification of the Resource Certificate. RPKI Repository Structure [draft-ietf-sidr-repos-struct] A Profile for Resource Certificate Repository Structure, G. Huston, G. Michaelson, R. Loomans, work in progress, Internet-Draft, draft-ietf-sidr-repos-struct-01.txt, October 2008. A description of the proposed distributed publication repository structure for the RPKI, including contents, access protocols, and object name conventions. [draft-ietf-sidr-rpki-manifests] Manifests for the Resource Public Key Infrastructure, R. Austein et al., work in progress, Internet-Draft, draft-ietf-sidr-rpki-manifests-04.txt, October 2008. A specification for repository manifests. Manifests are signed constructs that describe all the objects currently loaded into a repository publication point and are used by relying parties as a means of ensuring that a local RPKI repository cache is correctly synchronised against the authoritative original publication point. [draft-ietf-sidr-rescerts-provisioning] A Protocol for Provisioning Resource Certificates, G. Huston, R. Loomans, B. Ellacot, R. Austein, work in progress, Internet-Draft, draft-ietf-sidr-rescerts-provisioning-03.txt, August 2008. A proposed protocol for use between a subject and a certificate issuer to ensure that certificate requests, the IP number resource allocation state, and the issued certificate status are correctly synchronised. This extends the conventional certificate request model into a transaction protocol that also includes the ability to perform certificate revocation requests and status queries from the subject. RPKI Signed Objects [draft-ietf-sidr-roa-format] A Profile for Route Origin Authorizations (ROAs), M. Lepinski, S. Kent, D. Kong, work in progress, Internet-Draft, draft-ietf-sidr-roa-format-04.txt, November 2008. The specification of the syntax for signed ROAs. [draft-ietf-sidr-bogons] A Profile for Bogon Origin Attestations (BOAs), G. Huston, T. Manderson, G. Michaelson, work in progress, Internet-Draft, draft-ietf-sidr-bogons-02.txt, October 2008. The specification of the syntax for signed BOAs. [draft-ietf-sidr-roa-validation] Validation of Route Origination in BGP Using the Resource Certificate PKI, G. Huston, G. Michaelson, work in progress, Internet-Draft, draft-ietf-sidr-roa-validation-01.txt, October 2008. The specification of the semantics of ROAs and BOAs and the manner in which these objects may be interpreted in terms of the integration of these origination security credentials onto a BGP route selection process. Certificate Policy and Practice Statements [draft-ietf-sidr-cp] Certificate Policy (CP) for the Resource PKI (RPKI), K. Seo, R. Watro, D. Kong, S. Kent, work in progress, Internet-Draft, draft-ietf-sidr-cp-04.txt, November 2008. A description of the certificate policy that applies to all certificates issued within the RPKI framework. [draft-ietf-sidr-cps-irs] Template for an Internet Registry's (IR's) Certification Practice Statement (CPS) for the Resource PKI (RPKI), D. Kong, K. Seo, S. Kent, work in progress, Internet-Draft, draft-ietf-sidr-cps-irs-04.txt, November 2008. A template for the Practice Statement used by IRs to describe their operational practices in the issuance and management of resource certificates. [draft-ietf-sidr-cps-isp] Template for an Internet Service Provider's Certification Practice Statement (CPS) for the Resource PKI (RPKI), D. Kong, K. Seo, S. Kent, work in progress, Internet-Draft, draft-ietf-sidr-cps-isp-03.txt, November 2008. A template for the practice statement used by ISPs to describe their operational practices in the issuance and management of resource certificates. Individual Submissions [draft-huston-sidr-aao-profile] A Profile for AS Adjacency Attestation Objects, G, Huston, G. Michaelson, work in progress, Internet-Draft, draft-huston-sidr-aao-profile-00.txt, September 2008. The specification of the syntax for a pairwise inter-AS routing adjacency attestation. [draft-kisteleki-sidr-rpsl-sig] Securing RPSL Objects with RPKI Signatures, R. Kisteleki, J. Boumans, work in progress, Internet-Draft, draft-kisteleki-sidr-rpsl-sig-00.txt, October 2008. The specification of the addition of RPKI digital signatures to RPSL Objects in the context of an Internet Routing Registry. [draft-manderson-sidr-fetch] RPKI Repository Retrieval Mechanism, T. Manderson, G. Michaelson, work in progress, Internet-Draft, draft-manderson-sidr-fetch-00, October 2008. A proposed mechanism to use the manifest as the basis of performing a synchronisation operation between a local RPKI cache and a source point. RFCs [RFC 5280] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, D. Cooper et al., RFC 5280, May 2008. [RFC 3779] X.509 Extensions for IP Addresses and AS Identifiers, C. Lynn, S. Kent, K. Seo, RFC 3779, June 2004. [RFC 3852] Cryptographic Message Syntax (CMS), R. Housley, RFC 3852, July 2004. [RFC 2622] Routing Policy Specification Language (RPSL), C. Alaettinoglu et al., RFC 2622, June 1999. [RFC 2725] Routing Policy System Security, C. Villamizar et al., RFC 2725, December 1999.

About the Author

Geoff Huston is a co-chair of the IETF SIDR working group. He is also the programme lead for the APNIC Resource Certification programme, a project that has implemented resource certificate management for APNIC clients.]]> 918 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report-2/ Sat, 07 Feb 2009 15:23:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=920 Here are a few items on Internet Research Task Force (IRTF) developments since IETF 72:

• The composition of the Internet Research Steering Group (IRSG) has been made public and can be seen at www.irtf.org/chair.
• The document defining the IRTF publication stream has been finalized and is enqueued at the RFC Editor.
• Four IRTF RFCs have been published since IETF 72. Three are from the Delay-Tolerant Networking Research Group (dtnrg) on Licklider Transmission Protocol (LTP), and one is from the Network Management Research Group on Simple Network Management Protocol measurements.
• Draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists), which received substantial discussion on the IETF mailing list leading up to IETF 72, will be published as an IRTF RFC to document current practices. In response to the IETF list comments, it will include security considerations reflecting the IETF lastcall comments.

In a departure from the usual IRTF reporting, the presentation at IETF 73 included introductions to two IRTF Research Groups: the Delay-Tolerant Networking Research Group (dtnrg) and the Peer-to-Peer Research Group (p2prg). Delay-tolerant networking (DTN, sometimes called disruption-tolerant or disconnection-tolerant networking) is based on a model that makes no assumption that the sender and receiver are concurrently connected to the network. Data transfer is achieved using a multiparty communications model, wherein helpers provide a store-carry-forward mechanism for messages using extensible (Uniform Resource Identifier-based) naming. DTN supports multipath routing and caching to address connectivity disruptions. The dtnrg has been encouraging development, testing, and deployment of DTN protocols. The exciting news from dtnrg is that the Bundle Protocol (BP) is now being tested in space. The code was uploaded to the United Kingdom's Disaster Monitoring Constellation satellite, which is operated by Surrey Satellite Technology Ltd. (SSTL). SSTL, Cisco Systems, and NASA Glenn conducted a test by downloading a 150-megabyte fragmented image of Earth by using the dtnrg's BP. In addition, NASA's Jet Propulsion Laboratory recently completed an experiment with DTN that involved using BP and LTP out to a distance of 15 million to 25 million kilometres. A report on results was presented at the dtnrg session. The IRTF report at the IETF 73 plenary also included an introduction to the Peer-to-Peer Research Group. Peer-to-peer (P2P) networks exhibit a symmetric relationship between hosts. They are distributed, they scale to large numbers of nodes and users, they are autonomous, and they support anonymity. Well-known P2P systems include Usenet and BGP. BitTorrent and Skype are examples of new P2P systems. The p2prg has been developing a new charter that will encourage (1) research on P2P/network traffic optimization (beyond ALTO (Application-Layer Traffic Optimization)); (2) security, privacy, anonymity, and trust; (3) improving interoperation between different P2P systems; (4) information storage, reliability, and retrieval in P2P systems; and (5) gaining a better understanding of P2P system performance and user behaviour “in the wild.” Additionally, five research groups met during the week of IETF 73. The dtnrg was summarized earlier, and notes from the other research group meetings follow. Host Identity Protocol Research Group (hiprg) The HIPRG met at IETF 73 and discussed two individual submissions. The first was a proposal to generalize HIP to include object-to-object (and not strictly host-to-host) communications. The second draft proposed to carry geolocation data explicitly in the HIP protocol. The meeting also received implementation updates from Boeing's HIP-based overlay deployment and the HIP for Linux project's recent work. IP Mobility Optimizations Research Group (mobopts) The meeting focussed on current documents, including IP Location Privacy, Multicast Mobility, and Media Independent Preauthentication. The latter two are completing research group last call, and the IP Location Privacy document is in IRSG review. Also discussed at the meeting was a framework for benchmarking mobility models. The purpose is to be able to evaluate models used in literature by using a common reference that outlines what to look for. In addition, there was lively debate over what approach to take for multicast mobility solutions. One camp argued that multicast needs to be extended, while the other contended that without extensions to mobility protocols, handover would not provide the performance necessary for multicast traffic. Internet Congestion Control Research Group (iccrg) The ICCRG meeting covered two main topics. The first was an exploration of alternative start-up mechanisms, and the second was the basis of Internet congestion control on TCP-friendly sending rates. Two sets of experimental data were presented on the evaluation of different start-up mechanisms that attempt to improve on standard TCP slow start. Matt Mathis then led a discussion on Rethinking TCP-Friendly, and the research group accepted that it should write a vision statement document to increase architectural discussion on whether TCP friendliness should still be used as a strict criterion for evaluation of new Internet protocols. Routing Research Group (rrg) The Routing Research Group met to continue to discuss next-generation routing architectures. The research group heard six separate presentations on different aspects of a new architecture and continued to discuss the many alternatives at hand. The group plans to draft a preliminary recommendation for an architecture in the coming months. For more information about the Internet Research Task Force, visit www.irtf.org.]]> 920 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-transition-at-ietf-72/ Tue, 07 Oct 2008 15:41:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=949 Backwards Compatibility This is not the only transition we’ve faced at the basic level of protocol infrastructure, and the conventional approach is to make the changes “backward compatible” Backward compatibility can take many forms, but typically involves some form of initial negotiation between communicating parties that establishes whether both parties are capable of recognising and using some extension or new attribute. For example, the Border Gateway Protocol (BGP) is in the process of transitioning from 16-bit Autonomous System (AS) numbers to 32-bit AS numbers. This BGP transition uses a combination of translation and tunnelling that allows a BGP speaker configured to use the longer AS numbers to be backward compatible with the existing installed base of BGP that uses the 16-bit AS number format. The protocol specification of BGP includes an initial capability negotiation when BGP is first started up up, allowing a “new” BGP speaker to establish whether its BGP neighbour is also capable of supporting longer format AS numbers or not. As a result, upgraded versions of BGP can co-exist with older versions of BGP, so that the overall transition of BGP to use 32 bit AS numbers can be undertaken on a piecemeal basis. This particular backward-compatible translation technique relies on a combination of capability negotiation and the properties of hop-by-hop interpretation of tokens, where AS-number values are interpreted in a strictly local context. IP is an end-to-end protocol, as distinct from a hop-by-hop protocol, and an IP packet's destination address needs to have meaningful context at all points in the network. IP itself is a connectionless datagram protocol, without any form of capability negotiation. Its also a very challenging exercise to equip a network with intermediaries that attempt to change the IP packet header midflight. This implies that the use of translation and substitution to create backward compatibility has limited applicability in the context of IP itself.

A Classical Transition

The original approach to IPv6 transition could be termed a “classical” view of transition. Because IPv6 is not a backward-compatible augmentation of IPv4, it is not possible to deploy new hosts and network infrastructure with support for only IPv6 and have these networks, devices, and applications exchange IP packets with their IPv4 counterparts. An application that is equipped with IPv6 requires its host to have IPv6 support in its protocol stack, and for the host to be able to communicate, the network is required to have IPv6 support. And if an application wishes to communicate with another application, all the networks on the path between the two hosts also must be configured to support the transmission of IPv6 packets. In other words, a “complete” deployment of IPv6 requires all applications, hosts, and network infrastructure and middleware to be aware of IPv6 and explicitly configured to handle IPv6 packets. In this classical form of transition, the major constraint is to avoid any flag day, or any other form of synchronized or orchestrated common activity across the entire network. Individual elements of the network should be able to undertake their part of the transition without requiring any action to be performed on any other element. The transition should be a piecemeal activity. This classical approach, in general terms, assumes that each application, host device, and network element is able to make an independent decision as to when to enable support for IPv6. To preserve connectivity of the network as a whole, then, as and when each network element or end device is configured with support for IPv6, it would not “cut over” and remove all IPv4 support from the device, but, instead, it would support the operation of both IPv4 and IPv6 for an extended period. This was termed the dual-stack transition approach. This mode of progressive shift of the elements of the Internet to a dual-stack operation would continue for as long as there were essential components of the overall environment-from applications to Internet infrastructure-that support only IPv4. Only when the entire connectivity domain was supporting comprehensive dual-stack operation would it be possible to deprecate IPv4 from the network and remove all support for this protocol.

Figure 1. The Progressive Stages of IPv6 Transition

The issue with this approach to IPv6 transition was that it relied on a strong mix of altruism, common purpose, and shared motivation, as well as a high level of technical capability from everyone: from suppliers and vendors through to network operators and even end users. For early adopters of IPv6, whether it was application designers, suppliers of host operating systems or routers, or network operators and system administrators, the investment in dual-stack capability in their area of responsibility would generate the greatest extent of resultant benefit only when the transitional dual-stack phase was complete. In other words, there was no immediate reward for those early adopters of IPv6, and late adopters did not experience any detrimental side effects, because the full benefits of an outcome of IPv6 adoption would be realized only once the entire environment adopted IPv6 in a dual-stack configuration with IPv4, at which point IPv4 could be deprecated from the operational network. This approach assumes that all parties are equally motivated to undertake this transition, and that each party will do so as quickly as possible. It also assumes that all applications, all connected devices, and all components of the network's infrastructure are capable of being configured to operate in dual-stack mode. Perhaps those assumptions may have been feasible in practical terms if IPv6 had been in a position to offer very significant cost, performance, or functionality improvements over IPv4. In such a case the superior characteristics of the new technology would have propelled the transition process. However, any such major relative improvement in performance, cost, and utility is not the case in a comparison of IPv6 with IPv4, because IPv6 represents only a marginal change in the underlying network design. Following a further decade of incremental refinement in both IPv4 and IPv6 we have the current situation where, apart from the larger address fields in the packet header, there is no significant relative change in IPv6 from a performance or benefit perspective. In addition, the Internet itself is now so much larger and so much more diverse that commonality of purpose is difficult to sustain. These days, altruism often takes a backseat to business interests as the Internet now operates as a collection of quite conventional business enterprises. Indeed, since the bursting of the Internet bubble at the start of this decade, this sector of business is relatively conservative as well, and far greater emphasis is placed on securing immediate returns on invested capital over and above the undertaking of longer-term investments and with less-certain outcomes. This implies that any such commonality of purpose and a vision of a longer-term outcome is extremely challenging to sustain in the face of shorter-term considerations. The combination of these factors creates a situation that has been incapable of sustaining the operation of this “classical” transition process. So the IETF was motivated to look at transition in slightly different terms-to see whether this approach could be refined to offer some more-immediate benefits to early adopters and not to stall the entire process while awaiting completion of the late adopters of dual stack.

Transition with Incremental Outcomes: Tunnelling

The initial refinement to this original transition model, explored in the NGTRANS working group, was intended to allow various IPv6-only and dual-stack applications to support IPv6 from the outset, so that any benefits related to IPv6 could be realized immediately and not be forced to await the actions of the slowest adopters to also make their moves. The motivation involved the restoration of simple application programming interfaces for applications, the restoration of coherent end-to-end packet delivery in an IPv6 network, and the benefits that this clear and simple application architecture offers to applications that operate in an over-the-top mode. Such an end-to-end packet transport environment offers strong end-to-end channel security as well as restoration of the uniform binding of IP address to end-point identity in the IP architecture. The objective of the attempt to operate in an end-to-end IPv6-only mode over a largely IPv4 substrate network led to the development of a number of approaches to IPv6 transition that relied on tunnelling techniques, wherein IPv6 packets are encapsulated in an IPv4 packet wrapper, allowing these IPv6 “islands” to treat the IPv4 network as a form of transmission media, or a non-broadcast multicast network. That led to the development of the general technique of carrying IPv6 packets in IPv4 by treating IPv6 as an IPv4 protocol-namely protocol 41.

Figure 2. IPv6 in IPv4 Tunnelling

The general characterization of this approach to this form of dual-stack transition was to allow the initial “islands” of IPv6 adoption to connect to each other via these tunnels, essentially creating an IPv6 connected network from the outset. As more of the infrastructure adopted the same form of dual-stack support, these islands would start to directly interconnect, making the islands larger and the tunnelled gaps shorter. As these gaps shrink to the point of general dual-stack support, it may be an option to then tunnel the remaining IPv4 traffic over IPv6, but perhaps that's getting well ahead of ourselves right now. Figure 3. Transition Using Tunnels While the motive and logic for the use of tunnels in this transition scenario are certainly sound, the overhead here is that tunnels normally require explicit configuration of both ends of the tunnel, and any form of tunnel topology that attempts a fully meshed interconnection of the IPv6 islands runs into an N-squared scaling problem in tunnel configuration almost immediately. This, in turn, has led to exploration of approaches that supported the concept of fully meshed tunnels-but with an extremely simple single end configuration. This is achieved by associating an IPv4 tunnel endpoint in an endpoint IPv6 address. When such a packet is passed to a tunnel ingress, the IPv4 tunnel egress address is defined by the original IPv6 destination address, so that the tunnel does not have to be explicitly configured at both ends. One of these is the 6to4 technique, which generates an IPv6 48-bit prefix by prepending 2002::/16 to the front of the 32-bit IPv4 address. This allows a dual-stack gateway to double as an IPv6 tunnel egress, serving a local network of IPv6 hosts with tunnel services. Each 6to4 gateway, or 6to4 individual host, needs only to configure its end of the tunnel. All IPv6 packets between 6to4 sites are passed directly from 6to4 gateway to gateway. To complete the picture, each local 6to4 network needs to provide 6to4 gateway service for IPv6 packets from non-6to4 IPv6 networks.

Figure 4. 6to4 Tunnelling

A related form of embedding IPv4 in IPv6 addresses to aid in autotunnelling is ISATAP, the Intra-Site Automatic Addressing Protocol, which embeds the IPv4 address in the interface identifier field of the IPv6 address to support a local scope automated IPv6 over IPv4 tunnelling approach. These approaches can be combined, so that an enterprise can construct an IPv6 network with a single infrastructure gateway that creates the prefix and tunnels over the wide area network by using 6to4 while tunnelling over the local area network by using ISATAP. The shortcoming of the 6to4 approach is that it assumes a general availability and use of public IPv4 addresses. A single host behind a network-address-translation (NAT) gateway cannot use this approach given that the implicit IPv4 tunnel endpoint is drawn from a private address pool and is therefore not visible outside the IPv4 private address scope. It also requires firewalls to be aware of protocol 41 and apply the IPv6 filter rules to the inner IPv6 packet. The Teredo approach addresses both of these concerns by using explicit support for NAT traversal, and embedding the IPv6 packet inside an IPv4 UDP transport session rather than as an IP transport. Teredo takes a relatively conventional approach to NAT traversal, using a simplified version of the STUN active probing approach to determine the type of NAT, and uses concepts of “clients,” “servers,” and “relays.” A Teredo client is a dual-stack host that is located in the IPv4 world, possibly behind a NAT. A Teredo server is an address and reachability broker that is located in the public IPv4 Internet. A Teredo relay is a Teredo tunnel endpoint that connects Teredo clients to the IPv6 network. The tunnelling protocol used by Teredo is not the simple IPv6-in-IPv4 protocol 41 used by 6to4. IPv4 NATs are sensitive to the transport protocol and generally pass only Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) transport protocols. In Teredo's case, the tunnelling is UDP, so all IPv6 Teredo packets are composed of an IPv4 packet header and a UDP transport header, followed by the IPv6 packet as the tunnel payload. Teredo represents a different set of design trade-offs compared with 6to4. In its desire to be useful in an environment that includes NATs in the IPv4 path, Teredo is a per-host connectivity approach, compared with 6to4's approach, which can support both individual hosts and end sites within the same technology. Also, Teredo is now a host centric multiparty rendezvous application, and Teredo clients require the existence of dual-stack Teredo servers and relays that exist in both the public IPv4 and IPv6 networks. From Teredo's hos tcentric perspective, it could be said that Teredo is more a connectivity tool than a service solution.

Figure 5. Example of a Teredo Rendezvous

The common feature of all of these transition approaches is the use of tunnels. Tunnels are extremely convenient in terms of their ability to interconnect diverse islands of IPv6 without requiring any change to the intervening IPv4 infrastructure. However, tunnels are not without their attendant problems. Tunnels can be fragile, unstable, and challenging to diagnose. The issue of Internet Control Message Protocol (ICMP) treatment within tunnels is a good example, where a return ICMP error notice is sent not to the original source host, as intended, but to the tunnel ingress point that is the source address of the outer tunnel packet. The inner payload, which contains the initial fragment of the original packet, also includes the tunnel header. The critical point here is the interplay between end-to-end signalling and Maximum Transmission Unit (MTU) discovery. Where there is a tunnel MTU mismatch coupled with an ICMP handling problem, the situation often manifests itself as a TCP “hang”, where the initial SYN handshake succeeds, but the first large data packet is never transmitted. A typical dual-stack implementation will lock into IPv6 or IPv4 at the point of completion of the initial TCP handshake completion, and the data payload problem then causes the user's application to hang. The name to protocol family association is now locked into the user's cache, so that resetting the connection and forcing the application to use IPv4 rather than IPv6 is invariably beyond the user's direct control. So, is it possible to avoid tunnels and still achieve incremental outcomes for early adopters of dual stack? Behind all of the transition scenarios so far lies the assumption that IPv4 and IPv6 support distinct universes of connectivity. However, both protocols present much the same set of functions to the upper-level transport protocols, and the header fields of the protocol are similar. Just how bad is this backward incompatibility of IPv6 with respect to IPv4? Is it completely impossible for an IPv4-only host to initiate, maintain, and close a conversation with an IPv6-only host and vice versa? If one allowed various forms of intermediaries, including protocol-translating NATs and various permutations of Domain Name System (DNS) servers, is this still impossible? Probably not impossible, but it would go well beyond the conventional mode of packet protocol header manipulation and would call upon protocol header translation, cross-protocol NAT bindings, DNS manipulation, and various forms of application level gateways. An approach to this form of translation was described in RFC2766, “Network Address Translation-Protocol Translation (NAT-PT).” The approach creates a number of security vulnerabilities and appears to operate with a high level of assumption about application behaviours, making its operation extremely fragile. The NAT-PT approach was subsequently deprecated in RFC 4966 which consigned NAT-PT from Proposed Standard to Historic status, with the comment: “Accordingly, we recommend that: the IETF no longer suggest its usage as a general IPv4-IPv6 transition mechanism in the Internet, and RFC 2766 is moved to Historic status to limit the possibility of it being deployed inappropriately.”

IPv4 Exhaustion and IPv6 Transition

The one common assumption in all of these transition scenarios is that this dual-stack transition will take place across the period when there is still sufficient IPv4 addresses to address the entire Internet across the entire transition phase and that the event that IPv6 was primarily intended to avert, the exhaustion of the supply IPv4 addresses from the unallocated pool, would not occur during the transition process. It is generally anticipated that this transition will take up to a further decade to complete from the current time, while depletion of the unallocated IPv4 address pool may occur within the next two to three years. On one hand, while the overall transition toolbox always assumed a wide array of deployment approaches, this forecast shortage of IPv4 will shift the scaling trade-offs for transition approaches in ways that will be more complex and more expensive to operate than the simpler, dual-stack approach would have been. On the other hand, this is a forced scenario because there is no opportunity to go back in time to try this transition again under different circumstances. Whatever scenario of IPv6 transition we contemplate, it now has to be one that will take into account the forthcoming acute shortage of public IPv4 addresses, which implies an environment that is heavily reliant on various forms of NATs and possibly some further extensions to NAT behaviours and NAT deployment models, including the possibility of augmenting the NAT-at-the-edge deployment model with various forms of NAT in the middle, as the industry contemplates the potential of so-called carrier-grade NATs and related approaches. The challenge as we undertake these new technical approaches will be to not lose sight of the fact that short-term cost pressures need to be balanced against the collective long-term desirable outcome of an achievable exit strategy from the ever more complex environment of keeping IPv4 operating.

IETF 72 Activity

In IETF 72, the issues that we have been confronting, with this combination of dual-stack transition to IPv6 and IPv4 address depletion, were discussed in a number of working groups, as well as the Technical Plenary session. What follows is a brief summary of the relevant activity in each of those working groups. While these brief summaries provide a general overview of current activities, the brevity of the description here can get in the way of precision, and the reader is referred to the proceedings of the IETF 72 meeting and of course the associated Internet Drafts for a more complete description of these technical contributions (http://www.ietf.org). At the Technical Plenary, the IETF was shown some of the underlying metrics of address allocation and the current predictions of depletion of the unallocated IPv4 address pool in 2011. The prospect of broadening the domain of NAT deployment from the edges of the network to parts of the interior boundaries using carrier-grade NATs was also foreshadowed at that session. A report of the experience gathered at Google pointed to a pragmatic approach to dual-stack deployment that advocated undertaking IPv6 support designed to the same production quality standard as IPv4. It was reported that Google was not in a position to dual stack its major service point at present, given that IPv6 today still represents lower reliability and higher latency for some users as compared with IPv4 connectivity to the same service point. A presentation by Apple pointed to consumer products that already make use of IPv6 link-local addressing. The presentation also looked at a dataflow model of connection establishment in a dual-stack environment, where both IPv4 and IPv6 connections are initiated in parallel, and the first path to successfully complete the DNS and initial packet exchange to complete the connection is the protocol that is associated with the application's original connection request.

Figure 6. A Dataflow Model of Protocol Selection [Adapted from: Stuart Cheshire, Apple, IETF 72 Plenary]

The V6OPS working group is looking at some of the basic operational tools to support transition, and, in particular, a reexamination of the requirements for V4-V6 translation mechanisms to see whether there may be viable approaches to provide the original NAT-PT function that might address some of the shortcomings in the original specification. The basic problem being addressed by that effort can be envisaged in a scenario where there are no more IPv4 addresses and a network domain is deployed using only IPv6, and this domain wants to be able to communicate with a domain that is still operating in IPv4 only and has not deployed IPv6. At IETF 72, the working group reviewed a set of goals to see whether there could be a viable set of requirements that could be refined from such a set. While this approach of first defining a set of requirements and then working on potential solutions is a conventional mode of operation for the IETF, the consideration relating to market timing, where deployment of a solution is anticipated to be needed by 2010, is a very sobering call to focus the effort here. A related effort concerns the evaluation of modified NAT behaviour, where the conventional binding space of a vector of inner and outer addresses and ports and an associated protocol is replaced by an outer-side address and port and an inner-side tunnel identifier and an address and port that refer to the NAT device at the other end of the tunnel. The essential concept here is that the NAT function is then a distributed function across a common outer-facing-edge device and the set of inner NATs that are used as a customer-premises-equipment (CPE) device. Other work presented at IETF 72 included a review of proposed refinement of the Teredo specification that would improve its NAT behaviour discovery function from the simple two-mode discovery in the current specification to a mode that discovers up to eight different NAT types. The motivation here is that the more Teredo traffic that can be off-loaded from the Teredo relay to an optimized peer-to-peer connection, the more reliable the Teredo performance. Related work has been reexamining the security issues that are exposed by the use of tunnelling and the potential for disruption and hostile attack on the tunnel. The BEHAVE working group started out with a charter to provide some standard specifications for the behaviour of IPv4 to IPv4 NAT units, but in recent times this has been expanding to encompass examination of the role of NATs in various IPv6 transition scenarios, including examination of NATs that perform protocol translation. The current agenda of contributions to review includes the IVI scheme-a proposal to use bidirectional address mapping between subsets of IPv6 and IPv4 addresses to allow a form of stateless transition wherein the binding of the translation is carried in the address fields of the packet itself. Another approach to NAT-PT is also being studied. In this case, the asymmetric nature of conventional 4-to-4 NATs is exploited and a proposal for a 6-to-4 NAT was made to the working group. In this contribution, the communication is initiated by the IPv6 host, and the synthesized view of the remote IPv4 world is provided by embedding the IPv4 address in the synthesized IPv6 address. The NAT64 host performs a protocol translation by extracting the IPv4 address out of the IPv6 destination address and providing one of its own addresses as the source address of the IPv4 packet. A NAT binding state is maintained-indexed by the IPv4 address values. The reverse packet performs a binding lookup, allowing the IPv6 destination address to be substituted, and the source IPv4 address is again wrapped up in the synthesized IPv6 packet. BEHAVE also reviewed a contribution calling for specification of the carrier-grade NATs, whereby the NAT translation function is provided at the interior boundary of an Internet service provider (ISP) network in conjunction with NATs being performed at the CPE edge. The SOFTWIRES working group has also been involved in aspects of the IPv6 transition with regard to consideration of Softwires NAT, or SNAT. SNAT combines IPv4 NAT and IPv4-in-IPv6 softwires to carry IPv4 traffic through the ISP network that uses only IPv6 service. In essence, this approach creates a split NAT whereby the inner NAT is connected to the outer NAT via an IPv6 software tunnel. Multiple CPE NATs are multiplexed through a single external NAT, thereby reducing the total number of IPv4 addresses in use by the ISP.

Figure 7. Softwires SNAT

The INTAREA meeting considered a proposal that calls for standard handling of MTU negotiation, fragmentation, and signalling for tunnels. Given that tunnels appear to be major components of this piecemeal IPv6 transition model, the consistent treatment of tunnelled traffic appears to be an emerging, near-term imperative for the transitioning Internet and for the IPv6 Internet as well. The impending exhaustion of the IPv4 address pool has caused another critical-use address proposal to emerge. In this case, it's a call for reservation of IPv4 unicast address space to be used within a carrier's infrastructure for bridging the gap between the carrier-grade NAT at the boundary of the carrier's network and the CPE devices at the boundary to the customer. Given the often protracted debates such calls for reservation of address space often engender-and the relatively short time frame left for exhaustion of the remaining pool of IPv4 addresses-it's not clear whether the IETF will be able to reach a clear consensus on this proposal in the remaining time available.

Summary

There is no doubt that the impending exhaustion of the IPv4 unallocated address pool adds some level of urgency as well as an element of complexity to the IPv6 transition agenda, and the work of the IETF will no doubt increase in intensity in future meetings. It appears we're now working under strict time pressures to develop the standard specification for tools and protocol mechanisms that need to be fielded into production networks within a very compressed time frame; and having every vendor, every network operator, and every operating system suppler devise distinct approaches runs the risk of making the situation more difficult than it would otherwise be. The challenge for the IETF is to ensure some clarity of focus on the work concerning transition tools for IPv6 that also would assist in increasing the address utilization efficiency of IPv4 addresses and to be mindful of the increasingly strident call for standardization of these hybrid technologies that couple tunnelling, address mapping, NATs, and protocol transformation in ways that application designers, operating system vendors and providers, and operators of networking infrastructure can use in simple and effective ways.

Disclaimer

The foregoing views do not necessarily represent the views or positions of either the Asia Pacific Network Information Centre or the Internet Society.

About the Author

GEOFF HUSTON is chief scientist at APNIC, the Regional Internet Registry serving the Asia Pacific region. He holds both a B.Sc. and an M.Sc. in computer science from Australian National University. Geoff has been closely involved with development of the Internet for many years-particularly within Australia, where he oversaw initial build of the Internet within the Australian academic and research sectors. He is author of a number of Internet-related books; was a member of the Internet Architecture Board from 1999 until 2005; and served on the Board of Trustees of the Internet Society from 1992 until 2001. Visit Geoff's Web site at www.potaroo.net.]]> 949 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-response-to-the-kaminsky-dns-vulnerability/ Tue, 07 Oct 2008 15:42:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=951 Understanding the Vulnerability There are descriptions of the attack on the Internet. Google can find many, but the Illustrated Guide to the Kaminsky DNS Vulnerability is quite good, even if you know almost nothing about DNS. It can be found here. Dan Kaminsky's official talk about the vulnerability can be found on the Black Hat site. Briefly, the Kaminsky attack allows an attacker to put incorrect data into the cache of a recursive resolver, which allows the attacker to return any answer it wants to future DNS queries for a given domain. The attack is quite clever, since almost every piece of the attack has been known for a long time. However, in this case, the pieces have been put together in a new and unexpected way.

DNS Security (Pre)History

The DNS protocol was originally designed without any security, which was not unusual for protocols designed in the early 1980s. Any protocol will likely have security problems, and this is especially true for one that was designed before security was a concern-and for one that has been in use during most of the evolution of the Internet. The list of security problems with the DNS protocol and its implementations is long and varied, but here are a few:

• Using reverse DNS to impersonate hosts
• Software bugs (buffer overflows, bad pointer handling, and so on)
• Bad crypto (predictable sequences, forgeable signatures)
• Information leaks (exposing cache contents or authoritative data)
• Cache poisoning (putting inappropriate data into the cache)

Work on securing the DNS began in the mid-1990s. 1997: RFC 2065, adding security extensions, was published several years after work began. 1999: After early implementation, it was determined that RFC 2065 needed work, so RFC 2535 was created to fix the flaws (see Appendix B of RFC 2535 for the full list of the differences). 2005: At workshops for implementers, yet more problems were discovered, including extreme difficulty getting secretkey signing material to and from a zone parent. In response, a set of three RFCs were published with the new DNS Security Extensions (DNSSEC) standards: RFC 4033, RFC 4034, and RFC 4035. RFC 4033 was the first time the requirements for DNS security were documented! 2008: DNSSEC gave users the ability to see the entire contents of a zone, and it was by looking at signed records that read no such domain. Privacy concerns made this unacceptable to some domain operators, so a new type of DNSSEC record was created. (RFC 5155 defines the extensions.) What appears here is the history of DNSSEC proper, but it is not the only work in the area. For example, TSIG (RFC 2845) is a way to authenticate DNS operations by using a shared secret, a procedure that has been widely deployed. As of this writing, several top-level domains and part of the reverse tree have been secured with classic DNSSEC, as defined in RFCs 4033, 4034, and 4035. The Public Interest Registry (PIR) has announced that in 2009 it intends to sign .ORG with the RFC 5155 extensions.

Recent DNS Security Work

The IETF currently has two working groups (WGs) dedicated to DNS issues:

• The DNS Operations WG, which is an ongoing group dedicated to nonprotocol aspects of the DNS, such as DNSSEC best practices and root server recommendations
• The DNS Extensions WG, which is in theory a conventional IETF working group chartered for a specific goal, but in practice it is an ongoing group that has been active since 1999: changes to the DNS protocol, such as the DNSSEC RFCs and explanations of how wildcards work, come out of this working group.

Both groups recently have done security-related work. For example, draft-ietf-dnsop-reflectors-are-evil-06.txt has been approved for publication as best current practices, and work on DNSSEC trust anchor configuration and maintenance is going on in the dnsop working group. Refinements of the DNSSEC protocol (new hash algorithms in the wake of recently discovered weaknesses in existing hash algorithms, clarifications of DNSSEC) are being evaluated, and a draft describing how to make the DNS more resilient against forged answers (draft-ietf-dnsext-forgery-resilience-*.txt) was already being discussed before Kaminsky revealed the problems he discovered.

IETF's Response

Until 7 August 2008, when the details were made public, there were IETF participants who had inside knowledge of the Kaminsky attack. There also were participants whose information came only from press reports or other public sources, such as by looking at patches to open-source resolvers. Initial discussions had slightly surreal qualities, as those who had in-depth knowledge of the exploit discussed the ramifications with those who could only guess. On the dnsop list, the exploit was announced, and the follow-up mails included a study of the mathematics of the exploit (estimating how long a typical exploit would take), links to and discussions of vulnerability checkers, posts of relevant news articles (such as exploits both in labs and “in the wild”?), and links to studies of how quickly resolvers were patched into various environments. The dnsext list is the WG whereby any changes to protocols would have to be standardized. A number of proposals on the list were discussed, as were a number of nonproposals: for instance, DJ Bernstein has an alternative to DNSSEC that was mentioned, but djb is unlikely to put it forward as an Internet draft. Most of the proposals centred on ways to make it even more difficult for an attacker to spoof packets. Another common theme was for recursive servers to detect when someone was trying to spoof traffic and therefore, put the resolver into a mode that makes spoofs more difficult. In the end, the dnsext WG chairs decided to set deadlines for semiformal proposals at the end of September 2008. The proposals would be discussed in October, and in November a recommended forgery resistance approach would be selected. As of the time of this writing, the process is still under way.

Current Status

Some people think the Kaminsky attack will accelerate DNSSEC adoption. The .gov domain will now be signed in 2009, and there have been rumours that the root zone will be signed soon as a result of the attack. However, no changes are expected in the DNSSEC protocols. The dnsext WG is going to make specific suggestions for a new forgery-resistance mechanism based on the outcome of the selection process. This should help harden resolvers enough to make the Kaminsky attack unfeasible in the current Internet. The IETF is a great organization for reviewing the details of the DNS on a technical level. A considerable amount of good information and discussion ensued as a result of the attack. It is our hope that everyone involved will benefit from the recommendations that will follow.]]> 951 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report-3/ Tue, 07 Oct 2008 15:43:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=953 Aaron Falk, IRTF Chair

What follows are summaries of several updates on the Internet Research Groups (RGs), some of which were reported during the Technical Plenary at IETF 72. Since IETF 71, three Internet Research Task Force (IRTF)-stream RFCs have been published, including RFC 5166 (TMRG), RFC 5184 (MOBOPTS RG), and RFC 5207 (HIPRG). Three drafts are in the RFC Editor's queue, and two are in process toward publication. A document is being developed that proposes to formally establish an IRTF RFC document stream. The publication is entwined with draft-iab-streams-headers-boilerplates as well as the revision to RFC 3932. There is still continued interest in establishing a research group (RG) on unwanted traffic mitigations and another one on network virtualization. During IETF 72, four RGs met. Following is a summary of recent developments as well as of developments reported by RGs during the IETF 72 technical plenary.

Anti-Spam RG (asrg)

The document that describes the mechanisms used for DNS blacklists will be in the standards track. The other ASRG document (best current practices on blacklist operations) is still a draft. The RG has set up a wiki on spam mitigation techniques that is being further populated and that may evolve into a document analysing why some of those techniques should not be used. The wiki is located at http://wiki.asrg.sp.am.

Delay-Tolerant Networking Research Group (dtnrg)

There are currently three drafts in the RFC Editor queue on delay-tolerant networking (DTN) for deep-space communication (draft-irtf-dtnrg-ltp-*). In addition, the DTN code base been moved from Intel to Sourceforge. The Networking for Communications Challenged Communities (N4C) project is helping with the code maintenance, and the Defense Advanced Research Projects Agency is funding a phase 3 effort on DTN.

Host Identity Protocol Research Group (hip)

Network address translation and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication has been published as RFC 5207. Current topics of discussion are:

• Migration of HIP certificate draft to HIP WG
• Using HIP for RFID
• Middlebox authentication extensions to HIP

There are a number of ongoing HIP experiments as follows:

• Boeing is using HIP to build secure overlay networks over untrusted wireless and wired infrastructure.
• HIIT: A video/voice/chat communication system on Linux PDAs utilizing Peer-to-Peer Session Initiation Protocol (P2PSIP) with SPAM prevention over HIP
• ICSALabs: IPv6-only HIP connectivity for gaming and SIP applications using Teredo

Internet Congestion Control Research Group (iccrg)

Three proposals on congestion control are currently under review. The review on Compound TCP is nearly completed, and the reviews on CUBIC and HTCP are just beginning. CUBIC is an extension to the current TCP standards. The protocol differs from the current TCP standards only in the congestion window adjustment function in the sender side. HTCP stands for TCP Congestion Control for High-Bandwidth-Delay Product Paths. The ICCRG Slow Start design team continues to work on characterizing issues with slow start. Two surveys are currently under discussion: one on open congestion control research issues and one on the current congestion control RFCs (in IRSG [Internet Research Steering Group] review at the moment). The RG is planning to meet at the next IETF meeting in Minneapolis.

Mobility Optimizations Research Group (moboptsrg)

Unified Layer 2 (L2) Abstraction for Layer 3 (L3)-Driven Fast Handover has been published as RFC 5184. Current topics include:

• IP Mobility Location Privacy Solutions (revising based on IRSG review)
• Media-Independent Pre-Authentication Framework (revising based on RG Last Call done)
• Multicast Mobility (Problem Statement and Brief Survey being discussed)

Network Management Research Group (nmrg)

The document specifying SNMP trace exchange formats and specifying a format for aggregation of SNMP messages is currently in IRSG review. Another document on SNMP trace analysis definitions has been published in the AIMS (Autonomous Infrastructure, Management and Security) 2008 conference. A planning meeting to discuss NETFLOW/IPFIX data analysis is scheduled for 30 October in Munich, Germany. The group is looking for new chairs for the RG.

Routing Research Group (rrg)

The focus in RRG has moved from advocating proposals to discussing trade-offs of different architectural approaches. There is a lot of interest, and many discussions (1,250 messages since IETF 71) have been held. A recommendation is expected to be published by March 2009.

Scalable, Adaptive Multicast Research Group (samrg)

The SAMRG is meeting in conjunction with the Consumer Communications and Networking Conference (CCNC) 2009, which is scheduled for 10-13 January 2009 in Las Vegas. There will be a special session on Scalable Adaptive Multicast in P2P Overlays. More information can be found at http://www.samrg.orgunder Meetings. The RG might meet at IETF 73 in Minneapolis.

Transport Modelling Research Group (tmrg)

Metrics for the Evaluation of Congestion Control Mechanisms has been published as RFC 5166. The group is now working on a new draft on the Common TCP Evaluation Suite (L. Andrew and S. Floyd, editors, draft-irtf-tmrg-tests-OO.txt). For more information about the Internet Research Task Force]]> 953 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-retiring-ietf-chair/ Thu, 07 May 2009 16:42:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1037 IETF 68 was held in Prague, capital of the Czech Republic, in a very modern and spacious Hilton hotel. We were hosted by NeuStar, with additional support from CZNIC and CESNET. Local loop was provided by Dial Telecom, and for the first time, the site network was subcontracted to VeriLAN Networks. As always, the success of the event was due largely to an outstanding team of dedicated volunteers. We had excellent wireless networking throughout the week. Approximately 1,200 people from 45 countries attended. The week featured the usual mix of working group meetings, BoF (birds-of-a-feather) sessions, research groups, and formal and informal side meetings. It was especially interesting to hear from Jon Lindberg, vice president of Secretariat Services at NeuStar, about his company’s motivation for supporting the IETF. “As technology becomes more advanced, and protocols become more sophisticated, and service offerings continue to become more and more robust, and end-user expectations continue to increase, NeuStar’s reliance on IETF standards is absolutely essential in order to be able to continue to deliver successful and unified solutions,” Jon said. Since IETF 67, three new WGs were chartered and six WGs were closed, leaving approximately 120 WGs currently chartered. Between the meetings, the WGs and their individual contributors produced 441 new drafts, not to mention 1,020 updates. The Internet Engineering Steering Group (IESG) approved 130 drafts for publication as RFCs, and the RFC publication queue was stable. The RFC Editor hit a new record by publishing 459 RFCs during 2006. As I step down after two exciting and rewarding years as chair of the IETF, I’d like to thank all of the individuals who personally helped me do this job. I can easily identify well over 120 such people, and that’s without even counting the working group chairs and document authors who do so much to make the IETF productive. If we succeed, it’s in a spirit of open cooperation between hundreds of people. It remains only for me to wish every success to Russ Housley as he carries the work forward. I look forward to seeing many of you in Chicago, 22-27 July 2007, and after that in Vancouver, Canada, 2-7 December 2007.

IETF 68 Facts and FiguresRegistered attendees: 1129 Countries: 45 New WGs: 3 Closed WGs: 6 New Internet-Drafts: 441 Updated Internet-Drafts: 1020 IETF Last Calls: 119 Approvals: 130RFC Editor Actions (11.2006 – 02. 2007) 95 RFC published of which

• 58 standards track or BCP
• 27 Informational or Experimental
• 10 from other sources

IANA Actions (11.2006 – 02.2007) Processed 1160 IETF-related requests of which:

• 796 Private Enterprise Number requests
• 81 port requests
• 16 MIME-type requests

Reviewed 300 I-Ds in Last Call or IESG Review

 ]]> 1037 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-2/ Fri, 24 Oct 2008 20:54:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1440 IETF 73 16-21 November 2008 Host: Google Location: Minneapolis, MN, USA

IETF 74

22-27 March 2009 Host: Juniper Networks Location: San Francisco, CA, USA

IETF 75

26-31 July 2009 Host: .SE Location: Stockholm, Sweden

IETF 76

9-13 November 2009 Host: WIDE Location: Hiroshima, Japan]]> 1440 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-72-facts-and-figures/ Fri, 24 Oct 2008 20:58:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1444 97 RFCs published of which

• 44 standards tracks
• 4 BCP
• 107 Internet-Drafts submitted for publication
• 79 submitted by the IETF

IANA Actions (March-June 2008) Processed 1,422 IETF-related requests of which:

• 775 Private Enterprise Numbers
• 66 Port Numbers
• 67 TRIP ITAD Numbers
• 11 media-type requests

]]> 1444 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/focus-on-security-net-neutrality-at-ietf-75/ Mon, 07 Sep 2009 14:29:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=847 Tina Tsou, the first woman to chair an IETF working group from a Chinese business enterprise, and Geoff Mulligan, chair of the IPSO (Internet Protocol for Smart Objects) Alliance. Geoff offers an interesting look at the Internet of Things and how it relates to the deployment of IPv6. Alissa Cooper and Ted Hardie discuss the history of GEOPRIV, a mechanism that develops and refines representations of location in Internet protocols; and Iljitsch van Beijnum takes us through Multipath Transmission Control Protocol (TCP), which enables TCP to use multiple paths simultaneously and to distribute the load among the subflows of each path based on congestion. Also in this issue is a summary of the administrative and technical plenaries, including a discussion on network neutrality and what the IETF can do about it. Many thanks to those who contributed to this issue; I wish enjoyable reading for all. And I look forward to seeing you all again in the future.]]> 847 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-15/ Mon, 07 Sep 2009 14:32:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=851 scheduling information for future IETF meetings can be found here, and I look forward to seeing you at those meetings.]]> 851 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-13/ Mon, 07 Sep 2009 14:33:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=853 proceedings section of the IETF Web site. While the IAB has not developed a position with regard to the debate, I would like to share, on a personal note, how being exposed to the perspectives brought by the speakers and the plenary discussion gave me food for thought. For example, a parallel was drawn with a discussion that took place in 2000 when the IETF was asked to take a position on the inclusion-in the IETF standards-track documents-of functionality designed to facilitate wiretapping. (As an aside, that parallel was drawn by the audience, and so in that sense, this plenary served its purpose as a working session.) I went back to RFC 2804-which documented the discussion-and I tried to assess whether the question of “the morality of an act “˜on the wire,'”? as raised in section 4 of that document, applies in the context of congestion control, since questions around congestion control often link with morality issues, including decent behaviour and fair use. To me, the topic of the technical plenary at IETF 75 reinforced the idea that in many cases, IETF engineers have an opportunity to steer in a certain direction the technology they develop. I believe that when we, as engineers, design protocols, we have the responsibility to apply a systemic approach whereby we do not stifle the ability for innovation at the edges. The ability to bring new applications to the Internet without needing the core to adapt is what made the Internet what it is today. When I talked about this with Marcelo Bagnulo, he went one step further, in essence saying that in the process of creating designs, some IETF engineers and working groups may steer the work (often not even consciously, because there is no IETF-wide guidance) in directions different than others do. During the plenary we were presented with an example of design work within the IETF, wherein a network neutrality-related choice had been made. In Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service (draft-ietf-v6ops-cpe-simple-security-07), the recommended behaviour for incoming Internet Protocol Security (IPsec) traffic is to forward by default, while the recommended default behaviour for non-IPsec traffic is to apply endpoint-independent filtering. This fosters the usage of IPsec protection, which in turn may have significant implications regarding the capabilities of the network to discriminate traffic through packet inspection methods. That last example illustrates what the IAB tried to accomplish in this plenary-that is, raising consciousness about the various neutrality issues that can be impacted by the IETF as well as the day-to-day work of individual engineers within the IETF.

Reference

1. D. Clark, J. Wroclawski, K. Sollins, R. Braden. “Tussle in Cyberspace: Defining Tomorrow's Internet”?; Proceedings of the ACM SigComm 2002 Conference, Pittsburgh, August 2002; Computer Communications Review, vol. 32, no. 4, October 2002.]]> 853 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-75-plenary-report/ Mon, 07 Sep 2009 14:35:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=855

Following a welcome address by IETF chair Russ Housley, who thanked the volunteers and contributors who had made the meeting a success, the IETF 75 administrative plenary kicked into full swing. Danny Aerts, CEO of .SE, which hosted IETF 75 in Stockholm, offered a few comments about the importance of the work being done by the IETF community and the support it receives from the Swedish local Internet community. According to Danny, a primary motivation for having .SE host an IETF meeting was that it provided an opportunity to promote DNS security. The subject of the Domain Name System Security Extensions (DNSSEC) emerged as one of the key themes of IETF 75 (see panel article, page 12). In his opening address, Russ noted that .SE long ago embraced DNSSEC. Recently, .ORG signed up, which led to all IETF-related domains being signed, including iab.org, iesg.org, ietf.org, and irtf.org. It is expected that the DNS root zone will be signed by the end of the year. After experimenting with the scheduling of working group (WG) sessions on the Friday afternoon of the IETF meeting, the Internet Engineering Steering Group (IESG) decided to continue that schedule. “The Friday afternoon sessions are necessary,” said Russ. “It helps avoid conflicts, and it provides important face-to-face meeting time.” Russ did, however, recognize that scheduling Friday afternoon WG sessions does conflict with the meeting time usually reserved by the Internet Society Advisory Council. Jun Murai of the Widely Integrated Distributed Environment (WIDE) Project, which is hosting IETF 76, addressed the plenary audience briefly. Jun invited the audience to come to Hiroshima, Japan, this coming November, pointing attendees to the IETF 76 meeting information that appears on the IETF Web site. Finally, Russ recognized the efforts of the team that had devised and implemented the newly revised IETF Web site, noting that the new look ended up requiring much more effort than had been originally expected.

Postel Award Announced

Internet Society president and CEO Lynn St. Amour announced that this year's Jonathan B. Postel Service Award recognizes the pioneering work of the four principal investigators who conceived and later led the creation of the Computer Science Network (CSNET). The winners are Peter J. Denning, David Farber, Anthony C. Hearn, and Lawrence Landweber. The award also recognizes Kent Curtis, a U.S. National Science Foundation program officer and visionary who was responsible for encouraging and funding CSNET and for providing the critical bridge that connected the original research undertaken through the Advanced Research Projects Agency Network (ARPANET) to the modern Internet. Dave Crocker accepted the award in the name of CSNET and announced that the prize money would be donated to charities that support the Internet.

IAOC Report

Bob Hinden began his report on the activities of the IETF Administrative Oversight Committee (IAOC) by reflecting on the story of a ship on display at the Vasa museum in Stockholm, where the IETF 75 social was held. As the story goes, the ship sank during its maiden voyage. It is assumed that the cause was the addition of a second layer of cannons, which had not been part of the ship's original design. Bob offered up that story to the IETF community as a cautionary tale, suggesting that it's a good example of what can happen when requirements get added after the specifications are in place. In financial terms, the IETF is stable. The financial crisis discussed in the past two meetings did not result in a decrease in number of meeting attendees. However, the IAOC is considering introducing day passes for future IETF meetings. The current year-end forecast assumes a contribution by the Internet Society of USD 1.3 million (USD 1.45 million had been originally budgeted). To date, the IETF has not had to use either Internet Society stimulus money or the shortfall funds of meeting attendees. Bob further reported that the RFC Editor process has been reviewed and restructured. The new model will include an RFC production centre, an RFC publisher, an editor for the RFC Series, and another editor for independent submissions. The current RFC Editor contract with the University of California's Information Sciences Institute will end at the end of 2009.

The IETF Trust

IETF Trust chair Marshall Eubanks reported that changes have been made to the Trust Legal Provisions (TLP) and the Trust Procedures since the last IETF meeting, including steps to improve dialogue with the community. The Trust intends to solicit community participation on the subject of committees in a variety of ways. In the case of intellectual property rights (IPR) issues, which tend to have long histories, the creation of an IPR and TLP subcommittee was proposed, as was a TLP discussion mailing list. Currently, the Trust is working on a procedure for future modifications of the TLP. Assuming that consensus on the general ideas can be reached, the Trust would submit in September a formal document describing the new process. Also with regard to IPR issues, it was noted that there are times when the Trust has to respond to requests for physical proof of IETF attendance. Earlier this year, the Internet Society and the IETF received two requests for such documents, and copies of the relevant material were made and provided. Currently, the blue attendance sheets serve as the only physical proof; everything else is recorded online. The IETF Trust was created on 15 December 2005 under a Trust agreement between the Corporation for National Research Initiatives and the Internet Society. Unlike the IETF, the Trust is a separate legal entity, and the terms of the Trust agreement cannot easily be changed until July 2010. In advance of that date, the Trust will initiate a review of its activities, and it is planning to have a document ready for review by the community prior to IETF 76.

Open-Mic Comments

Other than a few questions directed to the Trust regarding the TLP and other legal activities, the bulk of the open-mic session during the administrative plenary was devoted to the ietf-discuss mailing list. A handful of participants expressed concern that the high volume of traffic on the general discussion mailing list was making it difficult to identify the comments to document Last Calls that get sent to that list. One participant suggested that a separate list be created solely for announcements and discussion of Last Calls. Others felt it would be confusing to add more lists to the existing ones-which includeietf@ietf.org and ietf-announce@ietf.org-and that e-mails related to Last Calls can be identified by their subject line and easily filtered from the rest of the traffic. The general consensus was that it is best to keep the Last Calls on the discussion list. One participant suggested setting up RSS and Atom feeds for each Last Call, which would enable people to subscribe to whichever feed interests them.

IETF 75 Technical Plenary

The Thursday afternoon technical plenary began with Internet Architecture Board (IAB) chair Olaf Kolkman's announcement that the document titled Principles of Internet Host Configuration has been published as RFC 5505 and that Design Choices When Expanding DNS has been published as RFC 5507. The documents titled On RFC Streams Headers and Boilerplates and the RFC Editor Model have both been submitted to the RFC Editor. The IAB is still working on IAB thoughts on IPv6 Network Address Translation, Peer-to-Peer Architectures, Defining the Role and Function of IETF Protocol Parameter Registry Operators, and Evolution of the Internet Protocol model. The IAB is also still working on Uncoordinated Protocol Development Considered Harmful, a new document that aims to demonstrate the importance of a coordinated approach to successful collaboration between standards development organizations (SDOs) and to explain a model for inter-SDO collaborative protocol development that has been successfully executed by the International Telecommunication Union's Telecommunication Standardization Sector (ITU-T) and the IETF. During the IAB retreat earlier this year, three items were identified as the main areas of interest: IPv4 and IPv6 coexistence and how to work toward the best results in IPv6 transition, security of the routing data and the routing control plane, and internationalization issues within the DNS and the applications layer and between the DNS and applications. There were also a number of personnel changes within the community: Eric Burger has been appointed to the Internet Society Board of Trustees, and Patrik Fältström is the new liaison to the ITU-T. Patrik replaces Scott Bradner, who has been serving as liaison since the role was created in 1995. The IAB responded to the National Telecommunications and Information Administration's notice of inquiry on the upcoming expiration of the joint project agreement with the Internet Corporation for Assigned Names and Numbers, reiterating the role of the IETF with respect to protocol parameters. A link to the response is available here

Network Neutrality Debate

  A large part of the IETF 75 technical plenary was devoted to a discussion on the subject of network neutrality. IAB member Marcelo Bagnulo addressed the audience, explaining that the goals of the discussion were threefold: to serve as a means of presenting the debate to the IETF community, to open up a dialogue on how the issue might affect the work of the IETF, and to see whether there is a role for the IETF to play. Barbara van Schewick, assistant professor of law at Stanford Law School presented an overview of the current debate around network neutrality. The term network neutrality describes a principle whereby a network is free of restrictions on content, sites, or platforms; on the kinds of equipment that may be attached; and on the modes of communication allowed, as well as one whereby communication is not unreasonably degraded by other communication streams.1 Concerns have been raised that broadband providers could use their infrastructures to block Internet applications and content. In the United States in particular, but certainly in other countries as well, the possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate. Barbara noted that while the network neutrality debate addresses legal content, it does not address the proper treatment of illegal content or illegal applications-which is of particular concern to the IETF-nor does it address interference with Internet use driven by the government. She pointed out that while not all network providers are interested in blocking content, there are incentives to do so, including increased profit, exclusion of unwanted content, and management of network bandwidth. While the issues associated with network neutrality have become complicated, the key question, according to Barbara, is, Do we want regulation, or is competition sufficient? And what can the IETF do about it? “I have seen people who try to protect nondiscrimination, but how do you do that without being too restrictive?” she asked. “Should all applications be treated alike? “There are lots of trade-offs,” Barbara pointed out in conclusion. “I have seen that providers will usually argue, “˜If I can't do this, I will make smaller profits, so I will deploy less infrastructure.' The other case is the limiting of network innovation. The choice will mean very different results, and the trade-off needs to be viewed in relation to the choices beforehand.” Mark Handley, professor of networked systems at University College London, talked about why the IETF should care about the issue of network neutrality. “Much of the debate concerns legal and economic elements, and we are not good at this,” he said. However, the issues related to network neutrality are different in different parts of the world, and the IETF's technologies have to be able to work everywhere in the world.2 What aspects of net neutrality are most relevant to the IETF? Mark said they are the blocking, rate-limiting, and prioritizing of traffic to or from certain destinations or from certain applications. According to Mark, even though blocking from destinations is not normally an IETF issue, when it comes to security, the IETF does not have a “good story” regarding defence against distributed denial of service or regarding spam prevention. Such a story would likely involve technical mechanisms that are not network neutral. In some places, governments block content because the content is considered illegal or because it poses political problems, which generally are not technical issues. However, the technology is often applied to work around such blocks. Application neutrality, however, is clearly within the scope of the IETF. The question is whether the IETF has provided the right building blocks to allow network operators to manage their networks effectively, taking security and congestion control into account. Mark warned that the community could end up with a network in which innovation can exist only within a narrow set of boundaries or one in which regulators would step in and prohibit broad classes of traffic prioritization. Mark concluded that network neutrality is, for the most part, an economics problem. To date, the IETF has not given Internet service providers effective tools to make the economics work properly. If this doesn't get fixed, he said, the IETF might be faced with bad legislation and hence architectural stagnation, or with ubiquitous deep packet inspection (DPI) and architectural stagnation. He cautioned the IETF that DPI may become the new network address translation and that if used widely, we would get stuck and unable to change things. This would seriously endanger the openness and innovation of the Internet because DPI describes a mechanism that looks at the actual contents of traffic rather than at just source and destination IP-address and port. In the discussion following the presentations, Mark emphasized his desire to “identify technical areas in which the IETF can help reduce the net neutrality effects.” He said he does not believe that the IETF should ignore the debate; rather, it should facilitate a discussion about technological possibilities that can help. According to Ted Hardie, a similar discussion arose at a prior IETF meeting. “How is the discussion about governments or politicians who want to change the network for their benefit different from the discussion about enabling operators to maximize profit?” he asked. “We made a conscious decision to protect the end-to-end network and to allow the network to be controlled by those people who pass the packets rather than the people who initiate the flows. Maybe it's time to let neither profit nor governments control the Net.” Peter Löthberg added that if operators simplified their networks and-instead of deploying equipment primarily to maintain its organizational structure-built a highly optimized network with modern technology to simply deliver packets, they would have a reasonable profit, and congestion in the network would be reduced automatically. When asked to clarify what he meant by his statement that pricing was not an economic challenge but a technological one, Mark responded that at the moment there is no mechanism to hold people accountable for the traffic they are creating. “The bottom line is that we don't even have the technological mechanisms to solve this problem,” he said. Leslie Daigle said that in her own and the Internet Society's experience in working in both the policy and technical worlds, it has been important to educate regulators and policy makers about the implications of heavy-handed and rigid regulations that focus specifically on current network technologies. “The sweet spot is to get regulators to the point where they understand that the definitions of good behaviour and bad behaviour lie outside the technical realm and in the land of appropriate competition and fairness,” she said. Another attendee suggested that the IETF look more toward the user-for instance, by providing better authentication mechanisms and “a better means to filter out the bad guys in the middle.” During the IAB open-mic session, the discussion about what the IETF-and the IAB in particular-can do about network neutrality was continued. Some of the IAB members said they felt that the IAB is not in a position to solve this problem but that it can facilitate the work that is out there. “We create a playing field, not the outcomes,” said Stuart Cheshire. Dave Oran pointed out that the role of the IAB is to look at the interaction where economics and the protocol architecture for the Internet meet. “Issues of local optima and policy for single networks are not where we add value,” he said.

References

1. The definition of net neutrality offered here is adapted from a definition found in Wikipedia. 2. For purposes of understanding how to design protocols when users will have differing views, Mark Handley recommends reading “Tussle in Cyberspace: Defining Tomorrow's Internet,” by David Clark, John Wroclawski, Karen Sollins, and Robert Braden. Read more… (PDF).

IAB/IESG Nominating Committee Members 2009-10

Chair: Mary Barnes Voting Members

• Scott Brim
• David H. Crocker
• Roque Gagliano
• Randall Gellens
• Dorothy Gellert
• Wassim Haddad
• Stephen Kent
• Dimitri Papadimitriou
• Simo Veikkolainen
• Lucy Yong

Nonvoting Members

• Mary Barnes (Chair)
• Joel Halpern (Advisor)
• Henrik Levkowetz (Tools Advisor)v
• Jon Peterson (IAB Liaison)
• Tim Polk (IESG Liaison)
• Henk Uijterwaal (IAOC Liaison)
• Bert Wijnen (ISOC Liaison)

]]> 855 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/connecting-the-dots-at-ietf-75/ Mon, 07 Sep 2009 14:36:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=857

As first-time IETFers, fellows from developing regions quickly figure out the lessons to bring home. Despite worldwide apprehension about global economic unsteadiness, the seven Internet Society Fellowship to the IETF Programme fellows arriving in Stockholm for IETF5 75 brought with them their optimism and high expectations for a productive meeting. The fellowship programme is designed to help stimulate Internet growth in developing nations by immersing technologists from those regions in the work being done by the IETF. Each meeting, a new set of fellows, including a handful of returning fellows, are given the opportunity to improve their technical skills and become more engaged in the standards development process. The IETF Journal contacted each of the fellows to see what they thought of the experience and to ask them to report on the impact the event has had on their work. Most of the fellows' sentiments were captured in the comment made by Vinayak Hegde, who told us candidly: “I had high expectations for IETF 75, and it more than lived up to them. It was easy to approach anyone and ask questions, and people were very helpful and friendly.”? Vinayak, who's been a member of the Internet Society's Chennai (India) Chapter since the Chapter's inception, came to Stockholm to work with other like-minded people on Internet Drafts in the areas of Web application performance and streaming performance measurements. The meeting has already changed the way Vinayak works. “An example is RFC 2330 [Framework for IP Performance Metrics], which provides a framework for the measurements I am doing. Previous to this, some of the metrics that we had been using were more ad hoc, or not so well defined. Now I am trying to make them conform to this RFC. For fellow Haris Shamsi, a founding member of the IPv6 Task Force Pakistan, the meeting's combination of technical information and organizational technique will have a lasting impact. Aside from attending a number of IETF working groups (WGs)-v6ops [IPv6 Operations] and 6lowpan [IPv6 over Low power Wireless Personal Area Networks] in particular-which really helped him in his work at Pakistan's largest mobile communications company, it was, he said, “the methodology of rough consensus and the way chairs tackle the experts group that really helped me devise a way to communicate with the team and the associates I am working with in Pakistan.”? Furthermore, Haris plans to adopt the same decision-making methodologies in work-related matters. “IETF 75 was among a few of the best experiences of my life,”? he wrote by e-mail. “The event not only gave me a chance to meet up with the experts from around the world but also helped me understand the process and methodology of the IETF.”? Aminul Haque Chowdhury, of Bangladesh, is studying for his master of science degree in South Korea. While pursuing his studies, he's working on the Internet drafts 6LoWPAN Bootstrapping and 6LoWPAN IPv6 ND Optimizations as well as on the draft 6LoWPAN Routing Requirements. Like Haris, Aminul also felt the event was helpful to him in his work-in part because two of the WGs, 6lowpan and roll, are involved in similar research areas. He attended those two meetings at IETF 75, as well as the manet (Mobile Ad-hoc Networks) WG, the Transport area meeting, and the peer-to-peer research group meeting. For Aminul, the goal is to apply techniques that can maximize infrastructure as much as possible. “In Bangladesh,”? he wrote by e-mail, “we were connected with the information superhighway via fibre-optic cable for more than three years. However, the Internet is still expensive and not available everywhere.”? Aminul claims that though his country has a good fibre-optic network-mainly because it supports the railway communication system via fibre optic-the country still is not using 100 percent of its capacity. “There are many ISPs growing day by day, but with only a few exceptions, bandwidth is too low,”? he wrote. Hamid Mukhtar, who is from Pakistan but who is a graduate student in South Korea, is pursuing research on network management, mobility, and collateral issues associated with IP-based wireless sensor networks-more specifically, 6lowpans. He's also working on standardization of network management through the IETF's 6lowpan WG and he has contributed a draft to the 6lowpan WG. Hamid says he's interested in the work going on in the mext WG, and he wants to extend it for the mobility issues of the 6lowpanWG. To see Hamid's draft, visit http://tools.ietf.org/draft/draft-daniel-lowpan-mib/draft-daniel-lowpan-.... Ronald Nsubuga, who is MTN Uganda's senior administrator of IP Data Networks, also attended IETF 75 as a fellow. He said that for many years he has wanted “to meet the team that has developed the Internet”? and to “represent the AfriNIC members in this process of RFC, BCP and Internet practices development worldwide.”? His experience, he said, was gratifying. “I found it to be an eye-opener to see so many works that have been contributed by different engineers to Internet development over the years,”? he said. For Ronald, the connection to the other attendees and their work was immediate. “The meeting connected with my work in the sense that most of the protocols being used today still need to be developed and tested for future use-like IPv6 and DNSSEC-with the respective challenges that come along,”? he said by e-mail. Ronald added that Uganda has long been connected to the Internet through satellite providers. “As of late July we had the first test over SEACOM's fibre cable, and you can imagine the excitement!”? he wrote. “On top of that, other operators are working along with different operators to get other cables laid-like TEAMS and EASSY-for better connectivity. As we are waiting to see a huge drop from 500 ms-1,000 ms (which we are getting via satellite) down to 160 ms-300 ms, that will be a huge improvement. It's the same thing we are anticipating in the drop of prices for the cost of the bandwidth and good capacity.”? Even so, Ronald admits there are challenges, such as the high cost of connectivity and little attention being paid to IPv6 adoption and deployment because, as he said, “many operators were still looking at IPv6 adaptation as a thing, or technology, that doesn't have a business case.”? Fellow Dorcas Muthoni Gachari runs a software firm (http://www.openworld.co.ke) in Kenya that provides professional services ranging from requirements definition and specification, system analysis, system design, software development, customization, integration, and implementation to training, support, and maintenance. According to Dorcas, the company's focus is on public corporations “with special emphasis on e-government Web applications for Kenya and the wider African region.”? In addition to her regular responsibilities, Dorcas runs a user group (linuxchix) for woman engineers across Africa, “where we mentor young women to pursue careers in computing as well as build capacity for practicing women.”? Dorcas said she frequently offers her training facility to a Kenyan user group called Skunkworks, and that in the future, together with other IETF alumni, the group plans to conduct tutorials that would attract more Kenyan engineers to IETF working groups. What advice do the fellows have for future fellows and other newcomers to the IETF? Fellow Afaf Maayati of Morocco suggests reading first of all the tao of the IETF. Afaf works at Morocco's National Telecommunications Regulatory Agency (ANRT) as a project manager of the ccTLD .ma and is a participant in the Pilot Project for Arabic Domain Names. She also suggests that future fellows understand in advance that “At IETF working group meetings there is no introduction or background material, so a future fellow has to be prepared in advance by reading the IETF working group documents relevant to an area of interest.”? Newcomers, however, are not without support, Afaf acknowledges. “It's also very interesting and instructive to attend the newcomers' training, on the first day of the IETF,”? she suggests. “So, plan to be there!”? IETF fellows are paired with mentors, most of whom are veteran IETFers and experienced Internet technologists and engineers. Often, the mentors make lasting impressions on the fellows. “My mentor was Fred Baker, and he chairs the v6ops WG,”? says Ronald Nsubuga. “He was very helpful in the preparations for the IETF meeting. For example, he gave me a clear difference between a working group and a BoF [birds-of-a-feather session], which I wanted to know, to follow what home gate is all about.”? The Internet Society extends its sincere gratitude to the sponsors of the ISOC IETF Fellowship to the IETF Programme: Afilias, Google, Intel, Microsoft, and Nominet Trust. To find out more about becoming a sponsor and about sponsorship's benefits to your organization or send e-mail to fellow-sponsor@isoc.org.

IETF 75 Fellows and Mentors

• Aminul Haque Chowdhury (Bangladesh), Mentor: Mat Ford
• Dorcas Muthoni Gachari (Kenya), Mentor: Joe Abley
• Vinayak Hegde (India), Mentor: Al Morton
• Afaf Maayati (Morocco), Mentor: João Damas
• Hamid Mukhtar (Pakistan), Mentor: Phil Roberts
• Ronald Nsubuga (Uganda), Mentor: Fred Baker
• Muhammad Haris Shamsi (Pakistan), Mentor: Samita Chakrabarti

Returning Fellows

• Alejandro Acosta (Venezuela)
• Alberto Castro (Uruguay)
• Martín Germán (Uruguay)
• Jean Philemon Kissangou (Congo)
• Eduardo Ascenço Reis (Brazil)

]]> 857 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-long-road-to-dnssec-deployment/ Mon, 07 Sep 2009 14:37:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=859

A panel discussion at IETF 75 helps shed light on the need for DNS security and the reasons why it has taken so long.   Few technologies are more critical to the operation of the Internet than the Domain Name System (DNS). At the time of its development-and for many years since-the DNS has functioned without many formal security mechanisms, thereby making it vulnerable to DNS spoofing and other malicious attacks. In 2008, Dan Kaminsky released his now famous bug, demonstrating how easily an attacker can trick Internet users by temporarily taking over a domain name and redirecting queries to another server. The vulnerabilities of the DNS were discovered long before the Kaminsky bug, with discussions taking place as far back as 1990. The watershed moment came in 1995 in the form of a paper published by Steve Bellovin in which he described the system's key weaknesses. In 1997, a set of open standards that would authenticate DNS data by using public key infrastructure to digitally sign DNS records was developed and published as RFC 2065: Domain Name System Security Extensions (DNSSEC). In simple terms, DNSSEC is designed to enable authentication of DNS response data. It verifies responses to make sure that what you get from a DNS server is what the zone administrator intended. It does not address all threats (nothing does), but it provides a building block for providing additional data security-and not just within the DNS but also within the applications and services that are built on it. After nearly 15 years of discussion and development, deployment of the DNSSEC is gaining momentum. In July 2009, the Internet Society organized a panel discussion in Stockholm as part of IETF 75 for the purpose of making the issues associated with the adoption of DNSSEC accessible to a broader audience.See details, including presentation materials and a transcript. Moderated by Leslie Daigle, the Internet Society's chief Internet technology officer, the panel featured a distinguished group of developers, administrators, and Internet infrastructure operators who talked about their experiences with DNSSEC, the problems they've had to overcome, and what they see as next steps toward a more robustly secure Internet. AcPIR’s Jim Galvin presents at DNSSEC panel at IETF 75.  

DNSSEC History

In the scheme of things, 15 years seems like a long time to wait for a DNS security framework to be put in place. Panellist Olaf Kolkman said he believes the delays can be traced to three “key actors”? in the DNS deployment world that created a chicken-and-egg problem. The first is the DNS hierarchy, which includes the root and moving into the enterprises and companies that make the high-level decisions. They are the people who need to sign and deploy DNSSEC so that those in the second group, who maintain ISP infrastructure, can validate the components that are used for validating the name servers. Finally, there are the people who can provide operating system and applications support once everything is in place. The chicken-and-egg problem comes in when the DNS hierarchy decision makers ask why they should invest in signing when signatures are not being validated; when the ISPs ask why they should invest in validation when there is nothing to validate; and when the operating system and application support folks ask why they should invest in development when there is so little infrastructure. When RFC 2535 was published, DNSSEC seemed ready for deployment. There was a period of code development and standardization, including regular interaction between the two, from 1995 to 2000, but there was very little deployment, except in a few labs. In 2000, the first real deployment trials began. Sweden's .se registry was interested in signing but discovered privacy and scalability issues. As Olaf explained, it wasn't until the registry world was making the jump to early deployment that both the standardization team and the development team noticed that something had been missed. The standardization efforts began anew. By 2008, the privacy and scalability issues had been addressed in the form of a technology known as NSEC3. Soon afterward, training became available, and software was being developed to facilitate deployment outside the laboratory setting. Top-level domains started signing, and things started bubbling up. “Right now, I think we are at the sweet spot when it comes to deployment,”? Olaf said. “We are at the sweet spot of making the Internet as a whole a more secure place.”?

A View from the Registry

As the top-level-domain registry for Sweden, .SE takes the issue of DNS security seriously. The company began working with DNSSEC in 1999, but it wasn't until the Kaminsky bug that the company began to thinking beyond the technology and about things like education on, marketing for, and pricing of DNS security services. As panellist Patrik Wallström of .SE explained, the company originally charged a fairly high price for DNSSEC, but after the Kaminsky bug, the company dropped the pricing altogether. “We consider this to be an important piece of the Internet infrastructure,”? he said. With the Kaminsky bug still fresh in everyone's minds, .SE was noticing that a large number of servers were vulnerable to attack. In the interest of reducing that number, .SE launched a DNS security promotional Web site. The site features a movie that demonstrates an attack on the DNS. It also enables visitors to see whether their computers are vulnerable to the Kaminsky bug; if so, the visitor is given advice about what to do. It can also test a visitor's domain to see whether it runs DNSSEC. Now the company is working to help registrars become active in promoting DNSSEC, and it is working with all of the major Swedish resolver operators to make sure they validate domain names as well. In general, .SE is using education and public relations to make people in Sweden aware of what the Kaminsky bug really means and why they should secure their name servers. As a result, a number of high-profile domains have signed. The value of the company's educational and promotional efforts became especially evident when the Swedish tax office and the Swedish election tax office domain names signed. “The vote survived the recent election and the recent tax returns, so we have really proved that DNSSEC works by now,”? said Patrik. Deployment, however, was not without problems. In particular, problems arose with one large domain in Sweden, but, as Patrik explained, that ended up being a bug in the BIND, which two of the major ISPs were using. There was, however, a problem with home routers that did not let large packets through, but that was resolved, as was the problem with name servers, which they solved with better monitoring. The major problem now is with registration transfers in cases when one registrar does DNSSEC and the other does not. Patrik said this would eventually be solved through education. Currently, all Swedish registrars that have registrations for the .se domain have an agreement with .SE that, at the very least, they must be able to remove DNS records from the delegation. Speaking to the experiences of the .org domain space was Jim Galvin, who pointed out that the Public Interest Registry, which runs .org, was created to serve the public interest. “The .org brand is known for being informative, well-intentioned, trustworthy, and the source of valuable information,”? he said. “DNSSEC was a natural extension of all of those elements, and so it seemed pretty obvious that it was the right thing to do.”? The .org TLD finalized signing the zone with DNSSEC on 2 June 2009. The threats to the DNS cannot be understated, said Jim. As recently as July 2009, Irish Internet service provider Eircom, within the previous few weeks, reported it had been targeted by a cache poisoning attack that redirected customers to sites they did not intend to visit.1 As scary as those attacks were, securing the DNS, as Jim pointed out, is not about just the DNS. “It is not about the man-in-the-middle attacks and getting false information about the DNS,”? he said. “It is about securing an infrastructure protocol.”? Clearly, that protocol matters more and more as societies become increasingly dependent on the Internet for storing and relaying sensitive data such as online health records and conducting online transactions. Jim offered specific advice about what TLDs and other community members could do as they make plans to sign their domain. First, he suggests making technology the key driver for whatever is done-as opposed to public relations, marketing, or management issues. “DNSSEC will change your operation and the way you do things,”? he said. “It is important to put the time into making sure that things are going to work right. And you can't let that be driven by anything other than the technology itself.”? Second, Jim suggests adopting a strategy of collaboration. “There are plenty of experts and they are all willing to help, and you should let them,”? he said. Finally, he advocates a phased approach, particularly for an undertaking as large as DNS security. Today, roughly 50 percent of the queries that Afilias gets are asking for DNSSEC information-something Jim says should be kept in mind if you're a TLD or a larger enterprise. Equally notable is that from 1 June to 3 June, when .org was signed, TCP traffic increased by two orders of magnitude. While it did not have a measurable impact on operations, PIR is still, as Jim pointed out, thinking about what they can do to optimize that and make things better in the future. Panellist Matt Larson of VeriSign discussed plans to sign the .com and .net TLDs. VeriSign has had a long involvement with DNS security-not just with DNSSEC but also with the NSEC3 extension. The company helped develop the NSEC3 extension and has been involved with the addressing of issues of privacy and scalability. According to Matt, when a zone is signed with DNSSEC, the size of that zone can grow quite large-as large as three or four times its size. At a current rate of 90 million delegations between .com and .net, the effect of DNSSEC could be enormous. However, Matt assured the audience that NSEC3 should allow them to scale “much more gracefully.”? Given the breadth of change that would result from DNSSEC, VeriSign has conducted a handful of pilot projects. This has allowed the company to gain operational experience. One of the pilot projects dealt with NSEC3, but the most recent pilot involved signing the root zone, in which VeriSign used the production signing infrastructure that it uses for its certificate business to secure and handle the cryptographic signing of a test root zone. The actual signing of the production root zone will use a similar architecture. “If you have a domain underneath .com or .net and you want to sign it and take full advantage of DNSSEC, it does require that .com and .net also be signed,”? said Matt. “In my opinion, it is one of the largest changes we'll have done with DNS, so as a result, we are approaching this cautiously.”? Not surprisingly, VeriSign will be using the NSEC3 protocol, and its registrars will be provisioning DS records. In addition, a set of root zone signing requirements has been developed by the U.S. Department of Commerce and is undergoing technical review. The actual signing is going to be a collaborative effort between VeriSign and the Internet Corporation for Assigned Names and Numbers (ICANN). VeriSign and ICANN are the current contractors to the Department of Commerce and the partners that provide the root zone today. The road to signing the root has been a long and difficult one, said panellist Richard Lamb of ICANN. However, it is regarded by ICANN and many in the community as an essential step toward greater DNS security. The benefits of DNSSEC in this regard are varied. First, it removes deployment barriers, and it lends simplicity by having a single key, as opposed to multiple TLDs. Second, it allows for compromise recovery. And finally, DNSSEC makes it possible to unsign, if that becomes necessary. According to Richard, the issue of cybersecurity has captured the attention of the U.S. White House and is the basis for a report being circulated within the Obama Administration. “We cannot improve cybersecurity without improving authentication,”? said Lamb. “Today there is a generalized awareness of the need to implement the security extensions already at the root of the Domain Name System,”? Richard said. “With the widespread deployment of DNSSEC, we will be able to create a platform for innovation, new product development, and international cooperation.”

DNSSEC Panelists

Leslie Daigle, The Internet Society (moderator) Jim Galvin, Public Interest Registry Olaf Kolkman, NLnet Labs Richard Lamb, ICANN Matt Larson, Verisign Patrick WallstrÃm, .SE

Reference

1. www.siliconrepublic.com/news/article/13448/cio/eircom-reveals-cache-poisoningattack-by-hacker-led-to-outages.

]]> 859 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/geopriv-creating-building-blocks-for-managing-location-privacy-on-the-internet/ Mon, 07 Sep 2009 14:39:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=861

Technical standards bodies that reuse the IETF's work sometimes describe its method as creating reusable building blocks rather than whole-system architectures that are carefully tailored to specific environments. That approach has long reflected the variety of environments in which IETF protocols are required to operate. The real utility of a building block tends to surface only after reuse starts to snowball. HTTP provides an obvious example, since it's been transporting much more than hypertext for a decade, and its success has spurred a generation of protocol designers who have reused the most portable elements of its design. The work of the Geographic Location/Privacy working group (GEOPRIV WG) has always been a little different because the decision to create a new type of building block was not made in response to a specific technical need. In the case of GEOPRIV, the IETF's leadership recognised a set of problems with a series of technical proposals around location: the first was that proposals ignored the privacy implications of the release of location data, and the second was that almost all existing security mechanisms were designed around individual protocols. With the creation of GEOPRIV, the Internet Engineering Steering Group (IESG) set out to charter a group that would focus as much on the privacy implications of the data transmitted as on the successful transmission of the data itself. Moreover, the IESG recognised early that data continually leaks from one protocol to another-for example, by moving from the Web to e-mail. Therefore, it charged the group with developing a system that worked both within and across many protocols.

Key Building Blocks

The work of the GEOPRIV WG is encapsulated by the diagram at the right from draft-ietf-geopriv-arch-00. In this model, a location generator passes information about the location of a target (such as an individual with a mobile device) to a location server, where the rules for disseminating that information are applied. A new location object (LO) is then created and passed to location recipients. That location object reflects the information that the specific recipient is permitted to have and embodies the rules governing how the recipient can use the object. There are a number of different kinds of rules that might be applied to the location information. One key type of rule describes whether the recipient may or may not retransmit the location object to other parties. The protocol used for that transmission has no effect on the permission. It does not matter whether the retransmission is by e-mail, instant message, or broadcast; the same rules apply in every case. To give a concrete example, imagine for a moment that our target is a student with a laptop. The location generator could be a programme on the student's laptop that derives information from a specific type of input, such as the Dynamic Host Configuration Protocol (DHCP) messages described in RFC 4776: Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration Information. The rule maker might be the individual student, the student's parents, or even the student's school. Assuming for a moment that the parents are the rule makers, they would determine to whom location information could be given, what granularity of information would be available, and whether or not those receiving the information could retransmit it to others. The parents might, for example, create a rule that would allow anyone to request and receive their child's time zone information (useful for avoiding late-night calls) and to pass that information on to others. A second rule might allow precise data to be sent to requesting family members but limit the retransmission of that information to others. The location object created after the rules have already been applied would contain the permitted data appropriate to the requester along with any specific privacy rules. Note that the rules that get created are always grants of permission, never of denial. If a rule grants access to time zone data to all, no rules can be applied later that restrict that access; the rules can only expand to include new data. This somewhat limits the form in which rules can be described, but it also ensures that if an externally referenced rule is not available when a location object is created, the resulting object has no data that would have been removed by a rule that is missing. The format used for carrying this information-Presence Information Data Format Location Object (PIDF-LO)-is described in RFC 4119: A Presence-based GEOPRIV Location Object Format, RFC 5139: Revised Civic Location Format for Presence Information Data Format Location Object (PIDF-LO), and RFC 5491: GEOPRIV Presence Information Data Format Location Object (PIDF-LO) Usage Clarification, Considerations, and Recommendations and is an extension of the format used for carrying presence information for instant messaging buddy lists. However, instead of saying “available for chat,”? “busy,”? or “bored,”? the status element carries either geolocation (latitude, longitude, and altitude) or civic location (street address, town name, and so on) plus the usage rules and, optionally, the method by which the information was derived and the identity of the provider of the information. The extension of the PIDF “status”? element with these fields means that any presence-based system should be able to quickly and easily adapt to the GEOPRIV architecture. The system is not limited to presence systems, though, and any protocol that can carry an XML MIME [extensible markup language Multimedia Internet Message Extensions] type can carry a PIDF-LO object. That means applications for e-mail and the Web start off with an advantage for adopting GEOPRIV, since each already uses MIME to determine which external programmes or subroutines should handle specific content types.

Adaptability

Even within the IETF suite, there are protocols for which XML and MIME are not part of the available tool kit. Adapting the GEOPRIV architecture to those protocols presents a significant challenge. RFC 5580: Carrying Location Objects in RADIUS and Diameter, which describes the methods by which location objects can be carried in RADIUS and Diameter, is one recent document that shows how to apply the GEOPRIV model in a situation where PIDF-LO is simply too large to fit within the protocol's current format. While movement between this format and the existing objects requires some translation, RFC 5580's fidelity to the GEOPRIV model means that it matches the chartered aim of avoiding protocol-specific solutions despite introducing concepts such as “home network”? and “visited network,”? which were not present in the initial work. While the RADIUS bitmaps and PIDF-LO XML snippets may look very different, the boxes and arrows in the diagram still apply. There are additional contexts that require GEOPRIV to be adaptable, including instances when not all of its boxes and arrows are present. One example is emergency services. One of the great driving forces for making location determination ubiquitous is the need to have it available for routing emergency services, but that same force may sometimes create tension in the GEOPRIV model. GEOPRIV is built around the idea that a rule maker should control access to information about the targets for which it is responsible. In most cases, that means that an individual should have the right to control access to information about that individual's location. By contrast, in emergency services, the laws of a local jurisdiction can and often do set rules that do not change with the desires of the individual. The jurisdiction becomes a kind of overriding rule maker, but one whose rules are not encoded with the location itself in a unified object such as a PIDF-LO. That means location systems must track the context (an emergency versus a nonemergency situation) in order to correctly apply the relevant rules. In other words, in the context of an emergency, there may be tremendous temptation to skip all of the steps encompassed in the GEOPRIV model. While skipping those steps in an emergency situation may be required, there is some risk that doing so might lead to skipping those steps under normal conditions. To those not familiar with the privacy concerns that gave rise to GEOPRIV, the very first step of the GEOPRIV flow looks temptingly complete: location information flows from one party to another. That may even be the case for those familiar with only some of GEOPRIV's more recent work, in which much of the focus has been on protocols that provide location information to location generators. An example is the proposal for a “geo”? uniform resource identifier (URI), which aims to encode a location in a format that can be carried in the same protocol slots as a Web site reference or an e-mail address. With no identity information and no rules, this URI is not a location object. When combined with other information in an e-mail or on a Web site, though, it easily takes on that role. In draft-ietf-geopriv-geo-uri-02, the authors give an example location of geo:48.2010,16.3695,183, noting in the text that it's the address of one of their offices. While this may be a combination of identity and location of which the authors are willing to permit unlimited distribution, we can only infer that information from its inclusion in an Internet-Draft (based on the draft's boilerplate about redistribution). The geo URI itself gives us no way to know for sure; it's merely a reference to a location without any rules for privacy and redistribution that make location objects survive context changes with that information intact. The fact that location objects encode those rules means they can survive those context shifts, demonstrating a key benefit of GEOPRIV's model. Retaining that benefit, regardless of the apparent simplicity of other choices, is necessary to the future success of services based on location, as well as to minimization of the privacy issues that could flow from their wide deployment and use.

Location-Specific Privacy Risks

While location-based services raise some privacy concerns that are common to all forms of personal information, in some instances many of those concerns are heightened, while others are uniquely applicable in the context of location information. Location information is frequently generated on or by mobile devices. Because individuals often carry mobile devices with them, location information may be used to form a comprehensive record of an individual's movements and activities. On one hand, other kinds of data, such as an individual's medical records or bank statements, could, arguably, be considered more sensitive than location information, since they provide snapshots of an individual's particular activities at any given moment or specific details about certain aspects of the person's life. On the other hand, location information may be collected everywhere and at any time-often without explicit user interaction-and that information may potentially describe both what a person is doing and where the person is doing it. The fact that an individual's mobile device location is obtained when the person is at a bank can reveal not only that the person was at the bank but also what time it was and which branch it was. Location-based services may allow for amassing such data points about an individual's every movement, potentially spurring the creation of richly detailed profiles of individual behaviour. The availability of location information may also allow an individual's whereabouts to unwittingly become more public than the person desires, with potentially serious consequences. Location information could, for example, reveal that an individual was in a particular medical clinic or government building, leading to the possibility of the sharing of sensitive information about an individual that the person never meant to have shared. The ubiquity of location information may also increase the risk of stalking and domestic violence if perpetrators are able to use-or abuse-location-based services to gain access to location information about potential victims. Additionally, access to location information raises significant child-safety concerns as more and more children are in possession of location-aware devices. Finally, location information is, and will continue to be, of particular interest to governments and law enforcers around the world. The existence of detailed records of individuals' movements should not automatically facilitate the ability of governments to track citizens. Unfortunately, in some jurisdictions, laws dictating what government agents must do to obtain location data are either nonexistent or out-of-date.

Privacy Paradigms

Traditionally, it is the recipients of data who decide the extent to which an individual enjoys privacy protections on the Internet. Internet users may or may not be aware of the privacy practices of the entities with which they share data. Even if they are aware, they have generally been limited to making a binary choice between sharing or not sharing data with a particular entity. Internet users have not historically been granted the opportunity to express their own privacy preferences to the recipients of their data and to have those preferences honoured. This paradigm is problematic because the interests of data recipients are often not aligned with the interests of data subjects. While both parties may agree that data should be collected, used, disclosed, and retained as necessary to deliver a particular service to the data subject, the data subject may not agree about how the data should otherwise be used. For example, in order to receive a newsletter, an Internet user may gladly provide an e-mail address for use by a Web-based service, but the person may not want the service to share that e-mail address with others, whereas the service might profit from such sharing. From the user's perspective, the choice between providing the address for both purposes or not providing it at all is less than ideal. The GEOPRIV model departs from this paradigm for privacy protection. As covered earlier, location information can be uniquely sensitive. And as siloed location-based services emerge and proliferate, they increasingly require standardized protocols for communicating location information between services and entities. Recognizing both of these dynamics, GEOPRIV gives data subjects the ability to express their choices with respect to their own location information rather than allowing the recipients of the information to define how it will be used. The combination of heightened privacy risk and the need for standardization compelled the GEOPRIV designers to shift away from the prevailing Internet privacy model, instead empowering users to express their privacy preferences about the use of their location information. The GEOPRIV work does not, by itself, offer technical means through which it can be guaranteed that location-privacy rules will be honoured by recipients. The privacy protections in the GEOPRIV architecture are largely the results of recipients of location information being informed of relevant privacy rules and of the need to use that information in accordance with those rules. The distributed nature of the architecture inherently limits the degree to which compliance can be guaranteed and verified by technical means. By binding privacy rules to location information, however, GEOPRIV provides valuable information about users' privacy preferences so that nontechnical forces-such as legal contracts, government consumer protection authorities, and marketplace feedback-can better enforce privacy preferences. For example, in a growing number of countries, if a commercial recipient of location information violates the location rules that are bound to the information, the recipient can be charged with violating consumer or data protection laws. When rules are not tied to location information, consumer protection authorities are less able to protect consumers whose location information has been abused. Location information is available through more interfaces and devices than ever before, yet because of the sensitivity of location information, that relationship requires a model for conveyance that has privacy protections built in. Binding privacy rules to location information requires recipients of location information to confront privacy head-on. The building blocks GEOPRIV has created provide the materials to create adaptable frameworks that pave the way for privacy-protective location conveyance.

]]> 861 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/address-sharing-coming-to-a-network-near-you/ Sun, 07 Jun 2009 14:53:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=876 Read Report… Allocations from the Regional Internet Registries are anticipated to be complete a year later, although the exact date will vary from registry to registry. This looming address crunch is causing Internet service providers (ISPs) around the world to start to question how they will continue providing IPv4 service for IPv4-speaking customers when there are no longer sufficient IPv4 addresses to allocate. Universal IPv6 deployment was originally thought to be the solution to ensure continued global addressability of an ever-expanding network. However, it appears likely that there will be a gap between the demise of the IPv4 free pool of addresses and the arrival of IPv6. Several possible solutions aimed at bridging that gap are now emerging. In this article we discuss some of the criteria that will help the community evaluate the merits of those choices and we cover the common and potentially serious issues to which address sharing across multiple subscribers may inevitably give rise. In addition, while network operators are busy devising solutions to the addressing problem that is looming on the horizon, content providers are encouraged to consider the impact of shared addressing on their business and operational practices.

Guiding Principles

The end-to-end principle is the core architectural guideline of the Internet. Section 2 of RFC 3724 RFC 3724-The Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet Architecture-provides a concise history of the end-to-end principle. While the original articulation was concerned with where best to place functionality in a communication system, the growth and development of the Internet have resulted in an expansion of the scope of the end-to-end principle. The principle now encompasses the question of where best to locate the state associated with Internet applications. This expanded principle is well articulated in RFC 1958: Architectural Principles of the Internet: An end-to-end protocol design should not rely on the maintenance of state (i.e., information about the state of the end-to-end communication) inside the network. Such state should be maintained only in the endpoints, in such a way that the state can only be destroyed when the endpoint itself breaks (known as fate-sharing). The end-to-end principle is, arguably, the fundamental principle of the Internet architecture. In a sense, the Internet is the embodiment of the principle. By allowing either tacit or explicit erosion of the principle as we apply our understanding to the construction and operation of the global network, we allow the dismantling of the utility itself. Unfortunately, address sharing threatens just such erosion. Shared-addressing solutions are being proposed as pragmatic responses to the very real problems faced by operators who need to be able to continue providing service for customers who do not have IPv6-capable equipment or who want to access services that are available only via IPv4. However, while we advocate solutions that allow continued operation of the IPv4 Internet and the continued provision of services for IPv4-speaking customers, we do not in any way advocate prolonging the life of IPv4 or of any solution that delays the widespread adoption of IPv6. Based on the importance of the end-to-end principle and the ultimate goal of global addressability through widespread IPv6 deployment as discussed earlier, solutions to the problem of how to continue providing IPv4 service post-IPv4-address completion should be judged on two primary criteria:

1. The ability of the end user to readily control the parameters of the solution to minimize the impact of the solution on the end-to-end communication and
2. The extent to which the solution affords a natural progression to widespread IPv6 deployment.

Adherence to these criteria will minimize the impact of address sharing on end-to-end communications, and it will keep the network on track toward the universal deployment of IPv6.

Potential Responses to IPv4 Address Shortages

Assuming ISPs wish to continue growing their businesses in a post-IPv4 world, there are a number of possible avenues they can take:

• Obtain previously allocated IPv4 addresses through some unspecified means;
• Deploy large-scale address translation and allocate customers with private addresses; or
• Deploy a port-shared addressing solution whereby customers would get public addresses with fewer available ports.

Let us deal with each of these in turn.

Obtain Previously Allocated Addresses

Acquisition of previously allocated IPv4 addresses by whatever means is a strategy with currently unknown (but definitely limited) viability. It is also impossible to estimate in advance the cost of such an approach, so it does nothing to minimize business risk. Acquiring previously allocated addresses may provide a short-term tactical solution whereby a relatively small number of addresses are required urgently to address a specific need. It is not a solution that has the potential for long-term network business growth. It is likely that previously allocated blocks acquired by whatever means will be small and that obtaining lots of contiguous small blocks may be impossible. This would inevitably lead to operational complexity and associated cost for the network operator taking this approach. In other words, except as a short-term solution, it is operationally unsustainable.

Deploy Large-Scale Address Sharing and Allocate Private Addresses

In light of the two criteria for judging solutions to the IPv4 address shortage that we have identified, so-called carrier- grade network address translation (NAT) proposals-otherwise known as CGN (I-D.nishitani-cgn)-raise several issues. Centralization of NAT functionality in the network core may reduce the abilities of end users to deploy applications as they wish without support from the network operator. This means that unadorned CGN solutions may struggle to meet the first criterion. Providing mechanisms for end users to control their treatment by the CGN may go some way toward mitigating that concern; however, those mechanisms would need to be very carefully engineered to avoid raising additional scalability and resilience concerns of their own. CGNs may create a single point of failure for all of their clients, and they may decrease the resilience of the network from an end user's perspective. CGN implementations may also struggle when considering the second criterion, as there is no requirement to make use of IPv6 technology as part of the solution. For these reasons there is a real risk that CGNs will do nothing to advance the state of IPv6 deployment; in fact, they will serve only to degrade the utility of the current network. However, for ISPs that don't have any control over their customer provided equipment (CPE), CGN is an obvious and flexible solution for continuing to provide IPv4 service post-runout. While the subject of CGN deployment has arisen recently in the context of IPv4 address depletion, some operators, particularly mobile network operators, have long histories of allocating private addresses to their subscribers. Recent discussions have indicated that the increasing sophistication of both mobile handsets and the applications that run on them is driving operators of mobile networks toward public addressing solutions, including IPv6 deployment, to improve scalability and to minimize operating expenses. This suggests that those operators with real-world experience of CGN technology are already choosing to migrate away from it as a solution to their addressing needs.

Improving on CGN

How could we do better? There are proposals currently in the IETF that attempt to address one or both of the criteria identified earlier. These alternative proposals use IPv6 as a transport substrate for the legacy traffic [I-D.durand-softwire-dual-stack-lite]-thereby motivating IPv6 deployment-and may also ensure that control over the fate of end-user applications be kept as close to the end user as possible by distributing the NAT functionality toward the CPE [I-D.ymbk-aplusp]. However, some reduction of utility for IPv4-speaking Internet users is unavoidable in the future. It is inevitable that a reduced number of ports will be available for individual end-user applications. Operation of servers on well-known ports will most probably be an activity that is restricted to users willing to pay premiums for higher tiers of service contract. These may turn out to be good incentives for end users to migrate to IPv6.

Issues with Shared-Address Solutions

A number of proposals that came up for discussion as part of the Sharing of an IPv4 Address (shara) BoF meeting at IETF 74 in San Francisco rely on the concept of address sharing across multiple subscribers in order to achieve their goals. These proposals include carrier-grade NAT [I-D.nishitani- cgn], Dual-Stack-Lite [I-D.durand-softwire-dual-stack-lite], NAT64 [I-D.bagnulo-behave-nat64], IVI [I-D.baker-behave-ivi], Address+ Port proposals [I-D.ymbk-aplusp] [I-D.boucadair-port- range], and SAM [I-D.despres-sam]. In many operator networks today, a subscriber receives a single public IPv4 address at the subscriber's home or small business. Within that home or small business there is a NAT function that translates private addresses (RFC 1918 addresses) issued from devices within the home. All of those devices share the single public IPv4 address, and all are associated with a single small set of users and a single operator subscriber account. With the new proposals, a single public IPv4 address would be shared by a number of homes or small businesses, such as multiple subscribers, so the operational paradigm described earlier would no longer apply. All of the previously described proposals share a number of technical or operational issues, and these are addressed in the subsections that follow.

Fragmentation and Broken Applications

Address sharing has the potential to break a wide range of applications, such as applications that establish inbound communications, carry port information in the payload, carry address information in the payload, use well-known ports, do not use ports (Internet Control Message Protocol, or ICMP), assume uniqueness of IP addresses, or explicitly prohibit multiple simultaneous connections from the same IP address. In addition, IP fragmentation will require special handling.

Port Distribution, Port Reservation, Port Negotiation

When we talk about port numbers, we need to make a distinction between outgoing connections and incoming connections. For outgoing connections, the actual source port number used is usually irrelevant. But for incoming connections, the specific port numbers allocated to customers matter because they are part of external referrals; in other words, third parties use them to contact services run by the customers. It is desirable to make sure those incoming ports remain stable over time, which is challenging because the network does not know anything in particular about the applications that it is supporting. The network has no real notion of how long an application or service session will remain ongoing and, therefore, how long it will require port stability. According to actual measurements, the average number of outgoing ports per customer is much, much smaller than the maximum number of ports a customer can use at any given time. However, the distribution is heavy tailed, so there are typically a small number of subscribers who use a very high number of ports [CGN_Viability]. This means that an algorithm that dynamically allocates outgoing port numbers from a central pool is much more efficient than are algorithms that statically divide the resource by pre-allocating a fixed number of ports to each subscriber. Similarly, such an algorithm should be better able to accommodate users wishing to use a relatively high number of ports. Early measurements also seem to indicate that, on average, customers use very few ports for incoming connections. However, a majority of subscribers accept at least one inbound connection. That means it is not necessary to pre-allocate a large number of ports to each subscriber. It is possible, however, to either pre-allocate a small number of ports for incoming connections or do port allocation on demand when the application wishing to receive a connection is initiated. The bulk of ports can be reserved as a centralized resource shared by all subscribers using a given public IPv4 address. A potential problem with this approach occurs when one of the subscriber devices behind such a port-shared IPv4 address becomes infected with a worm, which then quickly sets about opening many outbound connections in order to propagate itself. Such an infection could rapidly exhaust the shared resource of the single IPv4 address for all of the connected subscribers. The poor network hygiene of one subscriber now threatens the connectivity for all of the immediate network neighbours.

Connection to a Well-Known Port Number

Once a port-address-mapping scheme is in place, connections to well-known port numbers will not work in the general case. Given sufficient incentives, a workaround, such as redirects to a port-specific URL, could be deployed. Some of the existing proposals for application-service-location protocols would provide a means for addressing this problem, but historically, those proposals have not gained much deployment traction.

Universal Plug and Play

Using the Universal Plug and Play (UPnP) semantic, a client asks, “I want to use port number X. Is that OK?”? The answer is yes or no. If the answer is no, the client will typically try the next port until either it finds one that works or, after a limited number of attempts, it gives up. To date, UPnP has no way to redirect the client to use another port number, although UPnP IGD 2.0 will most likely fix this for new or upgraded devices. Network addressing translation-port mapping protocol (NAT-PMP) has a better semantic, thereby enabling the NAT to redirect the client to an available port number.

Security and Subscriber Identification with IPv4

Nowadays, a report of abuse is usually in the following form: “IPv4 address x has done something bad at time t0.”? This is not enough information to uniquely identify the subscriber responsible for the abuse when IPv4 address x is shared by more than one subscriber. This particular issue can be fixed by logging port numbers, but the operations support system will still require updates to deal with service activation, subscriber profile management, and lawful interception. A number of application servers on the network today log IPv4 addresses in connection attempts to protect themselves from certain attacks. For example, if a server sees too many log-in attempts from the same IPv4 address, it may decide to put that address in a penalty box for a certain time. If an IPv4 address is shared by multiple subscribers, this would have unintended consequences in a couple of ways. First, it may become the natural behaviour to see many log-in attempts from the same address because it is now shared across a potentially large number of users. Second, and more likely, one user who fails a number of log-in attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt. Moreover, the assumption that a single IPv4 address maps to a single user may be used for other purposes, such as geolocation or counting the number of individual users of a service. All of those things may become more complicated when several subscribers share an IPv4 address at the same time. Port randomization, which is used for mitigation of blind attacks against established transport connections, will have reduced effectiveness as port entropy gets reduced. In addition, good randomization functions on the operating system may be defeated by nonimplementation on address-sharing CPE. To some extent, the problems of shared addressing are already with us due to the prevalence of dynamically assigned addresses to domestic broadband subscribers and the use of CPE NAT. However, the point here is that the widespread adoption of port-shared addresses by service providers will make those complications considerably more widespread and more severe.

Concluding Remarks

As we approach the completion of IPv4 address allocations from the IANA, there are various options available to service providers. Of those options, some of the shared-address solutions seem to offer an approach consistent with the long-term goal of IPv6 deployment and to provide maximal preservation of the end-to-end principle. Nevertheless, it must be emphasized that all shared-addressing solutions have a number of common and potentially serious issues. Address sharing among multiple subscribers inevitably will result in a degraded experience of the network for many users, as well as increased operating costs for ISPs. Content providers are encouraged to consider carefully the potential impact of shared addressing on their business and operational practices.

Acknowledgements

This article was largely inspired by conversations that took place as part of an Internet Society-hosted roundtable event for operators deploying IPv6. The participants in that discussion were John Brzozowski, Leslie Daigle, Wes George, Christian Jacquenet, Tom Klieber, Yiu Lee, and Kurtis Lindqvist.

References

[CGN_Viability] Alcock, S., “Research into the Viability of Service-Provider NAT,”? 2008. [I-D.bagnulo-behave-nat64] Bagnulo, M., Matthews, P., and Beijnum, I., “NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers,”? draft-bagnulo-behave-nat64-02 (work in progress), November 2008. [I-D.baker-behave-ivi] Li, X., Bao, C., Baker, F., and Yin, K., “IVI Update to SIIT and NAT-PT,”? draft-baker-behave-ivi-01 (work in progress), September 2008. [I-D.boucadair-port-range] Boucadair, M., ed., “IPv4 Connectivity Access in the Context of IPv4 Address Exhaustion,”? , January 2009. [I-D.despres-sam] Despres, R., “Stateless Address Mappings (SAMs) IPv6 & Extended IPv4 via Local Routing Domains-Possibly Multihomed,”? draft-despres-sam-01 (work in progress), November 2008. [I-D.durand-softwire-dual-stack-lite] Durand, A., Droms, R., Haberman, B., and Woodyatt, J., “Dual-Stack Lite Broadband Deployments Post IPv4 Exhaustion,”? draft-durand-softwire-dual-stack-lite-01 (work in progress), November 2008. [I-D.nishitani-cgn] Nishitani, T., Miyakawa, S., Nakagawa, A., and Ashida, H., “Common Functions of Large Scale NAT (LSN),”? draft-nishitani-cgn-01 (work in progress), November 2008. [I-D.ymbk-aplusp] Maennel, O., Bush, R., Cittadini, L., and Bellovin, S., “The A+P Approach to the IPv4 Address Shortage,”? draft-ymbk-aplusp-02 (work in progress), January 2009. [IPv4_Report] Huston, G., “IPv4 Address Report”?, 2009. [RFC1958] Carpenter, B., “Architectural Principles of the Internet,”? RFC 1958, June 1996. [RFC3724] Kempf, J., Austein, R., and IAB, “The Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet Architecture,”? RFC 3724, March 2004. Note: For another perspective on address sharing, see the article entitled NAT++: Address Sharing, by Geoff Huston, which appeared in the April 2009 edition of the ISP Column.]]> 876 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-16/ Sun, 07 Jun 2009 14:55:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=878 In spite of the worldwide economic downturn, IETF 74 was a highly successful meeting. The work of the IETF remains relevant and enthusiastic. Held in San Francisco in March 2009, the meeting drew 1,157 people from 49 different countries. The total number of attendees from California was 273, compared with 143, which is the average number who attended each of the previous three meetings. Juniper Networks, which hosted the meeting, did a great job, and everyone felt welcome (the T-shirt design drew a number of compliments). The social event was well attended, providing an enjoyable and science-filled evening. The site network was subcontracted to VeriLAN Networks, whose staff, working with dedicated volunteers, made sure the network ran smoothly. The week was filled with the usual mixture of working group (WG) meetings, birds-of-a-feather (BoF) sessions, research group (RG) meetings, and, as always, many side meetings. Since IETF 73, one new WG was chartered and six WGs were closed. Currently there are approximately 110 chartered WGs. Between IETF 73 and IETF 74, the WGs and their individual contributors produced 424 new Internet-Drafts and updated 1,013 Internet-Drafts, some of them more than once. The Internet Engineering Steering Group (IESG) approved 106 Internet-Drafts for publication as RFCs. The RFC Editor published 86 new RFCs. During IETF 74, the IESG passed four seats to new members, and the IETF Administrative Oversight Committee (IAOC) passed two seats to new members. Our thanks to Ed Juskevicius (IAOC), Chris Newman (Applications Area Director [AD]), Jon Peterson (Transport AD and then RAI AD), Jonne Soininen (IAOC), Mark Townsley (Internet AD), and Dave Ward (Routing AD) for their many years of service to the community. We welcome Ralph Droms (Internet AD), Marshall Eubanks (IAOC), Adrian Farrel (Routing AD), Alexey Melnikov (Applications AD), Robert Sparks (RAI AD), and Henk Uijterwaal (IAOC). Thank you for your willingness to serve. Throughout the week, an IPv6-only network was available for attendees to experience the Internet without IPv4. The discussion of requirements for NAT-PT (network address translation-protocol translation) continues. In the few weeks prior to IETF 74, there were several intellectual property right (IPR) surprises. To avoid future surprises, a portion of the Wednesday plenary was devoted to a reminder of IETF policies in this area. If you were not there, please review the slides from that session. They are available here. The Wednesday plenary also included a discussion of potential changes to the Nominating Committee (NomCom) process. The discussion has continued on the ietf-nomcom@ietf.org mail list. Please join the discussion about the process used for picking IETF leaders. I look forward to IETF 75 in Stockholm, Sweden, on 26-31 July 2009. The meeting will be hosted by .se. I also look forward to seeing you at IETF 76 in Hiroshima, Japan, on 8-13 November 2009. That meeting will be hosted by WIDE. Scheduling information for the next IETF meetings may always be found here. I look forward to seeing you soon.]]> 878 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-14/ Sun, 07 Jun 2009 14:56:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=881 Spring is in the air . . . During spring's IETF meeting, the red dots that appear on nametags, which indicate Internet Architecture Board (IAB) membership, are passed from outgoing to incoming members. I had to say good-bye to a number of folk I had not only enjoyed but also had the honour of working with: Loa Andersson, Barry Leiba, Kurtis Lindquist, and Lixia Zhang. Fortunately, people I'm looking forward working with-Marcelo Bagnulo, Vijay Gill, John Klensin, and Jon Peterson-are replacing them. Springtime is also the time for the IAB to hold its retreat. The main goal of the retreat is for people to get to know each other and to set direction for the IAB's work over the coming year. This year we met in the Verizon offices in Ashburn, Virginia. Even during spring, the location did not allow for frivolous distractions. It is in the middle of fields that surround Dulles airport and far away from the vices that can be found in Reston, Herndon, and Leesburg. Without those distractions-and others, such as sunlight-we could concentrate on what we'd come to accomplish. The first day, we focused on administrative duties. We discussed some perennial matters but also had a detailed discussion about the various liaison relationships overseen by the IAB. During those discussions we appointed Patrik Fältström to be the liaison to the ITU-T [International Telecommunication Union-Telecommunication Standardization Sector]. Patrik takes over from Scott Bradner, who has been serving the IETF in this role for many years. We also took a significant step forward in approval of the RFC Editor model. Approval of the RFC Editor model is a milestone in a process that began at last year's retreat. The next major milestone occurs in January 2010, when the RFC Editor functions that are now being executed by the Information Sciences Institute (ISI) of the University of Southern California will be turned over to other people and organizations. The turning over of the RFC Editor function is momentous, particularly when one stops to consider that the RFC series has been edited by ISI for more than 40 years. The second day we talked about Internet architecture and tried to pick a number of topics to work on in the coming year. The process we used for defining our agenda was to have each IAB member formulate an architectural topic that the member would be willing to lead together with a clear set of milestones and deliverables. We can't be certain that all of the plans we discussed will come to full fruition, so I will not go into detail about the individual efforts discussed. However, most of the topics can be put into three major buckets:

• IPv4 and IPv6 coexistence and how to work toward the best results in IPv6 transition
• Security of the routing data and the routing control plane
• Internationalization issues within the DNS and the application layer, as well as between the DNS and applications

In addition, the IAB has expressed a desire to work on certain topics therefrom, and by studying them, we can learn more about the major architectural questions that may face us in the near future. Two areas of interest were (1) technologies for IP in aviation and (2) an Internet populated by large numbers of low-power, autonomous devices. All of the various projects bring with them different deliverables, some as vague as identifying the actual questions to begin with. This column is not the place to commit to specifics; however, it is clear there are some important issues that need attention. During spring the seeds have been planted. May the flowers bloom.]]> 881 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/plenary-report/ Sun, 07 Jun 2009 14:58:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=883 Mirjam Kuhne  

Administrative Updates

The IETF Secretariat has been working on a redesign of the IETF Web site, which turned out to be a much bigger job than anticipated. IETF chair Russ Housley thanked the secretariat staff for their hard work. He also reported on the Code Sprint from early in the week of the IETF meeting, which was a big success. Five releases were developed, including a new version of the datatracker, which improved the authorisation system and which replaced a number of hard-to-maintain legacy scripts. Finally, Russ thanked all of the sponsors and contributors who had made the meeting possible. IAOC chair Jonne Soininen and IETF administrative director Ray Pelletier updated participants on issues related to the financial and organisational status of the IETF. In their report, they stated that nearly 50 percent of the IETF’s revenues are derived from meeting registration fees, while 14 percent is met by contributions from meeting sponsors and Network Operations Centre (NOC) sponsors, which are secured by ISOC. ISOC provides nearly one-third of the annual funding necessary for IETF operations. Less than half of the IETF’s expenses are allocated for meetings. Day-to-day secretariat expenses-including IT support, RFC Services, and Tools and Administrative costs-total more than USD 2.5 million annually, not including volunteer time and with no direct source of funding. In 2008, expenses for most activities were under budget. However, while the meeting revenue for IETF 71 and IETF 72 were on target, meeting attendance for IETF 73 was relatively low. At USD 616,000, both IETF host and NOC sponsorships reached a record level. In light of the current global economic uncertainties, the IAOC has developed financial contingency plans based on 15 percent and 25 percent attendance attritions, which will be evaluated throughout the course of the year. The Internet Society committed to provide a safety net for 2009 should there be an attendee shortfall. This has made it possible for the IAOC to keep the registration fee for IETF 74 at the current rate. Registration fees for future meetings will be reviewed during the year. The IAOC is looking into other opportunities to increase participation at future IETF meetings. The difficulties associated with visa requirements for entering the United States, especially for people from China, are still concerns. The IAOC requested assistance from the U.S. State Department, without much success. One solution might be to reduce the number of meetings held in the United States, perhaps moving some to Canada instead. The topic was further discussed during the open-mic portion of the plenary, in which a number of people suggested further improvements to remote-participation facilities. Thomas Narten suggested setting up a design team, which would codify rules and behaviour expectations so as to make remote participation easier and more appealing. A mailing list intended to further work on this topic was created following the meeting and can be found here. Ed Juscevicius gave his final report as chair of the IETF Trust prior to turning over the chair position to Marshall Eubanks. The Trust has done work on the legal provisions related to IETF documents. There is also a new frequently-asked-questions document on copyright issues. It is available here.

Patents at the IETF

IETF attorney Jorge Contreras and Scott Bradner gave a presentation describing a number of issues related to patents and disclosure obligations. While the rules can be found in RFC 3979, Scott and Jorge highlighted some of the relevant points with regard to the IETF’s patent policies. For example, in terms of disclosure obligations, they explained that an IETF participant must disclose any known patent that the participant (or the participant’s sponsor) controls and that may cover any IETF contribution. However, an IETF participant or anyone else may disclose third-party patents the person believes may cover IETF contributions. Scott and Jorge also said that because IETF participation is by individuals, disclosure is primarily an individual obligation. Individual engineers must ensure that their employer companies make the required disclosures. If an engineer cannot ensure a disclosure, that engineer should not participate. Similarly, companies that own the patents may be deemed to control the actions of their participating employees. Disclosure is required “as soon as reasonably possible”? after a contribution is published as an Internet-Draft. If this is your own contribution, disclosure should follow relatively quickly, such as within a few days. But Jorge and Scott suggest that you not make the contribution until you’re ready to file the disclosure. In addition, if an IETF participant first learns of a patent after publication of the affected Internet-Draft, a disclosure must be made as soon as reasonably possible after the discovery. Disclosures may be updated voluntarily at any time, but they must be updated when an IETF document changes such that its coverage by a disclosed patent or patent application changes or if the claims of a patent or patent application are amended so that their coverage of IETF documents changes. Failure to comply with patent disclosure requirements is a violation of IETF policy, and the potential legal consequences to companies are considerable. Both Jorge and Scott strongly recommended that IETF participants refer to RFC 3979 and consult their legal counsels.

IAB Update

Internet Architecture Board chair Olaf Kolkman updated participants on recent IAB activities, including the IAB having finalized two documents since the last meeting: Principles of Internet Host Configuration and Design Choices When Expanding DNS. Other documents that have been worked on but are still under review include RFC Streams Headers and Boilerplates, the RFC Editor Model, IAB Thoughts on IPv6 Network Address Translation, P2P [Peer-to-Peer] Architectures, Defining the Role and Function of IETF Protocol Parameter Registry Operators, and Evolution of the IP Model. The IAB continues to follow developments with respect to multiprotocol label switching-transport profile (MPLS-TP). At IETF 74, concerns were expressed about confusion in the marketplace regarding the utility and standardization status of transport multiprotocol label switching (T-MPLS). There have been claims that MPLS-TP is a forward-compatible update from T-MPLS. “This is clearly not the case,” said Olaf. The IAB is in the process of reviewing some of the liaison relations between the IETF and other organizations. At the end of his IAB update Olaf announced the new IAB members and thanked the outgoing IAB members, each of whom received a plaque as an expression of the IAB’s gratitude for their service.

MPLS Turns 12

The IETF 74 technical plenary focused on MPLS. The session was intended to analyse MPLS, offering a case study involving the creation and operation of a successful protocol as well as the lessons learned. Four speakers enumerated MPLS’s benefits and its impact on the overall Internet architecture, including its effects on higher-layer protocol/application operation and delivery. The speakers represented operator, industry forum, and vendor perspectives: George Swallow of Cisco Systems, Tom Bechly of Verizon Business/MCI, and Kireeti Kompella of Juniper Networks. The discussion was introduced and moderated by Loa Andersson and Andrew Malis, who asked the panellists what they would have liked to change in the development of MPLS. The speakers replied that overall, it is a good protocol, even though a few things could be improved. According to Tom, the diagnostic tools “trail the developments.” He said that having them sooner would have helped. Kireeti pointed out that a lot of machinery was put in the Label Distribution Protocol that is not used today and that complicates the implementation of the protocol. “There could also be more interoperability,” Kireeti said. “Interoperability tests take place in private networks, but there is not a lot of interservice provider interoperability.” When asked about the fact that there are two protocols, Kireeti responded that having two protocols “is painful all around.”? This is true, he said, for the specifiers, the implementers, and the people who do interoperability tests. It was not a choice we made lightly. Learning from this experience and applying it to the deployment of IPv6, for instance, Kireeti commented that “Seeing so many variants of trying to get IPv4 and IPv6 to interoperate is amazing. I believe we need one solution and should deploy that.” George added that the success of MPLS is to acknowledge that this is an IP world. “Now we need to recognize that there needs to be a transition to IPv6,” he said. “In MPLS we are lucky though: we don’t have to deal with hosts.”

IAB Open Mic

The open-mic portion of the technical plenary included a discussion about the architecture of the Internet and how it has changed over time. Keith Moore expressed concern that there is no longer a set of shared assumptions. He said he’s hearing a lot of proposals that would violate the original set of principles of the Internet, and he’s wondering whether there’s a process that would bring us back to that state. To illustrate that the Internet and the underlying assumptions have indeed changed, one participant pointed out that a number of young gamers, who were in San Francisco during the week of the IETF for a gaming convention, were surprised to hear that network address translation (NAT) was not an original assumption of the Net from the start. Most of those who participated in the open-mic session as well as IAB members agreed with Keith, though most said they felt differently about the seriousness of the problem. Kurtis Lindqvist said he believes that the reason for the changes evolved because the Internet has been so successful. And that, he said, is because the Internet allows people to develop new applications and to make money. “It is an interesting observation, but I can’t decide if this is really a problem,” he said. Scott Brim spoke to the fluidity of the Internet’s architecture, saying that it is even more fluid now. “There is a lot happening,” he said. “These are interesting times.” He agreed with Tony Hain, who earlier cautioned participants to “be careful that we can take out the stuff we put into the network once we solved the basic principles.” Others felt more strongly that a shared set of assumptions is important and that one needs to make sure they stay consistent. “All of us struggle over how many of the original assumptions we can recover,” said Dave Oran. The last part of the open-mic session addressed the work of the IAB and how it can be made more comprehensible and transparent. Most participants agreed that because the IESG is involved in operational issues, its work seems much clearer than that of the IAB. The role of the IAB is more difficult to grasp. Olaf encouraged people to speak up or to send suggestions to the IAB mailing list atiab@iab.org. It is usually helpful when IAB members attend birds-of-a-feather or working group meetings. IAB statements or documents, too, are seen as useful contributions. “An IAB statement can have a lot of weight in the outside world,” said Alain Durand, even though, more often than not, the IAB is simply distilling ideas shared by the community, which is an important part of the work of the IAB.]]> 883 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-at-ietf-74/ Sun, 07 Jun 2009 14:59:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=885 Joao Marcelo Ceron As a network manager at the Federal University of Rio Grande do Sul in Brazil, Joao Marcelo oversees device and protocol configuration as well as management of the Internet exchange point. He also conducts research in the areas of network management and network security, focusing on empirical experiences and problems he encounters in his professional activities. The results of his research are disseminated in presentations and papers, which, he says, helps other network operators who are working with similar issues. In 2008, he presented a paper at the LACNIC (Latin American and Caribbean Network Information Center) conference exploring the limitations of and the potential solutions for BGP 4 management. Joao said the RFCs that the IETF generated are important resources for network administrators like himself, mainly because they assist with problems that come up on a daily basis. They also help him understand the characteristics of various protocols. Joao is interested primarily in network management issues, such as the work being done within the Inter-Domain Routing working group. He plans to disseminate the knowledge he gained at IETF 74 through presentations to other network managers at his university and to use what he learned in his postgraduate study programme. He also plans to write an article about the experience for publication in his university's journal.

Coko Tracy Mirindi Musaza

In his position as IT consultant at the African Network Operator Group (AFNOG), IETF fellow Coko Tracy specializes in networking and scalable Internet services under FreeBDS, GNU/Linux, and Debian. He also serves as an instructor for AFNOG, teaching the fundamentals of scalable network infrastructures to students and professionals. His interest in wireless protocol standardization led Coko Tracy in February 2009 to the 2nd Awareness Workshop on Relevance of Low Cost Wireless ICT Solutions. Since then, he has been working on a project to build a wireless communities association in the Democratic Republic of Congo. In addition, he is working with MHDeafCafNet, a wireless network in central Africa, to help connect associations of deaf people and people living with disabilities in the region (see the link). As part of those efforts, Coko Tracy has learned to build antennas that will be used in his projects. “Often, spending money for purchasing antennas makes no sense when I can build them myself and teach others to do so,”? he said. Through the IETF, Coko Tracy wants to deepen his understanding of the standardization of wireless protocols. He had subscribed to the Control And Provisioning of Wireless Access Points (CAPWAP) mailing list, but without assistance or a mentor, he found it difficult to understand how the working group was getting things done. Having attended an IETF meeting helped quite a bit. Eventually, he would like to contribute ideas to the working group, as well as to participate in writing a draft for standardization of wireless protocols. In the meantime, he plans to use what he learned at IETF 74 in his work with the wireless communities association in the Democratic Republic of Congo as well as in his other projects.

Blessings Msowoya

The Malawi Sustainable Development Network is a United Nations Development Programme-supported government Internet Service Provider (ISP) that is executed by the National Research Council of Malawi. The ISP assists in the development of Internet and information services, with an emphasis on sustainable development. As a network engineer for the Malawi Sustainable Development Network Programme (SDNP), Blessings is responsible for supervising network design staff as well as for network implementation and maintenance. Previously, he led a technical team that worked on the Malawi Internet Exchange, and he's on another team that manages the .mw top-level domain. According to Blessings, it is imperative that the technical section of the Malawi SDNP “be in sync with current best practices,”? which includes any RFCs that impact them directly. “We provide long-distance wireless connections in remote areas; hence, following best practices and standards is very important for things like deciding which frequencies and bands to use and whether to use public or private address space,”? he said. At IETF 74, Blessings was impressed with the discussions that focused on IPv4 and IPv6 issues. The Malawi SDNP has an experimental IPv6 network in which it tests basic Internet services, such as the Domain Name System, firewalls, and mail services. Blessings's attendance at the meeting, he wrote, “will help us increase the services that are running on the IPv6 network.”? In addition, he will be able to offer guidance to colleagues on current best practices and standards that contribute to the growth of Internet services in Malawi.

Noah Sematimba

IETF fellow Noah Sematimba has been working in the networking and IT fields for the past eight years, including positions with Africa Online, MTN Uganda (the largest telecom in Uganda), and, currently, with Warid Telecom Uganda, where he serves as assistant manager for IT systems. Noah played a key role in setting up the Internet exchange point in Uganda, and he still serves as technical chair of the Uganda Internet exchange point. Noah says his work with the .ug country code top-level domain drives his interest in the DNSSEC as well as in IP-related developments. He is taking part in his organization's deployment of IPv6, and a lot of the work he is doing is deeply influenced by work being done by the IETF. Since 2002, when he first began subscribing to the mailing lists, Noah has followed with great interest the activity in the namedroppers and dnsops working groups. Attending an IETF meeting offered him the opportunity to meet many of the people involved in creating standards and to get involved in the process in a way he could not otherwise. He said that building relationships with key people would facilitate his ability to work with those people on future projects. Since attending IETF 74, Noah says he plans to take a much more active role in the IETF. He also plans to promote the work of the IETF to his peers in Uganda as well as to encourage more active participation in the IETF. The Internet Society extends its deepest gratitude to its ISOC Fellowship to the IETF Programme sponsors: Afilias, Google, Intel, Microsoft, and Nominet Trust. Sponsorship to assist future fellowship programme fellows is strongly encouraged. In addition to demonstrating an organization's commitment to technical capacity building and leadership development in less-developed regions, sponsorship affords an organization a range of sponsorship benefits. For information on how to become a sponsor and to learn how sponsorship can benefit your organization,visit the page or e-mail fellow-sponsor@isoc.org.]]> 885 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-seven-stages-of-ipv6-adoption/ Sun, 07 Jun 2009 15:01:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=887 Attendee asks a question to the IPv6 panelists With the need for adoption and deployment growing more urgent, both the Internet Society and the Internet Engineering Task Force have been working on ways to raise awareness of the importance of IPv6 for the continued growth and functionality of the Internet. In an effort to bridge the engineering and the rest of the IP-address-dependent world, the Internet Society hosted a panel discussion in March 2009 in conjunction with IETF 74 for the purpose of presenting a wide range of perspectives on IPv6 adoption. The panel, entitled The Seven Stages of IPv6, outlined the opportunities made available by IPv6 from the perspective of network citizens who are in the seven stages of dealing with the enormity of change. Discussion was wide-ranging, but certain key messages emerged:

• IPv6 is ready for deployment, and deployment is as straightforward as any network technology rollout.
• Even as the general uptake is fairly slow, there are important pockets of IPv6 deployment, demonstrating movement.
• The alternative to deploying IPv6 is not “leaving the network as it is”?; the nature of the IPv4 network is changing in response to the lack of available addresses.

Where We Are

ISOC staff preparing for the IPv6 session For more than a decade, the Internet development community has been aware that in the long run, IPv4 will not be capable of providing enough addresses to allow each machine on the network to have its own address. By 1995, work on IPv6 was completed. Today the real task is to facilitate the spread of IPv6 uniformly across the global Internet. IPv6, according to moderator Leslie Daigle, isn't the question; it is the answer. “The question is, Do we want to continue to have an Internet that continues to be expanded by innovations? If that's the case, we need to deploy IPv6,”? she said. Back when IPv6 was being finalized, it was thought that the transition strategy would be dual stack: a network supporting both IPv4 and IPv6 simultaneously. According to panellist Russ Housley, that meant engineers would start incorporating the new technology onto the old technology, and “once everybody was able to communicate over IPv6, we could start disabling IPv4, and everything would transition smoothly.”? The strategy didn't work as planned, even though those who implemented IPv6 felt that it worked fine. Today the Regional Internet Registries (RIRs) are issuing 12 IPv4 /8s per year, and the distribution rate is not slowing down. In fact, according to panellist Richard Jimmerson, it's picking up, particularly in such regions as Asia Pacific, where there are significant numbers of underserved areas and great demand for IPv4 address space. At the end of 2008, there were 34 /8s remaining at the Internet Assigned Numbers Authority (IANA) to be allocated to the RIRs. “At the current rate, it is expected that the remaining /8s will last approximately two years,”? Richard said. Even as the time to address pool exhaustion approaches, the IETF continues to develop new tools to bridge IPv4 and IPv6. “When the IETF puts out a specification, we don't just forget about it,”? panellist Jari Arkko said. “We actually care a lot about continued accuracy and maintenance of the specifications.”? However, that's only a small part of the overall effort. The real challenges are deployment and working on new features. For the most part, said Jari, these are things like IP diagnostics in both IPv4 and IPv6.

Is IPv6 the Question-or the Answer?

Lorenzo Colitti speaking at the IPv6 Panel session The panellists agreed that the ways people use the Internet today are much different from before-and much different than anyone doing development work then might have anticipated. Today, as Russ pointed out, people expect to be able to carry in their pocket a device that is always on and always connected. “That means we need an address space that allows every device to be always on and always connected,”? he said. “Within the IETF, there is a working group devoted to low-power, battery-operated devices that are in your home, on your desk, or even on your thermostat.”? If every house in the world were equipped with such equipment, the number of addresses needed would exceed the space that was ever available in IPv4. Moreover, there is no way of knowing what new applications are on the horizon. “We didn't know in the 1980s that all these things were going to come along,”? said Lorenzo Colitti. “So now we have two choices: either we can stay with the original architecture of the Internet-where you can deploy applications by simply deploying a machine here and a machine there and having them talk to each other, which allows the Internet to continue to operate as a communications medium-or we can choose to deploy NAT [network address translation], which would fundamentally change the architecture of the Internet. We don't know what the future applications will be. The sky's the limit.”?

IPv6 Resistance

Much of the discussion focused on why motivation to adopt and deploy IPv6 is so low and why denial over the need to do so is so high. Many of the panellists pointed to a lack of economic incentive, which may be true in some respects, but that doesn't mean there aren't benefits. As panellist Alain Durand pointed out, an economic incentive means, “If I deploy something to work with this technology, I will benefit.”? Every technology that has been successfully deployed in the past 15 years has been incremental, he said. Panellist Kurtis Lindqvist looked to other factors that are delaying adoption and deployment of IPv6, such as the time it takes to deploy, the fact that it is not backward compatible, and the reality that it offers neither new features nor additional revenue streams for businesses and organizations. Perception could also be part of the problem. “The Internet of today is much different than it was when IPv6 was first developed,”? said Kurtis, “and it is being deployed today in much different ways than was originally anticipated.”? That means the migration from IPv4 is also going to be different from what we might have expected. The Internet, he said, is not homogenous; it is different depending on what part of the world you're in. Similarly, different organisations are in different stages of IPv4 depletion and IPv6 adoption. Regardless of the ancillary explanations, both the panellists and the audience members kept returning to the idea that the primary obstacle to the adoption of IPv6 is a lack of economic incentive. That assumption is partially supported by the results of a survey recently published by the Internet Society. (See the document.) As part of the results, a number of ISOC's Organization Members say they do not see a specific business case for IPv6, although they recognize that their customers are demanding it. “We're hearing a lot of people talking about managing large-scale NAT devices,”? said Lorenzo. “NATs are expensive and difficult to maintain.”? In fact, he claims that most of those who have deployed IPv6 would agree that doing so is much simpler than deploying layers of NAT. “It is refreshingly simple to look at a network with only global addresses and have it work the way it should,”? he said. The good news is that the depletion of IPv4 address space is not like running out of oil. “It's not as if all of a sudden no cars will be able to run and you can't drive to work the next morning,”? Alain assured the audience. “Everything that has been deployed still works.”? However, knowing that your computer will still work when IPv4 addresses are depleted does not mean that adoption of IPv6 isn't a necessary change. In the developed world, the obstacles to change are directly tied to economics or are consequences of avoidance. In the developing world, the obstacles have more to do with whether governments support an information economy and how much they're willing to invest to make it happen. In those regions, the governments are only just beginning to become aware of the IPv4-to-IPv6 issues. So, when it comes to the seven stages, panellist Sebastián Bellagamba says, in Latin America and the Caribbean, “we have not even begun to enter them.”?

Kurtis Lindqvist speaking during the IPv6 panel session

Throughout the developing world, governments are in nascent stages of understanding the new roles they play with regard to technology development and the future of their countries' economies and societies. As Sebastián said, not only do governments today act as regulators; they also are heavy users and often even service providers. For most of those governments, the Internet and related technologies represent a way to attract development and economic growth to their countries. In Argentina, for example, the Internet has become so important that 75 percent of the internal revenue passes through it. “So in that case, if something happens to the Internet,”? Sebastián said, “the income of the government is affected.”?

Overcoming Denial

IPv6 panellists and audience members mingle According to Lorenzo, at Google, it began when a couple of people started to deploy IPv6 as a small project and then a pilot network was built. Once the network was up, they saw how the applications followed. “We did it in stages,”? he said. “The principle that guided us, which I strongly believe is good for deployment, was that it doesn't have to be as capable as your IPv4 stack on Day One. The traffic levels are not comparable. However, it does have to be done properly, and it has to be production ready and supported. It has to be designed according to the same quality standards that you would meet for any other kind of technology infrastructure. Otherwise, it is of no use to anyone.”? Lorenzo encouraged those who have a production-ready IPv6 network to talk to Google because the company can provide all Google content and services over IPv6. “That means you not only get to use your IPv6 network; you also get to find out what the problems are, if there are any problems,”? he said. “Also, you get to find out if other people are implementing it, and you get to be able to say, “˜Yes, we do support IPv6 on our network.'”? However, Lorenzo also cautioned the audience to be aware that traffic will appear overnight. “When you do large deployments,”? he said, “it will just appear out of nowhere. There is no organic growth. We turned IPv6 on for Google maps, and we saw a threefold increase overnight.”? For those who are hesitating, the unmistakable message was that, with a few exceptions, IPv6 is fine and ready to be deployed. The challenges, however, are real. From the perspective of the service provider, they are what Alain refers to as “the two long-tail problems of IPv4.”? The first long tail is what is happening in the home. “It's not only about whether or not Windows supports IPv6,”? he said. “It's also about the latest gadgets. Today there are cameras with WiFi interfaces that can upload pictures to the Web.”? Those may be nice services, but all of them are implemented with IPv4, and unfortunately, those devices do not upgrade to IPv6. The same thing is true of the 60-inch television with the cable modem integrated and the software that allows a user to browse the Internet. “That's all IPv4, not IPv6,”? he said, “and that's a problem.”? The second long tail is what is going to happen with content. “My thanks to Lorenzo for getting Google on IPv6,”? said Alain, “but what about the second tier of Web services, such as news agencies? What about the third tier of Web services, such as small shops?”? Eventually, all of those will migrate to IPv6, but it will take some time. Turning on the IPv6-only service is not going to serve the needs of customers who have devices that work only with IPv4, nor will it serve the needs of customers who want to access content that is available only with IPv4. “When dealing with those realities,”? Alain suggests, “perhaps what we need is a two-pronged approach.”? The first part involves embracing IPv6 and getting as many endpoint devices on it and as much traffic as possible to it. The second part has to do with realizing that the IPv4 world cannot be abandoned. “It's not as if we move to a new world and the old world becomes lost,”? he said. “No. We need a bridge between the IPv4 and the IPv6 worlds.”?

The Road to IPv6 Adoption

Russ Housley presenting during the IPv6 panel In addition to efforts by the IETF and the Internet Society to bring the issue to the fore in both technology and policy venues, the American Registry for Internet Numbers (ARIN) and the other Regional Internet Registries (RIRs) have engaged in awareness campaigns throughout the world. According to Richard, ARIN began going to trade shows in 2006, exhibiting, giving presentations, and talking to people about IPv4 depletion and IPv6 adoption. What the RIRs encountered, according to Richard, really were, as Leslie described, disbelief and denial. “The people we talked with did not believe we would run out of IPv4 addresses, and they were not interested in IPv6,”? he said. Recently, there has been a noticeable shift, and Richard says he believes the audience is becoming much more receptive to the IPv6 message. That could be due to the Internet community and the technical community's coming together to work toward widespread IPv6 adoption, which would be one way of assuaging the fears and overcoming denial. “They seem to be working towards acceptance,”? Richard said. Timing also plays a role. “No one really does anything before they have to,”? said Jari. With regard to creating incentives, one journalist asked whether avoidance of future costs would qualify as an economic incentive. “I think people do things if there's a reason to do it,”? Richard responded. It's important to remember that there is no master plan for deploying IPv6. As Leslie said, for most of the technologists who work in an IETF-like, multistakeholder environment, that's a feature, because it means different pools can develop at their own rate. As the survey made clear, there is no direct or concise business incentive for moving to IPv6, but customers are asking for it. “That but part of the comment is important for understanding the entire context,”? said Leslie. “It goes back to the issue that what customers actually want are applications that work. That means they want continued global addressing in the network, which means, at this point, IPv6.”? To understand that role of the marketplace, it might also be important to distinguish between business incentives and business drivers. “I think that, in some ways, if there were better business drivers, we would pay for some implementation of IPv6,”? said Sebastián, who also said the economic incentives are there, particularly among countries that depend on the Internet for economic growth. In many places in the world, he added, “they need more addresses in order to grow. The only addresses they can get are IPv6 addresses. Therefore, there is some clear economic incentive in that area.”? What can governments do to promote the transition to IPv6? According to Sebastián, the first thing they need to do is to address it. Sebastián reminded the audience that IPv6 is not a purely regulatory issue. “It is an issue that has to be addressed by governments together with the private sector,”? he said.

Moving toward Acceptance

One of the benefits of the way the migration from IPv4 to IPv6 has evolved is how the migration has helped the technical community understand a lot more about how the Internet works, even about how IPv4 networks work. “As we deploy IPv6,”? Kurtis said, “we need to go back and change some of our original ideas about how to do this. In the meantime, we are acquiring valuable operational experience.”? Similarly, the technical community needs to continue working on a transition strategy that will be seamless and invisible to the end user. “It shouldn't matter to you whether your Web site or e-mail is sent over IPv4 or IPv6,”? he said. IETF participant waiting for a session to start Coming to acceptance where IPv6 is concerned may be a struggle, but if the Internet is to continue to evolve, it is a necessary struggle. The shepherding of organizations, service providers, and governments toward acceptance has become a priority to organizations such as the IETF and the Internet Society. As Leslie explained at the beginning of the discussion, the Internet Society is the organizational home of the IETF, but it has a broader mission to promote the evolution and use of the Internet for the benefit of all people throughout the world. “From that perspective, we believe that the IETF has an important role to play with respect to IPv6, and not only in terms of developing the specification,”? she said. Beyond the efforts to raise awareness, many of the panellists are simply true believers, and they hope the message will inspire action. “If we want the Internet to be around in three to four years in its current state, then we want to use IPv6,”? Lorenzo said. “It will allow the Internet to continue to function as we know it. And it will keep the Internet open.”? More information on this topic can be found here (PDF) and on this page (PDF)]]> 887 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/bringing-oauth-to-the-ietf/ Sun, 07 Jun 2009 15:02:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=889

The IETF Journal meets with OAuth experts Hannes Tschofenig, Blaine Cook, and Eran Hammer-Lahav to discuss the decision to bring OAuth to the IETF and the future of the Internet’s latest security specification. At IETF 74 in San Francisco, IETF Journal editor Mirjam Kühne and Trent Adams (Outreach Specialist, Identity Community, at the Internet Society) sat down with OAuth BoF cochairs Hannes Tschofenig and Blaine Cook as well as Eran Hammer-Lahav, who authored the OAuth specification document, to find out more about the decision to bring OAuth into the Internet Engineering Task Force, about how the specification compares with similar resources, and about next steps in its development and application. IETF Journal: There are a number of resources available today that address the growing need to manage and protect a user's identity on the Internet while making it possible for users to share information from one site to another. How is OAuth related to other work in the identity space? Eran: There are a few different mechanisms. One is SAML [security assertion markup language], and the other two are OpenID and OAuth. There are a few others in the mix, but those are the main ones in the identity space. IETF Journal: And what was each of them designed to do? Eran: SAML was designed mainly for use within business enterprises, and it is perhaps the most complicated of the three because of its use of XML structures. It is also very robust and very powerful. OpenID is fundamentally about single sign-on, and it depends on Web redirections. OpenID is meant exclusively for Web usage and is designed for interactions between human beings. Because of its architecture, OpenID can communicate only what will fit in a URI. It is not capable of handling anything more sophisticated. OAuth is a way to delegate both access and permission. It is very simple, and in many ways, it borrows from the culture of OpenID in terms of equal access, while at the same time learning from its mistakes. It is designed to be a generic access mechanism. So, if you have other authentication mechanisms on the Web, this is just one more option in that stack. However, it does provide more options: it can be used from server to server as well as from client to user. Right now, OAuth is not really a standard; it is primarily a guide to best current practices. The next phase of its development will need to focus on interoperability, an area in which it is not strong at the moment. IETF Journal: Is that primarily the reason for bringing this into the IETF? Eran: There were a number of different reasons for doing so. I believe it started when Mark Nottingham, who is the chair of the httpbis WG [Hypertext Transfer Protocol Bis Working Group] and a world-renowned expert on caching and proxy, gave us feedback on the OAuth specification. He said, “You know, this is a really good start, but it doesn't play well with the actual HTTP stack.”? We put it through a security review, but we did not have the full skill set of an IETF security review. Instead, we had two or three people from two different companies doing a security review. But two people doing a security review is not quite the same thing as a full-scale IETF security area review. After that, we decided to publish it as an Internet-Draft, which was a way to get feedback from the IETF. Then we thought, maybe we should go to an IETF meeting and do a Bar-BoF. Then we thought, why not just do a BoF? After that, things happened very fast. When we published the Internet-Draft, we asked what track it should be put on. We were told, “Oh, just put it on the Standards track. You can always change it later.”? So, the original motivation to bring it to the IETF was to get some feedback from experts. That was really what all this was about. As we started talking about it, we were hearing that the IETF has been trying to develop something like this for a long time-without much success, because it is very hard to develop a brand-new security protocol from scratch. In some ways, it is very difficult to get new things off the ground from within the IETF. A lot of work is developed outside and then brought into the IETF. At IETF 74 in San Francisco, IETF Journal editor Mirjam Kühne and Trent Adams (Outreach Specialist, Identity Community, at the Internet Society) sat down with OAuth BoF cochairs Hannes Tschofenig and Blaine Cook as well as Eran Hammer-Lahav, who authored the OAuth specification document, to find out more about the decision to bring OAuth into the Internet Engineering Task Force, about how the specification compares with similar resources, and about next steps in its development and application. IETF Journal: There are a number of resources available today that address the growing need to manage and protect a user's identity on the Internet while making it possible for users to share information from one site to another. How is OAuth related to other work in the identity space? Eran: There are a few different mechanisms. One is SAML [security assertion markup language], and the other two are OpenID and OAuth. There are a few others in the mix, but those are the main ones in the identity space. IETF Journal: And what was each of them designed to do? Eran: SAML was designed mainly for use within business enterprises, and it is perhaps the most complicated of the three because of its use of XML structures. It is also very robust and very powerful. OpenID is fundamentally about single sign-on, and it depends on Web redirections. OpenID is meant exclusively for Web usage and is designed for interactions between human beings. Because of its architecture, OpenID can communicate only what will fit in a URI. It is not capable of handling anything more sophisticated. OAuth is a way to delegate both access and permission. It is very simple, and in many ways, it borrows from the culture of OpenID in terms of equal access, while at the same time learning from its mistakes. It is designed to be a generic access mechanism. So, if you have other authentication mechanisms on the Web, this is just one more option in that stack. However, it does provide more options: it can be used from server to server as well as from client to user. Right now, OAuth is not really a standard; it is primarily a guide to best current practices. The next phase of its development will need to focus on interoperability, an area in which it is not strong at the moment. IETF Journal: Is that primarily the reason for bringing this into the IETF? Eran: There were a number of different reasons for doing so. I believe it started when Mark Nottingham, who is the chair of the httpbis WG [Hypertext Transfer Protocol Bis Working Group] and a world-renowned expert on caching and proxy, gave us feedback on the OAuth specification. He said, “You know, this is a really good start, but it doesn't play well with the actual HTTP stack.”? We put it through a security review, but we did not have the full skill set of an IETF security review. Instead, we had two or three people from two different companies doing a security review. But two people doing a security review is not quite the same thing as a full-scale IETF security area review. After that, we decided to publish it as an Internet-Draft, which was a way to get feedback from the IETF. Then we thought, maybe we should go to an IETF meeting and do a Bar-BoF. Then we thought, why not just do a BoF? After that, things happened very fast. When we published the Internet-Draft, we asked what track it should be put on. We were told, “Oh, just put it on the Standards track. You can always change it later.”? So, the original motivation to bring it to the IETF was to get some feedback from experts. That was really what all this was about. As we started talking about it, we were hearing that the IETF has been trying to develop something like this for a long time-without much success, because it is very hard to develop a brand-new security protocol from scratch. In some ways, it is very difficult to get new things off the ground from within the IETF. A lot of work is developed outside and then brought into the IETF. Blaine: For me there was another aspect: On the consumer side, the adoption was pretty good, but not so much with enterprise adoption. Businesses want to use it, but they are concerned because OAuth is not yet standardized. We would hear, “You guys are just a bunch of Web guys, so how can I trust you?”? And they want to do their own security release, because they don't trust themselves [laughs]. I think with these types of protocols, there is a point at which engaging in a proper process with a standards body behind it is really important, especially when it involves things like being able to delegate access from a specific application to my bank, so that I can gain access to your checking account in order to deposit money. Hannes: Many of the more conservative groups, such as government agencies, often require a standards-track RFC to exist before agreeing to adopt a particular protocol. And it often creates problems for them to come up with the mechanisms to achieve that. IETF Journal: It sounds like there were two aspects: The first is the evaluation of the current specification and figuring out if there are any issues that might come up during the review, and then, on the backside, the second one is the issue of legitimacy. Therefore, when enterprises ask who has had a look at it, you can raise their comfort level by pointing to the work that has been done on the protocol within the IETF. Blaine: Yes. IETF Journal: It also sounds like what you want is not just to release version 1.0 but also to have something that is supported by a long-term process. Is that also a consideration? Eran: Yes. On the other hand, we also understand that once something gets fed into a Standards track as an RFC, the community cannot expect a new version in six months. IETF Journal: But what the community can expect is that people will have their eyes on the ball, and that when review is required-whatever the time frame-it will happen. Eran: At the moment this is a community-driven specification. There are a small number of people who agree that OAuth is stable for now and that they are not going to do any more work on it. Apart from that, there is nothing to prevent anyone from changing it. That is why bigger companies are skeptical. It will take them six to eight months to incorporate the protocol into their development cycle. If the specification changes after six months, it will have been a waste of their effort and money. I would not say we are bringing OAuth to the IETF; we are attempting to standardize one document as a trial for the community. We are taking this one very specific document to the IETF to have it standardized. We want a more complete security review; we want interoperability; and we want to improve the quality of the document by having more people look at it. I envision that a lot of the work on OAuth will continue to happen outside the IETF, that fundamentally, it will remain a community-driven process. If at any time the community produces something that is stable and secure enough to be standardized, then we can come back and do the next step. If at that point the WG has completed its work, we can see if we want to recharter the group. Or we could start a new WG. I am really careful of communicating that we are not moving OAuth into the IETF. There is the OAuth community and then there is the IETF. But I expect the same people who have worked on it so far will also be the people who will make the RFC happen. It really is not an us-versus-them situation. The OAuth WG will consist of whoever shows up, and I expect that 95 percent of the people who show up will be the same people who have already worked on it. IETF Journal: With that in mind, are you concerned about the potential for bifurcation of the standard? For example, let's say there is a group of people within the IETF who want to take the standard in one direction, and another group of people in the community who have a use case that they are trying to tackle, which might take them in another direction. How do you decide what direction to go? Hannes: The decision will be made by rough consensus of the participants of the BoF or the WG. Blaine: For me it really is about adoption. There are plenty of security standards that haven't achieved adoption because they are designed from within security ivory towers. We are constantly being surveilled, surveilling each other, and surveilling ourselves. This idea of perfect security is imaginary. We are trying to enable people to take control over what they are doing and make sure that when they take an action there is not some other action happening that they don’t know about. And designing for that is really hard. So, we already have bifurcation of OAuth, because it is based on a number of different specifications. In the way it is written now, we hope it is pretty neutral and something that everyone can agree on. IETF Journal: So, one could say that the IETF standardizes OAuth and then people can implement against that? Eran: The biggest danger is standards shopping. I have no intention of doing standards shopping. I do not intend to standardize OAuth elsewhere if the IETF is taking a direction I don't like. That is also reflected in the way we licensed the work originally and the way we brought it to the IETF: we basically took a snapshot of the document and pretty much said, “Now the IETF can do whatever it wants with it.”? Today we already have an OAuth Core 1.0 specification. It may not be a standard, but it is there and companies are implementing it and using it. If the IETF produces a successful standard, it will still be called OAuth. After that, the market will decide if it likes it. It is our hope that the market will like it and that it will move toward adoption. And that the people who have already implemented OAuth Core 1.0 will say they will also want to support the new one. But let's allow the market to decide. It is also possible that the IETF will move OAuth into a more extreme direction, requiring that all kinds of things be parts of the standard. If that's the case, what will probably happen is that a lot of the original OAuth authors will leave. The only thing we will probably take with us is the name, not the specification or anything else. We will just say, “Do whatever you want, but don't call this OAuth anymore.”? Why confuse people? You will end up creating something that you think is better, but it will just be different and then we can let the market decide which one it wants. IETF Journal: Have you given any thought to the intellectual property rights (IPR) issues that could arise from moving OAuth from its original development paradigm to the IETF? Eran: Yes. I spent six months negotiating a set of very liberal IPR terms with all of the original contributors. So, if you take OAuth and you change it dramatically so that it does not any longer operate within the boundaries of the community-derived OAuth specification, then you're on your own! If that's the case, you need to go and get the IPR requirements you need. But we have actually found the IETF applications area to be very open-source friendly. IETF Journal: Does that mean that basically there would be no issue if you choose to take the specification down another path at a later time? Eran: If the IETF is interested in going in a different direction, and if Blaine and I and a few others are the minority voices in the room, and if we cannot raise our voices anymore, then we very likely will just choose to not participate anymore. But nobody is going to take it and bring it to another standards body, such as OASIS. There is no interest in that. If you look at the original goals we stated earlier, creating a standard is not our main objective; it's more like a bonus. IETF Journal: Do you agree with what Blaine said earlier about how, to some degree, having a standard opens up markets that you otherwise wouldn't be able to reach? Eran: Yes, sure, but only as long as that doesn't mean selling out on what we were trying to do originally. Blaine: I don't have any financial interest in OAuth, and as far as I know, nobody in the community is interested in serving as OAuth advisors. No one has any intellectual property claim that would be of any value. I don't need OAuth to go into the IETF. Twitter has OAuth, and Flickr has it, as do others. So, the specific properties I would like OAuth to have are already happening. As far as not having to give out my password on the Web in those applications that I wouldn't really trust with that kind of thing, well, that is done. So, it is really about recognizing that it would be really cool if more enterprises started thinking about these kinds of lightweight but strong security mechanisms. In terms of fragmentations of the specification and what might happen next, it's important to remember that OAuth could not have happened 10 years ago. The culture on the Net was different. Even two years ago, when we started to write this up, we used MD5, not SHA-1. There were no libraries at the time. Things have changed significantly in this space. Things evolve, and as OAuth gets adopted, we can do more work on it. I fully expect that something better than OAuth will come along in 5 to 10 years, and then we will start to use that. The technology will be better and our comprehension of the problems as the wider community-not just the security community-will be better. IETF Journal: Was there a moment when you had to decide which community could give you the best security review and the highest level of legitimacy? Were there other players on the table? Or did you just stumble onto the IETF? Eran: I have been approached by a colleague who is active in the IETF, and then by Lisa Dusseault, who is one of the applications area directors to officially bring the question to the IETF to see if the IETF might be interested. We had a BoF in Minneapolis at IETF 73, where we asked ourselves if this is an area that may interest the IETF. After that, the question was, Is OAuth a good and reasonable solution to use as a starting point? Those were the two main questions we started off with, and then we started working on the charter. People have also approached me informally from both the W3C and OASIS. IETF Journal: So, it sounds like you did not step back and say, “Here are the three things I need, let's look at which standards organization would be the most appropriate, is that right? Eran: That's right. However, after I started talking to Lisa, I did look around a bit because this is something you want to do only once and you don't want to discredit yourself. You don't want to go to the IETF and then after the first BoF think, well, I don't like the way this is going in the IETF. I'll go to the W3C and see if they want it. It was an easy decision based on one criterion-that is, that every single person who has been involved in OAuth until now could continue to work on it in the IETF. Participation at the IETF is open, and there is no membership fee. It is much more difficult to participate in other organizations, such as OASIS and the W3C. It is expensive to become a member. Morally, I felt that was the right way to approach it. I felt that people might not agree on the need to standardize it or on the value of it or even that the IETF is the best place to do it. But at least they're welcome to join. And all they have to do is join the mailing list. That's the only barrier. Blaine: If you compare the barriers, for instance, of the W3C or OASIS, it is much more difficult to participate. Eran: That ruled them out immediately. The W3C membership model is really difficult. And joining OASIS is expensive. Blaine: To some extent, that's also a concern with the IETF. It may have no membership fees, but the costs of attending the meetings are pretty high. Many people do this in addition to their regular work. Eran is one of the few people who has an employer's approval to be working on it. IETF Journal: On the other hand, wouldn't it be good to expand the weight of the WG and to broaden the participation? Right now it is pretty U.S.-centric. Blaine: I agree. I think it's important to meet in Stockholm at IETF 75, which will get more Europeans involved. It would also be a good time to push forward the work on its adoption. At the moment, not many people in Europe know about OAuth. Hannes: All decisions have to be confirmed on the mailing list anyway. So, the meetings are more like social events. IETF Journal: Yes, but meeting in person is a good way to overcome potential trust issues with other people. Hannes: That's true. Photos by Peter Löthberg Open Authentication Protocol.

]]> 889 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-report/ Sun, 07 Jun 2009 15:04:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=891 Aaron Falk, IRTF Chair What follows are summaries of several updates on the Internet Research Groups (RGs), some of which were reported during the Technical Plenary at IETF 74. There are three bits of status regarding the Internet Research Task Force (IRTF): First, since IETF 73, the IRTF has not published any new RFCs because of document dependencies that are holding up final establishment of the IRTF RFC publication stream. However, three research group (RG) documents are in the RFC Editor's queue. Additionally, we are finalising the IRTF streams document rights. Our intent is to maximize commonality with the IETF process so as to ease documents' ability to move between the IRTF and the IETF. Second, there has been activity in the form of the creation of two new research groups: a group of folks, organized by Martin Stiemerling, has been holding BarBoFs to discuss an RG on network virtualization, and Paul Hoffman is developing a draft charter for an RG to discuss alternate public key formats, certificates, and services called PKNG. And third, most of the IRTF RGs are now fairly active. During IETF 74, four RGs met: DTNRG, RRG, P2PRG, and HIPRG. Most research groups meet at least once a year at an IETF meeting, and several meet more frequently by holding additional meetings at such venues as academic conferences to attract greater research participation. Recently, I've been giving a very short overview of a couple active research groups during the IETF technical plenary. This is to introduce folks in the IETF to work going on in the IRTF and to encourage more participation. The following two sections are introductions to the Crypto Forum Research Group and the Routing Research Group, as presented during the IETF 74 technical plenary.

Crypto Forum Research Group (cfrg)

The CFRG is a forum for discussing and analysing general cryptographic aspects of security protocols. One of the main goals is to offer guidance on the use of emerging mechanisms and new uses of existing mechanisms in the tradition of RFC 1321 (MD5) and RFC 2104 (HMAC). Another important goal of the work is to create a bridge between theory and practice. IETF working groups that are developing protocols that include cryptographic elements are welcome to bring questions concerning the protocols to the CFRG. The CFRG is currently working on a number of important topics. One involves hash functions, wherein the goal is to transition away from MD5 (and SHA-1). In that context, the CFRG is identifying IETF's uses and security goals and is discussing reviving and extending RFC 4270 (Attacks on Cryptographic Hashes in Internet Protocols). Other topics the RG is working on are Password-Authenticated Key Exchange (currently reviewing draft-sheffer-emu-eap-eke-00, “The EAP-EKE Method”?), threshold cryptography (see draft-mcgrew-tss-02, “Threshold Secret Sharing”?), and threshold signatures. The last might be a topic of possible future work and is relevant to Domain Name System Security Extensions (DNSSEC) and Public-Key Infrastructure (PKIX).

Routing Research Group (rrg)

The RRG is trying to solve the problem of uncontrolled growth of the routing table. One of the major causes of routing-table growth is multihoming. Multihomed sites inject one prefix or multiple prefixes into the routing system. Routing costs increase with the number of multihomed sites. The primary goal of the RG is to develop a routing architecture that can provide effective control on routing overhead and that is independent from the number of multihomed sites. Another goal is to avoid the need to renumber when changing service providers. A new routing protocol should also be incrementally deployable and possess equal or better security. The RRG has continued its efforts to sort out and reassess existing proposals. There are currently nine proposals listed on the RRG wiki. One proposal recently posted argues for an evolution path that will lead to a scalable routing architecture. That same proposal was presented during the RRG meeting at IETF 74. The group is also working to clarify the terminology used in routing scalability discussions. RRG originally planned to offer a recommendation by March 2009, but investigation efforts led to new understandings of the problem and solution space, and now that date has been pushed out by one year, to 2010. Several members of the RRG participated in a seminar called Naming and Addressing for the Future Internet, which was held in Dagstuhl, Germany, in March 2009. (See here) For more information about the Internet Research Task Force, visit this website.  ]]> 891 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-3/ Wed, 24 Jun 2009 20:29:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1426 http://www.ietf.org/internet-drafts/draft-ietf-rmt-bb-lct-revised-09.txt Date: 2009-04-01 – Last Call: draft-ietf-isms-secshell (Secure Shell Transport Model for SNMP) to Proposed Standar / Call: draft-ietf-isms-secshell (Secure Shell Transport Model for SNMP) to Proposed Standard Title: ast Call: draft-ietf-isms-secshell (Secure Shell Transport Model for SNMP) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-secshell-15.txt Date: 2009-04-01 – Last Call: draft-ietf-isms-tmsm (Transport Subsystem for the Simple Network Management Protocol (SNMP)) to Proposed Standar / Call: draft-ietf-isms-tmsm (Transport Subsystem for the Simple Network Management Protocol (SNMP)) to Proposed Standard Title: ast Call: draft-ietf-isms-tmsm (Transport Subsystem for the Simple Network Management Protocol (SNMP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-tmsm-16.txt Date: 2009-04-01 – Last Call: draft-ietf-isms-transport-security-model (Transport Security Model for SNMP) to Proposed Standar / Call: draft-ietf-isms-transport-security-model (Transport Security Model for SNMP) to Proposed Standard Title: ast Call: draft-ietf-isms-transport-security-model (Transport Security Model for SNMP) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-transport-security-model-12.txt Date: 2009-04-01 – Approved by the IESG as Proposed Standard Title: A Session Description Protocol (SDP) Offer/Answer Mechanism to Enable File Transfer URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-file-transfer-mech-11.txt Date: 2009-04-02 – Last Call: draft-ietf-dccp-serv-codes (The DCCP Service Code) to Proposed Standar / Call: draft-ietf-dccp-serv-codes (The DCCP Service Code) to Proposed Standard Title: ast Call: draft-ietf-dccp-serv-codes (The DCCP Service Code) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-serv-codes-08.txt Date: 2009-04-02 – Last Call: draft-ietf-tcpm-tcpsecure (Improving T / Call: draft-ietf-tcpm-tcpsecure (Improving TCP’s Robustness to Blind In-Window Attacks) to Proposed Standard Title: s Robustne URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-11.txt Date: 2009-04-02 – Approved by the IESG as Informational RFC Title: Urban WSNs Routing Requirements in Low Power and Lossy Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-roll-urban-routing-reqs-05.txt Date: 2009-04-03 – Last Call: draft-ietf-mpls-p2mp-te-mib (Point-to-Multipoint Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB) module) to Proposed Standar / Call: draft-ietf-mpls-p2mp-te-mib (Point-to-Multipoint Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB) module) to Proposed Standard Title: ast Call: draft-ietf-mpls-p2mp-te-mib (Point-to-Multipoint Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB) module) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-p2mp-te-mib-08.txt Date: 2009-04-03 – Last Call: draft-ietf-tcpm-ecnsyn (Adding Explicit Congestion Notification (ECN) Capability to T / Call: draft-ietf-tcpm-ecnsyn (Adding Explicit Congestion Notification (ECN) Capability to TCP’s SYN/ACK Packets) to Experimental RFC Title: URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-ecnsyn-08.txt Date: 2009-04-06 – Last Call: draft-ietf-pana-statemachine (State Machines for Protocol for Carrying Authentication for Network Access (PANA)) to Informational RF / Call: draft-ietf-pana-statemachine (State Machines for Protocol for Carrying Authentication for Network Access (PANA)) to Informational RFC Title: ast Call: draft-ietf-pana-statemachine (State Machines for Protocol for Carrying Authentication for Network Access (PANA)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pana-statemachine-10.txt Date: 2009-04-06 – Approved by the IESG as Informational RFC Title: Transparent Interconnection of Lots of Links (TRILL): Problem and Applicability Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-trill-prob-06.txt Date: 2009-04-06 – Approved by the IESG as Proposed Standard Title: Softwire Mesh Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-mesh-framework-06.txt Date: 2009-04-07 – Last Call: draft-ietf-isms-radius-usage (Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models) to Proposed Standar / Call: draft-ietf-isms-radius-usage (Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models) to Proposed Standard Title: ast Call: draft-ietf-isms-radius-usage (Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-radius-usage-05.txt Date: 2009-04-08 – Last Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standar / Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standard Title: ast Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standard URL: http://www.ietf.org/rfc/rfc3852.txt Date: 2009-04-09 – Last Call: draft-ietf-ltru-4645bis (Update to the Language Subtag Registry) to Informational RF / Call: draft-ietf-ltru-4645bis (Update to the Language Subtag Registry) to Informational RFC Title: ast Call: draft-ietf-ltru-4645bis (Update to the Language Subtag Registry) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ltru-4645bis-10.txt Date: 2009-04-10 – Approved by the IESG as Proposed Standard Title: Heartbeat Mechanism for Proxy Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-pmipv6-heartbeat-07.txt Date: 2009-04-10 – Approved by the IESG as Proposed Standard Title: SIP Interface to VoiceXML Media Services URL: http://www.ietf.org/internet-drafts/draft-ietf-mediactrl-vxml-04.txt Date: 2009-04-13 – Last Call: draft-ietf-ltru-4646bis (Tags for Identifying Languages) to BC / Call: draft-ietf-ltru-4646bis (Tags for Identifying Languages) to BCP Title: ast Call: draft-ietf-ltru-4646bis (Tags for Identifying Languages) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-ltru-4646bis-21.txt Date: 2009-04-13 – Last Call: draft-crocker-email-arch (Internet Mail Architecture) to Proposed Standar / Call: draft-crocker-email-arch (Internet Mail Architecture) to Proposed Standard Title: ast Call: draft-crocker-email-arch (Internet Mail Architecture) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-crocker-email-arch-12.txt Date: 2009-04-13 – Last Call: draft-ietf-mipshop-mos-dhcp-options (Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery) to Proposed Standar / Call: draft-ietf-mipshop-mos-dhcp-options (Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery) to Proposed Standard Title: ast Call: draft-ietf-mipshop-mos-dhcp-options (Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-mos-dhcp-options-13.txt Date: 2009-04-13 – Last Call: draft-ietf-mipshop-rfc5268bis (Mobile IPv6 Fast Handovers) to Proposed Standar / Call: draft-ietf-mipshop-rfc5268bis (Mobile IPv6 Fast Handovers) to Proposed Standard Title: ast Call: draft-ietf-mipshop-rfc5268bis (Mobile IPv6 Fast Handovers) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-rfc5268bis-01.txt Date: 2009-04-13 – Last Call: draft-ietf-pce-monitoring (A set of monitoring tools for Path Computation Element based Architecture) to Proposed Standar / Call: draft-ietf-pce-monitoring (A set of monitoring tools for Path Computation Element based Architecture) to Proposed Standard Title: ast Call: draft-ietf-pce-monitoring (A set of monitoring tools for Path Computation Element based Architecture) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-monitoring-04.txt Date: 2009-04-13 – Last Call: draft-ietf-pce-p2mp-app (Applicability of the Path Computation Element (PCE) to Point-to-Multipoint (P2MP) Multiprotocol Label Switching (MPLS)and Generalized MPLS (GMPLS) Traffic Engineering (TE)) to Informational RF / Call: draft-ietf-pce-p2mp-app (Applicability of the Path Computation Element (PCE) to Point-to-Multipoint (P2MP) Multiprotocol Label Switching (MPLS)and Generalized MPLS (GMPLS) Traffic Engineering (TE)) to Informational RFC Title: ast Call: draft-ietf-pce-p2mp-app (Applicability of the Path Computation Element (PCE) to Point-to-Multipoint (P2MP) Multiprotocol Label Switching (MPLS)and Generalized MPLS (GMPLS) Traffic Engineering (TE)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-p2mp-app-01.txt Date: 2009-04-13 – Approved by the IESG as Proposed Standard Title: Clarifications and Extensions to the GSS-API for the Use of Channel Bindings URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-channel-bindings-07.txt Date: 2009-04-13 – Approved by the IESG as col Action: ‘RSVP Extensions for Path Key Support’ to Proposed Standard Title: RSVP Extensions for Path Key Support’ to URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-path-key-ero-04.txt Date: 2009-04-13 – Approved by the IESG as Proposed Standard Title: Path Computation Element Communication Protocol (PCEP) Requirements and Protocol Extensions In Support of Global Concurrent Optimization URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-global-concurrent-optimization-10.txt Date: 2009-04-13 – Re: Informational RFC to be: draft-despres-6rd-03.tx / nformational RFC to be: draft-despres-6rd-03.txt Title: e: Informational RFC to be: draft-despres-6rd-03.txt URL: http://www.ietf.org/internet-drafts/draft-despres-6rd-03.txt Date: 2009-04-16 – Last Call: draft-ietf-dccp-simul-open (DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal) to Proposed Standar / Call: draft-ietf-dccp-simul-open (DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal) to Proposed Standard Title: ast Call: draft-ietf-dccp-simul-open (DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-simul-open-07.txt Date: 2009-04-16 – Approved by the IESG as Informational RFC Title: Pre-Congestion Notification (PCN) Architecture URL: http://www.ietf.org/internet-drafts/draft-ietf-pcn-architecture-11.txt Date: 2009-04-20 – Approved by the IESG as col Action: ‘A One-Way Packet Duplication Metric’ to Proposed Standard Title: A One-Way Packet Duplication Metric’ to URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-duplicate-08.txt Date: 2009-04-24 – Last Call: draft-ietf-dkim-overview (DomainKeys Identified Mail (DKIM) Service Overview) to Informational RF / Call: draft-ietf-dkim-overview (DomainKeys Identified Mail (DKIM) Service Overview) to Informational RFC Title: ast Call: draft-ietf-dkim-overview (DomainKeys Identified Mail (DKIM) Service Overview) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-overview-11.txt Date: 2009-04-24 – Last Call: draft-ietf-dkim-rfc4871-errata (RFC 4871 DomainKeys Identified Mail (DKIM) Signatures — Update) to Proposed Standar / Call: draft-ietf-dkim-rfc4871-errata (RFC 4871 DomainKeys Identified Mail (DKIM) Signatures — Update) to Proposed Standard Title: ast Call: draft-ietf-dkim-rfc4871-errata (RFC 4871 DomainKeys Identified Mail (DKIM) Signatures — Update) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-rfc4871-errata-04.txt Date: 2009-04-24 – Approved by the IESG as Informational RFC Title: Common Architecture Label IPv6 Security Option (CALIPSO) URL: http://www.ietf.org/internet-drafts/draft-stjohns-sipso-11.txt Date: 2009-04-24 – Approved by the IESG as Informational RFC Title: An Architectural Framework for Media Server Control URL: http://www.ietf.org/internet-drafts/draft-ietf-mediactrl-architecture-04.txt Date: 2009-04-27 – Last Call: draft-ietf-rmt-pi-norm-revised (NACK-Oriented Reliable Multicast Protocol) to Proposed Standar / Call: draft-ietf-rmt-pi-norm-revised (NACK-Oriented Reliable Multicast Protocol) to Proposed Standard Title: ast Call: draft-ietf-rmt-pi-norm-revised (NACK-Oriented Reliable Multicast Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-pi-norm-revised-11.txt Date: 2009-04-27 – Second Last Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standar / d Last Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standard Title: econd Last Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standard URL: http://www.ietf.org/rfc/rfc3852.txt Date: 2009-04-27 – Re: Informational RFC to be: draft-bberry-rfc4938bis-00.tx / nformational RFC to be: draft-bberry-rfc4938bis-00.txt Title: e: Informational RFC to be: draft-bberry-rfc4938bis-00.txt URL: http://www.ietf.org/internet-drafts/draft-bberry-rfc4938bis-00.txt Date: 2009-04-27 – Re: Informational RFC to be: draft-lochter-pkix-brainpool-ecc-03.tx / nformational RFC to be: draft-lochter-pkix-brainpool-ecc-03.txt Title: e: Informational RFC to be: draft-lochter-pkix-brainpool-ecc-03.txt URL: http://www.ietf.org/internet-drafts/draft-lochter-pkix-brainpool-ecc-03.txt Date: 2009-04-27 – Last Call: draft-ietf-sip-ua-privacy (UA-Driven Privacy Mechanism for SIP) to Informational RF / Call: draft-ietf-sip-ua-privacy (UA-Driven Privacy Mechanism for SIP) to Informational RFC Title: ast Call: draft-ietf-sip-ua-privacy (UA-Driven Privacy Mechanism for SIP) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ua-privacy-07.txt Date: 2009-04-27 – Last Call: draft-ietf-ecrit-location-hiding-req (Location Hiding: Problem Statement and Requirements) to Informational RF / Call: draft-ietf-ecrit-location-hiding-req (Location Hiding: Problem Statement and Requirements) to Informational RFC Title: ast Call: draft-ietf-ecrit-location-hiding-req (Location Hiding: Problem Statement and Requirements) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-location-hiding-req-01.txt Date: 2009-04-27 – Last Call: draft-ietf-sipping-update-pai (Updates to Asserted Identity in the Session Initiation Protocol (SIP)) to Informational RF / Call: draft-ietf-sipping-update-pai (Updates to Asserted Identity in the Session Initiation Protocol (SIP)) to Informational RFC Title: ast Call: draft-ietf-sipping-update-pai (Updates to Asserted Identity in the Session Initiation Protocol (SIP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-update-pai-09.txt Date: 2009-04-28 – Last Call: draft-ietf-geopriv-sip-lo-retransmission (Implications o / Call: draft-ietf-geopriv-sip-lo-retransmission (Implications of ‘retransmission-allowed’ for SIP Location Conveyance) to Informational RFC Title: retr URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-sip-lo-retransmission-02.txt Date: 2009-04-28 – Last Call: draft-levine-rfb (The Remote Framebuffer Protocol) to Informational RF / Call: draft-levine-rfb (The Remote Framebuffer Protocol) to Informational RFC Title: ast Call: draft-levine-rfb (The Remote Framebuffer Protocol) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-levine-rfb-01.txt Date: 2009-04-28 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 Support for Dual Stack Hosts and Routers URL: http://www.ietf.org/internet-drafts/draft-ietf-mext-nemo-v4traversal-10.txt Date: 2009-04-28 – Approved by the IESG as Proposed Standard Title: Internet Calendaring and Scheduling Core Object Specification (iCalendar) URL: http://www.ietf.org/internet-drafts/draft-ietf-calsify-rfc2445bis-10.txt Date: 2009-04-28 – Approved by the IESG as Proposed Standard Title: BGP IPsec Tunnel Encapsulation Attribute URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-encaps-ipsec-03.txt Date: 2009-04-29 – Approved by the IESG as Proposed Standard Title: LDP Capabilities URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-ldp-capabilities-04.txt Date: 2009-04-30 – Last Call: draft-ietf-mpls-tp-gach-gal (MPLS Generic Associate / Call: draft-ietf-mpls-tp-gach-gal (MPLS Generic Associated Title: ast Call: draft-ietf-mpls-tp-gach-gal (MPLS Generic Associated URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-gach-gal-04.txt Date: 2009-05-01 – Last Call: draft-ietf-dime-mip6-split (Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction) to Proposed Standar / Call: draft-ietf-dime-mip6-split (Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction) to Proposed Standard Title: ast Call: draft-ietf-dime-mip6-split (Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-17.txt Date: 2009-05-01 – Last Call: draft-ietf-dime-mip6-split (Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction) to Proposed Standar / Call: draft-ietf-dime-mip6-split (Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction) to Proposed Standard Title: ast Call: draft-ietf-dime-mip6-split (Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-17.txt Date: 2009-05-04 – Last Call: draft-ietf-netlmm-pmip6-ipv4-support (IPv4 Support for Proxy Mobile IPv6) to Proposed Standar / Call: draft-ietf-netlmm-pmip6-ipv4-support (IPv4 Support for Proxy Mobile IPv6) to Proposed Standard Title: ast Call: draft-ietf-netlmm-pmip6-ipv4-support (IPv4 Support for Proxy Mobile IPv6) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-pmip6-ipv4-support-12.txt Date: 2009-05-05 – Approved by the IESG as col Action: ‘GRE Key Option for Proxy Mobile IPv6′ to Proposed Standard Title: GRE Key Option for Proxy Mobile IPv6′ to URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-grekey-option-08.txt Date: 2009-05-05 – Last Call: draft-ietf-dnsext-dnsproxy (DNS Proxy Implementation Guidelines) to BC / Call: draft-ietf-dnsext-dnsproxy (DNS Proxy Implementation Guidelines) to BCP Title: ast Call: draft-ietf-dnsext-dnsproxy (DNS Proxy Implementation Guidelines) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnsproxy-05.txt Date: 2009-05-05 – Last Call: draft-ietf-ippm-more-twamp (More Features for the Two-Way Active Measurement Protocol – TWAMP) to Proposed Standar / Call: draft-ietf-ippm-more-twamp (More Features for the Two-Way Active Measurement Protocol – TWAMP) to Proposed Standard Title: ast Call: draft-ietf-ippm-more-twamp (More Features for the Two-Way Active Measurement Protocol – TWAMP) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-more-twamp-01.txt Date: 2009-05-07 – Last Call: draft-eronen-enterprise-number-documentation (Enterprise Number for Documentation Use) to Informational RF / Call: draft-eronen-enterprise-number-documentation (Enterprise Number for Documentation Use) to Informational RFC Title: ast Call: draft-eronen-enterprise-number-documentation (Enterprise Number for Documentation Use) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-eronen-enterprise-number-documentation-01.txt Date: 2009-05-08 – Last Call: draft-sinnreich-sip-tools (Simple SIP Usage Scenario for Applications in the Endpoints) to Informational RF / Call: draft-sinnreich-sip-tools (Simple SIP Usage Scenario for Applications in the Endpoints) to Informational RFC Title: ast Call: draft-sinnreich-sip-tools (Simple SIP Usage Scenario for Applications in the Endpoints) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-sinnreich-sip-tools-06.txt Date: 2009-05-11 – Last Call: draft-housley-aes-key-wrap-with-pad (Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm) to Informational RF / Call: draft-housley-aes-key-wrap-with-pad (Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm) to Informational RFC Title: ast Call: draft-housley-aes-key-wrap-with-pad (Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-housley-aes-key-wrap-with-pad-02.txt Date: 2009-05-11 – Approved by the IESG as Proposed Standard Title: Mobile IPv6 Fast Handovers URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-rfc5268bis-01.txt Date: 2009-05-11 – Approved by the IESG as Proposed Standard Title: Internet Message Access Protocol (IMAP) – URL Access Identifier Extension URL: http://www.ietf.org/internet-drafts/draft-ncook-urlauth-accessid-02.txt Date: 2009-05-11 – Approved by the IESG as Informational RFC Title: The Camellia Cipher in OpenPGP URL: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-camellia-04.txt Date: 2009-05-11 – Approved by the IESG as Proposed Standard Title: Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6) Options for IEEE 802.21 Mobility Services (MoS) Discovery URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-mos-dhcp-options-14.txt Date: 2009-05-11 – Re: Informational RFC to be: draft-brusilovsky-pak-10.tx / nformational RFC to be: draft-brusilovsky-pak-10.txt Title: e: Informational RFC to be: draft-brusilovsky-pak-10.txt URL: http://www.ietf.org/internet-drafts/draft-brusilovsky-pak-10.txt Date: 2009-05-11 – Re: Informational RFC to be: draft-templin-isatapv4-02.tx / nformational RFC to be: draft-templin-isatapv4-02.txt Title: e: Informational RFC to be: draft-templin-isatapv4-02.txt URL: http://www.ietf.org/internet-drafts/draft-templin-isatapv4-02.txt Date: 2009-05-12 – Last Call: draft-ietf-sip-outbound (Managing Client Initiated Connections in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-outbound (Managing Client Initiated Connections in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-outbound (Managing Client Initiated Connections in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-17.txt Date: 2009-05-12 – REVISED Last Call: draft-ietf-sip-outbound (Managing Client Initiated Connections in the Session Initiation Protocol (SIP)) to Proposed Standar / ED Last Call: draft-ietf-sip-outbound (Managing Client Initiated Connections in the Session Initiation Protocol (SIP)) to Proposed Standard Title: EVISED Last Call: draft-ietf-sip-outbound (Managing Client Initiated Connections in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-17.txt Date: 2009-05-12 – Last Call: draft-ietf-kitten-gssapi-store-cred (GSS-API Extension for Storing Delegated Credentials) to Proposed Standar / Call: draft-ietf-kitten-gssapi-store-cred (GSS-API Extension for Storing Delegated Credentials) to Proposed Standard Title: ast Call: draft-ietf-kitten-gssapi-store-cred (GSS-API Extension for Storing Delegated Credentials) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-store-cred-04.txt Date: 2009-05-12 – Approved by the IESG as Experimental RFC Title: Asynchronous Channels for the Blocks Extensible Exchange Protocol (BEEP) URL: http://www.ietf.org/internet-drafts/draft-thomson-beep-async-02.txt Date: 2009-05-14 – Last Call: draft-ietf-kitten-rfc2853bis (Generic Security Service API Version 2 : Java Bindings Update) to Proposed Standar / Call: draft-ietf-kitten-rfc2853bis (Generic Security Service API Version 2 : Java Bindings Update) to Proposed Standard Title: ast Call: draft-ietf-kitten-rfc2853bis (Generic Security Service API Version 2 : Java Bindings Update) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-rfc2853bis-05.txt Date: 2009-05-14 – Last Call: draft-ietf-kitten-extended-mech-inquiry (Extended Generic Security Service Mechanism Inquiry APIs) to Proposed Standar / Call: draft-ietf-kitten-extended-mech-inquiry (Extended Generic Security Service Mechanism Inquiry APIs) to Proposed Standard Title: ast Call: draft-ietf-kitten-extended-mech-inquiry (Extended Generic Security Service Mechanism Inquiry APIs) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-extended-mech-inquiry-06.txt Date: 2009-05-14 – Last Call: draft-hollenbeck-rfc4930bis (Extensible Provisioning Protocol (EPP)) to Full Standar / Call: draft-hollenbeck-rfc4930bis (Extensible Provisioning Protocol (EPP)) to Full Standard Title: ast Call: draft-hollenbeck-rfc4930bis (Extensible Provisioning Protocol (EPP)) to Full Standard URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-rfc4930bis-01.txt Date: 2009-05-14 – Last Call: draft-hollenbeck-rfc4931bis (Extensible Provisioning Protocol (EPP) Domain Name Mapping) to Full Standar / Call: draft-hollenbeck-rfc4931bis (Extensible Provisioning Protocol (EPP) Domain Name Mapping) to Full Standard Title: ast Call: draft-hollenbeck-rfc4931bis (Extensible Provisioning Protocol (EPP) Domain Name Mapping) to Full Standard URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-rfc4931bis-01.txt Date: 2009-05-14 – Last Call: draft-hollenbeck-rfc4932bis (Extensible Provisioning Protocol (EPP) Host Mapping) to Full Standar / Call: draft-hollenbeck-rfc4932bis (Extensible Provisioning Protocol (EPP) Host Mapping) to Full Standard Title: ast Call: draft-hollenbeck-rfc4932bis (Extensible Provisioning Protocol (EPP) Host Mapping) to Full Standard URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-rfc4932bis-01.txt Date: 2009-05-14 – Last Call: draft-hollenbeck-rfc4933bis (Extensible Provisioning Protocol (EPP) Contact Mapping) to Full Standar / Call: draft-hollenbeck-rfc4933bis (Extensible Provisioning Protocol (EPP) Contact Mapping) to Full Standard Title: ast Call: draft-hollenbeck-rfc4933bis (Extensible Provisioning Protocol (EPP) Contact Mapping) to Full Standard URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-rfc4933bis-01.txt Date: 2009-05-14 – Last Call: draft-hollenbeck-rfc4934bis (Extensible Provisioning Protocol (EPP) Transport over TCP) to Full Standar / Call: draft-hollenbeck-rfc4934bis (Extensible Provisioning Protocol (EPP) Transport over TCP) to Full Standard Title: ast Call: draft-hollenbeck-rfc4934bis (Extensible Provisioning Protocol (EPP) Transport over TCP) to Full Standard URL: http://www.ietf.org/internet-drafts/draft-hollenbeck-rfc4934bis-01.txt Date: 2009-05-14 – Last Call: draft-ietf-smime-3278bis (Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)) to Informational RF / Call: draft-ietf-smime-3278bis (Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)) to Informational RFC Title: ast Call: draft-ietf-smime-3278bis (Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-3278bis-07.txt Date: 2009-05-14 – Approved by the IESG as Proposed Standard Title: Softwire Hub & Spoke Deployment Framework with L2TPv2 URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-hs-framework-l2tpv2-13.txt Date: 2009-05-14 – Approved by the IESG as Proposed Standard Title: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Certificate Handling URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-3850bis-11.txt Date: 2009-05-14 – Last Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RF / Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC Title: ast Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-webdav-bind-23.txt Date: 2009-05-15 – Approved by the IESG as Proposed Standard Title: Secure Shell Transport Model for SNMP URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-secshell-18.txt Date: 2009-05-15 – Approved by the IESG as Proposed Standard Title: Transport Subsystem for the Simple Network Management Protocol (SNMP) URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-tmsm-18.txt Date: 2009-05-15 – Approved by the IESG as Proposed Standard Title: Transport Security Model for SNMP URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-transport-security-model-14.txt Date: 2009-05-15 – Approved by the IESG as Proposed Standard Title: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-3851bis-11.txt Date: 2009-05-18 – Approved by the IESG as Proposed Standard Title: RTP Payload Format for the Speex Codec URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-speex-07.txt Date: 2009-05-19 – Last Call: draft-ietf-opsawg-operations-and-management (Guidelines for Considering Operations and Management of New Protocols and Protocol Extensions) to BC / Call: draft-ietf-opsawg-operations-and-management (Guidelines for Considering Operations and Management of New Protocols and Protocol Extensions) to BCP Title: ast Call: draft-ietf-opsawg-operations-and-management (Guidelines for Considering Operations and Management of New Protocols and Protocol Extensions) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-operations-and-management-07.txt Date: 2009-05-19 – Approved by the IESG as Proposed Standard Title: Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-17.txt Date: 2009-05-19 – Last Call: draft-ietf-avt-rtp-mps (RTP Payload Format for Elementary Streams with MPEG Surround multi- channel audio) to Proposed Standar / Call: draft-ietf-avt-rtp-mps (RTP Payload Format for Elementary Streams with MPEG Surround multi- channel audio) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-mps (RTP Payload Format for Elementary Streams with MPEG Surround multi- channel audio) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-mps-02.txt Date: 2009-05-19 – Approved by the IESG as Informational RFC Title: Location-to-URL Mapping Architecture and Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-mapping-arch-04.txt Date: 2009-05-19 – Approved by the IESG as BCP Title: Session Initiation Protocol Call Control – Transfer URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-cc-transfer-12.txt Date: 2009-05-19 – Last Call: draft-livingood-woundy-p4p-experiences (Comca / Call: draft-livingood-woundy-p4p-experiences (Comcast’s ISP Experiences In a P4P Technical Trial) to Informational RFC Title: s ISP URL: http://www.ietf.org/internet-drafts/draft-livingood-woundy-p4p-experiences-07.txt Date: 2009-05-19 – Last Call: draft-ietf-avt-app-rtp-keepalive (Application Mechanism for maintaining alive the Network Address Translator (NAT) mappings associated to RTP flows.) to Proposed Standar / Call: draft-ietf-avt-app-rtp-keepalive (Application Mechanism for maintaining alive the Network Address Translator (NAT) mappings associated to RTP flows.) to Proposed Standard Title: ast Call: draft-ietf-avt-app-rtp-keepalive (Application Mechanism for maintaining alive the Network Address Translator (NAT) mappings associated to RTP flows.) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-app-rtp-keepalive-05.txt Date: 2009-05-21 – Last Call: draft-dusseault-impl-reports (Guidance on Interoperation and Implementation Reports) to BC / Call: draft-dusseault-impl-reports (Guidance on Interoperation and Implementation Reports) to BCP Title: ast Call: draft-dusseault-impl-reports (Guidance on Interoperation and Implementation Reports) to BCP URL: http://www.ietf.org/internet-drafts/draft-dusseault-impl-reports-02.txt Date: 2009-05-22 – Last Call: draft-ietf-avt-rtcpssm (RTCP Extensions for Single-Source Multicast Sessions with Unicast Feedback) to Proposed Standar / Call: draft-ietf-avt-rtcpssm (RTCP Extensions for Single-Source Multicast Sessions with Unicast Feedback) to Proposed Standard Title: ast Call: draft-ietf-avt-rtcpssm (RTCP Extensions for Single-Source Multicast Sessions with Unicast Feedback) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtcpssm-18.txt Date: 2009-05-22 – Last Call: draft-ietf-sip-eku (Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) X.509 Certificates) to Proposed Standar / Call: draft-ietf-sip-eku (Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) X.509 Certificates) to Proposed Standard Title: ast Call: draft-ietf-sip-eku (Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) X.509 Certificates) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-eku-05.txt Date: 2009-05-26 – Last Call: draft-ietf-enum-3761bis (The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)) to Proposed Standar / Call: draft-ietf-enum-3761bis (The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)) to Proposed Standard Title: ast Call: draft-ietf-enum-3761bis (The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-3761bis-04.txt Date: 2009-05-26 – Last Call: draft-ietf-enum-enumservices-guide (IANA Registration of Enumservices: Guide, Template and IANA Considerations) to Proposed Standar / Call: draft-ietf-enum-enumservices-guide (IANA Registration of Enumservices: Guide, Template and IANA Considerations) to Proposed Standard Title: ast Call: draft-ietf-enum-enumservices-guide (IANA Registration of Enumservices: Guide, Template and IANA Considerations) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-enumservices-guide-16.txt Date: 2009-05-26 – Last Call: draft-ietf-enum-iax (IANA Registration for IAX Enumservice) to Proposed Standar / Call: draft-ietf-enum-iax (IANA Registration for IAX Enumservice) to Proposed Standard Title: ast Call: draft-ietf-enum-iax (IANA Registration for IAX Enumservice) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-iax-05.txt Date: 2009-05-26 – Last Call: draft-ietf-geopriv-civic-address-recommendations (Considerations for Civic Addresses in PIDF-LO – Guidelines and IANA Registry Definition) to BC / Call: draft-ietf-geopriv-civic-address-recommendations (Considerations for Civic Addresses in PIDF-LO – Guidelines and IANA Registry Definition) to BCP Title: ast Call: draft-ietf-geopriv-civic-address-recommendations (Considerations for Civic Addresses in PIDF-LO – Guidelines and IANA Registry Definition) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-civic-address-recommendations-02.txt Date: 2009-05-26 – Last Call: draft-ietf-geopriv-http-location-delivery (HTTP Enabled Location Delivery (HELD)) to Proposed Standar / Call: draft-ietf-geopriv-http-location-delivery (HTTP Enabled Location Delivery (HELD)) to Proposed Standard Title: ast Call: draft-ietf-geopriv-http-location-delivery (HTTP Enabled Location Delivery (HELD)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-http-location-delivery-14.txt Date: 2009-05-26 – Last Call: draft-ietf-geopriv-l7-lcp-ps (GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements) to Informational RF / Call: draft-ietf-geopriv-l7-lcp-ps (GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements) to Informational RFC Title: ast Call: draft-ietf-geopriv-l7-lcp-ps (GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-l7-lcp-ps-09.txt Date: 2009-05-26 – Last Call: draft-ietf-geopriv-lbyr-requirements (Requirements for a Location-by-Reference Mechanism) to Informational RF / Call: draft-ietf-geopriv-lbyr-requirements (Requirements for a Location-by-Reference Mechanism) to Informational RFC Title: ast Call: draft-ietf-geopriv-lbyr-requirements (Requirements for a Location-by-Reference Mechanism) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-lbyr-requirements-07.txt Date: 2009-05-26 – Last Call: draft-ietf-sip-connect-reuse (Connection Reuse in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-connect-reuse (Connection Reuse in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-connect-reuse (Connection Reuse in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-connect-reuse-13.txt Date: 2009-05-26 – Last Call: draft-ietf-sipping-cc-framework (A Call Control and Multi-party usage framework for the Session Initiation Protocol (SIP)) to Informational RF / Call: draft-ietf-sipping-cc-framework (A Call Control and Multi-party usage framework for the Session Initiation Protocol (SIP)) to Informational RFC Title: ast Call: draft-ietf-sipping-cc-framework (A Call Control and Multi-party usage framework for the Session Initiation Protocol (SIP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-cc-framework-11.txt Date: 2009-05-26 – Approved by the IESG as Proposed Standard Title: MPLS Generic Associated Channel URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-gach-gal-06.txt Date: 2009-05-27 – Approved by the IESG as Proposed Standard Title: Dissemination of flow specification rules URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-flow-spec-09.txt Date: 2009-05-27 – Last Call: draft-dawkins-nomcom-dont-wait (Nominating Committee Process: Earlier Announcement of Open Positions and Solicitation of Volunteers) to BC / Call: draft-dawkins-nomcom-dont-wait (Nominating Committee Process: Earlier Announcement of Open Positions and Solicitation of Volunteers) to BCP Title: ast Call: draft-dawkins-nomcom-dont-wait (Nominating Committee Process: Earlier Announcement of Open Positions and Solicitation of Volunteers) to BCP URL: http://www.ietf.org/internet-drafts/draft-dawkins-nomcom-dont-wait-03.txt Date: 2009-05-28 – Last Call: draft-ietf-tsvwg-rsvp-l3vpn (Support for RSVP in Layer 3 VPNs) to Proposed Standar / Call: draft-ietf-tsvwg-rsvp-l3vpn (Support for RSVP in Layer 3 VPNs) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-rsvp-l3vpn (Support for RSVP in Layer 3 VPNs) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-l3vpn-02.txt Date: 2009-05-28 – Approved by the IESG as Proposed Standard Title: Signaling media decoding dependency in Session Description Protocol (SDP) URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-decoding-dependency-08.txt Date: 2009-05-28 – Approved by the IESG as Proposed Standard Title: RTP Payload Format for Adaptive TRansform Acoustic Coding (ATRAC) Family URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-atrac-family-24.txt Date: 2009-05-28 – Approved by the IESG as Proposed Standard Title: Source-Specific Media Attributes in the Session Description Protocol (SDP) URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-source-attributes-02.txt Date: 2009-05-28 – Approved by the IESG as Proposed Standard Title: RTP Payload Format for ITU-T Recommendation G.722.1 URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc3047-bis-09.txt Date: 2009-05-28 – Last Call: draft-ietf-ospf-ospfv3-mib (Management Information Base for OSPFv3) to Proposed Standar / Call: draft-ietf-ospf-ospfv3-mib (Management Information Base for OSPFv3) to Proposed Standard Title: ast Call: draft-ietf-ospf-ospfv3-mib (Management Information Base for OSPFv3) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-mib-14.txt Date: 2009-05-28 – Last Call: draft-ietf-l2tpext-tdm (Layer Two Tunneling Protocol version 3 – Setup of Time-Division Multiplexing (TDM) Pseudowires) to Proposed Standar / Call: draft-ietf-l2tpext-tdm (Layer Two Tunneling Protocol version 3 – Setup of Time-Division Multiplexing (TDM) Pseudowires) to Proposed Standard Title: ast Call: draft-ietf-l2tpext-tdm (Layer Two Tunneling Protocol version 3 – Setup of Time-Division Multiplexing (TDM) Pseudowires) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-tdm-07.txt Date: 2009-05-29 – Last Call: draft-ietf-ntp-autokey (Network Time Protocol Version 4 Autokey Specification) to Informational RF / Call: draft-ietf-ntp-autokey (Network Time Protocol Version 4 Autokey Specification) to Informational RFC Title: ast Call: draft-ietf-ntp-autokey (Network Time Protocol Version 4 Autokey Specification) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ntp-autokey-05.txt Date: 2009-05-29 – Last Call: draft-ietf-ltans-dssc (Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC)) to Proposed Standar / Call: draft-ietf-ltans-dssc (Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC)) to Proposed Standard Title: ast Call: draft-ietf-ltans-dssc (Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ltans-dssc-08.txt Date: 2009-06-01 – Last Call: draft-housley-iesg-rfc3932bis (IESG Procedures for Handling of Independent and IRTF Stream Submissions) to BC / Call: draft-housley-iesg-rfc3932bis (IESG Procedures for Handling of Independent and IRTF Stream Submissions) to BCP Title: ast Call: draft-housley-iesg-rfc3932bis (IESG Procedures for Handling of Independent and IRTF Stream Submissions) to BCP URL: http://www.ietf.org/internet-drafts/draft-housley-iesg-rfc3932bis-07.txt Date: 2009-06-01 – Approved by the IESG as Informational RFC Title: DomainKeys Identified Mail (DKIM) Service Overview URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-overview-12.txt Date: 2009-06-01 – Approved by the IESG as Informational RFC Title: Report from the IETF workshop on P2P Infrastructure, May 28, 2008 URL: http://www.ietf.org/internet-drafts/draft-p2pi-cooper-workshop-report-01.txt Date: 2009-06-01 – Approved by the IESG as Proposed Standard Title: Quality of Service Parameters for Usage with Diameter URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-qos-parameters-11.txt Date: 2009-06-02 – Approved by the IESG as Experimental RFC Title: Adding Explicit Congestion Notification (ECN) Capability to TCP’s SYN/ACK Packets URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-ecnsyn-10.txt Date: 2009-06-02 – Approved by the IESG as Proposed Standard Title: DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-simul-open-08.txt Date: 2009-06-02 – Last Call: draft-ietf-l2tpext-circuit-status-extensions (L2TPv3 Extended Circuit Status Values) to Proposed Standar / Call: draft-ietf-l2tpext-circuit-status-extensions (L2TPv3 Extended Circuit Status Values) to Proposed Standard Title: ast Call: draft-ietf-l2tpext-circuit-status-extensions (L2TPv3 Extended Circuit Status Values) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-circuit-status-extensions-04.txt Date: 2009-06-02 – Last Call: draft-ietf-pwe3-ms-pw-arch (An Architecture for Multi-Segment Pseudowire Emulation Edge-to-Edge) to Informational RF / Call: draft-ietf-pwe3-ms-pw-arch (An Architecture for Multi-Segment Pseudowire Emulation Edge-to-Edge) to Informational RFC Title: ast Call: draft-ietf-pwe3-ms-pw-arch (An Architecture for Multi-Segment Pseudowire Emulation Edge-to-Edge) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-ms-pw-arch-06.txt Date: 2009-06-02 – Last Call: draft-ietf-pce-inter-layer-frwk (Framework for PCE-Based Inter-Layer MPLS and GMPLS Traffic Engineering) to Informational RF / Call: draft-ietf-pce-inter-layer-frwk (Framework for PCE-Based Inter-Layer MPLS and GMPLS Traffic Engineering) to Informational RFC Title: ast Call: draft-ietf-pce-inter-layer-frwk (Framework for PCE-Based Inter-Layer MPLS and GMPLS Traffic Engineering) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-inter-layer-frwk-10.txt Date: 2009-06-02 – Last Call: draft-ietf-ospf-dynamic-hostname (Dynamic Hostname Exchange Mechanism for OSPF) to Proposed Standar / Call: draft-ietf-ospf-dynamic-hostname (Dynamic Hostname Exchange Mechanism for OSPF) to Proposed Standard Title: ast Call: draft-ietf-ospf-dynamic-hostname (Dynamic Hostname Exchange Mechanism for OSPF) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-dynamic-hostname-03.txt Date: 2009-06-03 – Approved by the IESG as Proposed Standard Title: The DCCP Service Code URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-serv-codes-11.txt Date: 2009-06-03 – Last Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RF / Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC Title: ast Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-solinas-suiteb-cert-profile-03.txt Date: 2009-06-03 – Last Call: draft-iana-special-ipv4-registry (IANA IPv4 Special Purpose Address Registry) to Informational RF / Call: draft-iana-special-ipv4-registry (IANA IPv4 Special Purpose Address Registry) to Informational RFC Title: ast Call: draft-iana-special-ipv4-registry (IANA IPv4 Special Purpose Address Registry) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-iana-special-ipv4-registry-01.txt Date: 2009-06-04 – Last Call: draft-ietf-pcn-marking-behaviour (Metering and marking behaviour of PCN-nodes) to Proposed Standar / Call: draft-ietf-pcn-marking-behaviour (Metering and marking behaviour of PCN-nodes) to Proposed Standard Title: ast Call: draft-ietf-pcn-marking-behaviour (Metering and marking behaviour of PCN-nodes) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pcn-marking-behaviour-03.txt Date: 2009-06-04 – Last Call: draft-ietf-tcpm-rfc2581bis (TCP Congestion Control) to Draft Standar / Call: draft-ietf-tcpm-rfc2581bis (TCP Congestion Control) to Draft Standard Title: ast Call: draft-ietf-tcpm-rfc2581bis (TCP Congestion Control) to Draft Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-rfc2581bis-05.txt Date: 2009-06-05 – Last Call: draft-ietf-mipshop-mos-dns-discovery (Locating IEEE 802.21 Mobility Servers using DNS) to Proposed Standar / Call: draft-ietf-mipshop-mos-dns-discovery (Locating IEEE 802.21 Mobility Servers using DNS) to Proposed Standard Title: ast Call: draft-ietf-mipshop-mos-dns-discovery (Locating IEEE 802.21 Mobility Servers using DNS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-mos-dns-discovery-06.txt Date: 2009-06-05 – Approved by the IESG as Proposed Standard Title: Carrying Location Objects in RADIUS and Diameter URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-radius-lo-24.txt Date: 2009-06-05 – Last Call: draft-ietf-smime-new-asn1 (New ASN.1 Modules for CMS and S/MIME) to Informational RF / Call: draft-ietf-smime-new-asn1 (New ASN.1 Modules for CMS and S/MIME) to Informational RFC Title: ast Call: draft-ietf-smime-new-asn1 (New ASN.1 Modules for CMS and S/MIME) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-new-asn1-05.txt Date: 2009-06-05 – Last Call: draft-dawkins-nomcom-openlist (Nominating Committee Process: Open Disclosure of Willing Nominees) to BC / Call: draft-dawkins-nomcom-openlist (Nominating Committee Process: Open Disclosure of Willing Nominees) to BCP Title: ast Call: draft-dawkins-nomcom-openlist (Nominating Committee Process: Open Disclosure of Willing Nominees) to BCP URL: http://www.ietf.org/internet-drafts/draft-dawkins-nomcom-openlist-04.txt Date: 2009-06-08 – Last Call: draft-ietf-dime-qos-attributes (Quality of Service Attributes for Diameter) to Proposed Standar / Call: draft-ietf-dime-qos-attributes (Quality of Service Attributes for Diameter) to Proposed Standard Title: ast Call: draft-ietf-dime-qos-attributes (Quality of Service Attributes for Diameter) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-qos-attributes-12.txt Date: 2009-06-08 – Last Call: draft-ietf-adslmib-vdsl2 (Definitions of Managed Objects for Very High Speed Digital Subscriber Line 2 (VDSL2)) to Proposed Standar / Call: draft-ietf-adslmib-vdsl2 (Definitions of Managed Objects for Very High Speed Digital Subscriber Line 2 (VDSL2)) to Proposed Standard Title: ast Call: draft-ietf-adslmib-vdsl2 (Definitions of Managed Objects for Very High Speed Digital Subscriber Line 2 (VDSL2)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-adslmib-vdsl2-07.txt Date: 2009-06-08 – Last Call: draft-green-secsh-ecc (Elliptic-Curve Algorithm Integration in the Secure Shell Transport Layer) to Informational RF / Call: draft-green-secsh-ecc (Elliptic-Curve Algorithm Integration in the Secure Shell Transport Layer) to Informational RFC Title: ast Call: draft-green-secsh-ecc (Elliptic-Curve Algorithm Integration in the Secure Shell Transport Layer) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-green-secsh-ecc-08.txt Date: 2009-06-08 – Last Call: draft-ietf-dccp-ccid4 (Profile for Datagram Congestion Control Protocol (DCCP) Congestion ID 4: TCP-Friendly Rate Control for Small Packets (TFRC-SP)) to Experimental RF / Call: draft-ietf-dccp-ccid4 (Profile for Datagram Congestion Control Protocol (DCCP) Congestion ID 4: TCP-Friendly Rate Control for Small Packets (TFRC-SP)) to Experimental RFC Title: ast Call: draft-ietf-dccp-ccid4 (Profile for Datagram Congestion Control Protocol (DCCP) Congestion ID 4: TCP-Friendly Rate Control for Small Packets (TFRC-SP)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-ccid4-04.txt Date: 2009-06-08 – Last Call: draft-ietf-dccp-quickstart (Quick-Start for Datagram Congestion Control Protocol (DCCP)) to Experimental RF / Call: draft-ietf-dccp-quickstart (Quick-Start for Datagram Congestion Control Protocol (DCCP)) to Experimental RFC Title: ast Call: draft-ietf-dccp-quickstart (Quick-Start for Datagram Congestion Control Protocol (DCCP)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-dccp-quickstart-05.txt Date: 2009-06-08 – Approved by the IESG as ent Action: ‘Lemonade Notifications Architecture’ to Informational RFC Title: Lemonade Notifications Architecture’ to URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-notifications-10.txt Date: 2009-06-08 – Approved by the IESG as Proposed Standard Title: GSS-API Extension for Storing Delegated Credentials URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-store-cred-04.txt Date: 2009-06-08 – Approved by the IESG as Proposed Standard Title: Extended Generic Security Service Mechanism Inquiry APIs URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-extended-mech-inquiry-06.txt Date: 2009-06-08 – Approved by the IESG as Informational RFC Title: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-3278bis-09.txt Date: 2009-06-08 – Approved by the IESG as Informational RFC Title: Implications of ‘retransmission-allowed’ for SIP Location Conveyance URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-sip-lo-retransmission-02.txt Date: 2009-06-08 – Approved by the IESG as ent Action: ‘UA-Driven Privacy Mechanism for SIP’ to Informational RFC Title: UA-Driven Privacy Mechanism for SIP’ to URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ua-privacy-08.txt Date: 2009-06-08 – Approved by the IESG as Informational RFC Title: Internet Mail Architecture URL: http://www.ietf.org/internet-drafts/draft-crocker-email-arch-14.txt Date: 2009-06-09 – Last Call: draft-ietf-nea-pa-tnc (PA-TNC: A Posture Attribute Protocol (PA) Compatible with TNC) to Proposed Standar / Call: draft-ietf-nea-pa-tnc (PA-TNC: A Posture Attribute Protocol (PA) Compatible with TNC) to Proposed Standard Title: ast Call: draft-ietf-nea-pa-tnc (PA-TNC: A Posture Attribute Protocol (PA) Compatible with TNC) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-nea-pa-tnc-04.txt Date: 2009-06-09 – Last Call: draft-ietf-nea-pb-tnc (PB-TNC: A Posture Broker Protocol (PB) Compatible with TNC) to Proposed Standar / Call: draft-ietf-nea-pb-tnc (PB-TNC: A Posture Broker Protocol (PB) Compatible with TNC) to Proposed Standard Title: ast Call: draft-ietf-nea-pb-tnc (PB-TNC: A Posture Broker Protocol (PB) Compatible with TNC) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt Date: 2009-06-09 – Approved by the IESG as Proposed Standard Title: Exporting Type Information for IPFIX Information Elements URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-exporting-type-05.txt Date: 2009-06-09 – Approved by the IESG as Proposed Standard Title: OSPF Link-local Signaling URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-lls-08.txt Date: 2009-06-09 – Approved by the IESG as Proposed Standard Title: Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-management-authorization-07.txt Date: 2009-06-09 – Last Call: draft-ietf-sipcore-subnot-etags (An Extension to Session Initiation Protocol (SIP) Events for Conditional Event Notification) to Proposed Standar / Call: draft-ietf-sipcore-subnot-etags (An Extension to Session Initiation Protocol (SIP) Events for Conditional Event Notification) to Proposed Standard Title: ast Call: draft-ietf-sipcore-subnot-etags (An Extension to Session Initiation Protocol (SIP) Events for Conditional Event Notification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipcore-subnot-etags-02.txt Date: 2009-06-10 – Approved by the IESG as Proposed Standard Title: Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-radius-usage-07.txt Date: 2009-06-10 – Last Call: draft-ietf-netconf-partial-lock (Partial Lock RPC for NETCONF) to Proposed Standar / Call: draft-ietf-netconf-partial-lock (Partial Lock RPC for NETCONF) to Proposed Standard Title: ast Call: draft-ietf-netconf-partial-lock (Partial Lock RPC for NETCONF) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-partial-lock-08.txt Date: 2009-06-10 – Approved by the IESG as Proposed Standard Title: Managing Client Initiated Connections in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-20.txt Date: 2009-06-10 – CORRECTED Approved by the IESG as Proposed Standard Title: Managing Client Initiated Connections in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-20.txt Date: 2009-06-12 – Approved by the IESG as BCP Title: H.248/MEGACO Registration Procedures URL: http://www.ietf.org/internet-drafts/draft-groves-megaco-pkgereg-04.txt Date: 2009-06-12 – Last Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RF / Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC Title: ast Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-webdav-bind-25.txt Date: 2009-06-15 – Last Call: draft-ietf-ancp-framework (Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks) to Informational RF / Call: draft-ietf-ancp-framework (Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks) to Informational RFC Title: ast Call: draft-ietf-ancp-framework (Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ancp-framework-10.txt Date: 2009-06-15 – Last Call: draft-ietf-ancp-security-threats (Security Threats and Security Requirements for the Access Node Control Protocol (ANCP)) to Informational RF / Call: draft-ietf-ancp-security-threats (Security Threats and Security Requirements for the Access Node Control Protocol (ANCP)) to Informational RFC Title: ast Call: draft-ietf-ancp-security-threats (Security Threats and Security Requirements for the Access Node Control Protocol (ANCP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ancp-security-threats-07.txt Date: 2009-06-15 – Last Call: draft-ietf-pwe3-vccv-bfd (Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standar / Call: draft-ietf-pwe3-vccv-bfd (Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standard Title: ast Call: draft-ietf-pwe3-vccv-bfd (Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-vccv-bfd-05.txt Date: 2009-06-15 – Approved by the IESG as Proposed Standard Title: Generic Security Service API Version 2 : Java Bindings Update URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-rfc2853bis-05.txt Date: 2009-06-15 – UPDATED Last Call: draft-ietf-pwe3-vccv-bfd (Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standar / ED Last Call: draft-ietf-pwe3-vccv-bfd (Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standard Title: PDATED Last Call: draft-ietf-pwe3-vccv-bfd (Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pwe3-vccv-bfd-05.txt Date: 2009-06-15 – Approved by the IESG as Informational RFC Title: State Machines for Protocol for Carrying Authentication for Network Access (PANA) URL: http://www.ietf.org/internet-drafts/draft-ietf-pana-statemachine-12.txt Date: 2009-06-16 – Last Call: draft-ietf-ipfix-export-per-sctp-stream (IPFIX Expor / Call: draft-ietf-ipfix-export-per-sctp-stream (IPFIX Export Title: ast Call: draft-ietf-ipfix-export-per-sctp-stream (IPFIX Export URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-export-per-sctp-stream-02.txt Date: 2009-06-16 – Last Call: draft-ietf-pkix-tac (Traceable Anonymous Certificate) to Experimental RF / Call: draft-ietf-pkix-tac (Traceable Anonymous Certificate) to Experimental RFC Title: ast Call: draft-ietf-pkix-tac (Traceable Anonymous Certificate) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-tac-04.txt Date: 2009-06-16 – Last Call: draft-ietf-ipsecme-ikev2-redirect (Redirect Mechanis / Call: draft-ietf-ipsecme-ikev2-redirect (Redirect Mechanism Title: ast Call: draft-ietf-ipsecme-ikev2-redirect (Redirect Mechanism URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ikev2-redirect-11.txt Date: 2009-06-17 – Last Call: draft-ietf-opsawg-smi-datatypes-in-xsd (Expressing SNMP SMI Datatypes in XML Schema Definition Language) to Proposed Standar / Call: draft-ietf-opsawg-smi-datatypes-in-xsd (Expressing SNMP SMI Datatypes in XML Schema Definition Language) to Proposed Standard Title: ast Call: draft-ietf-opsawg-smi-datatypes-in-xsd (Expressing SNMP SMI Datatypes in XML Schema Definition Language) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-smi-datatypes-in-xsd-05.txt Date: 2009-06-17 – Last Call: draft-ietf-sip-body-handling (Message Body Handling in the Session Initiation Protocol (SIP)) to Proposed Standar / Call: draft-ietf-sip-body-handling (Message Body Handling in the Session Initiation Protocol (SIP)) to Proposed Standard Title: ast Call: draft-ietf-sip-body-handling (Message Body Handling in the Session Initiation Protocol (SIP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-body-handling-06.txt Date: 2009-06-19 – Last Call: draft-ietf-softwire-lb (Load Balancing for Mesh Softwires) to Proposed Standar / Call: draft-ietf-softwire-lb (Load Balancing for Mesh Softwires) to Proposed Standard Title: ast Call: draft-ietf-softwire-lb (Load Balancing for Mesh Softwires) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-lb-03.txt Date: 2009-06-22 – Approved by the IESG as Proposed Standard Title: Layer Two Tunneling Protocol version 3 – Setup of Time-Division Multiplexing (TDM) Pseudowires URL: http://www.ietf.org/internet-drafts/draft-ietf-l2tpext-tdm-07.txt Date: 2009-06-22 – Approved by the IESG as Proposed Standard Title: More Features for the Two-Way Active Measurement Protocol – TWAMP URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-more-twamp-02.txt Date: 2009-06-22 – Approved by the IESG as Informational RFC Title: Update to the Language Subtag Registry URL: http://www.ietf.org/internet-drafts/draft-ietf-ltru-4645bis-10.txt Date: 2009-06-23 – Last Call: draft-ietf-simple-interdomain-scaling-analysis (Presence Interdomain Scaling Analysis for SIP/SIMPLE) to Informational RF / Call: draft-ietf-simple-interdomain-scaling-analysis (Presence Interdomain Scaling Analysis for SIP/SIMPLE) to Informational RFC Title: ast Call: draft-ietf-simple-interdomain-scaling-analysis (Presence Interdomain Scaling Analysis for SIP/SIMPLE) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-interdomain-scaling-analysis-06.txt Date: 2009-06-23 – Last Call: draft-ietf-sip-record-route-fix (Addressing Record-Route issues in the Session Initiation Protocol (SIP)) to BC / Call: draft-ietf-sip-record-route-fix (Addressing Record-Route issues in the Session Initiation Protocol (SIP)) to BCP Title: ast Call: draft-ietf-sip-record-route-fix (Addressing Record-Route issues in the Session Initiation Protocol (SIP)) to BCP URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-record-route-fix-06.txt Date: 2009-06-23 – Last Call: draft-ietf-l3vpn-as4octet-ext-community (Four-octet AS Specific BGP Extended Community) to Proposed Standar / Call: draft-ietf-l3vpn-as4octet-ext-community (Four-octet AS Specific BGP Extended Community) to Proposed Standard Title: ast Call: draft-ietf-l3vpn-as4octet-ext-community (Four-octet AS Specific BGP Extended Community) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-as4octet-ext-community-03.txt Date: 2009-06-23 – Last Call: draft-ietf-l3vpn-v6-ext-communities (IPv6 Address Specific BGP Extended Communities Attribute) to Proposed Standar / Call: draft-ietf-l3vpn-v6-ext-communities (IPv6 Address Specific BGP Extended Communities Attribute) to Proposed Standard Title: ast Call: draft-ietf-l3vpn-v6-ext-communities (IPv6 Address Specific BGP Extended Communities Attribute) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-v6-ext-communities-02.txt Date: 2009-06-24 – Re: Informational RFC to be: draft-floyd-tcpm-ackcc-05.tx / nformational RFC to be: draft-floyd-tcpm-ackcc-05.txt Title: e: Informational RFC to be: draft-floyd-tcpm-ackcc-05.txt URL: http://www.ietf.org/internet-drafts/draft-floyd-tcpm-ackcc-05.txt Date: 2009-06-24 – Approved by the IESG as Proposed Standard Title: DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-ssp-10.txt Date: 2009-06-24 – Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to Informational RF / Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to Informational RFC Title: ast Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-07.txt Date: 2009-06-24 – Last Call: draft-ietf-speermint-voip-consolidated-usecases (VoIP SIP Peering Use Cases) to Informational RF / Call: draft-ietf-speermint-voip-consolidated-usecases (VoIP SIP Peering Use Cases) to Informational RFC Title: ast Call: draft-ietf-speermint-voip-consolidated-usecases (VoIP SIP Peering Use Cases) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-speermint-voip-consolidated-usecases-12.txt Date: 2009-06-24 – Last Call: draft-ietf-speermint-requirements (SPEERMINT Requirements for SIP-based Session Peering) to Informational RF / Call: draft-ietf-speermint-requirements (SPEERMINT Requirements for SIP-based Session Peering) to Informational RFC Title: ast Call: draft-ietf-speermint-requirements (SPEERMINT Requirements for SIP-based Session Peering) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-speermint-requirements-07.txt Date: 2009-06-24 – RESEND: Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to Informational RF / D: Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to Informational RFC Title: ESEND: Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-07.txt Date: 2009-06-25 – Approved by the IESG as Informational RFC Title: Enterprise Number for Documentation Use URL: http://www.ietf.org/internet-drafts/draft-eronen-enterprise-number-documentation-01.txt Date: 2009-06-25 – Approved by the IESG as BCP Title: Tags for Identifying Languages URL: http://www.ietf.org/internet-drafts/draft-ietf-ltru-4646bis-23.txt Date: 2009-06-25 – Approved by the IESG as Informational RFC Title: Streaming Internet Messaging Attachments URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-streaming-13.txt Date: 2009-06-25 – Corrected Last Call: draft-iana-rfc3330bis (Special Use IPv / cted Last Call: draft-iana-rfc3330bis (Special Use IPv4 Title: orrected Last Call: draft-iana-rfc3330bis (Special Use IPv4 URL: http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-07.txt Date: 2009-06-25 – Corrected Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to BC / cted Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to BCP Title: orrected Last Call: draft-iana-rfc3330bis (Special Use IPv4 Addresses) to BCP URL: http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-07.txt Date: 2009-06-29 – Last Call: draft-ietf-opsawg-syslog-msg-mib (Definitions of Managed Objects for Mapping SYSLOG Messages to Simple Network Management Protocol (SNMP) Notifications) to Proposed Standar / Call: draft-ietf-opsawg-syslog-msg-mib (Definitions of Managed Objects for Mapping SYSLOG Messages to Simple Network Management Protocol (SNMP) Notifications) to Proposed Standard Title: ast Call: draft-ietf-opsawg-syslog-msg-mib (Definitions of Managed Objects for Mapping SYSLOG Messages to Simple Network Management Protocol (SNMP) Notifications) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-syslog-msg-mib-04.txt Date: 2009-06-29 – Last Call: draft-ietf-opsawg-syslog-snmp (Mapping Simple Networ / Call: draft-ietf-opsawg-syslog-snmp (Mapping Simple Network Title: ast Call: draft-ietf-opsawg-syslog-snmp (Mapping Simple Network URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-syslog-snmp-03.txt Date: 2009-06-29 – Approved by the IESG as Proposed Standard Title: Softwire Security Analysis and Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-security-requirements-09.txt]]> 1426 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-june-2009/ Wed, 24 Jun 2009 20:31:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1428 IETF 75 26-31 July 2009 Host: .SE Location: Stockholm, Sweden

IETF 76

8-13 November 2009 Host: WIDE Location: Hiroshima, Japan

IETF 77

21-26 March 2010 Host: TBD Location: Anaheim, CA, USA

IETF 78

25-30 2010 Host: SIDN Location: Maastricht, the Netherlands]]> 1428 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-bof-meetings/ Wed, 24 Jun 2009 20:41:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1431 BoF meetings can be found here. Applications Area oauth: Open Web Authentication mmox: Massively Multi-Player Games and Applications yam: Yet Another Mail General Area pre8prob: Pre-5378 Problem Internet Area 6ai: IPv6 Address Independence lisp: Locator/ID Separation Protocol mif: Multiple Interfaces netext: Network-Based Mobility Extensions RAI Area xmpp2: Extensible Messaging and Presence Protocol 2 atoca: Authority-to-Citizen Alert Transport Area shara: Sharing of an IPv4 Address storm: Storage Maintenance]]> 1431 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-74-facts-and-figures/ Wed, 24 Jun 2009 20:44:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1434 Registered attendees 1157 Countries 49 New WG 1 Closed WGs 6 WGs Chartered 110 New Internet-Drafts 424 Updated Internet-Drafts 1013 IETF Last Calls 86 Internet-Drafts approved for publication 106 RFC Editor Actions (November 2008 – February 2009) 86 RFC published of which

• 51 Standards Track
• 3 BCP
• 30 Informational
• 2 Experimental

100 Internet-Drafts submitted for publication

• 79 were submitted by the IETF

IANA Actions (November 2008 – February 2009) 1455 IETF-related requests processed

• 742 Private Enterprise Numbers
• 88 Port Numbers
• 61 TRIP ITAD Numbers
• 30 media type requests

]]> 1434 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-75-facts-and-figures/ Wed, 24 Jun 2009 20:48:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1436 RFC Editor Actions (March-June 2009) 120 RFC published of which

• 59 Standards Track
• 2 BCP
• 24 Informational
• 5 Experimental

Internet-Drafts submitted for publication

• 87 submitted by the IETF WGs
• 15 submitted by IETF individuals
• 13 submitted by IRTF, IAB and independent submissions combined

IANA Actions (March-June 2009) 1714 IETF-related requests processed

• 908 Private Enterprise Numbers
• 75 Port Numbers
• 52 TRIP ITAD Numbers
• 52 media type requests
• 42 language subtag related requests

]]> 1436 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/bandwidth-transition-top-ietf-76-agenda/ Fri, 01 Jan 2010 18:25:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=718

From the Editor’s Desk, by Mat Ford As regular readers of the IETF Journal are aware, Mirjam Kühne moved on during the summer to a new role and new challenges. As managing editor of the IETF Journal she will be missed, although her new role will keep her in touch with all things IETF, I have no doubt. Temporarily taking the reins for this edition, I would like to begin by soliciting your input on the future direction of the IETF Journal. What works? What doesn’t work? What would be of most interest to you and your colleagues? All comments, contributions, suggestions, and feedback can be sent to ietfjournal@isoc.org. In this issue, the subject of bandwidth on the Internet takes centre stage, with articles reporting on the Internet Society panel event called The Band-width Bandwagon (this page) and on the motivations for a very interesting BoF meeting on congestion exposure. Also in this issue is a summary of the plenary sessions, including a review of the informative and entertaining presentation called Internationalization in Names and Other Identifiers given by John Klensin, Stuart Cheshire, and Dave Thaler. The plenary also witnessed the presentation of the inaugural Itojun Service Award, and we have a special article commemorating that event. As all contributors to the IETF should be aware, the RFC Editor is in transition as the Information Sciences Institute of the University of Southern California relinquishes a role it has had for 40 years. We could not let this milestone pass unremarked, and Leslie Daigle has provided us with an article based on interviews with some of the key individuals involved in the move . Trent Adams and Eve Maler have taken time out from their busy schedules to give us an update on theprogress of the Kantara Initiative, which was founded earlier this year. IETF 76 was made richer by the presence of the Internet Society fellows, who travelled from far and wide for the opportunity to enhance their knowledge and technical skills through involvement with the IETF and to contribute their perspectives during the meeting. As Subramanian Moonesamy put it so well, “The ISOC Fellowship Programme provides people from developing countries with the means to contribute to the IETF and make their voices heard.” My sincere thanks to everyone who contributed to this issue. I hope you find it interesting and, as I mentioned, please send your feedback to ietfjournal@isoc.org. This is your chance to shape the future of the IETF Journal. This article was posted on 20 January 2010  

]]> 718 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-bandwidth-bandwagon/ Fri, 01 Jan 2010 18:27:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=720

By Mat Ford A panel discussion at IETF 76 helps shed light on the realities of bandwidth growth, operator responses to a changing landscape, and new, relevant IETF work. While the Internet did experience episodes of “congestion collapse” more than 20 years ago, the mechanisms implemented at that time to address the problem have largely stood the test of time. Despite this, rumours of imminent network meltdown are never very far away. In November 2009, the Internet Society organized a panel discussion in Hiroshima, Japan, adjacent to the IETF 76 meeting, for the purpose of making the issues of growing Internet bandwidth accessible to a wider audience-in essence, “pulling the message out of engineering and talking to the real world,” as moderator Leslie Daigle, the Internet Society's chief Internet technology officer, put it in her introduction. Leslie said decision makers are increasingly trying to understand the parameters of Internet bandwidth growth and management because these have implications for both network-neutrality debates and business decisions based on predictions of growth and usage. The panel was intended to bring new clarity to the answers to such questions as, What are the bottlenecks? What causes congestion? Is congestion bad? What is the impact? and What is being done about it? The panel was composed of individuals with real data, real network issues to resolve, and real technologies to make Internet bandwidth use more effective and efficient for all. Broadband Landscape in Japan First up was Kenjiro Cho, a senior researcher at Internet Initiative Japan. Kenjiro presented his research results, which had been based on data collected from six ISPs in Japan starting in 2004 and covering 42 percent of Japanese Internet traffic. As of June 2009, there were 30.9 million broadband subscribers in Japan, and the market is relatively mature, increasing by only 3 percent of households in 2008 to thereby comprise 63 percent of Japanese homes. While growth of cable deployments remains steady, the great majority of households enjoy fibre-to-the-home (FTTH) connections, and existing DSL customers are shifting to FTTH in large numbers. In the Japanese market, 100-Mbps, bidirectional connectivity via FTTH costs USD 40 a month. The relatively high access bandwidth in the Japanese market leads to higher skew in the distribution of per-user bandwidth consumption statistics: there is more variability in bandwidth consumption profiles per user. ISPs are starting to see the value in sharing traffic growth data as a way to help others better understand their concerns. Of course, ISPs make internal measurements, but measurement methodologies and policies will typically differ from one ISP to the next. By aggregating standardized and anonymized measurements, ISPs can help third parties come to understand the pressures, concerns, and motivations that are shaping their perspective. Understanding traffic growth on the Internet is critically important, as it is one of the key factors driving investment decisions in new technologies and infrastructure. The balance between supply and demand is crucial. Kenjiro has observed modest growth of about 40 percent per annum since 2005 based on traffic peaks at major Japanese Internet exchanges. For residential traffic, growth rates are similar-around 30 percent per annum. As network capacity is observed to grow at approximately 50 percent per annum, according to various sources, there does not appear to be a problem in catering to Internet traffic growth, at least at the macro scale. Kenjiro discussed some of the observed shifts in residential user behaviour in the period 2005-09. In 2005, the ratio of inbound to outbound traffic was almost 1:1, suggesting that file sharing was a very widespread use of the network at that time. In 2009, the outbound traffic (download from a user perspective) was noticeably greater, suggesting a shift from peer-to-peer file sharing to streamed content services. Increases in the mode of download volumes over the period are greater (nearly 4 times: from 32 MB to 114 MB per day) than increases in upload volumes (less than 2 times: from 3.5 MB to 6 MB per day), while average download volumes are now 1 GB per day per user. In analyzing a scatterplot of in/out volumes per user in 2009, Kenjiro observed that while there are two clusters (client-type users and peer-type, heavy hitters), there is no clear boundary between the two groups. This is an important point to bear in mind when considering the effectiveness of coarse-grained bandwidth management techniques deployed by some ISPs today. Most users make some use of both client-server-style and peer-to-peer-style applications. Kenjiro concluded with the observation that while the data is interesting, it is nevertheless difficult to predict the future of Internet bandwidth given the variety of technical, economic, and political factors at play. ISPs Working with IETF The next presenter was Richard Woundy, senior vice president at Comcast, a large, U.S.-based cable ISP. Richard began by explaining some of the ISP's motivations for congestion management: the need to be responsive to very dissimilar customer application demands; to balance the competing concerns of the Internet community, regulators, investors and so on; and the fact that network capacity increases are not instantaneous. Richard noted the daily challenge of having to tune Comcast's network to ensure, for example, that VoIP service providers aren't disadvantaged, followed by the need to then check that, again, for example, another third-party video services provider hasn't gotten unintentionally disadvantaged in the process. For Comcast, the goal of congestion management practice is to ensure consistent performance of Internet applications even in the presence of heavy background traffic, such as from peer-to-peer file sharing. Comcast aims to be both protocol and application agnostic and compatible with current Internet standards. “We're always worried about what our customers think of our service,” said Richard. “For an ISP it's a balancing act.” For best-effort traffic over the cable network, the Comcast congestion management plan utilizes two different Quality of Service (QoS) levels: Priority Best Effort (PBE), which is the default QoS level, and Best Effort (BE). When levels of traffic on a particular port exceed a set threshold, that port enters a near-congestion state. Customers determined to be contributing disproportionately to the total traffic volume of a port in the near-congestion state will have their traffic marked as BE for a short duration. That marking impacts the traffic of users marked BE only when congestion is actually present; otherwise, PBE and BE traffic are treated identically. In the presence of congestion, traffic marked BE will experience additional latency (on the order of a few microseconds) as it gets queued, while PBE traffic takes priority. Less than 1 percent of Comcast's customer base is impacted by this congestion management plan, said Richard. Richard also highlighted the work Comcast is doing to collaborate with the IETF on new protocols that could form part of future solutions for end-to-end congestion management, such as the conex BoF and alto and ledbat working groups (WGs), described in more detail later. Richard said, “It's about making sure-while we're executing a reasonable upgrade schedule-that when flash crowds happen or some new streaming application appears that chews up bandwidth, we can handle all those services gracefully.” Hypergiants, Port 80, and a Flatter Internet Danny McPherson, chief security officer at Arbor Networks, then presented the recent results of the ATLAS Internet Observatory, which is collaborative research between Arbor Networks, the University of Michigan, and Merit Network. The ATLAS Internet Observatory utilizes a commercial probe infrastructure deployed at more than 110 participating ISPs and content providers to monitor traffic flow data across hundreds of routers. That commercial probe infrastructure is believed to be the largest Internet monitoring infrastructure in the world, and the observatory's results represent the first global traffic engineering study of Internet evolution. Major findings from the ATLAS project are, first, the consolidation of content around so-called hypergiants-the 30 companies that now account for 30 percent of all Internet traffic. Content is migrating from the enterprise or network edge to large-content aggregators. Consolidation of large Internet properties has progressed to the point where now only 150 Autonomous Systems contribute 50 percent of all observed traffic. Second, applications are consolidating around TCP port 80, because the Web browser is increasingly the application front end for diverse content types, such as e-mail and video. For application developers, TCP port 80 works more deterministically due to the presence of middleboxes in the network that filter or otherwise interfere with traffic using different transports and alternative ports. Third, evolution of the Internet core and economic innovation mean that the majority of traffic is now peered directly between consumers and content. Declining transit prices have not prevented this disintermediation from taking place on a large scale. High-value-content owners are starting to experiment with a paid-peering model and dispensing with transit altogether, meaning that if your ISP doesn't pay to play, then you won't be able to view that content at all-although this phenomenon is difficult to quantify due to the inevitable commercial secrecy surrounding such deals. Disintermediation of the historical tier-1 networks means a flatter Internet with much higher interconnection density. ATLAS also observed the trend away from peer-to-peer and toward streaming video distribution mentioned by Kenjiro earlier. Observations of the Internet's size (9 exabytes per month) and growth rate (44.5 percent compound annual growth) also agree with others' analyses. While those numbers certainly indicate significant growth, they're well within projected increases in gross network capacity and so no cause for concern. Danny concluded by observing that the Internet appears to be at an inflection point as it transitions from a focus on connectivity to a focus on content. Sharing Means Caring The final panellist was Lars Eggert, principal scientist at Nokia Research Center and Transport Area director at the IETF, who briefly introduced the IETF activities related to bandwidth management, or capacity sharing. Lars observed that the Internet is all about capacity sharing. The connectionless, best-effort, end-to-end nature of the Internet enabled it to scale and resulted in the tremendous innovation that we all now take for granted. Sharing Internet resources as the Internet does requires congestion control mechanisms at the transport layer and requires applications to be “social” in their behaviour toward each other. “Sharing means caring,” as Lars explained. The architectural principles of the Internet mean that in general, the responsibility is split between the applications and the network. The network is required to provide neutral information about path conditions in a timely manner, while applications and transport protocols choose how to act on that information. But the smart-edge, dumbcore paradigm gets you only so far, and there's a valid role for the network, as exemplified by the Comcast experience. As Lars observed, “It's not all about the edges.” The IETF toolbox includes TCP and TCP-friendly congestion control that allows hosts to determine their transmission rate according to path conditions based upon observed roundtrip time and packet loss. Extensions and optimizations include Explicit Congestion Notification (ECN) and Active Queue Management (AQM). However, as Lars observed, “Mechanisms like ECN and AQM were developed in the 1990s, when core speeds were around 45 Mbps. Now we have those speeds in the access network. Stuff that we did back then for the core should be revisited to see what we could use in the access network.” Congestion Collapse In the past, when more packets were sent than could be handled by intermediate routers, the intermediate routers discarded many packets, expecting the end points of the network to retransmit the information. However, early TCP implementations had very bad retransmission behaviour. When this packet loss occurred, the end points sent extra packets that repeated the information lost, thereby doubling the data rate sent-exactly the opposite of what should be done during congestion. This pushed the entire network into a congestion collapse, wherein most packets were lost and the resultant throughput was negligible. Source: Wikipedia A new IETF WG (Low Extra Delay Background Transport, or ledbat) is standardizing a congestion control algorithm to allow hosts to transmit bulk data without substantially affecting the delay seen by other users and applications. Another new WG (Multipath TCP, or mptcp) is endeavouring to extend TCP so as to enable one connection to transmit data along multiple paths between the same two end systems. This effectively pools the capacity and reliability of multiple paths into a single resource and enables traffic to quickly move away from congested paths. The Application Layer Traffic Optimization, or alto, WG is focused on improving peer-to-peer application performance while simultaneously aligning peer-to-peer traffic better with ISP constraints. Providing peer-to-peer applications with network, topology, and other information should enable them to make better-than-random peer selection, thereby improving performance for the application and alignment with ISP preferences. A new BoF meeting at IETF 76 was Congestion Exposure (conex), which targets exposing the expected congestion along an Internet path. This would be a new capability and could allow even greater freedom over how capacity is shared than we have today. “This is a very powerful mechanism that provides an information exchange between the network core and the edges that wasn't there before, and it has lots of potential uses,” said Lars. Such a capability could be used for a variety of purposes, such as congestion policing, accountability, service-level agreements, and traffic engineering. Finally, Lars drew attention to another BoF meeting taking place during IETF 76 on recommendations for home gateways: homegate, which is intended to collect requirements from disparate RFCs and provide an overview for implementers of home gateway devices. The goal is to improve the network experience for an end user using a home gateway to access the Internet. There are already many tools to share Internet capacity fairly, effectively, and efficiently, and the IETF is designing new and better tools where needed. Lars concluded by noting that a lot could be gained by more consistently and appropriately using the tools we already have. A Balanced Approach to the Impact of Broadband In discussion after the panel, both Lars Eggert and Richard Woundy observed that it is the impact of broadband on the network that has largely exposed a lot of these issues for congestion management. “I'm very glad that this discussion has picked up over the last few years with the rise of broadband,” said Lars. “We need mechanisms to handle the [new broadband] speeds safely.” Higher access speeds make it possible for individual end users to have a significant impact on the network. Bandwidth Bandwagon Panellists Leslie Daigle, Internet Society (moderator) Kenjiro Cho, Internet Initiative Japan Lars Eggert, Nokia Danny McPherson, Arbor Networks Richard Woundy, Comcast Richard emphasized that it would be a mistake to conclude from all of this that ISPs want to stop investing. The concern is, rather, to ensure ISPs are able to deliver a good customer experience for all, even when traffic increases in unexpected ways (doubles overnight, for example). “That's the kind of situation where congestion management makes sense, but it needs to be followed up with capacity upgrades,” Richard said. “You don't do one without the other; otherwise, you're just letting your service fall apart.” Details of the event, a set of slides, audio, and a transcript are available from the ISOC Web site . IETF Toolbox alto: http://www.ietf.org/dyn/wg/charter/alto-charter.html conex: http://www.ietf.org/proceedings/09nov/agenda/conex.txt homegate: http://www.ietf.org/proceedings/09nov/minutes/homegate.htm ledbat: http://www.ietf.org/dyn/wg/charter/ledbat-charter.html mptcp: http://www.ietf.org/dyn/wg/charter/mptcp-charter.html TCP road map: http://www.ietf.org/rfc/rfc4614.txt This article was posted on 20 January 2010 .   Full Caption Text:

Image 1: IETF 76 participants listen as panellists discuss bandwidth issues;  Image 2: Panellist Richard Woundy at IETF 76;  Image 3: Bandwidth Bandwagon panellists (from left) Kenjiro Cho, Danny McPherson, Richard Woundy, and Lars Eggert;  Image 4: Panel moderator Leslie Daigle of the Internet Society;  Image 5: IETF 76 participant and ISOC Board member Bert Wijnen attends the panel discussion;  Image 6: Panellist Kenjiro Cho, of the Internet Initiative Japan, gives a panel presentation;  Image 7: Bob Hinden asks a question during the openmic portion of the IETF 76 panel discussion;

]]> 720 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-13/ Fri, 01 Jan 2010 18:28:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=722 http://www.ietf.org/meeting/upcoming.html. I look forward to seeing you at these meetings. This article was posted on 20 January 2010 .]]> 722 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/google-ipv6-is-easy-inexpensive-2/ Fri, 01 Jan 2010 14:15:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=823 823 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-enjoy-in-person-ietf-experience-2/ Fri, 01 Jan 2010 14:16:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=826 826 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rfc-editor-in-transition-past-present-and-future-2/ Fri, 01 Jan 2010 14:18:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=828 828 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/congestion-exposure-were-all-in-this-together-2/ Fri, 01 Jan 2010 14:19:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=832 http://www.ietf.org/dyn/wg/charter/ledbat-charter.html) that preserve the user's congestion allowance for more-important applications. The extra benefit of congestion exposure is that it enables fully flexible yet simple differentiation of QoS (quality of service) under the control of the end user's applications and operating system. By enabling greater end-system control and freedom over transmissions, congestion exposure makes it possible for operators to increase their network's efficiency. In particular, the combined utility of an operator's users will increase. It is exactly this kind of cooperation between users and networks that lies at the heart of our hopes for congestion exposure. Interestingly, congestion exposure is application and protocol agnostic. Deciding which applications consume the user's congestion allowance is under the control of the user’s particular preferences; in other words, the network doesn't care, so DPI is no longer needed. Thus, regulators requiring nondiscriminatory traffic management should also be happy. Other Benefits of Congestion Exposure There are other potential benefits of congestion exposure, for both users and networks. For example, when there is little congestion, the application can run at a much faster rate than TCP would achieve. When there is congestion, a sender is likely to favour short transfers over large ones (because they use up less congestion allowance); for example, a sender might favour Web browsing over peer to peer. As Figure 2 shows, the result is that the short transfer now completes much more quickly, while the larger one takes barely any longer. We also believe that congestion exposure can improve an operator's incentive to invest in new capacity. One of the stumbling blocks to investment that we face today is that a few users tend to grab nearly all of the extra bandwidth while the cost is spread out over all users through fees. With congestion exposure, an operator is motivated to invest because the benefit is more evenly spread out (or targets those who want to pay for it). An operator may also be able to identify which of its links have the greatest incipient demand and hence determine where to focus that investment. Other potential benefits include new tools that exploit the congestion information for DoS mitigation, traffic engineering, and internetwork service-level agreements. The Future of Congestion Exposure at the IETF The proposed conex WG will concentrate on the specification of how rest-of-path congestion information is carried in IP packets. This does, however, require standardizing a change to IP, which is not an insignificant step! Conex will also work on how to transport the whole-path-congestion information from the destination to the sender, as well as how to prevent parties from being less than truthful about congestion. The WG will encourage experiments to determine which use cases are most useful and hence worthy of deeper consideration. It is hoped that the work of the proposed conex WG will lead to better cooperation between users and networks-and so achieve better capacity sharing on the Internet. For more information… Reference 1. D. Clark, J. Wroclawski, K. Sollins, R. Braden. “Tussle in Cyberspace: Defining Tomorrow's Internet”; IEEE/ACM Transactions on Networking (TON), Volume 13, Issue 3 (June 2005),http://portal.acm.org/citation.cfm?id=1074047.1074049. This article was posted on 20 January 2010 .]]> 832 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-kantara-initiative-for-online-identity-a-one-year-progress-report-2/ Fri, 01 Jan 2010 14:20:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=840

By J. Trent Adams and Eve Maler Founded in April 2009, the Kantara Initiative was conceived as an open, global organization with the mission of promoting interoperability and technology harmonization across the myriad identity solutions available and under development. With the proliferation of single-protocol solutions being pursued, the founders of the Kantara Initiative set out to promote the deployment of heterogeneous protocols, standards, and solutions for vendors and end users within the entire network identity ecosystem. As can be expected, it was a huge undertaking to corral enough industry and community support for this idea to move onto the world stage. Key to the success in setting it up was the contribution of time, effort, and intellectual capital from the Liberty Alliance. In 2008, the Liberty Alliance board of trustees foresaw the need for a new organization that would support all of the major industry solutions and community standards, promoting component-level interoperability while also addressing the related business, legal, and regulatory issues. Thus, the Liberty Alliance began the effort of reaching out to other organizations to form Kantara. Among the organizations agreeing to found Kantara with this mission were the Internet Society, the Information Card Foundation, the DataPortability Project, and XDI.org. This extended set of organizations added to the existing industry leaders within Liberty, such as AOL, British Telecommunications, CA, Intel, Oracle, and Sun Microsystems. Together, they began working on structuring an inclusive environment conducive to multiple points of view and to collaboration at a global scale. The result is an organization with no membership fees to participate and with a truly transparent operating structure. Since its inception, the Kantara Initiative has fostered a robust environment in which a wide variety of identity ecosystem challenges are being tackled. Among the active work streams are: Promoting component (i.e., protocol-level) interoperability Ensuring global interoperability within a vertical market but also across markets (e.g., finance to health care) Developing business and policy best practices related to end-user engagement (e.g., contractual intellectual property rights between entities, and privacy issues) Advancing government and regulatory compliance; helping guide legislation that honours the privacy of end users and protects user-managed access to users’ data Fostering identity assurance programmes to support business and government trust requirements Promoting recognition of end-user usability needs in developing industry solutions These threads can be seen in the various Kantara working groups. While all operate under one governance umbrella-and communication and coordination among groups are encouraged through joint membership on a Leadership Council-each working group has a distinct mandate and set of deliverables. In order to support such a diverse set of activities, the Kantara Initiative took an unusual approach regarding the protection of intellectual property contributed to the groups in service of the Kantara charter. This approach (1) requires each group, at inception, to select the intellectual property rights (IPR) regime that best fits its goals and the eventual standards organization to which specifications may be submitted and (2) requires participants to agree to the regime before taking their places at the table. Such flexibility allows each group a quick and easy way to get up and running with the IPR option that suits the group's members while helping protect developers of Kantara-incubated specifications. Of the 18 groups chartered since April, some of the most active are: E-Government: Facilitates collaboration and discussion among Kantara groups with an interest in e-government identity management applications and services. This group acts as a forum to discuss best practices by government organizations on national, regional, and municipal levels and offers government-subject-matter expertise in the development of Kantara Initiative policy recommendations and specifications. Healthcare Identity Assurance: Designs, implements, and tests reference applications for secure access to health information. One example use case under consideration is for consumers to be able to access their health records with a standardized login system. Another is a way for emergency workers to access critical health information during emergencies or natural disasters. Identity Assurance: Fosters the adoption of trusted online identity services, identifying and resolving specific obstacles to their market and commercial acceptance. This group is actively working toward the development of a global standard framework necessary to support trusted identity service providers. Information Sharing: Identifies and documents use cases that illustrate the benefits and challenges of user-driven information sharing. By focusing on the benefits and addressing the obstacles, the group specifies the policy and technology solutions that are required to enable a smooth and effective information flow. Privacy and Public Policy: Focuses on the interplay between privacy, technology, and policy, and aims to ensure that Kantara contributes to better privacy outcomes for users, data custodians, and other stake-holders. This group engages with a diverse range of privacy stakeholders, understanding their different perspectives, translating and mediating between them as necessary, and documenting privacy-related principles and good practices applicable to a broad range of prevalent technology platforms. User-Managed Access: Develops specifications that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations. The group expedites the process of collaborating with different communities on a draft solution that meets their shared goals that cross community boundaries. Rather than setting up another standards body, the Kantara Initiative focuses on incubation of ideas and concepts. If specifications emerge from the groups, they are then submitted to other standards-setting organizations for adoption and operational maintenance. Each chartered group that anticipates producing specifications selects the standards body to which it expects to contribute its work when it is fleshed out. For example, some groups are targeting the W3C, others are looking to OASIS, and some have their sights on the IETF. A prime example of this process is the User-Managed Access (UMA) working group. The work incubated in UMA illustrates how the Kantara Initiative fosters innovation, interoperability, and community. This group is developing specifications that empower an individual to control the authorization of data sharing and service access made between online services on an individual's behalf, thereby allowing for permissioned data sharing even if the user's entire set of data is hosted on many different servers. To foster the adoption and building of a modular solution, the group is profiling and extending OAuth-related specifications already under development at the IETF (the ultimate destination identified for UMA specifications) while attracting participation from a wide variety of stakeholders who might normally have difficulty participating in such an effort were a membership fee required. One of the group's goals is to facilitate multiple interoperable implementations, and it has worked with Kantara leadership to develop a bounty programme for attracting development interest in a UMA protocol validator. With work like this under its umbrella, the Kantara Initiative has moved from concept to fully functioning reality with broad global support across all sectors of the identity ecosystem. And with a growing membership-including additions such as Neustar, PayPal, NTT, Danish National IT, Deutsche Telekom, and the government of Canada-the organization is healthy and beginning to hit its stride. Participation is key to the success of the mission, and with stakeholders easily able to sit at the table, the organization will surely realize its full potential. To learn more and join the discussion, visit http://kantarainitiative.org. This article was posted on 20 January 2010 .   Full Caption Text: Image 1: IETF Scale model of Hiroshima city flattened after the detonation of the A-bomb. The red ball depicts the explosion point.  Image 2: IETF Model of the Hiroshima Peace Memorial at the Hiroshima Peace Museum.  Image 3: The A-Bomb Dome, which survived the A-bomb blast, is part of Hiroshimi Peace Memorial Park in Hiroshima, Japan.

]]> 840 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-13/ Fri, 01 Jan 2010 14:22:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=842

By Aaron Falk Four research groups (RGs) met at IETF 76 in Hiroshima, Japan: Host Identity Payload; Scalable, Adaptive Multicast; Delay Tolerant Networking; and Routing. Most of the 13 RGs that make up the Internet Research Task Force (IRTF) are active. Six IRTF drafts are awaiting publication by the RFC Editor. The publication process has been in suspension for several months pending revision of the IETF Trust License Provisions. The current expectation is that publication will resume in January 2010. One of the documents in the RFC Editor queue is draft-irtf-rfcs-05.txt, which defines the IRTF RFC stream. The draft was removed from the publication queue so that the rights language can be made consistent with that of the Independent Stream. From time to time the IRTF considers proposals for new RGs. Several folks who have expressed interest in an RG on virtual networks have been meeting informally for some time. A Bar BoF on the topic was held at IETF 76 for the purpose of reaching agreement on a draft charter. Some interest has also been expressed in establishing an RG with a charter related to the Internet of Things. The Routing RG met with the Internet Architecture Board at IETF 76 to discuss plans for making a recommendation to the IETF based on the group's work over the past two years in evaluating proposals for a future routing and addressing architecture. The work was motivated by concerns over forwarding table growth in the default-free zone. There has been a great deal of energy in the RG, and while progress has been made in defining the nature of the problem and gaining an understanding of the classes of solutions available, it will be a challenge for the group to converge on recommendations. The End-to-End RG, which is chaired by Craig Partridge and Karen Sollins, has decided to close in January 2010 after 26 years. The RG has served as a focal point for several important concepts in Internet design, including slow start and improved roundtrip time estimation, Random Early Drop, Integrated and Differentiated Services, Weighted Fair Queuing, PAWS (Protection Against Wrapped Sequence Numbers), and Transaction TCP. The end2end-interest mailing list will continue operation. At each IETF, brief overviews of selected IRTF RGs are presented to help familiarize the IETF community with the research topics that are under discussion. At the IETF 76 plenary, short presentations described the Anti-Spam RG and the Scalable, Adaptive Multicast RG. The Anti-Spam research group, chaired by John Levine, looks at open problems in topics related to combating unsolicited e-mail. The original hope was that the RG would create initiatives around which standardization could occur. Those initiatives have not yet been created. The group has an open membership, which includes representatives from industry and academia as well as independent participants. Combating spam has become a major industry, one that has led to the formation of an IETF working group (DKIM), trade groups (MAAWG and ESPC), and conferences (CEAS and presentations to Usenix). The RG has produced a document that provides details on Domain Name System blacklists and white lists (the document is awaiting publication), and it is working on a draft that covers management practices for blacklists. Another work in progress for the RG covers taxonomies on antispam and spamming techniques (see http://wiki.asrg.sp.am). The RG serves as a good sounding board for folks who have antispam ideas. The Scalable, Adaptive Multicast RG (SAMRG), chaired by John Buford and Thomas Schmidt, is investigating the development of unified approaches to multicast that take advantage of link-layer multicast, IP multicast, and application multicast when they are available. There are several active researcher/developer communities in the SAMRG, including application layer multicast over peer-to-peer networks; an experimental protocol called XCAST, which is optimized for medium-scale voice conferencing; native (link-layer) multicast; and applications that use multicast. Some of the RG's work is focused on extending the Automatic IP Multicast without Explicit Tunnels (AMT) protocol as an overlay that can tie together multicast-enabled clouds. Other work focuses on defining a common application programming interface and name space that would enable applications to take advantage of multicast when it is available. In the future, the RG plans to work on extending common simulation tools to hybrid multicast mechanisms as well as on developing a wide-area hybrid multicast test bed. This article was posted on 20 January 2010 .

]]> 842 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-talk-with-geoff-mulligan-of-the-ipso-alliance/ Mon, 07 Sep 2009 14:40:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=863

The IETF Journal sits down with Geoff Mulligan, chair of the newly formed IPSO (IP for Smart Objects) Alliance, to discuss why he believes that IP offers the most promising means for connecting smart objects.

IETF Journal: What was the motivation behind the formation of the IPSO Alliance and what is the organization's mission?

Geoff: A little more than a year ago, a number of companies were working on smart objects and what is referred to as the Internet of Things. Unfortunately, nothing was being done to promote the use of IP as a viable protocol for connecting smart objects. In fact, the market was fragmenting into many proprietary ad hoc solutions for connecting these devices, with failed attempts to couple the solutions with Band-Aids of gateways. Those actions only created complexity and instability, and they decreased security. This was happening mainly because people didn't know about the work being done in the IETF and the applicability of the IP protocol suite to this space. We started the alliance to bring together a critical mass of companies that would create the right ecosystem for this type of work. Then we could say that all of those companies-the chip vendors, the software vendors, and the end-system vendors-believe that IP is the right way to go when it comes to connecting smart objects and sensor networks. Once we established that, we could move toward education by writing white papers, conducting tutorials, and participating in meetings that promote the concept. So, first and foremost, the IPSO Alliance is there to market the idea that IP is the best possible protocol for connecting smart objects. The second part involves technology demonstrations and technology support. In other words, let's show how this actually works; let's actually build it. Let's show that, for instance, we can build an IPv6 battery-operated sensor the size of a quarter and put it on the Internet so we can dispel the myths about how small these objects can be. On the technology side, we want to help facilitate interoperability testing and interoperability events. We've done a couple of interop events to show how objects are plugged together-or, nowadays, unplugged, because a lot of the technology today is wireless.

IETF Journal: Can you briefly describe what you mean by the Internet of Things?

Geoff: I think of the Internet of Things as that edge between human existence and technological existence. There are myriad things that people interact with on a daily basis, and once they have an IP address, they become part of the Internet of Things.

IETF Journal: Is the Internet of Things connected to the Internet that we know today?

Geoff: That's a really good question. The answer is yes and no. Just because something runs IP doesn't mean it has to be connected to the Internet. With the right security and management there is no reason why not, if you want or need to interact with other devices on the Internet. Without the right security and management, even though there may be a device that you'd like to connect to the Internet, you may not want to. On the other hand, the Internet of Things is called that because it uses the Internet. However, there will be smart objects that use IP but are not connected to the Internet, and sometimes they're not connected for reasons of privacy, safety, or security. For example, the brakes on your car could have an IP sensor, but do you want anyone else on the Internet pinging that sensor?

IETF Journal: What is a smart object?

Geoff: The IPSO Alliance defines smart objects as devices that are a combination of sensors, controllers, or actuators with computational capability and some communication capability that enables them to be connected to a wider array of networks and devices. IP smart objects are those whose communication capability happens to be, or should be, IP.

IETF Journal: How is the work of the IPSO Alliance related to the IETF? And what kinds of work are you personally doing with the IETF?

Geoff: I'm cochair of the IETF 6lowpan working group (WG). Very early on, when we defined what the IPSO Alliance is, we also wanted to define what IPSO isn't; and what it isn't is yet another alliance trying to masquerade as a standards organization. We wanted to make sure it did not look like we were competing with the IETF. In fact, what we are doing is promoting the standards that come out of the IETF along with standards that come out of other standards organizations, such as IEEE, W3C [the World Wide Web Consortium], and IEC [International Electrotechnical Commission]. We want to demonstrate how these standards can work together, and how it actually works-particularly when it comes to very small components, such as temperature and motion sensors in a home or building talking to thermostats to improve energy usage or to smoke detectors communicating with gas appliances to improve home safety. In addition, we want to help provide a translation between end-user requirements and IETF techspeak. That way we can come to the IETF and participate in the working groups and say, here are the issues the IETF needs to work on; these are the holes that need to be filled.

IETF Journal: What protocol work currently being done in the IETF is important to the IPSO, and when would you like to see those specs completed? Did you identify things the IETF needs to be doing that have not yet been done?

Geoff: The IETF working groups that currently are of interest to IPSO are 6lowpan, roll, manet, auto-conf, mipv6, and mobileIP. The work being done in 6lowpan and roll is critically important. If we're talking about trillions of devices, we need IP addresses. The IPSO Alliance is promoting IP as the protocol that runs to the very edge of the line that separates the network from actual physical work; there are no gateways and no translation in between. That means that IPv6 is the only viable alternative. The IPv6 Maintenance WG, known as 6man, is important because if you need to manage trillions of devices, this is not something you want to do manually. We are also interested in transport protocols because we do not want to skip any portions of the stack. Therefore, we need to understand how TCP or UDP really works for these small embedded devices. What are holes? What are the things we don't know? We believe that UDP is good enough for many applications, but we don't know if it's good enough in all situations. It may well be that we need to look at something between UDP and TCP-something that is a bit more reliable and that provides a bit more functionality. Our member companies are saying that they would like a UDP-like thing, but one that also has sequence numbers and that itself has acknowledgments. Where the Transport Area is concerned, this would be an important thing to have. Also missing is an application protocol for embedded devices: http isn't right; TFTP [Trivial File Transfer Protocol] is fine for some things; and SNMP [Simple Network Management Protocol] is close. So, trying to define what works at the application layer is going to be very important in the next phases of our work. There are a few other things missing in the 6lowpan WG. For example, how do devices get commissioned in a bootstrapping phase and then get on the network without someone having to connect to it and set an SSID and give it a channel? We can't do that for a trillion devices. The devices need to become self-actualized without human intervention. This is a tough problem. How will a device know what network to join when it comes online if it can join any of a number of networks. This is one of the areas that 6lowpan needs to look at going forward.

IETF Journal: What is the smallest device or object that can be addressed with an IP address?

Geoff: We're finding that there's almost no limit to how small a device or object can be. Some of the devices currently on the network include ones that have less than 32 kilobytes of flash and 2 kilobytes of RAM, and they operate on a couple of AA batteries for many years. In order to have a reasonable life span, battery-powered devices aren't switched on continuously, but you can ping them and they respond. We still find that these extremely small devices appear to be always on, even though they're sleeping 99.6 percent of the time. The devices have less computing power than the average digital watch, and yet they can still be on the Internet. Therefore, we can think about putting outlets, smoke detectors, light switches, and lights on the Internet, so if the lights go out, we can ring your phone or we can send a text message. Could it be handled in other ways? Yes, but the Internet infrastructure is already there, so why build another?

IETF Journal: What are the privacy concerns with this kind of technology?

Geoff: People like to measure things that can be measured. We can count people, but for reasons of privacy, some people don't want to be counted. I'm not so much worried about things being tracked; there are many occasions when tracking is a good idea. For example, I may want to know where my coffee cup is. But for many people or for certain things, tracking might not be such a good idea. The Internet of Things isn't really changing this-tracking can be done today- but it is accelerating it. Unfortunately, technologies have a tendency to outpace our ability to understand how to manage them. It's important to ensure that the security protocols that the IETF has developed can be applied so that if it's my device, I can control where the data goes and I can choose who gets the data and make sure that no one can intercept it.

IETF Journal: What is the relationship between this work and radio-frequency identification [RFID]?

Geoff: That's a good question. RFID is a lot of technologies. There is active RFID and passive RFID. Active RFID tags could be part of the Internet of Things that IPSO and the IETF and 6lowpan are enabling. Rather than sending a blob of numbers, those bits could be reformatted to look like an IPv6 packet. Passive RFID tags are a little different in that they have an extremely limited amount of data that they transmit when energized. I don't think that with the current technology the data is large enough to look anything like a compressed IPv6 address. Passive RFID could be connected to a slightly smarter device that could relay the data back to the Internet.

IETF Journal: Is there anything else you would like us to know about the work being done by the IPSO Alliance?

Geoff: Mainly that IPSO is dedicated to supporting the work of the IETF and the Internet Society by promoting the use of IP and Internet technologies. I believe it is a symbiotic relationship. We cannot and would not exist without IP. What we hope we can do is bring the marketing, visibility, and promotion of the phenomenal work that is happening at the IETF to a brand-new set of potential users, builders, engineers, devices, customers and applications. The IETF is of critical importance because IP, the central protocol within the IETF, is the first thing in our name. Whatever we can do to support the goals of the IETF and the Internet Society, we want to do. We want to find ways to work together, to promote the Internet and IP.

]]> 863 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/developing-internet-technology-research-and-standards/ Mon, 07 Sep 2009 14:41:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=865

These days, there are a lot of activities in the world that are focused on understanding and/or developing “the future Internet.”? On one end of the spectrum are national or regional research programmes whose goals are to develop networking technologies that are free of the perceived failings of the current Internet (such as security issues, congestion, and traffic management issues); on the other end are formal specification activities within international organizations that target mainly some hypothetical other network, without regard for how that network might be deployed. However, there's a paradox: if you can predict the future of the Internet, it's no longer the Internet. That rather flip statement embodies a lot of what many IETF participants understand implicitly: that the future of the Internet is not planned; it evolves based on the networks that get built and how they are used (applications and services). The global interdependencies that are inherent within and between networks and their uses make interoperability the best basis for technology development. While these concepts may be well understood by IETF participants, it has become increasingly important to explicitly articulate them and to ensure that they get more generally understood-if we still consider the principle of evolution based on interoperability and innovation the right basis for development of the Internet. In that model of development, there are three key types of activity from which feedback needs to be fostered: (1) development of technical specifications, (2) deployment, and (3) answering open questions (research). The IETF focuses primarily on the first activity, but it has a close relationship with the third in the shape of the Internet Research Task Force (IRTF). The IETF process itself is deliberately open to and seeking feedback from the second activity: deployment experiences.

Technical Specifications

The Internet was built on the premise of interoperability based on independent implementations of common specifications: Internet specifications. By focusing on interoperability for passing traffic between networks, Internet standards describe the protocols on the wire without prescribing device characteristics, business models, or content. The value of this building-block approach is seen in the range and depth of innovation and development in Internet technologies and services. New components-whether networks, services, or software-work seamlessly with existing deployments, as long as all of the pieces correctly implement applicable standards on the network. This makes the field of possible innovations virtually limitless. Apart from the focus on wire protocols for interoperability, one might say that successful Internet standards share certain characteristics, as follows:

• Freely accessible specifications: All of the relevant written specifications required to implement the standard are available without fee or requirement of other contractual agreement such as a nondisclosure agreement or license.
• Unencumbered: It is possible to implement and deploy technology based on the standard without undue licensing fees or restrictions.
• Open development: In order to have relevance in the resulting standard, it is critical that all parties working with impacted technologies be able to participate in and learn from the history of the development of an Internet standard.
• Always evolving: As the Internet itself continues to evolve, new needs for interoperability get identified. Therefore, the standards that support the Internet must evolve to address identified technical requirements.

Again, these characteristics may be familiar to IETF participants, but they are important to articulate and share.

Deployment Realities: Awareness and Feedback

For newly developed building blocks to work seamlessly with existing deployments, they have to be placed based on some level of awareness of actual deployment realities. It's not enough to posit a desirable outcome; feedback from past successes and failures, deployment conditions, and expectations of uptake are required throughout the development of new specifications. For example, the IETF encourages this through open participation by all engineers with relevant expertise, as well as the formation of working groups dedicated to operational aspects, such as v6ops and dnsop. Of course, while the technical specification process views deployment realities as input, broader deployment discussions are important in the identification of critical needs too. That is, operational experience with network usage, new or updated protocols, best practices, and so on are things that are best articulated in groups of deployment experts: people with operational expertise. This is where regional operator group meetings, such as such as NANOG, RIPE, and APRICOT, are key for network operations activities. More-regional and more-focused network operator groups can draw experts to discuss local issues as well as global issues in context. It's especially valuable to get cross-pollination between these activities and technical specification activities. Sometimes it's important to bring back the deployment reality issues to the IETF in a broader context than specific work in a particular working group. This is often the driver behind the Internet Architecture Board's technical plenary topic selections. The session on network neutrality at IETF 75 (see Plenary, page 4) provided just such an opportunity; it was a chance to hear the perspectives of decision makers (governments and regulators) that are outside the traditional operational network realm. It's also a motivation behind the Internet Society's recent media briefing panels, such as the Securing the DNS panel (see page 12).

Looking to the Future: Research

When it comes to gathering data, examining issues, and seeking answers without the restrictions of established environments, organized research is key. The IRTF's work with the IETF can serve as an important bridge between the world of research activities and the realm of technical specification. This was especially well illustrated in the case of the Host Identity Protocol, which has had concurrent research and working groups examining various aspects of development and specification. As noted earlier, there are a number of clean-slate research programmes under way around the world, many of which focus on considering known issues-such as security, congestion control, and routing-within new network developments completely independently of the deployed Internet. The research will yield interesting answers to the important how and what-if questions. The next question is, How will the world make use of the answers? It could be through the blanket deployment-from scratch-of the new networks that those research activities propose from those clean slates. However, that could not happen overnight. Alternatively, the lessons learned through those research activities may well inform current Internet building-block developments, because strong evidence of the value of a different direction provides impetus to get development and deployment over hurdles that might otherwise have seemed insurmountable. That means that research activities must be discussed and shared equally within the processes for technical specification and deployment feedback. Fifteen years ago, the percent of researchers among active IETF participants was higher than it is today. Perhaps that's not surprising, given that the core Internet then still featured a large number of research networks and nodes operated by academic and research institutions. Nevertheless, there are still researchers who get involved in IETF activities, as witnessed by the level of attendance at an Internet Society cross-regional (Europe, North America, and Asia) future Internet researcher luncheon, described here. In a discussion of the challenges to future Internet research activities, it became clear that one of the significant challenges involves getting a coherent research agenda that is useful for framing funded research activities across regions. That's one way the specification and deployment activities of the Internet could feed back into the research world. Likewise, highlighting the most promising research results from around the world to the operational and standardization communities will help close the loop on the cycle of activities that constitute this model of Internet development.

Final Thoughts

For those of us who still consider the principle of evolution based on interoperability and innovation as the right basis for development of the Internet, it is important to recognize, foster, and share the value of interaction between specification, deployment, and research. There is no master plan for the development of the Internet, and so far, that has been a feature. Going forward, the health of the Internet is going to continue to depend on the health of this ecosystem of development.

]]> 865 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-conversation-with-ting-zou/ Mon, 07 Sep 2009 14:43:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=867

The first woman to chair a working group from a Chinese business enterprise talks to the IETF Journal about handover keying, bridging the culture gap, and combining work and motherhood in the IT sector.

IETF Journal: When did you start working with the IETF?

Tina Tsou:* I have been working with the IETF since 2006. I have participated in the Operations, Security, Internet, and Transport areas. I like the culture of the IETF. It is quite free. From a technical point of view, you can practice whatever you like. That's my general feeling.

IETF Journal: When did you become cochair of the hokey [handover keying] working group [WG]?

Tina: I have been cochair since before the IETF meeting in Stockholm [IETF 75]. I started on my birthday, by coincidence.

IETF Journal: What are the purpose and mission of hokey?

Tina: A mobile device has to reauthenticate each time it changes its point of attachment to the network. When it goes through the full procedure of authentication, it creates a series of ruptures, during which the medium cannot flow. This results in a poor user experience during handover. However, it is possible to shorten the time it takes to reauthenticate by reusing the key information developed during the initial authentication. The hokey WG is concerned with developing procedures for key reuse and delivery while respecting good security practice. That is why it is in the security area. The hokey WG has already done work on this subject, but it has not yet developed the complete set of procedures, protocols, and changes needed for different security environment scenarios and situations. The working group has been in existence for a few years, and it has now rechartered. In being the cochair of the hokey WG, I have the strong feeling that I am guiding the consensus, not imposing my own technical ideas and convictions. That is important.

IETF Journal: Have you ever felt that your cultural background has been a problem for you when working with the IETF? Do you think you need to adapt to be able to play a role in the IETF and its working groups?

Tina: The way people think is different here. I have been on business trips quite frequently since 2003, and I've made many friends, many of whom are not Asian. I'm getting used to it. In the WG meetings, nothing is personal; it is all based on technical grounds. Sometimes you initially go against someone, and then later you get to know the person better. That's really nice. I am an open person, so it is not so difficult for me. My father is an English teacher. I have been in touch with other cultures since I was a little kid, so it is not a big deal for me.

IETF Journal: What other work are you doing in the IETF?

Tina: At the company where I work, I lead a group of network product developers. Most of the work is related to the work done in the IETF. There are many WGs we are following. I don't participate in all of them myself. I share that work with my colleagues. We will have more people on my team, and they are all involved in the IETF in some way. We have to learn what is going on in the IETF, and we have to bring it back to our implementations.

IETF Journal: What do you find interesting or different by working in the IETF-particularly as compared to other standards organizations?

Tina: At other meetings I dress very formally and sit on a chair. Here I wear jeans and I sit on the ground. [Laughs.] It is more free here at the IETF. Here we respect individuals. With other standards organizations it is more about companies and governments. There are more politics involved. I mean, politics are everywhere. But I find the IETF to be more free and more democratic. I am also involved in the European Telecommunications Standards Institute, which has a European culture; the International Telecommunication Union's Telecommunications Standardization Sector, which has a UN culture; and the IETF, which has an American culture. So when it comes to meetings, I always adjust a bit to the different cultures. But in all of those different work cultures, it's all about technology. Technology is the key point. Most people who come here are engineers, but some are scientists. When we are talking about technology, no special culture is involved. We need to solve a problem; that is the main thing. Everything else comes second.

IETF Journal:Have you ever had difficulties communicating in this environment?

Tina: I did not see any difficulties. I did not find it difficult to speak up or become active. Here you don't have to worry about whether you say something wrong. You can state whatever you like. The people here are generally friendly. If they are uncomfortable with what you said, they will say so, but they are not aggressive. I think most people enjoy being here.

IETF Journal: As you know, having an Asian woman leading a working group is a first for the IETF. What do you think about that?

Tina: Yes, this is true. Asian women are often more reserved and shy. They do not like to talk in public. But this has changed in recent years: women now speak up, they have jobs, and they have higher positions. Sometimes now men, too, take care of the children. Pretty much what is happening in the United States and in Europe is now also happening in Asia. There are no limits on women anymore.

IETF Journal: Is it also because women are needed in the workforce?

Tina: Yes, I think that is true, especially in the IT industry. Things are changing. The world became a global village, which means people become more and more alike. You improve yourself by learning from other people in different cultures. And that also applies to technology: different operators have different requirements, and they try to voice that in the WG. You learn from the other people in the WG; sometimes you argue, but you also learn from them. I recently had a baby, and I was wondering how I would be able to cope with being a mother and having a career at the same time. Another woman at the IETF said she uses only one single calendar for home and work. That works actually pretty well. While the baby sleeps, I read RFCs and respond to e-mails. Sometimes I even read RFCs to my baby. He seems to enjoy it. How to be an IETF WG chair and a mother at the same time? That would be an interesting working group. * Ting Zou also goes by the name Tina Tsou.

]]> 867 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-14/ Mon, 07 Sep 2009 14:44:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=869

Since IETF 74 the Internet Research Task Force (IRTF) has been working on IRTF RFC Stream desired copyrights. The intent is to maximize commonality with the IETF process while permitting unlimited derivative works (with attribution) or no derivative works at all. Issues to be addressed include working with the IETF Trust and establishing a correct Internet Draft boilerplate, among others. The topic is being addressed on the RFC-interest mailing list. No new RFCs have been published, but five documents are on hold pending resolution of the aforementioned copyright issues. A new research group (RG) has been chartered called the Public Key Next-Generation Research Group (PKNG), chaired by Paul Hoffman. The group will be looking into alternate certificate formats, semantics, and public-key services that could eventually replace Public-Key Infrastructure (X.509), if deployed. Discussions for an RG on network virtualization continue. During the IETF technical plenary in Stockholm, I gave a short overview of a few active RGs. The overview was intended to introduce people in the IETF to the work going on in the IRTF and to encourage more participation. The following two sections are introductions to the Host Identity Protocol RG and the Internet Congestion Control RG, as presented during the IETF 74 technical plenary.

Host Identity Protocol Research Group (hiprg)

At present, IP addresses serve two roles on the Internet: the first is to identify the host during communication, and the second is to locate the host within the Internet routing system. This overloading of the address can cause failures in transport protocols such as TCP or in applications when the IP address changes-for example, because of host mobility. HIP is a host-based protocol devised to split identifiers from locators-at roughly the endpoint sublayer of the IP layer. HIP identifies host using a self-generated public-private key. ESP (Encapsulating Security Payload) encryption and a key exchange protocol provide secure support for mobility and multihoming. RFC 4423 describes the HIP architecture in more detail. The first commercial HIP products have been announced. The IRTF HIP RG was established in parallel with the IETF HIP working group (WG) in 2004 and has since matured and migrated several drafts to the HIP WG-on such topics as network address translation traversal, native API definition, certificates, and support for legacy applications. The focus of the RG is on discussing ideas that are not yet ready for the IETF process. The RG also provides a forum to present HIP extensions and experiments. The RG is now working on an experiment report summarizing experiences with HIP use. The RG is currently discussing a number of HIP extensions:

• The use of HIP for object identification in what is called the Internet of Things (see page 20)
• Hierarchical host identity tag and host identity revocations
• ID-to-locator resolution using distributed hash table (DHT) and DNS
• Mobile router extensions

Future plans for the HIP RG include the adoption of a number of Internet-Drafts as RG items based on the sustained interest of participants. The RG is also interested in helping the WG move HIP to proposed standards, and IETF participants are encouraged to install and try HIP on their computers and to provide feedback. Current HIP implementations can be found at: www.openhip.org, hipl.infrahip.net andwww.hip4inter.net. A more detailed article on HIP was published in the IETF Journal in March 2009. There is also a book atwww.hipbook.net.

Internet Congestion Control Research Group (iccrg)

The Standard TCP congestion control is not always fit for today's Internet. It tends to make inefficient use of high bandwidth links and with wireless connections, especially those with long round-trip times. It is also not the right choice for all applications. There is increasing deployment of nonstandardized, high-speed TCP variants such as C-TCP (included in Windows Vista), CUBIC (default in some Linux distributions), and H-TCP. The ICCRG considers new directions and techniques for congestion control in the context of the Internet. The RG is composed mostly of people involved in the IETF Transport area, people implementing operating systems, and people from the research community. The ICCRG is organizing the existing congestion-control-related RFCs, and it created a road map that is currently waiting in the RFC Editor queue for publication. It is further identifying real, open issues with existing congestion control techniques in close cooperation with IETF WGs. Some of the open issues are heterogeneity, stability, and fairness. The ICCRG is trying to create a vision for moving beyond the current limitations of TCP-friendly concepts. Feedback from the implementer's perspective has been sought, and a report has been published related to the evaluation of CUBIC and H-TCP as experimental TCP congestion control mechanisms. The RG is working on a vision for enabling capacity sharing within the network infrastructure rather than simply at the end hosts. Research topics discussed at IETF-74 included:

• MulTFRC congestion control with tunable aggression (N-TCP-friendliness)
• Explicit feedback on access links: using mechanisms like Explicit Control Protocol on access link bottlenecks even if end-to-end deployment isn't possible

For more information about the Internet Research Task Force.

]]> 869 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-trust-and-identity-key-themes-at-ietf-74/ Mon, 07 Sep 2009 14:50:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=874 “The Seven Stages of IPv6 Adoption”. On a related topic, a BoF (birds-of-a-feather) session looked at a possible solution to the problem of how public IPv4 addresses can be shared among different networks in the event that IPv4 addresses are no longer available to be assigned. A description of that proposal can be found below. A similarly hot topic these days is trust and identity. In this issue, the IETF Journal talks to the cochairs of the OAuth BoF as well as the author of the OAuth specification. The OAuth specification recently was brought into the IETF. Also in this issue is a summary of the plenary session, including a review of the panel discussion on multiprotocol label switching and an update on what the IETF can learn from the development and deployment of that protocol. IETF 74 hosted a number of the Internet Society fellows to the IETF and former fellows, who travelled from developing countries for the opportunity to enhance their knowledge and technical skills through involvement with the IETF and to contribute to the work of the IETF (See here.). Finally, in an effort to gain a better understanding of our readers, we are embarking on our first IETF Journal reader survey. We encourage you to take a minute and fill it out. We extend our thanks to those who contributed to this issue. We wish everyone enjoyable reading, and as always, we welcome both comments and contributions for future issues.]]> 874 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-bof-meetings-2/ Thu, 24 Sep 2009 20:50:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1438 Descriptions and agendas for all BoF meeting Applications Area ogpx: Open Grid Protocol Internet Area netext2: Network-Based Mobility Extension, 2nd Stage multimob: Multicast Mobility RAI Area codec: Internet Wideband Audio Codec Transport Area mptcp: Multipath TCP]]> 1438 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-4/ Sat, 24 Oct 2009 20:55:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1442 Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file.

Date: 2008-08-06 – Last Call: draft-ietf-dime-diameter-api (The Diameter API) t / Call: draft-ietf-dime-diameter-api (The Diameter API) to Title: ast Call: draft-ietf-dime-diameter-api (The Diameter API) to URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-diameter-api-07.txt Date: 2008-08-13 – Approved by the IESG as col Action: ‘A Two-way Active Measurement Protocol Title: A Two-way Active Mea URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-twamp-09.txt Date: 2008-08-15 – Approved by the IESG as col Action: ‘Hierarchical Mobile IPv6 Mobility Title: Hierarchical Mob URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-4140bis-05.txt Date: 2008-08-15 – Approved by the IESG as col Action: ‘Guidelines for Specifying the Use of Title: Guidelines for Spec URL: http://www.ietf.org/internet-drafts/draft-bellovin-useipsec-10.txt Date: 2008-08-18 – Approved by the IESG as col Action: ‘IANA Considerations for the IPv4 and Title: IANA Considerations URL: http://www.ietf.org/internet-drafts/draft-manner-router-alert-iana-03.txt Date: 2008-08-18 – Approved by the IESG as ent Action: ‘Media Gateway Control Protocol Fax Title: Media Gateway Con URL: http://www.ietf.org/internet-drafts/draft-andreasen-mgcp-fax-08.txt Date: 2008-08-18 – Approved by the IESG as col Action: ‘Simple Network Management Protocol Title: Simple Network Ma URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-snmp-engineid-discovery-03.txt Date: 2008-08-18 – Approved by the IESG as col Action: ‘Management Event Management Title: Management URL: http://www.ietf.org/internet-drafts/draft-ietf-ipcdn-pktc-eventmess-14.txt Date: 2008-08-25 – Last Call: draft-ietf-forces-mib (ForCES MIB) to Proposed Standar / Call: draft-ietf-forces-mib (ForCES MIB) to Proposed Standard Title: ast Call: draft-ietf-forces-mib (ForCES MIB) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-forces-mib-07.txt Date: 2008-08-25 – Last Call: draft-ietf-forces-model (ForCES Forwarding Elemen / Call: draft-ietf-forces-model (ForCES Forwarding Element Title: ast Call: draft-ietf-forces-model (ForCES Forwarding Element URL: http://www.ietf.org/internet-drafts/draft-ietf-forces-model-14.txt Date: 2008-08-25 – Last Call: draft-ietf-forces-protocol (ForCES Protoco / Call: draft-ietf-forces-protocol (ForCES Protocol Title: ast Call: draft-ietf-forces-protocol (ForCES Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-forces-protocol-15.txt Date: 2008-08-26 – Approved by the IESG as Draft Standard Title: Internet Message Format URL: http://www.ietf.org/internet-drafts/draft-resnick-2822upd-06.txt Date: 2008-08-27 – Last Call: draft-ietf-dime-mip6-integrated (Diameter Mobil / Call: draft-ietf-dime-mip6-integrated (Diameter Mobile Title: ast Call: draft-ietf-dime-mip6-integrated (Diameter Mobile URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-integrated-09.txt Date: 2008-08-27 – Approved by the IESG as col Action: ‘Extensions to the Path Computation Title: Extensions to the URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcep-xro-06.txt Date: 2008-08-28 – Approved by the IESG as ent Action: ‘Operational Requirements for Title: Operational URL: http://www.ietf.org/internet-drafts/draft-ietf-enum-softswitch-req-04.txt Date: 2008-08-28 – Approved by the IESG as col Action: ‘Extensible Markup Language (XML) Title: Extensible Mark URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-capacity-attribute-07.txt Date: 2008-08-28 – Approved by the IESG as col Action: ‘A Document Format for Requesting Title: A Document Form URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-consent-format-08.txt Date: 2008-08-28 – Approved by the IESG as col Action: ‘The Session Initiation Protocol (SIP) Title: The Session Initiati URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-pending-additions-05.txt Date: 2008-08-28 – Last Call: draft-ietf-sipping-policy-package (A Sessio / Call: draft-ietf-sipping-policy-package (A Session Title: ast Call: draft-ietf-sipping-policy-package (A Session URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-policy-package-05.txt Date: 2008-08-28 – Approved by the IESG as ent Action: ‘Presence & Instant Messaging Peering Title: Presence & Instant URL: http://www.ietf.org/internet-drafts/draft-ietf-speermint-consolidated-presence-im-usecases-05.txt Date: 2008-08-29 – Last Call: draft-ietf-usefor-usepro (Netnews Architecture an / Call: draft-ietf-usefor-usepro (Netnews Architecture and Title: ast Call: draft-ietf-usefor-usepro (Netnews Architecture and URL: http://www.ietf.org/internet-drafts/draft-ietf-usefor-usepro-12.txt Date: 2008-09-02 – Re: Informational RFC to be: draft-irtf-nmrg-snmp-measure-05.tx / nformational RFC to be: draft-irtf-nmrg-snmp-measure-05.txt Title: e: Informational RFC to be: draft-irtf-nmrg-snmp-measure-05.txt URL: http://www.ietf.org/internet-drafts/draft-irtf-nmrg-snmp-measure-05.txt Date: 2008-09-02 – Approved by the IESG as col Action: ‘RTP Payload Format for JPEG 2000 Title: RTP Payload For URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-jpeg2000-20.txt Date: 2008-09-04 – Last Call: draft-ietf-mipshop-mstp-solution (Mobility Service / Call: draft-ietf-mipshop-mstp-solution (Mobility Services Title: ast Call: draft-ietf-mipshop-mstp-solution (Mobility Services URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-mstp-solution-06.txt Date: 2008-09-04 – Approved by the IESG as col Action: ‘A Link-Type sub-TLV to convey the Title: A Link-Type sub- URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-number-0-bw-te-lsps-12.txt Date: 2008-09-05 – Last Call: draft-ietf-avt-rtp-toffset (Transmission Tim / Call: draft-ietf-avt-rtp-toffset (Transmission Time Title: ast Call: draft-ietf-avt-rtp-toffset (Transmission Time URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-toffset-07.txt Date: 2008-09-05 – Last Call: draft-ietf-avt-smpte-rtp (Associating Time-code / Call: draft-ietf-avt-smpte-rtp (Associating Time-codes Title: ast Call: draft-ietf-avt-smpte-rtp (Associating Time-codes URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-smpte-rtp-13.txt Date: 2008-09-05 – Last Call: draft-ietf-avt-rtp-g711wb (RTP Payload Format fo / Call: draft-ietf-avt-rtp-g711wb (RTP Payload Format for Title: ast Call: draft-ietf-avt-rtp-g711wb (RTP Payload Format for URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-g711wb-03.txt Date: 2008-09-05 – Last Call: draft-ietf-avt-rfc4749-dtx-update (G.729.1 RT / Call: draft-ietf-avt-rfc4749-dtx-update (G.729.1 RTP Title: ast Call: draft-ietf-avt-rfc4749-dtx-update (G.729.1 RTP URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rfc4749-dtx-update-01.txt Date: 2008-09-05 – Last Call: draft-ietf-mmusic-qos-identification (Quality o / Call: draft-ietf-mmusic-qos-identification (Quality of Title: ast Call: draft-ietf-mmusic-qos-identification (Quality of URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-qos-identification-01.txt Date: 2008-09-12 – Approved by the IESG as ent Action: ‘Inter-AS Requirements for the Path Title: Inter-AS Requirem URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-interas-pcecp-reqs-06.txt Date: 2008-09-15 – Last Call: draft-arkko-eap-aka-kdf (Improved Extensibl / Call: draft-arkko-eap-aka-kdf (Improved Extensible Title: ast Call: draft-arkko-eap-aka-kdf (Improved Extensible URL: http://www.ietf.org/internet-drafts/draft-arkko-eap-aka-kdf-05.txt Date: 2008-09-15 – Last Call: draft-ietf-psamp-info (Information Model for Packe / Call: draft-ietf-psamp-info (Information Model for Packet Title: ast Call: draft-ietf-psamp-info (Information Model for Packet URL: http://www.ietf.org/internet-drafts/draft-ietf-psamp-info-10.txt Date: 2008-09-15 – Approved by the IESG as col Action: ‘Preventing Use of Recursive Title: Preventing URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are-evil-06.txt Date: 2008-09-15 – Approved by the IESG as col Action: ‘Session Initiation Protocol Service Title: Session Initiation URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-service-examples-15.txt Date: 2008-09-15 – Re: Informational RFC to be: draft-leung-mip4-proxy-mode-09.tx / nformational RFC to be: draft-leung-mip4-proxy-mode-09.txt Title: e: Informational RFC to be: draft-leung-mip4-proxy-mode-09.txt URL: http://www.ietf.org/internet-drafts/draft-leung-mip4-proxy-mode-09.txt Date: 2008-09-15 – Re: Experimental RFC to be: draft-templin-seal-23.tx / xperimental RFC to be: draft-templin-seal-23.txt Title: e: Experimental RFC to be: draft-templin-seal-23.txt URL: http://www.ietf.org/internet-drafts/draft-templin-seal-23.txt Date: 2008-09-15 – Re: Experimental RFC to be / xperimental RFC to be: Title: e: Experimental RFC to be: URL: http://www.ietf.org/internet-drafts/draft-hajjeh-tls-identity-protection-06.txt Date: 2008-09-15 – Last Call: draft-ietf-sip-fork-loop-fix (Addressing a / Call: draft-ietf-sip-fork-loop-fix (Addressing an Title: ast Call: draft-ietf-sip-fork-loop-fix (Addressing an URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-fork-loop-fix-07.txt Date: 2008-09-17 – Approved by the IESG as col Action: ‘Requesting Answering Modes for the Title: Requesting Answer URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-answermode-07.txt Date: 2008-09-18 – Last Call: draft-ietf-avt-dtls-srtp (Datagram Transport Laye / Call: draft-ietf-avt-dtls-srtp (Datagram Transport Layer Title: ast Call: draft-ietf-avt-dtls-srtp (Datagram Transport Layer URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-dtls-srtp-05.txt Date: 2008-09-18 – Last Call: draft-ietf-sip-xcapevent (An Extensible Marku / Call: draft-ietf-sip-xcapevent (An Extensible Markup Title: ast Call: draft-ietf-sip-xcapevent (An Extensible Markup URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-xcapevent-03.txt Date: 2008-09-18 – Last Call: draft-ietf-sip-rph-new-namespaces (IANA Registratio / Call: draft-ietf-sip-rph-new-namespaces (IANA Registration Title: ast Call: draft-ietf-sip-rph-new-namespaces (IANA Registration URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-rph-new-namespaces-03.txt Date: 2008-09-18 – Last Call: draft-ietf-sip-sips (The use of the SIPS URI Schem / Call: draft-ietf-sip-sips (The use of the SIPS URI Scheme Title: ast Call: draft-ietf-sip-sips (The use of the SIPS URI Scheme URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-sips-08.txt Date: 2008-09-18 – Approved by the IESG as col Action: ‘Rights Contributors provide to the Title: Rights Contributo URL: http://www.ietf.org/internet-drafts/draft-ietf-ipr-3978-incoming-09.txt Date: 2008-09-22 – Approved by the IESG as ent Action: ‘Experience of implementing NETCONF Title: Experience of imp URL: http://www.ietf.org/internet-drafts/draft-iijima-netconf-soap-implementation-10.txt Date: 2008-09-23 – Approved by the IESG as col Action: ‘Multicast Negative-Acknowledgment Title: Multicast Negati URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-bb-norm-revised-07.txt Date: 2008-09-23 – Last Call: draft-ietf-nfsv4-minorversion1 (NFS Version 4 Mino / Call: draft-ietf-nfsv4-minorversion1 (NFS Version 4 Minor Title: ast Call: draft-ietf-nfsv4-minorversion1 (NFS Version 4 Minor URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-minorversion1-26.txt Date: 2008-09-23 – Last Call: draft-ietf-nfsv4-minorversion1-dot-x (NFSv4 Mino / Call: draft-ietf-nfsv4-minorversion1-dot-x (NFSv4 Minor Title: ast Call: draft-ietf-nfsv4-minorversion1-dot-x (NFSv4 Minor URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-minorversion1-dot-x-09.txt Date: 2008-09-23 – Last Call: draft-ietf-nfsv4-pnfs-block (pNFS Block/Volum / Call: draft-ietf-nfsv4-pnfs-block (pNFS Block/Volume Title: ast Call: draft-ietf-nfsv4-pnfs-block (pNFS Block/Volume URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-pnfs-block-09.txt Date: 2008-09-23 – Last Call: draft-ietf-nfsv4-pnfs-obj (Object-based pNF / Call: draft-ietf-nfsv4-pnfs-obj (Object-based pNFS Title: ast Call: draft-ietf-nfsv4-pnfs-obj (Object-based pNFS URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-pnfs-obj-09.txt Date: 2008-09-24 – Approved by the IESG as col Action: ‘Web Distributed Authoring and Title: Web Distribu URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-search-18.txt Date: 2008-09-25 – Last Call: draft-rescorla-tls-suiteb (Suite B Cipher Suites fo / Call: draft-rescorla-tls-suiteb (Suite B Cipher Suites for Title: ast Call: draft-rescorla-tls-suiteb (Suite B Cipher Suites for URL: http://www.ietf.org/internet-drafts/draft-rescorla-tls-suiteb-06.txt Date: 2008-09-25 – Last Call: draft-stjohns-sipso (Common Architecture Label IPv / Call: draft-stjohns-sipso (Common Architecture Label IPv6 Title: ast Call: draft-stjohns-sipso (Common Architecture Label IPv6 URL: http://www.ietf.org/internet-drafts/draft-stjohns-sipso-05.txt Date: 2008-09-26 – Last Call: draft-ietf-ccamp-rfc4420bis (Encoding of Attribute / Call: draft-ietf-ccamp-rfc4420bis (Encoding of Attributes Title: ast Call: draft-ietf-ccamp-rfc4420bis (Encoding of Attributes URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-rfc4420bis-03.txt Date: 2008-09-26 – Last Call: draft-ietf-sipping-cc-transfer (Session Initiatio / Call: draft-ietf-sipping-cc-transfer (Session Initiation Title: ast Call: draft-ietf-sipping-cc-transfer (Session Initiation URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-cc-transfer-10.txt Date: 2008-09-29 – Last Call: draft-ietf-mmusic-sdp-capability-negotiation (SD / Call: draft-ietf-mmusic-sdp-capability-negotiation (SDP Title: ast Call: draft-ietf-mmusic-sdp-capability-negotiation (SDP URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-capability-negotiation-09.txt Date: 2008-09-29 – Last Call: draft-ietf-sip-media-security-requirement / Call: draft-ietf-sip-media-security-requirements Title: ast Call: draft-ietf-sip-media-security-requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-media-security-requirements-07.txt Date: 2008-09-29 – Approved by the IESG as ent Action: ‘CAPWAP Threat Analysis for IEEE Title: CAPWAP Threat URL: http://www.ietf.org/internet-drafts/draft-ietf-capwap-threat-analysis-04.txt Date: 2008-09-29 – Re: Informational RFC to be: draft-touch-msword-template-v2.0-07.tx / nformational RFC to be: draft-touch-msword-template-v2.0-07.txt Title: e: Informational RFC to be: draft-touch-msword-template-v2.0-07.txt URL: http://www.ietf.org/internet-drafts/draft-touch-msword-template-v2.0-07.txt Date: 2008-09-29 – Approved by the IESG as col Action: ‘Indicating Support for Interactive Title: Indicating Suppor URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ice-option-tag-02.txt Date: 2008-10-01 – Last Call: draft-bryant-mpls-tp-jwt-report (JWT Report on MPL / Call: draft-bryant-mpls-tp-jwt-report (JWT Report on MPLS Title: ast Call: draft-bryant-mpls-tp-jwt-report (JWT Report on MPLS URL: http://www.ietf.org/internet-drafts/draft-bryant-mpls-tp-jwt-report-00.txt Date: 2008-10-02 – Last Call: draft-ietf-dnsext-forgery-resilience (Measures fo / Call: draft-ietf-dnsext-forgery-resilience (Measures for Title: ast Call: draft-ietf-dnsext-forgery-resilience (Measures for URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-forgery-resilience-07.txt Date: 2008-10-03 – Approved by the IESG as col Action: ‘Domain Name System (DNS) IANA Title: Domain Name URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-2929bis-07.txt Date: 2008-10-06 – Last Call: draft-ietf-behave-dccp (Network Address Translatio / Call: draft-ietf-behave-dccp (Network Address Translation Title: ast Call: draft-ietf-behave-dccp (Network Address Translation URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-dccp-03.txt Date: 2008-10-06 – Last Call: draft-ietf-idr-as-representation (Textua / Call: draft-ietf-idr-as-representation (Textual Title: ast Call: draft-ietf-idr-as-representation (Textual URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-as-representation-01.txt Date: 2008-10-06 – Approved by the IESG as Title: The PIM Join Attribute Format URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-join-attributes-06.txt Date: 2008-10-07 – Approved by the IESG as col Action: ‘Better-Than-Nothing-Security: An Title: Better-Than-Not URL: http://www.ietf.org/internet-drafts/draft-ietf-btns-core-07.txt Date: 2008-10-07 – Approved by the IESG as ent Action: ‘Problem and Applicability Statement Title: Problem and Applic URL: http://www.ietf.org/internet-drafts/draft-ietf-btns-prob-and-applic-07.txt Date: 2008-10-07 – Last Call: draft-ietf-behave-stun-test-vectors (Test vector / Call: draft-ietf-behave-stun-test-vectors (Test vectors Title: ast Call: draft-ietf-behave-stun-test-vectors (Test vectors URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-stun-test-vectors-03.txt Date: 2008-10-07 – Approved by the IESG as col Action: ‘Multicast Extensions to the Security Title: Multicast Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-ipsec-extensions-09.txt Date: 2008-10-08 – Last Call: draft-ietf-vrrp-unified-spec (Virtual Route / Call: draft-ietf-vrrp-unified-spec (Virtual Router Title: ast Call: draft-ietf-vrrp-unified-spec (Virtual Router URL: http://www.ietf.org/internet-drafts/draft-ietf-vrrp-unified-spec-02.txt Date: 2008-10-08 – Last Call: draft-ietf-pce-path-key (Preserving Topolog / Call: draft-ietf-pce-path-key (Preserving Topology Title: ast Call: draft-ietf-pce-path-key (Preserving Topology URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-path-key-03.txt Date: 2008-10-08 – Approved by the IESG as Title: TLS Transport Mapping for Syslog URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-14.txt Date: 2008-10-09 – Last Call: draft-ietf-lemonade-imap-notify (The IMAP NOTIF / Call: draft-ietf-lemonade-imap-notify (The IMAP NOTIFY Title: ast Call: draft-ietf-lemonade-imap-notify (The IMAP NOTIFY URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-imap-notify-07.txt Date: 2008-10-09 – Approved by the IESG as ent Action: ‘IPv6 Unicast Address Assignment Title: IPv6 Unicast A URL: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-addcon-10.txt Date: 2008-10-09 – Last Call: draft-cridland-urlfetch-binary (Extended URLFETCH fo / Call: draft-cridland-urlfetch-binary (Extended URLFETCH for Title: ast Call: draft-cridland-urlfetch-binary (Extended URLFETCH for URL: http://www.ietf.org/internet-drafts/draft-cridland-urlfetch-binary-03.txt Date: 2008-10-13 – Approved by the IESG as col Action: ‘Unicast UDP Usage Guidelines for Title: Unicast UDP Usa URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-udp-guidelines-11.txt Date: 2008-10-13 – Approved by the IESG as Title: ForCES Forwarding Element Model URL: http://www.ietf.org/internet-drafts/draft-ietf-forces-model-16.txt Date: 2008-10-13 – Approved by the IESG as col Action: ‘Transmission Time offsets in RTP Title: Transmission Ti URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-toffset-07.txt Date: 2008-10-13 – Re: Informational RFC to be / nformational RFC to be: Title: e: Informational RFC to be: URL: http://www.ietf.org/internet-drafts/draft-munakata-sip-privacy-guideline-04.txt Date: 2008-10-13 – Last Call: draft-ietf-lemonade-architecture (LEMONAD / Call: draft-ietf-lemonade-architecture (LEMONADE Title: ast Call: draft-ietf-lemonade-architecture (LEMONADE URL: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-architecture-03.txt Date: 2008-10-16 – Last Call: draft-daboo-imap-annotatemore (IMAP METADAT / Call: draft-daboo-imap-annotatemore (IMAP METADATA Title: ast Call: draft-daboo-imap-annotatemore (IMAP METADATA URL: http://www.ietf.org/internet-drafts/draft-daboo-imap-annotatemore-15.txt Date: 2008-10-17 – Last Call: draft-ietf-sip-dtls-srtp-framework (Framework fo / Call: draft-ietf-sip-dtls-srtp-framework (Framework for Title: ast Call: draft-ietf-sip-dtls-srtp-framework (Framework for URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-dtls-srtp-framework-04.txt Date: 2008-10-20 – Last Call: draft-ietf-dhc-dhcpv6-bulk-leasequery (DHCPv6 Bul / Call: draft-ietf-dhc-dhcpv6-bulk-leasequery (DHCPv6 Bulk Title: ast Call: draft-ietf-dhc-dhcpv6-bulk-leasequery (DHCPv6 Bulk URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-dhcpv6-bulk-leasequery-04.txt Date: 2008-10-20 – Last Call: draft-ietf-emu-eap-gpsk (EAP Generalized Pre-Share / Call: draft-ietf-emu-eap-gpsk (EAP Generalized Pre-Shared Title: ast Call: draft-ietf-emu-eap-gpsk (EAP Generalized Pre-Shared URL: http://www.ietf.org/internet-drafts/draft-ietf-emu-eap-gpsk-15.txt Date: 2008-10-20 – Second Last Call: draft-ietf-smime-bfibecms (Using th / d Last Call: draft-ietf-smime-bfibecms (Using the Title: econd Last Call: draft-ietf-smime-bfibecms (Using the URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-bfibecms-10.txt Date: 2008-10-20 – Second Last Call: draft-ietf-smime-ibearch (Identity-base / d Last Call: draft-ietf-smime-ibearch (Identity-based Title: econd Last Call: draft-ietf-smime-ibearch (Identity-based URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-ibearch-09.txt Date: 2008-10-21 – Last Call: draft-ietf-mip4-dsmipv4 (Dual Stack Mobile IPv4) t / Call: draft-ietf-mip4-dsmipv4 (Dual Stack Mobile IPv4) to Title: ast Call: draft-ietf-mip4-dsmipv4 (Dual Stack Mobile IPv4) to URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-dsmipv4-07.txt Date: 2008-10-21 – Last Call: draft-housley-iesg-rfc3932bis (IESG Procedures fo / Call: draft-housley-iesg-rfc3932bis (IESG Procedures for Title: ast Call: draft-housley-iesg-rfc3932bis (IESG Procedures for URL: http://www.ietf.org/internet-drafts/draft-housley-iesg-rfc3932bis-04.txt Date: 2008-10-21 – Last Call: draft-ietf-isis-hmac-sha (IS-IS Generic Cryptographi / Call: draft-ietf-isis-hmac-sha (IS-IS Generic Cryptographic Title: ast Call: draft-ietf-isis-hmac-sha (IS-IS Generic Cryptographic URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-hmac-sha-05.txt Date: 2008-10-21 – Last Call: draft-ietf-isis-wg-extlsp (Simplified Extension o / Call: draft-ietf-isis-wg-extlsp (Simplified Extension of Title: ast Call: draft-ietf-isis-wg-extlsp (Simplified Extension of URL: http://www.ietf.org/internet-drafts/draft-ietf-isis-wg-extlsp-03.txt Date: 2008-10-22 – Approved by the IESG as col Action: ‘RTP Payload Format for ITU-T Title: RTP Payload URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-g711wb-03.txt Date: 2008-10-23 – Last Call: draft-ietf-idr-as-documentation-reservation (A / Call: draft-ietf-idr-as-documentation-reservation (AS Title: ast Call: draft-ietf-idr-as-documentation-reservation (AS URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-as-documentation-reservation-00.txt Date: 2008-10-23 – Last Call: draft-ietf-ccamp-asymm-bw-bidir-lsps (GMPL / Call: draft-ietf-ccamp-asymm-bw-bidir-lsps (GMPLS Title: ast Call: draft-ietf-ccamp-asymm-bw-bidir-lsps (GMPLS URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-asymm-bw-bidir-lsps-01.txt Date: 2008-10-27 – Approved by the IESG as col Action: ‘Textual Representation of AS Numbers’ Title: Textual Representati URL: http://www.ietf.org/internet-drafts/draft-ietf-idr-as-representation-01.txt Date: 2008-10-27 – Re: Informational RFC to be: draft-templin-autoconf-dhcp-18.tx / nformational RFC to be: draft-templin-autoconf-dhcp-18.txt Title: e: Informational RFC to be: draft-templin-autoconf-dhcp-18.txt URL: http://www.ietf.org/internet-drafts/draft-templin-autoconf-dhcp-18.txt Date: 2008-10-27 – Approved by the IESG as ent Action: ‘Requirements for Management of Title: Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-overload-reqs-05.txt Date: 2008-10-27 – Last Call: draft-ietf-l1vpn-ospfv3-auto-discovery (OSPFv3 Base / Call: draft-ietf-l1vpn-ospfv3-auto-discovery (OSPFv3 Based Title: ast Call: draft-ietf-l1vpn-ospfv3-auto-discovery (OSPFv3 Based URL: http://www.ietf.org/internet-drafts/draft-ietf-l1vpn-ospfv3-auto-discovery-02.txt Date: 2008-10-27 – Last Call: draft-ietf-ospf-lls (OSPF Link-local Signaling) t / Call: draft-ietf-ospf-lls (OSPF Link-local Signaling) to Title: ast Call: draft-ietf-ospf-lls (OSPF Link-local Signaling) to URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-lls-05.txt Date: 2008-10-27 – Last Call: draft-hoffman-dac-vbr (Vouch By Reference) t / Call: draft-hoffman-dac-vbr (Vouch By Reference) to Title: ast Call: draft-hoffman-dac-vbr (Vouch By Reference) to URL: http://www.ietf.org/internet-drafts/draft-hoffman-dac-vbr-04.txt Date: 2008-10-28 – Last Call: draft-ietf-radext-design (RADIUS Design Guidelines / Call: draft-ietf-radext-design (RADIUS Design Guidelines) Title: ast Call: draft-ietf-radext-design (RADIUS Design Guidelines) URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-design-05.txt Date: 2008-10-28 – Last Call: draft-ietf-radext-management-authorization (Remot / Call: draft-ietf-radext-management-authorization (Remote Title: ast Call: draft-ietf-radext-management-authorization (Remote URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-management-authorization-06.txt Date: 2008-10-28 – Approved by the IESG as col Action: ‘CAPWAP Access Controller DHCP Option’ Title: CAPWAP Access Contro URL: http://www.ietf.org/internet-drafts/draft-ietf-capwap-dhc-ac-option-02.txt Date: 2008-10-29 – Approved by the IESG as col Action: ‘Information Model and XML Data Model Title: Information Model a URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-storetraceroutes-12.txt Date: 2008-10-30 – Last Call: draft-ietf-tcpm-rfc4138bis (Forward RTO-Recover / Call: draft-ietf-tcpm-rfc4138bis (Forward RTO-Recovery Title: ast Call: draft-ietf-tcpm-rfc4138bis (Forward RTO-Recovery URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-rfc4138bis-04.txt Date: 2008-10-30 – Approved by the IESG as Proposed Standard Title: RPCSEC_GSS Version 2 URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-rpcsec-gss-v2-06.txt Date: 2008-10-30 – Approved by the IESG as ent Action: ‘JWT Report on MPLS Architectural Title: JWT Report on M URL: http://www.ietf.org/internet-drafts/draft-bryant-mpls-tp-jwt-report-00.txt Date: 2008-10-30 – Last Call: draft-ietf-pim-rpf-vector (The RPF Vector TLV) t / Call: draft-ietf-pim-rpf-vector (The RPF Vector TLV) to Title: ast Call: draft-ietf-pim-rpf-vector (The RPF Vector TLV) to URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-rpf-vector-06.txt Date: 2008-10-30 – Last Call: draft-ietf-kitten-gssapi-channel-binding / Call: draft-ietf-kitten-gssapi-channel-bindings Title: ast Call: draft-ietf-kitten-gssapi-channel-bindings URL: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-channel-bindings-05.txt Date: 2008-10-30 – Approved by the IESG as col Action: ‘ISIS Extensions in Support of Title: ISIS Extensi URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-isis-interas-te-extension-04.txt Date: 2008-10-30 – Last Call: draft-ietf-nfsv4-rfc1831bis (RPC: Remote Procedur / Call: draft-ietf-nfsv4-rfc1831bis (RPC: Remote Procedure Title: ast Call: draft-ietf-nfsv4-rfc1831bis (RPC: Remote Procedure URL: http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-rfc1831bis-10.txt Date: 2008-10-30 – Last Call: draft-ietf-smime-3850bis (Secure/Multipurpos / Call: draft-ietf-smime-3850bis (Secure/Multipurpose Title: ast Call: draft-ietf-smime-3850bis (Secure/Multipurpose URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-3850bis-08.txt Date: 2008-10-30 – Last Call: draft-ietf-smime-3851bis (Secure/Multipurpos / Call: draft-ietf-smime-3851bis (Secure/Multipurpose Title: ast Call: draft-ietf-smime-3851bis (Secure/Multipurpose URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-3851bis-08.txt Date: 2008-10-30 – Approved by the IESG as col Action: ‘OSPF Extensions in Support of Title: OSPF Extensi URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-ospf-interas-te-extension-06.txt Date: 2008-10-31 – Approved by the IESG as col Action: ‘Example calls flows of race Title: Example ca URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-race-examples-06.txt Date: 2008-10-31 – Approved by the IESG as ent Action: ‘The Session Initiation Protocol (SIP) Title: The Session Initiati URL: http://www.ietf.org/internet-drafts/draft-hautakorpi-sipping-uri-list-handling-refused-03.txt Date: 2008-10-31 – Last Call: draft-ietf-tsvwg-rsvp-proxy-proto (RSVP Extension / Call: draft-ietf-tsvwg-rsvp-proxy-proto (RSVP Extensions Title: ast Call: draft-ietf-tsvwg-rsvp-proxy-proto (RSVP Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-proxy-proto-07.txt]]> 1442 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-7/ Fri, 01 Jan 2010 14:16:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1618 1618 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-11/ Fri, 01 Jan 2010 14:19:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1620

Please note that due to ongoing change of document status, links below can be invalid. In this case, we ask you to use a search engine to find the relevant file. Date: 2009-11-02 – Last Call: draft-ietf-ccamp-lsp-dppm (Label Switched Path (LSP) Dynamic Provisioning Performance Metrics in Generalized MPLS Networks) to Proposed Standar / Call: draft-ietf-ccamp-lsp-dppm (Label Switched Path (LSP) Dynamic Provisioning Performance Metrics in Generalized MPLS Networks) to Proposed Standard Title: ast Call: draft-ietf-ccamp-lsp-dppm (Label Switched Path (LSP) Dynamic Provisioning Performance Metrics in Generalized MPLS Networks) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-lsp-dppm-10.txt Date: 2009-11-02 – Approved by the IESG as Proposed Standard Title: URI Scheme for GSM Short Message Service URL: http://www.ietf.org/internet-drafts/draft-wilde-sms-uri-20.txt Date: 2009-11-06 – Approved by the IESG as Experimental RFC Title: Basic HIP Extensions for Traversal of Network Address Translators URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-nat-traversal-09.txt Date: 2009-11-07 – Last Call: draft-ietf-pkix-attr-cert-mime-type (The application/pkix-attr-cert Content Type for Attribute Certificates) to Informational RF / Call: draft-ietf-pkix-attr-cert-mime-type (The application/pkix-attr-cert Content Type for Attribute Certificates) to Informational RFC Title: ast Call: draft-ietf-pkix-attr-cert-mime-type (The application/pkix-attr-cert Content Type for Attribute Certificates) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-attr-cert-mime-type-... Date: 2009-11-07 – Last Call: draft-ietf-pkix-new-asn1 (New ASN.1 Modules for PKIX) to Informational RF / Call: draft-ietf-pkix-new-asn1 (New ASN.1 Modules for PKIX) to Informational RFC Title: ast Call: draft-ietf-pkix-new-asn1 (New ASN.1 Modules for PKIX) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-asn1-07.txt Date: 2009-11-07 – Last Call: draft-ietf-pkix-rfc3161-update (ESSCertIDv2 update for RFC 3161) to Proposed Standar / Call: draft-ietf-pkix-rfc3161-update (ESSCertIDv2 update for RFC 3161) to Proposed Standard Title: ast Call: draft-ietf-pkix-rfc3161-update (ESSCertIDv2 update for RFC 3161) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3161-update-09.txt Date: 2009-11-07 – Approved by the IESG as Proposed Standard Title: Trust Anchor Format URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-ta-format-04.txt Date: 2009-11-07 – Approved by the IESG as Proposed Standard Title: Change Process for the Session Initiation Protocol (SIP) and the Real- time Applications and Infrastructure Area URL: http://www.ietf.org/internet-drafts/draft-peterson-rai-rfc3427bis-04.txt Date: 2009-11-07 – Approved by the IESG as Experimental RFC Title: IPv6 Configuration in IKEv2 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ikev2-ipv6-config... Date: 2009-11-07 – Approved by the IESG as Proposed Standard Title: PA-TNC: A Posture Attribute Protocol (PA) Compatible with TNC URL: http://www.ietf.org/internet-drafts/draft-ietf-nea-pa-tnc-06.txt Date: 2009-11-07 – Approved by the IESG as Experimental RFC Title: Use of TESLA in the ALC and NORM Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-msec-tesla-for-alc-norm-1... Date: 2009-11-09 – Approved by the IESG as Proposed Standard Title: MPLS TP Network Management Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-nm-req-06.txt Date: 2009-11-09 – Approved by the IESG as Proposed Standard Title: Asynchronous Layered Coding (ALC) Protocol Instantiation URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-pi-alc-revised-10.txt Date: 2009-11-09 – Approved by the IESG as Proposed Standard Title: Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) X.509 Certificates URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-eku-08.txt Date: 2009-11-10 – Approved by the IESG as Proposed Standard Title: Connection Reuse in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-connect-reuse-14.txt Date: 2009-11-10 – Last Call: draft-lha-gssapi-delegate-policy (GSS-API: Delegate if approved by policy) to Proposed Standar / Call: draft-lha-gssapi-delegate-policy (GSS-API: Delegate if approved by policy) to Proposed Standard Title: ast Call: draft-lha-gssapi-delegate-policy (GSS-API: Delegate if approved by policy) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-lha-gssapi-delegate-policy-04.txt Date: 2009-11-11 – Last Call: draft-ietf-nsis-qos-nslp (NSLP for Quality-of-Service Signaling) to Experimental RF / Call: draft-ietf-nsis-qos-nslp (NSLP for Quality-of-Service Signaling) to Experimental RFC Title: ast Call: draft-ietf-nsis-qos-nslp (NSLP for Quality-of-Service Signaling) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-qos-nslp-17.txt Date: 2009-11-11 – Last Call: draft-ietf-nsis-qspec (QoS NSLP QSPEC Template) to Informational RF / Call: draft-ietf-nsis-qspec (QoS NSLP QSPEC Template) to Informational RFC Title: ast Call: draft-ietf-nsis-qspec (QoS NSLP QSPEC Template) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-qspec-22.txt Date: 2009-11-11 – Approved by the IESG as Informational RFC Title: New ASN.1 Modules for CMS and S/MIME URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-new-asn1-07.txt Date: 2009-11-09 – [Rmt] Approved by the IESG as Proposed Standard Title: Asynchronous Layered Coding (ALC) Protocol Instantiation URL: http://www.ietf.org/internet-drafts/draft-ietf-rmt-pi-alc-revised-10.txt Date: 2009-11-17 – Approved by the IESG as Proposed Standard Title: RTCP Extensions for Single-Source Multicast Sessions with Unicast Feedback URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtcpssm-19.txt Date: 2009-11-18 – Last Call: draft-eastlake-nlpid-iana-considerations (IANA Considerations for NLPIDs) to BC / Call: draft-eastlake-nlpid-iana-considerations (IANA Considerations for NLPIDs) to BCP Title: ast Call: draft-eastlake-nlpid-iana-considerations (IANA Considerations for NLPIDs) to BCP URL: http://www.ietf.org/internet-drafts/draft-eastlake-nlpid-iana-considerat... Date: 2009-11-18 – Last Call: draft-ietf-hip-native-api (Basic Socket Interface Extensions for Host Identity Protocol (HIP)) to Experimental RF / Call: draft-ietf-hip-native-api (Basic Socket Interface Extensions for Host Identity Protocol (HIP)) to Experimental RFC Title: ast Call: draft-ietf-hip-native-api (Basic Socket Interface Extensions for Host Identity Protocol (HIP)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-09.txt Date: 2009-11-18 – Last Call: draft-ietf-16ng-ipv4-over-802-dot-16-ipcs (Transmission of IPv4 packets over IEEE 802. / Call: draft-ietf-16ng-ipv4-over-802-dot-16-ipcs (Transmission of IPv4 packets over IEEE 802.16′s IP Convergence Sublayer) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv4-over-802-dot-16... Date: 2009-11-18 – Last Call: draft-ietf-csi-sndp-prob (Securing Neighbor Discovery Proxy Problem Statement) to Informational RF / Call: draft-ietf-csi-sndp-prob (Securing Neighbor Discovery Proxy Problem Statement) to Informational RFC Title: ast Call: draft-ietf-csi-sndp-prob (Securing Neighbor Discovery Proxy Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-sndp-prob-03.txt Date: 2009-11-18 – Last Call: draft-cheshire-dnsext-multicastdns (Multicast DNS) to Informational RF / Call: draft-cheshire-dnsext-multicastdns (Multicast DNS) to Informational RFC Title: ast Call: draft-cheshire-dnsext-multicastdns (Multicast DNS) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-cheshire-dnsext-multicastdns-0... Date: 2009-11-20 – Last Call: draft-ietf-rohc-rfc4995bis (The RObust Header Compression (ROHC) Framework) to Proposed Standar / Call: draft-ietf-rohc-rfc4995bis (The RObust Header Compression (ROHC) Framework) to Proposed Standard Title: ast Call: draft-ietf-rohc-rfc4995bis (The RObust Header Compression (ROHC) Framework) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc4995bis-01.txt Date: 2009-11-20 – Approved by the IESG as BCP Title: IESG Procedures for Handling of Independent and IRTF Stream Submissions URL: http://www.ietf.org/internet-drafts/draft-housley-iesg-rfc3932bis-12.txt Date: 2009-11-23 – Last Call: draft-ietf-capwap-802dot11-mib (CAPWAP Protocol Binding MIB for IEEE 802.11) to Informational RF / Call: draft-ietf-capwap-802dot11-mib (CAPWAP Protocol Binding MIB for IEEE 802.11) to Informational RFC Title: ast Call: draft-ietf-capwap-802dot11-mib (CAPWAP Protocol Binding MIB for IEEE 802.11) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-capwap-802dot11-mib-05.txt Date: 2009-11-23 – Last Call: draft-ietf-capwap-base-mib (CAPWAP Protocol Base MIB) to Informational RF / Call: draft-ietf-capwap-base-mib (CAPWAP Protocol Base MIB) to Informational RFC Title: ast Call: draft-ietf-capwap-base-mib (CAPWAP Protocol Base MIB) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-capwap-base-mib-06.txt Date: 2009-11-23 – Approved by the IESG as Informational RFC Title: LDAP schema for storing SCRAM secrets URL: http://www.ietf.org/internet-drafts/draft-melnikov-sasl-scram-ldap-04.txt Date: 2009-11-23 – Re: Informational RFC to be: draft-nsri-aria-03.tx / nformational RFC to be: draft-nsri-aria-03.txt Title: e: Informational RFC to be: draft-nsri-aria-03.txt URL: http://www.ietf.org/internet-drafts/draft-nsri-aria-03.txt Date: 2009-11-24 – Last Call: draft-ietf-tcpm-early-rexmt (Early Retransmit for TCP and SCTP) to Experimental RF / Call: draft-ietf-tcpm-early-rexmt (Early Retransmit for TCP and SCTP) to Experimental RFC Title: ast Call: draft-ietf-tcpm-early-rexmt (Early Retransmit for TCP and SCTP) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-early-rexmt-03.txt Date: 2009-11-25 – Last Call: rfc3848 (ESMTP and LMTP Transmission Types Registration) to Draft Standar / Call: rfc3848 (ESMTP and LMTP Transmission Types Registration) to Draft Standard Title: ast Call: rfc3848 (ESMTP and LMTP Transmission Types Registration) to Draft Standard URL: http://www.ietf.org/rfc/rfc3848.txt Date: 2009-11-25 – Last Call: draft-ietf-ccamp-confirm-data-channel-status (Data Channel Status Confirmation Extensions for the Link Management Protocol) to Proposed Standar / Call: draft-ietf-ccamp-confirm-data-channel-status (Data Channel Status Confirmation Extensions for the Link Management Protocol) to Proposed Standard Title: ast Call: draft-ietf-ccamp-confirm-data-channel-status (Data Channel Status Confirmation Extensions for the Link Management Protocol) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-confirm-data-channe... Date: 2009-11-30 – Last Call: draft-ietf-tsvwg-emergency-rsvp (Resource ReSerVation Protocol (RSVP) Extensions for Admission Priority) to Proposed Standar / Call: draft-ietf-tsvwg-emergency-rsvp (Resource ReSerVation Protocol (RSVP) Extensions for Admission Priority) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-emergency-rsvp (Resource ReSerVation Protocol (RSVP) Extensions for Admission Priority) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-emergency-rsvp-14.txt Date: 2009-11-30 – Last Call: draft-ietf-fecframe-dvb-al-fec (DVB-IPTV Application-Layer Hybrid FEC Protection) to Informational RF / Call: draft-ietf-fecframe-dvb-al-fec (DVB-IPTV Application-Layer Hybrid FEC Protection) to Informational RFC Title: ast Call: draft-ietf-fecframe-dvb-al-fec (DVB-IPTV Application-Layer Hybrid FEC Protection) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-fecframe-dvb-al-fec-03.txt Date: 2009-11-30 – Last Call: draft-ietf-fecframe-interleaved-fec-scheme (RTP Payload Format for 1-D Interleaved Parity FEC) to Proposed Standar / Call: draft-ietf-fecframe-interleaved-fec-scheme (RTP Payload Format for 1-D Interleaved Parity FEC) to Proposed Standard Title: ast Call: draft-ietf-fecframe-interleaved-fec-scheme (RTP Payload Format for 1-D Interleaved Parity FEC) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-fecframe-interleaved-fec-... Date: 2009-11-30 – Last Call: draft-ietf-dkim-deployment (DomainKeys Identified Mail (DKIM) Development, Deployment and Operations) to Informational RF / Call: draft-ietf-dkim-deployment (DomainKeys Identified Mail (DKIM) Development, Deployment and Operations) to Informational RFC Title: ast Call: draft-ietf-dkim-deployment (DomainKeys Identified Mail (DKIM) Development, Deployment and Operations) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-dkim-deployment-09.txt Date: 2009-11-30 – Last Call: draft-ietf-tls-renegotiation (Transport Layer Security (TLS) Renegotiation Indication Extension) to Proposed Standar / Call: draft-ietf-tls-renegotiation (Transport Layer Security (TLS) Renegotiation Indication Extension) to Proposed Standard Title: ast Call: draft-ietf-tls-renegotiation (Transport Layer Security (TLS) Renegotiation Indication Extension) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-01.txt Date: 2009-11-30 – Last Call: draft-duerst-mailto-bis (Th / Call: draft-duerst-mailto-bis (The ‘mailto’ URI Scheme) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-duerst-mailto-bis-07.txt Date: 2009-11-30 – Last Call: draft-duerst-mailto-bis (Th / Call: draft-duerst-mailto-bis (The ‘mailto’ URI Scheme) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-duerst-mailto-bis-07.txt Date: 2009-11-30 – Approved by the IESG as Proposed Standard Title: Handling of overlapping IPv6 fragments URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-overlap-fragment-03.txt Date: 2009-11-30 – Approved by the IESG as Experimental RFC Title: IMAP Support for UTF-8 URL: http://www.ietf.org/internet-drafts/draft-ietf-eai-imap-utf8-09.txt Date: 2009-11-30 – Approved by the IESG as Proposed Standard Title: Post-Repair Loss RLE Report Block Type for RTCP XR URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-post-repair-rtcp-xr-0... Date: 2009-12-04 – Last Call: draft-ietf-geopriv-geo-uri (A Uniform Resource Identifier for Geographic Locations / Call: draft-ietf-geopriv-geo-uri (A Uniform Resource Identifier for Geographic Locations (‘geo’ URI)) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-geo-uri-04.txt Date: 2009-12-04 – Last Call: draft-atlas-icmp-unnumbered (Extending ICMP for Interface and Next-hop Identification) to Proposed Standar / Call: draft-atlas-icmp-unnumbered (Extending ICMP for Interface and Next-hop Identification) to Proposed Standard Title: ast Call: draft-atlas-icmp-unnumbered (Extending ICMP for Interface and Next-hop Identification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-atlas-icmp-unnumbered-07.txt Date: 2009-12-04 – Last Call: draft-xli-behave-ivi (The CERNET IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition) to Experimental RF / Call: draft-xli-behave-ivi (The CERNET IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition) to Experimental RFC Title: ast Call: draft-xli-behave-ivi (The CERNET IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-xli-behave-ivi-05.txt Date: 2009-12-04 – Last Call: draft-bryan-http-digest-algorithm-values-update (Additional Hash Algorithms for HTTP Instance Digests) to Informational RF / Call: draft-bryan-http-digest-algorithm-values-update (Additional Hash Algorithms for HTTP Instance Digests) to Informational RFC Title: ast Call: draft-bryan-http-digest-algorithm-values-update (Additional Hash Algorithms for HTTP Instance Digests) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-bryan-http-digest-algorithm-va... Date: 2009-12-04 – Last Call: draft-ohba-pana-pemk (Definition of Master Key between PANA Client and Enforcement Point) to Proposed Standar / Call: draft-ohba-pana-pemk (Definition of Master Key between PANA Client and Enforcement Point) to Proposed Standard Title: ast Call: draft-ohba-pana-pemk (Definition of Master Key between PANA Client and Enforcement Point) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ohba-pana-pemk-03.txt Date: 2009-12-04 – Last Call: draft-ietf-ccamp-gmpls-ethernet-arch (Generalized Multi-Protocol Label Switching (GMPLS) Ethernet Label Switching Architecture and Framework) to Informational RF / Call: draft-ietf-ccamp-gmpls-ethernet-arch (Generalized Multi-Protocol Label Switching (GMPLS) Ethernet Label Switching Architecture and Framework) to Informational RFC Title: ast Call: draft-ietf-ccamp-gmpls-ethernet-arch (Generalized Multi-Protocol Label Switching (GMPLS) Ethernet Label Switching Architecture and Framework) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-ethernet-arch... Date: 2009-12-04 – Last Call: draft-giralt-schac-ns (Definition of a Uniform Resource Name (URN) Namespace for the Schema for Academia (SCHAC)) to Informational RF / Call: draft-giralt-schac-ns (Definition of a Uniform Resource Name (URN) Namespace for the Schema for Academia (SCHAC)) to Informational RFC Title: ast Call: draft-giralt-schac-ns (Definition of a Uniform Resource Name (URN) Namespace for the Schema for Academia (SCHAC)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-giralt-schac-ns-02.txt Date: 2009-12-07 – Approved by the IESG as Experimental RFC Title: NAT Behavior Discovery Using STUN URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-nat-behavior-disco... Date: 2009-12-07 – Approved by the IESG as Informational RFC Title: The SatLabs Group DVB-RCS MIB URL: http://www.ietf.org/internet-drafts/draft-combes-ipdvb-mib-rcs-08.txt Date: 2009-12-07 – Re: Experimental RFC to be: draft-wu-softwire-4over6-03.tx / xperimental RFC to be: draft-wu-softwire-4over6-03.txt Title: e: Experimental RFC to be: draft-wu-softwire-4over6-03.txt URL: http://www.ietf.org/internet-drafts/draft-wu-softwire-4over6-03.txt Date: 2009-12-07 – Re: Historic to be: draft-levy-sip-diversion-10.tx / istoric to be: draft-levy-sip-diversion-10.txt Title: e: Historic to be: draft-levy-sip-diversion-10.txt URL: http://www.ietf.org/internet-drafts/draft-levy-sip-diversion-10.txt Date: 2009-12-08 – Approved by the IESG as Proposed Standard Title: Distribution of EAP based keys for handover and re-authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-hokey-key-mgm-13.txt Date: 2009-12-08 – Approved by the IESG as Informational RFC Title: IANA Registry Update for Support of the SEED Cipher Algorithm in the Multimedia Internet KEYing (MIKEY) URL: http://www.ietf.org/internet-drafts/draft-seokung-msec-mikey-seed-05.txt Date: 2009-12-08 – Last Call: draft-ietf-sipping-config-framework (A Framework for Session Initiation Protocol User Agent Profile Delivery) to Proposed Standar / Call: draft-ietf-sipping-config-framework (A Framework for Session Initiation Protocol User Agent Profile Delivery) to Proposed Standard Title: ast Call: draft-ietf-sipping-config-framework (A Framework for Session Initiation Protocol User Agent Profile Delivery) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipping-config-framework-... Date: 2009-12-08 – Re: Informational RFC to be: draft-irtf-p2prg-rtc-security-05.tx / nformational RFC to be: draft-irtf-p2prg-rtc-security-05.txt Title: e: Informational RFC to be: draft-irtf-p2prg-rtc-security-05.txt URL: http://www.ietf.org/internet-drafts/draft-irtf-p2prg-rtc-security-05.txt Date: 2009-12-10 – Last Call: draft-ohba-802dot21-basic-schema (IEEE 802.21 Basic Schema) to Informational RF / Call: draft-ohba-802dot21-basic-schema (IEEE 802.21 Basic Schema) to Informational RFC Title: ast Call: draft-ohba-802dot21-basic-schema (IEEE 802.21 Basic Schema) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ohba-802dot21-basic-schema-06.txt Date: 2009-12-10 – Approved by the IESG as Proposed Standard Title: Lightweight IGMPv3 and MLDv2 Protocols URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-lightweight-igmpv3... Date: 2009-12-10 – Approved by the IESG as Proposed Standard Title: PATCH Method for HTTP URL: http://www.ietf.org/internet-drafts/draft-dusseault-http-patch-16.txt Date: 2009-12-10 – Approved by the IESG as Informational RFC Title: RFC 2731 (“Encoding Dublin Core Metadata in HTML”) is Obsolete URL: http://www.ietf.org/internet-drafts/draft-reschke-rfc2731bis-05.txt Date: 2009-12-10 – Last Call: draft-turner-ecprivatekey (Elliptic Curve Private Key Structure) to Informational RF / Call: draft-turner-ecprivatekey (Elliptic Curve Private Key Structure) to Informational RFC Title: ast Call: draft-turner-ecprivatekey (Elliptic Curve Private Key Structure) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-turner-ecprivatekey-02.txt Date: 2009-12-10 – Last Call: draft-ietf-smime-cms-rsa-kem (Use of the RSA-KEM Key Transport Algorithm in CMS) to Proposed Standar / Call: draft-ietf-smime-cms-rsa-kem (Use of the RSA-KEM Key Transport Algorithm in CMS) to Proposed Standard Title: ast Call: draft-ietf-smime-cms-rsa-kem (Use of the RSA-KEM Key Transport Algorithm in CMS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsa-kem-10.txt Date: 2009-12-10 – Last Call: draft-josefsson-kerberos5-starttls (Using Kerberos V5 over the Transport Layer Security (TLS) protocol) to Informational RF / Call: draft-josefsson-kerberos5-starttls (Using Kerberos V5 over the Transport Layer Security (TLS) protocol) to Informational RFC Title: ast Call: draft-josefsson-kerberos5-starttls (Using Kerberos V5 over the Transport Layer Security (TLS) protocol) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-josefsson-kerberos5-starttls-0... Date: 2009-12-10 – Approved by the IESG as Proposed Standard Title: Sieve Email Filtering: Sieves and display directives in XML URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-in-xml-07.txt Date: 2009-12-10 – Approved by the IESG as Proposed Standard Title: PB-TNC: A Posture Broker Protocol (PB) Compatible with TNC URL: http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-06.txt Date: 2009-12-10 – Last Call: draft-ietf-krb-wg-preauth-framework (A Generalized Framework for Kerberos Pre-Authentication) to Proposed Standar / Call: draft-ietf-krb-wg-preauth-framework (A Generalized Framework for Kerberos Pre-Authentication) to Proposed Standard Title: ast Call: draft-ietf-krb-wg-preauth-framework (A Generalized Framework for Kerberos Pre-Authentication) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-... Date: 2009-12-10 – Last Call: draft-kato-tls-rfc4132bis (Camellia Cipher Suites for TLS) to Proposed Standar / Call: draft-kato-tls-rfc4132bis (Camellia Cipher Suites for TLS) to Proposed Standard Title: ast Call: draft-kato-tls-rfc4132bis (Camellia Cipher Suites for TLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-kato-tls-rfc4132bis-04.txt Date: 2009-12-11 – Approved by the IESG as Proposed Standard Title: BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-2547bis-mcast-bgp-0... Date: 2009-12-11 – Last Call: draft-bryan-metalink (The Metalink Download Description Format) to Proposed Standar / Call: draft-bryan-metalink (The Metalink Download Description Format) to Proposed Standard Title: ast Call: draft-bryan-metalink (The Metalink Download Description Format) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-bryan-metalink-24.txt Date: 2009-12-14 – Last Call: draft-brown-versioning-link-relations (Link Relations for Simple Version Navigation) to Informational RF / Call: draft-brown-versioning-link-relations (Link Relations for Simple Version Navigation) to Informational RFC Title: ast Call: draft-brown-versioning-link-relations (Link Relations for Simple Version Navigation) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-brown-versioning-link-relation... Date: 2009-12-15 – Last Call: draft-ietf-pana-preauth (Pre-authentication Support for PANA) to Experimental RF / Call: draft-ietf-pana-preauth (Pre-authentication Support for PANA) to Experimental RFC Title: ast Call: draft-ietf-pana-preauth (Pre-authentication Support for PANA) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pana-preauth-08.txt Date: 2009-12-16 – Last Call: draft-ietf-behave-turn-uri (Traversal Using Relays around NAT (TURN) Resolution Mechanism) to Proposed Standar / Call: draft-ietf-behave-turn-uri (Traversal Using Relays around NAT (TURN) Resolution Mechanism) to Proposed Standard Title: ast Call: draft-ietf-behave-turn-uri (Traversal Using Relays around NAT (TURN) Resolution Mechanism) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-turn-uri-05.txt Date: 2009-12-16 – Approved by the IESG as Proposed Standard Title: Virtual Router Redundancy Protocol Version 3 for IPv4 and IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-vrrp-unified-spec-05.txt Date: 2009-12-18 – Last Call: draft-ietf-trill-rbridge-protocol (Rbridges: Base Protocol Specification) to Proposed Standar / Call: draft-ietf-trill-rbridge-protocol (Rbridges: Base Protocol Specification) to Proposed Standard Title: ast Call: draft-ietf-trill-rbridge-protocol (Rbridges: Base Protocol Specification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-trill-rbridge-protocol-14... Date: 2009-12-21 – Last Call: draft-ietf-ippm-framework-compagg (Framework for Metric Composition) to Informational RF / Call: draft-ietf-ippm-framework-compagg (Framework for Metric Composition) to Informational RFC Title: ast Call: draft-ietf-ippm-framework-compagg (Framework for Metric Composition) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-framework-compagg-09... Date: 2009-12-21 – Approved by the IESG as Proposed Standard Title: OSPFv3 as a PE-CE routing protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-ospfv3-pece-04.txt Date: 2009-12-21 – Approved by the IESG as Informational RFC Title: The rsync URI Scheme URL: http://www.ietf.org/internet-drafts/draft-weiler-rsync-uri-01.txt Date: 2009-12-21 – Approved by the IESG as Proposed Standard Title: Traffic Classification and Quality of Service Attributes for Diameter URL: http://www.ietf.org/internet-drafts/draft-ietf-dime-qos-attributes-15.txt Date: 2009-12-21 – Last Call: draft-jabley-sink-arpa (The Eternal Non-Existence of SINK.ARPA (and other stories)) to BC / Call: draft-jabley-sink-arpa (The Eternal Non-Existence of SINK.ARPA (and other stories)) to BCP Title: ast Call: draft-jabley-sink-arpa (The Eternal Non-Existence of SINK.ARPA (and other stories)) to BCP URL: http://www.ietf.org/internet-drafts/draft-jabley-sink-arpa-02.txt Date: 2009-12-21 – Approved by the IESG as Proposed Standard Title: Definitions of Managed Objects for IP Flow Information Export URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-mib-09.txt Date: 2009-12-21 – Approved by the IESG as Proposed Standard Title: IMAP4 Extension for returning STATUS information in extended LIST URL: http://www.ietf.org/internet-drafts/draft-ietf-morg-status-in-list-01.txt Date: 2009-12-21 – Approved by the IESG as Proposed Standard Title: FTP Command and Extension Registry URL: http://www.ietf.org/internet-drafts/draft-klensin-ftp-registry-04.txt Date: 2009-12-21 – Re: Historic to be: draft-spencer-usefor-son-of-1036-01.tx / istoric to be: draft-spencer-usefor-son-of-1036-01.txt Title: e: Historic to be: draft-spencer-usefor-son-of-1036-01.txt URL: http://www.ietf.org/internet-drafts/draft-spencer-usefor-son-of-1036-01.txt Date: 2009-12-21 – Re: Experimental RFC to be: draft-zeilenga-ldap-txn-15.tx / xperimental RFC to be: draft-zeilenga-ldap-txn-15.txt Title: e: Experimental RFC to be: draft-zeilenga-ldap-txn-15.txt URL: http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-txn-15.txt Date: 2009-12-21 – Re: Experimental RFC to be: draft-hajjeh-tls-identity-protection-09.tx / xperimental RFC to be: draft-hajjeh-tls-identity-protection-09.txt Title: e: Experimental RFC to be: draft-hajjeh-tls-identity-protection-09.txt URL: http://www.ietf.org/internet-drafts/draft-hajjeh-tls-identity-protection... Date: 2009-12-22 – Approved by the IESG as Informational RFC Title: EAP Authentication Using Only A Password URL: http://www.ietf.org/internet-drafts/draft-harkins-emu-eap-pwd-12.txt Date: 2009-12-22 – Approved by the IESG as Proposed Standard Title: Authentication and Confidentiality in PIM-SM Link-local Messages URL: http://www.ietf.org/internet-drafts/draft-ietf-pim-sm-linklocal-10.txt Date: 2009-12-22 – Approved by the IESG as Proposed Standard Title: IMAP4 Keyword Registry URL: http://www.ietf.org/internet-drafts/draft-melnikov-imap-keywords-10.txt Date: 2009-12-22 – Last Call: draft-ietf-6man-iana-routing-header (IANA Allocation Guidelines for the IPv6 Routing Header) to Proposed Standar / Call: draft-ietf-6man-iana-routing-header (IANA Allocation Guidelines for the IPv6 Routing Header) to Proposed Standard Title: ast Call: draft-ietf-6man-iana-routing-header (IANA Allocation Guidelines for the IPv6 Routing Header) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-iana-routing-header-... Date: 2010-01-04 – Last Call: draft-roach-sip-http-subscribe (A SIP Event Package for Subscribing to Changes to an HTTP Resource) to Proposed Standar / Call: draft-roach-sip-http-subscribe (A SIP Event Package for Subscribing to Changes to an HTTP Resource) to Proposed Standard Title: ast Call: draft-roach-sip-http-subscribe (A SIP Event Package for Subscribing to Changes to an HTTP Resource) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-roach-sip-http-subscribe-06.txt Date: 2010-01-04 – Last Call: draft-jabley-reverse-servers (Nameservers for IPv4 and IPv6 Reverse Zones) to Proposed Standar / Call: draft-jabley-reverse-servers (Nameservers for IPv4 and IPv6 Reverse Zones) to Proposed Standard Title: ast Call: draft-jabley-reverse-servers (Nameservers for IPv4 and IPv6 Reverse Zones) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-jabley-reverse-servers-01.txt Date: 2010-01-04 – Approved by the IESG as Proposed Standard Title: Advertising a Router’s Local Addresses in OSPF TE Extensions URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-te-node-addr-07.txt Date: 2010-01-07 – Approved by the IESG as Proposed Standard Title: Transport Layer Security (TLS) Renegotiation Indication Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-03.txt Date: 2010-01-08 – Last Call: draft-allbery-afs-srv-records (DNS SRV Resource Records for AFS) to Proposed Standar / Call: draft-allbery-afs-srv-records (DNS SRV Resource Records for AFS) to Proposed Standard Title: ast Call: draft-allbery-afs-srv-records (DNS SRV Resource Records for AFS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-allbery-afs-srv-records-03.txt Date: 2010-01-11 – Approved by the IESG as Proposed Standard Title: Internationalized Domain Names in Applications (IDNA): Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-idnabis-protocol-18.txt Date: 2010-01-11 – Approved by the IESG as Proposed Standard Title: Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-idnabis-defs-13.txt Date: 2010-01-11 – Approved by the IESG as Proposed Standard Title: ESSCertIDv2 update for RFC 3161 URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3161-update-09.txt Date: 2010-01-11 – Approved by the IESG as Informational RFC Title: Framework for Metric Composition URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-framework-compagg-09... Date: 2010-01-11 – Approved by the IESG as Informational RFC Title: Guidelines for Implementing DVB-IPTV Application-Layer Hybrid FEC Protection URL: http://www.ietf.org/internet-drafts/draft-ietf-fecframe-dvb-al-fec-04.txt Date: 2010-01-11 – Approved by the IESG as Informational RFC Title: The CERNET IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition URL: http://www.ietf.org/internet-drafts/draft-xli-behave-ivi-07.txt Date: 2010-01-11 – Re: Informational RFC to be: draft-dolmatov-cryptocom-gost2814789-08.tx / nformational RFC to be: draft-dolmatov-cryptocom-gost2814789-08.txt Title: e: Informational RFC to be: draft-dolmatov-cryptocom-gost2814789-08.txt URL: http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost2814789... Date: 2010-01-11 – Re: Informational RFC to be: draft-dolmatov-cryptocom-gost34102001-08.tx / nformational RFC to be: draft-dolmatov-cryptocom-gost34102001-08.txt Title: e: Informational RFC to be: draft-dolmatov-cryptocom-gost34102001-08.txt URL: http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost3410200... Date: 2010-01-11 – Re: Informational RFC to be: draft-dolmatov-cryptocom-gost341194-07.tx / nformational RFC to be: draft-dolmatov-cryptocom-gost341194-07.txt Title: e: Informational RFC to be: draft-dolmatov-cryptocom-gost341194-07.txt URL: http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost341194-... Date: 2010-01-11 – Approved by the IESG as Proposed Standard Title: Definition of Master Key between PANA Client and Enforcement Point URL: http://www.ietf.org/internet-drafts/draft-ohba-pana-pemk-04.txt Date: 2010-01-11 – Approved by the IESG as Proposed Standard Title: The Unicode code points and IDNA URL: http://www.ietf.org/internet-drafts/draft-ietf-idnabis-tables-09.txt Date: 2010-01-11 – Approved by the IESG as Proposed Standard Title: Defining Well-Known URIs URL: http://www.ietf.org/internet-drafts/draft-nottingham-site-meta-05.txt Date: 2010-01-12 – Approved by the IESG as Proposed Standard Title: Using GSS-API Mechanisms in SASL: The GS2 Mechanism Family URL: http://www.ietf.org/internet-drafts/draft-ietf-sasl-gs2-20.txt Date: 2010-01-13 – Last Call: draft-ietf-sipcore-199 (Response Code for Indication of Terminated Dialog) to Proposed Standar / Call: draft-ietf-sipcore-199 (Response Code for Indication of Terminated Dialog) to Proposed Standard Title: ast Call: draft-ietf-sipcore-199 (Response Code for Indication of Terminated Dialog) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipcore-199-02.txt Date: 2010-01-13 – Approved by the IESG as Informational RFC Title: Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale URL: http://www.ietf.org/internet-drafts/draft-ietf-idnabis-rationale-17.txt Date: 2010-01-13 – Approved by the IESG as BCP Title: IANA Considerations for Network Layer Protocol Identifiers URL: http://www.ietf.org/internet-drafts/draft-eastlake-nlpid-iana-considerat... Date: 2010-01-13 – Last Call: draft-ietf-ccamp-pc-spc-rsvpte-ext (RSVP-TE Signaling Extension For Management Plane To Control Plane LSP Handover In A GMPLS Enabled Transport Network.) to Proposed Standar / Call: draft-ietf-ccamp-pc-spc-rsvpte-ext (RSVP-TE Signaling Extension For Management Plane To Control Plane LSP Handover In A GMPLS Enabled Transport Network.) to Proposed Standard Title: ast Call: draft-ietf-ccamp-pc-spc-rsvpte-ext (RSVP-TE Signaling Extension For Management Plane To Control Plane LSP Handover In A GMPLS Enabled Transport Network.) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-pc-spc-rsvpte-ext-0... Date: 2010-01-13 – Approved by the IESG as Proposed Standard Title: Label Switched Path (LSP) Dynamic Provisioning Performance Metrics in Generalized MPLS Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-lsp-dppm-11.txt Date: 2010-01-13 – Approved by the IESG as Proposed Standard Title: Data Channel Status Confirmation Extensions for the Link Management Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-confirm-data-channe... Date: 2010-01-14 – Approved by the IESG as Experimental RFC Title: Displaying Downgraded Messages for Email Address Internationalization URL: http://www.ietf.org/internet-drafts/draft-ietf-eai-downgraded-display-03... Date: 2010-01-14 – Approved by the IESG as Proposed Standard Title: The RObust Header Compression (ROHC) Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-rohc-rfc4995bis-03.txt Date: 2010-01-14 – Last Call: draft-ietf-nsis-y1541-qosm (Y.1541-QOSM — Y.1541 QoS Model for Networks Using Y.1541 QoS Classes) to Informational RF / Call: draft-ietf-nsis-y1541-qosm (Y.1541-QOSM — Y.1541 QoS Model for Networks Using Y.1541 QoS Classes) to Informational RFC Title: ast Call: draft-ietf-nsis-y1541-qosm (Y.1541-QOSM — Y.1541 QoS Model for Networks Using Y.1541 QoS Classes) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-y1541-qosm-08.txt Date: 2010-01-14 – Last Call: draft-ietf-pkix-tamp (Trust Anchor Management Protocol (TAMP)) to Proposed Standar / Call: draft-ietf-pkix-tamp (Trust Anchor Management Protocol (TAMP)) to Proposed Standard Title: ast Call: draft-ietf-pkix-tamp (Trust Anchor Management Protocol (TAMP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-tamp-05.txt Date: 2010-01-14 – Approved by the IESG as BCP Title: IANA Guidelines for IPv4 Multicast Address Assignments URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-rfc3171bis-08.txt Date: 2010-01-15 – Last Call: draft-ietf-6man-text-addr-representation (A Recommendation for IPv6 Address Text Representation) to Proposed Standar / Call: draft-ietf-6man-text-addr-representation (A Recommendation for IPv6 Address Text Representation) to Proposed Standard Title: ast Call: draft-ietf-6man-text-addr-representation (A Recommendation for IPv6 Address Text Representation) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-text-addr-representa... Date: 2010-01-15 – Approved by the IESG as Proposed Standard Title: RTP Payload Format for 1-D Interleaved Parity FEC URL: http://www.ietf.org/internet-drafts/draft-ietf-fecframe-interleaved-fec-... Date: 2010-01-15 – Approved by the IESG as Experimental RFC Title: Extensions to OSPF to Support Mobile Ad Hoc Networking URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-manet-or-03.txt Date: 2010-01-15 – Last Call: draft-ietf-pce-p2mp-req (PCC-PCE Communication Requirements for Point to Multipoint Multiprotocol Label Switching Traffic Engineering (MPLS-TE)) to Informational RF / Call: draft-ietf-pce-p2mp-req (PCC-PCE Communication Requirements for Point to Multipoint Multiprotocol Label Switching Traffic Engineering (MPLS-TE)) to Informational RFC Title: ast Call: draft-ietf-pce-p2mp-req (PCC-PCE Communication Requirements for Point to Multipoint Multiprotocol Label Switching Traffic Engineering (MPLS-TE)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-p2mp-req-04.txt Date: 2010-01-15 – Approved by the IESG as Informational RFC Title: Generalized Multi-Protocol Label Switching (GMPLS) Ethernet Label Switching Architecture and Framework URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-ethernet-arch...  

]]> 1620 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-76-facts-and-figures/ Fri, 01 Jan 2010 14:30:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1622 1622 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-bof-meetings-4/ Fri, 01 Jan 2010 14:32:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1624 http://www.ietf.org/meeting/past.html Applications Area hybi Bidirectional or server-initiated HTTP IRIs Internationalized Resources Identifiers grobj Generic Referral Object decade DECoupled Application Data Enroute 6lowapp Application protocols for low-power v6 networks Internet Area aplusp Address plus port RAI Area codec Internet wideband audio codec Routing Area karp Keying and authentication for routing protocols Transport Area homegate Broadband Home Gateway conex  Congestion exposure ppsp  Peer to Peer Streaming Protocol This article was posted on 20 January 2010]]> 1624 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/authentication-p2p-spotlighted-at-ietf-77/ Tue, 01 Jun 2010 17:50:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=673 It’s the F-Word“. Anaheim, California, site of IETF 77 Another area of growing interest within the Internet Engineering Task Force (IETF) is that of peer-to-peer technologies (P2P). And in this issue, we get a good overview of the work to date and future directions for P2P in the IETF. IPv6 deployment is a regular topic for discussion at IETF, and the IETF 77 meeting was no exception. ISOC organized a well-attended panel session, adjacent to the IETF meeting, that exposed the growing momentum behind IPv6 deployment (see page 9). In addition, there was output from the 3GPP/IETF workshop on IPv6 transition that took place in March 2010. Reflecting on the successes and failures of an organization’s working life is an important part of developing and maturing as an organization. A new initiative to catalogue the outcomes of IETF workoffers just such an opportunity, and the case history of Uniform Resource Names leads to an important conclusion about Internet development and the role of the IETF. Also in this issue are our regular columns from the chairs of the IETF, the Internet Architecture Board, and the Internet Research Task Force; coverage of the hot topics discussed during the plenary meetings; and an opportunity to get to know the ISOC Fellows to IETF 77 from around the world. As always, we are hugely grateful to all of our contributors, and we welcome comments as well as suggestions for contributions to future issues. Readers can send email to ietfjournal@isoc.org. This article was posted on 26 June 2010]]> 673 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/its-the-f-word/ Tue, 01 Jun 2010 17:52:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=677 JANET and by theGEANT3 project, aims high but the potential benefits justify the effort. It brings together a wide range of IETF standards including EAP, GSS-API (generic security service application program interface), and Radius together with SAML to construct a federation framework that may provide many current IETF protocols, including SSHv, NFSv4, and IMAP, access to federated identity. If successful, it would extend identity federation beyond Web-only applications, but it would also provide a general trust-framework for the Internet. Other work related to federated authentication that might end up being done in the IETF address alternative approaches that have been proposed to bridge Web-centric identity (such as SAML or OpenID) and SASL. The driving force behind a lot of these efforts is the need to federate messaging, calendaring, as well as virtual worlds protocols, which are some of the more important examples of applications where the browser isn’t the obvious choice of a client. The needs of the mobile market and its focus on apps may well turn out to be a boon for federated identity. While HTTP is often used as a protocol layer, typically through RESTful2 service calls, the client is not always a browser in the traditional sense. Some of the efforts described here have one foot in the IETF and one foot in other standards-development organizations. Some of the work is in even more loosely organized groups of volunteers. There is a huge potential for the IETF to become (and stay) involved in this process but it will require a certain amount of agility on the part of the IETF to keep on top of the changing landscape. This article was posted on 26 June 2010 .]]> 677 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-12/ Tue, 01 Jun 2010 17:54:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=682 www.rfc-editor.org/info/rfcXXXX. IETF 78 will be held in Maastricht, Netherlands, 25-30 July 2010, hosted by SIDN. As always, scheduling information for upcoming IETF meetings can be found here . I look forward to seeing you in July. This article was posted on 26 June 2010 .]]> 682 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-10/ Tue, 01 Jun 2010 17:58:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=687 http://www.iab.org. This article was posted on 26 June 2010 .]]> 687 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/nomcom-day-passes-top-ietf-plenary-agenda/ Tue, 01 Jun 2010 17:59:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=689

By Carolyn Duffy Marsan Issues surrounding the nomination of new leaders and the availability of day passes at meetings were two of the hot-button issues discussed at the IETF Plenary session in Anaheim, California. Mary Barnes, chair of the IETF’s NomCom for 2009-10, gave a presentation about the many new appointments made to the Internet Engineering Steering Group and the Internet Architecture Board (IAB) this year. She urged the IETF community to get more involved in the NomCom process. “Approximately 10 percent of the IETF community participated,” Mary said, asking plenary attendees to consider volunteering to be NomCom members or to contribute nominations or feedback on candidates. Mary added that she’d like to see a more diverse set of candidates, including representatives from different regions of the world, from service providers as well as vendors, and of both genders. “We have multiple nominees and sitting members with the same affiliation,” she said, pointing out that two area directors as well as the IETF chair receive security-related funding from the U.S. government. She said it’s been a challenge to find nominees with certain kinds of expertise, particularly in the transport area. Mary told attendees that lobbying for a particular candidate tends to backfire. “Lobbying for a specific nominee doesn’t work,” she said, adding that the NomCom must keep information confidential throughout the process. “The outcome and decisions for NomCom09 were not compromised by this activity, but lobbying and leaks have the potential to severely damage the process,” she warned. NomCom issues also were mentioned at the open-mic session. “Lobbying really indicates that the person doesn’t understand how this process works and the environment here,” said one IETF participant. Another issue that generated discussion during the open-mic session concerned day passes. IETF Administrative Oversight Committee chair Bob Hinden said the IETF sold 124 day passes for the Anaheim meeting, adding that total attendance at the meeting was 1,234. “We were expecting [day pass buyers] to be people who had not been to an IETF meeting before,” Bob said. “We were expecting to see a large number of additional attendees in Hiroshima, but we were surprised to see the numbers here. We actually sold more day passes here than in Hiroshima.” At the open-mic session, several IETF participants expressed concern about the selling of day passes at the Anaheim meeting, pointing out that this practice prevents newcomers from getting integrated into the organization. Several attendees at the Open Authentication Protocol (OAUTH) working group meeting used day passes. “They had a very limited perspective of how we negotiate with each other in terms of the documents,” said a member of this working group. “Many flew off with a negative impression of the group. I’m very concerned that they won’t come back, actually.” Another problem with day passes is that they prevent working groups from accomplishing enough business during the weeklong IETF meeting because so much work is done during informal hallway conversations. “One person who used a day pass was a chair of a working group. Another was a prolific writer of Internet-Drafts,” said an IETF participant. “They were all in a financial position to pay for the week.” Bob said he’d look at the data covering who bought day passes and that a decision would be made about whether to allow day passes in the future. IAB Plenary Addresses Internet Consolidation The trend toward the consolidation of traffic and aggregation of privacy information in the hands of a few Internet infrastructure players was the topic of the IAB Plenary session in Anaheim. Craig Labovitz, chief scientist at Arbor Networks, disclosed the latest data from his two-year study of the Internet traffic carried by 110 Internet service providers (ISPs). Arbor Networks and University of Michigan researchers monitored 14 terabits per second of traffic-approximately 25 percent of all interdomain traffic on the Internet. What researchers found is that a massive build-out of data centers by leading Internet content providers such as Google and Comcast has changed the topology of the Internet. Traffic no longer flows from national backbone operators to regional access providers, to local access providers, to customers. Now, traffic is carried by large content providers and content delivery networks-dubbed “hypergiants”-which pass it to Internet exchange points or directly to consumers. The research shows that instead of having ISPs be the top 10 carriers of Internet traffic, Google is now third and Comcast is now sixth. Google alone represents 6 to 10 percent of the Internet’s interdomain traffic, Craig said. “Companies like Google are delivering more traffic than global transit carriers are,” he said. “What we’re seeing quickly evolve is a much flatter, much more densely interconnected Internet. There are significant routing, traffic, security, and economic implications.” Craig said that that trend is causing new commercial models to evolve such as paid content and paid peering. Another shift in Internet traffic that researchers noted is that the fastest-growing applications are video (up 67 percent), secure shell (up 47 percent), the virtual private network (up 36 percent), games (up 29 percent), and Web (up 25 percent). Applications that are declining most include peer to peer, news, and file transfer. Nomcom Voting Members Scott Brim Dave Crocker Roque Gagliano Randall Gellens Dorothy Gellert Wassim Haddad Stephen Kent Dimitri Papadimitriou Simo Veikkolainen Lucy Yong Nonvoting Members Joel Halpern, past year chair Henrik Levkowetz, Tools advisor Jon Peterson, IAB liaison Tim Polk, IESG liaison Henk Uijterwaal, IAOC liaison Bert Wijnen, ISOC BoT liaison “There’s a growing volume of Internet traffic that uses Port 80,” Craig said. “We’re seeing a rapid concentration of application traffic over an ever-smaller number of ports.” Overall, Internet traffic is growing at 45 percent per year, which Craig called a significant but manageable growth rate. He said IPv6 traffic represented only 0.4 percent of Internet traffic as of last year. Craig summed up the implications of his research for the IETF community, noting that he’s seeing the “slow death of end to end” due to network address translation, firewalls, and siloed ecosystems. In a separate presentation, privacy researcher Balachander Krishnamurthy from AT&T Labs-Research spoke of a similar consolidation trend whereby an increasing amount of personal information about Internet users is being gathered and stored by a smaller number of Internet companies. Balachander conducted a five-year study of 1,200 of the most popular consumer websites to see the cookies, Java scripts, and other mechanisms for gathering personal information about visitors that is sent to hidden third parties. Those third-party sites include ad networks, analytics companies, and content delivery networks. Balachander found that the top 10 authoritative Domain Name System servers (ADNSs) connected to 78.5 percent of the visible information-gathering nodes on popular websites. Those top ADNSs were operated by ad-serving and traffic-measuring companies such as Doubleclick, Google, Yahoo! and Omniture. Those top 10 domains have grown from 40 percent to nearly 80 percent of all hidden nodes over the past five years. “This situation is grimmer in the face of acquisitions,” Balachander said, pointing out that Google purchased Doubleclick in 2007 and Adobe purchased Omniture in 2009. “In September 2009, the Google family reached over 70 percent, which is the highest by far among all third parties.” Balachander said that through such tools as the InPrivate Filtering feature of Internet Explorer 8.0, it may be possible for users to improve their filtering of third-party sites that gather privacy data. This article was posted on 26 June 2010 .

]]> 689 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-77-at-a-glance/ Tue, 01 Jun 2010 18:02:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=691 Descriptions and agendas for all BoF meetings APP rydeirde Registry Data Escrow/Internet Registration Escrow RAI e2md E. 164 to Metadata TSV conex Congestion Exposure GEN wgdtspec Review of Datatracker Specifications to Support APP rydeirde Registry Data Escrow/Internet Registration Escrow This article was posted on 26 June 2010 .]]> 691 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-panel-notes-rise-in-ipv6-related-activity/ Tue, 01 Jun 2010 18:07:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=695

By Carolyn Duffy Marsan Momentum surrounding IPv6 is picking up, and IETF participants should be ready for it to snowball soon, according to an Internet Society panel held in Anaheim, California, during the IETF meeting.   ISOC’s IPv6 panellists Geoff Huston (left) and Jason Livingood Photo/Internet Society Audience members at a panel organized by the Internet Society on IPv6 Photo/Internet Society   IPv6 panel audience members IPv6 panellist Jason Livingood   Dave Temkin speaking at IPv6 panel at IETF 77   Leslie Daigle, chief Internet technology officer at ISOC, said she saw an increase in IPv6-related activity during 2009. She pointed out that Japan published its IPv6 action plan last year, while the U.S. government required IPv6 in its acquisition regulations. Australia moved up-to 2012-the deadline for having its whole government transitioned to IPv6. Leslie also said that such Internet service providers (ISPs) as Hurricane Electric, Verizon, and Comcast were stepping up their efforts to deploy IPv6. “This is anecdotal evidence, but it’s also a very different picture than we saw a year ago in terms of ISPs stepping up and announcing plans that they are deploying IPv6,” Leslie added. “There are also some demonstrating real, live, successful networks.” Leslie pointed out that Google, Netflix, and YouTube were among the content providers making services available on IPv6. “When it starts to snowball, you should expect that those customers will be looking at your services and wanting to access them over IPv6,” she said. “Increasingly, there are customers out there.” She noted that China Mobile added 88 million new subscribers in 2008 and was expecting similar growth in 2009. “Pv6 addresses are the only option for networks of this scale,” she said. Leslie urged content providers, service providers, and application developers to prepare to reach customers through IPv6. “There’s certainly motion on IPv6,” she said. “There’s some sense that if not now, at some point in the foreseeable future this is going to be in a snowball effect.” Geoff Huston, chief scientist at APNIC and a longtime IETF participant, said he’s been trying to measure IPv6 deployment. He researched three sets of data: Border Gateway Protocol table entries, DNS queries, and dual stack Web server access. He said the number of routing table entries for IPv6 has grown from 1,000 to 3,000 from 2008 to 2010. “This is good news,” he said. “In terms of routing, IPv6 is growing faster than we thought.” But, he pointed out, IPv6 still represents less than 1 percent of IPv4 routing table entries, which top 300,000. Geoff said it was hard to quantify IPv6 activity by looking at DNS data, but by studying Web server ratios, he estimated that IPv6 represents 1 percent of Internet traffic today. “Use of IPv6 has increased over the past four years to hit 1 percent of traffic,” he said, adding that “the number of folks doing 6to4 tunneling as a percent of IPv6 traffic is decreasing rapidly, while the number of folks doing Teredo is really low.” Geoff said the measurements of IPv6 deployment are problematic because of the rate at which IPv4 addresses are being consumed. “If you really wish as an industry to avoid some of the more dramatic problems that might come up, we have to do some work on IPv6,” he said. Jason Livingood, executive director of Internet Systems Engineering at Comcast, said customer response to the ISP’s announcement of IPv6 trials this year has been very strong. Comcast is testing three IPv6 transition mechanisms developed by the IETF: 6RD, dual stack lite, and native dual stack over cable and fiber. “The response has been great,” Jason said. “We’ve been very, very pleasantly surprised. We had 5,500 volunteers sign up in a 9- or 10-day period.” Panelist David Temkin, network engineering manager at Netflix, said he was surprised at how easy it has been to deploy IPv6. “We rely on a CDN [content delivery network] for the bulk of our movie streaming. We host our own website and most of the content that goes behind that. Both the internal integration of our website and our corporate network and the external integration with Limelight for an IPv6 CDN was very straightforward,” David said. Magnus Westerlund, a researcher at Ericsson Research, said he is seeing cellular operators in Europe waking up to the reality that IPv6 is imminent, although few are deploying it. “Everybody is waiting,” he said. “It could happen anytime soon.” This article was posted on 26 June 2010 .   Full Caption Text: Image 1: ISOC’s IPv6 panellists Geoff Huston (left) and Jason Livingood Photo/Internet Society;  Image 2:  Audience members at a panel organized by the Internet Society on IPv6 Photo/Internet Society;  Image 3:  IPv6 panel audience members;  Image 4:  IPv6 panellist Jason Livingood;   Image 5:  Dave Temkin speaking at IPv6 panel at IETF 77  

]]> 695 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/3gppietf-workshop-on-ipv6-transition-in-3gpp-networks/ Tue, 01 Jun 2010 18:08:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=697 3gv6 mailing list. This article was posted on 26 June 2010 .]]> 697 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-curious-history-of-uniform-resource-names/ Tue, 01 Jun 2010 18:09:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=699 Uniform Resource Names, published in December 1994, outlines the requirements of Uniform Resource Names. Key to all of this is the intended purpose of a URN, which is identified as providing “a globally unique, persistent identifier used for recognition, for access to characteristics of the resource, or for access to the resource itself.” And, further, “A URN identifies a resource or unit of information. It may identify, for example, intellectual content, a particular presentation of intellectual content, or whatever a name assignment authority determines is a distinctly namable entity. A URL identifies the location or a container for an instance of a resource identified by a URN. The resource identified by a URN may reside in one or more locations at any given time, may move, or may not be available at all.” The list of functional requirements for URNs is not that extensive, but it is constraining. That URNs are to be persistent, as well as global in scope and uniqueness, is pretty clear from the stated purpose. Additionally, the document stipulates that URNs are to be scalable (assignable to anything conceivably available on the network for hundreds of years) while supporting legacy naming systems, allowing independent assignment of identifiers by autonomous “naming authorities,” and still allowing “resolution” of URNs-that is, translation from the URN into one or more URLs. RFC 1737 notes that it does not address the question of requirements for resolution, thereby leaving that question open. That open question was the source of many heated discussions within the URN WG over the years, with some proponents fiercely demanding “sub-second resolution!” as an imperative, while others wanted to first ensure distributed and resilient services. A Technology Structure to Support the Intent The URN WG was established in 1996, after proponents of several specific URN proposals had come to a high-level understanding of how to support a diversity of potential applications and needs for URNs while maintaining a generalized standard and support infrastructure. The key was to allow for independence in resolution systems while binding identifiers together under a single generic, URI-consistent syntax with a discovery system for the resolution services. Put simply, and as captured in RFC 2141: URN Syntax, URN identifier syntax is “urn:” <NID> “:” <NSS> where <NID> is a namespace identifier (to distinguish between different schemes of persistent identifiers, with different authorities, etc.) and where <NSS> is the namespace-specific string. Within certain important constraints to synchronize with URI syntax, the namespace-specific string can be structured in whatever way the authority for the namespace wishes. This allows for either structured or unstructured namespaces as well as either human-readable or machine-oriented identifiers. And each namespace is completely independent of the next: each is free to reuse the same strings to different purposes. To support that simple-yet-flexible identifier system, some level of discovery system was needed in order to be able to find the relevant final resolution services for the different namespaces. From RFC 2276:Architectural Principles of Uniform Resource Name Resolution, the architectural principles for URN resolution were based on two assumptions: “In general, we must assume that almost any piece of the supporting infrastructure of URN resolution will evolve. In order to deal with both the mobility and evolution assumptions that derive from the assumption of longevity, we must assume that users and their applications can remain independent of these mutating details of the supporting infrastructure. The second assumption is that naming and resolution authorities may delegate some of their authority or responsibility; in both cases, the delegation of such authority is the only known method of allowing for the kind of scaling expected. It is important to note that a significant feature of this work is the potential to separate name assignment, the job of labelling a resource with a URN, from name resolution, the job of discovering the resource given the URN. In both cases, we expect multitiered delegation.” At the time, there was only one place to look for support of such multitiered delegation: the Domain Name System (DNS). So the URN WG developed a resolution discovery system, rooted at URN.ARPA and defining Naming Authority Pointer (NAPTR) DNS resource records to suit in 2000, which was originally defined in RFC 2915: The Naming Authority Pointer (NAPTR) DNS Resource Record and was updated by RFC 3403: Dynamic Delegation Discovery System (DDDS): Part Three: The Domain Name System (DNS) Database. Simply put, the discovery system works by starting with <NID>.URN.ARPA and using the content of the retrieved NAPTR resource records to identify subsequent steps in discovering where and how to resolve a particular URN. Practically speaking, this means that the authority for resolving ISBN-based URNs could rest with an international ISBN body, while new namespaces for computing activities could be built to partition resolution responsibilities among several subauthorities that are not traditional publishers at all. Equally important, this distribution of the underlying resolution authority could change over time, because the discovery system provides dynamic rules for directing requests to appropriate authorities. The overall principles are simple-explained in less than 500 words!-but the system also provided for a great deal more complexity and power to address the many side issues that have been raised during all the years that identifiers for the Internet have been discussed. Initial Steps-and Immediate Divergence of Intent and Structure Over the next few years, a number of URN namespaces were registered with the Internet Assigned Numbers Authority (IANA), per the registration process outlined in RFC 2611: URN Name-space Definition Mechanisms (and updated by RFC 3406: Uniform Resource Names [URN] Namespace Definition Mechanisms, in 2002). The key purposes of a formal registration process for URNs included ensuring that some conscious effort was put into securing a piece of real estate in the URN namespace identifier space, including a review of the principles of URNs (persistence, global uniqueness) and an indication of how URNs in the namespace are meant to be resolved. Notably, none of these registered namespaces elected to use the global resolution discovery service based in the DNS. However, almost immediately, another application was found for this dynamic, distributed approach to resolution in the work of mapping E.164 (telephone) numbers to Internet telephony resources, in the ENUM WG. RFC 2916: E.164 number and DNS described this first non-URN application using NAPTR DNS resource records. Notably, the ENUM work was not defining a URN namespace; in other words, it was not attempting to describe a use of E.164 telephone numbers as if they were persistent identifiers of an Internet resource. Rather, the feature that ENUM wanted to leverage was the ability to put the control of the association of the number to a set of available services into the hands of the number holder. Subscribers ought to be able to control where their related Session Initiation Protocol (SIP) service terminates, for example. At the same time, the E.164 number space is hierarchically managed, so delegations are made (and managed) at higher levels in the telephone number tree than the simple end telephone number. Generalization The ENUM use of NAPTR records brought to light that at least one of the URN assumptions had more general applicability; in other words, it could be assumed that identifier and resolution systems for many applications might feature delegation of some authority and/or responsibility for mapping identifiers to resources, with an expectation of multitiered delegation. With that in mind, the relevant specifications were updated and refined to produce a more generic definition of the dynamic delegation discovery system, or DDDS, that supported URNs: RFC 3401: Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS) RFC 3402: Dynamic Delegation Discovery System (DDDS) Part Two: The Algorithm RFC 3403: Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database RFC 3404: Dynamic Delegation Discovery System (DDDS) Part Four: The Uniform Resource Identifiers (URI) RFC 3405: Dynamic Delegation Discovery System (DDDS) Part Five: URI.ARPA Assignment Procedures RFC 3401 is the umbrella document providing the road map for this comprehensive set of specifications. RFC 3402 provides the definition of the generic principles of the DDDS approach, independent of any application or implementation. RFC 3403 ties this general architectural specification to the already extant specification-the DDDS as implemented in DNS, using NAPTR records. RFC 3404 and RFC 3405 were intended to make clear how other applications could make use of the DDDS approach and NAPTR records. Those last two documents were the completing pieces to bring the URN (and URI) resolution approaches in line. With these documents in hand, it was now possible for any new application to make use of this sort of dynamic delegation discovery system using the DNS. A number of applications seemed to need it, such as SIP. However, the set of RFCs was evidently daunting; in some cases, applications considered defining (and deploying) entirely new DNS resource records instead. DDDS can appear overpowering in its generalized state. Powerful is good, but when you’re looking for a good tool to deal with nails, you don’t really want to be directed to the machine shop to carve a well-balanced handle and then forge a solid steel head (no matter how good the instructions are for constructing your own hammer). It became apparent that a number of potential uses for DDDS/NAPTR were not being realized-in part because of that evident complexity. At the same time, there were some similarities between those potential uses; perhaps they represented a class of DDDS application. To deal with that and to hopefully provide a more accessible tool for application specifications seeking to provide some (DNS-based) discovery of application services and protocols, a generic, simplified DDDS application was specified. For application services that use it, starting from any unique key mapped into a domain name, the S-NAPTR (“straightforward NAPTR”) DDDS application (RFC 3958: Domain-Based Application Service Location Using SRV RRs and the Dynamic Delegation Discovery Service [DDDS]defines how to find a domain’s preferred server for a given application and protocol. This gives domains a flexible and dynamic approach to homing services. It gives application specification writers a complete hammer. S-NAPTR uses only the core features of the NAPTR-based DDDS. It fit many needs but fell short of serving a few more. U-NAPTR (RFC 4848: Domain-Based Application Service Location Using URIs and the Dynamic Delegation Discovery Service [DDDS] extends S-NAPTR to allow for returning fully formed URIs at the end of the dynamic delegation process of DNS lookups. Today’s Reality According to the IANA registry, there are 40 formal URN namespaces registered today. The namespaces range from identifiers for IETF protocol resources to the Digital Video Broadcasting Project, to 3GPP, to ISBN. Very diverse communities of interest have rallied around the URN concept of a persistent, unique global identifier and established a namespace for their purposes. None of these use the formally established resolution mechanism (DDDS). However, approximately 25 RFCs reference the DDDS/NAPTR RFC for uses from ENUM to SIP. The ECRIT WG emergency services discovery work (LoST) uses U-NAPTR, and the DIME WG is considering S-NAPTR for its application. Finally, discussions are under way to review and revise the URN syntax document, currently under way on the reestablished urn@ietf.org mailing list. So, both URNs as a concept and the underlying technology are alive and well, if not exactly living together in married bliss. The Big Takeaway? While not classically successful, the URN work produced output that clearly has had value for high-impact derivative works. The work started with a vision for persistent identifiers, with a dedicated group of IETF workers interested in the problem space, and with a perceived market need for those identifiers. That single driving market never actually appeared. Reviewing the 40 registered formal URN namespaces, one would find it hard to detect a single unifying theme between them that could have led to a single resolution system that would have supported all of them. So, the building-blocks approach has been the most successful: Successive waves of IETF engineers have picked up on the blocks that fit their own needs and reused them. And so, we continue to build the overall Internet infrastructure not by single unifying services that solve yesterday’s problems today but, rather, by building blocks that support continued, organic evolution. This article was posted on 26 June 2010 .]]> 699 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-gain-skills-network-at-ietf-77/ Tue, 01 Jun 2010 18:11:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=704

Since 2006, the Internet Society (ISOC) Fellowship to the IETF programme has provided a critical link between the IETF and Internet technology professionals in developing regions. The fellowship, which operates under the aegis of ISOC’s Next Generation Leaders Programme, has since provided dozens of opportunities for men and women to meet face-to-face with the network engineers who are grappling with Internet-related problems and issues. In March 2010, six technologists travelled to Anaheim, California, as first-time fellows and three others attended as returning fellows. Here’s what some of them are doing-and what they are saying about their experience at IETF 77.   Educated at the University of Madras, Chennai, Palanivelan is currently employed by Cisco Systems in Bangalore, India, where he is a senior member of the nextgen router test team and is responsible for technical inputs as well as for providing guidance for the team. What did Palanivelan appreciate most about IETF 77? “The opportunity to share, learn, and discuss ideas with the best in the business.” Born and raised in Cotonou, the largest city and the economic capital of Benin, Jean-Robert is now in Minnesota, where he is studying computer forensics and working as a consultant on network architecture design and security. His primary interests within the IETF are IPv6, the Anti-Spam Research Group, DNS, and DNS Security Extensions. The best part of IETF 77 for him, Jean-Robert said, was “meeting friendly people” and being able to talk with the people who make the Internet run. Born in Marrakech, Morocco, Afaf now lives in the capital city of Rabat, where she works at the National Telecommunications Regulatory Agency-or ANRT (the organization delegated by the Internet Corporation for Assigned Names and Numbers as the administrator of the .ma ccTLD). At ANRT, Afaf serves as a project manager responsible for auditing the registration and management of .ma, for studying and verifying the accreditation requests of .ma registrars, and for mediation of conflicts concerning .ma domain names, among other activities. Within the IETF, she is especially interested in Domain Name System Operations and DNS Extensions. Born and raised in Blantyre, Malawi, Kondwani was educated at the University of Malawi’s Chancellor College and is now employed by Malawi Telecommunications Limited. His work involves deploying new IP and data systems for Malawi Telecoms’ service provider or carrier network. He works primarily in project management; network designing and engineering; and implementation of various systems as well as router, switch, and server configuration. “I also do a bit of network management, and I design custom solutions for our customers,” he wrote via email. Down the road, Kondwani would like to develop his expertise as a network architect because he’s interested in a number of areas within the IETF, including IPv6, multiprotocol label switching, virtual private networks, DNS, and Border Gateway Protocol. What would he consider the most gratifying aspect of attending IETF 77? “I liked the interaction with people in my field, who are extremely brilliant, and the openness of the participants.”   Originally from Nukulaelae, Tuvalu, Sakaio is now based in Suva, Fiji, where he works at the SOPAC (Pacific Islands Applied Geoscience Commission) Secretariat managing the SOPAC local- and wide-area networks while studying to become a Microsoft Certified IT Professional. Of particular interest to Sakaio are IPv6 operations and management. IETF 77 gave him the opportunity to be “exposed to a high level of technical opinions, discussions, and expertise.” A native of Dhaka, Bangladesh, Mohibul has a bachelor’s degree from the National University of Bangladesh and an M.B.A. from the Asian University of Bangladesh. He is currently pursuing ISOC’s Next Generation Leaders eLearning Programme, an online course made available at DiploFoundation. Mohibul currently works at BRAC BDMail Network Ltd, a Bangladesh-based Internet service provider, where he manages the core network team, conducts network planning, and maintains upstream links. “My interests are in network routing, security, quality of service, and network management,” he wrote via email. In the future, he would like to learn more about Internet technology and policy as well as the “Internet ecosystem” and to contribute to the Internet standards development process. What does he enjoy most about IETF meetings? “I enjoy the interaction among the participants as well as the networking opportunities. IETF [meetings] provide larger bandwidth for the participants for interaction, which is not possible in the mailing list.” Born in Zanzibar and educated in Turkey (B.Sc. and M.Sc. in electrical and electronics engineering) and France (Ph.D. in networks and computer science), Idris now works at Makerere University in Kampala, Uganda, where he is responsible for teaching communications networks programmes, supervising graduate students at the master’s and doctoral levels, and managing academic programmes and student affairs for the Faculty of Computing and Information Technology. He also conducts research in network protocols, overlay networks, and mobile computing. In the short term, Idris is hoping to secure a full professorship by 2011 and perhaps a top management position before 2015. In the long term, he hopes to create and launch businesses in the area of communications networks. Mainly, he says, he hopes to “honestly contribute in order to make a huge difference, wherever I am.” IETF 77 First-time Fellows Palanivelan Appanasamy (India) Mentor: Keyur Patel Jean-Robert Hountomey (Benin) Mentor: Alain Aina Sakaio Manoa (Fiji) Mentor: Phil Roberts Kondwani Masiye (Malawi) Mentor: Joel Jaeggli Idris A. Rai (Tanzania, United Republic of) Mentor: Fred Baker Gustavo Ramos (Brazil) Mentor: Joao Damas Returning Fellows Afaf El Maayati (Morocco) Mohibul Hasib Mahmud (Bangladesh) Dessalegn Mequanint Yehuala (Ethiopia) Noah Sematimba (Uganda) This article was posted on 26 June 2010 .   Full Caption Text: Image 1: It helped to be in sync with the happenings in the networking community apart from approaches to getting my drafts moved up the ladder to become RFCs. Palanivelan Appanasamy (India);  Image 2: I enjoy participating in discussions with people as well as the opportunity to contribute in some of the areas important to the African continent, such as IPv6, congestions, and DNS security. Jean-Robert Hountomey (Benin);  Image 3: Attending an IETF meeting is always a very good opportunity to build relationships and [conduct discussions] with key people involved actively in standardization work. Afaf El Maayati, Returning Fellow (Rabat, Morocco);  Image 4: I think the meeting opened up the IETF to me. I have a better understanding of how it works and a greater desire to participate. Kondwani Masiye (Blantyre, Malawi).;  Image 5:  The ISOC plenary session on IPv6 provided an opportunity to look at the exhaustion of IPv4 [addresses] and why the move to IPv6 should be taken seriously. Sakaio Manao (Suva, Fiji).;  Image 6: The IETF experience was great exposure for me. I had the opportunity to interact with the RFC contributors and share my views, particularly the developing-world perspective, with them. Mohibul Hasib Mahmud, Returning Fellow (Dhaka Bangladesh).;  Image 7: The best take-home [from IETF 77] was positive contribution to some of the sessions as well as having hands-on experience with IETF issues, establishing new research collaborative networks, and making friends. Idris A. Rai (United Republic of Tanzania)

]]> 704 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-peer-to-peer-invasion/ Tue, 01 Jun 2010 18:14:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=706 706 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-outcomes-an-interview-with-dave-crocker/ Tue, 01 Jun 2010 18:15:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=709

In February 2010, IETF chair Russ Housley announced the launch of a new wiki dealing with “IETF Outcomes.” The wiki, which can be found on the IETF tools site athttp://trac.tools.ietf.org/misc/outcomes, features technologies and services that were developed within the IETF and that represent notable successes and failures. It is the result of a collaborative effort by IETF participants-who are invited to use it to provide feedback about the utility of IETF work-and it is a mechanism for facilitating public understanding of IETF work and its impact. Dave Crocker at IETF 77 in Anaheim, California Photo/Internet Society The IETF Journal took the opportunity of IETF 77 in Anaheim, California, to meet with Dave Crocker-a driving force behind the creation of the wiki-to chat about the motivations that gave rise to its development and about expectations for its future. IETF Journal: What motivated the creation of the wiki? Dave Crocker: For many of us, the usual measure of success is the publication of an RFC, but we’re in the communications business, and in the real world this involves closing the loop with feedback. The need for assessment was clear; the question was how to do it. I focussed on finding a way to help the community develop an internal sense of accountability. Wikis possess a classic grassroots quality: they are developed by the community, they are transparent, and they permit resolving disagreement through open debate. To get this started, I talked with a few people over the space of about a month. It began as a simple table, but a wiki became the obvious choice once the need arose to support continuing change, provided by the community. In classic Internet terms, it scales better. After the initial group exercise stabilized, I approached the IETF management. As a grassroots, ongoing exercise, the status of the wiki is inherently informal, which nicely matches its placement in the tools.ietf.org portion of the IETF website. There’s a mailing list to go with it, which is there to discuss issues with the wiki in general. We’re slowly but surely seeing people taking the initiative to contribute to it. IETF Journal: How do you measure the success of a standard in the marketplace? Is it always subjective? DC: There’s some text in the wiki that describes ratings, but in general it’s pretty subjective. One of the columns of the wiki table is called usage, which might seem an odd term, but ultimately, the reason we make stuff is so it gets used. What does it mean to get used? I don’t think that having software implement a spec qualifies it as a success. I think having somebody use that software makes it a success. The difference is very important. The IETF is driven largely by an industry that produces things, not by an industry that uses those things. The rating system is only a five-point scale, from complete failure to massive success. When you’re doing survey research, that’s as many points as you want for a casual audience. If there’s a lot of debate about the rating for a given standard, then we don’t know enough to rate it. It’s not only usage that matters; it’s also the extent to which a piece of work prompted derivative works. It turns out you can have something that’s a complete failure but that triggers derivative work of importance. An example of that is PEM [Privacy Enhanced Mail], which generated a lot of useful outcomes, even though the protocol itself was a complete failure. (For a more detailed discussion on this general point, see Leslie Daigle’s article on URNs on page 11.) IETF Journal: What’s the incentive for somebody to update the wiki with information about a standard that has failed but that may have involved considerable effort to create? DC: That’s a very interesting question. Frequently, people are brutally honest about their own work. The IETF environment encourages that level of honesty. People don’t beat themselves up in public very often, but within the community there is respect for learning what didn’t work and then using that information. Not surprisingly there is a normal tendency for people to point out others’ failures. So if somebody wants to hurt somebody else’s feelings by putting an entry in the wiki, the only relevant question is: Is the criticism accurate? I am aware of the concerns about the possible social and political downsides. I myself have had concerns about the wiki format, that it could create competition between areas. But what’s bad about that? One subtlety that has developed as a result relates to some IETF technical efforts that had a number of false starts, such as DNSSEC [Domain Name System Security Extensions]. A number of long-time DNS experts worked on this topic because it’s so important. As a result, we’ve developed multiple entries to try to capture multiple phases of work and differing outcomes. IETF Journal: Do we need a methodology that is applicable to other standards development organizations? DC: This methodology for producing outcomes ratings of IETF work is so simple that I’d expect it could be applied to any group; whether groups want to or not is their choice. But note that as a grassroots tool, it does not require the blessing of the organization. It could be interesting to try to generalize to the W3C [World Wide Web Consortium]. IETF Journal: What do you think the IETF might learn from the development of this evaluation tool? DC: Given that this is done with subjective, coarse-grained data, I hope that all we learn are subjective and coarse-grained things. We may see that some areas of work have better track records than do others. The most interesting thing I hope we’ll learn is some sense of which approaches to doing work tend to be successful and which approaches tend not to be successful. That’s ambitious to hope for, and it requires a lot of effort and thinking, but it would be pretty nice if we could get there. I think debates over what is the right way to assess a particular effort are very useful because getting clarity about what succeeds and what doesn’t will help the next time. Just getting people to worry about the long term could be the biggest benefit. Engineers tend to project acceptance of their wonderful ideas, but the market doesn’t work that way. In the earlier days of the IETF, market pull was a consideration when chartering new work. Now we measure only whether there are people interested in working on something, so we end up with things being worked on for a long time that don’t always get used. I hope the wiki inspires people to think first about who’s going to use what they’re interested in creating. The discussion at the IETF plenary-where, among other things, debate concerned workload on the IESG-made me think that while computer networking is about sharing limited resources, we also need to do this for ourselves. Improving quality-control mechanisms can help the IETF leadership decide how to ease its workload. I hope the wiki can be a part of that. IETF Journal: Thanks for your time, Dave. This article was posted on 26 June 2010 .

]]> 709 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-9/ Tue, 01 Jun 2010 18:17:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=712

By Aaron Falk At each IETF meeting, the Internet Research Task Force (IRTF) chair presents a short status report. This article summarizes the report made to the IETF 77 plenary. Seven IRTF research groups (RGs) met at IETF 77, including Delay Tolerant Networking RG (DTNRG); Internet Congestion Control RG; Host Identity Payload RG; Peer2Peer RG; Routing RG; Scalable, Adaptive Multicast RG; and Virtual Networks RG. The Internet Architecture Board reviewed the scope and progress of the Scalable, Adaptive Multicast RG. Ten of the 13 RGs are meeting, have active mail lists, or both. The three quiescent groups are Mobility Optimizations RG, Network Management RG, and Public Key Infrastructure-Next Generation RG. An RFC series for the IRTF was created in 2009 by way of RFC 5743. However, some necessary changes in copyright policy and other boilerplate prevented publication of RFCs in the series for many months. The logjam was removed in March 2010, and eight IRTF RFCs have since been published, including documents from five different RGs. Seven additional drafts, mostly from the DTNRG, are in review and should be submitted to the RFC Editor soon. A new RG on virtual networks (VNRG)-chaired by Martin Stiemerling of NEC and Joe Touch of the University of Southern California Information Sciences Institute (USC/ISI)-was chartered this spring. Virtual networks are appearing in test beds, data centres, the GRID, and cloud services as a way of providing flexible resource allocation and management. However, the approaches used in the global Internet, as part of the test beds and within business and organizational enterprises, are quite different. One question the group is examining is how to identify and bind processes and virtual machines to virtual networks. The VNRG also hopes to establish a common framework and terminology for virtual networks. The IRTF sponsored a tutorial on NetFPGAs in conjunction with IETF 77. The NetFPGA platform enables researchers and instructors to build high-speed, hardware-accelerated networking systems. The platform can be used in the classroom to teach students how to build Ethernet switches and Internet Protocol routers by using hardware rather than software. Researchers can use the platform to prototype advanced services for next-generation networks. More information about NetFPGA. The End-to-End RG closed after 26 years. Among the many significant contributions the group made to the IETF are slow start and improved round-trip time estimation, Random Early Drop, Integrated and Differentiated Services, Weighted Fair Queuing, PAWS, and Transaction TCP. While the End2end RG was a closed group, it maintained an active and open mailing list. The list will continue as an independent service to the community at USC/ISI’s Postel Center. More information. We are trying out some new ideas for improving the IRTF. A new mailing list, irtf-discuss@irtf.org, has been created to encourage community input on proposed research groups. (Seehttps://www.irtf.org/mailman/listinfo/irtf-discuss.) Another proposal being considered is the creation of a regular open IRTF meeting (similar to an IETF area meeting) as a venue for research topic proposals and other related discussions that do not necessarily fit within the context of an RG meeting. Finally, we are adding dots to IRTF RG chair badges. An informal Bar BoF (birds of a feather) was held at IETF 77 on the research issues in the broad area of Internet of Things. There are many ways of viewing this topic, but one way is to look at two classes of use cases: The first is silicon cockroaches, which are small, ubiquitous objects, such as embedded sensors, RFIDs, asset tracking systems, and biomedical devices, and the second is machine-to-machine systems, such as cyberphysical systems, actuators, building networks, energy systems, and automotive systems/networks. Some of those systems have interesting characteristics that influence how the devices interact with the network, such as: Order(s) of magnitude bigger than the Internet, in number of endpoints No computers or humans at endpoint Inherently mobile, disconnected, unattended Given those characteristics, many possible research topics were identified, such as security, privacy, authentication, naming, authority (by people and by devices), discovery, management, maintenance, policy, preferences, presence (of people and of devices), location, capabilities, services, information model, and coordination. One group has gone off to try to sketch out a charter for an RG. Finally, a few additional proposals are cooking for new RGs on social informatics and Internet protocols; on economics, law, and policy; and on privacy in the cloud. Look for updates on those topics as they mature. This article was posted on 26 June 2010 .   Full Caption Text: Image 1: Aaron Falk, IRTF Chair;  Image 2: ISOC’s Karen O’Donoghue (left) and Lucy Lynch take a break during IETF 77 Photo/Peter Löthberg;  Image 3: IETF 77 attendees enjoy a break Photo/Peter Löthberg; Image 4: IETF 77 participants attend the opening plenary Photo/Peter Löthberg;  Image 5: SIDN, which will be hosting IETF 78, prepares for the next meeting while at IETF 77

]]> 712 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-11/ Fri, 01 Jan 2010 18:29:56 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=724 http://en.wikipedia.org/wiki/ZX81 http://tools.ietf.org/html/draft-iab-idn-encoding http://www.ietf.org/mail-archive/web/ietf-announce/current/msg06737.html http://www.ietf.org/proceedings/09nov/slides/plenaryt-1.pdf http://www.ietf.org/proceedings/09nov/minutes/plenaryt.txt This article was posted on 24 January 2010 .]]> 724 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-76-plenary-report/ Fri, 01 Jan 2010 18:31:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=726

By Carolyn Marsan The IETF 76 Administrative Plenary kicked off with a brief address by IETF chair Russ Housley, who introduced the meeting's host, Jun Murai, of the Widely Integrated Distributed Environment (WIDE) project. Jun thanked attendees for traveling to Hiroshima, a city that he admitted was far away for many participants. Jun pointed out that Hiroshima was an appropriate location for an IETF meeting because it was one of the first cities in Japan to engage in computer networking research. He thanked the city of Hiroshima for giving an Olympic-class welcome to the IETF community. Jun also thanked meeting attendees for participating in ongoing WIDE-funded research regarding RFID deployment and standards. IETF 76 attendees and speakers were given badges with embedded RFID cards, which were used throughout the meeting for the social check-in, blue sheets sign-up, and open-mic sessions when activated. Jun thanked many of the attendees for their “patience, cooperation, and braveness” in moving past their privacy concerns and participating in WIDE's RFID testing. IETF Chair Report Russ said IETF 76 attracted 1,106 attendees from 44 countries, compared with 937 attendees from 52 countries at the November 2008 meeting in Minneapolis. The largest number of attendees at IETF 76 came from Japan and the United States. Russ chided attendees for being “procrastinators,” pointing out that 70 percent of the new and updated Internet-Drafts published since the group's summer meeting had been posted in the four weeks prior to the Hiroshima meeting. In terms of upcoming meetings, Russ pointed out that the March 2010 meeting in Anaheim, California, is without a host. But he said the summer meeting, to be held in Maastricht, Netherlands, will be hosted by SIDN, while the fall 2010 meeting will be held in Beijing, with Tsinghua University serving as host. He reminded attendees that all of the 2010 meetings would feature Friday afternoon sessions. Itojun Service Award Presented   Jun Murai of WIDE, host of IETF 76 Next, Jun presented Google engineers Lorenzo Colitti and Erik Kline as the first annual recipients of the Itojun Service Award, which recognizes extraordinary dedication toward the development and deployment of IPv6. The Itojun Service Award honours the memory of Dr. JunIchiro “itojun” Hagino, who passed away in 2007, at age 37. The award, established by friends of itojun and administered by the Internet Society (ISOC), recognizes and commemorates the extraordinary dedication exercised by itojun over the course of IPv6 development. The award includes a presentation crystal, a USD 3,000 honorarium and a travel grant. Itojun's mother gave a moving tribute, thanking the members of the IETF community who helped establish an award in her son's memory. She said she hoped her son's “passion for IPv6 and his friendships continue forever.” Erik and Lorenzo were honoured for evangelizing IPv6 across Google, for helping develop IPv6-enabled Google services, and for coordinating Google's IPv6 conferences. “I went to my first IETF meeting with the express purpose of meeting itojun. That was in December 2007, and I was only able to go to the memorial there,” Erik said as he accepted the award. “I didn't meet itojun, but I met many others who helped us do our work and change our culture internally.” IAOC Report Bob Hinden, chair of the IETF Administrative Oversight Committee (IAOC), began his report by stating that all of the outstanding issues with the host and the hotel for IETF 79 in Beijing have been resolved. “We're very confident we can have a normal IETF meeting just like we do everywhere else,” Bob said. He added that the IETF is close to meeting its 2009 budget despite the economic downturn. The IETF is forecasting revenues of USD 3.2 million, expenses of USD 4.7 million, and a total ISOC contribution of USD 1.5 million.   A performance at the IETF 76 social event in Hiroshima The IETF took advantage of ISOC stimulus funding so that it could lower registration fees for its meetings and maintain attendance levels. However, the IETF has not tapped into contingency funds that ISOC made available earlier in 2009. The IETF experimented with one-day passes at the Hiroshima meeting, but it has not decided whether it will continue with that effort at future meetings. For 2010, IAOC plans to keep registration fees the same, at USD 635 per meeting. The group is projecting USD 3.1 million in revenues, USD 5.2 million in expenses, and an ISOC contribution of USD 2.1 million. The 2010 budget includes investments in new automated tools, including Data Tracker extensions, Secretariat tools, RFC services, and programme management capabilities. “A lot of our important tools have been developed by volunteers. This has been wonderful, but we're starting an effort to make these tools more supportable over the long term,” Bob said. Also in 2010, the IETF plans to begin migrating its RFC Production Centre and RFC Publisher from the University of California's Information Sciences Institute (ISI) to a new contractor, AMS. The IAOC is still involved in awarding contracts for the RFC Series Editor and Independent Submissions Editor (see the article on page 14 in this issue for more detail and discussion of these developments). In other IAOC news, Hinden said that the committee was making progress at publishing the minutes from its meetings. All 2008 minutes along with the minutes of 13 out of 19 meetings held in 2009 were published online. Trust Chair Report NomCom As of IETF 76, the NomCom was still working on IAB, IAOC, and Internet Engineering Steering Group (IESG) positions opening in March 2010. Chair: Mary Barnes Voting Members Scott Brim David Crocker Roque Gagliano Randall Gellens Dorothy Gellert Wassim Haddad Stephen Kent Dimitri Papadimitriou Simo Veikkolainen Lucy Yong Nonvoting members Joel Halpern (Past-year Chair) Henrik Levkowetz (Tools Advisor) Jon Peterson (IAB Liaison) Tim Polk (IESG Liaison) Henk Uijterwaal (IAOC Liaison) Bert Wijnen (ISOC Liaison) IETF Trust chair Marshall Eubanks explained why modifications to the Trust Legal Provisions (TLP) are still in flux. In October 2009, the trust chair proposed TLP 4.0, which would cover production of IETF, Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and Independent Stream documents. However, the RFC Editor Board has some disagreements with this document. So Marshall said it will be revised again and sent back to the IETF community for comment in January. Marshall said the IETF community levied a fair amount of criticism on the trust for the trust's lack of transparency in its process of modifying the TLP. In response, Marshall said the trust has “tried very hard to improve our communications with the community,” and he pointed out that the group's meeting minutes are now available online. Recognition Russ and IAB chair Olaf Kolkman recognized and thanked ISI for being the RFC Editor for nearly 30 years. Plaques were presented to ISI employees Bob Braden, Sandy Ginoza, and Alice Hagens. See the article on page 14 in this issue for more detail and discussion of these developments. Open Mic Comments During the open-mic session, several questions were raised about whether IETF participants would have open, unfettered Internet access while meeting in Beijing in 2010. The IETF leadership said it has been assured by the local host and hotels that there will be no content filtering or blocking of the group's Internet access. Additionally, several participants said they would like to see the IETF expand its use of Web conferencing to support remote participation in its meetings, while others complained that Web conferencing is a distraction and reduces the meeting attendees' productivity. A discussion took place about how best to attract attendees to Friday sessions, with proposals to move the technical plenary or the social to Friday evening. Finally, IETF participants and leaders debated the purpose of the group's three-step standards process and whether it makes sense for documents to become full standards or to remain as draft standards or proposed standards. IETF 76 Technical Plenary IETF 76 participants mingle at reception Olaf opened the technical plenary with a welcome to attendees, particularly those following the event remotely through Web conferencing or Jabber. IRTF Report Next on the agenda was IRTF chair Aaron Falk, who said four research groups met in Hiroshima: Host Identity Protocol (hip), Scalable Adaptive Multicast (sam), Delay Tolerant Networking (dtn), and Routing Research Group (rrg). Aaron said the IRTF has six RFCs waiting to be published that have been held up because of trust issues discussed at the administrative plenary. Aaron highlighted the ongoing work of two research groups-Anti-Spam and Scalable Adaptive Multicast-in the hopes of generating more interest and activity from IETF participants. For more information, see the IRTF Update on page 22. IAB Report Olaf outlined several IAB documents in his talk. One that is about to be published is the Peer-to-Peer Architecture; another that is under development covers IPv6 Network Address Translators (NATs). The IAB is also working on documents that describe the Internet Assigned Numbers Authority (IANA) function and an update on the IP model. One piece of news that Olaf shared with attendees: IANA will be signing the .arpa zone using the same mechanism for Domain Name System (DNS) Security Extensions that will be used to sign the DNS root zone. Olaf said the IAB has created an advisory group that will select candidates to serve as the RFC Series Editor (RSE) and Independent Submissions Editor (ISE) under the IETF's new RFC Editor model. After some delay, the IAB is interviewing candidates for the ISE job and expects to be interviewing candidates for the transitional RSE position. Internationalization in Names and Other Identifiers The IAB is working on a document about internationalization-draft-iab-idn-encoding-that inspired the discussion led by John Klensin, Stuart Cheshire, and Dave Thaler. Internationalization “is understood moderately well by a fairly small number of experts, most of whom end up realizing how little we actually understand,” John said at the beginning of the talk. “But it affects a large number of protocols, a large number of people, and it should affect virtually everything we're doing in the IETF.” John said internationalization is increasingly common in domain names, e-mail addresses, and URLs because users want to use the Internet in their own languages. Among those pushing for internationalization are users from Arabic-speaking nations, China, South Korea, and Taiwan. Stuart explained the rationale behind the IETF policy regarding internationalization. The IETF requires that all protocols created after January 1998 should be able to use UTF-8, which is an ASCII-compatible method of encoding Unicode characters as integers. This policy is explained in RFC 2277: IETF Policy on Character Sets and Languages. Stuart also explained Punycode, which is a method of encoding Unicode characters for use in internationalized domain names. He demonstrated some of the shortfalls of Punycode, particularly that it creates a sequence of bytes that applications can interpret in more than one way. Because Internet protocols do not handle international text natively, the number of ways of encoding international text into printable ASCII characters has proliferated, Stuart said, which is creating chaos. “This can get really crazy,” he said. “Suppose you have a domain name that is part of an e-mail address, which you put in a mailto: URL, which is then appearing on a Web page in HTML text. Is the domain name supposed to be actual rich text as seen to the user? Or is it supposed to be Punycode?” Next, Dave discussed the difficulties involved with doing matching for internationalized domain names, pointing out how easy it is for users to be confused by what they read on the screen. “If you have a sufficiently creative use of fonts and you have style sheets from a strange environment, almost anything can look like almost anything else,” John said, pointing out that people tend to see what they expect to see. He added that the confusion over internationalized domain names could lead to security risks, such as phishing attacks. “If I can make a string in one script-or partially in one script-look like a string in some other script, I suddenly have an opportunity, especially if I'm what the security people call a bad guy,” John added, pointing out that such attacks can be deliberate or accidental. John then talked about some of the difficulties of mapping, including that mapping leads to lost information and differs by language. That's why the IAB doesn't recommend developers make up their own mapping systems. Dave said the situation today is that we have multiple encodings of the same Unicode characters and different encodings, even within DNS. “Because you have all the differences across the protocols, networks, and so on, you can imagine the confusion that results,” he said. In conclusion, Stuart said the IETF may need to go beyond its current recommendation of supporting UTF8 as one encoding mechanism to requiring it as the only encoding mechanism for the text that end users see. Questions from the audience focused on the security problems related to internationalization, such as spoofing one character with another and changing fonts. John said the Internet engineering community has known for nearly 20 years about the confusion that would be caused in moving from the limited ASCII character set to an environment with tens of thousands of characters. “I don't think there are any easy answers,” he said. “But the alternative to this situation is that nobody gets to use their own script, and that answer is completely unacceptable.” Other questions from the audience revolved around the IAB's document regarding NATs for IPv6. This article was posted on 24 January 2010 .

]]> 726 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/google-ipv6-is-easy-inexpensive/ Tue, 01 Jun 2010 18:32:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=729

By Carolyn Marsan IETF 76 proves a fitting backdrop for presentation of the first annual Itojun Service Award, which recognizes extraordinary dedication toward the development and deployment of IPv6. IPv6 is not rocket science. That’s the message that the Google engineers who are the first winners of the Itojun Service Award for outstanding contributions to the development and deployment of IPv6 want to send to the IETF community. Lorenzo Colitti and Erik Kline were presented with the Itojun Service Award at the IETF meeting in Hiroshima, Japan. The two engineers have been leading Google's IPv6 development efforts for two years. “We’re up to a handful of people working on IPv6 almost 100 percent of the time,” said Erik, an IPv6 software engineer at Google. So far, Google supports IPv6 in its Search, Alerts, Docs, Finance, Gmail, Health, iGoogle, News, Reader, Picasa, Maps, Wave, Chrome, and Android products. Google is working on IPv6 for YouTube and Google Voice. Lorenzo and Erik said the main lesson they’ve learned from Google's IPv6 development efforts is that it isn't very hard or very expensive to add support for IPv6 to existing Web services and applications. “As a content provider, you can get an IPv6 service up and running without changing all of the back-end stuff,” Erik said. “You need to audit where IPv4 addresses are stored and used, but you don't actually have to have deep and 100-percent-pure IPv6 throughout all the stacks. You can deploy IPv6 only where it makes sense.” The two Google engineers recommend taking a dual-stack approach to IPv6 development and to mirror IPv6 services as closely as possible to existing IPv4 services. “From the networking point of view, you want to use the existing infrastructure,” Lorenzo said. “You want to dual stack everything you can, and design IPv6 as closely as possible to the existing IPv4 infrastructure.” Google is already seeing some benefits from its IPv6 development efforts, particularly in simpler and potentially lower-cost network management. “We can talk directly to the new LTE handsets and a bunch of IPv6 set-top boxes,” Erik said. “We'll be able to talk to them directly, as opposed to only seeing them behind application proxies or NAT [network address translation] devices.” “We actually have had a couple of IPv6-only networks access Google over IPv6,” Lorenzo said. “It's a more direct path, and it's better connectivity.” Lorenzo and Erik said they have not experienced any performance problems with IPv6 and that IPv6 did not cause the widespread outages that were erroneously attributed to it. “The outage that was blamed on IPv6 in May did not, in fact, affect IPv6 and was not due to IPv6,” Lorenzo said. Erik added that “IPv6 was the one thing that was up and running.” Lorenzo and Erik haven't discovered a significant drawback with IPv6 except for the time and effort that it takes to deploy. “It takes time if you have to wait for a vendor box to be fixed. If you find something that's broken, you have to try to work around the issues. But it's certainly not rocket science,” Lorenzo said. IPv6 deployment isn't expensive, either. “It costs less than you think it would,” Lorenzo said. “You don't have to spend much money on it if it's part of your upgrade process.” The Itojun Service Award honours the memory of Dr. Junichiro “itojun” Hagino, who passed away in 2007 at the age of 37. The award, established by the friends of itojun and administered by the Internet Society, recognizes and commemorates the extraordinary dedication exercised by itojun over the course of IPv6 development. The Itojun Service Award focuses on pragmatic contributions to the development and deployment of IPv6 in the spirit of serving the Internet. The annual award includes a presentation crystal, a USD 3,000 honorarium, and a travel grant. This article was posted on 20 January 2010 .

]]> 729 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-january-2010/ Fri, 08 Jan 2010 16:23:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1304 ietfjournal@isoc.org. In this issue, the subject of bandwidth on the Internet takes centre stage, with articles reporting on the Internet Society panel event called The Band-width Bandwagon (this page) and on the motivations for a very interesting BoF meeting on congestion exposure. Also in this issue is a summary of the plenary sessions, including a review of the informative and entertaining presentation called Internationalization in Names and Other Identifiers given by John Klensin, Stuart Cheshire, and Dave Thaler. The plenary also witnessed the presentation of the inaugural Itojun Service Award, and we have a special article commemorating that event. As all contributors to the IETF should be aware, the RFC Editor is in transition as the Information Sciences Institute of the University of Southern California relinquishes a role it has had for 40 years. We could not let this milestone pass unremarked, and Leslie Daigle has provided us with an article based on interviews with some of the key individuals involved in the move . Trent Adams and Eve Maler have taken time out from their busy schedules to give us an update on theprogress of the Kantara Initiative, which was founded earlier this year. IETF 76 was made richer by the presence of the Internet Society fellows, who travelled from far and wide for the opportunity to enhance their knowledge and technical skills through involvement with the IETF and to contribute their perspectives during the meeting. As Subramanian Moonesamy put it so well, “The ISOC Fellowship Programme provides people from developing countries with the means to contribute to the IETF and make their voices heard.” My sincere thanks to everyone who contributed to this issue. I hope you find it interesting and, as I mentioned, please send your feedback to ietfjournal@isoc.org. This is your chance to shape the future of the IETF Journal.]]> 1304 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions-12/ Tue, 29 Jun 2010 14:49:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1631 http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-10... Date: 2010-04-05 – Last Call: draft-ietf-avt-register-srtp (Policy for Registering SRTP Transforms) to Proposed Standar / Call: draft-ietf-avt-register-srtp (Policy for Registering SRTP Transforms) to Proposed Standard Title: ast Call: draft-ietf-avt-register-srtp (Policy for Registering SRTP Transforms) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-register-srtp-01.txt Date: 2010-04-05 – Last Call: draft-ietf-ipsecme-aes-ctr-ikev2 (Using Advanced Encryption Standard (AES) Counter Mode with IKEv2) to Proposed Standar / Call: draft-ietf-ipsecme-aes-ctr-ikev2 (Using Advanced Encryption Standard (AES) Counter Mode with IKEv2) to Proposed Standard Title: ast Call: draft-ietf-ipsecme-aes-ctr-ikev2 (Using Advanced Encryption Standard (AES) Counter Mode with IKEv2) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-aes-ctr-ikev2-07.txt Date: 2010-04-05 – Last Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Informational RF / Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Informational RFC Title: ast Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-11.txt Date: 2010-04-05 – Last Call: draft-moriarty-post-inch-rid-transport (Transport of Real-time Inter-network Defense (RID) Messages) to Informational RF / Call: draft-moriarty-post-inch-rid-transport (Transport of Real-time Inter-network Defense (RID) Messages) to Informational RFC Title: ast Call: draft-moriarty-post-inch-rid-transport (Transport of Real-time Inter-network Defense (RID) Messages) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-transpo... Date: 2010-04-06 – Second Last Call: draft-duerst-mailto-bis (Th / d Last Call: draft-duerst-mailto-bis (The ‘mailto’ URI Scheme) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-duerst-mailto-bis-09.txt Date: 2010-04-07 – Last Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RF / Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RFC Title: ast Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-framework-11.txt Date: 2010-04-09 – Last Call: draft-reschke-webdav-post (Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections) to Proposed Standar / Call: draft-reschke-webdav-post (Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections) to Proposed Standard Title: ast Call: draft-reschke-webdav-post (Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-post-06.txt Date: 2010-04-12 – Approved by the IESG as Proposed Standard Title: Individual Session Control Feature for TWAMP URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-twamp-session-cntrl-... Date: 2010-04-12 – Approved by the IESG as Proposed Standard Title: Generalized MPLS (GMPLS) Support For Metro Ethernet Forum and G.8011 User-Network Interface (UNI) URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-mef-uni-03.txt Date: 2010-04-12 – Approved by the IESG as Proposed Standard Title: Display-based Address Sorting for the IMAP4 SORT Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-morg-sortdisplay-03.txt Date: 2010-04-12 – Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standar / Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard Title: ast Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-hethmon-mcmurray-ftp-hosts-11.txt Date: 2010-04-12 – Last Call: draft-turner-application-pkcs10-media-type (The application/pkcs10 Media Type) to Informational RF / Call: draft-turner-application-pkcs10-media-type (The application/pkcs10 Media Type) to Informational RFC Title: ast Call: draft-turner-application-pkcs10-media-type (The application/pkcs10 Media Type) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-turner-application-pkcs10-medi... Date: 2010-04-12 – Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standar / Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard Title: ast Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-symmetrickeyforma... Date: 2010-04-12 – Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standar / Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard Title: ast Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-pskc-05.txt Date: 2010-04-12 – Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standar / Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard Title: ast Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-dskpp-10.txt Date: 2010-04-13 – Approved by the IESG as Proposed Standard Title: Generalized MPLS (GMPLS) Support For Metro Ethernet Forum and G.8011 Ethernet Service Switching URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-ether-svcs-04... Date: 2010-04-14 – Last Call: draft-ietf-dhc-dhcpv6-opt-netboot (DHCPv6 option for network boot) to Proposed Standar / Call: draft-ietf-dhc-dhcpv6-opt-netboot (DHCPv6 option for network boot) to Proposed Standard Title: ast Call: draft-ietf-dhc-dhcpv6-opt-netboot (DHCPv6 option for network boot) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-dhcpv6-opt-netboot-08... Date: 2010-04-14 – Approved by the IESG as Informational RFC Title: EAP Authentication Using Only A Password URL: http://www.ietf.org/internet-drafts/draft-harkins-emu-eap-pwd-14.txt Date: 2010-04-14 – Last Call: draft-ietf-avt-rtp-rfc3984bis (RTP Payload Format for H.264 Video) to Proposed Standar / Call: draft-ietf-avt-rtp-rfc3984bis (RTP Payload Format for H.264 Video) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-rfc3984bis (RTP Payload Format for H.264 Video) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-rfc3984bis-10.txt Date: 2010-04-16 – Approved by the IESG as Proposed Standard Title: A Uniform Resource Identifier for Geographic Locations (‘geo’ URI) URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-geo-uri-07.txt Date: 2010-04-16 – Approved by the IESG as Informational RFC Title: Location Hiding: Problem Statement and Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-location-hiding-req... Date: 2010-04-19 – Last Call: draft-ietf-mext-flow-binding (Flow Bindings in Mobile IPv6 and NEMO Basic Support) to Proposed Standar / Call: draft-ietf-mext-flow-binding (Flow Bindings in Mobile IPv6 and NEMO Basic Support) to Proposed Standard Title: ast Call: draft-ietf-mext-flow-binding (Flow Bindings in Mobile IPv6 and NEMO Basic Support) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mext-flow-binding-06.txt Date: 2010-04-21 – Last Call: draft-sheffer-emu-eap-eke (An EAP Authentication Method Based on the EKE Protocol) to Informational RF / Call: draft-sheffer-emu-eap-eke (An EAP Authentication Method Based on the EKE Protocol) to Informational RFC Title: ast Call: draft-sheffer-emu-eap-eke (An EAP Authentication Method Based on the EKE Protocol) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-sheffer-emu-eap-eke-06.txt Date: 2010-04-21 – Last Call: draft-hoffman-tls-additional-random-ext (Additional Random Extension to TLS) to Proposed Standar / Call: draft-hoffman-tls-additional-random-ext (Additional Random Extension to TLS) to Proposed Standard Title: ast Call: draft-hoffman-tls-additional-random-ext (Additional Random Extension to TLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-hoffman-tls-additional-random-... Date: 2010-04-21 – Last Call: draft-hoffman-tls-master-secret-input (Additional Master Secret Inputs for TLS) to Proposed Standar / Call: draft-hoffman-tls-master-secret-input (Additional Master Secret Inputs for TLS) to Proposed Standard Title: ast Call: draft-hoffman-tls-master-secret-input (Additional Master Secret Inputs for TLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-hoffman-tls-master-secret-inpu... Date: 2010-04-22 – Approved by the IESG as Proposed Standard Title: A Recommendation for IPv6 Address Text Representation URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-text-addr-representa... Date: 2010-04-22 – Last Call: draft-ietf-mpls-tp-survive-fwk (Multiprotocol Label Switching Transport Profile Survivability Framework) to Informational RF / Call: draft-ietf-mpls-tp-survive-fwk (Multiprotocol Label Switching Transport Profile Survivability Framework) to Informational RFC Title: ast Call: draft-ietf-mpls-tp-survive-fwk (Multiprotocol Label Switching Transport Profile Survivability Framework) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-survive-fwk-05.txt Date: 2010-04-23 – Approved by the IESG as Proposed Standard Title: Trust Anchor Management Protocol (TAMP) URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-tamp-08.txt Date: 2010-04-26 – Last Call: draft-santoni-media-type-tsd (The application/timestamped-data Media Type) to Informational RF / Call: draft-santoni-media-type-tsd (The application/timestamped-data Media Type) to Informational RFC Title: ast Call: draft-santoni-media-type-tsd (The application/timestamped-data Media Type) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-santoni-media-type-tsd-00.txt Date: 2010-04-26 – Last Call: draft-ietf-opsec-routing-protocols-crypto-issues (Issues with existing Cryptographic Protection Methods for Routing Protocols) to Informational RF / Call: draft-ietf-opsec-routing-protocols-crypto-issues (Issues with existing Cryptographic Protection Methods for Routing Protocols) to Informational RFC Title: ast Call: draft-ietf-opsec-routing-protocols-crypto-issues (Issues with existing Cryptographic Protection Methods for Routing Protocols) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-opsec-routing-protocols-c... Date: 2010-04-26 – Last Call: draft-ietf-avt-rtcp-guidelines (Guidelines for Extending the RTP Control Protocol (RTCP)) to Informational RF / Call: draft-ietf-avt-rtcp-guidelines (Guidelines for Extending the RTP Control Protocol (RTCP)) to Informational RFC Title: ast Call: draft-ietf-avt-rtcp-guidelines (Guidelines for Extending the RTP Control Protocol (RTCP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtcp-guidelines-03.txt Date: 2010-04-26 – Approved by the IESG as Proposed Standard Title: RSVP Extensions for Path-Triggered RSVP Receiver Proxy URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-proxy-proto-11... Date: 2010-04-26 – Approved by the IESG as Informational RFC Title: RSVP Proxy Approaches URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-proxy-approach... Date: 2010-04-26 – Approved by the IESG as Proposed Standard Title: IP Mobility Support for IPv4, revised URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-rfc3344bis-10.txt Date: 2010-04-26 – Approved by the IESG as Proposed Standard Title: Algorithms for Asymmetric Key Package Content Type URL: http://www.ietf.org/internet-drafts/draft-turner-asymmetrickeyformat-alg... Date: 2010-04-26 – Re: Experimental RFC to be: draft-simpson-tcpct-02.tx / xperimental RFC to be: draft-simpson-tcpct-02.txt Title: e: Experimental RFC to be: draft-simpson-tcpct-02.txt URL: http://www.ietf.org/internet-drafts/draft-simpson-tcpct-02.txt Date: 2010-04-26 – Approved by the IESG as Informational RFC Title: Using Trust Anchor Constraints During Certification Path Processing URL: http://www.ietf.org/internet-drafts/draft-wallace-using-ta-constraints-0... Date: 2010-04-26 – Approved by the IESG as Informational RFC Title: Using and Extending the NSIS Protocol Family URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-ext-07.txt Date: 2010-04-27 – Last Call: draft-ietf-radext-tcp-transport (RADIUS Over TCP) to Experimental RF / Call: draft-ietf-radext-tcp-transport (RADIUS Over TCP) to Experimental RFC Title: ast Call: draft-ietf-radext-tcp-transport (RADIUS Over TCP) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-tcp-transport-06.txt Date: 2010-04-27 – Last Call: draft-krishnan-v6ops-teredo-update (Teredo Security Updates) to Proposed Standar / Call: draft-krishnan-v6ops-teredo-update (Teredo Security Updates) to Proposed Standard Title: ast Call: draft-krishnan-v6ops-teredo-update (Teredo Security Updates) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-krishnan-v6ops-teredo-update-0... Date: 2010-04-27 – Approved by the IESG as Proposed Standard Title: SDP Capability Negotiation URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-capability-neg... Date: 2010-04-27 – Last Call: draft-ietf-avt-rtp-gsm-hr (RTP Payload format for GSM-HR) to Proposed Standar / Call: draft-ietf-avt-rtp-gsm-hr (RTP Payload format for GSM-HR) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-gsm-hr (RTP Payload format for GSM-HR) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-gsm-hr-03.txt Date: 2010-04-28 – Last Call: draft-ietf-netconf-monitoring (YANG Module for NETCONF Monitoring) to Proposed Standar / Call: draft-ietf-netconf-monitoring (YANG Module for NETCONF Monitoring) to Proposed Standard Title: ast Call: draft-ietf-netconf-monitoring (YANG Module for NETCONF Monitoring) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-monitoring-12.txt Date: 2010-04-28 – Approved by the IESG as Experimental RFC Title: NAT/Firewall NSIS Signaling Layer Protocol (NSLP) URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-nslp-natfw-25.txt Date: 2010-04-28 – Approved by the IESG as Informational RFC Title: GIST State Machine URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-ntlp-statemachine-10... Date: 2010-04-28 – Second Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standar / d Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard Title: econd Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-symmetrickeyforma... Date: 2010-04-29 – Last Call: draft-ietf-6lowpan-routing-requirements (Problem Statement and Requirements for 6LoWPAN Routing) to Informational RF / Call: draft-ietf-6lowpan-routing-requirements (Problem Statement and Requirements for 6LoWPAN Routing) to Informational RFC Title: ast Call: draft-ietf-6lowpan-routing-requirements (Problem Statement and Requirements for 6LoWPAN Routing) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-routing-requireme... Date: 2010-04-29 – Approved by the IESG as Informational RFC Title: VoIP SIP Peering Use Cases URL: http://www.ietf.org/internet-drafts/draft-ietf-speermint-voip-consolidat... Date: 2010-04-29 – Last Call: rfc4049 (BinaryTime: An alternate format for representing date and time in ASN.1) to Proposed Standar / Call: rfc4049 (BinaryTime: An alternate format for representing date and time in ASN.1) to Proposed Standard Title: ast Call: rfc4049 (BinaryTime: An alternate format for representing date and time in ASN.1) to Proposed Standard URL: http://www.ietf.org/rfc/rfc4049.txt Date: 2010-04-30 – Last Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standar / Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standard Title: ast Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-send-cert-03.txt Date: 2010-04-30 – Last Call: draft-ietf-csi-send-name-type-registry (SEND Name Type field Registry) to Proposed Standar / Call: draft-ietf-csi-send-name-type-registry (SEND Name Type field Registry) to Proposed Standard Title: ast Call: draft-ietf-csi-send-name-type-registry (SEND Name Type field Registry) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-send-name-type-regist... Date: 2010-04-30 – Approved by the IESG as Proposed Standard Title: Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters URL: http://www.ietf.org/internet-drafts/draft-reschke-rfc2231-in-http-12.txt Date: 2010-04-30 – Last Call: draft-ietf-bmwg-protection-term (Benchmarking Terminology for Protection Perfor) to Informational RF / Call: draft-ietf-bmwg-protection-term (Benchmarking Terminology for Protection Perfor) to Informational RFC Title: ast Call: draft-ietf-bmwg-protection-term (Benchmarking Terminology for Protection Perfor) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-protection-term-08.txt Date: 2010-04-30 – Last Call: draft-ietf-marf-base (An Extensible Format for Email Feedback Reports) to Proposed Standar / Call: draft-ietf-marf-base (An Extensible Format for Email Feedback Reports) to Proposed Standard Title: ast Call: draft-ietf-marf-base (An Extensible Format for Email Feedback Reports) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-marf-base-04.txt Date: 2010-05-03 – Last Call: draft-ietf-netlmm-mip-interactions (Interactions between PMIPv6 and MIPv6: scenarios and related issues) to Informational RF / Call: draft-ietf-netlmm-mip-interactions (Interactions between PMIPv6 and MIPv6: scenarios and related issues) to Informational RFC Title: ast Call: draft-ietf-netlmm-mip-interactions (Interactions between PMIPv6 and MIPv6: scenarios and related issues) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-mip-interactions-0... Date: 2010-05-03 – Last Call: draft-ietf-mboned-ipv4-uni-based-mcast (Unicast-Prefix-based IPv4 Multicast Addresses) to Proposed Standar / Call: draft-ietf-mboned-ipv4-uni-based-mcast (Unicast-Prefix-based IPv4 Multicast Addresses) to Proposed Standard Title: ast Call: draft-ietf-mboned-ipv4-uni-based-mcast (Unicast-Prefix-based IPv4 Multicast Addresses) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-ipv4-uni-based-mca... Date: 2010-05-03 – Last Call: draft-kucherawy-authres-header-b (Authentication-Results Registration For Differentiating Among Cryptographic Results) to Proposed Standar / Call: draft-kucherawy-authres-header-b (Authentication-Results Registration For Differentiating Among Cryptographic Results) to Proposed Standard Title: ast Call: draft-kucherawy-authres-header-b (Authentication-Results Registration For Differentiating Among Cryptographic Results) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-kucherawy-authres-header-b-01.txt Date: 2010-05-03 – Approved by the IESG as Informational RFC Title: Sharing Transaction Fraud Data URL: http://www.ietf.org/internet-drafts/draft-mraihi-inch-thraud-09.txt Date: 2010-05-04 – Last Call: draft-ietf-syslog-dtls (Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog) to Proposed Standar / Call: draft-ietf-syslog-dtls (Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog) to Proposed Standard Title: ast Call: draft-ietf-syslog-dtls (Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-05.txt Date: 2010-05-05 – Approved by the IESG as Proposed Standard Title: IPv6 Subnet Model: the Relationship between Links and Subnet Prefixes URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-ipv6-subnet-model-12... Date: 2010-05-06 – Last Call: draft-ietf-softwire-ipv6-6rd (IPv6 via IPv4 Service Provider Networks “6rd”) to Proposed Standar / Call: draft-ietf-softwire-ipv6-6rd (IPv6 via IPv4 Service Provider Networks “6rd”) to Proposed Standard Title: ast Call: draft-ietf-softwire-ipv6-6rd (IPv6 via IPv4 Service Provider Networks “6rd”) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-ipv6-6rd-09.txt Date: 2010-05-07 – Approved by the IESG as Proposed Standard Title: Traversal Using Relays around NAT (TURN) Resolution Mechanism URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-turn-uri-10.txt Date: 2010-05-07 – Approved by the IESG as Experimental RFC Title: RMD-QOSM – The NSIS Resource Management in Diffserv QOS Model URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-rmd-20.txt Date: 2010-05-07 – Approved by the IESG as Proposed Standard Title: Web Linking URL: http://www.ietf.org/internet-drafts/draft-nottingham-http-link-header-10... Date: 2010-05-07 – Approved by the IESG as Proposed Standard Title: Channel Bindings for TLS URL: http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-10... Date: 2010-05-10 – Second Last Call: draft-freed-sieve-notary (Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions) to Proposed Standar / d Last Call: draft-freed-sieve-notary (Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions) to Proposed Standard Title: econd Last Call: draft-freed-sieve-notary (Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-notary-08.txt Date: 2010-05-10 – Approved by the IESG as Proposed Standard Title: Domain Certificates in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-domain-certs-07.txt Date: 2010-05-10 – Approved by the IESG as Proposed Standard Title: Asymmetric Key Packages URL: http://www.ietf.org/internet-drafts/draft-turner-asymmetrickeyformat-05.txt Date: 2010-05-12 – Approved by the IESG as Proposed Standard Title: Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP) URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-dtls-tm-14.txt Date: 2010-05-12 – Approved by the IESG as Informational RFC Title: Using Advanced Encryption Standard (AES) Counter Mode with IKEv2 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-aes-ctr-ikev2-07.txt Date: 2010-05-12 – Last Call: draft-ietf-avt-rapid-rtp-sync (Rapid Synchronisation of RTP Flows) to Proposed Standar / Call: draft-ietf-avt-rapid-rtp-sync (Rapid Synchronisation of RTP Flows) to Proposed Standard Title: ast Call: draft-ietf-avt-rapid-rtp-sync (Rapid Synchronisation of RTP Flows) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rapid-rtp-sync-10.txt Date: 2010-05-13 – Last Call: draft-ietf-avt-srtp-not-mandatory (Why RTP Does Not Mandate a Single Security Mechanism) to Informational RF / Call: draft-ietf-avt-srtp-not-mandatory (Why RTP Does Not Mandate a Single Security Mechanism) to Informational RFC Title: ast Call: draft-ietf-avt-srtp-not-mandatory (Why RTP Does Not Mandate a Single Security Mechanism) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-not-mandatory-05... Date: 2010-05-13 – Approved by the IESG as Proposed Standard Title: Fast Handovers for Proxy Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-pfmipv6-13.txt Date: 2010-05-17 – Last Call: draft-ietf-ipsecme-eap-mutual (An Extension for EAP-Only Authentication in IKEv2) to Proposed Standar / Call: draft-ietf-ipsecme-eap-mutual (An Extension for EAP-Only Authentication in IKEv2) to Proposed Standard Title: ast Call: draft-ietf-ipsecme-eap-mutual (An Extension for EAP-Only Authentication in IKEv2) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-eap-mutual-02.txt Date: 2010-05-18 – Last Call: draft-ietf-nsis-ntlp-sctp (General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)) to Experimental RF / Call: draft-ietf-nsis-ntlp-sctp (General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)) to Experimental RFC Title: ast Call: draft-ietf-nsis-ntlp-sctp (General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-ntlp-sctp-12.txt Date: 2010-05-18 – Approved by the IESG as Proposed Standard Title: Specifying Holes in LoST Service Boundaries URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-specifying-holes-03... Date: 2010-05-18 – Approved by the IESG as Proposed Standard Title: Improving TCP’s Robustness to Blind In-Window Attacks URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-13.txt Date: 2010-05-20 – Approved by the IESG as Proposed Standard Title: Internet Key Exchange Protocol: IKEv2 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ikev2bis-11.txt Date: 2010-05-24 – Approved by the IESG as Title: A Framework for MPLS in Transport Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-framework-12.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: An Extensible Format for Email Feedback Reports URL: http://www.ietf.org/internet-drafts/draft-ietf-marf-base-06.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-post-08.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type URL: http://www.ietf.org/internet-drafts/draft-turner-encryptedkeypackagecont... Date: 2010-05-24 – Re: Informational RFC to be: draft-sharikov-idn-reg-05.tx / nformational RFC to be: draft-sharikov-idn-reg-05.txt Title: e: Informational RFC to be: draft-sharikov-idn-reg-05.txt URL: http://www.ietf.org/internet-drafts/draft-sharikov-idn-reg-05.txt Date: 2010-05-24 – Approved by the IESG as Informational RFC Title: Guidelines for Extending the RTP Control Protocol (RTCP) URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtcp-guidelines-04.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type URL: http://www.ietf.org/internet-drafts/draft-turner-encryptedkeypackagecont... Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-ipv6-6rd-10.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: RTP Payload format for GSM-HR URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-gsm-hr-03.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Dynamic Extensions to the Presence Information Data Format Location Object (PIDF-LO) URL: http://www.ietf.org/internet-drafts/draft-singh-geopriv-pidf-lo-dynamic-... Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Essential correction for IPv6 ABNF and URI comparison in RFC3261 URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ipv6-abnf-fix-05.txt Date: 2010-05-26 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Content Constraints Extension URL: http://www.ietf.org/internet-drafts/draft-housley-cms-content-constraint... Date: 2010-05-26 – Second Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standar / d Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard Title: econd Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-dskpp-11.txt Date: 2010-05-26 – Second Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standar / d Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard Title: econd Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-pskc-06.txt Date: 2010-05-27 – Last Call: rfc5652 (Cryptographic Message Syntax (CMS)) to Full Standar / Call: rfc5652 (Cryptographic Message Syntax (CMS)) to Full Standard Title: ast Call: rfc5652 (Cryptographic Message Syntax (CMS)) to Full Standard URL: http://www.ietf.org/rfc/rfc5652.txt Date: 2010-05-28 – Last Call: draft-ietf-dnsext-dns-tcp-requirements (DNS Transport over TCP – Implementation Requirements) to Proposed Standar / Call: draft-ietf-dnsext-dns-tcp-requirements (DNS Transport over TCP – Implementation Requirements) to Proposed Standard Title: ast Call: draft-ietf-dnsext-dns-tcp-requirements (DNS Transport over TCP – Implementation Requirements) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dns-tcp-requiremen... Date: 2010-05-28 – Last Call: draft-ietf-hip-bone (HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment) to Experimental RF / Call: draft-ietf-hip-bone (HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment) to Experimental RFC Title: ast Call: draft-ietf-hip-bone (HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-bone-06.txt Date: 2010-05-28 – Last Call: draft-ietf-hip-via (Host Identity Protocol (HIP) Multi-hop Routing Extension) to Experimental RF / Call: draft-ietf-hip-via (Host Identity Protocol (HIP) Multi-hop Routing Extension) to Experimental RFC Title: ast Call: draft-ietf-hip-via (Host Identity Protocol (HIP) Multi-hop Routing Extension) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-via-01.txt Date: 2010-05-28 – Last Call: draft-ietf-hip-hiccups (HIP (Host Identity Protocol) Immediate Carriage and Conveyance of Upper- layer Protocol Signaling (HICCUPS)) to Experimental RF / Call: draft-ietf-hip-hiccups (HIP (Host Identity Protocol) Immediate Carriage and Conveyance of Upper- layer Protocol Signaling (HICCUPS)) to Experimental RFC Title: ast Call: draft-ietf-hip-hiccups (HIP (Host Identity Protocol) Immediate Carriage and Conveyance of Upper- layer Protocol Signaling (HICCUPS)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-hiccups-02.txt Date: 2010-05-31 – Last Call: draft-ietf-mpls-tp-data-plane (MPLS Transport Profile Data Plane Architecture) to Proposed Standar / Call: draft-ietf-mpls-tp-data-plane (MPLS Transport Profile Data Plane Architecture) to Proposed Standard Title: ast Call: draft-ietf-mpls-tp-data-plane (MPLS Transport Profile Data Plane Architecture) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-data-plane-03.txt Date: 2010-05-31 – Last Call: draft-ietf-bmwg-igp-dataplane-conv-term (Term Bnchmrk Link-State IGP Route Convrg) to Informational RF / Call: draft-ietf-bmwg-igp-dataplane-conv-term (Term Bnchmrk Link-State IGP Route Convrg) to Informational RFC Title: ast Call: draft-ietf-bmwg-igp-dataplane-conv-term (Term Bnchmrk Link-State IGP Route Convrg) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-igp-dataplane-conv-t... Date: 2010-06-01 – Approved by the IESG as ent Action: ‘Security Framework for MPLS and GMPLS Networks’ Title: Security Framework for MPLS an URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-mpls-and-gmpls-secur... Date: 2010-06-01 – Approved by the IESG as Proposed Standard Title: Cryptographic Algorithm Identifier Allocation for DNSSEC URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-alg-allocat... Date: 2010-06-01 – Last Call: draft-ietf-behave-address-format (IPv6 Addressing of IPv4/IPv6 Translators) to Proposed Standar / Call: draft-ietf-behave-address-format (IPv6 Addressing of IPv4/IPv6 Translators) to Proposed Standard Title: ast Call: draft-ietf-behave-address-format (IPv6 Addressing of IPv4/IPv6 Translators) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-address-format-08.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-dns64 (DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers) to Proposed Standar / Call: draft-ietf-behave-dns64 (DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard Title: ast Call: draft-ietf-behave-dns64 (DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-dns64-09.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-v6v4-framework (Framework for IPv4/IPv6 Translation) to Informational RF / Call: draft-ietf-behave-v6v4-framework (Framework for IPv4/IPv6 Translation) to Informational RFC Title: ast Call: draft-ietf-behave-v6v4-framework (Framework for IPv4/IPv6 Translation) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-v6v4-framework-09.txt Date: 2010-06-01 – Approved by the IESG as Proposed Standard Title: Discovering the Local Location Information Server (LIS) URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-lis-discovery-15.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-v6v4-xlate (IP/ICMP Translation Algorithm) to Proposed Standar / Call: draft-ietf-behave-v6v4-xlate (IP/ICMP Translation Algorithm) to Proposed Standard Title: ast Call: draft-ietf-behave-v6v4-xlate (IP/ICMP Translation Algorithm) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-v6v4-xlate-20.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standar / Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard Title: ast Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-v6v4-xlate-statefu... Date: 2010-06-03 – Last Call: draft-c1222-transport-over-ip (ANSI C12.22, IEEE 1703 and MC12.22 Transport Over IP) to Informational RF / Call: draft-c1222-transport-over-ip (ANSI C12.22, IEEE 1703 and MC12.22 Transport Over IP) to Informational RFC Title: ast Call: draft-c1222-transport-over-ip (ANSI C12.22, IEEE 1703 and MC12.22 Transport Over IP) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-c1222-transport-over-ip-03.txt Date: 2010-06-03 – Last Call: draft-ietf-nsis-applicability-mobility-signaling (NSIS Protocols operation in Mobile Environments) to Informational RF / Call: draft-ietf-nsis-applicability-mobility-signaling (NSIS Protocols operation in Mobile Environments) to Informational RFC Title: ast Call: draft-ietf-nsis-applicability-mobility-signaling (NSIS Protocols operation in Mobile Environments) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-applicability-mobili... Date: 2010-06-04 – Approved by the IESG as Proposed Standard Title: Filtering Location Notifications in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-loc-filters-11.txt Date: 2010-06-04 – Approved by the IESG as Proposed Standard Title: Transmission of IPv4 packets over IEEE 802.16′s IP Convergence Sublayer URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv4-over-802-dot-16... Date: 2010-06-04 – Approved by the IESG as Proposed Standard Title: Subject Key Identifier (SKI) SEND Name Type fields. URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-send-name-type-regist... Date: 2010-06-07 – Last Call: draft-ietf-csi-proxy-send (Secure Proxy ND Support for SEND) to Experimental RF / Call: draft-ietf-csi-proxy-send (Secure Proxy ND Support for SEND) to Experimental RFC Title: ast Call: draft-ietf-csi-proxy-send (Secure Proxy ND Support for SEND) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-proxy-send-04.txt Date: 2010-06-07 – Last Call: draft-ietf-simple-msrp-sessmatch (Session Matching Update for the Message Session Relay Protocol (MSRP)) to Proposed Standar / Call: draft-ietf-simple-msrp-sessmatch (Session Matching Update for the Message Session Relay Protocol (MSRP)) to Proposed Standard Title: ast Call: draft-ietf-simple-msrp-sessmatch (Session Matching Update for the Message Session Relay Protocol (MSRP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-msrp-sessmatch-06.txt Date: 2010-06-07 – Last Call: draft-ietf-simple-msrp-acm (An Alternative Connection Model for the Message Session Relay Protocol (MSRP)) to Proposed Standar / Call: draft-ietf-simple-msrp-acm (An Alternative Connection Model for the Message Session Relay Protocol (MSRP)) to Proposed Standard Title: ast Call: draft-ietf-simple-msrp-acm (An Alternative Connection Model for the Message Session Relay Protocol (MSRP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-msrp-acm-09.txt Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: IPFIX Mediation: Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-mediators-problem-s... Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-status-server-09.txt Date: 2010-06-07 – Approved by the IESG as Proposed Standard Title: Teredo Security Updates URL: http://www.ietf.org/internet-drafts/draft-krishnan-v6ops-teredo-update-1... Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: The application/pkcs10 Media Type URL: http://www.ietf.org/internet-drafts/draft-turner-application-pkcs10-medi... Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: The application/timestamped-data Media Type URL: http://www.ietf.org/internet-drafts/draft-santoni-media-type-tsd-00.txt Date: 2010-06-08 – Last Call: draft-ietf-martini-reqs (Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)) to Informational RF / Call: draft-ietf-martini-reqs (Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)) to Informational RFC Title: ast Call: draft-ietf-martini-reqs (Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-martini-reqs-07.txt Date: 2010-06-08 – Last Call: draft-ietf-sipcore-invfix (Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests) to Proposed Standar / Call: draft-ietf-sipcore-invfix (Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests) to Proposed Standard Title: ast Call: draft-ietf-sipcore-invfix (Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipcore-invfix-01.txt Date: 2010-06-08 – Approved by the IESG as Proposed Standard Title: Ethernet Traffic Parameters URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-ethernet-traffic-pa... Date: 2010-06-08 – Approved by the IESG as Proposed Standard Title: Expressing SNMP SMI Datatypes in XML Schema Definition Language URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-smi-datatypes-in-x... Date: 2010-06-08 – CORRECTED Approved by the IESG as CTED Document Action: ‘IPFIX Mediation: Problem Statement’ Title: IPFIX Me URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-mediators-problem-s... Date: 2010-06-09 – Last Call: draft-ietf-proto-wgdocument-states (Definition of IETF Working Group Document States) to Informational RF / Call: draft-ietf-proto-wgdocument-states (Definition of IETF Working Group Document States) to Informational RFC Title: ast Call: draft-ietf-proto-wgdocument-states (Definition of IETF Working Group Document States) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-proto-wgdocument-states-0... Date: 2010-06-09 – Approved by the IESG as Proposed Standard Title: YANG – A data modeling language for the Network Configuration Protocol (NETCONF) URL: http://www.ietf.org/internet-drafts/draft-ietf-netmod-yang-13.txt Date: 2010-06-09 – Approved by the IESG as Proposed Standard Title: Forward Error Correction Grouping Semantics in Session Description Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-rfc4756bis-10.txt Date: 2010-06-09 – Last Call: draft-ietf-tsvwg-dtls-for-sctp (Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)) to Proposed Standar / Call: draft-ietf-tsvwg-dtls-for-sctp (Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-dtls-for-sctp (Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-dtls-for-sctp-05.txt Date: 2010-06-09 – Last Call: draft-ietf-6man-dns-options-bis (IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis) to Proposed Standar / Call: draft-ietf-6man-dns-options-bis (IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis) to Proposed Standard Title: ast Call: draft-ietf-6man-dns-options-bis (IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-dns-options-bis-02.txt Date: 2010-06-10 – Last Call: draft-ietf-nsis-tunnel (NSIS Operation Over IP Tunnels) to Experimental RF / Call: draft-ietf-nsis-tunnel (NSIS Operation Over IP Tunnels) to Experimental RFC Title: ast Call: draft-ietf-nsis-tunnel (NSIS Operation Over IP Tunnels) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-tunnel-11.txt Date: 2010-06-10 – Approved by the IESG as Proposed Standard Title: Common YANG Data Types URL: http://www.ietf.org/internet-drafts/draft-ietf-netmod-yang-types-09.txt Date: 2010-06-10 – Approved by the IESG as Proposed Standard Title: Additional CMS Revocation Information Choices URL: http://www.ietf.org/internet-drafts/draft-turner-additional-cms-ri-choic... Date: 2010-06-10 – Re: Informational RFC to be / nformational RFC to be: Title: e: Informational RFC to be: URL: http://www.ietf.org/internet-drafts/draft-meadors-ediint-features-header... Date: 2010-06-10 – Last Call: draft-ietf-ipsecme-ipsec-ha (IPsec Cluster Problem Statement) to Informational RF / Call: draft-ietf-ipsecme-ipsec-ha (IPsec Cluster Problem Statement) to Informational RFC Title: ast Call: draft-ietf-ipsecme-ipsec-ha (IPsec Cluster Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ipsec-ha-06.txt Date: 2010-06-10 – CORRECTTION Re: Informational RFC to be: draft-meadors-ediint-features-header-07.tx / CTTION Re: Informational RFC to be: draft-meadors-ediint-features-header-07.txt Title: ORRECTTION Re: Informational RFC to be: draft-meadors-ediint-features-header-07.txt URL: http://www.ietf.org/internet-drafts/draft-meadors-ediint-features-header... Date: 2010-06-10 – Approved by the IESG as Proposed Standard Title: Use of the RSA-KEM Key Transport Algorithm in CMS URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsa-kem-13.txt Date: 2010-06-11 – Last Call: draft-stone-mgcp-vbd (Media Gateway Control Protocol Voiceband Data Package and General Purpose Media Descriptor Parameter Package) to Informational RF / Call: draft-stone-mgcp-vbd (Media Gateway Control Protocol Voiceband Data Package and General Purpose Media Descriptor Parameter Package) to Informational RFC Title: ast Call: draft-stone-mgcp-vbd (Media Gateway Control Protocol Voiceband Data Package and General Purpose Media Descriptor Parameter Package) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-stone-mgcp-vbd-07.txt Date: 2010-06-11 – Last Call: draft-ietf-bmwg-igp-dataplane-conv-meth (Benchmarking Methodology for IGP ) to Informational RF / Call: draft-ietf-bmwg-igp-dataplane-conv-meth (Benchmarking Methodology for IGP ) to Informational RFC Title: ast Call: draft-ietf-bmwg-igp-dataplane-conv-meth (Benchmarking Methodology for IGP ) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-igp-dataplane-conv-m... Date: 2010-06-11 – Last Call: draft-mcgrew-fundamental-ecc (Fundamental Elliptic Curve Cryptography Algorithms) to Informational RF / Call: draft-mcgrew-fundamental-ecc (Fundamental Elliptic Curve Cryptography Algorithms) to Informational RFC Title: ast Call: draft-mcgrew-fundamental-ecc (Fundamental Elliptic Curve Cryptography Algorithms) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-mcgrew-fundamental-ecc-03.txt Date: 2010-06-11 – Approved by the IESG as Proposed Standard Title: Extensions to the Path Computation Element Communication Protocol (PCEP) for Point-to-Multipoint Traffic Engineering Label Switched Paths URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcep-p2mp-extensions-... Date: 2010-06-16 – Approved by the IESG as Proposed Standard Title: Use of SRV Records for Locating Email Submission/Access services URL: http://www.ietf.org/internet-drafts/draft-daboo-srv-email-05.txt Date: 2010-06-16 – Last Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standar / Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standard Title: ast Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-policy-21.txt Date: 2010-06-16 – Last Call: draft-juskevicius-datatracker-wgdocstate-reqts (Requirements to Extend the Datatracker for WG Chairs and Authors) to Informational RF / Call: draft-juskevicius-datatracker-wgdocstate-reqts (Requirements to Extend the Datatracker for WG Chairs and Authors) to Informational RFC Title: ast Call: draft-juskevicius-datatracker-wgdocstate-reqts (Requirements to Extend the Datatracker for WG Chairs and Authors) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-juskevicius-datatracker-wgdocs... Date: 2010-06-18 – Last Call: draft-turner-suiteb-cmc (Suite B Profile of Certificate Management over CMS) to Informational RF / Call: draft-turner-suiteb-cmc (Suite B Profile of Certificate Management over CMS) to Informational RFC Title: ast Call: draft-turner-suiteb-cmc (Suite B Profile of Certificate Management over CMS) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-turner-suiteb-cmc-02.txt Date: 2010-06-18 – Last Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standar / Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard Title: ast Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-daboo-srv-caldav-05.txt Date: 2010-06-18 – Last Call: draft-elie-nntp-list-additions (Network News Transfer Protocol (NNTP) Additions to LIST Command) to Proposed Standar / Call: draft-elie-nntp-list-additions (Network News Transfer Protocol (NNTP) Additions to LIST Command) to Proposed Standard Title: ast Call: draft-elie-nntp-list-additions (Network News Transfer Protocol (NNTP) Additions to LIST Command) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-elie-nntp-list-additions-03.txt Date: 2010-06-21 – Approved by the IESG as Proposed Standard Title: Authentication-Results Registration For Differentiating Among Cryptographic Results URL: http://www.ietf.org/internet-drafts/draft-kucherawy-authres-header-b-04.txt Date: 2010-06-21 – Approved by the IESG as Proposed Standard Title: Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-notary-09.txt Date: 2010-06-21 – Re: Historic to be: draft-rosen-vpn-mcast-15.tx / istoric to be: draft-rosen-vpn-mcast-15.txt Title: e: Historic to be: draft-rosen-vpn-mcast-15.txt URL: http://www.ietf.org/internet-drafts/draft-rosen-vpn-mcast-15.txt Date: 2010-06-21 – Re:Informational RFC to be:draft-resman-idna2008-mappings-01.tx / formational RFC to be:draft-resman-idna2008-mappings-01.txt Title: e:Informational RFC to be:draft-resman-idna2008-mappings-01.txt URL: http://www.ietf.org/internet-drafts/draft-resman-idna2008-mappings-01.txt Date: 2010-06-22 – Last Call: draft-ietf-tsvwg-ecn-tunnel (Tunnelling of Explicit Congestion Notification) to Proposed Standar / Call: draft-ietf-tsvwg-ecn-tunnel (Tunnelling of Explicit Congestion Notification) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-ecn-tunnel (Tunnelling of Explicit Congestion Notification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-ecn-tunnel-08.txt Date: 2010-06-24 – Last Call: draft-ietf-netmod-yang-usage (Guidelines for Authors and Reviewers of YANG Data Model Documents) to Informational RF / Call: draft-ietf-netmod-yang-usage (Guidelines for Authors and Reviewers of YANG Data Model Documents) to Informational RFC Title: ast Call: draft-ietf-netmod-yang-usage (Guidelines for Authors and Reviewers of YANG Data Model Documents) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-netmod-yang-usage-07.txt Date: 2010-06-24 – Approved by the IESG as Proposed Standard Title: A Generalized Framework for Kerberos Pre-Authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-... Date: 2010-06-24 – Approved by the IESG as Informational RFC Title: The use of SVEC (Synchronization VECtor) list for Synchronized dependent path computations URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcep-svec-list-05.txt This article was posted on 26 June 2010 .]]> 1631 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-8/ Tue, 29 Jun 2010 14:50:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1634 1634 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-77-plenary-snapshot/ Tue, 29 Jun 2010 14:52:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1637 Outgoing IESG/IAB/IAOC Members Fred Baker Ross Callon Gonzalo Camarillo Stuart Cheshire Lisa Dusseault Pasi Eronen Cullen Jennings Gregory Lebovitz Andrew Malis David Oran Magnus Westerlund Appointments Incoming IAOC Member Eric Burger Incoming IAB Members Bernard Aboba Ross Callon Spencer Dawkins Andrei Robachevsky Hannes Tschofenig Incoming IESG Members

Stewart Bryant Gonzalo Camarillo David Harrington Peter Saint-Andre Sean Turner

IAOC Report 2009 Financial Summary Entered 2009 with serious concern about economy and its effect on our finances - Planned for downturn with contingency budget ISOC provided $150K stimulus funds that the IAOC used to lower registration fee ISOC set aside $350K contingency fund to cover shortfall if needed 2010 Budget IAOC adopted $5.3M budget Registration Fee: $635 (steady for 3 years) Budget includes IETF tools investment of $575K - Data Tracker extension for Author and WG- Secretariat tools in python-Django- RFC Services - Program Management RFC Editor Restructuring

New Model - RFC Production Centre - RFC Publisher - RFC Series Editor - Independent Submissions Editor Production Centre and Publisher Status RFC Production Center - Transition from ISI to AMS completed RFC Publisher - Transition from ISI to AMS completed 109 RFCs published since 1 January 2010 Contract Cycles Secretariat - Contract extended thru 2010

One year Extension or RFP in 2011 RFC Editor Services Contracts

- Contract with ISI extended through 30 June 2010 to assist with transition - New contracts in 2010 for Production Center and Publisher 6-year terms with 2-year reviews Independent Submissions Editor - 5-Year term with review at 2-year intervals with extension opions Transitional RSE - Contract through IETF80 NOC IDIQ Contracts with VeriLan and Swisscom thru 2011 - Extension or new RFP in 2011 for next period IETF 77 IETF Tools Contract Status

Database Project Manager appointed - Henrik Levkowetz under contract Three Master Service Agreements executed for IDIQ Python-Django development - First task order to IOLA for IESG Data Tracker award soon Working Group and Author Requirement specification development - Ed Juskevicius under contract AMS developing Secretariat Tools in python–Django Additional Task Orders and RFPs forthcoming           This article was posted on 26 June 2010 .

]]> 1637 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-networks-high-capacity-cables-and-the-dns-after-dnssec/ Fri, 01 Oct 2010 17:21:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=634 From the Editor’s Desk In the early days of the Internet it was a marvel to see a message sent from someone in another part of the world. We learned that we could communicate with people anywhere, even if they were not at their desks. Today, we have more diverse devices connecting to the Internet and in sensor networks, and we have devices communicating with other devices. In this issue of the IETF Journal, Carsten Bormann, JP Vasseur, and Zack Shelby describe the aspects of this phenomenon that are being worked on in their article, “The Internet of Things” (this page). Samita Chakrabarti goes into a bit more detail on how IPv6 Neighbor Discovery can be optimized in these types of low-power networks in her article on page 12. Even as we look at new types of networking activities, we should not lose sight of the need to maintain and expand basic network infrastructure. Kevin Chege illustrates how extra capacity can change the way people can use the Internet in his article, “Impact of New Undersea Capacity on KENET and East Africa” (page 16). There is, however, a lot more work in different parts of the stack. At IETF 78, not only was there a celebration of the DNSSEC signing of the DNS root zone, an Internet Society-organized panel explored how the DNS is likely to evolve now that DNSSEC is here (see page 8). To round out this issue we take a look at how to best streamline the standards process (page 7), we get introduced to the Internet Society Fellows who attended IETF 78 (page 10), and we honor Jianping Wu, recipient of the 2010 Jonathan B. Postel Service Award (page 9). Many thanks to all of our contributors. We invite you to send comments and suggestions for future issues to ietfjournal@isoc.org. This article was posted on 31 January 2011]]> 634 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-of-things/ Fri, 01 Oct 2010 17:22:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=640 www.ipso-alliance.org) and Zigbee-IP alliances. Constrained RESTful Environments In spring 2010, the IETF started a new working group called Constrained RESTful Environments (CoRE). The aim of this WG is to extend the Web architecture to even the most constrained networks and embedded devices. Machine-to-machine applications—such as smart energy, building automation, and asset management—will benefit tremendously from the use of Internet technology and from integration with the Internet of Things. In particular, the Web architecture will be important in scaling large-scale, machine-to-machine applications. Today’s Web protocols work well between Web servers and Web clients running on PCs and handheld computing devices. However, constrained Low-power and Lossy networks often mean high packet loss (5 to 10 percent is common), frequent topology changes, low throughput (10–20 kilobits per second is common), and useful payload sizes that are often less than 100 bytes. Embedded devices typically depend on cheap embedded microcontrollers with processors running at several MHz and limited RAM and ROM. In addition, the interaction patterns in machine-to-machine applications are different, often requiring multicast support, asynchronous transactions, and push rather than pull. The CoRE WG has been chartered to develop a new Web transfer protocol and appropriate security setups for these machine-to-machine applications over constrained networks and nodes. The WG is now completing work on the Constrained Application Protocol (CoAP) [draft-ietf-core-coap-02], which is on schedule for completion at the end of 2010. At IETF 78, a successful PlugFest of CoAP was held with more than 10 implementations of the protocol. Security is another important subject for CoRE, which is also working on security bootstrapping techniques for these environments. Perspectives Enormous progress has been made at the IETF over the past few years in specifying new IPv6 protocols that connect IP smart objects to private IP networks or the public Internet, thus facilitating a myriad of new applications. Still, there’s no doubt that new work will further enrich the IPv6 protocol suites for these devices—and transport, security, and management for this new wave of the Internet: the Internet of Things. References 1. J. P. Vasseur, A. Dunkels. Interconnecting Smart Objects with IP: The Next Internet. Burlington, Mass.: Morgan Kaufmann, 2010. 2. Z. Shelby, C. Bormann. 6LoWPAN: The Wireless Embedded Internet. Chichester, England: John Wiley & Sons, 2009. [SIDEBAR] Constrained Nodes and the Internet of Things Constrained nodes have limited CPU power and memory. In some ways, they are a throwback to the environments on which the Internet was prototyped in the 1970s and 1980s. Today, the cost of electrical energy is an important consideration: many constrained nodes are powered from primary batteries (such as AA cells), which may have to last multiple years. This means that a node may only consume average power in the range of microwatts, which is only possible if it spends most of its time sleeping (and thus off the Net). Moore’s law has a different effect on this space: while its improvements do reach the constrained nodes, they are mostly invested in making nodes cheaper and longer lasting, not making them more powerful, such as what we are used to from our personal computers and mobile phones. This article was posted on 31 January 2011]]> 640 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-11/ Fri, 01 Oct 2010 17:24:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=644 http://www.ietf.org/meetings/meetings.html. I look forward to seeing you in Beijing. This article was posted on 31 January 2011]]> 644 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-9/ Fri, 01 Oct 2010 17:26:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=646

Long-term interests

Short-term working items (initiatives)

Long-term working items (programmes)

Activity plan

Long-Term Interests

Traditionally, the IAB has taken an interest in a number of architectural areas. Among them, in no particular order, are:

• IPv6 and its adoption and transitional coexistence with IPv4 given the realities of an IPv4-dominated Internet
• Domain Name System health and security
• Web security
• The realities of maintaining the end-to-end and layered architectures
• Prevention of unwanted traffic
• The security and stability of the routing system
• Internationalization of the Internet and balance with localization and retention of a global network

Short-Term Working Items (initiatives) To some of those items the IAB may consider committing short-term efforts—ones in which an activity is expected to be completed in less then one tenure of an IAB member. We call such activities initiatives. The outcomes of initiatives usually are the results of guidance provided in the form of IAB Stream RFCs, statements, or working group/plenary presentations. Long-Term Working Items (programmes) Other items may require longer-term perspective, and the results may involve a variety of activities and deliverables. They may also involve separate activities, such as scoping the work (in the form of birds of a feather, presentations, and position papers), advancing the work, or stimulating the charter development of new work within the IETF. In some cases, work in these areas may involve some form of collaboration with other organizations. These types of work are organized in the form of programmes. They can be thought of as IAB directorates, small task forces, or ad hoc bodies of (independent) technical experts (see RFC 2850 Section 2.1). Programmes are managed by the IAB, but the actual work may require the IAB to form a team with specific expertise that may not be available within the IAB. The structuring of the work in this way has several objectives:

• To minimize dependency on the current IAB composition and the specific expertises and competencies of the IAB’s members
• To minimize dependency on the tenure of IAB members;
• To increase bandwidth by shifting IAB members’ responsibilities from doing the actual work to organizing and delegating work and providing guidance
• To shift the IAB’s focus from the specifics of an activity to the development of a vision of the Big Picture and the maintenance of that Big Picture
• To advance an IAB whose focus is on identifying areas of priority and carrying out respective efforts
• To improve visibility of the IAB’s activities and create opportunities for the community to offer feedback on content and priorities

In most cases, programme leaders will be IAB members. A leader’s objective will be to facilitate activities within the programme, provide oversight, and ensure continuity. The leader is not required to have specific expertise in the area but must possess a good general understanding of the issues from technical, business, and/or policy perspectives. Generally speaking, the programme leader is expected to bring the IAB perspective to the work. The IAB as a whole will periodically review the state of a programme, monitor its progress, make necessary adjustments, and set prioritizations. Responsibilities The IAB has a number of regular responsibilities that fall under the umbrella of periodic and reoccurring responsibilities. For example, in 2010-2011, the IAB will need to:

• Confirm the Internet Engineering Steering Group candidates (RFC 3777)
• Appoint a member of the ISOC Board of Trustees (RFC 3677)
• Appoint the Internet Research Task Force chair (RFC 2850)
• Appoint the Internet Corporation for Assigned Names and Numbers board liaison [ICANN Bylaws, Article VI, section 9, par. 1(f)]
• Handle any appeals

Activity Plan Subject areas and related programmes are periodically reviewed by the IAB. Selected programmes and initiatives form an activity plan. We have published an overview of the 2010-2011 activity plan athttp://www.ietf.org/mailarchive/web/ietf/current/msg62743.html and will make the information available in a more comprehensive fashion on our website. This article was posted on 31 January 2011]]> 646 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-debates-streamlined-standards-process/ Fri, 01 Oct 2010 17:28:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=648 648 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dnssec-doesnt-mitigate-all-dns-threats/ Fri, 01 Oct 2010 17:29:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=650 650 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/2010-postel-award-recognizes-internet-pioneer-in-china/ Fri, 01 Oct 2010 17:30:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=652 652 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-get-inside-view-of-standards-work-at-ietf-78/ Fri, 01 Oct 2010 17:31:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=654 654 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-neighbor-discovery-optimization/ Fri, 01 Oct 2010 17:32:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=656 http://www.ietf.org/rfc/rfc4944.txt) was selected as one of the protocol requirements for Smart Energy 2.0 (http://tools.ietf.org/html/draft-sturek-6lowapp -smartenergy-00). ZigBee (http://www.zigbee.org), too, decided to use Smart Energy 2.0 and a standard-compliant IPv6 and 6LoWPAN stacks. The ZigBee Alliance’s IP group is the first user of IPv6 Neighbor Discovery Optimization for Low-power and Lossy Networks (http://tools.ietf.org/html/draft-ietf-6lowpan-nd-12) as part of IPv6 address autoconfiguration inside a building network or a home network. So, the obvious question is, Why should I implement 6LoWPAN–neighbor discovery (ND) optimization? In theory, the traditional IPv6 ND should be able to run as it is. 6LoWPAN is the adaptation layer between the IPv6 stack and the IEEE 802.15.4 data link layer. While IEEE 802.15.4 supports broadcast at the link layer, it does not specify multicast support at the link layer. RFC 4861 was developed primarily for wired traffic on the shared medium, and it uses periodic router-advertisement multicast addresses with router solicitation, neighbor solicitation, address resolution, and duplicate-address detection. While periodic multicast signalling and solicited-node multicast signalling are useful for network stability in the standard Ethernet-based shared network, the limited-lifetime, battery-operated devices in the IEEE 802.15.4 network conserve energy with less signalling and by sending broadcast messages only once in a while. The multicast messages in the IPv6 ND are translated to broadcast messages in the network. In most cases, the 6LoWPAN-ND (http://tools.ietf.org/html/draft-ietf-6lowpan-nd-12) optimizes multicast messages to unicast messages. It eliminates the need for relatively expensive address resolution by sending a neighbor registration option along with a neighbor solicitation; it supports sleepy nodes in the networks; and it optimizes the protocol constants while eliminating periodic router-advertisement messages. Thus, if measurements taken on the IPv6-ND-control messages in the local network are compared with those taken on 6LoWPAN-ND, we may observe a significant drop in signalling messages. By saving a number of controlling messages in a network of hundreds of nodes, a sizable amount of energy is saved; and at the same time, the lifetime of the node battery increases, which contributes to cost savings in maintaining such a huge network. Another interesting and unique property of a low-power and lossy network is that the boundary of a link or IP subnet is redefined by the short radio range of these devices. The devices are usually configured for lower-than-maximum radio strength to save battery life. Thus, the local link of a node depends on the neighbors it can reach. The list of such neighbors also may change in time due to the lossy nature of the low-power radio link. Thus, the 6LoWPAN-ND supports two types of topology: route-over topology and mesh-under topology. The difference between mesh under and route over is similar to that between a bridged network and an IP routing using Ethernet: In a mesh-under network, all nodes are on the same link, which is served by one or more routers and which we call 6LoWPAN Border Routers (6LBR). In a route-over network, there are multiple links in the 6LoWPAN. Unlike fixed IP links, these links’ members may be changing due to the nature of the low-power and lossy behaviour of LoWPAN wireless technology. Thus, a route-over network is made up of a flexible set of links interconnected by interior routers, which we call 6LoWPAN routers (6LR). However, for purposes of simplicity and compatibility with the existing concept, we assume that each route-over network shares a single global IPv6 prefix and that the interior routers (6LR) either (1) use a default router to forward the packets to the destination in an inefficient way or (2) run a hop-by-hop routing protocol such as RPL (http://tools.ietf.org/html/draft-ietf-roll-rpl-11). Since 6LoWPAN-ND assumes that a 6LoWPAN (mesh under or route over) shares the same IPv6 prefix across the network, it ensures local mobility in route-over topology. In mesh-under topology, the whole network is regarded as a single IPv6 subnet served by the border router (6LBR), which has regular IPv6 on one interface and 6LoWPAN on the IEEE 802.15.4 interface. Note that an IPv6-over-IPv4, 6RD, or 6to4-style tunnel technology may be applied on the IPv6-interface of the 6LBR if the IPv6 interface side is attached by way of an IPv4 network. Moreover, 6LBR may be capable of running an Internet gateway routing protocol on the IP-network side of the interface in order to offer seamless connectivity of the 6LoWPAN devices to the IP network. Border router 6LBR also acts as a gateway between the IPv6 interface and 6LoWPAN interface. In the 6LoWPAN-ND optimization, the 6LBR is capable of disseminating the IPv6 prefix and header compression context information across the 6LoWPAN. The border router may also maintain a 6LoWPAN-wide cache of the nodes’ IPv6 addresses and unique identifiers. The IEEE 802.15.4 device contains an extended unique identifier (EUI)-64 identification number and can form 64-bit MAC addresses based on EUI-64 ID. They are also allowed to allocate 16-bit media-access-control (MAC) addresses or short addresses for local use due to the low maximum transmission unit (127 bytes) of today’s deployed 802.15.4 networks. However, the 6LoWPAN-ND optimization work assumes that each IPv6 address is derived from an EUI-64 unique MAC address. Thus, by default it requires neither any duplicate address detection nor address resolution, because the mapping of MAC address to IPv6 address is as accurate as possible. But the document provides an optional mechanism for duplicate-address detection (DAD) for IPv6 addresses that are not derived from an EUI-64 identifier. However, the specification requires that the node possess an IEEE-assigned EUI-64-compliant device number, even if the node uses an IPv6 address that is not derived from the EUI-64 number. In route-over topology, the intermediate router (6LR) acts as a first-hop default router; if it is configured to do multihop DAD, it sends the EUI-64 and address-to-register information to the border router (6LBR), which maintains the network-wide information and thus is able to catch duplicate addresses. This technique of multihop DAD has limitations in a large network when all nodes are started at the same time. Therefore, the multihop DAD technique should be configured carefully for a low-density 6LoWPAN. And the intermediate routers should be brought up gradually, as if a wave is propagating from the 6LBR to the leaves or hosts of the network. Note that alternatively, DHCPv6 may be used to ensure unique 16-bit MAC addresses as well as the unique IPv6 addresses in the network when the devices do not support EUI-64-style MAC addresses, but this requires modification in DHCPv6 service and specifications, which is out of the scope of this discussion. Figure 1 illustrates the basic components of a 6LoWPAN in a route-over topology and optional prefix and context dissemination from the border router to the hosts via the intermediate routers. The 6LBR acts as a gateway between the regular IPv6 network and 6LoWPAN that facilitates connectivity across nodes in different networks. As mentioned earlier, neighbor discovery optimization simplifies ND signalling for low-power and lossy networks and replaces address resolution with address registration for a specific lifetime during which the address should stay valid. The length of time it is valid is configurable, and the system is refreshed periodically. Address registration allows for ease of mobility of the 6LoWPAN nodes in the future and provides useful information about the neighboring hosts for the routing protocol. The address registration takes place in the nearest default intermediate routers of a host unless multihop DAD is requested. In the case of multihop DAD, address registration and duplicate detection are also performed at the central location (6LBR) because 6LBR has a view of the whole network. The message sequence in figure 2 provides a typical view of optimized neighbor discovery messages. Although the IPv6 neighbor discovery protocol has been extended for the 6LoWPANs for running IPv6 over IEEE 802.15.4-2003 networks, the optimizations are also applicable to future versions of IEEE 802.15.4 specifications and other networks where optimizations are useful for saving control messages and power. The solution of optimization of neighbor discovery is designed to expand so as to consider secure neighbor discovery usage and other possible extensions in the future. The current solution of optimized ND is not a replacement for DHCPv6, yet it offers limited provisioning capability for a small and simple network, such as a home network. Since the entire 6LoWPAN uses a single prefix in the current 6LoWPAN architecture, the optimized ND automatically offers local mobility of the nodes within a single 6LoWPAN. In the future, the work may be extended to provide different levels of functionalities as the usage and applications in the sensor networks and home or enterprise networks are deployed. Finally, the author acknowledges her coauthors of the optimized neighbor discovery specification—Erik Nordmark and Zach Shelby—for their original ideas and contributions, which shaped the optimized IPv6 neighbor discovery document. This article was posted on 31 January 2011  ]]> 656 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dns-the-perspective-from-a-single-moment-in-a-long-history/ Fri, 01 Oct 2010 17:33:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=658 https://wiki.tools.isoc.org/DNSSEC_History_Project). The aim of the project is to collect information—in the forms of anecdotes, design documents, observations, and other contributions—from everyone who has material to share. Please do have a look at the wiki and contribute where you can. Currently, some of the areas of observation are:

• Determination of the need: What drove the work?
• Technical design: What were the key design goals and how were they addressed? What were the alternatives?
• Government planning: R&D and policies
• Implementation and testing cycle: Bake-offs and other field events
• Public and policy-awareness events and activities
• Controversies
• Friction in deployment: Inertia, business cases
• Vendor view

The intention of the project is to collect as much raw material as possible, with a view to being able to abstract some coherent lessons learned. These will be important lessons for all protocol development, not just for the DNS or DNSSEC: many of the same hurdles are faced by other broad-scale technologies. A Single Moment in a Long History The champagne at the administrative plenary may have been but a single moment, but it was a good vantage point from which to consider the past as it illuminates the future for the DNS in general and DNSSEC in particular. This article was posted on 31 January 2011]]> 658 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/impact-of-new-undersea-capacity-on-kenet-and-east-africa/ Fri, 01 Oct 2010 17:35:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=660 http://eready.kenet.or.ke.) We tried to solve the problem of poor internal infrastructure by offering more consultations and trainings. In March 2010, a workshop was conducted in partnership with the Network Startup Resource Center (NSRC) and the University of Oregon covering campus network design, which is the foundation of developing a robust, high-performance National Research and Education Network (NREN). The main objectives of the workshop were to train university network engineering staff on how to develop and implement a strategic design plan for their campus networks, with particular emphasis on layers 1 and 2, and to strengthen the KENET technical community (human network) in developing KENET’s cyberinfrastructure. Funding and support for the training came from the National Science Foundation (NSF) and the Partnership for Higher Education in Africa (PHEA) via the NSRC. As an additional benefit of the training, the NSRC donated 2.5 tons of technical reference books and networking equipment (routers, wireless equipment and gigabit network switches) that have been distributed to the universities for live deployment following the training. This equipment is making a significant impact in improving the functionality of the respective campus networks, which helps to achieve KENET’s goal of getting more faculty members and students using the Internet for research and education activities. In addition, more emphasis was put on bandwidth management and optimization because even though there was more capacity, it was not being shared properly: one or two users were still able to consume the majority of the available capacity available to the universities. KENET is undertaking an effort to extend this programme further and to provide more online information on the topic, including how-tos and online training materials hosted at KENET (see http://bmo.kenet.or.ke and http://training.kenet.or.ke). The information is also available to the neighbouring national research and education networks that form part of KENET’s mailing lists on the topic. KENET had previously signed a two-year VSAT contract with a supplier for 200 Mbps of capacity. Though the contract became effective in January 2009, the resources that were to be made available by means of a World Bank grant to improve Internet capacity at the universities got delayed. Regardless, KENET managed to negotiate with the provider for half of the anticipated capacity with fibre—meaning, KENET would remain active, with 100 Mbps VSAT and 100 Mbps equivalent by way of fibre when it became active. Thus, KENET would have 350-Mbps capacity on fibre and 100-Mbps capacity on VSAT plus an additional 155 Mbps via a KENET-owned link to the UbuntuNet router in London connecting KENET to GÉANT and allowing for peering via UbuntuNet. Since that expansion, KENET went from 12 Mbps in 2008 on VSAT to 450 Mbps on VSAT plus fibre in 2009, to more than 600 Mbps combined capacity in 2010—all in a span of 18 months. Usage has peaked, and the need for additional capacity is anticipated due to users’ increased awareness of better speeds, which leads to increased use of the Internet for reading newspapers online, conducting research, streaming video, and visiting social networking sites. In response to rising demand, KENET has increased its infrastructure for core services like DNS and email, which have become more essential than ever. There is also more demand for online services, such as email filtering and Web hosting as more of our universities increase their online communication facilities. KENET is building both a network operations centre and a data centre to facilitate deployment of additional services, such as Web-based conferencing, caching, backup services, and storage. Today in Kenya, with more users online than ever, more companies than ever are using e-marketing. However, there are issues related to online security—particularly with recent identification of Kenya as the country most hit by viruses, a problem that also affects the country’s universities. KENET is planning to address that problem by examining its policies and increasing its security training in the coming year. KENET is also seeing more peer-to-peer traffic, a concern that is also being addressed through education and training. At this time, not all of the universities are in a position to control such problems, so the idea is to empower them to be able to control and manage their capacities. For even our most remote universities, VSAT is no longer an option, and since fibre is not available throughout the country, we are hard-pressed to find viable solutions that include last-mile-high-capacity radios to backhaul to the nearest point of fibre. In closing, the impact of increased capacity is more demand for online, high-quality services as well as a big drop in the cost of capacity. Universities have been able to scale up to as much as 10 times their previous capacity—from 10 Mbps on VSAT to 60 Mbps on fibre. The biggest constraint for Universities in Kenya and East Africa is the last-mile reach and cost, which is slowly improving. However, the universities are working on upgrading their internal networks and KENET is working on deploying wireless networks in the campuses. The current cost is now around USD 280 per Mbps with the price set to fall even further in 2011 as more ISPs and KENET drop their VSAT contracts. It is big news when an undersea cable is cut, as was evident when the main cable, SEACOM, experienced a repeater failure for two weeks in July 2010. KENET was forced to purchase restoration capacity in order to support our VSAT redundancy capacity, which was too slow for users. Our capacity of 606 Mbps is now fully used up. In order to meet ever-growing demand, we are planning to activate more capacity via the TEAMS cable before the end of 2010 and we anticipate our capacity in January 2011 to be 750 Mbps and 1.2 Gbps later that year. Kevin Chege is network manager of Kenya Education Network Trust This article was posted on 31 January 2011]]> 660 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-november-2010/ Fri, 01 Oct 2010 17:36:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=663 irtf-discuss@irtf.org. (This is a corrected address from one given in a prior status report.) Several topics are under discussion to become candidates for new IRTF RGs, including cloud computing, economics and policy, Internet of things, machine learning and communication systems, and social networks. In spring 2011, I will be stepping down from the position of IRTF chair, which I have held for six years. An effort is under way to identify candidates for the position. If you would like to be considered for the position, please contact Internet Architecture Board (IAB) chair Olaf Kolkman (olaf@NLnetLabs.nl) or mehousley@vigilsec.com). The IRTF chair is approved by the IAB. Introduction to the Transport Modelling RG The goal of the Transport Modeling RG is to improve methodologies for evaluating transport protocols. The charter sets out to produce a variety of deliverables, including (1) a survey of models being used in simulations, analysis, and experiments for the evaluation of transport protocols; (2) a broad set of simulation test suites; and (3) a slate of recommendations for test suites that can be used as experiments in test beds. A transport model is a set of assumptions about network and traffic conditions implicit in protocol evaluation. It addresses the topology, round-trip times, flow arrivals and durations, and flow greediness. Note that it need not be a mathematical model. A recent discussion in the RG covered evaluation of the effect of faster flow start-up. There has been a proposal in the IETF to increase the TCP initial window, and some of the measurements taken at data centres show improvement in flow completion times. The RG is considering how one would assess degradation to other users from this more aggressive approach, with special consideration of users with slow connections. Other IETF and IRTF efforts involve transport protocols and congestion control. Therefore, it is useful to be clear about what the Transport Modeling RG is not chartered to do. Specifically, the group does not discuss either the design of new congestion control mechanisms or modifications to existing congestion control mechanisms (except in terms of models needed for the evaluation of such mechanisms). Neither does the group produce evaluations of specific congestion control mechanisms. The RG has produced a variety of outputs, including:

• Metrics for the Evaluation of Congestion Control Mechanisms, RFC 5166
• Tools for the Evaluation of Simulation and Testbed Scenarios, draft-irtf-tmrg-tools
• Common TCP Evaluation Suite, draft-irtf-tmrg-tests
• An NS2 TCP Evaluation Tool Suite, draft-irtf-tmrg-ns2-tcp-tool

Future work will include consideration of metrics for evaluating admission control systems and documenting known so-called corner cases in transport modeling. This article was posted on 31 January 2011]]> 663 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/recent-iesg-document-and-protocol-actions/ Sun, 06 Mar 2011 19:06:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=767 http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-10... Date: 2010-04-05 – Last Call: draft-ietf-avt-register-srtp (Policy for Registering SRTP Transforms) to Proposed Standar / Call: draft-ietf-avt-register-srtp (Policy for Registering SRTP Transforms) to Proposed Standard Title: ast Call: draft-ietf-avt-register-srtp (Policy for Registering SRTP Transforms) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-register-srtp-01.txt Date: 2010-04-05 – Last Call: draft-ietf-ipsecme-aes-ctr-ikev2 (Using Advanced Encryption Standard (AES) Counter Mode with IKEv2) to Proposed Standar / Call: draft-ietf-ipsecme-aes-ctr-ikev2 (Using Advanced Encryption Standard (AES) Counter Mode with IKEv2) to Proposed Standard Title: ast Call: draft-ietf-ipsecme-aes-ctr-ikev2 (Using Advanced Encryption Standard (AES) Counter Mode with IKEv2) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-aes-ctr-ikev2-07.txt Date: 2010-04-05 – Last Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Informational RF / Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Informational RFC Title: ast Call: draft-moriarty-post-inch-rid (Real-time Inter-network Defense) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-11.txt Date: 2010-04-05 – Last Call: draft-moriarty-post-inch-rid-transport (Transport of Real-time Inter-network Defense (RID) Messages) to Informational RF / Call: draft-moriarty-post-inch-rid-transport (Transport of Real-time Inter-network Defense (RID) Messages) to Informational RFC Title: ast Call: draft-moriarty-post-inch-rid-transport (Transport of Real-time Inter-network Defense (RID) Messages) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-transpo... Date: 2010-04-06 – Second Last Call: draft-duerst-mailto-bis (Th / d Last Call: draft-duerst-mailto-bis (The ‘mailto’ URI Scheme) to Proposed Standard Title: URL: http://www.ietf.org/internet-drafts/draft-duerst-mailto-bis-09.txt Date: 2010-04-07 – Last Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RF / Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RFC Title: ast Call: draft-ietf-mpls-tp-framework (A Framework for MPLS in Transport Networks) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-framework-11.txt Date: 2010-04-09 – Last Call: draft-reschke-webdav-post (Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections) to Proposed Standar / Call: draft-reschke-webdav-post (Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections) to Proposed Standard Title: ast Call: draft-reschke-webdav-post (Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-post-06.txt Date: 2010-04-12 – Approved by the IESG as Proposed Standard Title: Individual Session Control Feature for TWAMP URL: http://www.ietf.org/internet-drafts/draft-ietf-ippm-twamp-session-cntrl-... Date: 2010-04-12 – Approved by the IESG as Proposed Standard Title: Generalized MPLS (GMPLS) Support For Metro Ethernet Forum and G.8011 User-Network Interface (UNI) URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-mef-uni-03.txt Date: 2010-04-12 – Approved by the IESG as Proposed Standard Title: Display-based Address Sorting for the IMAP4 SORT Extension URL: http://www.ietf.org/internet-drafts/draft-ietf-morg-sortdisplay-03.txt Date: 2010-04-12 – Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standar / Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard Title: ast Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-hethmon-mcmurray-ftp-hosts-11.txt Date: 2010-04-12 – Last Call: draft-turner-application-pkcs10-media-type (The application/pkcs10 Media Type) to Informational RF / Call: draft-turner-application-pkcs10-media-type (The application/pkcs10 Media Type) to Informational RFC Title: ast Call: draft-turner-application-pkcs10-media-type (The application/pkcs10 Media Type) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-turner-application-pkcs10-medi... Date: 2010-04-12 – Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standar / Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard Title: ast Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-symmetrickeyforma... Date: 2010-04-12 – Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standar / Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard Title: ast Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-pskc-05.txt Date: 2010-04-12 – Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standar / Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard Title: ast Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-dskpp-10.txt Date: 2010-04-13 – Approved by the IESG as Proposed Standard Title: Generalized MPLS (GMPLS) Support For Metro Ethernet Forum and G.8011 Ethernet Service Switching URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-gmpls-ether-svcs-04... Date: 2010-04-14 – Last Call: draft-ietf-dhc-dhcpv6-opt-netboot (DHCPv6 option for network boot) to Proposed Standar / Call: draft-ietf-dhc-dhcpv6-opt-netboot (DHCPv6 option for network boot) to Proposed Standard Title: ast Call: draft-ietf-dhc-dhcpv6-opt-netboot (DHCPv6 option for network boot) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dhc-dhcpv6-opt-netboot-08... Date: 2010-04-14 – Approved by the IESG as Informational RFC Title: EAP Authentication Using Only A Password URL: http://www.ietf.org/internet-drafts/draft-harkins-emu-eap-pwd-14.txt Date: 2010-04-14 – Last Call: draft-ietf-avt-rtp-rfc3984bis (RTP Payload Format for H.264 Video) to Proposed Standar / Call: draft-ietf-avt-rtp-rfc3984bis (RTP Payload Format for H.264 Video) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-rfc3984bis (RTP Payload Format for H.264 Video) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-rfc3984bis-10.txt Date: 2010-04-16 – Approved by the IESG as Proposed Standard Title: A Uniform Resource Identifier for Geographic Locations (‘geo’ URI) URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-geo-uri-07.txt Date: 2010-04-16 – Approved by the IESG as Informational RFC Title: Location Hiding: Problem Statement and Requirements URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-location-hiding-req... Date: 2010-04-19 – Last Call: draft-ietf-mext-flow-binding (Flow Bindings in Mobile IPv6 and NEMO Basic Support) to Proposed Standar / Call: draft-ietf-mext-flow-binding (Flow Bindings in Mobile IPv6 and NEMO Basic Support) to Proposed Standard Title: ast Call: draft-ietf-mext-flow-binding (Flow Bindings in Mobile IPv6 and NEMO Basic Support) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mext-flow-binding-06.txt Date: 2010-04-21 – Last Call: draft-sheffer-emu-eap-eke (An EAP Authentication Method Based on the EKE Protocol) to Informational RF / Call: draft-sheffer-emu-eap-eke (An EAP Authentication Method Based on the EKE Protocol) to Informational RFC Title: ast Call: draft-sheffer-emu-eap-eke (An EAP Authentication Method Based on the EKE Protocol) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-sheffer-emu-eap-eke-06.txt Date: 2010-04-21 – Last Call: draft-hoffman-tls-additional-random-ext (Additional Random Extension to TLS) to Proposed Standar / Call: draft-hoffman-tls-additional-random-ext (Additional Random Extension to TLS) to Proposed Standard Title: ast Call: draft-hoffman-tls-additional-random-ext (Additional Random Extension to TLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-hoffman-tls-additional-random-... Date: 2010-04-21 – Last Call: draft-hoffman-tls-master-secret-input (Additional Master Secret Inputs for TLS) to Proposed Standar / Call: draft-hoffman-tls-master-secret-input (Additional Master Secret Inputs for TLS) to Proposed Standard Title: ast Call: draft-hoffman-tls-master-secret-input (Additional Master Secret Inputs for TLS) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-hoffman-tls-master-secret-inpu... Date: 2010-04-22 – Approved by the IESG as Proposed Standard Title: A Recommendation for IPv6 Address Text Representation URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-text-addr-representa... Date: 2010-04-22 – Last Call: draft-ietf-mpls-tp-survive-fwk (Multiprotocol Label Switching Transport Profile Survivability Framework) to Informational RF / Call: draft-ietf-mpls-tp-survive-fwk (Multiprotocol Label Switching Transport Profile Survivability Framework) to Informational RFC Title: ast Call: draft-ietf-mpls-tp-survive-fwk (Multiprotocol Label Switching Transport Profile Survivability Framework) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-survive-fwk-05.txt Date: 2010-04-23 – Approved by the IESG as Proposed Standard Title: Trust Anchor Management Protocol (TAMP) URL: http://www.ietf.org/internet-drafts/draft-ietf-pkix-tamp-08.txt Date: 2010-04-26 – Last Call: draft-santoni-media-type-tsd (The application/timestamped-data Media Type) to Informational RF / Call: draft-santoni-media-type-tsd (The application/timestamped-data Media Type) to Informational RFC Title: ast Call: draft-santoni-media-type-tsd (The application/timestamped-data Media Type) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-santoni-media-type-tsd-00.txt Date: 2010-04-26 – Last Call: draft-ietf-opsec-routing-protocols-crypto-issues (Issues with existing Cryptographic Protection Methods for Routing Protocols) to Informational RF / Call: draft-ietf-opsec-routing-protocols-crypto-issues (Issues with existing Cryptographic Protection Methods for Routing Protocols) to Informational RFC Title: ast Call: draft-ietf-opsec-routing-protocols-crypto-issues (Issues with existing Cryptographic Protection Methods for Routing Protocols) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-opsec-routing-protocols-c... Date: 2010-04-26 – Last Call: draft-ietf-avt-rtcp-guidelines (Guidelines for Extending the RTP Control Protocol (RTCP)) to Informational RF / Call: draft-ietf-avt-rtcp-guidelines (Guidelines for Extending the RTP Control Protocol (RTCP)) to Informational RFC Title: ast Call: draft-ietf-avt-rtcp-guidelines (Guidelines for Extending the RTP Control Protocol (RTCP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtcp-guidelines-03.txt Date: 2010-04-26 – Approved by the IESG as Proposed Standard Title: RSVP Extensions for Path-Triggered RSVP Receiver Proxy URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-proxy-proto-11... Date: 2010-04-26 – Approved by the IESG as Informational RFC Title: RSVP Proxy Approaches URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-rsvp-proxy-approach... Date: 2010-04-26 – Approved by the IESG as Proposed Standard Title: IP Mobility Support for IPv4, revised URL: http://www.ietf.org/internet-drafts/draft-ietf-mip4-rfc3344bis-10.txt Date: 2010-04-26 – Approved by the IESG as Proposed Standard Title: Algorithms for Asymmetric Key Package Content Type URL: http://www.ietf.org/internet-drafts/draft-turner-asymmetrickeyformat-alg... Date: 2010-04-26 – Re: Experimental RFC to be: draft-simpson-tcpct-02.tx / xperimental RFC to be: draft-simpson-tcpct-02.txt Title: e: Experimental RFC to be: draft-simpson-tcpct-02.txt URL: http://www.ietf.org/internet-drafts/draft-simpson-tcpct-02.txt Date: 2010-04-26 – Approved by the IESG as Informational RFC Title: Using Trust Anchor Constraints During Certification Path Processing URL: http://www.ietf.org/internet-drafts/draft-wallace-using-ta-constraints-0... Date: 2010-04-26 – Approved by the IESG as Informational RFC Title: Using and Extending the NSIS Protocol Family URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-ext-07.txt Date: 2010-04-27 – Last Call: draft-ietf-radext-tcp-transport (RADIUS Over TCP) to Experimental RF / Call: draft-ietf-radext-tcp-transport (RADIUS Over TCP) to Experimental RFC Title: ast Call: draft-ietf-radext-tcp-transport (RADIUS Over TCP) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-tcp-transport-06.txt Date: 2010-04-27 – Last Call: draft-krishnan-v6ops-teredo-update (Teredo Security Updates) to Proposed Standar / Call: draft-krishnan-v6ops-teredo-update (Teredo Security Updates) to Proposed Standard Title: ast Call: draft-krishnan-v6ops-teredo-update (Teredo Security Updates) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-krishnan-v6ops-teredo-update-0... Date: 2010-04-27 – Approved by the IESG as Proposed Standard Title: SDP Capability Negotiation URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-capability-neg... Date: 2010-04-27 – Last Call: draft-ietf-avt-rtp-gsm-hr (RTP Payload format for GSM-HR) to Proposed Standar / Call: draft-ietf-avt-rtp-gsm-hr (RTP Payload format for GSM-HR) to Proposed Standard Title: ast Call: draft-ietf-avt-rtp-gsm-hr (RTP Payload format for GSM-HR) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-gsm-hr-03.txt Date: 2010-04-28 – Last Call: draft-ietf-netconf-monitoring (YANG Module for NETCONF Monitoring) to Proposed Standar / Call: draft-ietf-netconf-monitoring (YANG Module for NETCONF Monitoring) to Proposed Standard Title: ast Call: draft-ietf-netconf-monitoring (YANG Module for NETCONF Monitoring) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-netconf-monitoring-12.txt Date: 2010-04-28 – Approved by the IESG as Experimental RFC Title: NAT/Firewall NSIS Signaling Layer Protocol (NSLP) URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-nslp-natfw-25.txt Date: 2010-04-28 – Approved by the IESG as Informational RFC Title: GIST State Machine URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-ntlp-statemachine-10... Date: 2010-04-28 – Second Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standar / d Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard Title: econd Last Call: draft-ietf-keyprov-symmetrickeyformat (Symmetric Key Package Content Type) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-symmetrickeyforma... Date: 2010-04-29 – Last Call: draft-ietf-6lowpan-routing-requirements (Problem Statement and Requirements for 6LoWPAN Routing) to Informational RF / Call: draft-ietf-6lowpan-routing-requirements (Problem Statement and Requirements for 6LoWPAN Routing) to Informational RFC Title: ast Call: draft-ietf-6lowpan-routing-requirements (Problem Statement and Requirements for 6LoWPAN Routing) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-routing-requireme... Date: 2010-04-29 – Approved by the IESG as Informational RFC Title: VoIP SIP Peering Use Cases URL: http://www.ietf.org/internet-drafts/draft-ietf-speermint-voip-consolidat... Date: 2010-04-29 – Last Call: rfc4049 (BinaryTime: An alternate format for representing date and time in ASN.1) to Proposed Standar / Call: rfc4049 (BinaryTime: An alternate format for representing date and time in ASN.1) to Proposed Standard Title: ast Call: rfc4049 (BinaryTime: An alternate format for representing date and time in ASN.1) to Proposed Standard URL: http://www.ietf.org/rfc/rfc4049.txt Date: 2010-04-30 – Last Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standar / Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standard Title: ast Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-send-cert-03.txt Date: 2010-04-30 – Last Call: draft-ietf-csi-send-name-type-registry (SEND Name Type field Registry) to Proposed Standar / Call: draft-ietf-csi-send-name-type-registry (SEND Name Type field Registry) to Proposed Standard Title: ast Call: draft-ietf-csi-send-name-type-registry (SEND Name Type field Registry) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-send-name-type-regist... Date: 2010-04-30 – Approved by the IESG as Proposed Standard Title: Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters URL: http://www.ietf.org/internet-drafts/draft-reschke-rfc2231-in-http-12.txt Date: 2010-04-30 – Last Call: draft-ietf-bmwg-protection-term (Benchmarking Terminology for Protection Perfor) to Informational RF / Call: draft-ietf-bmwg-protection-term (Benchmarking Terminology for Protection Perfor) to Informational RFC Title: ast Call: draft-ietf-bmwg-protection-term (Benchmarking Terminology for Protection Perfor) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-protection-term-08.txt Date: 2010-04-30 – Last Call: draft-ietf-marf-base (An Extensible Format for Email Feedback Reports) to Proposed Standar / Call: draft-ietf-marf-base (An Extensible Format for Email Feedback Reports) to Proposed Standard Title: ast Call: draft-ietf-marf-base (An Extensible Format for Email Feedback Reports) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-marf-base-04.txt Date: 2010-05-03 – Last Call: draft-ietf-netlmm-mip-interactions (Interactions between PMIPv6 and MIPv6: scenarios and related issues) to Informational RF / Call: draft-ietf-netlmm-mip-interactions (Interactions between PMIPv6 and MIPv6: scenarios and related issues) to Informational RFC Title: ast Call: draft-ietf-netlmm-mip-interactions (Interactions between PMIPv6 and MIPv6: scenarios and related issues) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-netlmm-mip-interactions-0... Date: 2010-05-03 – Last Call: draft-ietf-mboned-ipv4-uni-based-mcast (Unicast-Prefix-based IPv4 Multicast Addresses) to Proposed Standar / Call: draft-ietf-mboned-ipv4-uni-based-mcast (Unicast-Prefix-based IPv4 Multicast Addresses) to Proposed Standard Title: ast Call: draft-ietf-mboned-ipv4-uni-based-mcast (Unicast-Prefix-based IPv4 Multicast Addresses) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mboned-ipv4-uni-based-mca... Date: 2010-05-03 – Last Call: draft-kucherawy-authres-header-b (Authentication-Results Registration For Differentiating Among Cryptographic Results) to Proposed Standar / Call: draft-kucherawy-authres-header-b (Authentication-Results Registration For Differentiating Among Cryptographic Results) to Proposed Standard Title: ast Call: draft-kucherawy-authres-header-b (Authentication-Results Registration For Differentiating Among Cryptographic Results) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-kucherawy-authres-header-b-01.txt Date: 2010-05-03 – Approved by the IESG as Informational RFC Title: Sharing Transaction Fraud Data URL: http://www.ietf.org/internet-drafts/draft-mraihi-inch-thraud-09.txt Date: 2010-05-04 – Last Call: draft-ietf-syslog-dtls (Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog) to Proposed Standar / Call: draft-ietf-syslog-dtls (Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog) to Proposed Standard Title: ast Call: draft-ietf-syslog-dtls (Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-05.txt Date: 2010-05-05 – Approved by the IESG as Proposed Standard Title: IPv6 Subnet Model: the Relationship between Links and Subnet Prefixes URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-ipv6-subnet-model-12... Date: 2010-05-06 – Last Call: draft-ietf-softwire-ipv6-6rd (IPv6 via IPv4 Service Provider Networks “6rd”) to Proposed Standar / Call: draft-ietf-softwire-ipv6-6rd (IPv6 via IPv4 Service Provider Networks “6rd”) to Proposed Standard Title: ast Call: draft-ietf-softwire-ipv6-6rd (IPv6 via IPv4 Service Provider Networks “6rd”) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-ipv6-6rd-09.txt Date: 2010-05-07 – Approved by the IESG as Proposed Standard Title: Traversal Using Relays around NAT (TURN) Resolution Mechanism URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-turn-uri-10.txt Date: 2010-05-07 – Approved by the IESG as Experimental RFC Title: RMD-QOSM – The NSIS Resource Management in Diffserv QOS Model URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-rmd-20.txt Date: 2010-05-07 – Approved by the IESG as Proposed Standard Title: Web Linking URL: http://www.ietf.org/internet-drafts/draft-nottingham-http-link-header-10... Date: 2010-05-07 – Approved by the IESG as Proposed Standard Title: Channel Bindings for TLS URL: http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-10... Date: 2010-05-10 – Second Last Call: draft-freed-sieve-notary (Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions) to Proposed Standar / d Last Call: draft-freed-sieve-notary (Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions) to Proposed Standard Title: econd Last Call: draft-freed-sieve-notary (Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-notary-08.txt Date: 2010-05-10 – Approved by the IESG as Proposed Standard Title: Domain Certificates in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-domain-certs-07.txt Date: 2010-05-10 – Approved by the IESG as Proposed Standard Title: Asymmetric Key Packages URL: http://www.ietf.org/internet-drafts/draft-turner-asymmetrickeyformat-05.txt Date: 2010-05-12 – Approved by the IESG as Proposed Standard Title: Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP) URL: http://www.ietf.org/internet-drafts/draft-ietf-isms-dtls-tm-14.txt Date: 2010-05-12 – Approved by the IESG as Informational RFC Title: Using Advanced Encryption Standard (AES) Counter Mode with IKEv2 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-aes-ctr-ikev2-07.txt Date: 2010-05-12 – Last Call: draft-ietf-avt-rapid-rtp-sync (Rapid Synchronisation of RTP Flows) to Proposed Standar / Call: draft-ietf-avt-rapid-rtp-sync (Rapid Synchronisation of RTP Flows) to Proposed Standard Title: ast Call: draft-ietf-avt-rapid-rtp-sync (Rapid Synchronisation of RTP Flows) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rapid-rtp-sync-10.txt Date: 2010-05-13 – Last Call: draft-ietf-avt-srtp-not-mandatory (Why RTP Does Not Mandate a Single Security Mechanism) to Informational RF / Call: draft-ietf-avt-srtp-not-mandatory (Why RTP Does Not Mandate a Single Security Mechanism) to Informational RFC Title: ast Call: draft-ietf-avt-srtp-not-mandatory (Why RTP Does Not Mandate a Single Security Mechanism) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-not-mandatory-05... Date: 2010-05-13 – Approved by the IESG as Proposed Standard Title: Fast Handovers for Proxy Mobile IPv6 URL: http://www.ietf.org/internet-drafts/draft-ietf-mipshop-pfmipv6-13.txt Date: 2010-05-17 – Last Call: draft-ietf-ipsecme-eap-mutual (An Extension for EAP-Only Authentication in IKEv2) to Proposed Standar / Call: draft-ietf-ipsecme-eap-mutual (An Extension for EAP-Only Authentication in IKEv2) to Proposed Standard Title: ast Call: draft-ietf-ipsecme-eap-mutual (An Extension for EAP-Only Authentication in IKEv2) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-eap-mutual-02.txt Date: 2010-05-18 – Last Call: draft-ietf-nsis-ntlp-sctp (General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)) to Experimental RF / Call: draft-ietf-nsis-ntlp-sctp (General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)) to Experimental RFC Title: ast Call: draft-ietf-nsis-ntlp-sctp (General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-ntlp-sctp-12.txt Date: 2010-05-18 – Approved by the IESG as Proposed Standard Title: Specifying Holes in LoST Service Boundaries URL: http://www.ietf.org/internet-drafts/draft-ietf-ecrit-specifying-holes-03... Date: 2010-05-18 – Approved by the IESG as Proposed Standard Title: Improving TCP’s Robustness to Blind In-Window Attacks URL: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-13.txt Date: 2010-05-20 – Approved by the IESG as Proposed Standard Title: Internet Key Exchange Protocol: IKEv2 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ikev2bis-11.txt Date: 2010-05-24 – Approved by the IESG as Title: A Framework for MPLS in Transport Networks URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-framework-12.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: An Extensible Format for Email Feedback Reports URL: http://www.ietf.org/internet-drafts/draft-ietf-marf-base-06.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Using POST to add Members to Web Distributed Authoring and Versioning (WebDAV) Collections URL: http://www.ietf.org/internet-drafts/draft-reschke-webdav-post-08.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type URL: http://www.ietf.org/internet-drafts/draft-turner-encryptedkeypackagecont... Date: 2010-05-24 – Re: Informational RFC to be: draft-sharikov-idn-reg-05.tx / nformational RFC to be: draft-sharikov-idn-reg-05.txt Title: e: Informational RFC to be: draft-sharikov-idn-reg-05.txt URL: http://www.ietf.org/internet-drafts/draft-sharikov-idn-reg-05.txt Date: 2010-05-24 – Approved by the IESG as Informational RFC Title: Guidelines for Extending the RTP Control Protocol (RTCP) URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtcp-guidelines-04.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type URL: http://www.ietf.org/internet-drafts/draft-turner-encryptedkeypackagecont... Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) URL: http://www.ietf.org/internet-drafts/draft-ietf-softwire-ipv6-6rd-10.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: RTP Payload format for GSM-HR URL: http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-gsm-hr-03.txt Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Dynamic Extensions to the Presence Information Data Format Location Object (PIDF-LO) URL: http://www.ietf.org/internet-drafts/draft-singh-geopriv-pidf-lo-dynamic-... Date: 2010-05-24 – Approved by the IESG as Proposed Standard Title: Essential correction for IPv6 ABNF and URI comparison in RFC3261 URL: http://www.ietf.org/internet-drafts/draft-ietf-sip-ipv6-abnf-fix-05.txt Date: 2010-05-26 – Approved by the IESG as Proposed Standard Title: Cryptographic Message Syntax (CMS) Content Constraints Extension URL: http://www.ietf.org/internet-drafts/draft-housley-cms-content-constraint... Date: 2010-05-26 – Second Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standar / d Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard Title: econd Last Call: draft-ietf-keyprov-dskpp (Dynamic Symmetric Key Provisioning Protocol (DSKPP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-dskpp-11.txt Date: 2010-05-26 – Second Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standar / d Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard Title: econd Last Call: draft-ietf-keyprov-pskc (Portable Symmetric Key Container (PSKC)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-keyprov-pskc-06.txt Date: 2010-05-27 – Last Call: rfc5652 (Cryptographic Message Syntax (CMS)) to Full Standar / Call: rfc5652 (Cryptographic Message Syntax (CMS)) to Full Standard Title: ast Call: rfc5652 (Cryptographic Message Syntax (CMS)) to Full Standard URL: http://www.ietf.org/rfc/rfc5652.txt Date: 2010-05-28 – Last Call: draft-ietf-dnsext-dns-tcp-requirements (DNS Transport over TCP – Implementation Requirements) to Proposed Standar / Call: draft-ietf-dnsext-dns-tcp-requirements (DNS Transport over TCP – Implementation Requirements) to Proposed Standard Title: ast Call: draft-ietf-dnsext-dns-tcp-requirements (DNS Transport over TCP – Implementation Requirements) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dns-tcp-requiremen... Date: 2010-05-28 – Last Call: draft-ietf-hip-bone (HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment) to Experimental RF / Call: draft-ietf-hip-bone (HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment) to Experimental RFC Title: ast Call: draft-ietf-hip-bone (HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-bone-06.txt Date: 2010-05-28 – Last Call: draft-ietf-hip-via (Host Identity Protocol (HIP) Multi-hop Routing Extension) to Experimental RF / Call: draft-ietf-hip-via (Host Identity Protocol (HIP) Multi-hop Routing Extension) to Experimental RFC Title: ast Call: draft-ietf-hip-via (Host Identity Protocol (HIP) Multi-hop Routing Extension) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-via-01.txt Date: 2010-05-28 – Last Call: draft-ietf-hip-hiccups (HIP (Host Identity Protocol) Immediate Carriage and Conveyance of Upper- layer Protocol Signaling (HICCUPS)) to Experimental RF / Call: draft-ietf-hip-hiccups (HIP (Host Identity Protocol) Immediate Carriage and Conveyance of Upper- layer Protocol Signaling (HICCUPS)) to Experimental RFC Title: ast Call: draft-ietf-hip-hiccups (HIP (Host Identity Protocol) Immediate Carriage and Conveyance of Upper- layer Protocol Signaling (HICCUPS)) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-hip-hiccups-02.txt Date: 2010-05-31 – Last Call: draft-ietf-mpls-tp-data-plane (MPLS Transport Profile Data Plane Architecture) to Proposed Standar / Call: draft-ietf-mpls-tp-data-plane (MPLS Transport Profile Data Plane Architecture) to Proposed Standard Title: ast Call: draft-ietf-mpls-tp-data-plane (MPLS Transport Profile Data Plane Architecture) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-data-plane-03.txt Date: 2010-05-31 – Last Call: draft-ietf-bmwg-igp-dataplane-conv-term (Term Bnchmrk Link-State IGP Route Convrg) to Informational RF / Call: draft-ietf-bmwg-igp-dataplane-conv-term (Term Bnchmrk Link-State IGP Route Convrg) to Informational RFC Title: ast Call: draft-ietf-bmwg-igp-dataplane-conv-term (Term Bnchmrk Link-State IGP Route Convrg) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-igp-dataplane-conv-t... Date: 2010-06-01 – Approved by the IESG as ent Action: ‘Security Framework for MPLS and GMPLS Networks’ Title: Security Framework for MPLS an URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-mpls-and-gmpls-secur... Date: 2010-06-01 – Approved by the IESG as Proposed Standard Title: Cryptographic Algorithm Identifier Allocation for DNSSEC URL: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-alg-allocat... Date: 2010-06-01 – Last Call: draft-ietf-behave-address-format (IPv6 Addressing of IPv4/IPv6 Translators) to Proposed Standar / Call: draft-ietf-behave-address-format (IPv6 Addressing of IPv4/IPv6 Translators) to Proposed Standard Title: ast Call: draft-ietf-behave-address-format (IPv6 Addressing of IPv4/IPv6 Translators) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-address-format-08.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-dns64 (DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers) to Proposed Standar / Call: draft-ietf-behave-dns64 (DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard Title: ast Call: draft-ietf-behave-dns64 (DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-dns64-09.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-v6v4-framework (Framework for IPv4/IPv6 Translation) to Informational RF / Call: draft-ietf-behave-v6v4-framework (Framework for IPv4/IPv6 Translation) to Informational RFC Title: ast Call: draft-ietf-behave-v6v4-framework (Framework for IPv4/IPv6 Translation) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-v6v4-framework-09.txt Date: 2010-06-01 – Approved by the IESG as Proposed Standard Title: Discovering the Local Location Information Server (LIS) URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-lis-discovery-15.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-v6v4-xlate (IP/ICMP Translation Algorithm) to Proposed Standar / Call: draft-ietf-behave-v6v4-xlate (IP/ICMP Translation Algorithm) to Proposed Standard Title: ast Call: draft-ietf-behave-v6v4-xlate (IP/ICMP Translation Algorithm) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-v6v4-xlate-20.txt Date: 2010-06-01 – Last Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standar / Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard Title: ast Call: draft-ietf-behave-v6v4-xlate-stateful (Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-behave-v6v4-xlate-statefu... Date: 2010-06-03 – Last Call: draft-c1222-transport-over-ip (ANSI C12.22, IEEE 1703 and MC12.22 Transport Over IP) to Informational RF / Call: draft-c1222-transport-over-ip (ANSI C12.22, IEEE 1703 and MC12.22 Transport Over IP) to Informational RFC Title: ast Call: draft-c1222-transport-over-ip (ANSI C12.22, IEEE 1703 and MC12.22 Transport Over IP) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-c1222-transport-over-ip-03.txt Date: 2010-06-03 – Last Call: draft-ietf-nsis-applicability-mobility-signaling (NSIS Protocols operation in Mobile Environments) to Informational RF / Call: draft-ietf-nsis-applicability-mobility-signaling (NSIS Protocols operation in Mobile Environments) to Informational RFC Title: ast Call: draft-ietf-nsis-applicability-mobility-signaling (NSIS Protocols operation in Mobile Environments) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-applicability-mobili... Date: 2010-06-04 – Approved by the IESG as Proposed Standard Title: Filtering Location Notifications in the Session Initiation Protocol (SIP) URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-loc-filters-11.txt Date: 2010-06-04 – Approved by the IESG as Proposed Standard Title: Transmission of IPv4 packets over IEEE 802.16′s IP Convergence Sublayer URL: http://www.ietf.org/internet-drafts/draft-ietf-16ng-ipv4-over-802-dot-16... Date: 2010-06-04 – Approved by the IESG as Proposed Standard Title: Subject Key Identifier (SKI) SEND Name Type fields. URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-send-name-type-regist... Date: 2010-06-07 – Last Call: draft-ietf-csi-proxy-send (Secure Proxy ND Support for SEND) to Experimental RF / Call: draft-ietf-csi-proxy-send (Secure Proxy ND Support for SEND) to Experimental RFC Title: ast Call: draft-ietf-csi-proxy-send (Secure Proxy ND Support for SEND) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-csi-proxy-send-04.txt Date: 2010-06-07 – Last Call: draft-ietf-simple-msrp-sessmatch (Session Matching Update for the Message Session Relay Protocol (MSRP)) to Proposed Standar / Call: draft-ietf-simple-msrp-sessmatch (Session Matching Update for the Message Session Relay Protocol (MSRP)) to Proposed Standard Title: ast Call: draft-ietf-simple-msrp-sessmatch (Session Matching Update for the Message Session Relay Protocol (MSRP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-msrp-sessmatch-06.txt Date: 2010-06-07 – Last Call: draft-ietf-simple-msrp-acm (An Alternative Connection Model for the Message Session Relay Protocol (MSRP)) to Proposed Standar / Call: draft-ietf-simple-msrp-acm (An Alternative Connection Model for the Message Session Relay Protocol (MSRP)) to Proposed Standard Title: ast Call: draft-ietf-simple-msrp-acm (An Alternative Connection Model for the Message Session Relay Protocol (MSRP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-simple-msrp-acm-09.txt Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: IPFIX Mediation: Problem Statement URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-mediators-problem-s... Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-radext-status-server-09.txt Date: 2010-06-07 – Approved by the IESG as Proposed Standard Title: Teredo Security Updates URL: http://www.ietf.org/internet-drafts/draft-krishnan-v6ops-teredo-update-1... Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: The application/pkcs10 Media Type URL: http://www.ietf.org/internet-drafts/draft-turner-application-pkcs10-medi... Date: 2010-06-07 – Approved by the IESG as Informational RFC Title: The application/timestamped-data Media Type URL: http://www.ietf.org/internet-drafts/draft-santoni-media-type-tsd-00.txt Date: 2010-06-08 – Last Call: draft-ietf-martini-reqs (Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)) to Informational RF / Call: draft-ietf-martini-reqs (Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)) to Informational RFC Title: ast Call: draft-ietf-martini-reqs (Requirements for multiple address of record (AOR) reachability information in the Session Initiation Protocol (SIP)) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-martini-reqs-07.txt Date: 2010-06-08 – Last Call: draft-ietf-sipcore-invfix (Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests) to Proposed Standar / Call: draft-ietf-sipcore-invfix (Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests) to Proposed Standard Title: ast Call: draft-ietf-sipcore-invfix (Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-sipcore-invfix-01.txt Date: 2010-06-08 – Approved by the IESG as Proposed Standard Title: Ethernet Traffic Parameters URL: http://www.ietf.org/internet-drafts/draft-ietf-ccamp-ethernet-traffic-pa... Date: 2010-06-08 – Approved by the IESG as Proposed Standard Title: Expressing SNMP SMI Datatypes in XML Schema Definition Language URL: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-smi-datatypes-in-x... Date: 2010-06-08 – CORRECTED Approved by the IESG as CTED Document Action: ‘IPFIX Mediation: Problem Statement’ Title: IPFIX Me URL: http://www.ietf.org/internet-drafts/draft-ietf-ipfix-mediators-problem-s... Date: 2010-06-09 – Last Call: draft-ietf-proto-wgdocument-states (Definition of IETF Working Group Document States) to Informational RF / Call: draft-ietf-proto-wgdocument-states (Definition of IETF Working Group Document States) to Informational RFC Title: ast Call: draft-ietf-proto-wgdocument-states (Definition of IETF Working Group Document States) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-proto-wgdocument-states-0... Date: 2010-06-09 – Approved by the IESG as Proposed Standard Title: YANG – A data modeling language for the Network Configuration Protocol (NETCONF) URL: http://www.ietf.org/internet-drafts/draft-ietf-netmod-yang-13.txt Date: 2010-06-09 – Approved by the IESG as Proposed Standard Title: Forward Error Correction Grouping Semantics in Session Description Protocol URL: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-rfc4756bis-10.txt Date: 2010-06-09 – Last Call: draft-ietf-tsvwg-dtls-for-sctp (Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)) to Proposed Standar / Call: draft-ietf-tsvwg-dtls-for-sctp (Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-dtls-for-sctp (Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-dtls-for-sctp-05.txt Date: 2010-06-09 – Last Call: draft-ietf-6man-dns-options-bis (IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis) to Proposed Standar / Call: draft-ietf-6man-dns-options-bis (IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis) to Proposed Standard Title: ast Call: draft-ietf-6man-dns-options-bis (IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-6man-dns-options-bis-02.txt Date: 2010-06-10 – Last Call: draft-ietf-nsis-tunnel (NSIS Operation Over IP Tunnels) to Experimental RF / Call: draft-ietf-nsis-tunnel (NSIS Operation Over IP Tunnels) to Experimental RFC Title: ast Call: draft-ietf-nsis-tunnel (NSIS Operation Over IP Tunnels) to Experimental RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-nsis-tunnel-11.txt Date: 2010-06-10 – Approved by the IESG as Proposed Standard Title: Common YANG Data Types URL: http://www.ietf.org/internet-drafts/draft-ietf-netmod-yang-types-09.txt Date: 2010-06-10 – Approved by the IESG as Proposed Standard Title: Additional CMS Revocation Information Choices URL: http://www.ietf.org/internet-drafts/draft-turner-additional-cms-ri-choic... Date: 2010-06-10 – Re: Informational RFC to be / nformational RFC to be: Title: e: Informational RFC to be: URL: http://www.ietf.org/internet-drafts/draft-meadors-ediint-features-header... Date: 2010-06-10 – Last Call: draft-ietf-ipsecme-ipsec-ha (IPsec Cluster Problem Statement) to Informational RF / Call: draft-ietf-ipsecme-ipsec-ha (IPsec Cluster Problem Statement) to Informational RFC Title: ast Call: draft-ietf-ipsecme-ipsec-ha (IPsec Cluster Problem Statement) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ipsec-ha-06.txt Date: 2010-06-10 – CORRECTTION Re: Informational RFC to be: draft-meadors-ediint-features-header-07.tx / CTTION Re: Informational RFC to be: draft-meadors-ediint-features-header-07.txt Title: ORRECTTION Re: Informational RFC to be: draft-meadors-ediint-features-header-07.txt URL: http://www.ietf.org/internet-drafts/draft-meadors-ediint-features-header... Date: 2010-06-10 – Approved by the IESG as Proposed Standard Title: Use of the RSA-KEM Key Transport Algorithm in CMS URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-rsa-kem-13.txt Date: 2010-06-11 – Last Call: draft-stone-mgcp-vbd (Media Gateway Control Protocol Voiceband Data Package and General Purpose Media Descriptor Parameter Package) to Informational RF / Call: draft-stone-mgcp-vbd (Media Gateway Control Protocol Voiceband Data Package and General Purpose Media Descriptor Parameter Package) to Informational RFC Title: ast Call: draft-stone-mgcp-vbd (Media Gateway Control Protocol Voiceband Data Package and General Purpose Media Descriptor Parameter Package) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-stone-mgcp-vbd-07.txt Date: 2010-06-11 – Last Call: draft-ietf-bmwg-igp-dataplane-conv-meth (Benchmarking Methodology for IGP ) to Informational RF / Call: draft-ietf-bmwg-igp-dataplane-conv-meth (Benchmarking Methodology for IGP ) to Informational RFC Title: ast Call: draft-ietf-bmwg-igp-dataplane-conv-meth (Benchmarking Methodology for IGP ) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-bmwg-igp-dataplane-conv-m... Date: 2010-06-11 – Last Call: draft-mcgrew-fundamental-ecc (Fundamental Elliptic Curve Cryptography Algorithms) to Informational RF / Call: draft-mcgrew-fundamental-ecc (Fundamental Elliptic Curve Cryptography Algorithms) to Informational RFC Title: ast Call: draft-mcgrew-fundamental-ecc (Fundamental Elliptic Curve Cryptography Algorithms) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-mcgrew-fundamental-ecc-03.txt Date: 2010-06-11 – Approved by the IESG as Proposed Standard Title: Extensions to the Path Computation Element Communication Protocol (PCEP) for Point-to-Multipoint Traffic Engineering Label Switched Paths URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcep-p2mp-extensions-... Date: 2010-06-16 – Approved by the IESG as Proposed Standard Title: Use of SRV Records for Locating Email Submission/Access services URL: http://www.ietf.org/internet-drafts/draft-daboo-srv-email-05.txt Date: 2010-06-16 – Last Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standar / Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standard Title: ast Call: draft-ietf-geopriv-policy (Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-geopriv-policy-21.txt Date: 2010-06-16 – Last Call: draft-juskevicius-datatracker-wgdocstate-reqts (Requirements to Extend the Datatracker for WG Chairs and Authors) to Informational RF / Call: draft-juskevicius-datatracker-wgdocstate-reqts (Requirements to Extend the Datatracker for WG Chairs and Authors) to Informational RFC Title: ast Call: draft-juskevicius-datatracker-wgdocstate-reqts (Requirements to Extend the Datatracker for WG Chairs and Authors) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-juskevicius-datatracker-wgdocs... Date: 2010-06-18 – Last Call: draft-turner-suiteb-cmc (Suite B Profile of Certificate Management over CMS) to Informational RF / Call: draft-turner-suiteb-cmc (Suite B Profile of Certificate Management over CMS) to Informational RFC Title: ast Call: draft-turner-suiteb-cmc (Suite B Profile of Certificate Management over CMS) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-turner-suiteb-cmc-02.txt Date: 2010-06-18 – Last Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standar / Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard Title: ast Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-daboo-srv-caldav-05.txt Date: 2010-06-18 – Last Call: draft-elie-nntp-list-additions (Network News Transfer Protocol (NNTP) Additions to LIST Command) to Proposed Standar / Call: draft-elie-nntp-list-additions (Network News Transfer Protocol (NNTP) Additions to LIST Command) to Proposed Standard Title: ast Call: draft-elie-nntp-list-additions (Network News Transfer Protocol (NNTP) Additions to LIST Command) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-elie-nntp-list-additions-03.txt Date: 2010-06-21 – Approved by the IESG as Proposed Standard Title: Authentication-Results Registration For Differentiating Among Cryptographic Results URL: http://www.ietf.org/internet-drafts/draft-kucherawy-authres-header-b-04.txt Date: 2010-06-21 – Approved by the IESG as Proposed Standard Title: Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions URL: http://www.ietf.org/internet-drafts/draft-freed-sieve-notary-09.txt Date: 2010-06-21 – Re: Historic to be: draft-rosen-vpn-mcast-15.tx / istoric to be: draft-rosen-vpn-mcast-15.txt Title: e: Historic to be: draft-rosen-vpn-mcast-15.txt URL: http://www.ietf.org/internet-drafts/draft-rosen-vpn-mcast-15.txt Date: 2010-06-21 – Re:Informational RFC to be:draft-resman-idna2008-mappings-01.tx / formational RFC to be:draft-resman-idna2008-mappings-01.txt Title: e:Informational RFC to be:draft-resman-idna2008-mappings-01.txt URL: http://www.ietf.org/internet-drafts/draft-resman-idna2008-mappings-01.txt Date: 2010-06-22 – Last Call: draft-ietf-tsvwg-ecn-tunnel (Tunnelling of Explicit Congestion Notification) to Proposed Standar / Call: draft-ietf-tsvwg-ecn-tunnel (Tunnelling of Explicit Congestion Notification) to Proposed Standard Title: ast Call: draft-ietf-tsvwg-ecn-tunnel (Tunnelling of Explicit Congestion Notification) to Proposed Standard URL: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-ecn-tunnel-08.txt Date: 2010-06-24 – Last Call: draft-ietf-netmod-yang-usage (Guidelines for Authors and Reviewers of YANG Data Model Documents) to Informational RF / Call: draft-ietf-netmod-yang-usage (Guidelines for Authors and Reviewers of YANG Data Model Documents) to Informational RFC Title: ast Call: draft-ietf-netmod-yang-usage (Guidelines for Authors and Reviewers of YANG Data Model Documents) to Informational RFC URL: http://www.ietf.org/internet-drafts/draft-ietf-netmod-yang-usage-07.txt Date: 2010-06-24 – Approved by the IESG as Proposed Standard Title: A Generalized Framework for Kerberos Pre-Authentication URL: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-... Date: 2010-06-24 – Approved by the IESG as Informational RFC Title: The use of SVEC (Synchronization VECtor) list for Synchronized dependent path computations URL: http://www.ietf.org/internet-drafts/draft-ietf-pce-pcep-svec-list-05.txt]]> 767 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rpki-one-perspective-on-implementation/ Sun, 06 Mar 2011 19:07:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=769 recharter of the IETF Secure Inter-Domain Routing working group to cover this aspect have recently started. In 2006, the RIPE NCC started working on a resource certification system. ARIN and APNIC had started work on an implementation a year before that. Resource certification mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the RIRs, which in turn distribute them to local Internet registries (and, in some regions, national Internet registries), which then distribute the resources to their customers. In this implementation, initially the RIRs become certificate authorities, issuing X.509 certificates along with Internet resources. Since the launch of the Resource Certification service in the beginning of this year, hundreds of local Internet registries (LIRs) have enabled the service, providing them with several benefits. First, certification verifies the legitimacy of a resource’s allocation or assignment by an RIR. In other words, it offers validated proof of holdership. This can be vital when transferring Internet resources between parties. How can you confirm who is the rightful holder of the addresses? How can you be sure this block hasn’t already been sold? Certification helps to make resource transfers reliable and secure. Second, there is the routing aspect. It’s one thing to have people claim address blocks that are not theirs, it’s another for them to actually use those addresses on the Internet. We live in a world where any network operator can announce any prefix on their router, either intentionally or by mistake. We currently have Internet routing registries (IRRs) to help mitigate this issue, but there are more than 30 IRRs, with no means of confirming that all of the information in those IRRs is actually correct. The resource certification system allows for the prefix holder checking to be automated in a dependable, transparent, and standardized way. It has the potential to streamline ISP workflows while facilitating better routing security. The system works through the creation of Route Origin Authorization (ROA) objects. An ROA is a standardized document stating that the holder of a certain prefix authorizes a particular Autonomous System (AS) to announce that prefix. A valid ROA can only be created by the holder of the certificate for that address space. Anyone on the Internet can now validate if a route announcement is authorized by the legitimate holder of the address space. Several router manufacturers have committed to building certification support into their hardware, further expanding the potential. When building the roadmap for the certification service the RIPE NCC offers, we had to make critical decisions on which features to offer that the standards describe. We made a conscious choice to start with a limited feature set, and expand it over time as the IETF standards matured. In order to make the entry barrier into the system as low as possible, initially we are providing a hosted solution only. This means an LIR can log into a secured portal and generate a resource certificate covering their Internet number resources. The certificate is generated on the system and it not retrievable from the hardware security modules (HSM) we have in place. This creates a dilemma, because anyone who understands security will argue that you should always be the holder of your own private key, in all cases. In the end, though, we felt that quite a number of organizations would understand and accept the security trade-off of not being the owner of the private key for their resource certificate and trust their RIR to run a properly secured and audited service. Moving forward, we will focus on expanding the feature set of the service by making it possible for LIRs to run their own, local certificate authority that interfaces with the RIPE NCC. Second, we will build a notification system that warns the user if ROAs do not match real-world routing and lastly, we will work on a more comprehensive validator. Find more information here. Alex Band is product manager at the RIPE NCC]]> 769 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/zero-addresses-one-solution-two-problems/ Sun, 06 Mar 2011 19:10:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=771

The need to face the forthcoming global IPv4 address depletion, which means the introduction of IPv6 capabilities into network and service infrastructures

The need to guarantee IPv4 service continuity during the transition period when global IPv4 addresses will become even more scarce: that is, make sure customers can still access IPv4 content from an IPv4 terminal despite the scarcity of public IPv4 addresses.

The Need for IPv4 Service Continuity

The current thinking is that IPv4 service continuity can be addressed by introducing network address translation (NAT) capabilities into networks (also known as carrier-grade NAT or CGN) so that a global IPv4 address can be shared among several customers. But doing so may not be a good solution. While address-sharing issues and NAT hurdles have been extensively documented within the IETF, most service providers see them as little more than a necessary evil.

CGN Taxonomy

There are generally two kinds of CGN technologies: those that are used in addition to existing NAT capabilities and that are activated by customer-premises-equipment (CPE) devices, also known as double NAT, and those that rely on a single NAT. Double NAT Simply put, utilizing double NAT technology means that privately addressed IPv4 traffic that is sent by terminals located on the customer’s premises will first go through one level of NAT (embedded in the CPE) and then go through another level of NAT (embedded in the CGN). This approach has the advantage of not requiring customers or service providers to upgrade existing CPE devices. This is an especially attractive option for service providers that do not manage CPE equipment. There are, however, drawbacks to the double-NAT approach. First, in the double NAT design it is assumed that the regions of the network where CGN capabilities are activated enforce an IPv4 forwarding scheme based on the use of private IPv4 addresses. However, it is being done so at the cost of being exposed to the (complex) management of overlapping private addressing schemes in the network. That means the private addressing scheme enforced by the service provider in its network must not conflict with the customers’ own private addressing scheme; it assumes an agreement between the service provider and its customers that the customers are not using private IPv4 addresses that are assigned to the portion of the service provider’s network that is conveying privately addressed IPv4 traffic towards one of the available CGN capabilities. Second, double NAT designs assume that the CPE devices that are serviced by the same CGN are not communicating with each other by default, because incoming privately addressed traffic is usually discarded by the firewall embedded in the CPE. Therefore, such traffic needs to cross the CGN so that the initial private-source address can be translated into a global IPv4 address, which is what hairpinning is all about. Single-level NAT The IETF currently standardizes one version of the single-level-NAT approach, which is called dual stack-lite or DS-lite. Within the context of a DS-lite design, privately addressed traffic sent by terminals located on the customer’s premises is first encapsulated by the CPE into IPv6 datagrams, which are then forwarded to one of the available CGN capabilities. The DS-lite CGN will then, in turn, decapsulate the privately addressed IPv4 traffic and perform the usual NAT operation. Entries maintained by a DS-lite CGN device in its BIB (binding information base) assume the manipulation of a specific parameter that will unambiguously identify the CPE to which return traffic will be forwarded. Typically this parameter is the IPv6 source address used by the CPE to forward privately addressed IPv4 traffic toward one of the available CGN capabilities that are deployed in the network. Obviously, DS-lite designs assume an upgrade of the existing CPE so that it can support an IPv4-in-IPv6 encapsulation scheme. In addition, CPE devices need to be provisioned with the IPv6 reachability information of the CGN. Some might object to this kind of approach, arguing that it sustains the use of IPv4 instead of moving toward IPv6. In reality, DS-lite CGN technology can be seen as a true catalyst of IPv6 deployment because it requires that at least the access infrastructure is IPv6-enabled, which is not true of a double-NAT approach.

The Impacts of CGN

The introduction of CGN capabilities into networks raises a number of issues, the most important of which is the handling of user-generated content (UGC), meaning content that is provided and maintained by customers and that need to be accessed from the Internet. A UGC context assumes the ability to assign a specific port number to the device that supports such contents within the customer premises (for example, Port #80 for a website). This is currently handled in some environments by means of an Internet gateway device (IGD) protocol machinery specified by the UPnP (Universal Plug and Play) forum, where the terminal that maintains the contents will send a port number allocation request to the CPE, which will, in turn, manage the corresponding pinhole. In a DS-lite CGN environment, there is no NAT capability activated in the CPE anymore, hence raising an important UGC-inferred issue. From this perspective, the IETF has recently chartered a working group to specify the port control protocol (PCP) that aims to control a CGN (or a firewall) for port-number-management purposes. The PCP protocol relies upon a simple, client/server architecture. The PCP client can be embedded in the CPE, which, in this case, acts on behalf of the terminals connected to the CPE. This assumes the availability of an interworking function that, for instance, will convert IGD-formatted port number allocation requests into PCP-formatted messages that can be sent to a PCP server. Upon receipt of a PCP request message, the PCP server will then solicit the CGN to make sure the request can be satisfied (such as by allocating several port numbers to a given customer during a limited period of time). The base PCP protocol specification is expected to be published as a Standards Track RFC before H2 2011 and is seen as a key asset by some service providers for consolidating CGN design. CGN designs are not solutions to the global IPv4 address depletion; rather, they are meant to rationalize global IPv4 address usage during the transition period. They should not be regarded as alternatives to the deployment of IPv6; they should, in fact, encourage it.

France Telecom and IPv6

In 2008, France Telecom launched the IPv6 group-wise programme after more than 10 years of expertise in IPv6. The purpose of the programme is to define the group’s IPv6 strategy and support enforcement of this strategy by contributing to country-specific IPv6 projects being developed by the group’s affiliates. The programme covers both residential and corporate markets and encompasses both fixed and mobile environments. It is organized into three major phases:

• Phase 1 (2008–2010) focused on introducing elementary IPv6 capabilities into networks (including management of IPv6 addressing schemes, IPv6 forwarding and routing policies, IPv6-inferred devices, and customer management policies) and restricting the scope of the service to Internet access alone.
• Phase 2 (2009–2012) focuses on IPv6 instantiation of the whole range of service offerings provided by France Telecom, including advanced IP services, such as voice-over-Internet-Protocol (VoIP) and Internet Protocol television (IPTV) as well as emerging services, such as machine-to-machine communication,
• Phase 3 (2012 and beyond) will mean the introduction of IPv6 customers, networks, and services, yielding the design and the deployment of IPv6-only access and backbone infrastructures according to the revisited Pv4 address-depletion forecasts.

Service-wise, the group’s IPv6 strategy relies on a dual-stack architecture. Figure 1 offers a high-level, networking overview of this approach for fixed environments. In this architecture, CPE devices become dual-stack routers that are dynamically assigned an IPv6 prefix by means of DHCPv6 (dynamic host configuration protocol for IPv6). Both corporate and residential CPE devices are assigned a /56 prefix by default (in RIPE-dependent regions), but corporate customers can request the assignment of /48 prefixes as an option of the IPv6 virtual-private-network service offering that was launched in May 2009 (see here for example). For fixed environments, this design will inevitably include DS-lite CGN capabilities for the reasons that have been discussed earlier. The corresponding design depends on the distribution of DS-lite CGN capabilities that are, from an IP-forwarding standpoint, as close to the customer as possible. This is for several reasons, including performance (efficiency of the forwarding policy, time to access the service) and scalability (the number of customers to be serviced by a given DS-lite CGN capability will be equivalent to the number of customers who are currently connected to a given digital subscriber line access multiplexer, or DSLAM, device.

Mobile Services

The release 9 of the 3rd Generation Partnership Project specifications allows access to IPv4- and IPv6-formatted content using a single packet-data-protocol (PDP) context, hence an optimization of bandwidth resources. Applications should be address-family independent, meaning they should be used indifferently over an IPv4 or IPv6 stack so as to avoid any extra mobile handset complexity or cost for the customer while migrating towards IPv6. Within this context, IPv6-only PDP contexts will be established and access to IPv4-formatted content will rely on NAT64 capabilities to be deployed in the network (such as at the GGSN, or gateway GPRS support-node, level in 3G environments).

VoIP Services

Migration of VoIP services towards IPv6 will be gradual: IPv6 capabilities will first be introduced in the access-network infrastructure, meaning that access-session-border-controller devices become dual stack while the core of the network will remain IPv4. CPE devices also embed an IPv6 session-initiation-protocol user agent.

IPTV Services

Very often, existing IPTV services rely on a walled-garden design, wherein private IPv4 addressing schemes are used in overwhelming numbers, hence lowering the pressure to move towards IPv6. However, the simplification of access network infrastructures assumes the allocation of a unique, global IPv4 address to the CPE in order to access the network. As a consequence, IPTV services will be impacted by the global IPv4 address depletion. Similarly, as IPTV services evolve, they will likely include access to content located on the Internet. In that case, IPTV services would encompass so-called Web TV services, which naturally assumes a global IP addressing scheme, which will encourage the use of IPv6. Finally, we can expect homogenization of the IP interface through which a whole range of services can be accessed. As Internet services move toward a progressive introduction of IPv6 capabilities in network and service infrastructures (which it will need to do in order to access and deliver content), access to IPv6-formatted IPTV content becomes straightforward. And since multiprotocol label switching contributes to the overall QoS enhancement, it will become the primary forwarding scheme for conveying both IPv4- and IPv6-formatted content. The introduction of IPv6 in set-top boxes will primarily impact applications that solicit the network layer, such as when selecting a television programme or conducting a personal videoconference.

Current Status

Twelve country-specific IPv6 projects have been initiated since 2010, yielding IPv6 pilot deployments in Belgium, France, Moldova, Poland, Romania, and Senegal. Additional field trials will begin in 2011 while commercial IPv6 connectivity service will be available as early as 2012 for some country affiliates. These field trials will cover the scope of the migration phase of the programme, meaning some of the group’s affiliates will experiment with IPv6-enabled VoIP and IPTV services.

Lessons Learned

The IPv6 projects that were launched back in 2009 demonstrated that evangelization is key: decision makers need to thoroughly understand that there is no way but the IPv6 way if we are to sustain existing business and develop new markets. We have also learned that IPv6 deployment should not be presented as a tedious and complex set of isotropous operations (while major technological locks reside in the CPE devices and the IT infrastructure, there are not many in the network itself). Rather, IPv6 evangelists should promote the tremendous opportunities in terms of business development as well as cleaning up network designs that have proven to be inefficient, particularly when it comes time to forward VoIP or IPTV traffic. The forthcoming transition period will undoubtedly bring some difficulties, including the need for service providers to guarantee IPv4 service continuity when it will not be possible to assign a global IPv4 address to each and every (new) customer, which is likely to degrade the quality of service, particularly for those customers who will be serviced by a CGN. Even so, this does not mean we should not be encouraging, if not accelerating, migration toward IPv6. Last, but not least, there are still some vendors (mostly in the CPE and set-top box areas) who are not yet IPv6-minded. The oft-repeated “lack-of-business drivers” argument is no longer convincing thanks to a set of consolidated positions from the service and content providers’ communities. From that standpoint, standard bodies (and especially the IETF) have a key role to play in the promotion of IPv6: it is not only a matter of making sure the voice of service and content providers can be heard (by vendors), but also making sure that the standardization effort remains focused on IPv6 deployment issues. The clock is ticking, and we must be on IPv6 time.]]> 771 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv4-ipv6-coexistence-challenges-network-operators/ Sun, 06 Mar 2011 19:11:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=773 773 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-standards-work-draw-ict-professionals-to-ietf-79/ Sun, 06 Mar 2011 19:12:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=775 IETF 79 First-time Fellows

• Odira Elisha Abade (Kenya)
• Jeronimo Bezerra (Brazil)
• Khoudia Gueye Sy (Senegal)
• Yoon-Kit Yong (Malaysia)

IETF 79 Mentors

• Richard Barnes (BBN Technologies)
• Randy Bush (Internet Initiative Japan)
• Ross Callon (Juniper)
• Marshall Eubanks (Iformata Communications)
• Cristel Pelsser (Internet Initiative Japan)
• Atarashi Ray (Internet Initiative Japan)

Returning Fellows

• Baasansuren Burmaa (Mongolia)
• João Marcelo Ceron (Brazil)
• Sandra L. Céspedes (Colombia)
• Dorcas Muthoni Gachari (Kenya)
• Fernando Gont (Argentina)
• Muhammad Haris Shamsi (Pakistan)
• Pedro Rodrigues Torres, Jr. (Brazil)
• Carlos Alberto Watson Carazo (Costa Rica)

]]> 775 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-untethered-future-of-the-internet/ Sun, 06 Mar 2011 19:13:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=777

A host computer, or simply “host,” is the ultimate consumer of communication services. A host generally executes applications programs on behalf of user(s), employing network and/or Internet communication services in support of this function. […]

An Internet communication system consists of interconnected packet networks supporting communication among host computers using the Internet protocols. The networks are interconnected using packet-switching computers called “gateways” or “IP routers” by the Internet community[…].

The current Internet architecture is based on a set of assumptions about the communication system. The assumptions most relevant to hosts are as follows:

• (a) The Internet is a network of networks.Each host is directly connected to some particular network(s); its connection to the Internet is only conceptual. Two hosts on the same network communicate with each other using the same set of protocols that they would use to communicate with hosts on distant networks.
• (b) Gateways don’t keep connection state information.To improve robustness of the communication system, gateways are designed to be stateless, forwarding each IP datagram independently of other datagrams. As a result, redundant paths can be exploited to provide robust service in spite of failures of intervening gateways and networks. All state information required for end-to-end flow control and reliability is implemented in the hosts, in the transport layer or in application programs. All connection control information is thus colocated with the end points of the communication, so it will be lost only if an end point fails.
• (c) Routing complexity should be in the gateways.Routing is a complex and difficult problem, and ought to be performed by the gateways, not the hosts. An important objective is to insulate host software from changes caused by the inevitable evolution of the Internet routing architecture.
• (d) The System must tolerate wide network variation.A basic objective of the Internet design is to tolerate a wide range of network characteristics—e.g., bandwidth, delay, packet loss, packet reordering, and maximum packet size. Another objective is robustness against failure of individual networks, gateways, and hosts, using whatever bandwidth is still available. Finally, the goal is full “open system interconnection”: an Internet host must be able to interoperate robustly and effectively with any other Internet host, across diverse Internet paths.

Experiences of the past 20 years have already challenged some of the key points in RFCs 1122, 1123. The development and deployment of network address translators (NATs), as a mechanism for using a single IP address to give several computers access to the Internet, inherently challenges some of the principles of “Internet host.” Either the NAT “is” the Internet host, or the computers behind it are nonconforming hosts (because they are not individually addressable on the Internet—the “end to end” principle outlined in 1122/1123). Nor do Internet hosts typically conform to the applications expectations outlined in RFC 1123. In general, there has been a trend away from having each Internet host running a full suite of application services. The endpoints that Internet service providers enabled by providing access to home consumers were not naturally equipped or maintained as host servers. ISPs prevented, or charged extra (“business service”) for customers running their own server software (Web, mail, other). This was argued on the basis that these servers generated unwanted traffic—either in terms of legitimacy (spam) or simply volume. As the final unused IPv4 addresses are assigned, further distance from the requirements outlined in RFC 1122/23 can be expected in the IPv4 Internet, at least, with the deployment of “Carrier Grade NATs” (CGNs), which share a single IP address across multiple customer (networks) at a time. There is little argument that the Internet is still in full “growth mode”. More users are coming online, and more people have more devices connected to the Internet at any given time, between their desktops, laptops, and (smart) mobile phones. They may even have some of which they are not aware—their home entertainment boxes, their thermostats, and maybe eventually their refrigerators. Some “size” numbers, from IDC . “There were more than 450 million mobile Internet users worldwide in 2009, a number that is expected to more than double by the end of 2013. Driven by the popularity and affordability of mobile phones, smartphones, and other wireless devices, IDC’s Worldwide Digital Marketplace Model and Forecast (an IDC Database service) expects the number of mobile devices accessing the Internet to surpass the one billion mark over the next four years. [...] The most popular online activities of mobile Internet users are similar to those of other Internet users: using search engines, reading news and sports information, downloading music and videos, and sending/receiving email and instant messages.” and “• More than 1.6 billion devices worldwide were used to access the Internet in 2009, including PCs, mobile phones, and online videogame consoles. By 2013, the total number of devices accessing the Internet will increase to more than 2.7 billion. • China continues to have more Internet users than any other country, with 359 million in 2009. This number is expected to grow to 566 million by 2013. The United States had 261 million Internet users in 2009, a figure that will reach 280 million in 2013. India will have one of the fastest growing Internet populations, growing almost two-fold between 2009 and 2013.” Apart from the obvious indicators of growth, what these data show is that the future Internet will feature many more untethered devices, and, importantly, that people expect to be able to do all their “usual” Internet activities while on the move. The realities faced by mobile and other networks of small devices (sensor networks) were discussed during the week of IETF 79 at an Internet Society hosted panel discussion (see page 5). Some of the issues identified are not actually new—constrained bandwidth, concerns about processing power being insufficient to support the full Internet protocol suite. However, the shear number and scope of the expected growth in the area of Internet access through mobile handsets, sensor networks, etc, suggest that the expected impact and design decisions should be reviewed. Untethered devices are typically more constrained in their processing capabilities than traditional Internet hosts. Sensor hardware development has pushed back on implementing the full Internet protocol stack on the claim of lack of processing capability (and lack of perceived need for all those features). While the modern smartphone has more processing power than the average Internet host had when 1122/23 were written, their display and input capabilities are still quite limited as compared to more general purpose Internet hosts. Power is a real concern for untethered devices: it is finite. Furthermore, it may be necessary to ensure some power reserves in order to carry out a primary function (e.g., make a phone call; communicate an update from a sensor, etc). Therefore, untethered devices tend not to be “always on”, and can’t reasonably be the policy enforcement point for deciding which traffic to ignore: unwanted traffic is expensive, and a device that is deciding whether it is acceptable or not has already received at least some portion of the traffic. Connectivity often poses a problem, as well. Bandwidth may be relatively constrained, and is currently costly to the end user. These are somewhat tied to business models of the access providers, but those, in turn, are influenced by the finite availability of spectrum, and the costs of obtaining licenses, for example. Altogether, these untethered devices highlight further possible stretching of the expectations of Internet hosts. The number of users (people) associated with a given host may be 0 (sensor), 1 (mobile handset), or several (server machines, shared computers), or even fractional (one user’s context spread across several devices). This has implications in terms of expectations for identifiers—for hosts and for users. In today’s Internet, there is an (often inaccurate) operational assumption that individual accountability can be tied to an IP (host) address. This will be increasingly inaccurate as the model of users-to-connections evolves. The notion of connectivity is put into question by untethered devices that must cope with power reserve limitations. Rather than being always-on, always-reachable, individual hosts may choose to be selective about the time and type of connections accept. This is consistent with the 1122/23 model of putting control at the endpoints, but challenges the premises of supporting a set of always-on services in each conforming Internet host. Alternatively, considering a “split node” approach, with a set of policies implemented on a fixed server governing policies for which traffic gets forwarded to the untethered device, would allow the support for those application services in the split-node host, but may challenge the principle of putting the control at the endpoint (untethered device, in this case). Untethered devices further challenge the notion of network positioning: future Internet hosts may be stable in the network, mobile within one network type, mobile between network types (e.g., wifi and mobile data), or even providing multiple network interfaces with different policies in place at the same time. That is, a mobile handset may be open to all traditional Internet host connections over the wifi interface, but operating in selective mode over a mobile data network, at the same time. The challenge, going forward, will be to determine which of these present new Internet architecture design requirements, because of a change in nature or scale, and which of them represent technology growing pains that have been seen before and will be overcome again. Certainly, there is, and has long been, work done within the IETF to address some of the base issues. There have been a number of working groups focused on mobile IP (Mobile IP WG and follow on work) and policy frameworks (e.g., COPS-PR—RFC3084). Application protocols have looked to accommodate different user realities (numbers of users per device, device capabilities, etc). Delay Tolerant Networking has explored the issue of handling networking in a context with unprecedented round trip times and other related constraints—in interplanetary IP. And there are ongoing discussions of whether or how to introduce new identifiers within the application or routing infrastructures. Each represents a fascinating challenge in its own right. The questions raised, but not answered, during the briefing panel, suggest answers that run through the fabric of many working groups, recognizing the changing landscape of Internet hosts, rather than point solutions. Perhaps the best way to look at the future is to look away from the trendlines, and focus on “what good looks like”. For users, the important thing is for their experience of Internet-delivered services to be consistent across network locations and hosts. In the last decade, this has been at the heart of arguments for a single DNS root, and efforts to prevent “balkanization” of the Internet. The principle is important, going forward, even as the differences of access platforms will necessarily challenge the definition of “same”. Diversity and openness remain critical in Internet deployment, in order to continue to foster innovation. 1122/23 stress the importance of recognizing that individual networks would be set up and operated according to local design choices. The open Internetwork application framework is what has permitted the creation of novel applications without requiring permission from network operators or device manufacturers for deployment. The World Wide Web was one such idea that took hold like wildfire. Time and again, users and usage of Internet have laid the groundwork for the Internet’s evolution, not some master control. It’s important to retain the ability to support that kind of innovation and open experience, as provided for in the hosts requirements in 1122/23. In that light, the notion of an open standard “split node” model, with individual users establishing and controlling preferences for policies, would allow more growth and innovation than, for instance, “one size fits all” policy assumptions implemented as network operator private controls. In the end, then, it’s clear the future Internet will support many users and uses based on untethered devices, and thus feature hosts that exceed the expectations of 1122/23. But the framework in those documents is sound: provide a set of requirements for interoperation at the transport and application levels, and unfettered innovation will follow. Time will tell whether the requirements of hosts are updated to accommodate the practical realities of power and bandwidth constraints understood with untethered devices, or whether the “host” will become some tethered server supporting multiple roaming devices, for example. The only wrong choice is no choice at all.]]> 777 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2010/ Fri, 08 Oct 2010 16:29:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1310 1310 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-79-at-a-glance/ Tue, 01 Mar 2011 14:37:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1617

75 IETF WGs

23 IETF Individuals

10 IRTF, IAB, and Independent combined.

IANA Actions ( July-October 2010 ) IETF- Related requests processed: 1468

• 717 private enterprise numbers
• 82 port numbers
• 54 TRIP ITAD numbers
• 23 Language subtag requests
• 87 media-type requests

In addition, IANA:

• Reviewed 97 I-Ds in Last Call
• Reviewed 101 I-Ds in IESG Evaluation
• Reviewed 101 I-Ds prior to becoming RFC and 57 contained actions for IANA

]]> 1617 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar-october-2011/ Thu, 06 Oct 2011 16:48:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=538 IETF 82

• 13-18 November 2011
• Host: Taiwan Network Information Center (TWNIC)
• Location: Taipei, TW

IETF 83

• 25–30 March 2012
• Host: TBD
• Location: Paris, FR

IETF 84

• 29 July–3 August 2012
• Host: Google
• Location: Vancouver, BC, CA

IETF 85

• 4-9 November 2012
• Host: North American Cable Industry
• Location: Atlanta, GA, USA

This article was posted on 27 October 2011 .]]> 538 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-october-2011/ Thu, 06 Oct 2011 16:49:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=542

Delay-Tolerant Networking RG

Peer-to-Peer RG

Network Management RG

IP Mobility Optimizations RG

Host Identity Protocol RG

Scalable Adaptive Multicast RG

Virtual Networks RG

In addition, a first IRTF Open Meeting was held. The purpose of an Open Meeting is to allow interested IETF attendees to get a quick overview of all current IRTF activities and to discuss topics that are of IRTF-wide relevance, such as proposals to form new research groups. It is expected that IRTF Open Meetings will be held regularly during IETF meeting weeks. The IRTF Open Meeting is also where the awardees of the Applied Networking Research Prize (ANRP) give their invited talks. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts, and is supported by the Internet Society in coordination with the IRTF. For IETF 81, two ANRPs were awarded. The awardees were Mattia Rossi for his research into reducing BGP traffic, and Beichuan Zhang for his research into “green” traffic engineering. The ANRP selection process for IETF 82 is currently underway, with decisions expected at the end of September 2011. See http://irtf.org/anrp for details. Several of the IRTF’s current research groups are nearing the end of their chartered work. These include the Traffic Modeling RG, the Anti-Spam RG, the Host Identity Protocol RG, and the Routing RG. These groups are discussing whether to take on new work or to close. Researchers in the relevant areas are encouraged to suggest topics for potential future collaboration. On the IRTF RFC Stream, eight new RFCs were published since IETF 80. Six of those RFCs came out of the Delay-Tolerant Networking RG, which has now published the bulk of the experimental DTN specifications and supporting documents. The Routing RG and the IP Mobility Optimizations RG each published one RFC. Please join the IRTF discussion list to stay informed: http://www.irtf.org/mailman/listinfo/irtf-discuss. This article was posted on 27 October 2011 .]]> 542 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-81-at-a-glance-october-2011/ Thu, 06 Oct 2011 16:50:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=545 545 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-meeting-calendar/ Wed, 06 Jul 2011 17:12:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=598 IETF 81

• 24-29 July 2011
• Host: Research in Motion (RIM)
• Location: Quebec City, CA

IETF 82

• 13-18 November 2011
• Host: Taiwan Network Information Center (TWNIC)
• Location: Taipei, TW

IETF 83

• 25–30 March 2012
• Host: TBD
• Location: Paris, FR

IETF 84

• 29 July–3 August 2012
• Host: Google
• Location: Vancouver, BC, CA

]]> 598 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-july-2011/ Wed, 06 Jul 2011 17:13:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=603 [1] and Beichuan Zhang[2] for his research into “green” traffic engineering. Both researchers have been invited to present their findings at the IRTF Open Meeting, to be held during IETF 81, 24–29 July 2011, in Quebec City, Canada.

Future Calls for Nominations

A call for nominations will be issued this summer targeting IETF 82 in Taipei, Taiwan, in November 2011. For 2012, we are considering switching to a yearly nomination/award cycle, with a call for nominations in late 2011 that will cover all three IETF meetings planned for 2012. Those interested in receiving future calls for ANRP nominations should subscribe to the IRTF-Announce mailing list. You are also encouraged to join the Internet Society (http://www.InternetSociety.org/get-involved) to stay informed of other networking research initiatives.

About the ANRP

The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. Researchers with relevant, recently published results are encouraged to apply for this prize, which offers the opportunity to present and discuss their work with the engineers, network operators, policymakers, and scientists who participate in the IETF and the IRTF. Third-party nominations for this prize are also encouraged. The goal of the ANRP is to recognize the best new ideas in networking and bring them to the IETF and IRTF, especially in cases where they would not otherwise see much exposure or discussion. The Applied Networking Research Prize (ANRP) consists of the following:

• a cash prize of USD 500
• an invitation to speak at the IRTF Open Meeting
• a travel grant to attend the week-long IETF meeting that covers airfare, hotel, registration, and stipend
• recognition at the IETF plenary
• an invitation to related social activities
• the potential for additional travel grants to future IETF meetings, based on community feedback

The ANRP will be awarded three times per year, in conjunction with the three annual IETF meetings. Applicants must nominate a peer-reviewed, recently-published, original journal, conference or workshop paper. Both self nominations (nominating one’s own paper) and third-party nominations (nominating someone else’s paper) are encouraged. The nominee must be one of the main authors of the nominated paper. The nominated paper should provide a scientific foundation for possible future IETF engineering work or IRTF experimentation, analyze the behavior of Internet protocols in operational deployments or realistic testbeds, make an important contribution to the understanding of Internet scalability, performance, reliability, security or capability, or otherwise be of relevance to ongoing or future IETF or IRTF activities. Applicants must briefly describe how the nominated paper relates to these goals, and are encouraged to describe how presentation of these research results will foster their transition into new IETF engineering or IRTF experimentation, or otherwise seed new activities that will have an impact on the real-world Internet. The goal of the ANRP is to foster the transitioning of research results into real-world benefits for the Internet. Therefore, applicants must indicate that they (or the nominee, in case of third-party applications) are available to attend the respective IETF meeting in person and in its entirety. Nominations for the ANRP are not considered to be contributions to the IETF. However, the invited talks at the IRTF Open Meeting are considered to be contributions to the IETF, and the IETF “Note Well” does apply to them.

Selection Process

A small selection committee composed of individuals who are knowledgeable about the IRTF, IETF, and the broader networking research community will evaluate the submissions against the selection criteria. The goal is to select one or two submissions for the ANRP during each application period. All applicants will be notified by email. The current ANRP selection committee includes:

• Mark Allman, ICIR
• Lou Berger, LabN
• Ross Callon, Juniper
• Lars Eggert, Nokia Research Center
• Olivier Festor, INRIA
• Mat Ford, the Internet Society
• Andrei Gurtov, HIIT
• Al Morton, AT&T Laboratories
• Bruce Nordman, LBL
• Jörg Ott, Aalto University
• Stefano Previdi, Cisco
• Martin Stiemerling, NEC Laboratories

The ANRP is supported by the Internet Society as part of its Internet Development and Evolution Awards Programme, in coordination with the IRTF.

---

^[1]. Geoff Huston, Mattia Rossi, and Grenville Armitage. A Technique for Reducing BGP Update Announcements through Path Exploration Damping. IEEE Journal on Selected Areas in Communications (JSAC), Vol. 28, No. 8, pp. 1271–1286, October 2010 ^[2]. Mingui Zhang, Cheng Yi, Bin Liu, and Beichuan Zhang. GreenTE: Power-Aware Traffic Engineering. Proc. IEEE International Conference on Network Protocols (ICNP), pp. 21–30, October 2010 This article was posted on 2 August 2011]]> 603 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-80-at-a-glance/ Wed, 06 Jul 2011 17:14:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=606

Registered attendees: 1196

Newcomers: 173

Number of countries: 49

New WGs: 11

WGs closed: 14

WG currently chartered: 121

New Internet-Drafts: 608

• 191 updated
• 54 updated more than once

Updated Internet-Drafts: 1237

IETF Last Calls: 151

Internet-Drafts approved for publication: 164

RFC Editor Actions (November 2010–February 2011)

• RFCs published: 74 (about 1940 pages)
• I-Ds submitted for publications
  • 32 IETF individuals
  • 9 IRTF, IAB, and independent combined

IESG Observations

RFC Editor Average Processing Time

• Edit: 3.5 weeks
• RFC Edit: 1.9 weeks
• Auth48: 2.0 weeks

IANA Activity since IETF 79 (November 2010-February 2011)

• Processed 1468 IETF-related requests, including:
  • 680 private enterprise number requests
  • 79 port number requests
  • 47 TRIP ITAD number requests
  • 15 language subtag requests
  • 46 media-type requests
• Reviewed 136 I-Ds in Lat Call and reviewed 134 I-Ds in IESG Evaluation
• Reviewed 117 I-Ds prior to becoming RFCs and 57 of them contained actions for IANA

]]> 606 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-12/ Wed, 06 Jul 2011 17:15:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=610 http://www.ietf.org/tao.html) If you are inspired to arrange a BoF meeting, please be sure to read RFC 5434: Considerations for Having a Successful Birds-of-a-Feather (BoF) Session. Full descriptions of the BoFs that took place during IETF 80 in Prague, the Czech Republic, can be found on the wiki at http://trac.tools.ietf.org/bof/trac/wiki/WikiStart.

RTCWEB – Real Time Communication on the World Wide Web

Description: Many implementations have been made that use a Web browser to support direct, interactive communications, including voice, video, collaboration, and gaming. In these implementations, the Web server acts as the signalling path between these applications, using locally significant identifiers to set up the association. Up until now, such applications have typically required the installation of plugins or nonstandard browser extensions. There is a desire to standardize this functionality so that these types of applications can be run in any compatible browser and allow for high-quality real-time communications experiences within the browser. Minutes: http://www.ietf.org/proceedings/80/minutes/rtcweb.txt Outcome: This effort, spearheaded by Google, but with coinitiative takers including Cisco, Ericsson, Mozilla, and Skype, aims to establish standards for enabling browsers to send audio and video between each other without the need for media intermediaries, which would make interactive video a commonplace rather than a specialized undertaking. The meeting was very well attended (more than 250 attendees) and showed both strong support for letting this go forward and quite good consensus that we had achieved “roughly the right level” in the proposed charter. The Friday work session laid out some of the challenges ahead, including thorny issues such as what happens when intellectual property rights claims meet “mandatory to implement.” The work will go forward in cooperation with the W3C.

CDNI—Content Distribution Network Interconnection

Description: There is an emerging requirement for interconnecting content delivery networks (CDNs) so they can interoperate as an open content delivery infrastructure for the end-to-end delivery of content from Content Service Providers (CSPs) to end users. This BoF is an opportunity to discuss the proposed development of IETF standards to facilitate such CDN interconnection. These standards might include protocols for the following. Exchange of metadata between CDNs Exchange of transaction logs and monitoring information Exchange of request-routing information Exchange of policies & capabilities Content management/flushing Minutes: http://www.ietf.org/proceedings/80/minutes/cdni.htm Outcome: Approximately 120 people attended the CDNI BoF. The first presentations established the multiple-use cases that network service providers have for CDN interconnection (such as footprint extension, off-net delivery, offload and fail-over, multivendor, and over the top content providers) and introduced the key missing touch-points needed across CDNs. The CDN interconnection experiments presented next confirmed the feasibility of content delivery across two CDNs while bringing to light the limitations resulting from the lack of a standard approach. A poll of the audience revealed a strong agreement that there was a real problem that needs solving. The next few presentations articulated the overall CDNI architecture as well as the functional role and requirements for each of the four inter-CDN interfaces that would be in the scope of the CDNI WG (CDNI Request-Routing, CDNI Distribution Metadata Exchange, CDNI Logging, and CDNI Control). The resulting discussion concluded that the CDNI WG would need to document the threat analysis, including discussion of the CDNI trust model and privacy issues. The next discussion centred on the question of whether CDNI required new protocol or protocol extensions. The key outcome is that the CDNI work is expected to involve definition of new schemas (such as the definition of a Web services-style of interface), but no new schema languages and no new protocol or protocol extensions. A show of hands indicated consensus that the problem was well understood and that the IETF was the right place to solve it. After review of the draft charter and some real-time tweaks, there was consensus in the room that the draft charter identifies the right set of deliverables and that a WG should be created with that charter. Many individuals volunteered to be editors or reviewers of the CDNI deliverables. The charter has been refined and the the IESG recently announced formation of the CDNI working group in the Transport Area. The CDNI WG will hold its first meeting during IETF 81.

Plasma–Policy Augmented S/MIME

Description: Current S/MIME mechanisms provide cryptographic access to a message based on the identity of the recipient at the time of transmission. Any additional access-control enforcement depends on the configuration of the recipient’s email client. Several Internet-Drafts have been submitted that establish a more robust access-control mechanism, where cryptographic access to a message is only granted after the access check. This proposed WG would develop a framework for enforcing a more robust access-control mechanism, based on existing CMS, S/MIME, and SAML-based policy-enforcement standards. The WG will also develop any necessary extensions to these base protocols specific to this problem space. Minutes: http://www.ietf.org/proceedings/80/minutes/plasma.txt Outcomes: Despite some original concerns that the work is only of interest to a limited group of people, the meeting was well attended and there was active participation in the discussion of related use cases. Some interest in using a ABFAB-capable solution together with the policy server was expressed. One area director questioned why sending secure email can’t be done using only Web protocols (without SMTP at all), eliminating the need for S/MIME. Proponents answered that users still like to use email for many tasks, so building upon/fixing existing secure email is a desired goal. At the end of the meeting several participants (in addition to the BoF proponents) expressed their desire to work on something in this space. Several people were also interested in use of the proposed architecture for non-email use cases (such as with XMPP or for website access controls). As there was no strong consensus that a WG should be formed, the proposed charter was not discussed. This will be done on the mailing list at an appropriate time. Some questions were raised about whether the proposal presented was the best design and whether something else (which can turn out to be more generic) can be used. The discussion on the mailing list is ongoing. It is currently unclear whether this proposal will go on to form a WG.

PAWS–Protocol to Access White Space Database

Description: As nations struggle to provide radio spectrum for use with wireless Internet bandwidth, there are problems with incumbents in a given band. The incumbents may use the spectrum inefficiently, especially geographically; for instance, there may be large regions where a particular band is not used at all and others where use is only in a portion of the band. Recently, techniques have been developed that attempt to share spectrum between incumbents and new users. The generic term for this is ”white space.” For example, in over-the-air TV bands, spectrum is divided into channels. In any one area it is possible that not all channels have TV transmitters in range. There is a desire among many regulators to make this prime spectrum available for Internet access and other uses, as long as the new use does not interfere with existing TV band use. The U.S. Federal Communications Commission has freed up its digital TV spectrum for unlicensed use and has crafted rules and regulations that require compliance. The available spectrum and associated channels for use vary on a regional basis. In the United States, as in many other countries, there are other incumbents besides the television broadcasters. Spectrum and channel availability is dynamic while spectrum use requires verification of availability prior to use (and periodically on an ongoing basis). The U.S. regulator has decided that all new users of the TV band white space (“TV Band Device” or TVBD) must query a database with the location of the TVBD and receive from the database a list of available channels that it may use. Multiple databases containing the information about available channels for use at a given location are expected to exist. A device is required to query the database for available channels and associated information. There are several scenarios that the U.S. regulation permits, which include a simple tower/client arrangement where the tower queries the database on behalf of itself and its client TVBDs and ad-hoc mobile networks where at least one TVBD in the ad-hoc network has another path to the Internet that can query the database. Minutes: http://www.ietf.org/proceedings/80/minutes/paws.txt Outcome: The BoF went very well. After everyone was brought up to the same level on what White Space is, how it works, and what the group wanted an IETF WG to do, participants engaged in a number of lively discussions on privacy and security issues and how the group may be able to achieve its goals of supporting database queries that are independent of physical layer, spectrum band, or nation. Several suggestions were made for charter language improvement in these areas. A number of people in the room indicated that they would contribute or review contributions. It is common at this stage to have little opposition to creating a WG but only a relatively small number of people willing to do work. This BoF attracted roughly two to three times the usual number of people indicating they would be active participants. The IAB and IESG have been discussing the charter. It does look like the group will have approval to form a Working Group, albeit with some further changes to the scope and, specifically, in the security and privacy text on the proposed charter. An interesting aspect of this work is that the participants did not suggest a specific area, as the work does not seem to fit neatly into any of the area definitions particularly well but, rather, it touches on a number of them. In the end, it seems like we it be in the Apps area.

Renum–Site Renumbering

Description: As outlined in RFC 5887, renumbering, especially for medium to large sites and networks, is viewed as an expensive, painful, and error-prone process, often avoided by network managers as much as possible. Some would argue that the very design of IP addressing and routing makes automated renumbering intrinsically impossible. In fact, managers have an economic incentive to avoid renumbering, with many resorting to private addressing and Network Address Translation (NAT). Consequently, mechanisms for managing the scaling problems of wide-area (BGP4) routing that require site renumbering are often dismissed as unacceptable. Even so, renumbering is sometimes unavoidable. The task of the proposed RENUM Working Group is to (1) identify specific renumbering problems in the context of site-wide renumbering and (2) develop point solutions and system solutions to address those problems (or, if appropriate, to stimulate such development in other Working Groups). The principal target will be solutions for IPv6, but solutions that apply equally to IPv4 may be considered. Minutes: http://www.ietf.org/proceedings/80/minutes/renum.txt Outcomes: While there was an encouraging level of interest expressed in the BoF in terms of people willing to work on this topic, it was also recognized (quite rightly) that renumbering is a huge area and that trying to solve all renumbering issues in one go is unrealistic. The discussions in the BoF raised a number of ways that the work could be more focused. Therefore, since the meeting, the BoF has been working on scoping the potential WG charter to allow achievable, but useful, goals to be defined. There is significant concern over the potential increase in the size of backbone routing tables should large numbers of end sites adopt IPv6 PI addressing. Thus, focusing the work on (managed) IPv6 enterprise networks and (unmanaged) SOHO networks is one avenue to scope the work more realistically. As IPv6 becomes more widely deployed, it is expected that we would have developed appropriate new operational and protocol elements so that site renumbering will be seen as a more routine event. A first step for a new WG could thus be undertaking scenario-based descriptions, including documentation of current capabilities and best practices. These texts can then contribute to a gap analysis that also draws on existing published work in RFC 4192 and RFC 5887. In parallel, a review of current IP address-management practices would be performed to determine if a more appropriate model for supporting site renumbering might be devised. This initial programme of work would not lead immediately to new protocols or practices, but a subsequent WG recharter would identify how and where such work could be done. Implicitly, such a focus would mean a ‘RENUM6’ WG would not cover renumbering avoidance methods, ISP renumbering (except the ISP’s role in site renumbering), or IPv4 renumbering. he IPv6 Site Renumbering (6renum) working group has been formed in the Operations and Management Area and the full charter is at http://datatracker.ietf.org/wg/6renum/charter/.]]> 610 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-fellows-bring-first-hand-experience-of-standards-processes-to-developing-countries/ Wed, 06 Jul 2011 17:17:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=617 IETF 80 First-time Fellows Roman Arcea (Moldova) Mentor: Jean-Michel Combes Paventhan Arumugam (India) Mentor: Marcelo Bagnulo Braun Luis Balbinot (Brazil) Mentor: Juergen Quittek Suhaidi Hassan (Malaysia) Mentor: Fernando Gont

IETF 80 Returning Fellows

Zartash Afzal Uzmi (Pakistan) Palanivelan Appanasamy (India) Azael Fernandez Alcantara (Mexico) Fernando Gont (Argentina) Idris A. Rai (Tanzania, United Republic of)]]> 617 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/bufferbloat-dark-buffers-in-the-internet/ Wed, 06 Jul 2011 17:18:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=621 http://rescomp.stanford.edu/~cheshire/rants/Latency.html), “Making more bandwidth is easy. Once you have bad latency, you’re stuck with it.” Bufferbloat is the existence of excessively large (bloated) buffers in systems, particularly network communication systems. Bufferbloat is now (almost?) everywhere. Today’s routers, switches, gateways, broadband gear, and so on have bloated buffer sizes to where we often measure latency in seconds, rather than microseconds or milliseconds. Telephone standards for maximum desirable latencies are in the 150–200 ms range, and human perception for some latency is as low as 10 ms. You can never get that time back. Any unnecessary latency beyond the minimum imposed by the speed of light is too much. Although some buffering is required to smooth bursts in communications systems, we’ve lost sight of fundamentals: packet loss is (currently) the only way to signal congestion in the network, and congestion-avoiding protocols such as TCP rely on timely congestion notification to regulate their transmission speeds. What happens when we put large or truly bloated buffers into our systems, in a misguided attempt to avoid all packet loss, or when we aim to eke out almost unmeasurable increases in performance on an artificial benchmark, or just because the buffer memory doesn’t cost us anything and happens to be there? Really bad things happen (see http://gettys.wordpress.com/2010/12/06/whose-house-is-of-glasse-must-not...), as John Nagle’s cogent explanation, RFC 970 (from 1985!), describes: A datagram network with infinite storage, first-infirst- out queuing, and a finite packet lifetime will, under overload, drop all packets. Some of the buffers we now observe in the Internet are effectively infinite in size. More is not necessarily better. More is often worse. Not all packet loss is evil: some packet loss can be essential for correct operation. But once your bloated buffers fill, there’s no timely congestion notification by packet loss or explicit congestion notification (ECN), and eliding notification has destroyed the congestion avoidance servo loop in transport protocols. Only the buffers on either side of the bottleneck (lowest bandwidth) link fill, and if those buffers are not managed, they can and do fill completely, inducing much higher packet loss than that you attempted to avoid. Other buffers in the path, remaining nearly empty, remain dark and undetectable. Bufferbloat induces painful latencies for you and all others who share your network path. Any application that saturates a link with bloated buffers can induce bufferbloat pain: uploading videos to YouTube, emailing messages with large images attached, backing up large files or file systems, downloading large files, such as ISO images, a Linux distribution image, or a movie via Bittorrent, watching Netflix, and even visiting certain kinds of webpages can all fill these buffers. Any semblance of interactivity of your network is gone; any hope for good teleconferencing or voice over IP, or fragging your opponent before they frag you, is lost. Even Web browsing becomes painful, and applications often fail entirely. Wonder no more why your network connections are so poor. This is why the “Internet is slow today” refrain is so common. With modern TCP stacks (almost everything except Windows XP), even a single TCP transfer can induce bufferbloat suffering. The problem is not limited to TCP; UDP-based protocols are equally capable of filling bloated buffers. But you never see these buffers until they start to fill, and you can observe them only indirectly; they are “dark buffers” — like dark matter in the universe. Last year the ICSI Netalyzr group proved that our broadband Internet technologies—cable, DSL, and FIOS alike—suffer badly from bufferbloat. And bufferbloat isn’t confined to these technologies, but has also infected our home routers, 3G networks, and even our operating systems (seehttp://conferences.sigcomm.org/imc/2010/papers/p246.pdf). For example, Linux typically has at least two major contributors to bufferbloat—the network stack’s transmit queue and the ring buffers in the device driver—but several more places exist where buffers can hide. These buffers are often hundreds of packets in size on modern hardware, and we can find such large transmit rings on similar hardware on other operating systems. They might lurk in line cards in network gear, in modems, or elsewhere —the hiding places are endless. Bufferbloat also infects many of our corporate and ISP networks. I believed we had solved congestion problems for Internet routers with the development of active queue management (AQM) algorithms such as random early detection (RED; see www. icir.org/floyd/papers/early.pdf), but the cottage industry of more than 100 papers on tuning RED proves this belief incorrect. Classic RED 93 can’t solve our wireless problems. Although failing to use AQM when possible might be misguided, all those RED tuning papers help us understand why some network operators (both corporate and public) do not trust RED and are reluctant to enable it. Won’t adding more bandwidth help? Usually not. Buffering has been growing, frequently faster than bandwidth, over generations of often upward-compatible technologies. Plug a current device into a previous generation link, and your buffers become insanely large, even in the rare case those buffers were static sized “correctly.” They will then be sized for maximum theoretical bandwidth over maximum latency paths, often much larger than you will ever experience. Yet the actual bandwidth available varies, often by orders of magnitude. This demonstrates that a single static answer seldom exists regarding the correct buffer size in any system. Adding bandwidth can even make your suffering worse: for example, if you have more broadband bandwidth than 802.11 bandwidth, the bottleneck shifts to that hop, where your laptop and home router bufferbloat is often even worse than in the broadband link. Now those “dark buffers” cause your pain. We must systematically stamp out bufferbloat wherever it occurs in our systems by managing buffers at all times wherever they appear. We can mitigate the worst bufferbloat by eliminating the grossly mis-sized static buffers, but actual solutions require serious work, further research, and the use of some form of AQM, in its most general sense. We’re also rapidly destroying TCP slow start, with independent changes by both Web server and Web browser. I even fear for the Internet’s stability. We have a large mess on our hands that spans hardware, software, firmware, operating systems, home routers, broadband, 3G, 802.11, and just about everywhere I have looked. We’re all in this bloat we built together, and had better work together to row to shore quickly. Dark storm clouds surround us. Only together will we shine a light on all the dark buffers hidden in the Internet. I’ve been drawing together experts across all these problems at bufferbloat.net—please help out.]]> 621 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/technical-plenary-tackles-role-of-ietf-in-application-protocols/ Wed, 06 Jul 2011 17:18:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=624 624 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-panel-debates-metrics-for-ipv6-progress/ Wed, 06 Jul 2011 17:19:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=628 Read more…]]> 628 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-july-2011/ Wed, 06 Jul 2011 17:20:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=630 rfc-interest@rfc-editor.org) as well as within the IAB, reflects a year of experience with RFC 5620 (RFC Editor Model Version 1). That document is being edited by Joel Halpern. With respect to the evolution of the IANA function, the IAB provided comments in response to the National Telecommunications and Information Association’s Request for Comments on the IANA Functions. It also published RFC 6220: Defining the Role and Function of IETF Protocol Parameter Registry Operators. Kudos to the RFC Editor team for handling the expedited publication, despite the compressed time frame. As I write this, the IAB has just completed its annual retreat, held 12–13 May 2011 at Verisign in Sterling, Virginia, USA. Danny McPherson handled the logistics. The major focus of the retreat was the IAB’s work plan for the next 12 months and the refinement of the programme structure laid out by the IAB a year ago. In the next edition of the IETF Journal, we will talk about the retreat in more detail.

References

Privacy Workshop position papers, slides and minutes: http://www.iab.org/about/workshops/privacy/ Smart Objects Workshop agenda, position papers, and presentation slides:http://www.iab.org/about/workshops/smartobjects/ RSOC appointment: http://www.ietf.org/mail-archive/web/ietf-announce/current/msg08652.html The RFC Editor Model (Version 2): http://tools.ietf.org/html/draft-iab-rfc-editor-model-v2 RFC-Interest list: https://www.rfc-editor.org/mailman/listinfo/rfc-interest The NTIA “Request for Comments on the IANA Functions”:http://www.ntia.doc.gov/frnotices/2011/fr_ianafunctionsnoi_02252011.pdf The IAB response to NTIA: http://www.ntia.doc.gov/comments/110207099-1099-01/attachments/IAB%2DIANA%2DNOI%2Edoc Other responses: http://www.ntia.doc.gov/comments/110207099-1099-01/ IAB Programs and Initiatives: http://www.ietf.org/mail-archive/web/ietf-announce/current/msg07731.html IETF 80 proceedings: https://datatracker.ietf.org/meeting/80/materials.html]]> 630 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-july-2011/ Wed, 06 Jul 2011 17:21:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=633 http://www.ietf.org/meetings/meetings.html. I look forward to seeing you there.]]> 633 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/securing-bgp-and-sidr/ Wed, 06 Jul 2011 17:21:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=637 Supporting Attestations about Addresses through the Resource Public Key Infrastructure (RPKI) Prior work in the area of securing the Internet’s routing system has focused on the operation of the Border Gateway Protocol (BGP) in an effort to secure the operation of the protocol, and validate, as far as is possible, the contents of BGP Update messages. Some notable contributions in more than a decade of study include Secure-BGP (S-BGP) [sBGP], Secure Origin BGP (soBGP) [soBGP], Pretty Secure BGP (psBGP) [psBGP], IRR [IRR], and the use of an AS RR in the DNS, signed by DNSSEC [DNS]. The common factor in this prior work was that they all required, as a primary input, a means of validating basic assertions relating to origination of a route into the inter-domain routing system: that the IP address block and the AS numbers being used are valid and that the parties using these IP addresses and AS numbers in the context of routing advertisement are properly authorized to so do. The approach adopted by SIDR for the way in which trust is formalized in the routing environment is through the use of Resource Certificates. These certificates are X.509 certificates that conform to the PKIX profile [PKIX]. They also contain an extension field that lists a collection of IP resources (IPv4 addresses, IPv6 addresses and AS Numbers) [RFC3779]. These certificates attest that the certificate’s issuer has granted to the certificate’s subject a unique “right-of-use” for the associated set of IP resources, by virtue of a resource allocation action. This concept mirrors the resource allocation framework of the IANA (Internet Assigned Numbers Authority), the regional Internet registries (RIRs), operators and others, and the certificate provides a means for a third-party (relying party) to formally validate assertions related to resource allocations [sidr-arch]. The hierarchy of the RPKI is based on the administrative resource allocation hierarchy, where resources are distributed from the IANA to the RIRs, to Local Internet Registries (LIRs) and end users. The RPKI mirrors this allocation hierarchy with certificates that match current resource allocations (Figure 1). The Certification Authorities (CAs) in this RPKI correspond to entities that have been allocated resources. Those entities are able to sign authorities and attestations, and to do so they use specific purpose End Entity (EE) certificates. This additional level of indirection allows the entity to customize each issued authority for specific subsets of number resources that are administered by this entity. Through the use of single-use EE certificates, the issuer can control the validity of the signed authority through the ability to revoke the EE certificate used to sign the authority. As is often the case, a level of indirection comes in handy. Signed attestations relating to addresses and their use in routing are generated by selecting a subset of resources that will be the subject of the attestation, by generating an EE certificate that lists these resources, and by specifying validity dates in the EE certificate that correspond to the validity dates of the authority. The authority is published in the entity’s RPKI repository publication point. The RPKI makes conventional use of Certificate Revocation Lists (CRLs) to revoke certificates that have not expired, but which are no longer valid. Every CA in the RPKI regularly issues a CRL according to the CA’s declared CRL update cycle. A CA certificate may be revoked by an issuing authority for a number of reasons, including key rollover, the reduction in the resource set associated with the certificate’s subject, or termination of the resource allocation. To invalidate an object that can be verified by a given EE certificate, the CA that issued the EE certificate can revoke the corresponding EE certificate. The RPKI uses a distributed publication framework, wherein each CA publishes its products (including EE certificates, CRLs and signed objects) at a location of its choosing. The set of all such repositories form a complete information space, and it is fundamental to the model of securing BGP in the public Internet that the entire RPKI information space is available to every Relying Party (RP). It is the role of each RP to maintain a local cache of the entire distributed repository collection by regularly synchronizing each element in the local cache against the original repository publication point. To assist RPs in the synchronization task, the each RPKI publication point uses a manifest. A manifest is a signed object that lists the names (and hash values) of all the objects published at that publication point. It is used to assist RPs to ensure that they have managed to synchronize against a complete copy of the material published at the CA’s publication point. The utility of the RPKI lies in its ability to validate digitally signed information and, therefore, give relying parties some confidence in the validity of signed attestations about addresses and their use. The particular utility of the RPKI is not as means of validation of attestations of an individual’s identity or their role, but as a means of validating their authority to use IP address resources. While it is possible to digitally sign any digital object, it has been suggested that the RPKI system uses a very small number of standard signed objects that have particular meaning in the context of routing security.

Securing Route Origination

The approach adopted by SIDR to secure origination of routing information is one that uses a particular signed authority, a Route Origination Authorization (ROA) [ROA]. An ROA is an authority created by a prefix holder that authorizes an AS to originate one or more specific route advertisements into the inter-domain routing system. An ROA is a digital object formatted according to the Cryptographic Message Syntax specification (CMS) [RFC 3852] that contains a list of address prefixes and one AS number. The AS is the specific AS being authorized to originate route advertisements for one or more of the address prefixes in the ROA. The CMS object also includes the EE resource certificate for the key used to verify the ROA. The IP Address extension in this EE certificate must encompass the IP address prefixes listed in the ROA’s contents. The ROA conveys a simple authority. It does not convey any further routing policy information, nor does it convey whether or not the AS holder has even consented to actually announce the prefix(es) into the routing system. The associated EE certificate is used to control the validity of the ROA and the CMS wrapper is used to bind the ROA and the EE certificate within a single signed structure in a secure fashion. There is one special ROA, one that authorizes AS 0 to originate a route. This is a “negative” authority, used to indicate that no AS has authority to originate a route for the address prefix(es) listed in the ROA. If the entire routing system were to be populated with ROA’s, then identification of an invalid route advertisement would be directly related to detection of an invalid ROA or a missing ROA. However in a more likely scenario of partial use of ROA’s (such as when only some legitimate route originations are authorized in a ROA), the absence of an ROA cannot be interpreted simply as an unauthorized use of an address prefix. This leads to the use of a tri-state validation process for routes. If a given route matches exactly the information contained in an ROA whose EE certificate can be validated in the RPKI (a “valid” ROA) then the route can be regarded as a “valid” origination. Where the address prefix matches that in a valid ROA, but the origination AS does not match the AS number in the ROA, and there are no other valid ROAs that explicitly validate the announcing AS, then the route can be considered to be “invalid”. Also, where the address prefix is more specific than that of a valid ROA, and there are no other valid ROAs that match the prefix, then the route can also be considered “invalid”. Where the prefix in a route is not described in any ROA and is not a more specific prefix of any ROA, then the route has an “unknown” validation outcome. These three potential outcomes can be considered a set of relative local preferences. Routes whose origin can be considered “valid” are generally proposed to be preferred over routes that are unknown, which, in turn, can generally be preferred over routes that are considered invalid. However, such relative preferences are a matter to be determined by local routing policy. Local policies may choose to adopt a stricter policy and, for example, discard routes with an invalid validation outcome [sidr-roa-validation]. The way in which ROAs are used to validate the origin of routes in BGP differs from many previous proposals for securing BGP. In this framework the ROAs are published in the RPKI distributed repository framework. Each RP can use the locally cached collection of valid ROAs to create a validation filter collection, with each element of the set containing an Address, prefix size constraints and an originating AS. It is this filter set, rather than the ROAs themselves that are fed to the local routers [sidr-rpki-router]. (An example of the way in which ROAs can be used to detect prefix hijack attempts is shown in Figure 2). The model of injecting validation of origination into the BGP domain is an example of a highly modular and piecemeal deployment. There are no changes to the BGP protocol for this origin validation part of the secure routing framework. The process of securing origination starts with the address holder, who generates local keys and requests certification of their address space from the entity from whom their addresses were allocated or assigned. With this CA resource certificate, the address holder is then in a position to generate an EE certificate and a ROA that assigns an authority for a nominated AS to advertise a route for an address prefix drawn from their address holdings. The one condition here is that if an address holder issues a ROA for an address prefix providing an authority for one AS to originate a route for this prefix, then the address holder is required to issue ROAs for all the AS’s that have been similarly authorized to originate a route for this address prefix. The address holder publishes this ROA in their publication point in the distributed RPKI repository structure. Relying Parties can configure a locally managed cache of the distributed RPKI repository and collect the set of valid ROAs [rcynic]. They can then, via the dedicated RPKI cache-to-router protocol [rpki-rtr], maintain, on a set of “client” routers the set of address prefix/originating AS authorities that are described in valid ROAs. This information can be used by the BGP-speaking router as an input to the local route decision process. This model of operation supports incremental deployment, wherein individual address holders may issue ROAs to authorized routing advertisements independent of the actions of other address holders. Also, ASs may deploy local validation of route origination independently of the actions of other ASs. And given that there are no changes to the operation of BGP, then there are no complex interdependencies that hinder piecemeal incremental deployment of this particular aspect of securing routing.

Securing Route Propagation—BGPsec

Origin validation as described earlier does not provide cryptographic assurance that the origin AS in a received BGP route was indeed the originating AS of this route. A malicious BGP speaker can synthesize a route as if it came from the authorized AS. Thus, it is very useful in detecting accidental misannouncements, but origination validation does little to prevent malicious routing attacks from a determined attacker. In looking at the operation of the BGP protocol, some parts of the protocol interaction are strictly local between two BGP-speaking peers, such as advising a peer of local attributes. Another part of the BGP protocol is a “chained” interaction, in which each AS adds information to the protocol object. This attribute of a BGP update, the AS Path, is not only useful to detect and prevent routing loops, it is also used in the BGP best path selection algorithm. A related routing security question concerns the validity of this “chained” information, namely the AS Path information contained in a route. Within the operation of the BGP protocol, each AS that propagates an update to its AS neighbours is required to add its AS number to the AS Path sequence. The inference is that at any stage in the propagation of a route through the inter-domain routing system, the AS Path represents a viable AS transit sequence from the local AS to the AS originating the route. This AS Path attribute of a route is used for loop detection. Locally, the AS Path may also be used as an input to a local route policy process, using the length of the AS Path as route metric. Attacks on the AS path can be used to subvert the routing environment. A malicious BGP speaker may manipulate the AS Path to prevent an AS from accepting a route by adding its AS number to the AS Path, or it may attempt to make a particular route more likely to be selected by a remote AS by stripping out AS’s from the AS Path. Accordingly, it is important to equip a secure BGP framework with the ability to validate the authenticity of the AS Path presented in a BGP update [kapela/pilosov]. In attempting to validate an AS path there are a number of potential validation questions. The first and weakest question is, Are all ASs in the AS Path valid ASs? A slightly stronger validation question is, Do all the AS pairs in the AS Path represent valid AS adjacencies (where both ASs in the pair-wise association are willing to attest to their mutual adjacency in BGP)? A even stronger question is, Do the sequence of ASs in the AS Path represent the actual propagation path of the BGP route object? This last question forms the basis for the SIDR activity in defining an AS Path validation framework, BGPsec. This is an attempt to assure a BGP speaker that the operation of the BGP protocol is operating correctly and that the content of a BGP update correctly represents the inter-AS propagation path of the update from the point of origination to the receiver of the route. This is not the same as a policy validation tool and it does not necessarily assure the receiver of the route that this update conforms to the routing policies of neighbouring BGP speakers. This route also does not necessarily reflect the policy intent of the originator of the route. The BGPsec framework proposed for securing the AS Path also makes use of a local RPKI cache, but it includes an additional element of certification. The additional element of the security credentials used here is an extension to the certification of AS numbers with a set of operational keys and their associated certificates used for signing update messages on eBGP routers in the AS. These “router certificates” can sign BGP update attributes in the routing infrastructure, and the signature can be interpreted as being a signature made “in the name of” an AS number. In the BGPsec framework, eBGP speaking routers within the AS have the ability to “sign” a BGP update before sending it. In this case, the added signature “covers” the signature of the received BGP update, the local AS number, the AS number to which the update is being sent, as well as a hash of the public key part of the router’s key pair used to sign route updates. The couplet of the public key hash and the signature itself is added to the BGP protocol update as a BGPsec update attribute. As the update traverses a sequence of transit ASes each eBGP speaker at the egress of each AS adds its own public key hash and digital signature to the BGPsec attribute sequence (Figure 3). This interlocking of signatures allows a receiver of a BGP update to use the interlocking chain of digital signatures to validate (for each AS in the AS Path) that the corresponding signature was correctly generated “in the name of” that AS in the AS path, and that the next AS in the path matches the next AS in the signed material. The “forward signing” that includes the AS to which the update is being sent prevents a man-in-the-middle attack of the form of taking a legitimate outbound route announcement destined for one neighbour AS and redirecting it to another AS. But this signing of the AS Path is not quite enough to secure the route update, as the AS Path needs to be coupled to the actual address prefix by the originator of the route. The route originator needs to sign across not only the local AS and the AS to whom the route update is being sent, but also the address prefix and the expiry time of the route. This allows the path to be “bound” to the prefix and prevents a man-in-the-middle splicing a signed path or signed path fragment against a different prefix. If the signatures that “span” the AS Path in the BGP update can all be validated, then the receiver of the BGP update can validate, in a cryptographic sense, the currency of the routing update. It can also validate that the route update was propagated across the inter-AS routing space in a manner that is faithfully represented in the AS Path of the route. The expiry time of the EE certificates used in conjunction of signed route updates introduces a new behaviour into BGPsec. In the context of BGP, an announced route remains current until it is explicitly withdrawn or until the peer session that announced the route goes down. This property of BGP introduces the possibility of “ghost route” attacks in BGP, wherein a BGP speaker fails to propagate a withdrawal in order to divert the consequent misdirected traffic from its peers. In BGPsec, all route advertisements are given an expiry time by the originator of the route that corresponds to the notAfter time of the EE certificate used to sign the protocol update, after which the route is to be considered invalid. The implication is that an originator of a route is required to re-advertise the route, and refresh the implicit expiry timer of the associated digital signature at regular intervals. This approach to route update validation is not quite the “light-touch” of origination validation. In this case the mechanism requires the use of a new BGP attribute and negotiation of a new BGP capability between eBGP peers. In turn, this means that the model of incremental deployment is one that is more “viral” than truly piecemeal. By “viral” we mean that this is a model of incremental deployment in which direct eBGP peers of a BGPsec-speaking AS will be able speak BGPsec between themselves in a meaningful way. In turn these adjacent AS’s can offer to speak BGPsec with their eBGP peers, and so on. This does not imply that BGPsec deployment must necessarily start from a single AS, but it does imply that communities of interconnected AS’s all speaking BGPsec will be able to provide assurance via BGPsec on those routes originated and propagated within that community of interconnected ASs. It also implies that the greatest level of benefit to adopters of secure BGP will be realized by ASs that adopt BGPsec as a connected community of ASs. There are other changes to the behaviour of BGP that are implied by this mechanism. BGP conventionally permits “update packing” where a number of address prefixes can be placed in a single update message if they share a common collection of attributes, including the AS Path. At this stage it appears that such update packing would not be supported in secure BGP, and each update in secure BGP would refer to a single prefix. Obviously this would have some impact on the level of BGP traffic, but early experiments suggest not at an unreasonable cost. There are further impacts on BGP that have not been fully quantified in studies to date. The addition of a compound attribute of a signature and a public key identifier for every AS in the AS Path has size implications on the amount of local storage a secure BGP speaker will need to store these additional per-prefix per-peer attributes. It has has broader implications if used in conjunction with current proposals for multi-path BGP where multiple paths, in addition to the “best” path are propagated to eBGP peers. Also, the computational load of validation of signatures in secure BGP is significantly higher in terms of the number of cryptographic operations that are required to validate a BGP update. However, BGPsec is not intended to “tunnel” across those parts of the inter-domain routing space that do not support BGPsec capabilities. When an update leaves a BGPsec realm, the BGPsec signature attributes of the route are stripped out, so the storage overheads of BGPsec are not seen by other BGP speakers. Similarly, the periodic updates that result from the expiry timer should not propagate beyond the BGPsec realm. If the boundary is prepared to perform BGP update packing to non-BGPsec peers then even the unpacked update overhead is not carried outside of the BGPsec realm. It is also noted that the “full” load of BGPsec would only necessarily be carried by “transit” ASs; that is, those ASs that propagate routes on behalf of other ASs. Historically we see some 15 percent of ASs are “transit” ASes, while all other ASes behave as “stub” ASes that only originate routes and do not appear to transit routes for others. Such stub ASes can support a “light weight” simplex version of BGPsec that can either point default a default route to its upstream AS provider, or trust its upstream ASs to perform BGPsec validation. In this case the stub AS needs to provide BGPsec signed originated routes to its upstream ASs, but no more.

Conclusion

The work on the specification of the RPKI itself and the specification of origin validation is nearing a point of logical completion of the first phase of standardization within the IETF, and the working draft documents are being passed from the working group into the review process leading to their publication as proposed standard RFCs. The RIRs are in the process of launching their RPKI services based on these specifications and the initial deployment of working code has been made by a number of parties, who are also working on integration of origination validation in BGP implementations. The work on securing the AS Path is at an earlier phase in the development process and the initial design material is being considered by the SIDR Working Group. It is expected to take a similar path of further review and refinement in light of developing experience and study of the proposed approach. The RPKI has been designed as a robust and simple framework. As far as possible, existing standards, technologies, and processes have been exploited, reflecting the conservatism of the routing community and the difficulty in securing rapid, widespread adoption of novel technologies.

Acknowledgements

The work described here is the outcome of the efforts of many individuals who have contributed to securing BGP over a period that now spans two decades, and certainly too many to ensure that all the contributors are recognized here. Instead, the authors would like to acknowledge their work and trust that the mechanisms described here are a faithful representation of the cumulative sum of their various contributions.

References

[sBGP] S. Kent, C. Lynn, and K. Seo, “Secure Border Gateway Protocol (S-BGP),” IEEE Journal on Selected Areas in Communications, vol. 18, no. 4, pp 582-592, April 2000. [soBGP] R. White, “Securing BGP through secure origin BGP,” Internet Protocol Journal, vol. 6, no. 3, September 2003. [psBGP] P. van Oorschot, T. Wan and E. Kranakis, “On Interdomain Routing Security and Pretty Secure BGP (psBGP),” ACM Transactions on Information and System Security, vol. 10, no. 3, July 2007. [IRR] G. Goodell, W. Aiello, T. Griffin, J. Ioannidis and P. McDaniel, “Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing,” Proc. of Internet Society Symposium on Network and Distributed System Security (NDSS‚Äô03), February 2003. [DNS] T. Bates, R. Bush, T. Li and Y. Rekhter, “DNS-based NLRI origin AS verification in BGP,” Internet Draft, July 1998. [PKIX] D. Cooper et al., “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” Request for Comment RFC5280, May 2008. [RFC3779] C. Lynn, S. Kent and K. Seo, “X.509 Extensions for IP Addresses and AS Identifiers,” Request for Comment RFC3779, June 2004. [sidr-arch] M. Lepinski, S. Kent, “An Infrastructure to Support Secure Internet Routing,” work in progress (Internet Draft), February 2008. [sidr-cert-profile] G. Huston, G. Michaelson, R. Loomans, “A Profile for X.509 PKIX Resource Certificates,” work in progress (Internet Draft), September 2008. [ROA] M. Lepinski, S. Kent, D. Kong, “A Profile for Route Origin Authorizations (ROAs),” work in progress (Internet Draft), July 2008. [RFC3852] R. Housley, “Cryptographic Message Syntax (CMS),” Request for Comment RFC3852, July 2004. [sidr-rpki-router] R. Bush, R. Austein, “The RPKI/Router Protocol”, work in progress (Internet Draft), March 2011. [kapela/pilosov] http://www.wired.com/threatlevel/2008/08/revealed-the-in/, August 2008.]]> 637 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2011/ Wed, 06 Jul 2011 17:23:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=641 Securing BGP and SIDR. A new feature in this issue of the IETF Journal is our IETF Ornithology column, which provides an overview of the proceedings and outcomes of the Birds-of-a Feather (BoF) meetings that took place during IETF 80. These are frequently some of the most interesting and accessible meetings for a general observer as participants seek to explain the background to and motivations for new work topics. Jim Gettys has been on the campaign trail since late last year trying to raise awareness of the issues caused by excessively large buffers in network hardware and software. His presentation to the Transport Area Open Meeting during IETF 80 generated a lot of discussion, and we present an article from him on the topic in this issue. You can follow progress on this topic at http://www.bufferbloat.net/. Also in this issue are our regular columns from the IETF and Internet Architecture Board chairs, highlights from the Internet Society panel on metrics for IPv6 deployment, coverage of the hot- topics discussed during the plenary meetings, and an opportunity to get to know the Internet Society Fellowship to IETF 80 Fellows from around the world. As always, we are hugely grateful to all our contributors. Please send comments and suggestions for contributions to future issues to ietfjournal@isoc.org.]]> 641 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-panel-weighs-power-billing-constraints-of-smartphones/ Sun, 06 Mar 2011 19:14:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=779

the power constraints of handheld devices and

the high fees that carriers charge end-users for network- and application-generated events.

These two issues generated the most debate at a panel session entitled “Handheld, Wireless, and Open: Priorities for the Mobile Future Internet” that was sponsored by the Internet Society. The panel was held in Beijing on 9 November, concurrent with the IETF meeting. Moderated by Leslie Daigle, chief Internet technology officer for the Internet Society, the panel considered the impact that a growing number of mobile devices and sensors will have on the Internet infrastructure. “We already have 1.6 billion devices that were used to access the Internet in 2009, including PCs, mobile phones, and online gaming devices,” Leslie said, highlighting the dramatic growth of these devices in China and India. “By 2013, that will grow to an estimated 2.7 billion devices.” Leslie said that most of these new mobile devices will be smartphones, and that smartphone users want to do the same things as PC users, such as using search engines, reading news, downloading music and videos, and exchanging email and instant messages. She asked the panellists to consider ways in which smartphones challenge traditional thinking about how Internet hosts and applications should behave. “Smartphones are becoming more and more smart and are having more and more advanced services,” said Stefano Faccin, a standards manager with Research in Motion. He added that while smartphones are getting more powerful, they still have some constraints. “Bandwidth is not unlimited. It will not be unlimited for a long time especially for cellular networks . . . but it will need to reach these devices at all times for a variety of services.” Stefano pointed out that the number of wireless sensors connected to the Internet also will rise. This means the Internet will have to support both really smart mobile devices and really dumb sensors. “These devices will have different usage models and different networking issues,” Stefano said. “The future Internet will have to cater to both types of devices even if their needs are totally different.” Ted Hardie, managing director for Panasonic’s Wireless Research Laboratory, said power management is a key issue for future Internet applications to consider. He pointed out that as smartphones and other handheld devices function more like PCs, this trend will put strain on mobile operators, who have limited network spectrum, and on end-users, who have limited power. “Users expect their mobile devices will behave as their wired devices behave,” Ted said, adding that the challenge for the Internet engineering community is “how we can deliver on that expectation perhaps in ways that don’t mimic the ways we did in the past.” Dave Thaler, a software architect in the Windows Networking and Devices Division at Microsoft, pointed out that in a power-constrained environment, wireless device users might not want to be reachable by all applications or all users. “I don’t want to consume battery unless it’s most important,” Dave explained. Hui Deng, deputy principle staff of China Mobile Research Institute, says this issue arises when mobile operators wake up a mobile device from its idle stage to activate a service. He said these decisions about waking up devices that occur in mobile application design and mobile network design also relate to the power consumption rates experienced by users. Dave also focused on an issue he calls “bill shock,” when end-users are hit with large and unexpected charges while in roaming mode. Dave says designers of mobile networks and applications need to take billing into consideration so they can help prevent such scenarios as when an end-user inadvertently downloads a software update while in roaming mode, rather than doing it when connected to a cheaper Wi-Fi connection. “The user needs to be in control because the user is paying the bill,” Dave said. “If something is going to affect the bill, you should expose that to the users.” Ted said end-users should have the ability to establish policies about the inbound messages they want to receive when they are in battery or roaming mode so that they can limit the ones that are going to cost more money. Panellists agreed that the Internet engineering community will need to deal with power management and billing issues related to mobile devices for the foreseeable future. “I think we’re going to be stuck with the power issue for a long time,” Stefano said. “Yes, the battery technology is improving dramatically, but at the same time a lot of the developments require more and more computational power . . . As long as certain mobile operators are going to have to pay so much for the frequency, we’re going to have to be stuck with [bill shock] for quite a while.”]]> 779 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-march-2011/ Sun, 06 Mar 2011 19:15:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=781

Scalable, Adaptive Multicast RG

Host Identity Payload RG

Delay Tolerant Networking RG

Virtual Networks RG

The RFC Editor published an RFC from the Peer-to-Peer RG, RFC 6029: A Survey on Research on the Application-Layer Traffic Optimization (ALTO) Problem. Internet drafts from the Routing, Mobility Optimization, and Internet Congestion Control RGs are nearing publication. An email list has been created for discussion of topics related to the IRTF, specifically including discussion of the creation of new RGs. The list is irtf-discuss@irtf.org and the subscription page is here. Two new topics continue to be discussed as possible RGs. The first is machine learning and communications systems (as described in draft-tavernier-irtf-lccn-problem-statement-00.txt), which focuses on how learning algorithms can be utilized within network nodes or collections of network nodes to adapt their behaviour in response to external events, such as traffic or failure conditions. The second is the “Internet of Things.” Topics of interest in this area include building networks, emergency networks, and naming services, among others. As a postscript to my report from IETF 79, I would like to add an update on the role of IRTF chair. On 29 November 2010, the Internet Architecture Board (IAB) announced the selection of Dr. Lars Eggert as the new IRTF chair. Lars is a principal scientist at Nokia Research Center in Helsinki, Finland, and a member of Nokia’s CEO Technology Council. He is also an Adjunct Professor at Aalto University. Lars has worked on research projects ranging from internetwork architecture, transport protocols, virtual networks to resource scheduling. He is a senior member of the ACM and the IEEE, an individual member of the Internet Society, and an active participant in the IRTF and IETF, where he currently serves as area director of the Transport Area. Lars serves on the programme committees of several ACM and IEEE conferences and workshops as chair and member, such as IEEE Infocom. Before joining Nokia in 2007, Lars was a senior researcher at the NEC Network Laboratories in Heidelberg, Germany. He received a Ph.D. in Computer Science in the fall of 2003 from the University of Southern California (USC) where he was a graduate research assistant at USC’s Information Sciences Institute (ISI). Lars will start his role as IRTF chair during the IETF 80 week. He brings a wealth of leadership experience in Internet research and engineering and will be an excellent chair of the IRTF. Welcome, Lars!]]> 781 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-march-2011/ Sun, 06 Mar 2011 19:16:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=783 Internet Architecture Board) IAB chair, during the press conference. I am well aware that with this text I am preaching to the choir, but it is an example of the kind of evangineering that the IAB gets into now and then. The allocation of the final IPv4 free address blocks to the regional registries is both a significant and an insignificant event. It is significant in that this moment has long been anticipated. The IETF, the standards organization for Internet protocols, started to work on an IPv4 successor almost 20 years ago, and IPv6 as we know it today was standardized 15 years ago and has matured ever since. This event is insignificant in that next week the Internet will not be significantly different than it was a week ago. If we would run out of license plates there would not be any impact on our driving. Similarly, there will not be any notable short-term effects caused by the exhaustion of the IPv4 free address pool. Therein lies a danger. In the long term the application providers (and their clients) that utilize IPv4 addresses are likely to encounter issues because of the many kludges needed to keep those apps running. Meanwhile, applications that can communicate over IPv6 enabled networks will be more likely to encounter transparent end-to-end communication, enabling the continued development of innovative applications and services. Suppose that you would compare the Internet of today with the Internet in 10 years. If we continue to remain dependent on IPv4 we will need to spend increasing resources operating an increasingly brittle and nontransparent network incorporating NATs, ALG, CGNs, and other mechanisms needed to help the IPv4 network keep up with demand. Such an Internet is likely to grow increasingly less capable in serving our needs than it is today. Rather than maintaining the “status quo”, the IPv4 Internet is likely to degenerate. On the other hand, with an IPv6 based Internet endless possibilities lie ahead, because every human on this planet, and their gadgets, will be able to communicate, play, do business, and supply services. That type of explosive growth of the Internet can only continue with the larger address space that IPv6 offers. The transition to IPv6 will not be effortless and requires the attention of equipment vendors, ISPs, CTOs and CEOs, system – and network administrators, content providers, etc, etc. However, my mother, my neighbors and my kids should never notice. They will continue to be delighted by ongoing innovation and expanded services made possible by the architecture of the IPv6 Internet.]]> 783 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-march-2011/ Sun, 06 Mar 2011 19:16:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=785 here. I look forward to seeing you there.]]> 785 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2011/ Sun, 06 Mar 2011 19:17:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=787 last issue of the IETF Journal went to press, the Internet passed a major milestone in its journey from research network to preeminent global communications medium. The final blocks of unicast IPv4 address space were allocated to the Regional Internet Registries on 3 February 2011. In this issue, Internet Architecture Board (IAB) chair Olaf Kolkmangives us his statement at this juncture in Internet history. During IETF 79, the Internet Society hosted a panel discussion on the topic “Handheld, Wireless, and Open: Priorities for the Mobile Future Internet.” The diversity of devices now connecting to the Internet is creating new challenges for engineers, operators and users alike. We present a snapshot of the event itself here and on we have a more detailed reflection from Leslie Daigle on some of the issues raised by “The Untethered Future of the Internet.” In addition to our other regular features, we include an opportunity to get to know the Internet Society Fellows who attended IETF 79 as well as an in-depth look at the challenges being faced by operators in the presence of IPv4 address depletion and the need to deploy IPv6 throughout their service portfolio. Finally, Christian Jacquenet gives us some valuable insight into France Telecom’s recent progress with IPv6 deployment. As usual, sincere thanks to all our contributors. We invite you to send comments and suggestions for future issues to ietfjournal@isoc.org.]]> 787 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-8/ Thu, 06 Oct 2011 16:51:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=549 CatharusDescription: This was a Working Group-forming BoF meeting to gauge momentum and interest in working on protocols and other specifications for providing a general- purpose reputation framework. In the open Internet, making a meaningful choice about the handling of content requires an assessment of its safety or trusworthiness. This is based on a trust metric for the owner (identity) of an identifier associated with the content, to distinguish (likely) good actors from bad actors. The generic term for such information is reputation. This working group would develop mechanisms for reputation reporting by independent services. One mechanism would be for a basic assessment of trustworthiness. Another would provide a range of attribute/value data that is used as input to such an assessment. Proceedings: http://www.ietf.org/proceedings/81/repute.html Outcome: Discussion was rather wide-ranging during the meeting but focused down to working specifically on reputation services for email. Several concerns were expressed about the complexity of this work if not very narrowly focused, and the fact that prior work in this space hasn’t gained traction historically. Nonetheless, people are interested in doing the work and there were a lot of people interested in seeing the output, so chartering discussions for a Working Group will continue. MULTRANS—Multicast Transition Description: This BoF meeting considered the question of how to devise the means whereby existing multicast mechanisms can operate successfully when signaling and content must traverse one or more IP version boundaries. Proceedings: http://www.ietf.org/proceedings/81/multrans.html Outcome: The BoF identified the concrete scenarios that were of most importance, namely IPv4 sources with both IPv4 and IPv6 receivers to support IPTV applications. The discussion concerning whether or not these applications are required to work interdomain did not conclude. Several gaps in understanding were identified and the existing list of requirements needs further work and input. The meeting did not reach the point of considering the question of whether a Working Group could be formed, so a second BoF meeting during IETF 82 seems likely. CICM—Common Interface to Cryptographic ModulesCanada Goose Description: The Common Interface to Cryptographic Modules (CICM) (pronounced kick-em) defines an abstract API for the security services provided by cryptographic modules developed by multiple vendors. The API is intended to support high assurance cryptography, security domain separation, and enhanced module, key, and channel management capabilities that are vendor neutral. The purpose of a CICM Working Group would be to publish an API for high assurance cryptographic devices and to provide guidance for any new submissions related to high assurance cryptos. Proceedings: http://www.ietf.org/proceedings/81/cicm.html Outcomes: It wasn’t clear from the presented materials how this work could fit in the IETF, and the question of whether it would be a better fit for the IRTF was raised. Significant charter reworking is required and more detailed elaboration of how the proposed work could impact on existing IETF protocols. WOES—Web Object Encryption and Signing Description: Javascript Object Notation (JSON) is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services such as encryption, digital signatures, and message authentication codes (MACs) for data that is being carried in JSON format. Different proposals for providing such security services have already been defined and implemented. This proposed Working Group’s task is to standardize two security services, integrity protection (signature and MAC) and encryption, in order to increase interoperability of security features between protocols that use JSON. The Working Group would base its work on well-known message security primitives (e.g., CMS), and would solicit input from the rest of the IETF Security Area to be sure that the security functionality in the JSON format is correct. Proceedings: http://www.ietf.org/proceedings/81/woes.html Outcome: This BoF meeting went very well. There was clear consensus about the work plan and very little controversy on the points raised. A draft charter for the WG, to be called JavaScript Object Signing and Encryption (JOSE), was submitted to the community for review on 30 August. This article was posted on 27 October 2011 .]]> 549 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-fellows-to-the-ietf-increase-participation-on-a-global-scale/ Thu, 06 Oct 2011 16:52:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=551 https://www.isoc.org/leaders or email leaders@InternetSociety.org for more information and an application. This article was posted on 27 October 2011 .]]> 551 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/new-technology-demo-pcp/ Thu, 06 Oct 2011 16:58:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=557 The Port Control Protocol demo staff (Photo credit: Yannick Grandmont/Internet Society) Several organizations collaborated to carry out the Port Control Protocol (PCP) demonstrations during the IETF Quebec City meeting. PCP is a simple, flexible, lightweight protocol that is being designed by the IETF to address some of the issues raised by the forthcoming IPv6 transition period where access to some legacy IPv4 content requires the control of firewall or network address translator capabilities for the dynamic allocation of transport-layer port numbers. The demonstration was inspired by the IETF mantra of “rough consensus and running code” to expose IETF technologies to real operator requirements and scenarios, and to develop the technology innovation and provide feedback to the IETF community. Figure 1: Functional Picture One demonstration consisted of a Universal Plug-n-Play (UPnP) to PCP interworking function (http://data- tracker.ietf.org/doc/draft-bpw-pcp-upnp-igd-interworking) that has been implemented in a Customer Premises Equipment (CPE) device provided by France Telecom Orange while the PCP server was implemented in Huawei’s NE40E router that also supports Dual-Stack Lite (DS-Lite) and Carrier Grade NAT (CGN) capabilities. The Internet Gateway Device (IGD) machinery is used between computer and UPnP/IGD to request the allocation of a port number to the CPE so that a pinhole can be created accordingly to allow access to the content requested by the terminal from the Internet. The demo has proven the capability of PCP after only a few months of IETF specification effort. This demo provided the first experimental implementation of draft-ietf-pcp-base-12 and draft-bpw-pcp-upnp-igd-interworking-02. It was a pioneering effort and helped to inspire thought and discussion leading to a better deployment of this technology. The first demonstration scenario comprised two computers, both with BitTorrent file-sharing software installed and both connected to two different CPEs, so that the terminals could display in real time the difference between BitTorrent clients with and without UPnP-PCP interworking functions supported for file-exchange purposes. The BitTorrent software of one computer either randomly selects a port number or uses the port number specified by the user to listen on. The computer then uses UPnP/IGD to interact with the CPE. With a pinhole assigned by the CGN, access to the BitTorrent client from the Internet is made possible. Compared to a second computer without a pinhole assigned on the CGN, the first BitTorrent client often had a faster download speed because when clients can be accessed remotely they are able to see more peers, thereby improving file- sharing performance. Figure 2: Demo Topology Picture In the second demonstration scenario, the CPE requested several sets of noncontiguous ports (utilizing draft-tsou-pcp-natcoord-03 and draft-zhou-softwire-b4-nat-02). Upon receipt of the corresponding PCP request sent by the client, the PCP server requested the CGN to assign port forwarding and to bypass NAT on the requested port ranges. The NAT function was performed on the CPE from this point forward, thus reducing the NAT processing requirement on the CGN router.

Xiaohong Deng, France Telecom (left), talks Port Control Protocol with Tobias Gondrom.

In the third scenario, users were given the ability to form the PCP request from a specific web portal—this reflects a context in which the customer is offered the capability to explicitly request the port number(s) needed to ensure that their content, maintained in their premises, can be accessed from the Internet. Once the port number request has been fulfilled, the PCP Client embedded in the CPE then forwards the corresponding PCP Request message to the PCP server. Different options within the PCP packet can be set dynamically. A further demonstration, provided by China Telecom, showcased Light- weight 4over6 (http://tools.ietf.org/html/draft-cui-softwire-b4-translated-ds-lite-01). This is an IPv4/IPv6 transitional solution developed by China Telecom, which uses the PCP protocol to dynamically allocate port-restricted addresses to subscribers. Through this approach, users in the demo room can simultaneously access IPv4 and IPv6 services over an IPv6-only access network. In order to reduce the volume of state that must be maintained in the network, the Lightweight 4over6 approach maintains the NAT capabilities on the client. The core network need only maintain per-subscriber state instead of per-session state, thus the workload of the core network can be reduced significantly.

Port Control Protocol demo staff John Wang (left) and Susan Hares (right), Huawei Technologies Canada.

Internet Systems Consortium demonstrated a PCP server controlling a software-based DS-Lite CGN running on a commodity Linux netbook. An OpenWrt-based CPE provided the UPnP-IGD and NAT-PMP Inter- working Functions. An unmodified BitTorrent client was used to demonstrate the interworking function, while a modified BitTorrent client demonstrated an application- based PCP client communicating directly with the PCP server to request port mappings. The PCP-enabled BitTorrent client was also used to perform basic interoperability testing with the Huawei PCP server, the first time such interoperability testing has been attempted. Demonstration team personnel included: France Telecom Orange: Christian Jacquenet, Xiaohong Deng, Mohamed Boucadair, Gu Daqing, Wang Lan Huawei Technologies Canada: Susan Hares, Tina Tsou, Thomas Zhang, Cathy Zhou, John Wang, Victor Marin, Bill Weng, David Gao, Gary Jan ISC: Francis Dupont, Paul Selkirk China Telecom: Chongfeng Xie, Qiong Sun]]> 557 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-plenary-tackles-ipv6-privacy-issues/ Thu, 06 Oct 2011 17:01:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=561 www.cisco.com via IPv6. Even better, the company saw zero tech support calls related to World IPv6 Day. As a result of this positive experience, Cisco left one of its Web sites—www. scansafe.com—up in dual-stack mode when the event ended. “Cisco customers and users are more interested in IPv6 than the broader population of users,’’ said Cisco Fellow Mark Townsley, who pointed out that 2.26 percent of the company’s logged- in users on World IPv6 Day had IPv6 capabilities. Privacy Panel Jens Grossklags, assistant professor at Pennsylvania State University’s College of Information Sciences and Technology, kicked off the privacy panel with a discussion of several experiments that he has conducted on how privacy concerns impact consumer behavior. Grossklags has discovered that whether people were identified as privacy fundamentalists, profiling concerned, identity concerned or unconcerned about privacy, they gave away more information about themselves online than they had anticipated. “Across all scenarios, the degree of information revelation is higher than you would expect from a rational consumer,’’ he said, adding that privacy is about “hard decision making over time, with actions now having consequences later.’’ In one experiment, Grossklags discovered that user attitudes were affected when consumers received before and after notifications with warnings about the risks of downloading software. However, when he paid people to download unknown executables, they were willing to forego their privacy concerns. “People who should have known better participated once the price was right,’’ he said. “Seventy percent of the participants knew it would be dangerous to download unknown programmes, but all of them did it anyway.’’ His takeaway is that users are subject to immediate gratification, and that the users with more protection such as antivirus software are more likely to take risks, such as downloading executables, than those who are unprotected. Fred Carter, senior policy and technology advisor for the Office of the Information and Privacy Commissioner for Ontario, gave a regulator’s perspective on information privacy issues. He said the key issues around information privacy online were minimizing the use, sharing, and collection of personally identifiable information (PII), thereby enhancing data security and engaging individuals in managing their own PII. Carter discussed the concept of “Privacy by Design,’’ which has been adopted by privacy regulators worldwide. Privacy by Design has seven foundational principals, which include having privacy as a default setting, offering full functionality along with privacy, and providing visibility and transparency about information gathering. Privacy by Design “is gaining ground as a high-level normative framework,’’ Carter says. “Work is still needed on how to operationalize it and apply it to information infrastructures, networked [systems], and related engineering standards.’’ Carter urged IETF participants to consider the Privacy by Design framework in protocol design. “The next stage is to have people like yourselves apply it to particular cases and teach us what the best practices are,’’ he added. Andy Zeigler, a programmes manager with Microsoft’s Internet Explorer team, gave IETF participants background on privacy-related issues that have cropped up for browser makers with such technologies as CSS 2.1 and geolocation. “Privacy risks exist in most technologies, even ones that might appear to have little risk,’’ Zeigler said, pointing out that its best to take privacy into consideration when authoring specifications. “Privacy risks can be very difficult to fix after a spec is implemented.’’ Zeigler discussed how users are surreptitiously tracked as they browse the Web and that there are many benefits to this tracking, including personalization. “The problem is the ownership and control of the information,’’ he said. Zeigler pointed out that Microsoft was an early adopter of privacy controls with its support of the W3C’s P3P standards. But P3P proved to be too complex for users, too simple for nuanced business relationships, and was not being implemented by many Web sites. Today, Microsoft is supporting the idea of Tracking Protection Lists, which block tracking content, in IE9. This version of its Web browser also supports the “Do Not Track” header for HTTP. To wrap up the privacy panel, Alissa Cooper described the IAB’s Privacy Programme, which aims to develop privacy thinking within the technical standards community. Cooper outlined an approach to protocol design that would involve systemic privacy threat modeling similar to how security considerations are taken into account during the standards development process. Cooper outlined several challenges for IETF participants as they scope privacy threats, including the diversity of user privacy preferences, a lack of incentives for supporting privacy features, and the fact that common practices or laws might dictate the emphasis for online privacy. “One of the big questions that we are trying to grapple with is how do we become more systemic at building threat models for privacy,’’ Cooper said. “That begs the question of how to decide what threats are in scope and what threats are not in scope.’’ Cooper asked participants to review a document (draft-morris-privacy-considerations-03) and comment.]]> 561 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-panel-addresses-regulation-innovation-and-the-internet/ Thu, 06 Oct 2011 17:02:46 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=567 567 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-october-2011/ Thu, 06 Oct 2011 17:03:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=569 http://www.ietf.org/proceedings/81/technical-plenary.html IAB Retreat minutes, http://www.iab.org/documents/minutes/minutes-2011/iab- minutes-2011-05-12/ IAB Activities, http://www.iab.org/activities/ IAB response to the IANA FNOI, http://www.iab.org/2011/07/28/iab-responds-to-internet-assigned-numbers-... IAB letter to the European Commission, http://www.iab.org/2011/09/16/iab-sends-letter-to-the-european-commissio... services/ “Some IESG Thoughts on Liaisons,” http://trac.tools.ietf.org/group/iesg/trac/wiki/LiaisonThoughts IAB Response to “IESG Thoughts on Liaisons,” http://www.iab.org/documents/ correspondence-reports-documents/ 2011-2/iab-response-to-some-iesg-thoughts-on-liaisons/ RFC Series Editor Search, http://www.iab.org/2011/07/14/rfc-series-editor-search/ Privacy Workshop Report, http://tools.ietf.org/html/draft-iab-privacy-workshop Smart Objects Workshop Report, http://tools.ietf.org/html/draft-iab-smart-object-workshop IAB Meets with W3C TAG, http://www.iab.org/2011/06/07/iab-meets-with-the-w3c-technical-architect... IAB Response to ARIN, http://www.iab.org/2011/06/27/iab-responds-to-arin-request-for-guidance-...   The Internet Architecture Board is chartered both as a committee of the IETF and as an advisory body of the Internet Society. Its responsibilities include architectural oversight of IETF activities, Internet Standards Process oversight and appeal, and the appointment of the RFC Editor. See http://www.iab.org.]]> 569 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-10/ Thu, 06 Oct 2011 17:04:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=574 Research In Motion (RIM)—convention center facilities were very comfortable and Tuesday evening’s social event at the Musée de la Civilisation was well attended. Comcast and .ca were our sponsors, and Bell and Telus provided network connectivity. Thanks to all for your support. Many working groups made significant progress at IETF 81, and it was a genuine pleasure to see so many talented people engaged and collaborating. Since IETF 80, five working groups (WGs) have been chartered and five have closed—our count remains steady at 121 WGs. Between meetings, the WGs and their individual contributors produced 553 new Internet-Drafts and updated 1,138 existing Internet-Drafts, some more than once. The Internet Engineering Steering Group (IESG) approved 100 Internet-Drafts for publication as RFCs. The RFC Editor published 149 new RFCs. The BEHAVE Working Group has essentially finished its work on mechanisms to help transition from IPv4 to IPv6. I look forward to the day when the vast majority of Internet traffic is using IPv6, and these mechanisms are removed from the Internet. The HOMENET Working Group is an important step in this direction. This new working group is working on specifications for IPv6 for residential networks. The IETF continues to improve its tools. The Datatracker provides a great deal of visibility into the processing of the documents in the IETF stream. The Datatracker was recently extended to include visibility into actions within Working Groups. Over the next few months, it will be further extended to provide visibility into the processing of documents in the IRTF, IAB, and Independent Submission streams. IETF 82 will take place in Taipei, Taiwan, 13–18 November 2011, and will be hosted by the Taiwan Network Information Center (TWNIC). Scheduling information for the upcoming IETF meetings can always be found at http://www.ietf.org/meetings/meetings.html. I look forward to seeing you there. The mission of the Internet Engineering Task Force is to make the Internet work better by producing high-quality and relevant technical documents that influence the way people design, use, and manage the Internet. See http://www.ietf.org.]]> 574 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dane-taking-tls-authentication-to-the-next-level-using-dnssec/ Thu, 06 Oct 2011 17:04:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=577

  Introduction TLS is used as the basis for security features in many modern Internet application service protocols in order to provide secure client-server connections (RFC 5246). It underlies secure HTTP and secure email (RFC 2818, RFC 2595, RFC 3207), and provides hop-by-hop security in real-time multimedia and instant-messaging protocols (RFC 3261, RFC 6120). In all of these applications, the service that the user ultimately wants to connect to is identified by a DNS domain name (RFC 1034). A user might enter “https://example. com/” into a web browser or send an email to “alice@example.com”. One of the main purposes of using TLS in these cases is thus to authenticate the server as a legitimate representative of the domain name, in other words, to assure the user that the entity on the other end of the connection actually represents “example.com”. Note that this applies to DTLS as well, since it uses the same handshake as TLS.

Photo credit: Paul Erkkila

Today, a server asserts its right to rep- resent a domain by presenting a PKIX digital certificate (RFC 5280). A client then has to evaluate the certificate to decide whether or not the certificate is sufficient to establish the server’s identity. This decision is usually based on two criteria:

1. whether the certificate contains the desired domain name (RFC 6125), and
2. whether the certificate is issued under a trusted certification authority (in the PKIX parlance, a “trusted CA” or “trust anchor”).

In order to apply this second criterion, the client must choose some set of trust anchors. In current systems, the choice of trust anchors is mostly out of the user’s hands. For example, all modern browsers and operating systems come with default trust anchor lists. Users can add to this list, using their browsers’ “Accept this certificate?” dialogs, al- though it can be very difficult to remove trust anchors from the default list.⁽¹⁾ The result of the current, manual model is that trust anchors end up having very broad authority. With no way to discover which trust anchor should be vouching for a particular set of domain names, current systems allow any trust anchor to issue certificates for any domain name. The risks of having broadly trusted CAs have recently become clear, as attackers were able to break into two small CAs and create fraudulent certificates for Google and Facebook, among others.^(2),(3) The importance of default trust lists has also driven up the cost to application providers of deploying TLS, leading some to rely on self-signed certificates, which provide no authentication at all (with- out some out-of-band negotiation). The IETF DANE working group⁽⁴⁾ was chartered to develop ways to use DNSSEC to improve TLS authentication of domain names. With the advent of DNSSEC, it is possible for clients to obtain authenticated data directly from zone operators. In the context of TLS in particular, DNSSEC should allow clients to securely ask the operator of a domain about which certificates they should accept as credentials for that domain. The domain operator might specify constraints on certificate validation or even supply a new trust anchor. As with most new technologies, there will be a few challenges in migration; most notably, DNS operators will play a far larger role in the security of Internet applications. But if these challenges can be overcome, then DANE should increase both the security of applications and the ability of domain operators to secure the services they offer. DANE Records If the goal of DANE is to allow domain operators to make statements about how clients should judge TLS certificates for their domains, then what sorts of statements should DANE allow them to make? The DANE use cases document (draft-ietf-dane-use-cases) lays out three major types of statements:

1. CA Constraints: The client should only accept certificates issued under a specific CA.
2. Service Certificate Constraints: The client should only accept a specific certificate.
3. Trust Anchor Assertion: The client should use a domain-provided trust anchor to validate certificates for that domain.

All three of the above statements can be viewed as constraining the scope of trust anchors. The first two types limit the scope of existing trust anchors; the third provides the client with a new trust anchor (still within a limited scope). More on these in a moment. The current draft DANE protocol defines a DNS Resource Record type TLSA for describing TLS associations—statements about what certificates are associated to a domain (draft-ietf-dane-protocol). Each TLSA record has three basic fields:

• Usage: Which type of statement this record is making
• Selector/Matching: How a TLS certificate chain should be matched against this record (e.g., by exact match, by public key, or by SHA-1 digest)
• Certificate for Association: The actual data against which the TLS certificate chain should be matched

These records are stored under the target domain with a prefix that indicates the transport and port number for the TLS server. For example, if Alice runs a secure web service at example.com, and wants to tell clients to only accept certificates from Charlie’s CA, she could provision a TLSA record under _443._tcp.example.com with the following contents:

• Usage: CA constraint
• Selector/Matching: SHA-1 digest
• Certificate for Association: SHA-1 digest of Charlie’s certificate

When client Bob wants to connect to “https://example.com,” he can find these TLSA records and apply Alice’s constraints when he validates the server’s certificate. Adding Constraints to PKIX The major objective of the CA constraints and service certificate constraints is to guard against mis-issue of certificates. A certificate is mis-issued when a CA issues a certificate to an entity that does not represent the domain name in the certificate. Mis-issue can come about in many ways, including via malicious CAs, compromised CAs (as in the Comodo and DigiNotar example above), or CAs that are simply misled as to the attacker’s identity through fraud or other means. Today, mis-issue can be difficult to detect, as there is not a standard way for clients to figure out which CAs are supposed to be issuing certificates for a domain. When an attacker issued false certificates for the Google Gmail service under the DigiNotar CA, it was noticed only because a vigilant user posted to a Gmail help forum.⁽⁵⁾ By contrast, domain operators know exactly which CAs they have requested certificates from, and, of course, which specific certificates they have received. With DANE, the domain operator can securely convey this information to the client. For example, to guard against the DigiNotar attack, Google could have provisioned a TLSA record expressing a CA constraint with their real CA (which is not DigiNotar) or a certificate constraint with their actual certificate. Then DANE-aware clients would have been able to immediately see that the DigiNotar certificates were improperly issued and possibly indicative of a man-in-the-middle attack. Empowering Domain Operators According to data from the EFF SSL Observatory, which scans the whole IPv4 address space for HTTPS servers and collects their certificates, approximately 48 percent of all HTTPS servers present self-signed certificates.⁽⁶⁾ A number of other servers present certificates issued under CAs that are not in the major default trust anchor lists. For example, the United States Air Force web portal⁽⁷⁾ uses a certificate issued under a Department of Defense CA that is not trusted by Firefox. In the current environment, most clients cannot authenticate these servers at all; they have to rely on users manually accepting certificates, hopefully with some out-of-band information. As a result, these servers and their users are highly vulnerable to man-in-the-middle attacks against their supposedly secure sessions. DANE trust anchor assertions enable the operators of a domain to advertise a new trust anchor, under which certificates for that domain are issued. Using these records, clients can dynamically discover what trust anchors they should accept for a given domain instead of relying on a static list provided by a browser or operating system. It may seem odd to talk about a domain supplying a client with trust anchors, since trust anchor provisioning is typically a very sensitive activity. If an attacker is able to install a trust anchor into a victim’s trust anchor store, then the attacker can masquerade under any name by issuing certificates under that name. In fact, the PKIX working group has defined an entire protocol for managing trust anchors (RFC 5934). DANE ensures that trust-anchor provisioning is secure by applying scoping, and verifying its scoping using DNSSEC. DANE trust anchor assertions are scoped to a particular domain name, so even if an attacker can introduce a false trust anchor, he can only use it to spoof a single name. Furthermore, trust anchor assertions must be DNSSEC signed, meaning clients can verify that the entity providing the trust anchor represents the domain in question. Ultimately, the client still has to have a list of trust anchors configured, but DNSSEC trust anchors instead of PKIX trust anchors. Of course, in principle, a client only needs one trust anchor for DNSSEC—the root zone trust anchor. Since control of the DNS root doesn’t change often, it makes sense that it be statically configured! The ability of a domain operator to explicitly indicate a trust anchor for a domain is obviously very powerful. It may be tempting to ask whether this is really the only use case that DANE needs, i.e., whether the constraint cases above are needed at all. The answer is that the constraint cases are useful as a way to fold in PKIX validation with external CAs, in addition to domain-asserted trust anchors. Most obviously, this feature is useful in transition, when not all clients are DANE-aware. But even in the longer term, it’s possible that CAs will provide added value over DANE. For example, although DANE is designed to bind certificates to domain names, CAs can vouch for bindings of certificates to other things, including the legal identity and physical location attested to in Extended Validation certificates.⁽⁸⁾ Transition Challenges As described above, DANE offers valuable new security properties for TLS authentication. But, as with most IETF technologies—especially security technologies—there are both challenges to overcome and potential pitfalls. The most significant constraint for DANE deployment is DNSSEC deployment. On the server side, this is not a huge issue considering DNSSEC support is spreading fairly rapidly. On the client side, things may be more difficult. While there are DNS libraries with robust DNSSEC support, many of the major DNS APIs that are used by applications do not provide information about the DNSSEC status of the results returned. In order to implement DANE, application developers may have to refactor their DNS support, in addition to querying for new record types. If more sites come to rely on DANE, this could also draw increasing attention to the various types of intermediaries that cause DNSSEC breakage (e.g., home gateways that improperly set DNS flags). Adding DNSSEC to the TLS connection process can also add significant latency to the TLS connection process. In addition to completing the TLS handshake and certificate validation, the client has to wait for several DNS round-trips and then validate the chain of DNSSEC signatures. These combined delays can add up to multiple seconds of latency in connection establishment. Especially for real-time protocols such as HTTPS, SIP, or XMPP, such delay is clearly undesirable. The primary mechanism proposed to mitigate these delays is to have the server pre-fetch all of the relevant DNSSEC records (i.e., DS, DNSKEY, and RRSIG records chaining back to the root). Then the server can provide a serialized version of the DNSSEC records in the TLS handshake, saving the client the latency of the required DNS queries. The details of this mechanism, however, are still being worked out among the DANE, TLS, and PKIX working groups (draft-agl-dane-serializechain). A prototype version is now available in the Google Chrome web browser.⁽⁹⁾ Security Considerations From a security perspective, the major impact of DANE is the new role that DNS operators will play in securing Internet applications. DNSSEC has meant that DNS operators have more security functions; DANE deployment will give them an explicit impact on application security, acting as arbiters of who can authenticate under a given name in TLS. Particularly if services make use of trust anchor assertions, DNS operators will play an analogous role to the one CAs play today—meaning, a compromise in a DNS operator will enable an attacker to masquerade as a victim domain (albeit for a more limited set of domains due to DANE’s constraints on names). In this way, DNS operators are likely to inherit many of the security troubles that CAs experience today and will need to strengthen their security posture accordingly. Another more subtle risk arises from the fact that the operator of a DNS zone is not always the same as the entity that is authorized to control the contents of the zone, which we can call the domain holder. We used the phrase domain operator above, since DNSSEC only protects DNS information between the operator’s name server and the client—it doesn’t say that what’s provisioned in the name server is authorized by the domain holder. When a domain is operated by a third party, the third party is a point of vulnerability between the client and the holder of the domain. If the domain operator provides false DANE information through malice or compromise, then a client will not be able to distinguish it from genuine DANE information. To some extent, this risk is not new; many current CAs authenticate requests for domain certificates based on information under the control of the domain operator, domain operators can already influence the credentialing process. With DANE, however, the vulnerability is much easier to exploit as the DNS operator needn’t trick a third party. This vulnerability is also fundamental to protocols that rely on DNSSEC for security. The implications for DANE are discussed in detail in the DANE use cases document (draft-ietf-dane-use-cases). The main mitigation is simply increased care on the part of domain holders to ensure that domain operators are not behaving badly. Conclusions For many years now, Internet applications have relied on assertions by third-party certification authorities to ensure that a server holding a particular private key was authorized to represent a domain. The promise of DANE is a more direct interaction between clients and the domains they interact with, secured by DNSSEC. In the short run, DANE can be deployed as an adjunct to the current system of certificates and authorities, adding constraints to better protect domains. In the long run, DANE will enable domain operators to vouch for their own names. The transition and security issues that face DANE are largely the growing pains of DNSSEC. It’s not that DANE is causing these problems itself; rather, the problems arise because DANE is the first real usage of DNSSEC that is expected to be widely deployed. So while it may be difficult to mitigate some of the security issues raised by DANE and to enable more robust DNSSEC support in applications and gateways, these changes will ultimately make it simpler for applications to use DNSSEC for other purposes. The DANE working group is making consistent progress on its deliverables and there already exist some prototype deployment tools. Their use cases document has been approved by the IESG (draft-ietf-dane-use-cases), and the document defining the TLSA record type is maturing (draft-ietf-dane-protocol). On the client side, a variant of DANE has been implemented in Google Chrome; on the server side, there are prototype tools available to generate DANE records and to generate DNSSEC-stapled certificates based on DANE records.^(10),(11) References

1. http://arstechnica.com/apple/news/2011/09/safari-users-still-susceptible-to- attacks-using-fake-diginotar-certs.ars
2. http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/
3. http://www.theregister.co.uk/2011/09/06/diginotar_audit_damning_fail/
4. http://tools.ietf.org/wg/dane
5. http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a &hl=en
6. http://www.eff.org/observatory
7. https://www.my.af.mil/
8. http://cabforum.org/Guidelines_v1_2.pdf
9. http://www.imperialviolet.org/2011/06/16/dnssecchrome.html
10. https://dane.xelerance.com/
11. http://www.imperialviolet.org/2011/06/16/dnssecchrome.html

Find out more:

DANE Resources

]]> 577 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-october-2011/ Thu, 06 Oct 2011 17:06:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=581 cover article, Richard Barnes offers a detailed overview of the DANE working group’s efforts to make this possibility a technical reality. Attendees of the IETF 81 meeting in Quebec City will have noticed the invitations to visit a demonstration of the Port Control Protocol in the terminal room. For a detailed explanation of the purposes of this new IETF technology and the demo that was presented, see “New Technology Demo: PCP.” In our IETF Ornithology column, we again provide an overview of the proceedings and outcomes of the Birds-of-a Feather (BoF) meetings that took place during IETF 81. These are frequently some of the most interesting and accessible meetings for the general observer as participants seek to explain the background to and motivations for new work topics. Also in this issue are our regular columns from theIETF and IAB chairs, highlights from the ISOC panel on Internet evolution, coverage of hot topics discussed during plenary meetings, and an opportunity to meet the ISOC Fellows to IETF 81. I’m pleased to announce new subscription options to enable receipt of the IETF Journal in advance of the next IETF meeting. Have the latest edition sent to you as soon as it is available in hardcopy or via email by subscribing at: https://www.isoc.org/apps/events/ietf-subscription.php. As always, we are hugely grateful to all our contributors. Please send comments and suggestions for future issues to ietfjournal@isoc.org.]]> 581 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2012/ Thu, 01 Mar 2012 22:16:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1591 ietfjournal@isoc.org. And remember, you can subscribe in hardcopy or via email at:https://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription]]> 1591 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-ietf-chair/ Thu, 01 Mar 2012 22:19:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1593 The IETF participants remain actively engaged in developing the future of the Internet! For the first time, an IETF meeting was held in Taipei, Taiwan, and we felt most welcome. Attended by 931 people from 48 countries, IETF 82 was hosted by the Taiwan Network Information Center (TWNIC), which served as a wonderful host. The hotel and the convention center facilities were comfortable, and Tuesday evening’s social event was well attended. TWNIC was assisted by 15 sponsors, which helped make the event successful. APNIC sponsored the welcome reception; Chunghwa Telecom sponsored the network connectivity; the Bureau of Foreign Trade was a Platinum sponsor; and DNI was a gold sponsor. Thanks to all for your support. Many working groups (WGs) made significant progress at IETF 82. It was a genuine pleasure to see so many talented people engaged and collaborating. Since IETF 81, four working groups have been chartered and eight have closed—our count remains fairly steady at 117 WGs. Between meetings, the WGs and their individual contributors produced 512 new Internet-Drafts and updated 1,112 existing Internet-Drafts, some more than once. The Internet Engineering Steering Group (IESG) approved 107 Internet-Drafts for publication as RFCs. The RFC Editor published 97 new RFCs. You might not know it, but many of the computer systems you use every day depend on the time zone (TZ) database. Arthur David Olson started the TZ database in the mid-1980s as a public service; he had no expectation of payment or other reward. Today, this database is globally vital. Nearing retirement, Olson sought a new home for the TZ database, and the TZ community selected IANA. To accomplish this task, the IESG approved a policy for the TZ database, and the document is in the RFC Editor queue. Sadly, the story does not end there. Astrolabe, Inc. filed a copyright infringement lawsuit against Olson and Paul Eggert, another member of the TZ community. As a result, the TZ database was taken offline on 7 October 2011. The Internet community helped arrange pro bono legal assistance for Olson, and although the governing RFC was not yet published, ICANN brought the TZ database online at iana.org on 14 October 2011. Many thanks to those Internet heroes who created the TZ database and to those Internet heroes who acted to keep it available to everyone. The IETF continues to improve its tools. The Datatracker provides a great deal of visibility into the processing of the documents in the IETF stream, and this visibility was recently extended to cover actions within Working Groups. Not all WGs are using this capability yet, but I strongly encourage them to do so. Over the next few months, the database behind the Datatracker will be significantly updated, making it much easier for community-oriented enhancements to be made in the future. IETF 83 will take place in Paris, France, on 25–30 March 2012. No host has been identified for the meeting in Paris. Scheduling information for the upcoming IETF meetings can always be found athttp://www.ietf.org/meeting/. I look forward to seeing you there.]]> 1593 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-22/ Thu, 01 Mar 2012 13:52:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1595 Personnel With the recent Nominating Commitee (Nomcom) announcement of IAB appointments,¹ the IAB welcomes new members Jari Arkko and Marc Blanchet, as well as returning members Bernard Aboba, Ross Callon, Spencer Dawkins, and Hannes Tschofenig. The IAB also expresses its gratitude to outgoing members Olaf Kolkman and Andrei Robachevsky for their service to the community. New IAB members will take office during IETF 83 in Paris. The IAB also recently announced the appointment of Mary Barnes as IAB executive director,² succeeding Dow Street, who has served as IAB executive director since March 2008. Many thanks to Dow for his service to the community. In addition, the IAB announced the appointment of Joel Halpern as liaison to the IESG, succeeding Hannes Tschofenig.³

IAB Statement

Recently, concerns have arisen about potential conflicts between interpretations of RFC 1123 and real-world practice with the provisioning of labels in the root zone of the Domain Name System (DNS). While there is work in progress within the IETF relating to this, additional time and effort will be required before RFCs on the subject can be published. So as not to block progress toward the provisioning additional generic TLDs, the IAB has posted a statement entitled “The interpretation of rules in the ICANN gTLD Applicant Guidebook.”⁴

Smart Objects

The IETF 82 technical plenary topic, “Interconnecting Smart Objects with the Internet,” was organized and introduced by Hannes Tschofenig with featured presentations by Jari Arkko, Robert Assimiti, Fred Baker, Carsten Bormann, and Zach Shelby.⁵ Jari provided an overview of a recent IAB workshop called “Connecting Smart Objects with the Internet,” including challenges that lie ahead. Robert Assimiti discussed prospects for Smart Object interoperability; Smart Objects and Internet architecture was the basis of a presentation by Fred Baker; Carsten Bormann discussed the importance of removing “Garrulity and Fluff” from protocols to reduce energy consumption; and Zach Shelby described the challenges facing the web as a result of Smart Objects. In addition to the IETF 82 technical plenary on Smart Objects, the IAB approved publication of the Smart Object Workshop Report⁶ as an Informational RFC within the IAB stream.

RFC Series

With respect to the RFC Series, several important milestones were reached. The IAB announced the appointment of Heather Flanagan as RFC series editor (RSE),⁷ as well as the reappointment of Nevil Brownlee as the independent submission editor (ISE).⁸ In addition, “Independent Submission Editor Model”⁹ was published as RFC 6548 within the IAB stream.

Privacy Programme

The IAB Privacy Programme, led by Alissa Cooper, published “Report from the Internet Privacy Workshop”¹⁰ as RFC 6462. In addition, the IAB adopted a draft on privacy terminology,¹¹ as well as one on privacy considerations.¹²

ICANN Relations

With respect to ICANN relations, the IAB submitted an ICANN performance evaluation.¹³ It also appointed Peter Koch as liaison to the Domain Name System (DNS) Root Server System Advisory Committee (RSSAC).¹⁴

ITU Coordination Programme

The ITU–T Coordination Programme, led by Eliot Lear, has been very active over the past few months, most recently responding to the ITU–T liaison on “Update to the IETF and ITU–T collaboration guidelines.”¹⁵

Emergency Services Initiatives

The IAB recently established an Emergency Services Initiative¹⁶ led by Hannes Tschofenig. The initiative will seek to improve collaboration between the IETF and governments on next-generation emergency services. It is also tasked with developing liaisons among the IETF, Standards Development Organizations (SDOs), and industry forums working in this area.

Other News

In other news, the IAB announced a Call for Comments on the Internet-Draft, Architectural Considerations of IP Anycast,¹⁷ authored by Danny McPherson and Dave Oran. Also, the IAB nominated Olaf Kolkman and Hannes Tschofenig as representatives to the Multi-Stakeholder Platform on ICT Standardization.¹⁸

References

1. “Nomcom 2011–2012: IAB Appointments,” http://www.ietf.org/mail-archive/web/ietf-announce/current/msg09827.html 2. “IAB appoints Mary Barnes as Executive Director,” http://www.iab.org/2012/01/16/iab-appoints-mary-barnes-as-executive-director/ 3. “IAB appoints Joel Halpern as liaison to the IESG,” http://www.iab.org/2011/09/28/iab-appoints-joel-halpern-as-liaison-to-the-iesg/ 4. “IAB Statement: 'The interpretation of rules in the ICANN gTLD Applicant Guidebook,'“http://www.iab.org/documents/correspondence-reports-documents/2012-2/iab-statement-the-interpretation-of-rules-in-the-icann-gtld-applicant-guidebook/ 5. Technical plenary materials, http://www.ietf.org/proceedings/82/technical-plenary.html 6. Smart Objects Workshop Report, http://tools.ietf.org/html/draft-iab-smart-object-workshop 7. “IAB appoints RFC Series Editor,” http://www.iab.org/2011/12/02/rfc-series-editor-appointment/ 8. “IAB re-appoints Independent Submission Editor,” http://www.iab.org/2012/01/18/iab-re-appoints-independent-submissions-editor/ 9. ISE Model, http://tools.ietf.org/html/rfc6548 10. Report from the Internet Privacy Workshop, http://tools.ietf.org/html/rfc6462 11. Hansen, M., Tschofenig, H. and R. Smith, “Privacy Terminology,” http://tools.ietf.org/html/draft-iab-privacy-terminology 12. Cooper, A., Tschofenig, H., Aboba, B., Peterson, J. and J. Morris, “Privacy Considerations for Internet Protocols,” http://tools.ietf.org/html/draft-iab-privacy-considerations 13. “IAB submits ICANN performance evaluation,” http://www.iab.org/2011/12/18/iab-submits-icann-performance-evaluation/ 14. “IAB appoints Peter Koch as liaison to the RSSAC,” http://www.iab.org/2011/11/02/iab-appoints-peter-koch-as-liaison-to-the-rssac/ 15. “IAB responds to ITU-T TSAG liaison”, http://www.iab.org/2012/01/25/iab-responds-to-itu-t-tsag-liaison-on-update-of-ietf-and-itu-t-collaboration-guidelines/ 16. “IAB establishes Emergency Services Initiative,” http://www.iab.org/2012/01/11/iab-establishes-emergency-services-initiative/ 17. McPherson, D and D. Oran, “Architectural Considerations of IP Anycast,”http://tools.ietf.org/html/draft-iab-anycast-arch-implications 18. “IAB nominates representatives to the Multi-Stakeholder Platform on ICT Standardization,”http://www.iab.org/2012/01/16/iab-nominates-representatives-to-the-multi-stakeholder-platform-on-ict-standardisation/]]> 1595 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/how-data-centric-networking-could-change-the-internet/ Thu, 01 Mar 2012 13:53:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1597 1597 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/smart-objects-demand-a-new-approach-to-internet-engineering/ Thu, 01 Mar 2012 13:54:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1599 1599 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/something-weirds-this-way-comes/ Thu, 01 Mar 2012 13:56:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1601 SSAC Report on Domain Name WHOIS Terminology and Structure in September 2011, a document noting the differences between data, access protocols, and services, which is intended to disambiguate policy impasses where data, protocol, and service issues are conflated. The ICANN staff has also published two proposals for RESTful web services aimed at domain name registries and registrars. Finally, the WEIRDS effort does have an active, participant constituency not seen in the previous efforts: data consumers, specifically from the spam abatement, reputation scoring, and network anti-abuse industries. As network abuses have become more sophisticated over the years, vendors with products to help combat these abuses have increasingly turned to the Internet registries for more and more information. One could consider it combat intelligence. The products and services of those industries need tighter integration and more robust service than is currently offered by the WHOIS protocol. So WEIRDS is unlike the RWhois, WHOIS++, and IRIS work. Many more constituencies are participating. The nexus with the policy community is being tended to with active support from ICANN, and the technology model is simple and well within the mainstream of most programmers. And, as with all IETF activities, everyone is welcome and voices can be heard by joining the IETF’s WEIRDS mailing list.]]> 1601 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-to-ietf-programme-benefits-both-fellows-and-mentors/ Thu, 01 Mar 2012 14:01:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1605 conte@isoc.org.]]> 1605 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/winners-of-postel-itojun-awards-and-applied-networking-research-prize-announced/ Thu, 01 Mar 2012 14:02:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1607 th year, the Postel award consists of a presentation crystal and a USD 20,000 prize that goes to an individual who has made outstanding contributions in service to the data communications community. The award recognizes sustained and substantial technical contributions, service to the community, and leadership. The Postel award is named for the original RFC editor and Internet numbering authority. Chon was honored for being a pioneer in Internet research, development, and commercialization in Asia. He was active in connecting Asia to the Internet in the early 1980s and he continues to promote its development in the region. Chon was a professor in the computer science department at the Korean Advanced Institute of Science and Technology from 1982 to 2008 and remains a professor emeritus there. Chon said winning the Postel award was significant from a professional standpoint because it acknowledges the importance of the Internet’s growth in developing countries. He added that winning the award was touching on a personal level because he was in the Ph.D. program at University of California, Los Angeles with Jon Postel. Chon, who has been active in the IETF since 1991, said he would like to see more Asian engineers participate in the IETF, publish RFCs, and take on leadership roles in working groups, the IESG and the IAB. “The Internet in Asia is in pretty good shape now, leading globally in some areas such as broadband, the mobile Internet, IPv6 and IDNs,” Chon said. “With respect to the IETF, Asia needs to work much harder to share the Internet standards development as Asia’s Internet population is reaching 50 percent of the global Internet population. When we look at the IAB, IESG, and other groups of the IETF, Asian representation is far less than what we would expect.” Chon pointed out that Asia will continue to drive growth in Internet users over the next 10 years. “We need to prepare for the increase of two billion Internet users in Asia,” Chon said. “Many of them are expected to access the Internet through smart phones. This is the paradigm shift on Internet access. We need to lead this paradigm shift to accommodate the new two billion Internet users as well as the current users through education, infrastructure development, and service development.” The 2011 Itojun Service Award was presented to two network engineers at the IETF 82 meeting—Alexandre Cassen of France’s Free Telecom and Rémi Després, an independent consultant—for their outstanding contributions in furthering the deployment of IPv6. In its third year, the Itojun Service Award recognizes individuals for their extraordinary dedication to IPv6 deployment. The award is named for Dr. Jun-ichiro “itojun” Hagino, a senior researcher at Internet Initiative Japan and IPv6 proponent who passed away in 2007 at the age of 37. Established by the friends of “itojun”, the Itojun Service Award participants receive a presentation crystal, a USD 3,000 honorarium, and a travel grant. Cassen and Després were recognized for their design and implementation of 6rd, a protocol used to rapidly deploy IPv6. The 6rd protocol has been deployed by several Internet service providers (ISPs), including Free, France’s second-largest ISP. Free used 6rd to deploy IPv6 to its residential customers in only five weeks in 2007, and now the service provider has more than 1.5 million subscribers using IPv6 everyday. Després, a consultant with RD-IPtech, said Free was several years ahead of most service providers in deploying IPv6. “Free has remained the provider of more than half the native IPv6 traffic seen by Google from 2008 to 2010,” he added. Després encouraged IETF participants to deploy IPv6 as an added feature—not a replacement—for IPv4. “IPv6 can only bring added value because absolutely everything that still depends on IPv4 to work remains operational,” Després said. “As this ubiquitous IPv6 availability progresses, more and more of the traffic makes no use of IPv4 functions, and, eventually, dismounting IPv4 gears will be possible without negative effect on users.” Després said automatic tunneling mechanisms such as 6rd are “advantageous where IPv4-specialized devices cannot be quickly replaced by IPv6-capable ones. … From outside a 6rd provider network, no one can notice that part of your IPv6 routes across the network have traversed some tunnel.” Cassen, who is a research and development team leader at Free, said based on his experience with 6rd, his message to other IETF participants is: “Do not be afraid of IPv6. It will make things simpler for the future.” Last, but not least, the most recent winners of the Applied Networking Research Prize (ANRP) were honoured during the Internet Research Task Force (IRTF) Open Meeting. The ANRP is aimed at recognizing the best new ideas in networking research and encouraging those researchers to interact with the IETF community. The ANRP recognizes recently published networking research results that are relevant for Internet products and related standardization efforts. Recipients of this award receive USD 500, are invited to give a talk at the IRTF Open Meeting, and get a travel grant. ANRP grants are supported by the Internet Society in collaboration with the IRTF and are given three times per year in conjunction with the IETF’s three annual meetings. The November 2011 recipients were Nasif Ekiz and Michio Honda. Ekiz, a Ph.D. candidate in computer and information sciences at the University of Delaware, was honored for his analysis of misbehaving TCP receivers, which was published in the April 2011 issue of ACM SIGCOMM’s Computer Communication Review. Honda, of Keio University, was recognized for his research into determining the future extensibility of TCP, which was published in the proceedings of the ACM Internet Measurement Conference, held in November 2011. Attending the Taipei meeting “was a great experience,” Ekiz said, adding that he particularly enjoyed the technical discussions in the IETF’s transport group. “This experience will aid me in deciding what problems to look at next … I met lots of people in my research domain from industry and got their feedback regarding the research I conduct.” Honda said attending the IETF meeting was “quite helpful” for his research, which involves recruiting volunteers, including IETF participants, to run a middlebox measurement tool. His attendance was “a good opportunity to present a snapshot of our measurement work to the volunteers and to ask them to join our experiment for improved measurements,” he said.]]> 1607 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-9/ Thu, 01 Mar 2012 14:04:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1609 http://trac.tools.ietf.org/bof/trac/wiki/WikiStart.

WEIRDS—WHOIS-based Extensible Internet Registration Data Service

Description: The work aims at a replacement for WHOIS to be delivered as a RESTful (representational state transfer) service, with an eye to avoiding a number of the issues that have prevented IRIS (the Internet registry information service) deployment as a WHOIS replacement. The impetus for this work is the existence of three already-deployed experimental services similar to the approach being proposed for IETF work, and the burgeoning number of IDN TLDs in the domain name system root zone. Proceedings: http://www.ietf.org/proceedings/82/minutes/weirds.txt Outcome: After presentations of the existing implementations, the resulting discussion centred around separating the number registry issues from the domain name registry issues. There was scepticism that the domain name registry issues could be addressed in a way that would lead to widespread adoption of the solution. There was more support for focussing initially on the number registry issues. A working group (WG) charter is being drafted, and this work is discussed in more detail in our feature article on page XX].

MULTRANS—Multicast Transition

Description: This meeting was a follow-up to the BoF held during the IETF 81 meeting in Quebec City. At this meeting, the discussion focused on the operational issues that IPTV providers will face during the IPv4/IPv6 transition period and application layer gateway solutions to those problems. Proceedings: http://www.ietf.org/proceedings/82/multrans.html Outcome: The MULTRANS BoF participants wrestled at some length with the discovery problem (in other words, how the receiver learns which group address to join, since it is not in the same address family as the sender). It was clear that a majority of the people attending the meeting was in favor of trying to better understand the problem. It was agreed to do that work as part of an interim meeting of the mboned WG (draft-eubanks-mboned-transition-overview at http://datatracker.ietf.org/doc/draft-eubanks-mboned-transition-overview/, which provides a useful overview of the problem space).

DCON—Distributed Conferencing

Description: The DCON BoF was concerned with proposals to develop a standard solution for scalable conferencing over the Internet. Drawing inspiration from the work of the XCON (Centralized Conferencing) WG it would define a standard suite of protocols for distributed conferencing. This was a WG-forming BoF that related to the work that was done by the recently concluded XCON WG. Proceedings: http://www.ietf.org/proceedings/82/minutes/dcon.txt Outcomes: This was a good meeting that provided lots of constructive feedback to the proponents of the work. It was unclear whether there was enough interest within the community to provide sufficient thrust for a WG at this time. Discussions are ongoing and will explore whether there is potential for greater community interest in the future, at which time this work will be reconsidered.

SDN—Software Driven Networks

Description: SDN is an approach to networks that enables applications to converse with and manipulate the control software of network devices and resources. SDNs are composed of applications, control software, and interfaces to services that are hosted in an overlay or logical/virtual network, as well as those possibly same components that compose the underlying physical network (excerpted from draft-nadeau-sdn-problem-statement http://tools.ietf.org/html/draft-nadeau-sdn-problem-statement/). Proceedings: http://www.ietf.org/proceedings/82/minutes/sdn.html Outcome: There was quite a bit of confusion and disagreement about what problem this work is intended to solve and how it is going about solving it. The scope of the discussions was very broad. If there is work here for the IETF, it was unclear what that work might be. More work is needed from the proponents of this activity to more clearly articulate a very specific problem that makes sense to address within the IETF.]]> 1609 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-82-at-a-glance/ Thu, 01 Mar 2012 14:05:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1612 IETF Activity since IETF 81 (July–October 2011) New WGs: 4 WGs closed: 8 WG currently chartered: 117 New Internet-Drafts: 512 ·       167 updated ·       32 updated more than once Updated Internet-Drafts: 1112 IETF Last Calls: 99 Internet-Drafts approved for publication: 107 RFCs published: 97 ·       51 Standards Track and 7 BCP ·       35 Informational and 2 Experimental   IANA Activity since IETF 81 (July–October 2011) Processed 1320 IETF-related requests, including: ·       616 private enterprise number requests ·       62 port number requests ·       54 TRIP ITAD number requests ·       64 media-type requests Reviewed 118 I-Ds in Last Call and reviewed 123 I-Ds in IESG Evaluation Reviewed 105 I-Ds prior to becoming RFCs and 57 of them contained actions for IANA Processing goal average for IETF-related requests: 95% Protocal registries conversation to XML: 80% complete Time Zone database now published by ICANN ·       Robert Elz selected as TZ coordinator   RFC Editor Activity since IETF 81 (July–October 2011) Discussed on rfc-Interest@rfc-editor.org ·       RFC Editor and Independent Editor models: draft-iab-rfc-editor model-v2, draft-iab-rfc-independent ·       Authors, editors, and contributors proposed policy   Thanks for the Code Code sprint was very successful ·       Incremental imporovements to datatracker deployed ·       Beta version of new xml2rfc tool now available on xml.resource.org]]> 1612 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-16/ Thu, 01 Mar 2012 14:06:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1614 http://irtf.org/anrp for details. Going forward, the ANRP selection committee has decided to move from one nomination/selection cycle per IETF meeting to a yearly nomination/selection cycle covering all of the year’s IETF meetings. This change will not affect the number of ANRPs awarded (roughly one per IETF meeting) and awardees can state a preference as to which IETF meeting they would like to present at during the given year. The ANRP nomination/selection cycle for a given year will occur during the fall of the previous year. This means that for 2013, the nomination/selection cycle will occur during the fall of 2012. Consequently, the nomination/award schedule for 2012 will be adjusted as follows: - No ANRPs will be awarded at IETF 83 in Paris in March due to the 2011 holiday season and the short amount of time since the last IETF meeting. - A nomination/selection cycle to pick awardees for the two remaining IETF meetings in 2012 (IETF 84 in Vancouver, British Columbia, and IETF 85 in Atlanta, Georgia) will be held before IETF 84. Please join the IRTF discussion list to stay informed! http://www.irtf.org/mailman/listinfo/irtf-discuss  ]]> 1614 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-october-2012/ Sat, 06 Oct 2012 15:33:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=273 273 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/world-ipv6-launch-its-happening/ Sat, 06 Oct 2012 15:53:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=292 is happening.” He cited the estimated IPv6-user population figures, including 3 million in the United States, 2.3 million in China, 2 million in Japan and 2 million in France, as examples. John Brzozowski, Comcast’s distinguished engineer and chief architect for IPv6, noted that to achieve approximately two percent of Comcast’s active customers using IPv6, they needed to deploy IPv6 on approximately half of their network. Approximately 70 percent of these customers are using a computer connected directly to a cable modem; 30 percent are using home routers. “One of the things we feel is important to highlight here is that if we understand what devices are not using v6, we can then use that as an opportunity to have feedback here in this community and to also work more with consumer electronics,” explained Brzozowski. “One of the things we feel is pretty significant is that while there is a growing momentum for [IP]v6 across consumer electronics in the form of home networking, the other part of consumer electronics—your televisions, your Rokus—needs some tender loving care as far as [IP]v6 is concerned.” Brzozowski highlighted some of the services that represent the bulk of their IPv6 traffic, namely Netflix, YouTube, and the iTunes App Store. Approximately six percent of Olympics streaming over YouTube to Comcast customers was over IPv6. Lorenzo Colitti is currently the technical lead for Google’s IPv6 efforts, which includes everything from performance metrics to Android development to government outreach. For World IPv6 Launch, Google helped participants prepare, published data, and built a tool that tracked deployments. “We measure 2.5x growth of IPv6 traffic over the last year, and if anything it’s accelerating—this is on top of [IP]v4 growth, of course,” Colitti explained. “It’s basically 2.5x per year that [IP]v6 is gaining compared to [IP]v4, if you extrapolate that, as the pointy-haired boss-types like to do, you get to 50 percent of traffic in about six years, or 100 percent in seven years.” For Google, a major focus for World IPv6 Launch was also tracking IPv6 breakage, to ensure bad user experience was kept to a minimum. Colitti pointed out some networks are responding to IPv6 by filtering AAAA records at their DNS servers, and that this was not a tactic they recommended. “The underlying problem doesn’t go away, it’s just masked. Once you mask the problem it becomes very difficult to measure it, and once you can’t measure it, you don’t know when to turn the filtering off. It’s hard to get out of it.” Google tracks how many search queries there are per second, and on World IPv6 Launch, they witnessed an increase of 75 percent of queries over IPv6. “One key message from our perspective as a content provider is that we have seen deployments in every part of the world, on every access technology, and these are real deployments,” said Colitti. “We’ve seen a real impact on the whole ecosystem—we’ve seen web sites, we’ve seen router vendors, phone vendors, and home router vendors actually enable IPv6, turn it on by default and leave it on. So the next time somebody says to you ‘I need the IETF to standardize this otherwise I can’t deploy it’, think carefully whether that’s true, or whether there are other ways to solve the deployment problem. The thing is, all these networks beg to differ. They say that, actually, IPv6 is deployable right now.” Lee Howard, director of network technology for Time Warner Cable, has primary responsibility for the cable company’s IPv6 deployment. He described the relationship between the one percent of their users actively using IPv6 and the scale of their deployment as the product of multiplying fractions. “Half of cable modems have to be enabled to get to one percent of users. Here’s why: because those cable modems are evenly distributed across your entire footprint, or close enough to evenly distributed.” He went on to explain the breakdown further: “Only about half of operating systems in residential networks support IPv6, plus or minus five or ten percent. That half is everything that’s not Windows XP... Therefore you have to enable so many devices in order to get down to that half of devices that are not Windows XP, in order to get something that can actually use the IPv6. So we’re still multiplying fractions here—50 percent times 30 percent times 50 percent is down to a fairly small number. “As John [Brzozowski] pointed out, you have to look at the people who are directly connecting a device into their cable modem, and that’s about 15 percent. So that takes us to down to a very, very small number,” he said. “One percent doesn’t sound like a lot, but since you’re multiplying so many fractions, it is actually a huge roll-out. It represents a huge deployment in any network in order to get that [many users] actually using IPv6.” Erik Nygren is chief architect in Akamai’s platform infrastructure engineering organization, and leads their IPv6 initiative. “On our network right now, we have IPv6 in more than 53 countries around the world and in 600 of our locations.” Nygren discussed the diff erent factors at play when trying to calculate IPv6 growth, including how much content is available, how many clients have network connectivity over IPv6 and whether there is browser or operating system support. “When we combined all of these factors together,” he explained, “what we saw was very signifi cant growth as part of the World IPv6 Launch. In particular, the number of IPv6 addresses we saw year over year between 2011 and 2012 rose over 400 fold, up to 19 million unique IPv6 addresses. The number of requests we served, even just in that 24-hour period of World IPv6 Launch, was more than three billion requests over IPv6. Th is combination of more content and more clients does mean more traffic. Although a lot of these [fi gures] are from taking a bunch of small fractions and multiplying them together, one side effect is that ... taking one of those small fractions and doubling it means you’ve doubled the overall aggregate number.” Nygren broke down where clients are coming from and how they are connecting, noting that there are some areas of the world where there is more 6to4 than native IPv6. “One of the biggest changes from a network perspective over the past year is that some big, top, American ISPs came into the fray and really started making IPv6 available to their end user subscribers. Among the top six U.S. networks, 86 percent of the IPv6 requests we saw came from those. Verizon Wireless alone, with their Android LTE devices, was over a third of the IPv6 traffic during that 24-hour window.” Addressing the pervasive view that IPv6 was something that only occurred in Asia or in Europe, Nygren pointed out these numbers prove that’s not the case anymore. “One of the top questions we get from content provider sites is. ‘When I make my site available over IPv6, what percentage of requests will come to my site over IPv6?’” Nygren explained that the answer varied greatly depending on audience. “If you have an audience of global consumer end users, you’re going to have less IPv6 preference, somewhere in the half a percent, to 1.5 percent range. If you’re at the other end, a particular country with lots of IPv6, or you’re a router manufacturer, you may have an IPv6 preference rate that’s in the two to three percent range, or even higher.” Nygren highlighted a dramatic shift in the overall IPv6 preference rate in the United States: in the past year, for a sample of consumer web sites [the preference rate] has gone up by a factor of nine. He credited this jump to a number of big U.S. ISPs coming into play. “As this continues to grow in the United States, as other networks keep turning this on, as more content becomes available over the next few years, hopefully we’ll get to the point where IPv6 be-comes the dominant Internet protocol.” Leslie Daigle posed the question to the entire panel of whether someone with IPv6-only connectivity could now say they were on the Internet, or, if not, when could that statement be made. Although several panelists agreed that point had not been reached yet, Leslie went on to explain that if she had asked that question last year, “eyes would have rolled back in their sockets,” and the response would have been different—as the response will be very different next year. “We’re going through the ugly part of transition,” she commented. Several panelists discussed the possibilities of deploying IPv6 and supporting IPv4 through a legacy, backwards-compatibility approach, described by Colitti as “IPv4 by carrier pigeon.” It was acknowledged that this would be easier for some networks than others to manage. Russ Housley closed the session by saying, “On Friday morning Vancouver time, the IETF web server was not available because there was a denial-of-service attack against our server. For the first time, all of the traffic taking that server down, was IPv6.” The room erupted with cheering and applause.]]> 292 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-84-at-a-glance/ Sat, 06 Oct 2012 16:09:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=373

Newcomers: 195 Number of countries: 52

IETF Activity since IETF 83 (March–July 2012)

New WGs: 6 WGs closed: 4 WG currently chartered: 117 New or revised Internet-Drafts: 1607 IETF Last Calls: 102 Internet-Drafts approved for publication: 106 RFCs published: 140 - 81 Standards Track and 4 BCP - 41 Informational and 11 Experimental

IANA Activity since IETF 82 (March–July 2012)

Processed 1366 IETF-related requests, including: Reviewed 115 I-Ds in Last Call and reviewed 123 I-Ds in IETF Evaluation Reviewed 105 I-Ds prior to becoming RFCs, 62 of the 105 contained actions for IANA Processing goal average for IETF-related requests: 87% Projects and Deliverables - Phase 1 of integration of tools testing complete, Phase 2 in planning - XMLization of registries 86% complete - Added designated-expert names to individual registries - Implementing improvements to multicast address and media types request forms

RFC Editor Activity since IETF 83 (March–July 2012)

Published RFCs: 150 Internet-Drafts submitted for publication: 142 - 96 IETF WGs

Blue Sheets

New policy implemented

Bits-N-Bites Debut

Modelled after attendance-optional NANOG Beer ’n Gear Further experiments at IETF 85 planned

Modern Global Standards Paradigm

Affirmed by Bernard Aboba and Russ Housley Draft available at http://www.ietf.org/proceedings/84/slides/slides-84-iesg-opsplenary-4.pdf

]]> 373 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-3/ Sat, 06 Oct 2012 16:12:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=379

Data Set Identifier Interoperability (DSII)

Description: This BoF was not intended to form a working group at this session. The purpose was to discuss how to achieve interoperability among persistent identifiers for data sets made available on the Internet. The initial use case of interest is scientific data sets produced by different research teams; other use cases might include media developed by different sources and combined into a common collection. Access policies based on identifiers, discovery, association of meta-data, and data integrity are expected to be later topics, but these will likely be covered in follow-on mailing list discussion. The meeting reviewed existing methods such as DOI, URN, PURL, and then discussed core requirements. Proceedings: http://www.ietf.org/proceedings/84/minutes/minutes-84-dsii Outcome: The meeting reviewed a conceptual framework for work in this area, core issues for data sets and their identifiers, and several current data set identifier systems. The group discussed interoperability mechanisms briefly. The chairs concluded by thanking the group for the discussion and asked folks to continue the discussion on the mailing list.

RFC Format (rfcform)

Description: The BoF reviewed the current requirements for RFC formatting, and then discussed the RFC format proposals that have been published as Internet-Drafts. For a summary of the more contentious issues relating to RFC format, see http://www.rfc-editor.org/rse/wiki/doku.php?%20id=formatsummary. Proceedings: http://www.ietf.org/proceedings/84/minutes/minutes-84-rfcform Outcome: The meeting recapped the progress of the discussion to date and reviewed the current proposals.

RTP Media Congestion Avoidance Techniques (RMCAT)

Description: Delivery of interactive real time media over the Internet is often in the form of sets of media flows using RTP over UDP. There is no generally accepted congestion control mechanism for this kind of data flow. With the deployment of applications using the RTCWEB protocol suite, the number of such flows is likely to increase, especially nonfixed-rate flows such as video or adaptive audio. There is therefore some urgency in specifying one or more congestion control mechanisms that can find general acceptance. This was a WG-forming BoF meeting to discuss chartering a WG to initially, and amongst other things, find or develop candidate congestion control algorithms, verify that these can be tested on the Internet without significant risk, and publish one or more as Experimental RFCs. Proceedings: http://www.ietf.org/proceedings/84/minutes/minutes-84-rmcat Outcome: The chairs wrapped-up the discussion by asking three questions: • Do you think that the problem is clear, well scoped, solvable, and worth solving? There was a hum in favour. • Do you support forming a WG with the charter outlined? There was a strong hum in favour. • Would you be willing to work on one or more of the drafts outlined? There was a significant constituency of people willing to work on the drafts. The proposed charter will be updated based on the discussion and circulated on the mailing list for review. The chairs and the area directors will then work to form a working group.

]]> 379 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/different-experiences-a-common-goal-isoc-fellows-at-ietf-84/ Sat, 06 Oct 2012 16:18:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=399

On 30 July 2012, 11 network engineers and entrepreneurs from 9 emerging nations met at the Hyatt Regency in Vancouver, Canada, as part of the Internet Society Fellowship to the IETF Programme. While most were only familiar with the IETF online, participation as a Fellow to the IETF was their opportunity to meet working group chairs and other IETF members face-to-face and to share their experiences in person. Offered to technology professionals, advanced IT students, and other qualified individuals from emerging economies, the IETF Fellowship programme increases the diversity of inputs to, and global awareness of, the IETF’s work. Every year since it’s inception in 2006 the programme has connected increasingly more new Fellows with mentors and other members with similar interests within the IETF community. Although Fellows represent a wide range of backgrounds and experiences, they share a commitment to the betterment of their region and a passion for the collaborative process that defines the IETF. Nomsa Muswai, a network engineer at Zimbabwe Online, learned about the IETF Fellowship programme last year and was determined to participate. “I met Steve Conte at a United States Telecommunications Training Institute workshop, and he told me about it,” she says. “I told my company I was going to come and although they didn’t send me here, they supported me. I believe that unless you take giant steps by yourself, you don’t get chances.” Muswai views her position as a network engineer as a way to give back. “It gives me a platform from which to impact society,” she said. Paul Muchene, builds websites and mobile web programs in Kenya. “In Kenya, [the web] is a very emerging industry—more and more people are beginning to see the benefits of going online,” he says. “We are where America was, perhaps, during the dot-com bubble. There’s a bubble of people wanting web sites and domain names—so that’s what I’m doing.” In addition to running his company, Muchene is also the network lead at iHub_, an open space in Nairobi for innovators, developers, venture capitalists, entrepreneurs, and graduate students to meet and work. Muchene keeps the network up and running, including recently deploying IPv6. “We have a huge information gap in Bangladesh,” says Shabbir Ahmed, an associate professor in computing science at the University of Dhaka. “We usually teach according to what textbooks are available, so in most cases we’re not conversant with cutting-edge technology. Attending a meeting like IETF 84 definitely enriches my knowledge—which I can then pass on to my students.” Dorcas Muthoni, founder of Nairobi-based open source consulting firm OpenWorld, marks her third visit as an IETF Fellow this year. “OpenWorld builds web and mobile applications targeted towards enterprise and government. I work from Nairobi, in the East African region. That’s what brings food to the table,” she says. “But I also do other things. In 2004, I started AfChix, a mentorship programme for tech women, because there are so few of us in the region. My goal is to make sure that more young women can get training, feel technically up-to-date, and ultimately present themselves for leadership roles.” ISOC Fellows to the IETF are paired with mentors who share their interests. Mentors helps Fellows navigate the meeting process, introduce them to other members, and answer questions. Muswai immediately connected with her mentor. “Fred Baker is awesome,” she says. “I’m fortunate to have him as my mentor. Through him I’m getting to know a lot of people whose names I knew previously only through their work.” She admits that the intensity of the meetings is definitely something to contend with. “Here [in person], I get so much information, sometimes I need to go back into a quiet space to go over it again.” “To benefit from the meetings you must be able to follow them,” says Muthoni. “I find it best not to attendevery session on every topic that interests me. I pick one and master the art of how the meeting runs, and then read the archives after that.” Many of the Fellows agree that meeting other IETF members in person makes following the mailing lists easier once they return home. “Initially the mailing lists can be overwhelming,” says Muchene. “I get quite a bit of mail and the discussions and drafts can be a lot. But once I attended a meeting physically, it ceased to be overwhelming—I became more excited and started appreciating the work that was done in the mailing list. I’m much more focussed now—I know exactly which drafts to read and which ones to comment on.” As a professor of computing science, Ahmed will benefit from the contacts he made at his first IETF meeting. “My institution doesn’t have access to the hardware needed to run simulations,” he says. Now he’s connected with IETF members who can help guide his research despite his institution’s limited equipment. Muswai found the depth of specialized technical knowledge at the IETF to be different from what she was used to in Zimbabwe. “In my country, as in most of the southern part of Africa, there is a lot of development but everything is still a bit vague,” she says. “There’s a lot of generalization. [In other parts of the world] people concentrate on the finer details of a network. It’s quite frustrating because sometimes we have to outsource the implementation, although we do most of the maintenance. We don’t get much chance at home to learn deeper things. [At the IETF], they really know what they’re talking about. It’s not like learning stuff from school and then trying to implement it. When I hear IETF members talk—it’s clear that they’re actually involved in the making of things.” Fellows’ interests span from DNS to apps to mpls, but all share a conviction to ensure open standards. “If it weren’t for [the IETF], which pushed for open standards, it would have been impossible for me to start my business,” says Muthoni. “It helps us access things that otherwise would have been [out of our reach]. It also promotes more cooperation. If you look at this forum you’ll find people from different companies, from different backgrounds, all thinking: how can we get things working in a standardized way, so people can publish whatever they want to publish? That’s a really a big thing—working together. Otherwise we create only small ecosystems, like boundaries of countries that everyone needs visas to cross.” Muswai sees how open access directly affects people in Zimbabwe. “Because it’s for everyone, the Internet makes it possible for a lot of things to occur—economically, politically, and socially. When people who have had no access to the Internet start using it, you see a lot of progression in those things that they couldn’t do before—even things as simple as communication.” In emerging economies, Internet and IT industries can bring much-needed jobs. “More reliance needs to be made [on industries] besides tea, coffee, and tourism—these are very shaky,” says Muchene. “It’s very important to have an open Internet, a place for people can express ideas, to innovate on top of the IP network, and to perform transactions.” “Participating in the IETF’s work to make the Internet work better through an open process feels great,” says Muswai. “It’s how I can make a difference. It’s going to change a few things in my life and I’m totally happy about it.” For more information on the IETF Fellowship, visit http://www.internetsociety.org/fellows-ietf

]]> 399 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-83-at-a-glance/ Wed, 06 Jun 2012 17:54:16 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=679 IETF 83 Statistics

Registered attendees: 1318 Newcomers: 230 Number of countries: 56

IETF Activity since IETF 82 (Nov 2011–Feb 2012) 

New WGs: 3

WGs closed: 5

WG currently chartered: 115

New Internet-Drafts: 576

• 200 updated
• 46 updated more than once

Updated Internet-Drafts: 1114

IETF Last Calls: 133

Internet-Drafts approved for publication: 125

RFCs published: 115

• 64 Standards Track and 5 BCP
• 40 Informational and 6 Experimental

IANA Activity since IETF 82 (Nov 2011–Feb 2012)

Processed 1250 IETF-related requests, including:

• Reviewed 110 I-Ds in Last Call and reviewed 102 I-Ds in IESG Evaluation
• Reviewed 98 I-Ds prior to becoming RFCs and 60 of them contained actions for IANA
• Processing goal average for IETF-related requests: 92%
• Updated RFC Editor Queue: http://www.rfc-editor.org/current_queue.php

More-complete RFC Editor Report: http://www.rfc-editor.org/ietf.html

Good News for Time Zone Database

• Astrolabe dropped copyright infringment suit against David Olson and Paul Eggert noting that it was “based on a flawed understanding of the law.”

RFC Editor Activity since IETF 82 (Nov 2011–Feb 2012)

Published RFCs: 124

Internet-Drafts submitted for publication: 103

• 82 IETF WGs

Thanks for the Code

• Code sprint was very successful
• Incremental improvements to datatracker
• Deployed datatracker

]]> 679 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-13/ Wed, 06 Jun 2012 18:09:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=683

SCIM—Simple Cloud Identity Management

Description: The Simple Cloud Identity Management (SCIM) specification is designed to make managing user identity in cloud-based applications and services easier. The specification suite seeks to build on experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. Its intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols. In essence, make it fast, cheap, and easy to move users into, out of, and around the cloud. For more details, see http://www.simple-cloud.info/.

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-scim.txt 

Outcome: A very productive discussion that indicated lots of interest in the work and support for doing the work in the IETF. Ongoing discussion will address the scope of the work and how to label it (not everyone is happy to see the word cloud used in this context). See our cover article by Chris Phillips for more discussion of this developing area.

WEIRDS—WHOIS-based Extensible Internet Registration Data Service

Description: This work is aimed at designing a replacement for WHOIS that can be delivered as a RESTful service, with an eye toward avoiding a number of the issues that have prevented IRIS (Internationalized Resource Identifiers) deployment as a WHOIS replacement. The impetus for this work is the existence of three already deployed experimental services similar to the approach being proposed for IETF work, as well as the burgeoning number of internationalized domain name (IDN) TLDs in the domain name system root zone. See the cover article from the last issue for more detail:http://www.internetsociety.org/articles/something-weirds-way-comes. 

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-weirds.txt

Outcome: Following the BoF meeting held during IETF 82 in Taipei, Taiwan, this meeting focussed on how to scope the charter for a working group (WG) on this topic. If working on a solution that includes domain names starts to slow things down, the focus will shift to numbering resources only.

RPSREQS—Remote Participation Services Requirements

Description: For many years, the IETF has provided tools for remote participation in a variety of activities. Some IETF participants also used their own tools when they felt the need. The IETF now wishes to support enhanced remote participation that is as seamless as possible, approaching the quality of direct physical attendance for the various roles—including chair, presenter, and simple attendee. Before deploying the new tools and services needed for this enhanced remote participation, the requirements for such tools and services must be defined. This meeting allowed for discussion of the draft requirements and participants’ experiences of remote participation during the IETF 83 meeting.

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-rpsreqs.txt

Outcome: Good discussion, more to come as this work progresses.

ANTITRUST—Does the IETF Need an Antitrust Policy?

Description: Standards development organizations have done a range of things in response to antitrust legislation over the years. This meeting addressed the question of whether there is anything that the IETF could or should usefully do in this regard.

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-antitrust.txt

Outcome: The meeting identified a need for two types of materials to be produced: (1) educational materials aimed at chairs that clarify the laws of various countries, and (2) materials that put this information within the context of the IETF.

RFCFORM—RFC Format

Description: The newly appointed RFC series editor, Heather Flanagan, is soliciting input on the question of formatting the RFC series. This topic has a long history of passionate debate within the IETF community and this meeting was intended to capture as many of the different requirements and concerns about moving to a new format as possible before any firm proposals are tabled.

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-rfcform.txt

Outcome: Very well organized session, no conclusions reached yet.

NVO3—Overlay Networking

Description: Support for multi-tenancy has become a core requirement of data centers (DCs), especially in the context of data centers supporting virtualized servers known as virtual machines (VMs). A key multi-tenancy requirement is traffic isolation, so that a tenant’s traffic (and internal address usage) is not visible to any other tenant and does not collide with addresses used within the data center itself. Another key requirement is to support the placement and live migration of VMs anywhere within a data center, without being limited by DC network constraints, such as the IP subnet boundaries of the underlying DC network.

This work proposal will develop an approach to multi-tenancy that does not rely on any underlying L2 isolation mechanisms to support multi-tenancy. In particular, the proposal will develop an approach where multi-tenancy is provided at the IP layer using an encapsulation header that resides above IP. This approach should provide an Ethernet service. It may provide an IP service; an important goal is to develop a layer-agnostic framework and architecture that meets data center requirements.

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-nvo3.txt

Outcome: This was a packed meeting with lots of support for adopting this work within the IETF. The chairs presented a well-developed draft charter and there was considerable support for it. Many people indicated they would be interested in actively participating in this work by writing and reviewing documents and there was no dissent. A proposed charter for a WG is now in review.

I2AEX—Infrastructure-to-Application Information Exposure

Description: A non-WG-forming BoF to investigate infrastructure-to-application information exposure and communications requirements in fully controlled (such as  data centers) or partially controlled environments (such as content delivery networks (CDNs)). Application-layer traffic optimization (ALTO) was designed to provide network infrastructure information to applications that may not be under the same administrative control as the network. ALTO only reveals limited information about the network infrastructure. By comparison, other protocols that monitor and manage infrastructure may reveal much more information, but are typically only accessible to the operators of the network infrastructure. CDNs and data center applications have some requirements to operate over the Internet, possibly between administrative domains. ALTO was initially designed to address peer-to-peer application requirements, but it was designed to be extensible. This BoF seeks input from the IETF community about whether ALTO (with possible extensions) or other protocols might be most appropriate to satisfy the information access requirements of CDN and data center applications. As this is not a WG-forming BoF, but an input-gathering exercise, discussion of proposed work in this BoF should not lead to any expectation that any specific proposed work will be authorized.

Proceedings: http://www.ietf.org/proceedings/83/minutes/minutes-83-i2aex.html

Outcome: Operator input indicated that if trust and security issues can be resolved, then they are willing to expose the information to applications. Application developers indicated they are willing to make use of this information. The ALTO model provides a useful abstraction but it is critically missing a publish-subscribe mechanism. There is a choice of protocols that may apply here. Work may proceed in the ALTO WG, or maybe in another venue.

]]> 683 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellows-make-ongoing-contributions-to-ietf/ Wed, 06 Jun 2012 18:16:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=702

The ISOC Fellowship to the IETF Programme provides grants to network engineers from emerging economies to pay for their meeting fees, travel, and other expenses so they can attend IETF meetings. The goal of the programme is to increase the diversity of input to the IETF and to increase global awareness of the IETF.

Increasingly, IETF leaders and WG chairs are seeing a major return on ISOC’s investment, in terms of former ISOC fellows contributing their time and effort towards standards development work.

“We are asking returning IETF fellows to scribe at least two meetings,” said Steve Conte, senior manager of Internet leadership at ISOC. “They are contributing to the overall notes for that day, but it also ensures that they get a lot of out of the meeting by being active and engaged participants.”

Conte said ISOC hopes to see its former fellows make long-term contributions to IETF WGs.

“This is another benefit of ISOC’s Fellowship to the IETF programme,” Conte said. “It is helping to foster ongoing engagement in the IETF by folks from emerging and devel-oping countries.”

For example, Fernando Gont is an ISOC fellow who is making significant contributions to the TCP Maintenance and Minor Extensions (TCPM) WG. Gont is a network engineer from Argentina who has worked on projects for the U.K.’s National Infrastructure Security Coordination Centre (NISCC) and the U.K. Centre for the Protection of National Infrastructure (CPNI) where he has reviewed the IP and TCP protocol specifications from a security perspective.

Michael Scharf, cochair of the TCPM WG and an engineer with Alcatel-Lucent, said Gont has presented this work at three TCPM meetings. “Fernando’s work is very important for improving TCP specifications,” Scharf said. “Fernando authored a quite significant share of the recent RFCs published through TCPM. He is one of only a few TCPM working group contributors who checks the consistency between the TCP standards and what is actually implemented in real-world protocol stacks, in particular regarding security mechanisms. This is important for the IETF since some security mechanisms are not well documented in the RFC series.”

Scharf said Gont has contributed up to seven RFCs through TCPM, all related to TCP security, as well as two individual drafts that fall in the scope of the TCPM WG.

“The ISOC Fellowship to the IETF Programme helped a lot to bring his work to the IETF and to move it forward in the standardization process,” Scharf says. “Fernando is an important contributor to the TCPM working group….As far as I can tell, this fellowship programme significantly supported the recent work performed by the TCPM working group.”

Vinayak Hegde, an ISOC fellow who is a lead architect at Indian mobile advertising firm Inmobi, was an ISOC fellow at three meetings. He regularly contributes to the IP Performance Metrics (IPPM), Content Delivery Networks Interconnection (CDNI) and Benchmarking Methodology (BMWG) WGs.

“I am also part of the recently formed Performance Metrics for Other Layers (PMOL) Directorate and help review drafts which are related to performance measurements from other WGs,” Hegde said. “I also have contributed one draft on HTTP latency measurement. In various IETF meetings, I have scribed meetings of IPPM [IP Performance Metrics], PMOL, CDNi [Content Delivery Networks Interconnec-tion], and JOSE [Javascript Object Signing and Encryption] WGs…I have also contributed to the IETF by talking about the IETF standardization process at SANOG,” the South Asian Network Operators Group.”

Hegde said that ISOC’s fellowship programme has allowed him to connect with many Internet engineering experts from around the world.

“The conversations with people who come to IETF [meetings] have given me new ideas, insights and problem-solving techniques in my regular work,” Hegde said. “Due to my regular participation in the working groups, I have come to know about past and current work in the area of Internet performance. I also realized that you need to have a strong base in statistics and analytics if you [want] to consistently contribute to this area.”

Zartash Uzmi, a professor of computer science and electrical engineering at Lahore University of Management Sciences in Pakistan, said he has benefitted from interacting with the Internet industry at IETF meetings. He has attended three IETF meetings as an ISOC fellow, presenting on an Internet draft at one meeting. He also acted as a scribe for the Forwarding and Control Element Separation (ForCES) WG.

“I am an academic, and there is no greater pleasure than getting your research endorsed by the industry,” Uzmi said. “Being an ISOC fellow provided me the opportunity to discuss and present my work with the practitioners at IETF. I feel enthusiastic in contributing to IETF, and I draw personal satisfaction by doing so.”

]]> 702 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/pilot-ietf-fellowship-programme-for-regulators-sets-solid-groundwork-for-future/ Wed, 06 Jun 2012 20:03:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=807

The programme was a great success for all parties involved. It enabled the participants, who are already experienced in standards development processes, to exchange views with IETF leadership and the Internet Society Board of Trustees, and to network with experts from the Internet technical community in the spirit of collaboration. Their main interests included finding concrete solutions to reduce the price of Internet connectivity in their regions and expanding network access in rural areas. In addition, the programme enabled the IETF leadership to gain a better understanding of the concerns and priorities in developing countries.

The Internet Society plans to build on this pilot by granting fellowships to participants from regulatory authorities, enabling them to attend future IETF meetings. To start, fellowships to IETF 84 in Vancouver, British Columbia, Canada, will be provided to engineers from the Africa, Asia-Pacific, and Latin American regions.

From left to right: Lambert Bouo, Agence des Télécommunications de Côte d’Ivoire; Sally Wentworth, Internet Society; Josephine Adou, Agence des Télécommunications de Côte d’Ivoire; Markus Kummer, Internet Society; Aline N’Dakon, Agence des Télécommunications de Côte d’Ivoire; Pauline Tsafak, Ministère des Postes et Télécoms du Cameroun; Seyni Faty, Agence de Régulation des Télécommunications et des Postes, Senegal; Nicolas Seidler, Internet Society.

]]> 807 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-12/ Wed, 06 Jun 2012 20:05:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=809

• NCRG—Network Complexity

• MOBOPTS—IP Mobility Optimizations

• DTNRG—Delay-Tolerant Networking

• ICCRG—Internet Congestion Control

• SAMRG—Scalable Adaptive Multicast

• CFRG—Crypto Forum

In addition, the Network Management research group (NMRG) met at a one-day workshop on the “Usage of Netflow/IPFIX in Network Management” on the Saturday following the IETF meeting.

Since IETF 82, the Network Complexity research group (NCRG) was chartered. Its first meeting was held in Paris during IETF 83. The NCRG aims to define and analyze the complexity of IP-based networks. Areas of interest include defining “network complexity” and relevant metrics, methods, and ideas to contain, control, or reduce complexity in IP-based networks, as well as collecting use cases regarding specific network designs or failure cases where complexity played a role. The group’s charter is available at http://irtf.org/ncrg.

Also, the Network Virtualization (VNRG) research group has decided to close, due to lack of energy and participation.

On the IRTF RFC Stream, three new RFCs were published since IETF 82, one from the Anti-Spam research group (ASRG), and two from the Host Identity Protocol research group (HIPRG).

No IRTF open meeting was held at IETF 83. The IRTF open meeting is the venue where awardees of the Applied Networking Research Prize (ANRP) deliver their invited talks. Because no ANRPs were awarded for IETF 83, no award talks needed to be scheduled. As announced in the previous issue of this column, the ANRP selection committee has decided to move from a nomination/selection cycle per IETF meeting to a yearly nomination/selection cycle covering all the year’s IETF meetings. Consequently, 2012 is a transition year for the ANRP, and one effect of the transition was the decision to skip the award for IETF 83.

ANRPs will be awarded for IETF 84 in Vancouver, Canada, and IETF 85 in Atlanta, Georgia, U.S.A. The combined nomination/selection cycle for these two IETF meetings in 2012 has begun!

The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. It is supported by the Internet Society in coordination with the IRTF. See http://irtf.org/anrp for details on the award and instructions for nominating researchers for the prize.

Finally, the IRTF has adopted guidelines for handling intellectual property rights in contributions. In a nutshell, the IRTF follows the IETF Intellectual Property Rights (IPR) disclosure rules. Please seehttp://irtf.org/ipr. In summary, the IPR rules for IRTF participants are:

• If you include your own or your employer’s IPR in a contribution to an IRTF research group, then you must file an IPR disclosure with the IETF.

• If you recognize your own or your employer’s IPR in someone else’s contribution, and you are participating in the discussions in the research group relating to that contribution, then you must file an IPR disclosure with the IETF. Even if you are not participating in the discussion, the IRTF still requests that you file an IPR disclosure with the IETF.

• Finally, the IRTF requests that you file an IPR disclosure with the IETF if you recognize IPR owned by others in any IRTF contribution.

In closing, please join the IRTF discussion list (http://www.irtf.org/mailman/listinfo/irtf-discuss) to stay informed about these and other happenings.

]]> 809 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/shooting-around-the-corner-the-problem-of-real-time-services/ Wed, 06 Jun 2012 20:36:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=811

It’s 22:37 in San Jose, California. After a hard day of work, Jack is at home playing a game he has just bought: a first-person shooter game. He is exploring the scenarios and shooting virtually everything that appears in his screen. He spots a running enemy named “Wang” and he shoots. His screen shows Wang falling down.

It’s 14:37 in Tokyo, Japan. Wang is spending his lunch break at school playing the same game. He is running through the same scenario and notices an enemy named “Jack” nearby. He quickly goes around a corner in order to avoid getting shot. But shortly after he has already turned the corner, a message that reads “you are dead” appears in the screen. He gets angry and tells his girlfriend: “Have you seen this? This player is cheating! He’s shot me around the corner!”

The latency problem

What’s the problem? What Jack, Wang, and Wang’s girlfriend are probably ignoring is the real cause of the problem: network latency. The server where they are playing the game is in California, only 80 km from Jack’s house, but 8,200 km from Wang’s school. So the network latency for Jack is very small and mainly due to equipment, whereas Wang’s packets must travel through a submarine cable along the bottom of the Pacific Ocean. Figure 1 illustrates how when Jack shoots, that information quickly arrives at the server, which calculates the result and decides that Wang is dead. But the packet telling Wang’s computer this information takes 150 milliseconds to arrive, due to a number of routers, the access network, and even the speed of light based delay. By the time this information arrives at Wang’s application, he has already hidden around the corner.

Figure 1. Schema of the latency problem for Wang

This is only one example of the Internet’s limitations when dealing with real-time services. The same problem appears in VoIP (voice over IP), remote desktop solutions, video conferencing, and database access, among others.

The Internet was designed as a best-effort network, which does not warrant a maximum delay. This was enough for traditional delay-insensitive applications, such as web browsing, e-mail, or FTP. However, new real-time services are raising the question: Is the Internet adequate for them? Although many quality-of-service (QoS) mechanisms have been specified within the IETF, and used in many network scenarios (such as enterprise intranets), the Internet remains mostly best-effort-(non QoS)-based transport.

The efficiency problem

Another interesting question is related to packet size, which usually ranges between 40—1,500 bytes. Since every packet must include the IP and the TCP or UDP (User Datagram Protocol) headers, we have a simple rule: the bigger the packet, the better the efficiency. Traditional services tend to maximize packet size; since delay is not critical, they can wait until they have almost 1,500 bytes to send. But the problem with real-time services is that the information has to arrive quickly, sometimes with many applications, and sometimes with a fixed cadence. As a consequence, tiny information chunks are sent using a high frequency, which implies very small packets. Figure 2 illu-strates how a packet of 1,500 bytes has an efficiency of 97 percent, whereas a VoIP packet carrying two voice samples of 10 bytes each has its efficiency reduced to 33 percent; in other words, only one out of three bytes is voice information while the others are headers. If IPv6 is used, the problem becomes even worse—20 more bytes are included in the IPv6 header and VoIP small packets’ efficiency is reduced to 25 percent. Logically, the problem is almost negligible for big packets.

Figure 2. The efficiency problem. Note: Packet sizes are to scale.

There is another issue that real-time services have highlighted: The packets per-second limit. Traditional network-equipment-processing capacity was designed to manage a mix of big and small packets (referred to as Internet Mix or IMIX). If the average packet size diminishes dramatically, and the number of packets per second is high, the route lookup function may become a bottleneck in addition to link speed.

Description of some real-time services

In this section we will focus primarily on describing VoIP and online games, as they are the services for which tests have been deployed. Other services, such as remote desktop or video conferencing, could also be considered.

VoIP

VoIP was one of the first widely deployed real-time services. It uses Real-time Transport Protocol (RTP), the IETF protocol designed to deliver real-time content, which uses 12 bytes for protocol header and works over UDP, so the total overhead is 40 bytes for IPv4 and 60 bytes for IPv6. One RTP packet includes a small number of voice samples, which use different voice codecs, some of them having a high robustness to packet loss. Since interactivity is high, retransmission of lost packets is not deployed; the destination application has to deal with packet loss, trying to conceal it. The maximum recommended round-trip delay is around 150 milliseconds.

Online games and virtual environments

Online games are a real-time service in which avoiding delay is critical. Some research has shown that the maximum round-trip delay tolerated by gamers is about 150 to 200 milliseconds. In addition, gamers are extremely fickle: if a game does not work properly, they may leave the server and never return. Games use client-server architectures for many reasons: the convenience of maintaining the consistency of the game, synchronization, cheating prevention, and recording high scores. But the main reasons are commercial: The providers can charge for use or sell the server software.

Different game genres can be distinguished:

• First Person Shooters (FPS): A virtual scenario shared by some tens of players is created. Every player controls an avatar that has to accomplish a mission or kill all the enemies. The weapon can be improved according to the score. The action is fast, and the aim of the player is crucial. Although the sessions may last up to two hours, the game is divided into short rounds, which may be of some minutes. The client application generates high rates of tiny UDP (non-Real-time Transport Protocol) packets, which go to the server. When the new game state has been calculated, it is sent to every player. Depending on the number of surviving players, these packets can be bigger.
• Massively Multiplayer Online Role-Playing Games (MMORPGs): This genre has become very popular, especially in Asia. Some titles have achieved more than 10 million subscribers (e.g., World of Warcraft). They are normally set in magical or historical environments and the player controls an avatar with a long-term life. He obtains better abilities, weapons, and curses by means of missions. Trading is also permitted. The player can connect to different servers, called shards, which are shared by some thousands of gamers. The action is less interactive than in FPSs. For example, in the case of MMORPGs, for purposes of fighting, first you select the enemy with your mouse, and then you may choose the weapon or curse to use against them. Nevertheless, these games can still be considered a real-time service: The speed and the ability of the player are decisive in determining who wins and who loses. The vast majority of these games use small TCP packets, which is surprising, since they are “real-time services” using TCP.
• Real Time Strategy (RTS): In these games, the player creates a city or a civilization, manages the resources, and amasses armies to attack other players and dominate the virtual world. The real-time requirements are looser.
• Sports games: There are a great variety of these types of games. The differences between their network behaviours are big, making it very difficult to establish general rules.
• Some other virtual environments, such as Second Life, also have become popular in recent years. A single server is usually shared by a large number of users.

Although games are real-time services, they do not use RTP to deliver information to the server. Instead, they use bare UDP or sometimes TCP. Also, unlike VoIP, they do not present a fixed-packet cadence; in other words, interpacket time may vary depending on a player’s actions and changes to the game’s environment.

Traffic optimization

Now that we have recognized the two problems, and the kind of traffic generated by real-time services, the question becomes, can we optimize the traffic in order to improve packet efficiency as well as to reduce the packets per second?

The idea of Tunnelling Compressed Multiplexed Traffic Flows (TCMTF)

Multiplexing a number of payloads into a single packet can be seen as a solution for improving network efficiency. If only one flow is present, the number of samples included in a packet can be increased, but at the cost of adding new packetization delays. However, if a number of flows share the same path from an origin to a common destination, then a multiplexer can build a packet in which a number of payloads share a common header. A demultiplexer will then be necessary at the end of the common path in order to rebuild the packets as they were originally sent, thus making multiplexing a transparent process for the two hosts that are exchanging data.

The headers of the original packets can also be compressed in order to save more bandwidth, using one of the header compression schemes defined by the IETF. The headers rely on the fact that many header fields are the same for every packet in a flow. Additionally, they use delta compression in order to reduce the number of bits required by a field; they only transmit the difference between the value of a field in a packet and in the previous one. Bandwidth is saved, but at the cost of the need for storing a series of values, the context, in the compressor and decompressor These store the header fields that are the same for every packet of the flow, and can thus be avoided. There is another counterpart: The possibility of context desynchronization, which would imply bursts of corrupted packets. Nevertheless, modern header compression schemes, such as Robust Header Compression (ROHC), are indeed robust against this.

Logically, a tunnelling scheme will be necessary in order to send the bundle via the public Internet. So we have a global scheme, including tunnelling, header Compressing and Multiplexing Traffic Flows (TCMTF), as shown in figure 3.

Tunnelling, compressing, and multiplexing traffic flows schema

Scenarios in which optimization can be deployed

We can find different network scenarios in which the traffic of a number of flows shares the same path. Figure 4a illustrates an enterprise with a number of offices, in which tunnels can be established for merging VoIP flows (green lines), and also for multiplexing the traffic of a remote desktop application (red lines). For example, the traffic of the users of a game in a town or a district can be  multiplexed by the ISP and sent to the central game server (figure 4b). Internet cafés, a very popular way to use the Internet in developing countries, are also places where people may simultaneously play the same game using the same server. So a tunnel could also be established from the router, or even from the computer of one of the players, to the game server (figure 4c). Another scenario is a satellite link (figure 4d), which may manage the bandwidth by limiting the transmission rate, measured in packets per second to and from the satellite. If small packets are used, this will result in poor utilization of the bandwidth, establishing an upper bound for the number of calls that can utilize the link simultaneously. Multiplexing small packets into a bigger one would improve the efficiency. This may be especially interesting for compressing TCP acknowledgements.

Figure 4a. Scenario in which optimization can be deployed.

Figure 4b. Scenario in which optimization can be deployed.

Figure 4c. Scenario in which optimization can be deployed.

Figure 4d. Scenario in which optimization can be deployed.

Current status and new proposal

The IETF has already tackled this problem for RTP, first with cRTP in 1999 (RFC 2508: Compressing IP/UDP/RTP Headers for Low-Speed Serial Links), which compressed headers across links; then enhanced to work over networks with loss or reordering with ECRTP in 2003 (RFC 3545: Enhanced Compressed RTP (CRTP) for Links with High Delay, Packet Loss and Reordering); and finally with RFC 4170: Tunnelling Multiplexed Compressed RTP (TCRTP) in 2005, which had the main aim of improving the efficiency of multiple RTP streams across a network. This is useful in the scenarios in which many VoIP conversations share the same path: we can do “voice trunking” between two offices of an enterprise, or group a number of conversations of a network provider. TCRTP, approved as a “best current practice,” merged three layers (figure 5): First, RTP/UDP/IP headers were compressed using ECRTP; next, a number of header-compressed packets were multiplexed with PPP Multiplexing (PPPMux). Finally, the bundle was sent using an L2TP tunnel (RFC 2661: Layer Two Tunnelling Protocol).

Figure 5. Protocol stack of TCRTP (left) and protocol stack of TCMTF.

But many things have happened since 2005:

• The outbreak of wireless access networks, which enable people to access the Internet from almost anywhere. These wireless scenarios are prone to packet loss, and may add bigger delays than the ones we can find in wired environments.

• The approval of ROHC (RObust Header Compression) in 2007 as RFC 4995: The RObust Header Compression (ROHC) Framework, updated by RFC 5795: The RObust Header Compression (ROHC) Framework in 2010. This header-compression standard was specifically designed for links with high loss and high round-trip times. It not only compresses RTP, but also IP and UDP. In addition, ROHC for TCP was defined by RFC 4996: RObust Header Compression (ROHC): A Profile for TCP/IP (ROHC-TCP)

• The approval of RFC 5856: The Integration of Robust Header Compression over IPsec Security Associations in 2010 as a framework for integrating ROHC over IPsec (ROHCoIPsec), which targets the application of ROHC to tunnel mode Security Associations (SAs). It reduces the protocol overhead associated with packets traversing between IPsec SA endpoints. This is achieved by compressing the transport layer header and inner IP header of packets at the ingress of the IPsec tunnel, and decompressing these headers at the egress.

• The popularity of many real-time services—online games have become very popular applications. As we have seen, they do not use RTP protocol.

As a consequence, we have considered doing the same thing as TCRTP, but also in cases when real-time flows do not use RTP. We can use ROHC to compress their headers, and do something similar in order to include a number of packets into a PPP Multiplexing (PPPMux) bundle.

Figure 5 illustrates this new proposal, which includes the three layers, but also considers more options: Different traffic types can be used and compressed—TCP, UDP, and also RTP—in the same way it was compressed by TCRTP. The compressing protocol will have to be selected depending on many factors: the scenario, the availability of processing and memory resources, etc. In addition, a null header compression is considered, taking into account that in some cases there may be many context synchronization problems. With respect to multiplexing and tunnelling, other options different from PPPMux and L2TP may also be considered.

Finally, as mentioned previously, in some services, interpacket time is not fixed. So we must define a policy in order to determine which packets are multiplexed in each bundle. We can do that either by defining a fixed number of packets or defining a maximum packet size. Another option is to define a period or a timeout, which may be more adequate for setting an upper bound for the added delay.

Preliminary tests

Figures 6a-c illustrate the savings that could be achieved by TCMTF. (Note: The colors of the headers correspond to the layers in figure 5. Headers and payloads are to scale.) Figures 7a-c show the bandwidth savings that have been obtained for the same services, by means of simulations based on ECRTP (Enhanced Compressed RTP) or IP header compression (IPHC) over PPP, Layer 2 Tunnelling Protocol, Version 3 (L2TPv3) and PPPMux.

Figure 6a. Header compression results: VoIP

Figure 6b. Header compression results: FPS

Figure 6c. Header compression results: MMORPG

In Figures 7a-c we can see the bandwidth saving, measured as the quotient of TCMTF bandwidth divided by the native one. In figure 7a it can be seen that significant savings can be achieved when multiplexing different numbers of G.729a voice flows, depending on the number of flows and on the number of samples per packet (1, 2, or 3 samples, which means 10, 20, or 30 bytes of payload). The savings present an asymptote, which implies that when the number of multiplexed flows is high, the difference will be small in terms of bandwidth.

Tests have also been deployed for an FPS (Counter Strike), which sends UDP packets (figure 7b). The graph shows the bandwidth savings depending on the period and the number of players. If the period is small, the added delays can be kept in the order of 10 or 20 milliseconds, in order not to annoy the players. It must be taken into account that the average added delay is half the period.

Finally, figure 7c shows an example of the gains achieved for an MMORPG—the bandwidth savings are higher than the ones obtained for the FPS, however the number of players and the multiplexing period must be higher. This is not a problem, since the interactivity of these games is not as critical as in FPSs.

Figure 7a. Bandwidth savings for VoIP: G.729a codec with two samples per packet.

Figure 7b. Bandwidth savings for FPS: Counter Strike

Figure 7c. Bandwidth savings for MMORPG: World of Warcraft

Conclusion

Summing up, the TCMTF proposal is able to mitigate the efficiency problem by sharing a common header across multiple payloads. Additional delays will be incurred, but they are small enough that they will not harm subjective quality. As we have seen, being able to both optimize RTP flows and bare UDP or even TCP can save bandwidth and reduce the number of packets per second generated—compelling advantages in the scenarios we’ve illustrated here.

Newcomer Experience: Arranging a Last-Minute Online Gaming Tutorial

By Jose Saldana, University of Zaragoza

IETF 83 in Paris, France, was my first IETF meeting. I enjoyed the Newcomers’ Orientation, where I met many interesting people, and the meeting mailing list, where people asked all sorts of questions from running routes to directions to the Louvre. The variety of these discussions and the wide range of people I met gave me an idea: I offered to host an informal tutorial to discuss the kinds of network traffic generated by online gaming.

I was amazed by the positive response. I worked with the IETF Secretariat to book a room for my tutorial on Tuesday morning just after my presentation to the Transport Area working group (WG). About 25 people attended the 50-minute tutorial that I arranged via email list and coordinated with the Secretariat in only about three hours.

I demonstrated three games and presented some of the traffic optimizations that we’ve studied and are now trying to standardize, including tunnelling, header compression, and multiplexing. We used Wireshark to capture the traffic and saw the different options that game developers use for each genre: UDP for first-person shooter and real-time strategy games, and TCP for massive-multiplayer, online, role-playing games.

I learned from the audience’s questions and comments, and several more requests for tutorials rolled in over the rest of the week. All in all, I was surprised by the speed with which things happen at IETF meetings, and I left the meeting very glad that I decided to stay the whole week.

]]> 811 0 0 0 15539 0 0 15821 15539 112 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/problems-in-low-delay-internet-communication-congestion-management/ Fri, 01 Jun 2012 20:38:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=813

When standard congestion-control mechanisms are used for communications that need low delay, they build up queues in routers and hosts, which may delay a data stream by seconds with little warning; this can be disruptive for real-time media, and can be fatal for low-delay control mechanisms.

There have been some experiments and work in lower-delay congestion control protocols, though none have directly or fully solved the problem. There have been experiments in the Transmission Control Protocol (TCP) space (such as TCP Vegas and Cx-TCP), in User Datagram Protocol (TFRC, DCCP, LEDBAT), and some in Stream Controlled Transmission Protocol (SCTP) (related to the Cx-TCP work).

Due to the increasing need for real-time communication, a number of people are trying to develop standards that will allow appropriate sharing of bandwidth and avoid congestion collapse. This is especially relevant since video and adaptive audio are now often part of media streams, and unlike “classic” fixed-rate VoIP protocols, they can adapt to changing network congestion.

The problem is simple: existing congestion control methods, in particular TCP, are loss-based and, in determining link bandwidth, must force the intermediate routers into a loss state (congestion). For a tail-drop router (the most common), this means maximum delay. If this is a small number of milliseconds (ms), this may not be a problem, but combined with even a hint of BufferBloat1, the delays can quickly make real-time interaction impossible. Delays of 100, 200, 500ms, or even multiple seconds, are possible.

Even algorithms such as LEDBAT2, which was designed as a ‘scavenger’ protocol to make use of ‘extra’ bandwidth while getting out of the way of user-initiated transfers, will engender a typical 100ms of delay in the bottle-neck node, which is problematically high for many real-time applications. For example, the ITU recommends in G.114 (and elsewhere) that one-way-delay (mouth-to-ear) be kept below 150ms for best subjective audio quality3, especially if echo isn’t perfectly controlled. In just one bottleneck node, 100ms is a killer when added to the other delays in a VoIP call. This is especially problematic as LEDBAT flows might be assumed not to interfere with user-initiated VoIP calls; so applications might use them indiscriminately and without user knowledge (e.g., background updates or backups).

An added complication is the need to work correctly in an environment with effective Explicit Congestion Notification (ECN) or Active Queue Management (AQM), which is a focus of efforts to combat BufferBloat.

Current Efforts

There is an effort underway as a derivative of the rtcweb effort (part of the W3C/IETF joint WebRTC project) to develop and standardize congestion control protocols to deal with those problems as best as possible given the need to compete with TCP flows. With tail-drop routers, large TCP flows may always ‘win’ and force the buffers to expand, but there’s little we can do about that unless or until active queue management (AQM) is the norm. About all we can do is mark real-time packets properly so routers have the option of handling them separately from TCP and other loss-based flows. (A number of access routers/modems do this now for many classic VoIP flows). It would be nice if a solution (or solutions) could be found for generic UDP flows, Real-Time Transfer Protocol (RTP) media flows over UDP (which carry some inherent timing information), and TCP/SCTP/etc. flows, though the initial focus is RTP flows.

Other considerations will include interactions with the TCP slow-start algorithm, the impact of probing for bandwidth availability on other flows, and the advantages (or disadvantages) experienced by relatively late-arriving flows.

This effort is underway on the rtp-congestion list4, and a birds-of-a-feather (BoF) meeting is proposed for IETF 84 in Vancouver, British Columbia, Canada, with the goal of chartering a working group (WG) to address this problem. There will also be a one-day IAB/IRTF Workshop on Congestion Control on July 28 in Vancouver. See the notice at http://www.iab.org/cc-workshop/.

There are several proposed ways to attack this problem, though more research and simulation is needed. One approach is from Google for a delay-sensing algorithm that infers the state of the bottleneck router from packet arrival delay deltas. Algorithms in this class are known to work, but their fairness (both with themselves and TCP) and ability to adapt to AQM have not been explored yet. Other options would be to use or leverage Cx-TCP or DCCP. LEDBAT in its current form is probably not an option, but a congestion-control algorithm based on the same principles may be a viable candidate.

One important consideration is to develop a coherent strategy for managing the different classes of flows on the Internet, with smooth-as-possible fallbacks when the preferred solution isn’t available (such as when the bottleneck is a tail-drop router).

A Delay-Sensing Congestion-Control Algorithm

The following is based on draft-alvestrand-rtcweb-congestion5, and is only a high-level description of the actual algorithm. This and other similar algorithms have been in use on the Internet in small amounts since at least 2004.

The basic idea is that we monitor the drift between when a packet was sent and when it was received (one-way-delay). We don’t need to know the actual one-way-delay value (which can be challenging to measure), only changes up or down in the delay value.

An increasing delay (after filtering) implies that the bottleneck node’s queues are increasing in depth. If the flows on the link are relatively static in bandwidth, such as a bandwidth-constrained access link largely occupied by the flow itself, then the signal from the filter will be very clear. More complex environments should show a signal, but the filter may take longer to converge.

Conversely, when the filter shows decreasing one-way-delay, then the assumption is that the bottleneck queues are draining.

This information can be used to estimate the amount of available bandwidth on the bottleneck link, and thereby whether the congestion control algorithm should allow the flow rate to increase, decrease, or remain the same. Other inputs are necessary, such as packet loss, Explicit Congestion Notification (ECN) markings, but these do not yet appear in this draft. Part of the research needed is to determine what the best response to such inputs is.

Unlike LEDBAT and Cx-TCP, there is no explicit nonzero queuing target; this algorithm attempts to use as much bandwidth as possible while keeping the queuing delay at or close to zero. This implies that it can’t be 100 percent efficient, but in a relatively static situation it can come very close. Another research consideration is determining algorithm efficiency in different scenarios, especially nonstatic scenarios and scenarios with larger aggregations of delay-sensing flows on the bottleneck link.

Future Work

There are many areas for useful research and innovation in this area. In addition to adapting existing algorithms to fulfill the need and comparing them, there is significant work to be done in improving these proposals, such as adding loss and ECN support to the Google proposal, developing appropriate startup-time heuristics, methods to minimize the impact on the current and other flows when probing for additional bandwidth, avoiding “swings” in fairness that can cause a major loss of utility (such as for interactive video calls), and many others.

As mentioned, we hope to charter a WG in Vancouver, British Columbia, Canada, and work in it to develop one or more RFCs to address these issues and move existing proprietary and ad-hoc congestion methods into a standardized framework .

References

1. http://www.bufferbloat.net/

2. http://tools.ietf.org/wg/ledbat/

3. http://www.itu.int/rec/T-REC-G.114-200305-I

4. https://sites.google.com/a/alvestrand.com/rtp-congestion/

5. http://tools.ietf.org/html/draft-alvestrand-rtcweb-congestion

]]> 813 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/exploring-ipv6-deployment-in-the-enterprise-experiences-of-the-it-department-of-futurewei-technologies/ Fri, 01 Jun 2012 20:41:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=815

The IT department of Futurewei Technologies, which may be considered the U.S. research and development (R&D) arm of Huawei Technologies, is a good example of a midsize enterprise committed to adopting IPv6 and learning from the transition process. Futurewei is located in Santa Clara, California, U.S.A., and occupies several office buildings with several hundred engineers and staff members. Futurewei manages and operates its own campus networks for daily business needs, and, as a registered U.S. company, operates relatively independently of its parent company, which is headquartered in China.

As part of an ambitious IPv6-enabled next generation campus infrastructure project, the IPv6 transition process began by acquiring dual-stack Internet access and services from Comcast. The IPv6 infrastructure is an overlay logically separated from the existing IPv4 network and is targeted to enable IPv6 transport and services and to effectively explore new concepts in deploying IPv6 in an enterprise environment.

Over the past two years, industry perception about the best practice for IPv6 deployment in the enterprise environment has changed significantly. The core-to-edge approach is viewed as very practical. Tunnelling has fallen out of grace with many IPv6 practitioners, who believe the operational headache is not worth the level of access tunnels provide. More recently, those who have already deployed IPv6 have begun to explore ways to eliminate IPv4 from their environments as soon as possible in order to avoid the costs of simultaneously managing two stacks. In this context, the team at Futurewei is focussed on leveraging recent IETF work to explore deployment options that would improve some of the current best practices.

Environment Setup

The environment architecture reflects the goals and design guidelines of the initiative:

1) enable all employees to have IPv6 access to Futurewei and Huawei Intranet- and Internet-based services;

2) explore practical IPv6 deployment and transition options for medium-sized enterprises;

3) enable employees to innovate and collaborate with external partners;

4) and, enable Huawei product teams to test the implementation of their IPv6 innovations and standards.

The first steps were to acquire IPv6 address space and to enable IPv6 Internet access. The R&D center decided to use provider-assigned address space for this medium-sized organization, as it provides an incentive to explore multi-homing constraints and implications. A native IPv6 link was acquired from Comcast Business Services along with a /48 globally routable IPv6 allocation. The address space was distributed along topological and functional boundaries covering several participating teams and test environments (see figure 1).

Figure 1: Futurewei IPv6 Environment Layout

The campus routing topology is organized as core-to-edge (hub-and-spoke), with emphasis on maintaining an IPv6-only stack for as much of the infrastructure as possible. Such an approach reduces operational costs more than a pervasive dual-stack infrastructure and accelerates the transition to the targeted IPv6-only architecture.

All elements supporting end-to-end services were updated to support IPv6. IPv6 has been enabled on all networking infrastructure elements (switches, routers, wifi gateways, service platforms, such as firewalls, and Integrative Directory Services, or IDS), data center resources (compute, storage, load-balancers), and infrastructure services (Dynamic Host Configuration Protocol—or DHCP—and DNS). Key business and productivity applications have also been IPv6-enabled, and employees are provided incentives to use them over IPv6: email, eSpace, file transfer, messenger, VoIP, and voice conferencing, to name a few. Employees are also provided with native IPv6 Internet access.

The project team is helping employees enable their devices—from laptops to iPads—to use the IPv6 infrastructure. The team conducts regular seminars to provide users with the awareness and knowledge necessary to conduct business in an IPv6 environment, and to stimulate and enable innovation.

The environment is instrumented to monitor utilization of the IPv6 infrastructure and services, and to evaluate user experience. Testing new deployment solutions for IPv6 goes beyond functionality; it collects statistics that enable quantitative evaluations. A virtual team consisting of corporate IT staff and IPv6 project resources operate the environment.

Exploring Carrier-Grade Network Address Translators (CGNAT) as an IPv6 Transition Mechanism in Enterprise Environments

In addition to dual-stack, there are other IPv6 transition mechanisms and technologies that have been or are currently being developed within the IETF, which may be required for business in the near future. With that in mind, the IT engineers developed a practical plan to test running code implemented in compliance with relevant RFCs and IETF drafts, including NAT44, NAT64/DNS64, PCP, DS-Lite, 6rd, multicast transition, extensions to DHCP/DHCPv6, and RADIUS, among others. These tests have contributed to progress within the IETF. In fact, a significant amount of work on and preparation for the Port Control Protocol (PCP) demo at IETF 81 and the IP multicast transition demo at IETF 82 were accomplished by Futurewei IT engineers. In addition, the IT department plans to extend and apply these new technologies to the business. For example, the IPv4-based customer data centre used by the marketing department today will be accessible by IPv6 customers around the world via NAT64/DNS64 installed on the site. Video applications and eSpace will be supported by two or more IP multicast transition technologies to accommodate external IP access from customers, business partners, and Huawei offices in China, as well as other parts of the world.

The CGN plus PCP solution first demonstrated at IETF 81 was tested more extensively in our IPv6 lab environment (see figure 2).

Figure 2: CGN Plus PCP Test Layout

In this transition scenario the core of the network is IPv6 only, enabling native forwarding for IPv6 end-to-end. At the same time, IPv4 access is provided over tunnels. The solution can be considered the opposite of 6PE, in which instead of a Multiprotocol Label Switching (MPLS) core with an IPv4 control plane where IPv6 traffic is tunnelled via MPLS, we have an IPv6 core where IPv4 is tunneled via DS-Lite. This solution can be very appealing to large enterprises having to mitigate a shortage of IPv4 (RFC 1918) addresses. At the same time it reduces the footprint of the infrastructure, no longer having to support two IP stacks per node with the inherent additional operational costs.

This solution was used to demonstrate ubiquitous accessibility of resources, such as FTP services, behind provider translating devices. Vodafone partnered with the Futurewei engineering team to run tests over the infrastructure services that could be enabled by its customers or by client applications that need to receive gratuitous flows.

Use Case: Content distribution over an IPv6-only core.

To support a useful IT environment on an IPv6-only core, the Futurewei IT engineers had to devise a solution for distributing content over multicast. In partnership with the Huawei product teams and associated universities, a translation solution for both control and forwarding planes has been developed and tested in the Futurewei IT environment (see figure 3).

Figure 3: Multicast Test Infrastructure

This solution is related to an emerging body of work on multicast transition in the IETF to which Huawei has given strong support. After two years of development, the general problem statement for this work was recently accepted as a formal mboned working group (WG) draft. The primary focus of this problem statement, and the detailed work programme it lays out, is the distribution of broadcast content by service providers (such as Internet Protocol television, or IPTV), but the results will be equally applicable to the distribution of such content in enterprise networks. The basic issue is that content sources and/or receivers may still support only IPv4. Running the core in dual-stack mode and carrying the content in both IP versions is wasteful of bandwidth. The work in hand will specify the mechanisms required to support IPv6-only multicast distribution in the core network interfacing with IPv4 source networks and/or IPv4 networks or subnetworks at the receiving end.

The work programme needed to meet the objectives is laid out in the mboned document and consists of several parts, as described here.*

• A discussion in the mboned WG about how receivers can acquire the multicast group addresses (and unicast source addresses, in the case of Specific-Source Multicast, or SSM) of the channels in which they are interested in the IP version they can use. This problem is much simpler if the receivers are dual-stack.
• A specification of an IPv6 multicast address format that embeds IPv4 multicast addresses, allowing stateless translation between IPv4 and IPv6 addresses. This eliminates the need to provide coordinated translation tables at multiple nodes if the control or data plane crosses multiple IP version transition points. This is already a chartered mboned work item, but the details are still under discussion.
• A related draft on DHCP provisioning of the IPv6 multicast prefixes used in the stateless translation mechanism. This is a work item in the Softwires WG, supporting operation of multicast consistent with the DS-Lite transition mechanism (RFC 6333) that is being done in that WG.
• A draft on translation between the Internet Group Management Protocol (IGMP) and Multilistener Discovery (MLD), needed in Customer Edge equipment (the “B4”) in DS-Lite environments. This has been submitted to the Protocol Independent Multicast (PIM) WG.
• A draft on operation of PIM routers in dual-stack environments, also submitted to PIM.

*References for drafts related to this work follow this article. They still have the status of individual drafts at the time of writing.

The results of the tests referred to at the beginning of this section were demonstrated at IETF 82.

To ensure that as many services as possible are accessed over IPv6, multicast content is delivered to end users (i.e., multicast listeners) over IPv6. The traffic is transported over the IPv6 infrastructure while translation is used at the data centre edge to enable access to IPv4-only content sources. On the control-plane, listeners use MLDv2, PIM for IPv6 is used for routing over the infrastructure, and PIM for IPv4 is used towards the IPv4-only content sources.

The multicast solution described in combination with the CGN-based IPv6 integration option provides an innovative new approach to IPv6 transition that takes into account recent operational experience (in particular, the idea of operating as much of the infrastructure as possible in IPv6-only mode), as well as standardization developments.

IPv6 Exploration Continues: Future work at Futurewei

The IT department at the Futurewei R&D centre plans to expand upon the solutions evaluated thus far and apply them to larger scale deployments. For example, a project is ongoing to enable IPv6-only hosts to access the IPv4-only data center supporting corporate marketing applications. This solution will test NAT64/DNS64 technologies. Another Futurewei project will enable IPv6 operation for eSpace, Futurewei’s unified collaboration platform that facilitates off-campus, off-corporate network collaboration (see figure 4).

Figure 4: eSpace Unified Communication Target Architecture

The Futurewei team is sharing its lessons learned with the community at large to help both technologists and customers with their IPv6 transition planning. Many of the tests performed continue to support the work done in the IETF by applying new ideas in a real environment.

We thank the following people for their comments and support.

Comcast: Jason Livingood, Kent Porter, David Chai, Frank Rudnick, Yiu Lee, Tim Ruelas

Nephos6: Mo Khalid

Viagenie: Marc Blanchet

Vodafone: Loris Cardullo

SI6Networks: Fernando Gont

Huawei: Frank Zhong, James Huang, Yunshan Zhu, Frankie Zhang, Steve Anderson, Wendell Rios, Kenneth Durazzo, Susan Hares, Daniel Lo

References

draft-ietf-mboned-v4v6-mcast-ps, IPv4-IPv6 Multicast: Problem Statement and Use Cases.

draft-tsou-pcp-natcoord, Using PCP To Coordinate Between the CGN and Home Gateway Via Port Allocation.

draft-ietf-softwire-multicast-prefix-option, DHCPv6 Option for IPv4-Embedded Multicast and Unicast IPv6 Prefixes.

draft-tsou-mboned-multrans-addr-acquisition, Address Acquisition For Multicast Content When Source and Receiver Support Differing IP Versions.

draft-perreault-mboned-igmp-mld-translation, Internet Group Management Protocol (IGMP) / Multicast Listener Discovery (MLD)-Based Multicast Translation (“IGMP/MLD Translation”).

draft-taylor-pim-v4v6-translation, A Translator For Protocol Independent Multicast (PIM) Interworking Between IPv4 and IPv6.

draft-lopez-v6ops-dc-ipv6-01, DC Migration to IPv6.

Deploy360: Helping You Deploy New Technologies Quickly and Efficiently

The IETF creates protocols based on open standards, but some are not widely known or deployed as quickly as we would like. To help bridge this gap between completed standards and real-world deployment, the Internet Society launched its Deploy360 Programme in January 2012.

Deploy360 collects and creates technical resources from industry experts and makes them available in a free and open environment so other organizations can deploy technologies like IPv6 and Domain Name System Security Extensions (DNSSEC) quickly and efficiently. Deploy360 provides case studies, videos, technical documents, tutorials, and more, and continuously spreads this information through social media, speaking engagements, and ION Conferences.

Have you already deployed IPv6 or DNSSEC? 

We can work with you on a case study, tutorial, white-paper, or other resource to help spread your knowledge to those following your lead with their own deployments.

Are you looking to deploy IPv6 or DNSSEC but you’re not sure where to start? 

Visit and explore http://www.internetsociety.org/deploy360 to see what we already have. If you are looking for something specific and it’s not there, let us know by emailing us at deploy360@isoc.org.

The IETF community works hard to finalize standards to help the Internet run better. Now help the Internet Society Deploy360 Programme get real-world deployment information into the hands of the professionals who need to deploy those standards.

To get more involved, email us at deploy360@isoc.org or visit us at http://www.internetsociety.org/deploy360.

]]> 815 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-june-2012/ Fri, 08 Jun 2012 16:35:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1318 Our cover article provides a useful introduction to the important topic of provisioning user identity for online services. As more and more applications and services run ‘in the cloud’, building efficient and scalable infrastructure to support them and lend them increased flexibility is important.

Another question that received renewed attention during IETF 83 is that of congestion control for real-time communication. On page 18, Randell Jesup provides an interesting introduction to the problem space, some of the relevant preexisting work, and one proposal now being discussed.

Jose Saldana had a baptism by fire as a new attendee when he offered a tutorial on online gaming network traffic and found many interested attendees ready to hear him speak. He writes about his experiences and his work on improving efficiency of gaming traffic on page 20.

Also in this issue are our regular columns by the IAB, IETF, and IRTF chairs; coverage of hot topics discussed during plenary meetings; and a piece on the contributions fellows make to the IETF.

As always, we are grateful to all our contributors. Send comments and suggestions for contributions to ietfjournal@isoc.org. And remember, you can subscribe to the hardcopy version or via email at

]]> 1318 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-4/ Mon, 01 Oct 2012 17:59:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1564 ]]> 1564 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/browser-security-many-challenges-some-progress/ Fri, 01 Jun 2012 21:51:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1577 The IETF 83 technical plenary looked into browser security challenges, a timely topic as illustrated by ongoing work in several working groups (WGs) and debates in at least two lunch meetings on issues around web authentication. With a number of highly publicized security incidents in 2011, web security has gotten a lot of attention from the media, politicians, and governments, said Hannes Tschofenig, a member of the Internet Architecture Board (IAB).

“Even my favorite gaming platform, Steam, got hacked—it’s really bad,” said Tschofenig, an engineer who is also a driver of the IAB privacy effort. He also pointed to the fact that many aspects of browser security really require attention outside of the IETF. While the protocol work is done within the IETF and sister organizations like the W3C and its web security- and web authentication-related WGs, there is a longer chain of events that need to happen to ensure secure deployment.

Making Browser Communication More Secure

As Eric Rescorla, a developer of transport layer security (TLS) standards, said, “On paper, web security does not look that bad.” The TLS WG has delivered more than 27 RFCs, and every major browser vendor supports TLS. Yet Rescorla is not at all satisfied with the level of adoption.

The vast majority of web traffic (90 percent or more) is not encrypted. Only approximately one percent of sites offer secure http (https). “That number should be 100 percent, but the hassle of getting https running on a site has driven people away from it,” Rescorla said. He explained that even for the IETF.org site it was impossible to get a certificate working in 48 hours. “If a man with a Ph.D. can’t do this, who can?” he asked. Especially for noncommercial offerings, the cost-benefit analysis can result in deciding against making the effort.

Aside from the complexity of the technology, when https was introduced it sat beside http. At the time, there was a risk that mixed content allowed downgrade attacks leveraging the unfamiliarity of users with https. When users, for example, typed the familiar http string into their browsers and a man-in-the-middle blocked the redirect to https, both partners—user and site—thought everything was all right, when in fact it was not.

Looking toward potentially useful alternatives, Rescorla pointed to having certificates stored in the DNS. This work is being done in the IETF DANE WG. Still, Rescorla advised that existing practices and standards would be here for a long time. Shedding legacy technology is slow and difficult, he explained, as any server that wants to have TLS must possess both credentials—the alternative solution doesn’t offer adopters any quick benefits.

Certificate Mess

Both Rescorla and the Mozilla Foundation’s Tom Lowenthal bemoaned the problems of a fragmented and confusing certification market. According to Lowenthal, fixing cryptography is not the problem; fixing implementation is. Major mistakes, Lowenthal said, are that of the roughly 1,500 certificate authorities many, if not a majority, routinely sign things that are wrong. They issue certificates for names that do not exist (or cannot exist), or for names that are unqualified domain names, such as .mars domains.

Moreover, certificate providers often reside in different regions with different legal or cultural norms. For some, Lowenthal said, it has been okay to intercept secured traffic; in general the whole technology just had that “one little dependency in the middle” that made it completely imperfect in some way. Lowenthal pointed out that he had no real solution for dealing with the problem. Currently, Mozilla is working on an alternative solution for web authentication. For its browser ID concept, Mozilla tries to exclude a middleman, similar to the web ID provider from the architecture.

How to Protect Existing Applications from Security Problems Created by your New App

Web Sockets coauthor Ian Fette, developer at Google for Chrome, reported how engineers tried to fix three kinds of problems detected during the development of web sockets: breach of established security boundaries, cross-protocol attacks, and interoperability issues. To protect (sometimes undocumented) security boundaries, for example between the open and the corporate network sitting behind a firewall, the web socket WG added an “origin header” (RFC 6454: The Web Origin Concept) that allows a check before accepting packets from across the security border.

An additional challenge-response established by the web socket client should help avoid cross protocol attacks. “The web-socket client,” Fette explained, “would send a key that gets hashed and that signals acceptance of the connection response.” Fette also pointed out that despite these measures, many servers passed on requests.

Fette drew several conclusions from the web-socket experience, mainly that developers were “deploying into an environment that had existing security assumptions.” Therefore developers need to protect the existing infrastructures against new attacks enabled by the new protocol.

Transition to Greener, More Secure Fields?

Chris Weber from Casaba Security described what developers were up to in their attempt to secure Web communication. “You pretty much have to be a rocket scientist to get it right these days,” he said. Cryptography, for example, exists on different levels: the transport level, the session level, and the application level.

As Weber explained, if developers miss one tiny thing in complex environments, it can compromise the entire operation. What causes difficulty between the life of a developer and the life of a security evangelist is that all browsers have tiny differences, even in the application of existing standards. “Chrome, Firefox, Internet Explorer, each one implements things a little differently, especially things like URL handling and the way URLs are parsed, the way post messages might be treated or XML is treated,” said Weber. “In addition, implementers  are not delving as much into new standards as developers might hope. Therefore, it could create pain and vulnerabilities.”

Despite all the warnings and all of the problems, PayPal’s Jeff Hodges said the [Internet] world was better off today than it was a few years ago—due mainly to the rise of a multivendor market against an earlier monopoly market that saw a lot of proprietary development. Thanks to the multivendor efforts and the convergence on open standards, many more eyes are looking at the problems, said Hodges. He also spoke about transition, yet underscored that he saw “attack surfaces arguably shrinking.”

World IPv6 Launch, New TLDs, and a New RFC Editor

During the Technical Plenary, ISOC chief Internet technology officer Leslie Daigle described World IPv6 Launch on 6 June, in which participants will make their services available over IPv6 and keep them enabled permanently. “This time it’s for real,” said Daigle, quoting the Launch’s motto.

Newly appointed RFC editor Heather Flanagan provided participants with a look at future work.

With regard to ongoing IAB activities, there was discussion about the recent IAB statement on new generic TLDs and IDN TLDs. According to the IAB, an update of relevant RFCs is needed.

]]> 1577 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/implementing-identity-management-solutions/ Fri, 01 Jun 2012 21:55:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1579

Panel speakers (left to right): Bob Morgan, University of Washington; Michael Jones, Microsoft; Hannes Tschofenig, Nokia Siemens Networks; John Bradley, identity-management expert; Harry Halpin, W3C team member

Editor's note: We are saddened to share that RL "Bob" Morgan, long-time IETF participant and leader in the evolution of digital identity, passed away on July 12th 2012. For more information about Bob's professional achievements and to read or leave tributes to Bob, see: https://spaces.internet2.edu/display/rlbob/

Internet users are clamouring for better and easier ways to ensure the privacy and security of their digital information scattered across websites. Internet standards bodies, including the IETF, are responding to this demand.

The Internet Society held a panel discussion in March 2012 at IETF 83 in Paris, France, about emerging authentication and authorization standards being developed by the IETF, the OpenID Foundation, and the W3C. The panel’s aim was to update attendees on the development of these standards and how they will intersect with each other in commercial implementations.

Lucy Lynch, director of Trust and Identity Initiatives for the Internet Society, led the panel discussion, calling it a “timely” topic because the IETF’s OAuth working group (WG) will soon have two core specifications—for web authorization and bearer tokens—accepted as proposed standards. “I thought this was a good opportunity to look at IETF-sponsored protocols and see what happens when they actually get implemented in the wild," she added.

Bob Morgan, an IT architect for the University of Washington and an initiator of a trust framework for U.S. colleges and universities called the InCommon Federation, says the goal of all of this standards work is to create a framework for “pervasive usable identity.”

“Billions of people have their digital stuff scattered about the Internet. They need to manage it. How do they get to that stuff? How do they control sharing that stuff?’’ Morgan explained. “That’s the infrastructure we are trying to build to enable people to do that securely and with some notion that their privacy is not being totally abused while they do it."

Morgan has been developing authentication technology for 25 years, starting with Kerberos and leading up to Security Assertion Markup Language (SAML). He said the new standards under development by the OAuth WG and the OpenID Foundation are directly competitive with SAML, which is a positive development if they enable new security systems that scale to protect Internet users.

“We’re trying to create an attribute economy, where information about everyone and ultimately about everything can be found from authoritative sources and where there is economic motivation to provide that information with reasonable privacy protections," said Morgan. “We need some great technology to make that vision come true."

Hannes Tschofenig, a network engineer with Nokia Siemens Networks and OAuth cochair, said it has been a positive experience for the IETF’s OAuth WG to interact with industry players who are rapidly developing common-but-proprietary specifications for access control among data-sharing cloud applications.

“Reaching out to those communities is, I believe, a really important aspect that has to go along with the actual technical work,’’ Tschofenig said, adding that those groups have created interesting designs that solve real-world problems. “We still see technical work happening outside the IETF for good reasons."

Michael Jones, a standards architect at Microsoft and editor of several OAuth and OpenID specifications, explained how Facebook, Google, Microsoft, and others designed a simple specification for security tokens that is in the OpenID specification.

“In order for digital systems to act on trust information, they have to have some notion of where they are getting the information from and what it is,’’ Jones said. “What do I mean by a security token? It’s nothing much more than a set of claims that one party makes about a subject. [For example], to do single sign-on, we use a set of particular claims that make assertions about who the party is that’s logged into the system."

Jones said several components of a usable digital identity system—including security tokens, cryptographic signing and public key encryption—are underway within the IETF. “These are all reusable pieces that are each small, easy to build, and easy to use,’’ he said. “Some of this work came out of the OpenID world, where we made a conscious choice that we were building reusable components that we could repurpose. The IETF is a great place to do these general-purpose pieces."

Identity-management expert John Bradley told the panel that the OpenID group tried to integrate its OpenID 2.0 specification with the original OAuth specifications, but that the two specifications were extremely difficult to implement together. Now the OAuth group is reconsidering some issues related to SAML, such as handling structured responses and decoupling the identity provider from the attribute. OAuth also is collaborating with the Kantara Initiative for digital identity, which is building user consent modules allowing separation of protected resources from consent management.

“There are a bunch of different things that have gone into OpenID Connect, with different influences from different sources,’’ Bradley said. “We just got to the ‘implementer’s draft’ stage."

Harry Halpin, a W3C team member, described the group’s efforts to create a common JavaScript cross-browser library for cryptographic permits. The idea for this “Web Security API” stems from a May 2011 workshop that W3C held regarding identity in the browser.

“Currently, OAuth is heavily bound to bearer tokens of [Transport Layer Security] in most implementations, but you could imagine greater and higher security flows built with a PKI infrastructure that would be easier to implement if it were available to the browser,’’ Halpin said. “Putting PKI into the browser is a hard problem, and it is not something that we at W3C have solved. But we hope to include as many experts from the IETF to solve it in cooperation with the browser vendors."

Halpin said the W3C wants to encourage the emerging identity ecosystem.

“The world of identity management is very difficult, very fractured, and very contentious. The situation as it stands today, in which the authentication process revolves around user names and passwords, is not going to stand,’’ Halpin said. “It’s becoming increasingly unsafe to do high-value transactions over the Web…We think our Web cryptography WG will have a definite impact, and I implore everyone who wants to learn more about it to contact [me.]…We want to work with all major proposed authentication mechanisms.’’

In a question-and-answer session following the opening remarks from each speaker, panelists were asked how end-users would know when a particular Web site is acting as their identity provider. Panelists explained that end-users with, for example, a Google account that allows them to log into other sites will have Google as their identity provider. Corporate users, on the other hand, will have IT departments provide an internally managed identity-management system. It is difficult, though, to design a user interface that lets end users know what’s going on behind the scenes with the identity management process.

“There are certain things that are out-of-scope for the W3C, including user experience and user interaction on the browser,’’ Halpin said. “A lot of the hard problems in getting users to understand privacy are going to be out-of-scope of the kind of standards that we normally do. There is a tremendous amount of regulatory [activity] moving at a speed that may be faster than the technical standards bodies.’’

Bradley pointed out that the OpenID Foundation has a WG called Account Chooser, which is working on a standard user interface for Web sign-in that will allow end users to preconfigure various identity providers. “It’s an important thing that when people log into a Web site with their user ID and password, they have…some sense of the information that [data sharing sites] can get about them,’’ he said.

Overall, the panelists were optimistic that the standards under development by various groups including the IETF would help create the underlying infrastructure needed for identity management in the cloud.

“The landscape is moving really rapidly right now, and it seems to be moving in a positive direction that could lead to mass deployment solving a known problem that’s been open for decades,’’ Halpin said.

]]> 1579 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-21/ Thu, 28 Jun 2012 22:05:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1581

IAB Retreat

The Internet Architecture Board (IAB) held its 2012 retreat 10–11 May, in Washington, DC, U.S.A. As in the past, the focus of the retreat was to set the agenda for IAB work in the next year and to review the programmes and initiatives that have been put in place to manage the work. An update on the retreat will be provided in the next issue.

IETF 83 Technical Plenary

The IETF 83 Technical Plenary featured Leslie Daigle, who provided an update on World IPv6 Launch, as well as a panel introduced by Hannes Tschofenig covering Implementation Challenges for Browser Security.1 The panel included Chris Weber, who presented “When Good Standards Go Bad,” an examination of how new browser features can enable attacks that were not possible before; Eric Rescorla, whose presentation, “How do we get to TLS Everywhere?” looked at TLS (transport layer security) deployment barriers; Ian Fette presented “Lessons Learned from WebSockets (RFC6455);” Tom Lowenthal presented “Cryptography Infrastructure,” which addressed issues with the certificate trust model; and Jeff Hodges, whose presentation titled, “It’s Not the End of the World,” offered an overview of both progress over the last decade and current initiatives.

RFC Series

At IETF 83, Fred Baker, chair of the RFC Series Oversight Committee (RSOC) introduced Heather Flanagan, the newly appointed RFC Series Editor (RSE), to the IETF community. Also, the IAB approved publication of RFC Editor Model (Version 2)2 and Independent Submission Editor Model3 as informational RFCs within the IAB stream.

IESG/IAB Statement on IAB Member Roles in Evaluating New Work Proposals

Over the years, questions have been raised about the role of IAB members in evaluating new work proposals. To provide clarification, Spencer Dawkins worked with the IESG and IAB to craft a statement4 that includes the following paragraph:

In providing architectural oversight and guidance for a BoF (birds-of-a-feather), IAB members are rarely speaking for the IAB, because the IAB has rarely determined an IAB consensus position on new work being proposed. Individual IAB members do not have a privileged role in determining whether a BoF will result in a chartered working group. IAB members providing architectural oversight must ensure that their role is not misunderstood by BoF proponents or by the larger community of interest.

Privacy Programme

The Privacy Programme, led by Alissa Cooper, released a questionnaire on IPv6 privacy implementations.5

IP Evolution Initiative

The IP Evolution Initiative, led by Hannes Tschofenig, published the Smart Object Workshop Report6 as RFC 6574.

IPv6 for IAB Business Initiative

The IPv6 for IAB Business Initiative has brought online an experimental audio and web conferencing service operating over IPv6.

Comments on OMB Circular A–119

The IETF and IAB provided comments on OMB Circular A–119 Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities.7

IANA Evolution Programme

On 3 April 2012, Leslie Daigle (Chief Internet Technology Officer, ISOC) and Russ Housley (Chair, IETF) met with U.S. National Telecommunications and Information Administration (NTIA) Administrator Lawrence Strickling relating to the Internet Assigned Numbers Authority (IANA) protocol parameter function. A one-page summary of IETF–IANA oversight,8 written by IETF administrative director (IAD) Ray Pelletier, was left behind. Subsequently, the IANA webpage on the IETF website9 was updated to include pointers to all documents relating to IETF–IANA oversight on the IAB, IETF Administrative Oversight Committee (IAOC), and ICANN websites. With the recent reissuance of the IANA RFP by NTIA,10 the IAB will once again be submitting an ICANN performance evaluation.

ICANN Relations

With respect to ICANN relations, the IAB has replied to ICANN questions11 relating to the IAB statement on Interpretation of Rules in the ICANN gTLD Applicant Guidebook.12

ITU–T Coordination Programme

At the request of the ITU–T Coordination Programme, the IAB has initiated an IETF-wide Call for Comment on IETF and ITU–T Standardization Sector Guidelines.13 The Call for Comment ended 25 May 2012.

IETF/IEEE–SA Coordination

The IAB appointed Dan Romascanu as IETF liaison to IEEE–SA.14 One of Dan’s responsibilities is to coordinate a meeting between the IAB, the IEEE 802 Executive Committee, and IESG, which will take place in the Bay Area of California in the United States in July 2012.15 In March 2013, IETF and IEEE 802 will meet in the same hotel in Orlando in adjacent weeks, so a second meeting will probably be scheduled for that week. Topics for discussion will include a recent liaison from IEEE 802.1 to the IESG suggesting potential areas of coordination16 and discussion of how well the coordination mechanisms described in RFC 444117 have been working in practice.

References

1. Technical plenary materials, http://www.ietf.org/proceedings/83/technical-plenary.html

2. RFC Editor Model (Version 2), http://tools.ietf.org/html/draft-iab-rfc-editor-model-v2

3. Independent Submission Editor Model, http://tools.ietf.org/html/draft-iab-ise-model

4. IAB/IESG statement on IAB Member Roles in Evaluating New Work Proposals, http://www.iab.org/?p=5741

5. IAB Privacy Program releases IPv6 Privacy Questionnaire, http://www.iab.org/?p=5842

6. Smart Objects Workshop Report, http://tools.ietf.org/html/rfc6574

7. IETF and IAB comment on OMB Circular A–119, http://www.iab.org/?p=5837

8. IETF Oversight of the IANA Protocol Parameter Function, http://www.iab.org/?p=5779 

9. IETF-IANA Oversight, http://www.ietf.org/iana.html

10. IANA RFP, https://www.fbo.gov/index?s=opportunity&mode=form&id=72dc5eb7b831f44f5ea...

11. IAB responds to ICANN questions concerning the interpretation of rules in the ICANN gTLD guidebook, http://www.iab.org/?p=5723

12. IAB posts statement: The interpretation of rules in the ICANN gTLD Applicant Guidebook,http://www.iab.org/?p=5631

13. Call for Comment on IETF and ITU–T Standardization Sector Guidelines, http://www.iab.org/?p=5829

14. IAB appoints Dan Romascanu as IETF liaison to IEEE–SA, http://www.iab.org/?p=5681

15. IAB and IESG to meet with IEEE 802 Executive Committee, http://www.iab.org/?p=5793

16.  Liaison to IESG from IEEE 802.1, https://datatracker.ietf.org/documents/LIAISON/liaison-2012-03-19-ieee-8...

17. The IEEE 802/IETF Relationship, http://tools.ietf.org/html/rfc4441

]]> 1581 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-23/ Fri, 01 Jun 2012 22:06:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1583

More than 1,300 people from 56 countries came to Paris, France, and actively engaged in developing the future of the Internet. It was exciting to see so many people collaborating.

IETF 83 was very well attended. Of course, Paris in the springtime is an attractive location, but people came to work with others to make the Internet better for everyone.

Until the last minute, we did not have a host for IETF 83. We held a t-shirt-design contest, and IETF participants selected the winning design. With little time to spare, Cisco stepped forward and sponsored the meeting. Many thanks! Dave Ward was recognized at the plenary meeting on Wednesday for his role in making this happen. He was awarded a “Super Host” cape, which was designed and sewn by Amy Vezza from the IETF Secretariat.

Our sponsors played an important role in making IETF 83 successful. AFNIC, NBCUniversal, Scality, and Tail-f served as meeting sponsors. Orange sponsored the network connectivity. Huawei sponsored the welcome reception. Thanks to all for your support.

Since IETF 82, three working groups (WGs) have been chartered and five have closed—our count remains steady at 115 WGs. Between meetings, the WGs and their individual contributors produced 576 new Internet-Drafts and updated 1,144 existing Internet-Drafts, some more than once. The Internet Engineering Steering Group (IESG) approved 125 Internet-Drafts for publication as RFCs. The RFC Editor published 115 new RFCs.

IETF tools continue to improve. The second major update to the Datatracker was released shortly before IETF 83, providing a major upgrade to the database schema. The new schema allows volunteers and contractors to more easily provide new capabilities. Support for WG chartering and rechartering activities was released in May. A significant enhancement that will allow anyone in the community to track the status of documents of interest will be released by the time this article is published.

There’s been a lot of hype about “big data” on the Internet. Despite the hype, there are some real technical challenges associated with big data, and some people think that the IETF is a good place to tackle them. In my opinion, the IETF is very well suited to address many of them. If you agree, please put forward your ideas for BoFs (birds-of-a-feather meetings) in this area.

IETF 84 will take place in Vancouver, BC, Canada, from 29 July–3 August 2012. Google will be the host. Scheduling information for the upcoming IETF meetings can always be found at http://www.ietf.org/meeting/. I look forward to seeing you in Vancouver.

^{Dave Ward dons a “Super Host” cape, a gift for providing last-minute sponsorship for the Paris meeting.}

]]> 1583 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/corrigenda/ Fri, 01 Jun 2012 22:13:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1589 The article, “Internet Society Announces Winners of Postel, Itojun Awards and Applied Networking Research Prize,” in the last issue of the IETF Journal (Volume 7, Issue 3, pp. 15-16) incorrectly stated that the Internet Society granted the 2011 Itojun Service Award. The Itojun Service Award was established by the friends of Itojun and is granted by an award selection committee. The IETF Journal sincerely apologises to the award committee and Itojun’s family for this error.

The same article failed to recognize the role of the Internet Research Task Force in coordinating and awarding the Applied Networking Research Prize. Again, we sincerely regret this omission.

]]> 1589 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/opus-is-a-model-for-future-ietf-standards-work/ Thu, 01 Nov 2012 15:38:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=283 283 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/regulatory-fellows-attend-ietf-84-in-vancouver/ Sat, 06 Oct 2012 16:21:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=414

Fred Clark, one of the five Regulatory Fellows selected to attend IETF 84, is manager of telephony at the Superintendence of Telecommunications in Guatemala. His technical background is systems engineering, and his main areas of work are telephony, Internet, and universal service. Clark brought more than 20 years of experience in the implementation of software and technology projects in urban and rural environments to his experience as a Fellow. Following, he shares his expectations and the rewards of attending his first IETF meeting. My goal for IETF 84 was to learn all I could about the transition from IPv4 to IPv6, and how Internet standards are made. During the six days of the conference, I learned all that time and my knowledge allowed me to about IPv6—in that regard, my expectations were met 100 percent. In addition, I went there with a point of view that got wider and wider as the days went by and as I was exposed to different meetings and conversations with very fascinating people. I can say now that I came in with a view from a spyglass, and came out with a very rich panorama of the Internet. My time at IETF 84 was an invaluable learning experience that at the end was larger than my original expectations. The opportunity to [attend the meeting in person] was invaluable. It’s very important to learn and experience from the inside how the Internet works, what organizations make it happen, and what is the role of the Internet Society in keeping it the way we know it and use it—in complete freedom, open to everyone, and without any discrimination or prejudice. Without a doubt, those are the characteristics I would like to see and keep for the Internet in years to come. All I would like to add is a wider penetration of the Internet throughout all of our countries, so that we may all enjoy the possibility of learning and growing in an open-Internet world.

]]> 414 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-5/ Sat, 06 Oct 2012 16:25:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=426

• ICCRG—Internet Congestion Control research group
• ICNRG—Information-centric Networking research group (new!)

The ICNRG was chartered following IETF 83, and members held their first official meeting in Vancouver. Information-centric networking is an approach to evolve the Internet infrastructure by introducing uniquely named data as a core Internet principle. Data becomes independent from location, application, storage, and means of transportation, enabling in-network caching and replication. Expected benefits include improved efficiency, better scalability with respect to information and bandwidth demand, and increased robustness in challenging communication scenarios. The ICNRG charter is available at http://irtf.org/icnrg. In addition to the meetings of chartered research groups, a new proposed research group on software-defined networking held an initial, very well attended meeting. Despite a quite broad problem space that will require further refining, the group seems to be on a good trajectory to be chartered. A second, side meeting discussed proposing a research group on energy efficiency. Since IETF 83, two research groups have closed due to lack of energy and participation: IP Mobility Optimizations (MOPOPTS) and Host Identity Protocol (HIPRG). Since IETF 83, no new RFCs were published on the IRTF RFC Stream. The IRTF Open Meeting at IETF 84 was the venue for the first of three Applied Networking Research Prize (ANRP) winners of 2012 to present their research. Alberto Dainotti presented his research into Internet communication disruptions due to filtering. Two additional ANRPs were awarded in 2012, and winners will present their work at IETF 85 in Atlanta, Georgia, U.S.A. The 2013 nomination and selection cycle of the ANRP has already begun. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. It is supported by the Internet Society in coordination with the IRTF. See http://irtf.org/anrp for details on the award and instructions for nominating researchers for the prize. The deadline for nominations for the 2013 cycle is 30 November 2012. Please join the IRTF discussion list to stay informed about these and other happenings. The website is: http://www.irtf.org/mailman/listinfo/irtf-discuss

]]> 426 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/using-json-in-ietf-protocols/ Sat, 06 Oct 2012 16:32:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=442

This increased use by the IETF mirrors a trend in the broader industry. ProgrammableWeb.com keeps a directory of Internet application programming interfaces (APIs). In 2009 they listed only 191 registered JSON APIs.¹ Today, 3,285 JSON APIs are on their registry (compared to 4,543 registered as XML). That’s a pretty good showing, especially considering that XML is more than twice the age of JSON. The juxtaposition of JSON with regard to XML was probably best put by James Clark, technical lead of the W3C Work Group that created XML 1.0, in a 2010 blog post:² “I think the Web community has spoken, and it’s clear that what it wants is HTML5, JavaScript and JSON. XML isn’t going away but I see it being less and less a Web technology; it won’t be something that you send over the wire on the public Web, but just one of many technologies that are used on the server to manage and generate what you do send over the wire.” In other words, JSON will not replace XML, but a lot of the structured data communications in which XML was once the only consideration will eventually migrate to JSON. While a lot can be said for the heft of XML complexities contributing to this trend, a better explanation of JSON’s popularity is that it is simply simpler than XML. After all, the abundance of XML technologies did not inhibit XML adoption before JSON came on scene—by any measure, XML is a success. But JSON is a simpler solution to a subset of the problems solved by XML—and that subset is a rather large one. JSON’s simplicity comes in two forms: the rules for serializing JSON data, and the interfaces for parsing JSON data, particularly in today’s more-popular, dynamic languages. Unlike XML, JSON serialization and parsing rules are fairly simple. JSON data is composed of objects, which, in turn,  have members, and arrays, and the more primitive types, string, boolean, number, and null. They possess neither mixed content nor metadata structures. And they contain no processing instructions or character entity references—no facility at all for commenting. Thanks to these basic differences, the API in many programming languages can also be quite simple. Because there is no need to account for mixed content, processing instructions, and the like, many dynamic languages easily map JSON data into their native object and array constructs—resulting in seamless access to both JSON-rendered data and the other program’s data. For many programmers, outside of a parse command, there appears to be no JSON API.

The Devil Is in the Details

As with any technology, the lure of simplicity and the need for features is a function of the problem being solved. Any specification activity looking at JSON should evaluate the following issues. JSON Is Not JavaScript. Though widely known, sometimes it bears repeating. JSON is a language-independent data format. That said, understanding JSON’s heritage is important for two reasons.

• The constructs of JSON objects and arrays follow JavaScript semantics. Members of JSON objects are considered unordered; no member should be repeated within an object (this may not produce an error, but the behavior is dependent on the parser’s implementation). Arrays, however, are considered ordered collections of values.
• Although JSON is not JavaScript, it is valid JavaScript syntax. Therefore, for security reasons, JSON parsers should take precautions against JavaScript embedded in JSON data (e.g. JavaScript engines should not simply parse JSON using the eval function), and serializers should prevent the injection of JavaScript into JSON data.

Character Set Support. JSON is strictly Unicode; protocols relying on non-Unicode encodings will be incompatible. This is not generally a problem, but does contrast with XML, in which US-ASCII, ISO-8859-1, Shift_JIS, Big-5, GB, and other character sets can be explicitly specified. Mixed Content and Markup. Another contrast with XML is JSON’s lack of mixed-content support, whereby data-format syntax can be intermingled with message text. This is what makes XML ideally suited for markup and annotating text with metadata. For those purposes, JSON is a poor choice. Schemas. There is no one standardized schema language for JSON, although several are presently in the works (including one by this author). The need for a JSON schema language is controversial—JSON is regarded by most as simple enough on its own. Indeed, there is no shortage of JSON-based interchange specification making due without schema formalism. The inherent complexity of a generalized schema language may also be unnecessary. The Application-Layer Traffic Optimization (ALTO) working group has created a simple schema language for JSON based upon the C programming language’s struct syntax—an approach that sufficiently covers all ALTO needs. But the significance of JSON Schema should not be understated. While JSON Schema is not yet an IETF proposed standard, it has been used in the specification of many private, JSON-based protocols. Namespaces. JSON does not (yet) have a standardized, namespace specification. A few have been proposed, but none have gained significant traction. Many JSON specifications have no need for a namespacing system—nor for the complexities that come with a federated namespacing system. One example is the Web Extensible Inter-net Registry Data Service working group, which has developed a simple prefix rule for JSON names to avoid collisions between names in standardized specifications and custom extensions. Performance. The needs of a protocol are often dictated by performance, of which there are multiple aspects. Common wisdom holds that JSON is less verbose than XML, resulting in smaller payload sizes and needed memory. But JSON is also considered to be faster than XML. A study conducted at Montana State University³ that modeled the transfer of data over a network found that in some scenarios JSON could be 41 times faster than XML—and consume noticeably less CPU time and memory. The types of APIs available can also impact performance. Particularly for applications with large datasets in which an in-memory, tree-node API would consume too many resources. For years, XML benefited from the quasi-standard SAX specification, an event-based API for consuming XML. JSON parsers with similar concepts are now available: Jackson, LitJSON, YAJL (its various language bindings), and GSON, to name a few. Normative Reference. No discussion about using JSON in IETF protocols is complete without noting that the JSON-defining document, RFC 4627, is published as an Informational RFC. Because JSON plays such a pivotal role in IETF standards, there are discussions of moving JSON into the standards track. Until then, RFC 4627 is listed in the DOWNREF registry⁴ and can be used as a normative reference. References to ECMA’s ECMAScript Language Specification also are unnecessary as a normative reference, as the ECMAScript 5.1 Edition⁵ normatively refers to RFC 4627 with slight differences called out.

An Eye to the Future

With the aforementioned considerations in hand, one must recognise those IETF activities in the area of JSON infrastructure: the Applications Area working group (APPSAWG) has discussions from time to time regarding JSON Schema (and other JSON schema languages) and is currently working on JSON Patch and JSON Pointer, specifications for referencing values in a JSON document and for applying changes to a JSON document with HTTP PATCH. In addition, the Java-script Object Signing and Encryption (JOSE) working group is tasked with developing cryptographic integrity and encryption specifications for JSON. As it is the broader trend in the computing industry, one should expect to see more JSON RFCs from the IETF—both as client standards and as building blocks for JSON-based stacks.

References

1.         “The Stealthy Ascendancy of JSON,” Lori MacVittie, F5 DevCentral,https://devcentral.f5.com/weblogs/macvittie/archive/2011/04/27/the-stealthy-ascendancy-of-json.aspx 2.         “XML vs The Web,” James Clark, James Clark’s Random Thoughts,http://blog.jclark.com/2010/11/xml-vs-web_24.html 3.         “Comparison of JSON and XML Data Interchange Formats: A Case Study,” Nurzhan Nurseitov, Michael Paulson, Randall Reynolds and Clemente Izurieta,http://www.cs.montana.edu/izurieta/pubs/caine2009.pdf 4.         DOWNREF Registry, http://trac.tools.ietf.org/group/iesg/trac/wiki/DownrefRegistry 5.         “ECMAScript Language Specification, 5.1 Edition,” ECMA-262, June 2011, http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf

]]> 442 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/moving-toward-a-censorship-free-internet/ Sat, 06 Oct 2012 16:34:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=472 1

Bits moving across the Internet are vulnerable to surveillance and censorship on an unprecedented scale. Today, both Internet providers and governments possess the ability to monitor the moves of their digital citizens from central infrastructure points—an ability that creates significant potential for abuse, and a threat that goes beyond the scope of mere monitoring or filtering.

Lessons Learned from the Arab Spring

Although Internet kill switches do not exist, governments have demonstrated their ability to disable communications networks in times of crisis. During the 2011 Arab Spring, Egyptian authorities demanded that telecommunication companies sever their broadband connections and mobile networks—both local and European operators were forced to comply, and, as a result, digital Egypt vanished. Despite the country’s decentralized infrastructure, an Internet blackout was relatively easy to carry out. The roles—and consequences—of social media (e.g., Facebook and Twitter) during that same period further illustrate the capacity governments have for Internet censorship and the challenges activists face in combating it. The April 6 Youth Movement from Egypt committed digital dissent in full public view. According to The New York Times,² the movement “provided a structure for a new generation of Egyptians, who aren’t part of the nation’s small coterie of activists and opinion makers, to assemble virtually and communicate freely about their grievances.” But moving protest organizations to social media not accessible to the public-at-large can hold surprising risks. On the ground, the movement’s strike organization and protests in Facebook groups, many with thousands of followers, triggered arrest and imprisonment. Protesters in other countries quickly took note of Egypt’s lesson and disabled their public Facebook profiles. In response, one government initiated social media searches on incoming, young, plane travelers by forcing them to login to Facebook upon arrival, thereby revealing online activities and any antigovernment sympathies.³

Is there a Role for the IETF?

What happened in Egypt underscores how essential it is that IETF participants fully and comprehensively understand the entire Internet ecosystem when considering the question of a censorship-free Internet. Both government-regulated Internet and public discussions have risks. Should the IETF engage in this very political aspect of the Internet? Or are there other organizations better equipped to deal with it? Room consensus quickly moved toward the importance of documenting censorship models and assessing the need for new technology—using the Arab Spring scenario as inspiration. At IETF 85 in Atlanta we hope to present an improved Internet Draft detailing the scenario and how social networks, microblogging, and camera phones proved essential for a new generation of Internet users.

Getting Around Censorship

The onion routing technology in Tor has proved itself over the past 10 years as an effective tool against censorship. The technology’s anonymity, unlinkability, and unobservability have made it popular—numerous users are willing to accept it’s slower browsing experience in exchange for it’s privacy-enhanced web access.⁴ But onion routing alone cannot overcome the threat of government-imposed Internet shutdown. The challenge is to design a censorship-free Internet sustainable even when an adversary controls the underlying infrastructure. As early as 2006 it was reported that individuals in wide swathes of the Arab world were using Bluetooth technology to bypass police restrictions. According to news reports,⁵ communication between men and women in this region, in extreme cases referred to as dating, had been made possible by cellphone technology. When Bluetooth-capable phones are in close proximity, they can engage directly in digital and social chatter—no other infrastructure is needed. Moreover, when sharing photos or bandwidth-hungry videos with friends it also pays to be close. Government provided cellphone networks might not be filtering you, but can still be dreadfully slow. It therefore pays to use cell phones’ Bluetooth-based, direct file-transfer features—and it comes as no surprise that wireless-transfer apps have seen millions of installs. A query of Google Trends for the phrase Bluetooth transfer reveals a geographical spread of this interesting social phenomenon. Below is a list of countries ranked according to search volume.⁶

1. Philippines
2. India
3. Pakistan
4. Singapore
5. Malaysia
6. United Arab Emirates
7. Hong Kong
8. Indonesia
9. South Africa
10. Iran

It seems millions of mobile phone owners are already employing the social practice of wireless data exchange. The Musubi smartphone app represents another key, censorship-free, technology advancement. Developed at Stanford University, it offers instant messaging service and media sharing capabilities similar to WhatsApp, Ping, and Blackberry Messenger. What makes it unique is that all data and processing resides on the smartphones, not in the cloud. This decentralization removes the need for central processing and provides significant decoupling from the underlying infrastructure. Exchange of cryptographic keys is integrated in the friending process—Musubi essentially builds a decentralized social graph. But Musubi is also limited—all data transfers go through central servers, as it lacks NAT-traversal capability. A more general solution is found in delay-tolerant networking (DTN) technology, which uses a simple store-and-forward primitive to communicate over heterogeneous links. Mobile ad hoc networks have been studied within the Internet Research Task Force (IRTF) since 1997 and we hope that much of that knowledge can be reused, despite our scenario differing slightly from DTN (as being investigated by the IRTF [RFC4838]). The DTN focus is on finding routes to an explicitly given destination, usually by maintaining routing tables. As our earlier Bluetooth-based filesharing example showed, dissemination in the Arab Spring scenario is likely to involve an explicit copy between people who trust each other. Microblogging proved to be a vital tool in the Arab Spring. Several research groups investigated Twitter-like services without the need for central servers. According to one Twitter investor and former engineer, “Done right, a decentralized one-to-many communications mechanism could boast a resilience and efficiency that the current centralized Twitter does not. Decentralization isn’t just a better architecture, it’s an architecture that resists censorship and the corrupting influences of capital and marketing. At the very least, decentralization would make tweeting as fundamental and irrevocable a part of the Internet as email.”⁷ The Twimight project by ETH-Zurich university shows that decentralized microblogging already exists. Researchers developed an Android application that uses Twitter servers in normal conditions, but switches to a Bluetooth-based disaster mode when Internet connectivity is lost.

Censorship-free technology also have arisen from within the IETF

A voice-over-IP protocol using peer-to-peer technology and using a distributed hash table (DHT) for scalability has been standardized. Unfortunately, DHTs are notoriously difficult to secure. The peer-to-peer streaming protocol (PPSP) working group in the transport area developed a serverless video streaming protocol, using Bittorrent-like swarming. Pioneer Research UK showed a fully functional set-top box using this new draft protocol with support for both live streaming of BBC feeds and video-on-demand playback at the IETF’s recent meeting in Paris. Currently an open source PPSP implementation is available for Android which integrates with Twitter. By tweeting links such as ppsp://2b2fe5f1462e5b7ac4d7, it is now possible to augment a Tweet with eyewitness video footage. This architecture has interesting anti-censorship properties, as it is free from DNS, HTTP, or any other server infrastructure. The SHA1 hash part of this URI is used to find peers in a low-latency DHT, which are then used to stream video in peer-to-peer fashion.

A Powerful Adversary

We must assume from the Arab Spring scenario the existence of a powerful adversary. The following threats⁸ have been identified for similar circumstances:

• The adversary can observe, block, delay, replay, and modify traffic on all underlying transport. Thus, the physical layer is insecure.
• The adversary has a limited ability to compromise smartphones or other participating devices. If a device is compromised, the adversary can access any information held in the device’s volatile memory or persistent storage.
• The adversary can choose the data written to the microblogging layer by higher protocol layers.
• The adversary cannot break standard cryptographic primitives, such as block ciphers and message-authentication codes.

The advances listed previously indicate the wealth of experience, related technologies, and available building blocks that an IETF initiative could use to work toward a censorship-free Internet.

References

1.         http://tools.ietf.org/html/draft-pouwelse-censorfree-scenarios-01 2.         http://www.nytimes.com/2009/01/25/magazine/25bloggers-t.html 3.         http://online.wsj.com/article/SB125978649644673331.html 4.         http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5569995 5.         http://www.washingtonpost.com/wp-dyn/content/article/2006/08/05/AR2006080500930.html 6.         http://www.google.com/trends/?q=bluetooth+transfer 7.         http://al3x.net/2010/09/15/last-thing-about-twitter.html 8.         https://fulpool.org/btp.pdf

]]> 472 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/software-defined-networking-efforts-debuted-at-ietf-84/ Sat, 06 Oct 2012 16:39:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=482

Demonstrations at the Bits-N-Bites session of the IETF 84 meeting in Vancouver, Canada, featured the framework of a software-defined networking (SDN) solution suitable for the telco environment, as well as new proposals such as an SDN northbound interface for the coexistence of SDN with application-layer traffic optimization (ALTO) and the application of ALTO in an east-west interface interconnecting SDN controllers. SDN is a hot topic these days, as illustrated by Monday’s plenary discussion and the incredibly crowded SDNRG BoF at the IETF 84 meeting. SDN allows separation of the control plane and the data plane in network equipment, whereby the control plane is implemented in software in a logically centralized manner, and the data plane is implemented in commodity network equipment. OpenFlow is a leading enabler of SDN architectures. As a slightly more mature topic, ALTO has an established IETF Working Group of its own. ALTO provides applications with information to, for example, perform better-than-random initial peer selection, and its services may take different approaches, including maximum bandwidth, minimum cross-domain traffic, and lowest cost to users. The ALTO information and services could help network applications to optimize application-layer traffic and to improve the performance of both the network and applications. The demonstrations were based on two Internet Drafts: The SDN+ALTO draft1 (draft-xie-alto-sdn-use-cases) describes architectures for the coexistence of SDN and ALTO. The SDNi draft2 (draft-yin-sdn-sdni) proposes SDN interconnectivity and message exchange among multiple SDN controller instances within the scope of a single administrative domain. The SDN+ALTO draft focuses mainly on interacting with an ALTO server to provide SDN-specific network state information and to provision the network in a more efficient and optimal manner. However, network provisioning through SDN+ALTO only may be difficult due to challenges such as granularity, scalability, and real-time issues. These difficulties could be addressed via the approach proposed in the SDNi draft.

SDN Domains: Partitioning the Control Plane

Both drafts emphasize the new concept of SDN domains, which was introduced to support the need for partitioning a network control plane among different controllers within an administrative domain. An SDN domain can be defined as the portion of the network (a “subnetwork,” although not necessarily in the traditional IP-oriented sense) being managed by a particular SDN controller. Figure 1 shows an example of this concept. Among the reasons for introducing the concept of SDN domains we can emphasize:

1. Scalability. Because the number of devices an SDN controller can feasibly manage is likely to be limited, a reasonably large network may need to deploy multiple SDN controllers.
2. Privacy. A carrier may choose to implement different privacy policies in different SDN domains because, for instance, an SDN domain may be dedicated to a set of customers who implement their own highly customized privacy policies requiring that some networking information in this domain (e.g., network topology) should not be disclosed to an external entity.
3. Incremental deployment. A carrier’s network may consist of portions of legacy and nonlegacy infrastructure. Dividing the network into multiple, individually manageable SDN domains allows for flexible incremental deployment and a more-seamless network evolution.

There are many other reasons for partitioning a network using the concept of SDN domains. For instance, if an SDN controller is used to manage a certain portion of the network, losing connectivity between the controller and the network could result in outages (or reduced service); this mandates locality between the controller and the network under its control in order to minimize the risk of network problems causing more network problems. Additionally, large amounts of mergers among companies introduce the need to interconnect data centers, and in many cases a certain customer will deploy its services on multiple data centers from multiple providers. In these cases, the data centers will be SDN managed in the near future, thereby requiring SDN interconnection Figure 1. Example of SDN Domains In the demonstrations, a simple network topology was used to illustrate these key ideas. The topology consisted of three infrastructure nodes and two SDN domains, as shown in figure 2. All three nodes supported OpenFlow 1.0 and were SDN-capable. Node-1 and Node-2 were 1 Gbps switches based on the BCM5662 chipset, and Node-3 was a Huawei NE40E-X3 router. The two SDN domains are labeled SDN-1 and SDN-2. Domain SDN-1 consisted of only Node-1; domain SDN-2 consisted of Node-2 and Node-3. Each of these two SDN domains had its own SDN controller managing the corresponding nodes. An ALTO client was integrated with each of these two SDN controllers, and to simplify the demonstration configurations, an ALTO server was collocated with Node-2, and a VLC video server was collocated with controller SDN-1. The demonstration showed three video streams corresponding to three network flows, from the video server to three clients connected to Node-2. Figure 2. Demonstration Setup

SDN+ALTO: A Northbound Interface for the Coexistence of SDN and ALTO

In a network where SDN and ALTO both operate, a northbound interface is needed to support their coexistence. In draft-xie-alto-sdn-use-cases, the authors propose that SDN controllers become a special type of ALTO client in the following ways: 1. SDN controllers feed the ALTO server with SDN-domain-specific and possibly aggregated network information, policed by the specific privacy policies that are enforced by the corresponding SDN domains. The draft does not specify what specific protocol the SDN controllers should use to export information. Some protocol drafts (e.g., BGP-LS3) could be applicable for this purpose, however, the privacy policy, which governs how network information should be aggregated before exporting to the ALTO server, could be difficult to integrate with BGP-LS unless the latter is significantly improved by explicitly allowing the implementation and execution of foreign privacy policies. 2. SDN controllers obtain key SDN-domain-specific information from the ALTO servers in order to manage the whole network. Key information obtained from ALTO must be customized specifically for SDN and SDN domains, since the SDN controllers cannot use the vanilla non-SDN-domain-specific ALTO information directly. For example, an SDN controller needs a network cost map or end-point ranking that is specific to the controller’s SDN domain. More important, the SDN controller may require key information, such as a set of SDN-domain-level paths, in order to correctly and fully utilize the cost map or end-point ranking. In non-SDN environments, ALTO clients likely do not have the ability to choose routes, therefore cost maps need not come with any path information. However, in SDN-enabled networks, SDN controllers are special infrastructural ALTO clients that are able to—and should—choose routes. In this scenario, cost map (or end-point ranking) by itself without any path information is not very useful. In the demonstration for SDN+ALTO coexistence (see figure 3), three flows—gold, silver, and bronze video streams—were injected into the net-work one by one. Controller SDN-1 obtained cost maps or ranking information from the ALTO server and decided which path should be set up for each flow. According to the information returned by ALTO, the upper path (Node-1 to Node-3 to Node-2) was set up for the gold flow, while the lower path (Node-1 to Node-2) was chosen for the silver flow and the bronze flow. There are many possible reasons for this flow assignment, including engineering the traffic to minimize the maximum number of link utilizations (putting the silver and bronze flows together minimizes the maximum of aggregated flow rates on the two paths); or the existence of transient flows consuming a significant portion of the capacity on the upper path when assigning the gold flow (necessitating that the silver flow be assigned on the alternative path, however, the transient flow may disappear after the assignment).   Figure 3. SDN+ALTO Demonstration In the demonstration, assigning the silver and bronze flows to the lower path caused congestion on Node-2. The congestion may have been a result of background traffic on the link between Node-1 and Node-2. Such background traffic may have existed before or after setting up paths for the two flows. In both cases, controller SDN-1 as a client of ALTO was not able to receive the most up-to-date information from the ALTO server, because ALTO only provides coarse-grain, nonreal-time cost maps or ranking services. As a result, the video quality of both the silver and bronze streams was severely degraded. This demonstration suggests that with ALTO alone as the source of network information for SDN, network performance may suffer—the coarse granularity of ALTO is not sufficient for SDN to operate on the fine granularity of network flows. Clearly, we need other mechanisms (e.g., SDNi) to solve such problems.

SDNi: An East-West Control Plane Interface for SDN Controllers

Multiple SDN controllers are likely to be deployed in a reasonably large network administrative domain; interconnecting these controllers in order to share information and coordinate their decisions becomes inevitable—and a key factor for success. In draft-yin-sdn-sdni, the authors propose a protocol framework called SDNi to interconnect SDN controllers. This draft describes the inter-faces for exchanging information among multiple SDN domain controllers and the benefits of coordinating network provisioning using SDNi. The SDNi demonstration shown in figure 4 illustrates this framework. Besides interconnecting multiple controllers, SDNi also allows them to share control-plane network information and coordinate their decision-making processes. Figure 4. SDNi Demonstration In this case, when congestion happens, Node-2 detects and reports the congestion information to its controller, which again shares this information with controller SDN-1. On receiving the congestion report through SDNi, controller SDN-1 can then recover from the congestion by rerouting the flows. More specifically, the silver flow is shifted from the lower path to the upper path. After this shift, the video quality of both silver and bronze flows is significantly improved.

Feedback and Conclusions

The new proposals for SDN evolution described in the two drafts mentioned previously were demonstrated during the Bits-N-Bites session in what we believe is the purest IETF style: running code. Demonstrating via the archetypal video streaming service, the Telco SDN framework, as well as the innovations on the northbound and east-west interfaces in the SDN architecture, provided a win-win solution for network carriers and Internet content providers. In particular, SDN+ALTO achieved goals such as flexibility, privacy preservation, and independent evolution; SDNi provided an approach to partitioning a network administrative domain and to interconnecting islands of SDN domains to form a coherent network. The commitment and effort it took to put on the demonstrations were acknowledged and appreciated by many IETF participants. Russ Housley, IETF chair, said to Tina Tsou “I saw people at your table all evening. Thank you very much for your contribution to the IETF.” IETF Participants from network carriers such as KDDI commented that it was great to see an initial effort of SDN solution done in IETF while most of the people were still talking about SDN in slides, and that they’d like to see more developments in this area. Said Raquel Morera from Verizon, “we’re interested in SDN and in following developments in the area.” The contributors to the demonstrated draft and the demonstration itself included (alphabetical within each institution): Telefonica: Pedro Andres Aranda, Diego Lopez Huawei Technologies: Weiqian Dai, Ritesh Mukherjee, Tina Tsou, Haiyong Xie, Ken Yi, Hongtao Yin Contextreme: Ron Sidi Alcatel-Lucent: Vijay Gurbani

References

1.         H. Xie, T. Tsou, D. Lopez, H. Yin, and V. Gurbani. Use cases for alto with software defined networks. (IETF Internet-Draft), draft-xie-alto-sdn-extension-use-cases-00, 2012. 2.         H. Yin, H. Xie, T. Tsou, D. Lopez, P. A. Aranda, and R. Sidi. SDNi: A message exchange protocol for software defined networks (SDNs) across multiple domains. (IRTF Internet-Draft), draft-yin-sdn-sdni-00, 2012. 3.         H. Gredler, J. Medved, S. Previdi, and A. Farrel. North-bound distribution of link-state and TE information using bgp. (IETF Internet-Draft), draft-gredler-idr-ls-distribution-02, 2012.

]]> 482 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2013/ Fri, 01 Mar 2013 16:38:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=495 th meeting of the IETF with many attendees arriving via Hartsfield-Jackson airport, the busiest airport in the world. In this issue of the IETF Journal you’ll find a roundup of some of the discussions and people that helped make this particular meeting so great. Our cover article delves into what some would call the bread and butter of IETF processes—verifying the quality of a technology’s standardised specification (in this case, NETCONF) by demonstrating the interoperability of multiple independent implementations. Interoperability testing is also the subject of our article on Lightweight 4over6. Lightweight 4over6 is a less mature technology than NETCONF, but the article demonstrates the eagerness with which IETF participants code up their ideas to demonstrate practical utility and well-defined specifications. We also present articles on the winners of the 2012 Itojun Service Award and the Internet Society panel event that debated the future of the mobile Internet. Of course this edition wouldn’t be complete without our regular columns from the IETF, IAB, and IRTF chairs, and coverage of hot topics discussed during the plenary meeting. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available at http://wiki.tools.ietf.org/area/int/trac/wiki/IETF85. As always, we are hugely grateful to all our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. And remember, you can subscribe in hardcopy or via email athttps://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription]]> 495 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipso-alliance-successfully-demonstrates-internet-of-things-interoperability/ Sat, 06 Oct 2012 16:40:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=500

Colocating the Interop with the IETF made it possible to provide direct feedback to engineers working on the various Internet Drafts. In addition, we were able to leverage the vast experience, knowledge, and support of the IETF network operations center (NOC) team for network configuration and management. IPSO has held six interoperability events since its conception in 2008. The purpose of these events is to provide developers an opportunity to come together in a vendor-neutral setting and learn from one another about implementation issues for the various protocols. Afterward the Alliance and the vendors provide feedback to the IETF about inconsistencies in the Internet Drafts or RFCs. A number of issues related to early versions of RPL were communicated back to the Routing over Low Power and Lossy Networks (ROLL) working group in order to improve the developing drafts. At this latest event, the participants demonstrated Internet of Things interoperability using the current  IPv6 and Web standards developed for machine-to-machine (M2M) devices and cloud services that will be used in connected home, building automation, lighting, and smart-energy related applications. The event showcased Web-enabled smart objects from multiple vendors, each exchanging application payloads in an interoperable manner based on the IPSO application framework. The IPSO Application Framework, which is available at the IPSO Alliance website (www.ipso-alliance.org), defines a representational state transfer (REST)ful design for use in IP smart objects for M2M applications. It identifies a set of REST interfaces that may be used by a smart object to represent its available resources and to interact with other smart objects and backend services. It has been extended to cover a wide range of use cases and to more precisely describe the parameters of the smart objects involved in this Interop during IETF 84. This template enabled participants to interact seamlessly between devices located at the Interop in Canada and remotely in Finland, France, Sweden, and the United States via a cloud-hosted application. During the three-day event, eight IPSO member companies participated in the Interop, including ElectroTest Sweden AB, Ericsson, Nivis, Nokia, Proto6, Sensinode, Sensus, and Watteco. Some of the devices tested included electric meters, edge routers, and numerous types of home and building sensors and controllers, and a proximity sensor that monitored access and movement in a participant's hotel room. There is a lot of preplanning work that goes into bringing together a successful testing event. The Alliance’s Interop and Smart Energy committees worked tirelessly to define the goals and subsequent protocol parameters to provide the best opportunity for successful interoperability. In the end, every one of the devices was able to exchange sensor data with the cloud server and some of the devices were able to be controlled from the server. Future Interops are planned that will extend the functionality for direct device-to-device control and look at demonstrating industry-focused applications for areas such as home automation, appliance control, healthcare, building control, and automotive. At the end of the member Interop event, the IETF community was invited to see some of the devices and products being developed, including IPv6-enabled light bulbs and an IPv6-connected heart rate monitor, as well as electric meters, routing devices, sensors, and cloud applications. The IPSO Alliance plans two additional interoperability test events during 2012: the first will be in conjunction with the European Telecommunications Standards Institute (ETSI) event in October and will focus on the CoAP protocol; the second will be in Atlanta at IETF 85, where we will be looking to test IP over 802.15.4g and additional extensions to the IPSO Application Framework.

]]> 500 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/successful-netconf-interoperability-testing-announced-at-ietf-85/ Fri, 01 Mar 2013 16:40:55 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=507

CESNET and libnetconf’s client and server example implementations (all were open source)

Jacobs University and a NETCONF client (open source)

Juniper and a NETCONF server and a test suite (client)

MG-SOFT and a NETCONF browser (client)

SegueSoft and a NETCONF browser (client)

Tail-f and a NETCONF server and three clients (one was open source Java)

YumaWorks and two NETCONF servers and two clients (one server and one client were open source)

We concluded that there does exist a robust set of interoperable implementations—meaning, we have met that requirement for advancement on the standards track and can confidently promote throughout the industry that NETCONF is mature and stable for further and wider deployment. In addition, we report demonstrated interoperability for the following NETCONF RFCs:

• RFC 6241, Network Configuration Protocol
• RFC 6242, Using the NETCONF Protocol over Secure Shell
• RFC 5717, Partial Lock Remote Procedure Call for NETCONF
• RFC 5277, NETCONF Event Notifications
• RFC 6243, With-defaults Capability for NETCONF

For RFC 6536, Network Configuration Protocol Access Control Model, we are continuing testing remotely. We reported the initial results at the NETCONF working group (WG) session at IETF 85 in Atlanta. Download the report at www.ietf.org/proceedings/85/slides/slides-85-netconf-3.pdf We asked the WG if, based on our report, they would support that we compile a complete report, including deployment reports, and if we may request advancement on the standards track. They offered sufficient support and no objections, and confirmed as such on the WG mailing list. Next step is to request advancement on the standards track, based on the conditions from RFC 6410.]]> 507 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/open-internet-endowment/ Sat, 06 Oct 2012 16:41:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=509 http://www.openinternetendowment.org.]]> 509 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-panel-debates-management-benefits-security-challenges-of-software-defined-networking/ Sat, 06 Oct 2012 16:43:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=515

SDN separates the control plane from the data plane in network devices such as switches and routers. The leading SDN architecture is OpenFlow, which is a Layer 2 protocol that allows software running on routers to determine the path of packets through the network switches as a way of enabling more sophisticated traffic management. Dave Ward, a Cisco Fellow, defined SDN as enabling applications not resident in embedded operating systems to extract and program state into networking nodes. He listed the following ways that SDN challenges basic assumptions about network design that have been popular for the last 20 years.

• Using a logically centralized data-base to keep all the information about the state of network devices, rather than having the devices store that information.
• Adopting new ways for network management systems to interact with network devices, rather than relying on transactions where state is written into configuration files.
• Taking a centralized view of network topology, rather than a distributed view.

The main goal of SDN is to make it easier for network operators to configure networks for specific applications and services, Ward said. The SDN architecture does this by moving the network away from command line interfaces and providing a standard interface that allows intelligent applications to customize network policies in real time. Other potential advantages of SDN include faster deployment of computer, storage, and network services, as well as enabling new services. SDN could enable better usage of network capa-city, plus faster restoration when outages occur, Ward said. However, he also pointed out that “it’s not all rosy in the arena of SDN.” The current SDN architecture is missing information to understand topology, utilization, delay, loss, or jitter, he said. Other features that are not available include loop detection, the ability to remove duplicates, or fix errors in state. SDN doesn’t support horizontal communications between network nodes or controllers to enable collaboration between devices. Nonetheless, Ward favors SDN. “SDN will augment and add functionality and make the Internet easier to operate, but as it’s currently constructed it’s missing a bunch of features that are necessary,” he says. Ward says SDN requires standard interfaces to the Internet that could be created by the IETF. “Many of the critical features of networking nodes are not standardized,” Ward says. He recommends that new working groups be formed to address the architecture work that will be required by SDN. Nick Feamster, associate professor at the University of Maryland’s computer science department, said the promise of SDN is the ability to change the network as easily as changing applications. Instead of having closed, proprietary network devices, SDN provides a single software program such as OpenFlow that can control the behavior of entire networks. Feamster says the benefits of SDN include centralized control of the network, more sophisticated control of network flows, and the ability for operators to more easily evolve network capabilities. “What we’re trying to do is enable operators to specify much more sophisticated policies and actions than they otherwise would be able to do,” Feamster explained. He described the results of two SDN deployments using so-called Lithium controllers that extend the OpenFlow control model to allow network operators to take actions based on time, history, and user. Possible applications of Lithium event-based controllers include parental controls and usage caps for home networks, as well as access control on campus networks. In home network deployments, ISPs are placing Lithium controllers outside the home so that residential customers needn’t operate their own home networks. “Those people who are unskilled and uninterested in running a home network—which is most of us—won’t have to,” Feamster said. Feamster reported that 225 routers are deployed in home networks as part of an ongoing SDN trial involving several ISPs. The trial will be extended to try denser deployments in apartment buildings and integration with other in-home devices such as phones. “We’re looking at how software-defined networking can simplify network monitoring and management. In our deployments and case studies, we’ve found that we need new control models to solve some of the problems,” Feamster said. Ted Hardie, a network engineer with Google, is a fan of SDN, which he predicts will change the way networks evolve by allowing devices to change in terms of their function—from being routers to switches to load balancers to firewalls, for example. “SDNs allow a network element to be any of these, or a bit of each, and to change over time,” he explained. Hardie said SDNs would allow networks to be routed differently. So instead of always routing for shortest path with added traffic engineering, networks might be routed to boost utilization, reduce latency, or accomplish some other goal of the network operator. Hardie referenced a data center-to-data center network that Google has built using OpenFlow that improves link utilization and drives down cost. “What you can do in SDN is create entirely different optimalities,” Hardie said. “The network can behave differently for different flows and different optimalities.” SDN is not without its challenges. Audience members identified several of these, including security risks from a centralized network control and state information, and reduced resiliency as network elements lose the ability to route around outages. Bob Hinden, a Check Point Fellow, called SDN’s security implications “terrifying.” He said that the reason network devices are specialized is because they are customized for each function. He warned that a reprogrammable network device that does all functions well is “very optimistic.” But presenters argued that the benefits of SDN outweigh the risks. “The charter of the IETF is obviously Layer 3 routing protocols, and right now I suggest that some of the work we would want to do is to augment the current routing systems with these programmable interfaces… so we will not add routing loops and so they will work with our routing and signaling protocols,” Ward said. “If this work doesn’t get taken up because of lack of interest by this community, then it’s guaranteed to be done somewhere else. I strongly suggest it be taken up here.”

]]> 515 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-8/ Fri, 01 Mar 2013 16:42:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=517 517 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/remembering-wendy-rickard/ Sat, 06 Oct 2012 16:44:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=519 Wendy was a long-time contributor to the Internet Society and the Internet community. As part of her work with the Internet Society, Wendy initiated the OnTheInternet magazine (OTI) in 1996. OTI was published first in print and then online until 2001 and was one of the first periodicals that covered the broad range of technical, policy, and devel- opment topics relating to the Internet. She was the initial and long-time editor of the Internet Society Annual Report and contributed to many other Internet Society publications. She also served until very recently as the Associate Editor of the IETF Journal.

Wendy worked with Internet Society Members and Chapters across the globe to capture and promote the important Internet development work we were all doing. She was able to capture the difference the Internet made in the lives of individuals around the world.

“Wendy believed in the power of the Internet to transform. She understood its potential and was able to make it real and accessible long before it was so commonplace. She was a remarkable woman and will be missed by all of us at the Internet Society,” said Lynn St.Amour, Internet Society president and chief executive officer.

Beyond her Internet-related accomplishments, Wendy is remembered for her incredible passion and the seemingly endless creative and positive energy she brought to everything she did.

]]> 519 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-7/ Sat, 06 Oct 2012 16:46:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=524 IAB Retreat

The Internet Architecture Board (IAB) held its 2012 retreat 10–11 May in Washington, DC, U.S.A.¹ During the retreat, IAB members reviewed the Programme and Initiative model,² which was developed last year. They concluded that the Programmes proved useful in enabling the IAB to achieve both administrative and technical objectives over a multiyear period, while the benefits of the Initiatives (work bundles of both shorter duration and lower priority) were less clear. As a result, the IP Evolution and Emergency Services Initiatives were promoted to Programmes, a new IAB Processes and Tools Programme was created, and the HTTP/Web Evolution, IPv6 for IAB Business, and DNS Initiatives were closed. The IAB now has Programmes in the following areas: Administrative

• RFC Editor (RSOC)
• IANA Evolution
• ITU-T Coordination
• Liaison Oversight
• IAB Tools and Processes

Technical

• Privacy
• IP Evolution
• Internationalization
• Emergency Services

IETF 84 Technical Plenary

The IETF 84 Technical Plenary,³ organized by Jon Peterson, focused on Software Defined Networking (SDN). Nick Feamster presented “The Past, Present, and Future of Software-Defined Networking;” David Ward’s presentation, “Programmatic Internet” described some of the issues with the current SDN architecture, and what SDN might mean for the IETF; Ted Hardie presented “Units of Evolution,” a description of how SDN changes the way network elements evolve.

IAB/IRTF Workshop on Congestion Control

The IAB and IRTF held a workshop entitled, “Congestion Control for Interactive Realtime Communication,” on 28 July, 2012, in Vancouver, Canada. Papers and materials for the workshop are posted; minutes are under development.⁴

RFC Series

The IAB published “RFC Editor Model (Version 2)” (RFC 6635)⁵ and “Independent Submission Editor Model” (RFC 6548)⁶ as Informational RFCs within the IAB stream. Collectively, these documents obsolete RFC 5620.⁷

IANA Evolution Programme

The IETF and ICANN have executed a supplemental agreement, which describes the service levels expected for 2012.⁸ In May, the IAB submitted an updated ICANN performance evaluation.⁹ On 2 July, the U.S. National Telecommunications and Infrastructure Administration (NTIA) awarded the IANA Functions contract to ICANN.¹⁰

Privacy Programme

The Privacy Programme posted an IPv6 privacy survey.¹¹

Other Document Actions

The IAB adopted “Technical Considerations for Internet Service Blocking”¹² as an IAB work item. It approved publication of “Design Considerations for Protocol Extensions”¹³ and “IETF and ITU-T Standardization Sector Collaboration Guidelines”¹⁴ as Informational RFCs within the IAB stream; and issued a Call for Comment on “Architectural Considerations on Application Features in the DNS”¹⁵ which was completed on 16 August, and on “Principles for Unicode Code Point Inclusion in Labels in the DNS,”¹⁶ which will be complete on 30 September.¹⁷

Affirmation of the Modern Global Standards Paradigm

At IETF 84, Russ Housley announced that the IETF, IEEE Standards Association, and W3C were working together to develop an “Affirmation of the Modern Paradigm for Standards.” After an initial round of feedback and edits, IETF Last Call was announced on 10 August and it was complete on 24 August, at which point Russ announced the conclusion of the Last Call.¹⁸ More information can be found athttp://open-stand.org/, which went live on 29 August.¹⁹ The IAB also agreed to adopt the Affirmation as an IAB document.²⁰

Liaison Relations

The IAB has responded to a liaison from the Open Network Foundation (ONF).²¹ The IESG, IAB, and the IEEE 802 Executive Committee met in Milpitas, California, on 25 July, 2012.²²Minutes of the meeting are under development. Next steps arising from the meeting include revising RFC 4441.²³ The IAB approved “IETF and ITU-T Standardization Sector Collaboration Guidelines” as an Informational RFC within the IAB stream, and ITU-T TSAG sent their approval in a liaison message.²⁴ In addition, the IAB and IESG posted a liaison to ITU-T TSAG on “Observations on Contribution 74 to TSAG Concerning Modification of IETF Protocols Technologies by the ITU-T.”²⁵

Appointments

The IAB has reappointed Eric Burger to the ISOC Board of Trustees,²⁶ and Ole Jacobsen to the ICANN Nomcom.²⁷

References

1. IAB Posts Minutes of 2012 Retreat, http://www.iab.org/?p=5970 2. IAB Programs, http://www.iab.org/activities/programs/ 3. Technical plenary materials, http://www.ietf.org/proceedings/84/technical-plenary.html 4. IAB/IRTF Congestion Control Workshop Materials Posted, http://www.iab.org/?p=6229 5. RFC Editor Model (Version 2), http://tools.ietf.org/html/rfc6635 6. Independent Submission Editor Model, http://tools.ietf.org/html/rfc6548 7. RFC Editor Model (Version 1), http://tools.ietf.org/html/rfc5620 8. ICANN and IETF Execute Supplemental Agreement, http://www.iab.org/?p=6045 9. IAB submits updated ICANN performance evaluation, http://www.iab.org/?p=5930 10. Commerce Department Awards Contract for Management of Key Internet Functions to ICANN,http://www.ntia.doc.gov/press-release/2012/commerce-department-awards-contract-management-key-internet-functions-icann 11. IAB posts IPv6 Privacy Survey, http://www.iab.org/?p=6052 12. IAB adopts “Technical Considerations for Internet Service Blocking,” http://www.iab.org/?p=6242 13. IAB approves publication of “Design Considerations for Protocol Extensions,” http://www.iab.org/?p=6041 14. IAB approves publication of “IETF and ITU-T Standardization Sector Collaboration Guidelines,”http://www.iab.org/?p=6118 15. Call for Comment on “Architectural Considerations on Application Features in the DNS,”http://www.iab.org/?p=6053 16. Principles for Unicode Code Point Inclusion in Labels in the DNS, http://tools.ietf.org/html/draft-iab-dns-zone-codepoint-pples 17. Call for Comment on “Principles for Unicode Code Point Inclusion in Labels in the DNS,”http://www.iab.org/?p=6306 18. Affirmation of the Modern Global Standards Paradigm, http://www.iab.org/?p=6240 19. Leading Global Standards Organizations Endorse ‘OpenStand’ Principles that Drive Innovation and Borderless Commerce, http://www.iab.org/?p=6297 20. Affirmation of the Modern Paradigm for Standards, http://tools.ietf.org/html/draft-iab-modern-paradigm 21. IAB responds to liaison from the Open Networking Foundation (ONF), http://www.iab.org/?p=6109 22. IAB and IESG to meet with IEEE 802 Executive Committee, http://www.iab.org/?p=5793 23. The IEEE 802/IETF Relationship, http://tools.ietf.org/html/rfc4441 24. IAB approves publication of “IETF and ITU-T Standardization Sector Collaboration Guidelines,”http://www.iab.org/?p=6118 25. IAB and IESG post liaison to ITU-T TSAG, http://www.iab.org/?p=6002 26. IAB reappoints Eric Burger to ISOC Board of Trustees, http://www.iab.org/?p=6018 27. IAB reappoints Ole Jacobsen as IETF Representative to the 2013 ICANN Nomcom,http://www.iab.org/?p=6257

]]> 524 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-8/ Fri, 01 Mar 2013 16:45:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=527 IETF 85 Technical Plenary The IETF 85 Technical Plenary, organized by Alissa Cooper, focusing on Internet Performance Measurement, included presentations by Dr. Henning Schulzrinne, CTO of the FCC and SamKnows.¹ A detailed report on the Plenary is available on page XX. Based on feedback from IETF 85 participants, the IAB selected “The End of Plain Old Telephone Service (POTS)” as the topic for the IETF 86 Technical Plenary. Affirmation of the Modern Global Standards Paradigm Russ Housley, IETF chair and member of the Internet Architecture Board (IAB), made a presentation on collaboration among standards development organizations at the Global Standards Symposium in Dubai, United Arab Emirates.² His presentation referenced the OpenStand principles, as did a presentation by Monique Morrow of Cisco Systems, and a post by Leslie Daigle, chief Internet technology officer of the Internet Society. In order to provide an archival record of the OpenStand principles as agreed to by IEEE, IETF, IAB, W3C, and ISOC, after a four-week IETF-wide Call for Comment, the IAB approved publication of “Affirmation of the Modern Paradigm for Standards” as an Informational RFC within the IAB stream.³  Appointments In the coming months, four slots on the IETF Administrative Oversight Committee (IAOC) will be filled—one by the IAB, and three by the IETF Nomcom (a full term, a replacement, and one to be filled by the newly selected IETF Chair). On 5 December, the IAB announced that it had reappointed Bob Hinden for its slot.⁴ RFC Editor The RFC Series Oversight Committee (RSOC) is chaired by Fred Baker; the IAB lead is Joel Halpern. Since there is no separate RFC Editor stream, documents relating to the operation of the RFC Series are published on the IAB stream. On 27 December, the IAB completed an internal last call on “RFC Series Format Development,”⁵ prior to announcement of an IETF-wide Call for Comment. Public discussion of this document is occurring on the RFC Interest mailing list.⁶ ITU-T Coordination Programme The ITU-T Coordination Programme is chaired by Eliot Lear; the IAB leads are Joel Halpern and Ross Callon. On 30 September, the IAB published RFC 6756, “Internet Engineering Task Force and International Telecommunication Union–Telecommunication Standardization Sector Collaboration Guidelines.”⁷ Liaison Oversight Programme The Liaison Oversight Programme is lead by Spencer Dawkins. The IETF sent a liaison to ISO/IEC JTC1/SC6 regarding TIsec,⁸ and to the Open Mobile Alliance⁹ relating to the resignation of the IETF’s liaison manager, Murray Kucheraway. Minutes of the 29 October 2012 virtual meeting of representatives of the IAB, the IESG, and the IEEE 802 Executive Committee are posted¹¹ as are the minutes of the 25 July 2012 meeting.¹² To make progress on a revision to the IEEE 802/IETF liaison relationship document (RFC 4441), the IAB adopted “The IEEE 802/IETF Relationship” as an IAB work item.¹⁰ Glenn Parsons of the IEEE Registration Authority Committee (RAC) requested IETF feedback on a proposal for restructuring the Organizational Unique Identifier (OUI) within the IEEE 802 Medium Access Control (MAC) address.¹³ To provide pointers to and context for additional discussions scheduled during IETF 86, a short presentation will be made at the IETF 86 Technical Plenary. Privacy Programme The IAB Privacy Programme, lead by Alissa Cooper completed an IAB internal last call on “Privacy Considerations for Internet Protocols,”¹⁴ prior to announcing an IETF-wide Call for Comment. Public discussion of this document occurs on the IETF Privacy mailing list.¹⁵ IP Evolution Programme The IP Evolution Programme, lead by Jari Arkko has made progress on several documents within the IAB stream.  The IAB adopted “Architectural Considerations in Smart Object Networking” as a work item.¹⁶ It published RFC 6709, “Design Guidelines for Protocol Extensions,”¹⁷ and completed an IAB internal Last Call on “Architectural Considerations of IP Anycast”¹⁸ prior to announcing an IETF-wide Call for Comment. Public discussion of these documents occurs on the Architecture Discuss mailing list.¹⁹ The IAB also adopted “Report from the IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communication” as an IAB work item²⁰ and maintains a web page with materials from the workshop.²¹ Internationalization Programme The Internationalization Programme is lead by Dave Thaler. The IAB issued an IETF-wide Call for Comment on “Principles for Unicode Code Point Inclusion in Labels in the DNS.”²² The document is being considered for publication as an Informational RFC within the IAB stream. The IAB completed an internal last call on “Issues in Identifier Comparison for Security Purposes”²³ prior to announcing an IETF-wide Call for Comment. Public discussion of these documents occurs on the Internationalization mailing list.²⁴   References 1. IETF 85 Plenary materials, http://www.ietf.org/proceedings/85/index.html#plenary 2. Presentation at the Global Standards Symposium in Dubai,http://www.iab.org/2012/11/21/presentation-at-the-global-standards-symposium-in-dubai/ 3. Affirmation of the Modern Paradigm for Standards, http://tools.ietf.org/html/draft-iab-modern-paradigm 4. IAB Announces IAOC selection, http://www.iab.org/2012/12/05/iab-announces-iaoc-selection/ 5. RFC Series Format Development, http://tools.ietf.org/html/draft-iab-rfcformatreq 6. RFC Interest mailing list, https://www.rfc-editor.org/mailman/listinfo/rfc-interest 7. Internet Engineering Task Force and International Telecommunication Union–Telecommunication Standardization Sector Collaboration Guidelines, http://tools.ietf.org/html/rfc6756 8. IETF sends liaison to ISO/IEC JTC1/SC6 regarding TIsec, http://www.iab.org/2012/12/14/ietf-sends-liaison-to-isoiec-jtc1sc6-regarding-tisec/ 9. IAB sends liaison to Open Mobile Alliance, https://datatracker.ietf.org/liaison/1213/ 10. The IEEE 802/IETF Relationship, http://tools.ietf.org/html/draft-dawkins-iab-rfc4441rev 11. Minutes of the IETF/IEEE 802 Meeting Posted, http://www.ietf.org/iesg/ieee/minutes-2012-10-29.txt 12. IETF and IEEE 802 have posted minutes of the leadership meeting held in Milpitas, CA, on 25 July 2012, http://www.iab.org/documents/minutes/minutes-2012/iab-minutes-2012-07-25/ 13. Proposed IEEE Registration Authority Committee OUI Tier Restructuring,http://www.iab.org/2012/12/13/proposed-ieee-registration-authority-committee-oui-tier-restructuring/ 14. Privacy Considerations for Internet Protocols, http://tools.ietf.org/html/draft-iab-privacy-considerations 15. IETF Privacy mailing list, http://www.ietf.org/mail-archive/web/ietf-privacy/current/maillist.html 16. Architectural Considerations in Smart Object Networking, http://tools.ietf.org/html/draft-iab-smart-object-architecture 17. Design Guidelines for Protocol Extensions, http://tools.ietf.org/html/rfc6709 18. Architectural Considerations of IP Anycast, http://tools.ietf.org/html/draft-iab-anycast-arch-implications 19. Architecture Discuss mailing list, https://www.ietf.org/mailman/listinfo/architecture-discuss 20. Report from the IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communication, http://tools.ietf.org/html/draft-tschofenig-cc-workshop-report 21. IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communication,http://www.iab.org/activities/workshops/cc-workshop/ 22. Call for Comment: Principles for Unicode Code Point Inclusion in Labels in the DNS to Informational RFC, http://www.iab.org/2012/12/20/call-for-comment-principles-for-unicode-code-point-inclusion-in-labels-in-the-dns-to-informational-rfc/ 23. Issues in Identifier Comparison for Security Purposes, http://tools.ietf.org/html/draft-iab-identifier-comparison 24. Internationalization mailing list, i18n-discuss@iab.org]]> 527 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-9/ Sat, 06 Oct 2012 16:47:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=529

IETF 84 was a well-attended, successful meeting. Approximately 1,175 people from 52 countries came to Vancouver and actively engaged in developing the future of the Internet. It was exciting to see so many people collaborating.

Google was the meeting host, the hotel facilities were very comfortable, and the social on Tuesday evening was both fun and educational. Hyatt Regency Vancouver, Telus, and Verisign were meeting sponsors, and they assisted Google in ensuring the event was successful. Thanks to all for your support. The first-ever Bits-N-Bites reception was held on Thursday evening. The event, modeled after the North American Network Operators' Group’s Beer ’n Gear event; it featured exhibit tables for sponsors and free food and drink. Huawei, ICANN, IPSO Alliance, the Internet Society, and Juniper sponsored tables; all sponsors seemed to have visitors throughout the event. Thanks for supporting the first Bits-N-Bites. Since IETF 83, six working groups (WGs) have been chartered and four have closed. Between meetings, the Internet Engineering Steering Group (IESG) approved 112 Internet-Drafts for publication as RFCs. The RFC Editor published 140 new RFCs. Starting with IETF 84, a new blue-sheet policy was implemented. The blue sheets no longer ask for email addresses; they now ask for organization affiliation to discern among multiple people with the same name. After each session, the blue sheets are scanned and the scans are included in the proceedings for that session. A notice has been added to the top of the blue sheet to alert people that it will become part of the proceedings. After the blue sheets are scanned, they are discarded. Bernard Aboba, as the IAB Chair, and Russ Housley, as the IETF Chair, signed an affirmation of theModern Global Standards Paradigm. This document and more information about the paradigm can be found at http://www.open-stand.org/. IETF 85 will take place in Atlanta, GA, USA, on 4–9 November 2012. The North American Cable Industry will be the meeting host. Scheduling information for the upcoming IETF meetings can be found athttp://www.ietf.org/meeting/. I look forward to seeing you in Atlanta.

]]> 529 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof/ Fri, 01 Mar 2013 16:48:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=535 comicbof_March2013]]> 535 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-plenary-explores-challenges-of-network-performance-measurements/ Fri, 01 Mar 2013 16:53:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=553 553 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-85-at-a-glance/ Fri, 01 Mar 2013 15:20:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1554

IETF Activity since IETF 84 (July–October 2012)

New WGs: 1 WGs closed: 3 WGs currently chartered: 115 New or revised Internet-Drafts: 1567 IETF Last Calls: 71 Internet-Drafts approved for publication: 73 RFCs published: 73 - 67 IETF (55 Working Group, 12 Individual/AD Sponsored) -2 IAB - 1 IRTF - 3 Independent

IANA Activity since IETF 84 (July–October 2012)

Processed more than 1300 IETF-related requests, including: Reviewed 92 I-Ds in IETF Last Call and reviewed 95 I-Ds in Evaluation Reviewed 110 I-Ds prior to becoming RFCs, 68 of the 110 contained actions for IANA Processing goal average for IETF-related requests: 91% Projects and Deliverables - Phase 2 of integration of tools beginning implementation - XMLization of registries 91% complete, converting final registries IANA and DNSSec - 95 TLDs have a full chain of trust form the root, see http://stats.research.icann.org/dns/tld_report/ - Ceremony 10 was executed successfully on 26 July 2012 - Ceremony 11 was executed successfully on 12–13 November 2012

RFC Editor Activity since IETF 84 (25 July–1 November 2012)

Published RFCs: 73 Internet-Drafts submitted for publication: 75 - 64 IETF WGs RFC Format Updates - (Draft) Requirements document available: draft-rfc-format-flanagan Improved RFC Search Engine (beta) - See http://www.rfc-editor.org/search/rfc_search.php Info pages for subseries identifiers - Example: http://www.rfc-editor.org/info/bcp9]]> 1554 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-3/ Fri, 01 Mar 2013 15:29:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1556 ]]> 1556 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2013/ Fri, 01 Nov 2013 15:14:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=244 244 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/software-defined-networking/ Fri, 01 Nov 2013 15:20:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=251 History Opus began as two unrelated audio coding projects. Skype began the SILK codec in 2007 as a variable-rate speech codec for narrowband to super-wideband speech. Almost at the same time, CELT was being created by Xiph.Org contributors as a high-quality, ultra-low delay audio codec aimed at the most demanding interactive audio applications. The two complementary technologies were combined in 2010 as part of the IETF audio codec effort started one year earlier. The creation of an audio codec working group within the IETF was subject to much controversy. While Opus is not the first codec to be stamped by the IETF[3], it is the first to be developed within a dedicated IETF working group and published on the standards track. Described as “one of (if not the) most technically complex pieces of work that has been presented to the IETF” by its Gen-Art reviewer[4], the effort also raised new issues within the IETF, such as how to specify a standard as C code.

Overview

To cover a wide range of network conditions, Opus supports a wide array of quality and bitrate options:

• Bitrates from 6 kbit/s to 510 kbit/s
• Narrowband (8 kHz) to fullband (48 kHz) audio
• Frame sizes from 2.5 ms to 60 ms
• Speech and music support
• Mono and stereo
• Flexible rate control

As network conditions change, all of the abovementioned settings may be dynamically changed in real time without causing audible artifacts or other glitches. Its rate control can generate constant bitrate (CBR) streams, such that each packet is exactly the size requested, or variable bitrate (VBR) streams, which target a specific quality, optionally constrained to impose a bound on required buffering or to respect an absolute maximum rate. All of this makes Opus suitable for almost all audio applications, including:

• VoIP and videoconferencing (e.g., WebRTC)
• Music streaming
• Music files and audiobooks
• Low-delay broadcast reporting
• Wireless audio equipment
• Network music performance

In addition to making things easier for implementers—one codec can deliver best-in-class performance where five or six different codecs would have been required before—Opus’s wide range of applications also helps reduce transcoding when linking different applications (e.g., streaming a videoconference).

Testing

To justify these claims and verify that Opus met its requirements[5], independent testers compared it to other speech and music codecs. Among these tests, a wideband/fullband speech test conducted by Google[6] found that Opus provided better quality at equal rate than G.719, Speex, G.722.1, and AMR-WB (Adaptive Multi-Rate Wideband). Figure 1. Google Wideband/Fullband Test In a test [7] by HydrogenAudio[8], Opus outperformed Vorbis and both the Nero and Apple HE-AAC encoders on 64 kbit/s music. Figure 2. HydrogenAudio Test The results of these tests prove that Opus delivers better quality than previous state-of-the art music codecs while maintaining the low delay of communications codecs. As interest in Opus has grown, more organizations have conducted more tests, including the European Broadcasting Union which expects to release the results of a set of listening tests in the near future.

Adoption

Despite being standardized only last year, Opus is already being adopted in many VoIP and videoconferencing clients. Along with G.711, it is mandatory to implement for the new WebRTC standard, which was used to broadcast the technical plenary (on Opus) at IETF 87 (using Opus). Tieline[9] and vLine[10] use Opus to deliver broadcast contributions. Real-time communications clients, including Jitsi, Meetecho, CounterPath, SFLphone, Mumble, Teamspeak, and many others support Opus. Opus is also being adopted as a music-streaming and music-storage format. It can be used with the HTML5

Download File

Ongoing Work

Opus developers are currently focused on releasing version 1.1[14] of the Opus implementation. This will be the first major release since version 1.0 was published alongside the RFC. Version 1.1 will include quality improvements that are possible because RFC 6716 only specifies the Opus decoder, thereby allowing smarter encoders in the future. These improvements include much-improved support for surround audio, and bitrate allocation tuning to enable more-uniform audio quality and to lower the average rate required to avoid noticeable artifacts. Another important feature in 1.1 is the ability to automatically detect whether an input signal is speech or music and adapt the encoding process accordingly. Although the reference implementation could switch between modes, it relied on the user to identify whether the input was speech or music. At the IETF, the focus is now on encapsulating Opus in both RTP and Ogg with two active working group drafts[15,16]. Encapsulating Opus is straightforward because it signals all mode changes in-band—no out-of-band signaling is required. The SDP (Session Description Protocol) codec parameters carry only informative parameters, which almost completely eliminates the possibility of negotiation failure. In fact, an RTP receiver can correctly decode an Opus stream without ever seeing the SDP.

Next Steps: Video

Watch for the Daala project,[17] a competitive, royalty-free video codec, based on “new” (for video codecs) technology, including lapped transform, frequency-domain intraprediction, and vector quantization.[18, 19, 20]

References

1. http://tools.ietf.org/html/rfc6716
2. http://opus-codec.org/
3. http://www.ietf.org/rfc/rfc3951.txt
4. http://www.ietf.org/mail-archive/web/ietf/current/msg73333.html
5. http://tools.ietf.org/html/rfc6366
6. http://www.opus-codec.org/comparison/GoogleTest1.pdf
7. http://people.xiph.org/~greg/opus/ha2011/
8. http://hydrogenaudio.org/
9. http://www.tieline.com/news/News/Tieline-Launches-Opus-Algorithm...
10. http://blog.vline.com/post/61581986806/live-tv-interview-powered-by-vline-customer-in-quality
11. http://blog.magnatune.com/2013/09/opus-format-audio-files-now-available-at-magnatune.html
12. http://dir.xiph.org/by_format/Opus
13. http://www.streamguys.com/news.php?id=116
14. http://people.xiph.org/~xiphmont/demo/opus/demo3.shtml
15. http://tools.ietf.org/html/draft-ietf-payload-rtp-opus
16. http://tools.ietf.org/html/draft-ietf-codec-oggopus
17. http://xiph.org/daala/
18. http://people.xiph.org/~xiphmont/demo/daala/demo1.shtml
19. http://people.xiph.org/~xiphmont/demo/daala/demo2.shtml
20. http://people.xiph.org/~xiphmont/demo/daala/demo3.shtml

]]> 251 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2013/ Mon, 01 Jul 2013 16:13:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=389 389 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/software-defined-networking-2/ Mon, 01 Jul 2013 16:16:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=396 The basic concept of SDN spread following the emergence of OpenFlow, which is now one of the effective enablers, or candidate solutions, of SDN under industry consideration. One of SDN’s defining characteristics is that it centrally places the intelligence of a network system (e.g., the intelligence is logically centralized by a so-called SDN controller). While this increases the flexibility of network utilization, it also keeps its complexity hidden from operators—which is why SDN is easy to operate and maintain. SDN also introduces the abstraction of lower network infrastructure functionality, which is well suited for the efficient development of new applications, and thereby promotes SDN as helpful in bringing innovative services to the market in a more timely manner. SDN can realize all of this in a cost-effective manner (capital expenditure/operating expenditure).

From a technical point of view, some argue that an essential aspect of SDN is the separation of a network device’s control-plane from its data-plane. If one looks at the architecture of OpenFlow, this is a fairly distinct and easily comprehensible feature. However, when one considers the general goals of SDN—to simplify network operations, to deploy innovative services with increased velocity, and to lower costs—other aspects may arise. While these general goals are commonly recognized, but there also exist a variety of other proposals and technical points of focus regarding SDN, such as investigating how to support coexistence with existing devices. For this reason, it is of utmost importance that a wide survey is conducted to establish a common idea of SDN’s architectural direction.

This article presents an outline of the IETF’s current SDN work, and provides examples of related use cases.

IETF Activity with SDN

The IETF is investigating models of SDN for feasible technical approaches. At IETF 86 in Orlando, Florida, an SDNRG (IRTF SDN Research Group) session included several presentations devoted to different candidate solutions. The session covered the analysis of OpenFlow, as well as a wide variety of other related topics—including network function virtualization¹ (NFV), which involves leveraging the virtualization technology of network equipment.

There was also an introductory presentation of forwarding and control element separation² (ForCES), a conceptually similar protocol to OpenFlow. It is hoped that this comprehensive study will enable SDNRG to provide input on the design of protocol, network, and service, and will accelerate detailed discussion.

Simultaneous to SDNRG’s study, other IETF Working Groups have started their own efforts in SDN:

• In SDN, intelligent programmability to the network is expected. But until now there have been no standard interfaces between the SDN controller and IP routers. The Interface to Routing System³(I2RS) WG was formed to meet requirements, such as the dynamic manipulation of state routing information, and held its first face-to-face meeting at IETF 86.
• SDN’s logically centralized management model requires existing technologies to take into account additional enhancement. For example, in IP/MPLS, there already exists a standard technology, path computation element⁴ (PCE), that can find optimal label switched paths (LSPs). But because the original PCE specification was not sufficient (the LSP state could not be monitored or changed by the controller side), a new extension, stateful-PCE, is being proposed to overcome it.
• The separation of control-plane and data-plane is effective for the seamless operation of a computing and network infrastructure. The Network Virtualization Overlays⁵ (NVO3) WG is active in discussing Data Center Virtual Private Networks—VPNs across a number of virtual machines (VMs). Collaborating with L2VPN and L3VPN WGs, NVO3 is proposing an architecture in which control-planes (e.g., BGP, XMPP) are decoupled from data-planes (e.g., MPLS, NVGRE, VXLAN). This architecture is expected to support a high level of scalability in the multitenant datacenter network. (According to the WG’s charter, there are a few thousand to several million VMs running on greater than 100,000 physical servers.)
• SDN gives a centralized view of network topology. In this context, application-layer traffic optimization⁶ (ALTO) can be placed at the controller side, which collects abstracted topology data and publishes service endpoints. PCE might have similar applicability. A new protocol extension of BGP, BGP link state⁷ (BGP-LS) is seen as a new interface for network devices to advertise their link-state and traffic-engineering information to the controller side.

In addition to standardization activity, new service scenarios and use cases are being studied, mostly driven by the industry’s high expectations of SDN. Following are some examples.

Automated Interconnection between Cloud and WAN VPN

SDN, especially OpenFlow, has already been used in a carrier’s production network to provide virtualized networking for cloud service (e.g., global carrier NTT Communications is providing Enterprise Cloud computing clients using OpenFlow). In this case, the Layer-2 network such as VLAN, is dynamically controlled by the SDN controller. The virtualized network is also extended to interdatacenter connection services for data migration without IP renumbering, and for bandwidth provisioning/deprovisioning on demand.

A potential use case of SDN as an expansion for WAN-area beyond the cloud datacenter would be the interconnection between the BGP/MPLS IP-VPN (RFC4364⁸) network and the virtualized network in the datacenter. SDN can set up this interconnection automatically. The benefits for customers include use of Infrastructure-as-a-Service (IaaS) resources via IP-VPN on demand; and for carriers to provide such a connection without any manual operation of the configuration.

Currently, a typical connection mechanism between a datacenter network and an IP-VPN network may be Inter-AS Option-A of RFC4364. In this case, virtual routing and forwardings (VRFs) are configured at both border routers and VLANs are used for the tenant separation in the data-plane in the connection. One example of SDN usage in the connection is to use Inter-AS Option-B of RFC4364, in which case Mp-BGP peer is established between the SDN controller in the datacenter and the border router of the IP-VPN network. The VPN route information with MPLS labels and route targets is exchanged via the BGP peer. In the case that VLAN is used as the virtualized network in the datacenter, the MPLS label and VLAN-ID are converted in the data-plane associated with the IP-Prefix that an arriving packet has, and OpenFlow protocol is used to push the flow information at the gateway switch. OpenFlow protocol 1.3.X⁹ is the latest Open Flow version and supports such flow information in matching and action instruction. For example, when a packet arrives from a datacenter at the gateway switch, it does match VLAN-ID and IP-Prefix and can push the MPLS label associated with the combination based on the VPN route information obtained from the BGP peer. When a packet arrives from the border router at the gateway switch toward a datacenter, it matches the MPLS label and pushes the VLAN-ID associated with the MPLS label (see figure 1). In this type of SDN architecture, every implementation is covered by standardized protocols only—making it very flexible and vendor neutral.

            Figure 1. Use Case of an Automated Cloud and WAN VPN Interconnection

Dynamic Resource Sharing in the Network

Until recently, the IP/MPLS network settings of tunnel LSPs to carry user’s traffic were statically and manually configured at routers. As a result, it was technically difficult to deal with a scenario in which source-destination pairs of LSPs frequently changed. SDN’s logically centralized approach has the capability to solve this kind of technical challenge.

In this use case, RSVP-TE LSPs are dynamically created and deleted on the specified time, bandwidth, and source/destinations by the operator. The SDN controller monitors the traffic amount and utilization of the network infrastructure in real-time, and then controls MPLS edge routers so that RSVP-TE is signaled accurately at the specified timing. The benefit of this scheme is that multiple users can share the same physical network resources on a time-specific basis. From the end user’s view, bandwidth-assured leased lines may be reserved during a particular time period or immediately provided on-demand. Because network resources are allocated only when they are needed, both users and operators can utilize networks more efficiently, thereby contributing to a reduction in capital expenditure.

Technically, this use case needs to manage a network node’s time-triggered and/or ephemeral state (unlike initial configuration, a state that is not persistent and can be changed frequently) regarding LSP control. Solutions should support intelligent and customizable programmability on the controller side to quickly facilitate the creation of differentiated services (see figure 2).

Figure 2. Use Case of Dynamic Resource Sharing

Future Expectations

SDN, by its nature, is oriented toward joining different pieces of technology via the orchestration mechanism of a logically centralized controller. In fact, a unique SDN protocol, does not exist—users must combine various technologies. Therefore, in consideration of the technical solutions of SDN, it will be increasingly important to study the end-user’s benefit from a systemwide perspective to ensure the final configuration supports the user’s objectives. A similar focus will be required with regard to potential standardization activities by the IETF.

References

1. Network Functions Virtualisation: An Introduction, Benefits, Enablers, Challenges & Call for Action , http://portal.etsi.org/NFV/NFV_White_Paper.pdf

2. Forwarding and Control Element Separation (forces), http://datatracker.ietf.org/wg/forces/charter/

3. Interface to the Routing System (i2rs), http://datatracker.ietf.org/wg/i2rs/charter/

4. Path Computation Element (pce), http://datatracker.ietf.org/wg/pce/charter/

5. Network Virtualization Overlays (nvo3), http://datatracker.ietf.org/wg/nvo3/charter/

6. Application-Layer Traffic Optimization (alto), http://datatracker.ietf.org/wg/alto/charter/

7. North-Bound Distribution of Link-State and TE Information using BGP, http://tools.ietf.org/html/draft-ietf-idr-ls-distribution-03

8. BGP/MPLS IP Virtual Private Networks (VPNs), http://tools.ietf.org/html/rfc4364

9. Open Network Foundation, OpenFlow Switch Specification,

https://www.opennetworking.org/sdn-resources/onf-specifications/openflow

]]> 396 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-4/ Mon, 01 Jul 2013 16:19:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=417 Closing the Circle This will be my last update to the community as chair of the Internet Architecture Board (IAB). It was a busy two years for the IAB—including dealing with administrative aspects, such as the development and implementation of RFC Series Model v2,^1,2 as well as the development of documentation and supplemental agreements³ as part of the U.S. NTIA award of the IANA function contract to ICANN. In addition, during the last two years the IAB developed revised liaison relationship agreements with both the ITU-T⁴ and IEEE 802,⁵ and developed programs relating to aspects of the Internet’s technical evolution, such as privacy, internationalization and emergency services. Over the last two years with the reorganization of the IAB and the implementation of the Program Model, the IAB improved its ability to simultaneously handle its administrative, liaison, and technical responsibilities. At the same time, with a new website, the hiring of Cindy Morgan as IAB administrative assistant, and the appointment of Mary Barnes as IAB executive director, the IAB expanded its ability to keep the community up-to-date on its activities. As governments worldwide struggle to adapt to the technical, economic, and political forces brought to bear by the Internet, the need for the IAB to provide expert technical analysis and administrative oversight has never been greater. At IETF 86, the IAB selected Russ Housley as IAB chair—the leadership of the IAB is in very capable hands.

Appointments

In March, the nomcom announced its IAB appointments.⁶ Incoming IAB members include Russ Housley (former IETF chair), Andrew Sullivan, Eliot Lear, and Xing Li;  outgoing IAB members include David Kessens, Danny McPherson, and Jon Peterson.  The IAB thanks David, Danny, and Jon for their service. Prior to IETF 86, the IAB announced a Call for Nominations to the ISOC Board of Trustees,⁷ as well as for the IETF Liaison to the ICANN Board of Directors.⁸ Feedback on the nominees were made, interviews were scheduled and conducted, and the IAB made its selections, which will be announced shortly. With the conclusion of the World Conference on International Telecommunications (WCIT) and the update to the IETF/ITU-T liaison relationship document, the IAB announced that it will be scaling back the ITU-T Coordination Program.⁹ As a result of Eliot Lear’s appointment to the IAB, the role of IETF liaison manager to the ITU-T needed to be filled, and the IAB announced that it replaced Eliot with Scott Mansfield.¹⁰ Scott’s appointment left his former position as Liaison Manager for MPLS open, and the IAB issued a call for volunteers for that position.¹¹ The IAB also announced that Monique Morrow is stepping down as IETF liaison manager to the ITU-T for Next Generation Networking (NGN).¹² On behalf of the Internet Community, the IAB thanks Eliot, Scott, and Monique for their service.

IETF 86

At IETF 86, the IAB organized several events relating to the technical, regulatory and policy challenges involved in the transition of the Public Switched Telephone Network (PSTN) to IP. The IETF 86 Technical Plenary, organized by Hannes Tschofenig and myself, included the presentation, “Transitioning the PSTN to IP,” by Dr. Henning Schulzrinne, chief technical officer of the Federal Communications Commission.¹³ Dr. Schulzrinne noted that the transition from public switched telephone network (PSTN) to Internet protocol (IP), which is unlikely to include a cut-over date, includes three simultaneous technology transitions: from copper to fibre, from wired to wireless, and from circuits to packets. In addition to technical issues (i.e., reliability and quality, public safety (911 and 112 services), numbering and trustable identifiers, universal service, and expansion beyond voice), the transition involves economic and public policy considerations. As a supplement to Dr. Schulzrinne’s talk, which focused on the United States, the IAB provided a wiki covering PSTN transition issues occurring elsewhere in the world.¹⁴ A detailed report on the plenary is available on page XX in this issue. In December 2012 the ITU-T held the World Conference on Telecommunication (WCIT) in Dubai. WCIT-12 focused on the update of the International Telecommunication Regulations (ITRs), which were last updated in 1988. At IETF 86 Sally Shipman Wentworth presented a session on WCIT,¹⁵ with Joel Halpern and Ross Callon acting as moderators. As noted by the audience at the Technical Plenary, many of the issues arising at WCIT have also come up at the debates within individual nations on the transition from the PSTN to IP.

RFC Editor

Also during the IETF 86 Technical Plenary, Heather Flanagan gave an update on “RFC Series Format Requirements and Future Development,”¹⁶ which covers potential enhancements to the (request for comments) RFC Series format, such as support for Unicode, complex diagrams and other enhancements. The document,¹⁷ which had been discussed on the RFC-Interest list,¹⁸ was approved by the IAB for publication later in the week.¹⁹

IAB Programs

Several IAB Programs have completed major milestones since IETF 85. Within the Internationalization Program, work was completed on “Principles for Unicode Code Point Inclusion in Labels in the DNS,”²⁰and “Issues in Identifier Comparison for Security Purposes,”²¹ both of which were approved for publication as Informational RFCs within the IAB stream. Within the Privacy Program, “Privacy Considerations for Internet Protocols”²² completed IETF-wide Call for Comment; discussion on the document (and next steps) takes place on the IETF Privacy mailing list.²³ The IAB also approved publication of “Architectural Considerations on Application Features in the DNS” as an Informational RFC within the IAB stream.²⁴ The IAB adopted two documents as new work items: “Report from the IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communications”²⁵ and “The IEEE 802/IETF Relationship.”²⁶ Also, “Affirmation of the Modern Paradigm for Standards” was published as RFC 6852.²⁷

Tech Chats

Recent IAB Tech Chats included a December talk on top-level domain (TLD) variants by Andrew Sullivan,²⁸ and a February Tech Chat on the Internet Corporation for Assigned Names and Numbers (ICANN)  by Thomas Narten.²⁹

Internet History

At IETF 86, the History birds of a feather (BoF) discussed preservation of historical records relating to the development of the Internet. During the IETF 86 Administrative Plenary, a long-forgotten aspect of Internet history was discussed: the IAB debate over “The Internet of Salt Water Taffy.”³⁰ The discussion, which continued despite a lengthy warning from John Klensin that the IAB could “muck up the Internet,” finally ended thanks to the decisive intervention of Russ Housley, who once again demonstrated that he can be rock solid in the most sticky of situations. However, as one sticky technical debate ended, others inevitably arose to take their place. These include discussion of the use of additional key words in RFCs (e.g., “MUST (But We Know You Won’t)”)³¹ and the architectural implications of faster-than-light communications.³²

References

1.         RFC Editor Model (Version 2), http://tools.ietf.org/html/rfc6635 2.         Independent Submission Editor Model, http://tools.ietf.org/html/rfc6548 3.         ICANN and IETF Execute Supplemental Agreement, http://www.iab.org/2012/07/11/icann-and-ietf-2012-supplemental-agreement/ 4.         Internet Engineering Task Force and International Telecommunication Union-Telecommunication Standardization Sector Collaboration Guidelines, http://tools.ietf.org/html/rfc6756 5.         The IEEE 802/IETF Relationship, http://tools.ietf.org/html/draft-iab-rfc4441rev 6.         Nomcom Announces IAB Appointments, http://www.iab.org/2013/02/11/nomcom-announces-iab-appointments/ 7.         Call for nominations: IETF Appointment to the ISOC Board of Trustees, http://www.iab.org/2013/02/14/call-for-nominations-ietf-appointment-to-the-isoc-board-of-trustees/ 8.         Call for nominations: IETF Liaison to ICANN Board of Directors, http://www.iab.org/2013/02/14/call-for-nominations-ietf-liaison-to-icann-board-of-directors/ 9.         IAB Report, http://www.ietf.org/proceedings/86/slides/slides-86-iab-techplenary-3.pdf 10.       IAB appoints Scott Mansfield as new IETF Liaison Manager to the ITU-T, http://www.iab.org/2013/03/28/iab-appoints-scott-mansfield-as-new-ietf-liaison-manager-to-the-itu-t/ 11.       Call for volunteers for IETF ITU-T Liaison Manager for MPLS, http://www.iab.org/2013/04/01/call-for-volunteers-for-ietf-itu-t-liaison-manager-for-mpls/ 12.       Thank you to Monique Morrow, https://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=934&k2=11807&tid=1365290656 13.       IETF 86 Technical Plenary Topic: The End of Plain Old Telephone Service, http://www.iab.org/2013/02/22/ietf-86-technical-plenary-topic-the-end-of-plain-old-telephone-service-pots/s ì 14.       IETF 86 Technical Plenary: End of POTS, http://trac.tools.ietf.org/group/iab/trac/wiki 15.       WCIT: What Happened, What’s Next, http://www.iab.org/2013/03/14/wcit-what-happened-whats-next/ 16.       RFC Editor Presentation, http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF86_tech_plenary&chapter=part_7 17.       RFC Series Format Requirements and Future Development, http://tools.ietf.org/html/draft-iab-rfcformatreq 18.       RFC Interest mailing list, http://www.rfc-editor.org/mailman/listinfo/rfc-interest 19.       IAB approves publication of RFC Series Format Requirements and Future Development, http://www.iab.org/2013/03/14/iab-approves-publication-of-rfc-series-format-requirements-and-future-development/ 20.       Principles for Unicode Code Point Inclusion in Labels in the DNS, http://tools.ietf.org/html/draft-iab-dns-zone-codepoint-pples 21.       Issues in Identifier Comparison for Security Purposes, http://tools.ietf.org/html/draft-iab-identifier-comparison 22.       Privacy Considerations for Internet Protocols, http://tools.ietf.org/html/draft-iab-privacy-considerations 23.       IETF Privacy mailing list, http://www.ietf.org/mail-archive/web/ietf-privacy/current/maillist.html 24.       IAB approves publication of Architectural Considerations on Application Features in the DNS, http://www.iab.org/2013/03/12/iab-approves-publication-of-architectural-considerations-on-application-features-in-the-dns/ 25.       IAB Adopts Report from the IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communications, http://www.iab.org/2013/01/30/iab-adopts-report-from-the-iabirtf-workshop-on-congestion-control-for-interactive-real-time-communication/ 26.       IAB adopts The IEEE 802/IETF Relationship, http://www.iab.org/2013/01/09/iab-adopts-the-ieee-802ietf-relationship/ 27.       Affirmation of the Modern Paradigm for Standards, RFC 6852. 28.       ICANN Tech Chat, http://www.iab.org/documents/minutes/minutes-2013/iab-minutes-2013-02-06/ 29.       IDN TLD Variants Tech Chat, http://www.iab.org/documents/minutes/minutes-2012/iab-minutes-2012-12-05/ 30.       The Internet of Salt Water Taffy, http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF86_admin_plenary&chapter=part_5 31.       Further Key Words for Use in RFCs to Indicate Requirement Levels, RFC 6919 32.       Design Considerations for Faster-Than-Light (FTL) Communication, RFC 6921]]> 417 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/meet-jari-arkko-new-ietf-chair/ Mon, 01 Jul 2013 16:21:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=427 http://www.ietf.org/blog/). Arkko conceived the blog “as an additional communications channel, a way to provide insight into what the chair is working on, and a way to solicit further feedback on what we at the IETF should be thinking about or doing.” He’s already used it to cover the IETF 86 event in Orlando, his hopes for the future of the IETF, and pressing topics of the day, such as increasing the diversity of IETF participants. In his first post,¹ Arkko writes: [I] am excited. Because I get to work with you, the people at the IETF. And because I think we keep working on interesting technologies that have a bright future. Such as networking smart objects or WebRTC, to name a couple of personal favourites. And I am grateful that I am allowed to do this work, for nomcom, and for Ericsson. But it also strikes me that we are in a very different place than we were six years ago when Russ started his work, or when Brian Carpenter or Harald Alvestrand started their work a couple of years earlier. Back then we had serious problems on many areas. After the administrative restructuring, building a professional support organisation, setting up IT infrastructure, rewriting the datatracker, developing tools to support the IETF work, making the leadership work in much more transparent manner, and countless other improvements have made a significant change. It is not always easy to remember these changes, as they happen on long time scales, but the end result is that today it is much easier to work in the IETF than it used to be. So thank you Russ, previous chairs, all the volunteer tool developers, IESG, administrative director and committee, secretariat staff, IANA, RFC Editor and countless others for these improvements! Not that there wouldn’t be challenges. There are plenty—otherwise our work would be too easy and boring. I’ll talk more about some of those challenges in future articles. In a later blog post,² he addresses some of the IETF’s current issues: The Internet keeps facing both technological as well as societal challenges. The fast growth of the Internet makes scalability very important. New applications push the limits in other ways. And the enormous importance of Internet communications in our personal lives and economic activities makes the Internet also a part of legal and political interests. Retaining an open, one Internet while tackling many of these challenges is of utmost importance. I am sure we will discuss the above at length in the future, in the IETF and elsewhere. But I wanted to focus on this article a little bit more narrowly on the IETF. Here are some issues that need attention:

• Addressing the needs in important technical areas, such as real-time communication, the Internet of Things, or IPv6 deployment. Our highest priority is to produce timely, relevant, and high-quality standards. As long as the industry and users adopt our solutions, then we are on the right path. On many of these areas there is plenty of work left, however, as well as opportunities to take on more work.
• Identifying the new technical challenges that face us, such as power constraints (be it in datacenters or small devices). What are these challenges?
• Evolving participant base. As our topics change over time, so does the set of people with expertise on those topics. For instance, in the area of emergency communications we have to find ways to interact with people from regulatory agencies. Similarly, the IETF has become very international, with document authors from 60 countries. But there is still work left to make our organisation and leadership even more international and more diverse.
• Dealing with the age of “permissionless innovation”. Internet technology enables building applications in an easy manner, by anyone. And usually without any effect on the underlying Internet protocols – the part that IETF is about. And even where there is an impact, there is often an interesting tussle about what aspects need to be standardised. E.g., fully specified real-time communication protocols vs. frameworks such as WebRTC that can be used to build solutions. Finding the right balance between these types of approaches is important.
• It is not always easy to start new work at the IETF for various reasons. And “the end-to-end delay”, time that it takes from proposing a BOF to having a WG and getting an RFC out is still very long. Even if we have improved how we handle specific smaller tasks, like approving an RFC, building an entirely new specification for a new problem takes a lot of time.
• The IETF process puts more weight in the final stages, and the role of the IESG is quite central. It would be better to push more of the review work to earlier stages. At the same time, this would reduce the load on the Area Directors. It is not always easy to find Area Directors willing to devote enough time to the task of being in the IESG.
• IETF’s process documentation is in the need of revision, in some cases even to bring documentation up to the state of currently used procedures.
• We will see how these issues can be tackled. I do have an idea about some of the principles that we should employ in that, however. The first is continuous, incremental improvement. The second is transparency, keeping everyone informed about what is going on and calling for feedback. The third one is to focus. Fourth, running code and rough consensus. Code, interops, engineers. Publish and prune RFCs easily.

But enough about my thoughts. What I really want to know is what do you think. What is troubling you at the IETF or Internet technology? What new technical challenges do you believe IETF should tackle? If you have comments, send them directly to me or post to the IETF discussion list. “I have just started this process,”writes Arkko. “And I want to talk to many of you personally to find out what the importance of IETF is for you, where we could improve, and what new things we should perhaps be working on.” You can follow Arkko and the IETF by visiting the IETF Chair blog at http://www.ietf.org/blog/. References 1. http://www.ietf.org/blog/2013/02/chairs-blog/ 2. http://www.ietf.org/blog/2013/03/ietf-challenges/]]> 427 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/webrtc-moving-real-time-communication-into-the-web-browser/ Mon, 01 Jul 2013 16:23:14 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=433 without requiring the installation of an external plugin—no Flash, no Java, no any other plugin technology. Now imagine that this same conversation or game involves high-quality, wideband audio, HD video; has a chat component, as well as a way to share data; and is entirely secured by encryption. From an implementation point of view, imagine that this could be done in the web page with only a few lines of JavaScript. Now, stop imagining. Because this is exactly what is possible today in the work of multiple standards and developments efforts that fall under the overall name of “WebRTC”. With WebRTC, real-time communications (RTC) capabilities are being built directly into web browsers. For those who remember the very early days of the Web, there was a time in 1993 when the Mosaic browser was released with the ability to add images to a web page. Suddenly the Web went from being a text-only medium to having a visual component. For the first time you could have both text and images on the same page, and the Web changed dramatically and became what we know today. Now, 20 years later, browser vendors are adding a standardized component that enables real-time communications via voice, video, chat, and data exchange. At the time of this article, this RTC layer is already available in Google Chrome, Mozilla Firefox, Opera, and even the Google Chrome Beta for Android. Microsoft is working on implementing a version of WebRTC in Internet Explorer, and other vendors and startups are providing WebRTC-enabled browsers, as well. We've had voice, video, chat, and gaming in web browsers in the past, of course, but they've typically required installation of some type of plugin. Even then, you could only communicate with people who also had installed that same plugin. And if you switched to a different computer or browser you had to reinstall the plugin to use it again. The actual plugins have had various security challenges, and generally have not provided a seamless user experience. With WebRTC, all of that moves into the web browser itself and is exposed to developers through a simple set of JavaScript APIs. The beauty of this approach is that WebRTC is enabling “regular” web developers to  start building applications that incorporate voice, video, chat, and data collaboration. Developers no longer need a deep understanding of voice-over-IP (VoIP) or telecommunications to make WebRTC apps. In fact, there are now many WebRTC-related services that enable a developer to simply copy and paste some JavaScript code into their web page to get started. The result of all of this has been an explosion of new WebRTC applications, services and startups. A quick web search will show you the vast range of sites related to WebRTC. A fascinating aspect is that developers have already moved beyond simple voice and video calls and into using WebRTC components for games, peer-to-peer streaming, and even browser-based content distribution networks (CDNs). Now that the building blocks are out there it will be interesting to see what developers start creating. From a standardization point of view, what we broadly call “WebRTC” is being standardized in both the IETF and the W3C. Essentially, the RTCWEB working group within the IETF is standardizing the protocols and mechanisms used in the RTC communication between the browsers while the WebRTC working group within the W3C is standardizing the APIs used by developers to communicate with the RTC components inside the browsers. To learn more about the work of the RTCWEB working group, you may want to start with these Internet Drafts:

• draft-ietf-rtcweb-overview
• draft-ietf-rtcweb-use-cases-and-requirements
• draft-ietf-rtcweb-security
• draft-ietf-rtcweb-security-arch

Other relevant drafts can be found on the RTCWEB status page at http://tools.ietf.org/wg/rtcweb/ The RTCWEB mailing list is very active and there is still a great amount of work that needs to be done. While the OPUS codec has been chosen as mandatory-to-implement for audio communication, there is a fierce and ongoing debate about standardizing a video codec. There are alternatives being proposed for some methods of signaling, and identity and firewall issues yet to be completely resolved. As new uses are found other topics will undoubtedly be raised. Some potential problems remain that could limit the success of WebRTC. A great aspect of the RTCWEB work, however, is that we do have many instances of running code, so the debates are being fueled by actual examples and real implementations and deployments. If you get a chance to visit one of the RTCWEB working group sessions at an IETF meeting, it is highly likely that you’ll see some demonstrations along with the usual slides and discussions. The RTCWEB working group is open to all and is a great way to start learning about how the IETF works (assuming you don’t mind a high volume of email). Combined, the work of the IETF’s RTCWEB working group, the work of the W3C’s WebRTC working group, and the active WebRTC implementations of multiple browser vendors are bringing about a new Web—one in which real-time communications are part of the core fabric available to all. It’s an exciting time and we don’t yet know what may emerge. Learn more IETF RTCWEB Working Group:  http://tools.ietf.org/wg/rtcweb/charters RTCWEB Documents: http://tools.ietf.org/wg/rtcweb/ RTCWEB List: https://www.ietf.org/mailman/listinfo/rtcweb W3C WebRTC Working Group: http://www.w3.org/2011/04/webrtc/ The following recent presentations provide excellent tutorials, demonstrations and code samples:

• IETF RTCWEB Cochair Cullen Jennings gave a tutorial on WebRTC: http://www.youtube.com/watch?v=Yf3eNciKddc
• Google’s Justin Uberti presented WebRTC at Google I/O: http://www.youtube.com/watch?v=p2HzZkd2A40         Slides: http://io13webrtc.appspot.com/

Google’s Chrome Team operates the website, webrtc.org, and there are very active WebRTC discussion communities in Google+, Facebook, and other social networks.]]> 433 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-debates-rights-for-content-creators/ Mon, 01 Jul 2013 16:24:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=438 438 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-demise-of-pots-an-internet-engineers-perspective/ Mon, 01 Jul 2013 16:25:56 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=446 446 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/writing-in-the-sand-the-networking-history-bof-and-mailing-list/ Mon, 01 Jul 2013 16:26:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=452 do permanently preserve records of networking history. But the people who have the materials often don’t know that, or how to find and approach those repositories. At the IETF 86 in Orlando, I chaired a packed Birds of a Feather session on Networking History. The idea for a BoF came from Jake Feinler, who helped me lead the session, and we had critical assistance from networking pioneer and IETF veteran Dave Crocker. The then-IETF chair, Russ Housley, generously gave us a 90-minute slot.

Avoiding the Dustbin of History

The history of the online world can be a big topic with lots of open-ended questions from data formats, to the environments needed to emulate software, to metadata. In fact, it can grow into a whole career, as it has for me since 1995. But for this first IETF effort we wanted to focus on what is most urgent, and also happens to be very concrete: helping save materials that will otherwise disappear. Other issues around networking history can be worried about later. This one can’t. Our draft charter (http://www.ietf.org/proceedings/86/slides/slides-86-history-0.txt) proposes creating directories to help match at-risk net historical materials around the world with the institutions that may preserve them. It sounds simple, and it is. But many of the people holding important items—documents, software, objects, and more—have no idea that they are of historical interest, or what kinds of institutions might accept them. Some of those materials could be moldering in your basement or garage, or in the backup tapes for your company server. Why the IETF and ISOC? As Jake Feinler said, adapting Willie Sutton’s purported explanation about why he robbed banks, “That’s where the history is.” Precisely because this is the IETF, a lot of historically important work has been done by participants or by key people and organizations they are connected with around the world. This makes it an ideal central point from which to connect with a wide variety of historic materials and local archiving institutions. But where standards bodies and professional associations from the W3C (World Wide Web Consortium) to the IEEE (Institute of Electrical and Electronics Engineers) to the ACM (Association for Computing Machinery) and IFIP (International Federation for Information Processing) all have explicit history efforts of one sort or another, the IETF and ISOC have had none—with one important exception. The IETF process for archiving RFCs is a unique example of how an organization can make use of its own past work. Yet this process is restricted to a sharply defined subset of materials, most notably the RFCs themselves and attendance lists (blue sheets). Beyond that, preservation can be hit or miss. The other goal in our draft charter is to try and expand the kind of real-time collection of historical material represented by the RFC process, in which things get archived as they are produced rather than years after the fact (if at all). We hope to expand such real-time archiving both within the IETF, where we have a proposal out for doing just that, as well as to help define good practices for organizations to do so in general. This is another place the unique standards and technical expertise of the IETF can help. An example is Danny Cohen’s influential RFC 1357 on archival metadata for sharing between universities, which was repackaged as RFC 1807. *     *     * We drew nearly 200 people to a session we hoped might attract 75, helped by curiosity about such an unusual topic for the IETF. Jake Feinler opened the event, and I followed with a presentation on the overall problem and various solutions. Dave Crocker then led a brainstorming session on methods to identify materials and repositories. We had brief presentations by institutions doing networking history work in different locations, including China, Spain, University of California, Los Angeles (UCLA), and my own Internet History Program at CHM in Silicon Valley. We ended with what was supposed to be a discussion of the charter, but became an extended Q&A session. A lot of questions were simply: what can I do with my stuff?

Closing the Loop

If you’re reading this, you are very likely engaged in building things: standards, software, machines, or other parts of what makes the online world go. That takes a huge amount of time, effort, and money. But once that work has served its immediate goal, where does it go? You may be writing poetry in the sand. Creation and preservation can be massively asynchronous. To preserve something usually takes a tiny fraction of the effort it took to make it. Yet we so often miss that small, final step; perhaps because there’s no deadline to get pressured for, or it’s dull, or we’re not sure how to go about it, or preservation is someone else’s job. That is why we need standards for this end of the life cycle as well. Defining good practices doesn’t need to only be about creation, but can include ensuring our hard-won knowledge gets filed away for the benefit of future pioneers. What we hope to assemble with help from participants is a directory of local institutions around the world that permanently preserve different kinds of materials, whether software, or hardware, or papers, or video, etc. So when you wonder what to do with that box of old project papers in a storage closet, or a project shuts down, or a Web site is about to be refreshed, you’ll at least have a starting point. A handful of the repositories listed will have networking history as an explicit part of their charter, like the Internet Archive or the Internet History Program at CHM. Others may be oriented toward tech history in general, like the London Science Museum. But the biggest group of all—and the only game in town over much of the world—will be institutions with no tie to tech history, but who are interested in specific networking materials because of their geography or the stories they are a part of. For instance, a university library might archive the materials of a networking pioneer because he or she is faculty. Other examples include government archives, local museums, and so on. The main criteria for all the archiving institutions is that they be stable, with adequate funding and credible, long-term preservation programs. We’ve defined a starting set of metadata for collecting this kind of information. On the other side of the equation, we plan to use the nethistory@ietf.org mailing list as one starting point for gathering information about at-risk materials. These can be in the hands of individuals, small collectors, or corporations. Some at-risk materials are those held by unstable repositories, like underfunded museums. In fact, we already encourage small collectors and museums to come up with an archiving backup plan, to make sure their materials end up somewhere stable no matter what. There are many, many cautionary tales—huge collections sold on eBay by unpaid landlords, painstakingly developed Web sites switched off by heirs, failed museums infested with rats and mold.

Why It Matters

People readily see the history of books and printing as crucial to understanding the Enlightenment, the rise of science, and much of what made our world. But the origins of online knowledge get pigeonholed as something niche and off to the side—sometimes even by the people whose work makes it possible. Other fields build on their pasts—from science, to literature, to mechanical engineering, to fashion. Computing, so far, has been remarkably a-historical. New computer science Ph.D.s often graduate blithely ignorant of even the greatest pioneers of their chosen profession. Yet this perpetual sense of immaculate conception may come under pressure as the field matures. For instance, you can justly blame the current plague of patent infringement cases on the sloppiness of the U.S. Patent Office or on the patent trolls. But if engineers were better versed in what had been done before, fewer of them might be wasting effort reinventing the wheel in the first place. For a standards-creating organization like the IETF, having absolutely clear archives of when things were decided and under what rules is good practice in terms of liability. It also helps reduce the inevitable murk around claims and counter claims for innovations.

Next Steps

We’re just beginning conversations about what form networking history might eventually take within the IETF and ISOC. The new mailing list (net-history@ietf.org) has been active since the BoF, and we’ve continued our collaboration with Brad Fidler at UCLA, who has brought in some talented students to work on ways of bringing together historical materials with the archives that might save them. One, Jacob Ferrari, has investigated tools for collecting information on both repositories and at-risk materials, and began inventorying the holdings at UCLA. We’ve formed initial ties with the IT History Society, which maintains central lists of all kinds from historical Websites to past software projects. They’ve agreed to create a version of their existing database of IT history organizations around the world for the needs of this group. In the West and in some Asian countries, there are a number of science and technology museums and similar institutions you might offer historical materials to as a starting point. But in much of the rest of the world, it’s not so simple. For instance in East Africa, which has become a global center for innovation in mobile phone applications, there is no obvious institution set up to preserve that history. The same is true of South America, which has done pioneering work over several generations of computing. This is where local knowledge and contacts can be essential. One of the networking history efforts we invited to present at the end of the BoF was the Asia Internet History Projects (http://internethistory.asia/), run by Kilnam Chong. They are in the process of setting up a point person in each major country or region, to address its particular online history. BoF instigator Jake Feinler has sent a draft proposal to the mailing list for how we might form a similar network of contacts to assist in our goals of matching materials with repositories. We already have our first regional point person in Federico Novak of Argentina, who is another student working with us through UCLA. Besides the IETF itself, both the IT History Society and the IFIP History of Computing Working Group will be helpful in identifying and reaching partners in different regions.

Getting Involved

You can find the draft charter and the slides we presented at  http://www.ietf.org/proceedings/86/history.html. The Agenda is at https://datatracker.ietf.org/meeting/86/agenda/history/. Please join the Networking History mailing list, and invite anybody else you think would be interested (https://www.ietf.org/mailman/listinfo/nethistory/). We’ll send the proposal for expanding a formal archiving function within the IETF to the mailing list. You can find the proposal for expanding a formal archiving function within the IETF at http://bit.ly/12SABu1. We’re seeking volunteers from the IETF and beyond to help us identify repositories and at-risk materials, as well as to potentially work on archiving materials within the IETF itself. If you can help, please write to Jake, Dave, or myself at the below addresses. Marc Weber, chair, marc@webhistory.org Jake Feinler, instigator, feinler@earthlink.net Dave Crocker, advisor, dcrocker@bbiw.net

About the Author

Marc Weber is founder and curator of the Internet History Program (http://www.computerhistory.org/nethistory) at the Computer History Museum in Silicon Valley. He developed the Web, Networking, and Mobile galleries of the Museum’s permanent exhibition. He pioneered Web history as a topic starting in 1995 with crucial help from the Web’s main inventor, Sir Tim Berners-Lee, and early colleagues. Weber cofounded two of the first organizations in the field. He consults on the history of the online world to companies, museums, the media, universities, and patent firms.]]> 452 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/growing-interest-in-revisiting-aqm-recommendations/ Mon, 01 Jul 2013 16:28:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=460 http://www.ietf.org/proceedings/86/minutes/minutes-86-tsvarea). There was strong support for initiating work on the topic in the IETF, to work on documenting new AQM algorithms, developing informational documents and working with other areas to understand where similar issues arise. Work is already underway to revise RFC 2309 in light of the experience and developments of the intervening years since its initial publication, and a new mailing list for discussion of AQM developments has been formed (https://www.ietf.org/mailman/listinfo/aqm). A BoF proposal has been submitted for the IETF 87 meeting in Berlin where the discussion will continue and where a more detailed work plan will be developed. Widespread deployment of configuration-free AQM holds the promise of an Internet where it is the exception, rather than the rule, that real-time and interactive applications like voice and video communications tools suffer in the presence of throughput-maximising file transfers and other bandwidth-intensive flows. This would be a significant step forward—IETF work in this area deserves our close attention.]]> 460 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/routing-state-distance/ Mon, 01 Jul 2013 16:29:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=465 Proc. ACM Internet Measurement Conference (IMC), November 2012, Boston, MA, USA. http://cs-people.bu.edu/goncag/papers/imc12-rsd.pdf]]> 465 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-6/ Mon, 01 Jul 2013 16:31:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=467 Aggregated Service Discovery (aggsrv) Description: Service providers and enterprises commonly offer a variety of application services delivered over multiple protocols. A user will often consume these services from several endpoints, requiring service discovery or manual configuration for each service at each endpoint. Some of these services leverage existing standards-based discovery, such as DNS, DHCP, or UDDI, while others rely on some form of proprietary discovery. Still others do not support any form of discovery, requiring the manual entry of service access information. As the quantity and variety of these services grows, it becomes increasingly onerous for administrators to manage the disparate discovery mechanisms, and increasingly burdensome on users to provide configuration where discovery is not supported. This BoF meeting discussed forming a working group to standardise a simplified and efficient means for aggregated service discovery. Proceedings: http://www.ietf.org/proceedings/86/minutes/minutes-86-aggsrv Outcome: This was a very productive meeting that helped the group better understand the problem. Work will continue to draft a charter for a WG based on the discussion in Orlando with a view towards getting a working group formed prior to the next meeting in Berlin.

Javascript Object Notation (json)

Description: Javascript Object Notation (JSON) is a lightweight, text-based, language-independent, data-interchange format. It was derived from the ECMAScript Programming Language Standard and was published in RFC 4627, an Informational document. JSON has come into very broad use, often instead of or in addition to XML. This BoF meeting discussed forming a working group to move the JSON specification (RFC 4627) to Standards Track and to handle other JSON-related work in progress. Proceedings: http://www.ietf.org/proceedings/86/minutes/minutes-86-json Outcome: This was a very good meeting, and is likely to result in a chartered working group in the very near future.

History of the Internet (history)

Description: Computer networking, including the Internet, the Web, and mobile technology, is one of the most profound and exciting technologies of our time. It has affected the lives of billions of people, and its use continues to expand around the globe. It is important to record how such a thing came about, what it is, who developed it, how it spread, how it is used, and its impact on society—in short, its history. The online world is now so vast that recording what has happened in it and why is no small task. Many agree that the task could use collaboration and coordination. This BoF meeting discussed whether a working group should be formed to address how best to preserve the history of networking. Proceedings: http://www.ietf.org/proceedings/86/minutes/minutes-86-history Outcome: An interesting discussion took place, although it remains unclear what the charter for this kind of working group would actually look like. This may remain an occasional parallel activity. A research group in the IRTF has also been proposed to address this topic.

IPRbis (iprbis)

Description: Experience shows that BCP 79 needs a few updates. A draft is available with the proposed updates, and this BoF meeting provided the community with an opportunity to discuss the proposed changes. It was not intended to form a WG. Proceedings: http://www.ietf.org/proceedings/86/minutes/minutes-86-iprbis Outcome: A good discussion was had and the sense of the room was taken on multiple topics to get good community feedback on some of the more contentious or difficult issues with regard to revising the intellectual property rights (IPR) policy for IETF.

Large-Scale Measurement of Broadband Performance (lmap)

Description: Measuring broadband service on a large scale is important for network diagnostics by providers and users, as well for public policy. The large-scale measurement efforts that exist today often use proprietary, custom-designed mechanisms to coordinate the measurement agents on user networks, the communications between measurement agents and measurement controllers, and the uploading of results to measurement collectors. Standardizing these mechanisms would make it possible to build interoperable measurement capabilities, both active and passive, into home and enterprise edge routers, personal computers, mobile devices, and other edge devices that are offered and controlled by disparate entities across residential and small-enterprise networks, whether wired or wireless. Standards would help these capabilities become more pervasive, manageable, and directly comparable. This working-group forming BoF meeting discussed the questions of whether the scope of the proposed working group was clear and whether there was sufficient interest in doing the work from the community. Proceedings: http://www.ietf.org/proceedings/86/minutes/minutes-86-lmap Outcome: It was a very good meeting demonstrating strong community interest in the problem space under discussion. A high level of operator input to the discussion offered an encouraging sign. A few scope-related clarification questions were outstanding at the conclusion of the meeting; it is likely that a charter will be sent to the IESG for approval once those have been resolved.

Security Automation and Continuous Monitoring (sacm)

Description: Securing information and the systems that store, process, and transmit that information is a challenging task for organizations of all sizes. Many security practitioners spend most of their time on manual processes that relegate those systems[MS2]  to ineffectiveness. The key to escaping this rut is security automation to collect, verify, and update system configurations with the ability to prioritize risk based on timely information about threats. This BoF meeting discussed whether to form a working group to develop security automation protocols and data format standards in support of information security processes and practices. Proceedings: http://www.ietf.org/proceedings/86/minutes/minutes-86-sacm Outcome: This was a more focussed discussion than was had during the first BoF meeting on this topic. There is clearly interest from the community on working on this topic, although there is still further work to be done to clearly articulate the scope of any potential working group.]]> 467 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lightweight-4over6-efforts-debuted-at-ietf-85/ Fri, 01 Mar 2013 16:58:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=559

lwB4. Performs the NAPT function and encapsulation/decapsulation of IPv4/IPv6. It is provisioned with a public IPv4 address and a port set, which is used to restrict the external ports used by the NAPT function to source packets. The NAPT function is colocated in the lwB4.

lwAFTR. Performs the encapsulation/decapsulation of IPv4/IPv6. It is also responsible for forwarding incoming packets to the appropriate lwB4, and outgoing packets to the IPv4 network.

Provisioning system. Configures the lwB4 with the Public IPv4 address and port set.

Lightweight 4over6 decouples IPv4 and IPv6 address architectures, which means that it doesn’t require IPv4 address information to be embedded in the IPv6 address. As a result, flexible and independent IPv4/IPv6 addressing schemes can be used, enabling operators to efficiently utilize public IPv4 addresses without affecting existing IPv6 address schema. The solution simplifies address planning and increases the lwAFTR scalability. Currently, the Lightweight 4over6 design team includes seven operators, including China Telecom, France Telecom, Deutsche Telekom, and Comcast; and eight vendors, including Huawei, GreenNet, and FiberHome. Two interoperability tests have been carried out with the participation of Huawei, GreenNet, Fiberhome, Yamaha, BII, Tsinghua, and China Telecom. The first test was conducted at Tsinghua University from 22–29 October 2012; the second test was conducted by the CNGI committee in Beijing University of Posts and Telecommunications from 12–15 November 2012. This test consisted of seven lwB4s and four lwAFTRs. More than 1,400 test cases have been run between them. See figure 2. Inspired by the IETF mantra of “rough consensus and running code” to expose IETF technologies to real operator requirements and scenarios, the Lightweight 4over6 design team demonstrated their prototypes during IETF 85 with the hope of gaining community feedback. Figure 3 shows the topology of the demonstration, which included: • five hosts, including one Android host with built-in lwB4 function and a Windows 7 host with built-in lwB4 function, • four CPEs embedded the lwB4 function, • three lwAFTRs, • one DHCPv4 server, and • one Ethernet switch connecting all the devices together and connected to the IETF dual-stack router for external connectivity. The demonstration illustrated three scenarios, which are labeled as 1, 2, and 3 in figure 3. Scenario 1 comprised two CPEs with built-in lwB4. CPEs were provided by Huawei and Tsinghua. Also in this scenario, was an lwAFTR (also acting as a DHCP relay) and a DHCPv4 server, both provided by Huawei. The IPv4 provisioning method was DHCPv4-over-IPv6;6 and the lwB4s were provisioned with the same public IPv4 address from DHCPv4 server with different port sets.7 Port set allocation policy was statically configured in the DHCPv4 server. Scenario 2 comprised two lwB4s—one CPE based and one Android mobile host based, both provided by Huawei and Tsinghua. The lwAFTR (acting as a DHCP server) was provided by Tsinghua; the DHCP server embedded in the lwAFTR provisioned a second public IPv4 address with different port sets to the two lwB4s. Port-set allocation was dynamically managed by the DHCP server. For both scenarios 1 and 2, the team set up two WiFi APs, which were broadcasting SSID lw4o6-1 and lw4o6-2, thereby enabling the audience to experience Lightweight 4over6 on their own devices. Scenario 3 comprised a lwB4 connecting to an lwAFTR, both provided by GreenNet. The lwB4 requested the IPv4 address and available port set from the lwAFTR using PCP protocol.8 The team demonstrated Lightweight 4over6 via a variety of IPv4 applications, including web browsing, video streaming, VoIP (e.g., Skype), and peer-to-peer multimedia (e.g., PPLive), running on a range of devices, including smart phones, laptops, and tablets. Audience participants could not detect that they were actually connected to an IPv6-only network. Spectators—including operators and vendors—offered many valuable comments and raised many good questions, including one about Lightweight 4over6 deployment scenarios. Lightweight 4over6 can be deployed in IPv6-only access network and continue to provide IPv4 connectivity for IPv4 services. The deployment scenarios of Lightweight4over6 are similar to that of DS-Lite. Testing and deployment of this mechanism is happening around the globe. China Telecom has been running a Lightweight 4over6 field trial in Hunan Province, China, since early 2012 that includes lwAFTR deployed at the entrance to the metropolitan area network (MAN), and the lwB4 function deployed in subscribers’ customer-premises equipment (CPE).9 China Telecom plans a larger-scale deployment in the year 2013. Germany’s Deutsche Telekom (DT) is presently testing Lightweight 4over6, and has completed lab testing on the functionality of the lwB4 and lwAFTR. So far, their implementation has been proved to be simple and stable.10 Spectators also inquired about the relationship between Lightweight 4over6 and DS-Lite. Lightweight 4over6 puts the NAPT function in the lwB4. The lwB4 is then given a public IPv4 address and a restricted port-set., and the lwB4 uses this information to perform a NAPT function for IPv4 connections. DS-lite puts the NAPT function in the address-family transition router (AFTR) and provides more dynamic NAPT functions among hundreds of B4s. For NAPT-state management, Lightweight 4over6 requires per-subscriber state in the AFTR. In contrast, DS-lite requires per-session state in the AFTR. Despite these differences, DS-Lite and Lightweight 4over6 are compatible and can be deployed together to provide different user services based on a service agreement. References 1. Cui Y., Dong J., Wu P., et al., “Tunnel-based IPv6 Transition,” IEEE Internet Computing, April 2012. 2. Durand A., Droms R., et al, Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion, IETF RFC 6333, August 2011. 3. Cui Y., Wu P., Xu M., et al., “4over6: Network Layer Virtualization for IPv4-IPv6 Coexistence,” IEEE Network, October 2012. 4. Cui Y., Sun Q., Boucadair M., Tsou T., Lee Y., and Farrer I., Lightweight 4over6: An Extension to the DS-Lite Architecture, draft-cui-softwire-b4-translated-ds-lite-09, October 2012. 5. Cui Y., Wu J., Wu P., Vautrin O., Lee Y., Public IPv4 over IPv6 Access Network, draft-ietf-softwire-public-4over6-04, October 2012. 6. Cui Y., Wu P., Wu J., Lemon T., DHCPv4 over IPv6 Transport, draft-ietf-dhc- dhcpv4-over-ipv6-05, September 2012. 7. Sun Q., Lee Y., Sun Q., Bajko G., Boucadair M., Dynamic Host Configuration Protocol (DHCP) Option for Port Set Assignment, draft-sun-dhc-port-set-option-00, October 2012. 8. Sun Q., Boucadair M., Deng X., Zhou C., Tsou T., Perreault S., Using PCP to Coordinate Between the CGN and Home Gateway, draft-tsou-pcp-natcoord-09, November 2012. 9. Sun Q., Xie C., Lee Y., Chen M., Deployment Considerations for Lightweight 4over6, draft-sun-softwire-lightweight-4over6-deployment-02, July 2012. 10. Farrer I., Durand A., lw4over6 Deterministic Architecture, draft-farrer-softwire-lw4o6- deterministic-arch-01, October 2012.]]> 559 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-untethered-internet-society-panel-debates-the-future-of-mobile-internet/ Fri, 01 Mar 2013 17:02:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=564 564 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-7/ Fri, 01 Mar 2013 17:04:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=572 http://irtf.org/anrp for more information about the award and past winners.]]> 572 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/returning-fellows-offer-added-value-to-ietf-meetings/ Fri, 01 Mar 2013 17:05:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=579 579 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellowship-to-the-ietf-programme-welcomes-fellows-with-dinner-and-cheer/ Fri, 01 Mar 2013 17:06:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=583 583 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comcast-facebook-engineers-win-itojun-service-awards-2/ Fri, 01 Mar 2013 17:11:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=596 596 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-10/ Fri, 01 Mar 2013 17:12:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=601 Internet Video Codec (videocodec) Description: To quote from the proposed charter for a working group on this topic, “According to reports from developers of Internet video applications and operators of Internet video services, there is no standardized, high-quality video codec that meets all of the following three conditions: 1. Is optimized for use in interactive Internet applications. 2. Is published by a recognized standards development organization (SDO) and therefore subject to clear change control and IPR disclosure rules. 3. Can be widely implemented and easily distributed among application developers, service operators, and end users. The goal of this working group is to ensure the existence of a single, high-quality video codec that can be widely implemented and easily distributed among application developers, service operators, and end users. At present it appears that ensuring the existence of such a codec will require a development effort within the working group.” The objective of this working-group-forming BoF meeting was to understand the problem and solution space, close any open issues with the proposed charter, determine if people are willing and able to do the work (write, review, code), determine if the IETF is the right place to do the work, and determine if a working group would have a reasonable chance of success. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-videocodec Outcome: A mostly positive discussion highlighted a few issues with the proposed charter that need further work. It is expected that a revised charter will be proposed by the next meeting.

RFC Format (rfcform)

Description: Discussion on RFC formatting. The BOF worked through some of the overriding assumptions, the existing requirements to be kept in any revised format, new requirements, RFC Editor requirements, and existing requirements that can be retired. For a summary of the more contentious issues relating to RFC format, see http://www.rfc-editor.org/rse/wiki/doku.php?%20id=formatsummary. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-rfcform Outcome: The attendees provided detailed feedback on the various requirements and assumptions up for discussion. Discussion continues on the list (https://www.rfc-editor.org/mailman/listinfo/rfc-interest).

Interface to the Routing System (irs)

Description: The Interface to the Routing System (IRS) provides a common, standard, read/write interface that allows access to the information that enables the routing components of routing elements in the network. This BoF meeting was held to determine the focus and support for work within the IETF to specify abstract data information models, specific data models, and protocols to operate the IRS. The BoF did not assume that new data modelling languages or protocols will be required—that decision is expected to form part of the analysis carried out by a working group, if one is formed. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-irs Outcome: This was a productive meeting that showed strong support for working group formation with a reduced scope (i.e., fewer chartered documents to produce). The discussion to refine the charter will continue and it is hoped that a working group will be formed by the next IETF meeting.

Security Automation and Continuous Monitoring (sacm)

Description: This was a working-group-forming BoF. If formed, the SACM working group will develop, where practical, security automation protocols and data format standards in support of information security processes and practices. These standards will help organizations better utilize security practitioners by automating the routine tasks related to endpoint and server security, thereby enabling practitioners to focus on more advanced tasks. The initial focus of this work is to address enterprise use cases. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-sacm Outcome: The meeting concluded that the problem space is reasonably well understood, that standardisation is required, and that the IETF is the right place to do the work. There was consensus to create a new working group to tackle this, focussing initially on architecture and requirements as key foundational pieces of work needed to understand next steps.

Certificate Transparency (certrans)

Description: This non-working-group forming BoF discussed plans to specify mechanisms and techniques that allow Internet applications to monitor and verify the issuance of public X.509 certificates, such that all issued certificates are available to applications, and each certificate seen by an application can be efficiently shown to be in the log of issued certificates. Furthermore, it should be possible to cryptographically verify the correct operation of the log. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-certrans Outcome: The meeting discussed several options and concluded that an AD-sponsored experimental RFC was the right thing to do with draft-laurie-pki-sunlight. It may make sense to form a working group after that. In the interim, it was suggested that an Internet Architecture Board workshop on this topic might help make progress.

Extensions to the Bonjour Protocol Suite (mdnsext)

Description: This was a working-group-forming BoF regarding the following problem. Currently, zeroconf networking protocols are generally used to discover services within the scope of a single link (e.g., mDNS and DNS-SD). The problem is how best to extend these protocols beyond a single link, such as in future multilink home networks (as envisaged by the homenet working group), or in routed campus or enterprise networks. As demand for service discovery across routed networks grows, vendors are beginning to ship their own early solutions. It is both timely and important that efforts to develop improved, scalable, service-discovery solutions for routed networks are coordinated toward the production of a single, standards-based solution. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-mdnsext Outcome: This was a good meeting with lots of participation and strong support from attendees to work on this problem and review documents. More work is needed to refine the proposed charter. It is hoped that a working group can be chartered by the next IETF meeting.

Fixed Mobile Convergence (fmc)

Description: Fixed/mobile convergence (FMC) deals with the issues surrounding the interactions of fixed and mobile networks. Of specific interest are issues with serving access to the user terminals that requires the sharing of subscribers’ policies between the fixed and mobile networks. Existing deployment scenarios range from wireless local area network (WLAN) access points directly connected to a mobile-operators core via mobile-operator owned WLAN access points to one or more access points controlled by a fixed-network operator or single access points at residential premises. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-fmc Outcome: The proponents of this work received strong feedback that they have a lot more work to do to clarify the problem they are trying to solve. Very few of those in attendance understood the presented use cases. Taking some of these use cases to the Broadband Forum might be a next step toward identifying those gaps that need to be addressed in the IETF.

HTTP Authentication Mechanisms (httpauth)

Description: Both versions 1.0 and 1.1 of hypertext transfer protocol (HTTP) can run over a secure or an insecure transport. By default, the user is not identified or authenticated. But HTTP does contain a framework for user authentication. Existing standards provide two authentication methods: – Basic: analogous to point-to-point protocol’s (PPP’s) password authentication protocol (PAP) – Digest: analogous to challenge-handshake authentication protocol (CHAP) or MD5-Challenge Both of these authentication methods are considered insecure. This BoF meeting discussed whether an IETF working group should be formed to develop a better authentication mechanism for HTTP. Proceedings: http://www.ietf.org/proceedings/85/minutes/minutes-85-httpauth Outcome: The meeting exposed two schools of opinion regarding the merits of this proposal. One group believed this should be chartered immediately to solve an obvious problem. The other group felt that it is still unclear what the scope of useful work would be and that chartering a working group without a clear scope would likely lead to failure.]]> 601 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair/ Fri, 01 Nov 2013 15:21:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=256 Appointments In July, the NomCom announced the appointment of Erik Nordmark to the IAB, filling the seat vacated by Spencer Dawkins, who accepted the Transport Area Director position. The IAB thanks Spencer for his service. The IAB appointed Bob Hinden to another term on the Internet Society Board of Trustees. During the Board meeting in Berlin the day after IETF 87, Bob was elected chair of the ISOC Board. Congratulations Bob! Two liaison manager positions closed. The IAB thanks Fred Baker for serving as liaison manager to the Smart Grid Interoperability Panel (SGIP) and Richard Barnes for serving as liaison manager to IEEE 802.23. There has been turnover in three liaison manager positions: the IAB appointed Scott Mansfield as the IETF Liaison Manager to the ITU-T, replacing Eliot Lear; it appointed Deborah Brungard as the IETF Liaison Manager to the ITU-T for Multiprotocol Label Switching (MPLS), replacing Scott Mansfield; and it appointed Jonne Soininen as liaison to the Internet Corporation for Assigned Names and Numbers (ICANN) Board, replacing Thomas Narten. The IAB thanks Eliot and Thomas for their service as liaison mangers.

Highlights since IETF 86

The IAB sent letters on open standards in the Transatlantic Trade and Investment Partnership (TTIP) to both the U.S. government and the European Commission. You can find these letters on the IAB website.[1,2] The IAB published a statement entitled, “Dotless Domains Considered Harmful.” You can find the statement on the IAB website.[3] The IAB responded to the ICANN Consultation on the Source of Policies and User Instructions for Internet Number Resource Requests. You can find the response on the IAB website.[4]

Appeal to the IAB

The IAB received an appeal from JFC Morfin regarding RFC 6852 on 8 July 2013 and answered the appeal on 17 July 2013.[5]

Upcoming IAB Workshop

The IAB is sponsoring a workshop on Internet Technology Adoption and Transition (ITAT). The workshop will be held on 4–6 December 2013 in Cambridge, UK. Participants were required to submit 3–10 page interest statements by 29 August 2013.

References

1. http://www.iab.org/wp-content/IAB-uploads/2013/07/TTIP_market_driven_standards_FINAL.pdf 2. http://www.iab.org/wp-content/IAB-uploads/2013/07/TTIP_market_driven_standards_EU_letter.pdf 3. http://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/ 4. http://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-response-to-iana-policies-user-instructions-25jun13/ 5. http://www.iab.org/appeals/2013-2/iab-response-to-the-appeal-regarding-rfc-6852-by-jfc-morfin/]]> 256 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair/ Fri, 01 Nov 2013 15:24:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=258 258 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-hosts-diversity-debate/ Fri, 01 Nov 2013 15:40:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=290 290 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-privacy-update/ Fri, 01 Nov 2013 15:42:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=296 HTTP 2.0 and Encryption by-default

The HTTPbis working group (WG) is working on a new version of HTTP (Hypertext Transfer Protocol), called HTTP 2.0. The working draft[1] introduces major changes to HTTP 1.1. In March 2012, at the IETF 83 meeting, the group decided against an HTTP 2.0 design using a secure-only version with mandatory-to-use TLS (Transport Layer Security). Recent debates regarding state-sponsored Internet surveillance, including an inspiring presentation[2] from the working group's chair, Mark Nottingham, motivated the group to revisit the decision.

The importance of these developments has already prompted mainstream media reports[3] and we expect the ongoing debate to be an interesting one. A solution that enables encryption by default is a privacy feature that many experts have been seeking for some time. It does, however, create a dilemma for firewall manufacturers, who struggle to intercept TLS communication in enterprise networks, particularly with the increase of bring-your-own-device (BYOD) deployments. Today, many enterprise-controlled devices, like laptops, come with a fake trust anchor installed to transparently terminate TLS connections at the company firewall. With BYOD this “trick” does not work anymore. Ideas, such as the TLS proxy, that would have allowed intermediaries to look into the traffic were quickly dismissed by meeting participants.

RTCWeb and E2E Media Security

The IETF has a long history of developing real-time communication protocols, including the Session Initiation Protocol (SIP), the Extensible Messaging and Presence Protocol (XMPP), and most recently, the RTCWeb (Real-time Communication in Web Browsers) protocol, which builds on the Web infrastructure and JavaScript. The core specifications of RTCWeb were developed in the RTCWEB WG and in the W3C. In addition to functional aspects, last meeting’s agenda included an item to discuss the key management protocol for establishing the necessary keying material and parameters for use with the Secure Real-Time Transport Protocol (SRTP), which is used to protect voice and video communication on an end-to-end basis. Two proposals were put forward: SDES (Session Description Protocol Security Descriptions) and DTLS-SRTP (Datagram Transport Layer Security–Secure Real-time Transport Protocol). SDES carries keying material along a signalling path such that signalling intermediaries can see the keying material. It’s simple to implement and convenient for those seeking lawful intercept functionality (or other forms of inspection) for end-to-end voice communication. DTLS-SRTP, on the other hand, uses DTLS to distribute the necessary keying material and provides increased protection against intermediaries and eavesdroppers. Hadriel Kaplan and Martin Thomson presented arguments in favour of SDES.[4,5] Eric Rescorla presented arguments for DTLS-SRTP.[6] For many meeting participants this was a critical decision and a number of security experts were in attendance to weigh in. By meeting’s end, participants were in favour of DTLS-SRTP.[7]

TLS 1.3: The Next Generation of Transport Layer Security

A side benefit of the design of HTTP 2.0, the work on RTCWeb, and the overall attempt to make the Web more secure (particularly for the mobile environment) is a renewed interest in the TLS WG. We’re seeing today a desire for both more security protection and lower communications latency, but cryptographic computations and the latency of the security handshake come at a cost. In response, major Web companies, most notably Google, are looking at ways to optimize TLS. New developments include application layer protocol negotiation to allow the demultiplexing of HTTP 1.1 and HTTP 2.0 payloads, OCSP (Online Certificate Status Protocol) stapling and multiple OCSP stapling to avoid requiring separate protocol exchanges to check the status of certificates, TLS channel IDs to develop a “cryptographic cookie” at the TLS layer, and mostly recently, TLS 1.3. Eric Rescorla, TLS WG co-chair and TLS author, offered an overview of some of the TLS 1.3 design characteristics,[8] and although he describes the changes as minor, compared to earlier TLS versions they include major improvements (e.g., the addition of a Diffie-Hellman exchange to avoid passive eavesdropping on the TLS exchange, a privacy increasing functionality). Privacy concerns came up in a number of TLS WG discussions. There appears now to be a better understanding of the need to consider privacy issues when designing TLS protocol extensions.

IAB Privacy Considerations

The IAB (Internet Architecture Board) privacy considerations document was published as RFC 6973.[9] To inform the IETF community about the new guidelines, the IAB privacy program devised a tutorial,[10, 11] which they piloted at IETF 87 in order to solicit feedback. A revised tutorial for a much larger audience is planned for IETF 88 in Vancouver (November 2013). The IETF security area directors plan to publish a document that requires IETF document authors to address privacy in their protocols. The IAB document is currently used for guidance, but the Internet Engineering Steering Group (IESG) is in a much better position to encourage document authors to consider privacy. This approach will be similar to the approach taken with security in BCP (Best Current Practice) 107 and BCP 61.

Tor and the IETF

Members of the Tor project, including Jacob Appelbaum and Linus Nordberg, attended the IETF 87 to discuss the PRISM revelations, share information about their work, and determine what collaboration with the IETF might look like. In addition to side meetings, a presentation at the Security Area Advisory Group[12] was made and a mailing list (perpass@ietf.org) created to foster continued conversation. Cooperation with the Tor community could provide the IETF with additional insight into fingerprinting prevention and the state of middleboxes throughout networks (see Tor’s Open Observatory of Network Interference project[13]). The Tor community could benefit from additional reviews and involvement of the IETF community in their ongoing projects.

Security Incident Information Sharing

High-profile data breaches and security incidents on the Internet are gaining more and more attention from the Internet community, the public, and governments around the globe. A variety of cybersecurity activities have recently been launched, including the European Union’s CyberSecurity strategy, the European Commission-created Network and Information Security Platform, and the NIST (National Institute for Standards and Technology) CyberSecurity Framework. Sharing security incident information is critical to improving awareness of and ensuring a quicker response to security incidents. Just prior to IETF 87, the IETF held a workshop on its ongoing standardization efforts in the areas of incident and abuse information sharing. The workshop page contains slides from the presenters, including presentations about privacy and other legal aspects.[14] A workshop report is in progress. Workshop discussions underscored the fact that privacy issues are not well understood. For example, what information about the communication interactions is allowed to be collected? What can be shared with third parties and under what conditions? While some techniques have been deployed for some time already (e.g., spam filtering), it was not obvious from the discussions at the workshop how well these issues have been considered vis à vis data-protection frameworks. Further discussion is needed and recommendations will be developed as more sharing occurs and as IETF efforts progress, specifically in the Security Automation and Continuous Monitoring (sacm) WG [15] and in the Managed Incident Lightweight Exchange (mile) WG.[16]

Improving the Web Public Key Infrastructure (WebPKI)

Problems with the WebPKI received attention by the Internet security community when DigiNotar, a Dutch certificate authority, had a security breach, and then again in the same year when a Comodo affiliate was compromised. Both involved the fraudulent issue of certificates and raised questions regarding the strength of the PKI in use today. A compromise of the PKI leads to privacy violations as it allows an attacker to intercept encrypted communication. Almost two years have passed since the aforementioned incidents and new technical mechanisms have been developed—including DANE (DNS-based Authentication of Named Entities), key pinning, and certificate transparency. But very little has happened in terms of actual deployment and similar attacks could still occur. In April 2013, NIST held a workshop on “Improving Trust in the Online Marketplace” and invited stakeholders to discuss technical options for improving the state-of-the-art. It became clear that there exist very few organizations with the technical expertise, appropriate membership model, and independence required to lead the follow-up discussions. The IAB will work with the Internet Society on how to proceed on this topic. A meeting is planned for IETF 88 and a workshop will be organized in 2014.

Looking ahead to IETF 88 Vancouver

Just prior to publication of this article, Bruce Schneier published an article suggesting that IETF 88 be dedicated to discussing how to make surveillance more expensive.[17] In response, Jari Arkko, IETF chair, and Stephen Farrell, IETF security area director, shared their views about pervasive surveillance in a blog post.[18] Discussions continue on the IETF mailing list [19] and on the perpass mailing list (perpass@ietf.org), about specific steps the IETF can take as a standardization body and steps the wider Internet community can take. Lots of ideas are being bounced around and the open nature of the IETF is, as expected, facilitating a fruitful exchange. I encourage you to contribute your views to the discussion.

References

1. http://datatracker.ietf.org/doc/draft-ietf-httpbis-http2/ 2. http://www.ietf.org/proceedings/87/slides/slides-87-httpbis-3.pdf 3. http://gonzaloraffoinfonews.blogspot.co.at/2013/08/internet-launches-fightback-against.html 4. http://www.ietf.org/proceedings/87/slides/slides-87-rtcweb-2.pdf 5. http://www.ietf.org/proceedings/87/slides/slides-87-rtcweb-3.pdf 6. http://www.ietf.org/proceedings/87/slides/slides-87-rtcweb-5.pdf 7. http://www.ietf.org/proceedings/87/minutes/minutes-87-rtcweb 8. http://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf 9. http://tools.ietf.org/html/rfc6973 10. http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_PRIVACY_TUTORIAL&chapter=part_1 ( recording) 11. http://www.iab.org/?attachment_id=7038 (slides) 12. http://www.ietf.org/proceedings/87/slides/slides-87-saag-5.pdf 13. https://ooni.torproject.org/ 14. http://siis.realmv6.org/ 15. http://datatracker.ietf.org/wg/sacm/charter/ 16. http://datatracker.ietf.org/wg/mile/charter/ 17. http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying 18. http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ 19. http://www.ietf.org/mail-archive/web/ietf/current/msg82071.html]]> 296 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-fellow-sets-rfc-milestone/ Fri, 01 Nov 2013 15:44:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=301 301 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/its-time-to-give-online-games-serious-consideration/ Fri, 01 Nov 2013 15:46:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=306 IETF Journal June 2012, Volume 8, Issue 1) After the informal session in Paris, Wes Eddy suggested that I organize a more-formal tutorial and announce it in advance to get more people interested. Although online games have become increasingly popular, we wondered if the IETF community was interested in learning more about them. I enlisted the help of Mirko Suznjevic of the University of Zagreb, who’d just received a fellowship for attending the IETF meeting in Berlin. We’d previously collaborated on some research articles, mainly about the traffic of massively multiplayer online role-playing games (MMORPGs), one of today’s most popular game genres. We talked with the Transport Area directors, and they encouraged us to prepare the tutorial. They also granted us a slot in the Transport Area Open Meeting at IETF 87. The main objectives of the presentation, after a succinct overview of the online games market, were to inform the IETF crowd about the traffic characteristics of online games and to play a variety of game genres to illustrate in real time the impact of network impairments on a player’s quality of experience (QoE). Since many IETF members were interested in experiencing first-hand the effect of network impairments (i.e., delay and packet loss) on game playability, we decided to have volunteers play instead of demonstrating the games ourselves. At the onset of our overview, we shared global data that illustrate the size of the gaming industry. Those who think that gaming is only for minorities are mistaken. The current number of players worldwide is estimated to be 1,200 million, with a very high percentage of gamers in Asia and the Pacific region. In recent years, the gaming industry as a whole has shifted towards online gaming. Facebook has confirmed that it has more than 250 million unique players a month. League of Legends, the online game with the record for most concurrent players, has more than 3 million concurrent players at peak times. In addition, every next-generation game console now includes a network interface. It’s safe to assume that the amount of game traffic on the network will continue to increase. Most session attendees were surprised to learn that:

• The average age of a game player in the United States is 30 years old.
• Adult women in the United States represent a greater portion of gamers (30 percent) than do boys age 17 or younger (18 percent).

We also summarized different game architectures. Today, there is a strong predominance of client-server schemes. The biggest reason is that they permit better control of the server, which translates into good synchronization between players. Other reasons include the deterrence of cheating (some players modify the packets in order to gain an advantage over others) and easier billing. In recent years, a trend has arisen in gaming business models: pay-to-play models (e.g., game client purchase, subscription-based games, etc.) are being replaced by free-to-play models, in which the game is free, but additional content or cosmetic and usability improvements are offered for microtransactions. In this model, a player can either spend a week trying to get a new item (e.g., a sword, a car, camouflage paint) or buy it immediately for a small sum. The Internet is the part of the problem that the gaming company does not control—upon installation of the application, all 3D information about the game’s virtual world is stored in the user’s hard disk. We showed a World of Warcraft folder that comprised 25GB of data as an example. This model enables games to function with very low bandwidth requirements: they need only send information containing the player’s commands and inputs, in addition to chat and built-in voice systems. All textures, characters, and landscape meshes reside on the hard disk—they need not be transmitted during play. As a result, the main characteristic of gaming traffic is very small packets (a few tens of bytes) sent at a fast pace. Similar to VoIP, interactivity is critical. The bandwidth sent is quite low—in some cases tens of kilobits-per-second, and a player’s actions are transmitted to the server in milliseconds. This ensures that the competition between players is realistic and not a case of the gamer with the highest delay being severely penalized. We also presented an approach used by cloud-based games in which clients are “thin,” and servers calculate the virtual-world state and send a high-quality video stream to the player’s client. The client then sends the player’s commands to the server. This approach results in very different traffic characteristics, including significantly higher bandwidth usage. The effect of network delay and packet loss on playability is a critical concern of online game developers, network operators, and Internet service providers. Players are very difficult customers to deal with—if a game does not work properly, they may leave the game and never return. For this reason, gaming companies tend to simplify the problem with a goal of 24/7 workability and very low network delay. In order to show the IETF audience the effect of network impairments on playability, we had two volunteers play three rounds of a first-person shooter (FPS) game on a dedicated server. They played the first round as normal. During the second round, we added 300ms (round trip ) of latency to one of the players via a network emulator. During the third round, we added 10 percent packet loss. Although the FPS game was resilient to our imposed impairments, particularly the loss, some negative impact was observed: the video was not continuous and it went back in certain moments. Since manageability was reduced, the player with the network impairments had a higher probability of being shot. Even so, the impairments did not significantly affect performance and both players reported that their quality of experience (QoE) was not significantly degraded. In another demonstration, we had two different volunteers play three duels on the public server of a MMORPG. The same scenarios were executed: normal network conditions, 300ms of latency, and 10 percent of loss. Due to the MMORPG using TCP (transmission control protocol), a much more significant impairment was reported by the player with the high loss rate. In summary, our tutorial presented the audience with some important high-level information about the game industry, gaming traffic characteristics, and game QoE issues. As online games become an increasingly significant market, we believe that the IETF should consider game characteristics and requirements during the standardization process.]]> 306 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-tackles-transient-congestion/ Fri, 01 Nov 2013 15:48:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=311 311 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/latin-american-participation-in-the-ietf-ietf-lac-task-force-begins-long-term-mission/ Fri, 01 Nov 2013 15:51:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=317 1 all kinds of discussions arose around the venue, cost, security, language, politics, and even objectives and value of holding a meeting where local participation is still relatively low. But results from a survey conducted by the IAOC indicated that a significant number of people would attend an IETF meeting in South America.² What does this mean to the region? Is it an indication of the impending explosive growth in participation from Latin America? Hardly. While having a meeting in the region may help in raising awareness, there’s no clear correlation between it and increased participation or the quality of the work. Discussions were also held at the regional level. We talked about the potential impact and expectations of having the IETF meet locally and about the barriers of entry. Most important, we talked about what should be done. In true Latin fashion, we put perceived limitations aside and focused on the long term. Before the end of May 2013, less than a week after the original IAOC message, the Latin American and the Caribbean Network Operators Group (LACNOG)³ chartered the IETF LAC Task Force⁴ with the objective of encouraging the participation of people from the region in IETF processes and discussions. Some of the goals include:

• Being a mechanism for introducing new people to the IETF
• Providing a place where people can discuss drafts in their own language (Spanish, Portuguese, English)
• Providing a place where Latin authors can send their drafts and get feedback from their peers

Note that the intent of the task force is not to create a parallel organization, but to ease new participants into the IETF process by facilitating discussions in their local languages. Also, the charter of the group is not tied to whether or not an IETF meeting occurs in Latin America. LACNOG’s Program Committee wisely decided to create a task force that will transcend time and promote growth in the region for many years to come. It is an honor to have been nominated and confirmed as the first chair of the IETF-LAC Task Force. I was born and raised in Costa Rica and have spent the past 18 years working and living in the United States—taking every opportunity to support Latin America’s technological growth. With the strong support from LACNOG, LACNIC, the Internet Society and the whole LAC community, we’re building robust momentum. Our first order of business is to increase awareness of the IETF standardization process and the work done in it. To that extent, a grassroots effort out of Brazil kicked off to create a bound version of the Tao of IETF⁵ in Spanish, Portuguese, and English to be available soon so that new participants have a lasting memory of their initial encounter with the IETF. Another local effort is brewing in Mexico to reach out more to both academia and local communication companies. An IETF Tutorial was first presented at LACNOG 2012 in Uruguay. We are currently refining it for presentation in October at the LACNOG 2013 meeting in Curaçao. In addition, it has become a constant on the agenda to talk about current “Hot Topics” being discussed in the IETF. A pre-IETF meeting was created to share interesting topics to be discussed (guided by the authors and leaders from the region). The first such meeting was held a couple of weeks before IETF 87; another is planned for just before IETF 88. On the technical side, the group hasn’t been focusing on finding regional problems to be solved; we believe that most of the issues facing the Internet are global in nature. Interesting discussions, which have already resulted in the publication of at least two Internet-Drafts, have been held around topics as varied as peer-to-peer, RDAP bootstrapping, net neutrality, SDN, IPv6 measurement, monitoring, security and address reservation, certificate transparency, and geolocalization. The technical depth and breadth of the region is impressive! It’s been a very exciting few months. We’ve been able to tap into an active and very diverse group of people in the region. Our plans are ongoing, extensive and include a partnership with the Internet Society. We look forward to expanding the reach of the IETF. References

1. IETF Meeting in South America, http://www.ietf.org/mail-archive/web/ietf/current/msg79456.html
2. Conclusions on South American IETF Meeting, http://www.ietf.org/mail-archive/web/ietf-announce/current/msg11619.html
3. Latin American and the Caribbean Network Operators Group (LACNOG), http://www.lacnog.org/
4. IETF-LAC mailing list, https://mail.lacnic.net/mailman/listinfo/ietf-lac
5. The Tao of IETF: A Novice’s Guide to the Internet Engineering Task Force, http://www.ietf.org/tao.html

]]> 317 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/protecting-consumers-from-fraud-a-story-of-industry-the-ietf-and-dmarc/ Fri, 01 Nov 2013 15:52:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=323 after a customer is victimized. A much better solution is to prevent a customer from becoming a victim in the first place. To explore solutions, senders like PayPal, JP Morgan Chase, and American Greetings worked with mailbox receivers such as Yahoo, AOL, Google, and Microsoft on a series of experiments. They focused on using emerging, open email authentication standards to find the “sweet spot” in how they could be effectively deployed for the most effective protection. By 2011 it was determined that the right mix was to use Sender Policy Framework (see http://tools.ietf.org/html/rfc4408) in combination with DomainKeys for Internet Mail (see http://tools.ietf.org/html/rfc6376), both of which are specifications being worked through the IETF. To learn how well the scheme was performing, the participants in the experiment instituted a method for the mailbox providers to send email authentication reports back to the senders. Once that was in place, the effectiveness of the model was obvious: for the first time, senders were able to see that in some cases up to 60 percent of email received was fraudulent. Given that the number of spoofed messages was staggering, this new stream of data was rigorously analyzed to ensure it was accurate. In the end, it was clear that email spoofing a particular domain could be entirely blocked using this new scheme. Unfortunately, it wasn’t a silver bullet against phishing, but it significantly degraded the unfettered attacks. However, companies still needed to figure out how to handle look-alike or cousin-domain attacks that try to masquerade as a sender, as well as common attacks that try to play with how From addresses are displayed in various mail clients. Further, questions remained about how to handle redistributed mail sent via discussion lists and automated forwarding services. Nevertheless, the success of the experiment was too important to ignore. The next step was to document the experiment as a specification describing the methodology and submit it to the IETF, the same standards body that nurtured the underlying technologies of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). As part of that exercise, the experiment was expanded to test the existing running code at Internet scale. In January of 2012 the group published the draft specification that became known as Domain-based Message Authentication, Reporting, and Conformance (DMARC). What happened next was unprecedented: within one year of the specification being made public, an estimated 60 percent of the world’s email boxes were protected by DMARC—that’s 1.976 billion email accounts. Breaking this down further, 50 percent of the top 20 sending domains had published a DMARC policy that resulted in 80 percent of the typical customers in the United States being protected—a phenomenal response that clearly endorsed the value seen in the more limited experiment. The amazing show of support changed the anticipated trajectory of the standardization plan. Rather than request the formation of an IETF working group (WG) to rework the specification, the authors discussed possible options with the IETF Applications Area WG and its Area Directors. Through conversation it became clear that there were some paths worth considering that would more closely follow the accelerated adoption curve associated with the draft DMARC specification. The end result was to ask an Applications Area Director to sponsor the specification as a candidate for the Standards Track, at the same time convening a Birds of a Feather (BoF) at IETF 87 in Berlin to discuss DMARC extensions and supporting materials. At the BoF, a charter for a proposed DMARC WG was presented, which drove a discussion about potential work items for the WG. Barry Leiba, one of the Application Area Directors, agreed to sponsor the specification with the caveat that messages sent to the IETF DMARC discussion list clearly said that community experts validated that the specification was ready to move to the Standards Track. Within a month of the BoF in Berlin, a handful of supportive comments by industry experts were sent to the discussion list. A few items were called out for further work on the DMARC specification, but many could be disposed of during the final-call phase of the Standards Track. While the DMARC specification could be tuned up, it’s clearly functional for its intended purpose and the community supports the process for standardizing it. It’s been nearly five years since DMARC started its journey and it is now nearing the point where it is recognized as a strong foundational technology on which the email community can rely. But, it’s incredibly important not to lose sight of the true goal of this work: protecting people from crime. All of us who work tirelessly on these processes should feel incredibly proud that what we do matters. There’s still room for improvement, but rough consensus and running code has already made a significant difference in the lives of a majority people with mailboxes around the world. For that I am grateful for the strong support of everyone involved and for the IETF structure that helps make work like this successful.]]> 323 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/secure-telephone-identity-revisited-bof-results-in-motivated-working-group/ Fri, 01 Nov 2013 15:54:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=328

Vishing (voice phishing): trying to gather login or financial information by impersonating a person or company

SWATting: calling an emergency service to get an armed response team dispatched to a given address

Validating a stolen credit card

Voicemail message theft

Disconnecting utilities

Delivering unwanted food

Anonymization means setting a caller ID to a random number to make the call untraceable or nonbillable. Anonymization is used to hide robocalling (automated dialing of telephone numbers for sales and fraud purposes that violate do-not-call laws), intercarrier compensation fraud, and Telephony Denial of Service (TDoS). In a TDoS scheme, a business that uses the telephone service for revenue is warned that unless they make an extortion payment, their telephone lines will be made constantly busy by robocalling. Schulzrinne discussed legitimate caller-ID spoofing applications, such as when a doctor returns a patient’s call from his personal mobile number but displays the office number as the caller ID. Call-center outbound dialing is another case, where the phone number displayed should be the main call-center number rather than the number of the individual agent. Issues with existing source identity approaches in SIP, such as the P-Asserted-Identity header field (RFC 3325) and Enhanced SIP Identity (RFC 4474) were also discussed. Shortcomings of the work done by the Verification Involving PSTN Reachability (VIPR) working group (WG) were presented, as well. Schulzrinne concluded by arguing that telephone-number spoofing is the root of almost all telephone network evil, and that a solution was needed or the role of the PSTN as a universal way for personal and commercial communication could be compromised. Next, Jon Peterson presented an “in-band” solution. This approach can be used in trunking connections between service providers or between a service provider and an enterprise. In this approach, information about who made the telephone number assertion in the From header field is carried in SIP Identity and Identity-Info header fields that can be cryptographically verified. No changes to any PSTN protocols are involved in this approach, which has some similarities to the techniques used to authenticate the source identity of SMTP email messages developed by the Domain Keys Identified Mail (DKIM) working group. Peterson argued that the Enhanced SIP Identity defined in RFC 4474 with some modification could provide a way for service providers to begin to require authenticated caller ID in intercarrier trunking. Service providers would need credentials so that only the correct service provider could assert particular E.164 telephone identities. With wide deployment and a regulatory mandate, this could eventually result in more-accurate caller ID and make robocalling and TDoS easier to prevent and block. Eric Rescorla presented an alternative solution known as the “out-of-band” solution. This approach attempts to provide a verification of caller ID asserted by the PSTN without making any changes to the PSTN or VoIP infrastructure. The verification is done over the Internet using a third party known as a Call Placement Service (CPS), which stores and validates Call Placement Records (CPRs), records stored in real-time about who is calling whom. A very similar architecture is used today by Apple’s iMessage service in which E.164 identities are used to route text messages over the Internet. For such a service to work, users need credentials that prove that they “own” or “control” a telephone number. With this service, users would immediately begin seeing authenticated caller ID improvements, assuming that the Call Placement Services and the necessary credentials were deployed. The resulting discussion focused on the threats and their outlined solutions. An important challenge for both methods is the allocation and validation of credentials for the service providers and users who are entitled to assert a particular E.164 telephone number as an identity. There was also some concern that although the in-band and out-of-band solutions are orthogonal, the out-of-band solution could distract from the in-band solution. Consensus calls taken by chairs Brian Rosen and Russ Housley established a strong interest in solving this problem in the IETF. Subsequent consensus calls showed interest in working on both the in-band and out-of-band solution. Less than a month after this successful BoF, the STIR WG was chartered, with Robert Sparks and Russ Housley as co-chairs. The charter language for the working group is to work on the in-band approach first, then work on the out-of-band approach. A useful overview Internet-Draft was submitted by Hadriel Kaplan called draft-kaplan-stir-fried. The STIR WG will meet for the first time at IETF 88. They’ve chosen a very aggressive timeline in which protocols are published by the middle of 2014. With the active participation of PSTN regulators, the protocol work of STIR will likely be referenced by new regulations and laws. Telephone users around the world can look forward to more-accurate caller ID and less telephone crime in the future once this working group completes its chartered items. For more information, visit the STIR Working Group page at https://datatracker.ietf.org/wg/stir/charter/ or to participate in the work, subscribe to the mailing list by visiting https://www.ietf.org/mailman/listinfo/stir.]]> 328 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-2/ Fri, 01 Nov 2013 15:56:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=337

Crypto Forum (CFRG)

Delay-Tolerant networking (DTNRG)

Internet Congestion Control (ICCRG)

Information-Centric Networking (ICNRG)

Network Complexity (NCRG)

Network Management (NMRG)

Software-Defined Networking (SDNRG)

In addition to the meetings of those already-chartered research groups, a new proposed research group on Network Coding held a second side meeting. The discussion was again positive, and the proponents are planning a third discussion during IETF 88 in Vancouver, Canada, in November. Since IETF 86, no new RFCs were published on the IRTF RFC Stream. This is not uncommon, given the low average publication numbers on the stream. A few RFCs are expected to be published on the stream before the next meeting. The large number of meetings in Berlin demonstrates that most RGs are active. One exception is the Routing RG, which has been dormant for a few meeting cycles. I would like to discuss with routing researchers how the group could be revitalized—please feel free to send me email or talk to me in Vancouver. The IRTF Open Meeting at IETF 87 was the venue for two Applied Networking Research Prize (ANRP) winners of 2013 to present their research. Te-Yuan Huang presented insights into the difficulties of rate adaptation for streaming video and Laurent Vanbever proposed a framework to facilitate seamless BGP reconfigurations. The final ANRP winner of 2013 will present at IETF 88.   Visit the ANRP home page at http://irtf.org/anrp to find out who it will be! For more information about the ANRP awards, see the article on  page 25. The 2014 nomination cycle of the ANRP is in full swing! Please nominate outstanding research papers. See http://irtf.org/anrp for details of the 2014 call for nominations and information about past winners. Please join the IRTF discussion list to stay informed about these and other happenings. The website is http://www.irtf.org/mailman/listinfo/irtf-discuss.]]> 337 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/video-streaming-rates-and-routing-protocol-reconfigurations/ Fri, 01 Nov 2013 15:57:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=341 341 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/record-number-of-students-attend-ietf-87/ Fri, 01 Nov 2013 15:59:17 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=347 347 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-maniac-challenge-at-ietf-87/ Fri, 01 Nov 2013 16:00:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=352 About the MANIAC Challenge During the MANIAC Challenge, competing teams form a wireless ad hoc network. Participants’ end devices are not only connected among each other, but also simultaneously connected to an infrastructure backbone. Teams are judged based on how much of their relayed traffic reaches its destination. The focus of this year’s MANIAC Challenge was on developing and comparatively evaluating strategies to offload traffic usually carried by infrastructure access points (e.g., providers) via ad hoc forwarding using handhelds (e.g., customers). The incentive for customers is discounted monthly fees, the incentive for operators is decreased infrastructure costs. The idea was to demonstrate forwarding strategies that don’t degrade user experience while offering significant mobile offloading on the infrastructure. The competition had multiple rounds, each round comprised multiple games. After each round, teams could refine their strategies. Each game started with a bidding request of a randomly selected access point (AP) to deliver a data packet to another randomly selected AP. The AP indicated the maximum budget available for this data packet, a fine, and a maximum packet delivery time. Based on the lowest offer, the AP selected a tablet for forwarding. Each handheld should deliver the packet to the destination, either via the ad hoc network or the backbone based on independent bidding. A fine must be paid in the case of unsuccessful packet delivery (e.g., packet loss or exceeding the packet delivery time).

Basic Setup

All devices (i.e., WiFi access points and tablets) operated in ad hoc mode. Tablets ran Android, OLSR (Optimized Link State Routing), and the MANIAC framework. The MANIAC framework included an API (application programming interface), which provided function calls for bidding and auction and for sending and receiving data, as well as full network topology information through OLSR, which teams leveraged for their forwarding strategies. Before the competition started, participants implemented a first version of their concept. Each team was free to design its own forwarding and bidding strategy, but it needed to comply with a detailed rule set. Challenge organizers monitored packets and collected statistical data to analyze the contest and identify incorrectly behaving nodes.

Global Participation

Five teams from North America, South America, and Europe participated in the MANIAC Challenge 2013. Isaac Supeene (University of Alberta), René Steinrücken (Hamburg University of Technology), and Asanga Udugama (University of Bremen) implemented selfishness as a virtue in MANETs (Mobile Ad-hoc Networks). The mobile offloading strategy from Alan Ferrari and Dario Gallucci (University of Applied Sciences of Southern Switzerland) was based on a Bayesian network. Di Li and Asya Mitseva (RWTH Aachen) tried a no-regret learning strategy. Cristian Chilipirea, Andreea-Cristina Petre, and Ciprian Dobre (University Politehnica of Bucharest) presented a wolf-pack strategy, in which rich nodes were taxed. Gabriel B. T. Kalejaiye, Joao A. S. R. Rondina, Leonardo V. V. L. Albuquerque, Tais L. Pereira, Luiz F. O. Campos, Raphael A. S. Melo, Daniel S. Mascarenhas, Marcelo M. Carvalho (University of Brasilia) followed a path-tightness strategy by analyzing the corresponding routing graph.

On-site Event

The MANIAC Challenge continued for two days. On the first day, students met at the Freie Universität Berlin, which provided the wireless setup to perform the on-site competition. Participants tested and refined their strategies during multiple rounds. The second day took place at the IETF venue and allowed MANIAC and IETF folks to discuss practical experiences. This half-day workshop included an overview about the MANIAC Challenge, presentations of the different offloading concepts, and talks from Stan Ratliff about the current state in the MANET working group and Henning Rogge about Freifunk and OLSR. One goal of the MANIAC Challenge was to involve young people in IETF/IRTF (Internet Research Task Force) activities. For most of the participants, IETF 87 was their first IETF experience. The Internet Society sponsored the students’ registration fees, which enabled the teams to attend the whole week. They enjoyed open-minded exchange in the different working and research groups.

Key Findings

A major problem was incompatible WiFi drivers that led to incorrect behavior between end devices. In contrast to the commonly applied infrastructure setting, nodes were oper-ated in ad hoc mode. Our experiences showed much worse performance compared to the infrastructure mode. On the networking layer, the Android port of OLSR raised some problems. Heterogeneous bidding strategies occasionally caused negative resonance due to the convergence of different training phases. But most important, we learned that experimenting with ad hoc networks and interesting offloading strategies can be fun!

And the Winners Are …

The winners of the MANIAC Challenge were announced during the IRTF Open Meeting on Tuesday. Two prizes have been awarded: the Performance and the Strategy Awards. The Performance Award went to the team with the maximum budget after all the rounds. The Strategy Award considered the most compelling concept. Lars Eggert presented the Performance Award to Isaac Supeene, René Steinrücken, and Asanga Udugama for a predictive-greedy strategy based on fine-grained, neighbor-node profiling. Mat Ford presented the Strategy Award to Gabriel B. T. Kalejaiye, Joao A. S. R. Rondina, Leonardo V. V. L. Albuquerque, Tais L. Pereira, Luiz F. O. Campos, Raphael A. S. Melo, Daniel S. Mascarenhas, and Marcelo M. Carvalho for their graph-analysis strategy driving towards more cooperation and lower network resource utilization.

Acknowledgements

The organizers of the MANIAC Challenge thank all its sponsors, in particular IETF, IRTF, and the Internet Society, which provided the appropriate setting in which to discuss the competition’s challenges and results. We thank Fabian Brandt, Lennart Dührsen, Andreas Reuter, Tim Scheuermann, and Lotte Steenbrink from Freie Universität Berlin, who implemented the MANIAC API and took care of the on-site experiments (meaning, straightened all the wireless pain).

Further Information

MANIAC website, http://2013.maniacchallenge.org Code Repository, https://github.com/maniacchallenge]]> 352 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-2/ Fri, 01 Nov 2013 16:03:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=361 Stacked Tunnels for Source Routing (status) Description: The ability of a router to influence or control the forwarding path of an individual packet or all the packets of a given Forwarding Equivalence Class (FEC) is a desirable feature for a number of reasons, including Label Switched Path stitching, egress protection, explicit routing, egress ASBR (Autonomous System Boundary Router) link selection, and backup (bypass tunnels, Remote Loop-Free Alternates) routing. This can be achieved by facilitating source-initiated selection of routes to complement the route selection provided by existing routing protocols for both interdomain and intradomain routes. This BoF was intended to discuss the practicalities of various use cases and to establish a consensus regarding the problem space and desirability of developing solutions in this area. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-status Outcome: A packed meeting demonstrated a clear demand to work on this. The overwhelming majority want to work on MPLS (Multiprotocol Label Switching), with some support for an IPv6 variant using extension headers. There was clear consensus to charter work on architecture, use cases, and requirements.

Network Service Chaining (nsc)

Description: Service chaining is a broad term used to describe a common model for delivering multiple services in a specific order. Service chaining decouples service delivery from the underlying network topology and creates a dynamic services plane that addresses the requirements of cloud- and virtual-application delivery. Packets and/or flows that require service chaining are classified and redirected to the appropriate, available services. Additionally, context can be shared between the network and the services. The goal of this BoF was to let service providers explain their NSC use cases and requirements so that the IETF is exposed to the problem space and can determine next steps. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-nsc Outcome: This was not a working-group forming BoF and there remains quite some work to do to get to a WG. More clarity regarding the problem statement and the relevant IETF work is a top priority.

PKIX over Secure HTTP (posh)

Description: Channel encryption with TLS (Transport Layer Security) depends on proper checking of the server’s identity, as specified in RFC 2818 or RFC 6125 for PKIX certificates. However, in multitenanted environments it is effectively impossible for a hosting service to offer the correct certificates on behalf of a hosted domain, since neither party wants the hosting service to hold the hosted domain’s private keys. As a result, typically the hosting service offers its own certificate (say, for hosting.example.net), which means that TLS clients and peer servers need to “just know” that the hosted domain (say, foo.example.com) is hosted at the service. This situation is clearly insecure. POSH (PKIX Over Secure HTTP) solves the problem via two interconnected aspects: TLS clients and peer servers retrieve the material to be used in checking the TLS server’s identity by requesting it from a well-known HTTPS URI (uniform resource identifier). If a hosted domain securely delegates an application to a hosting service, it redirects requests for the well-known HTTPS URI to an HTTPS URI at the hosting service. The goal is to form a working group to produce a specification for POSH, and informally provide advice about how to use the POSH technique for particular application protocols. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-posh Outcome: A good meeting helped clarify the problem space and the strong potential for IETF work. Next steps is to fine-tune the proposed WG charter.

IPRbis (iprbis)

Description: Experience shows that BCP 79 (Best Current Practice 79) needs a few updates. A draft is available with the proposed updates, and this BoF meeting provided the community with an opportunity to discuss the proposed changes. It was not intended to form a WG. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-iprbis Outcome: A good discussion and some consensus was reached on difficult issues. In order to maintain momentum, an updated document will be posted and consensus confirmed on the mailing list.

Deterministic IPv6 over IEEE802.15.4e Timeslotted Channel Hopping (6tsch)

Description: If formed, a WG on this topic would develop an architecture that supports centralized and distributed routing and resource allocation over a TSCH-based mesh. The group would resolve the impacts on existing protocols such as RPL (Routing Protocol for Low-Power and Lossy Networks) and 6LoWPAN (IPv6 over Low-power Wireless Personal Area Networks). It would define a component that provides the expected link functionality for IPv6 over the TSCH MAC and a G-MPLS switching sublayer, and standardize the protocols or protocol extensions to establish time slots between peers and reserve resources along a path. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-6tsch Outcome: An excellent meeting that demonstrated strong support for doing the proposed work. Although many expressed willingness to contribute to the work, concerns were expressed about the potentially large scope. A refined charter with fewer work items is likely to be approved soon.

Domain-based Message Authentication, Reporting and Conformance (dmarc)

See pp.XX-XX for our article on this topic.

Tunnelling Compressed Multiplexed Traffic Flows (tcmtf)

Description: The interactivity requirements of some emerging services (e.g., VoIP, videoconferencing, telemedicine, video vigilance, and online gaming) make them send high rates of small packets in order to transmit frequent updates between the two extremes of the communication. They also demand small network delays. In addition, other services also use small packets, although they are not delay-sensitive (e.g., instant messaging, m2m packets sending collected data in sensor networks using wireless or satellite scenarios). For both the delay-sensitive and delay-insensitive applications, their small data payloads incur significant overhead. When a number of small-packet flows share the same path, bandwidth can be saved by multiplexing packets belonging to different flows. If a transmission queue has not already been formed but multiplexing is desired, it is necessary to add a multiplexing delay that must be maintained under some threshold in order to grant the delay requirements. The BoF aims for the creation of a WG in order to specify the protocol stack, signalling mechanisms, and maximum added delay recommendations for tunnelling, compressing, and multiplexing traffic flows (TCMTF). Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-tcmtf Outcome: Opinion was divided regarding the clarity and completeness of the problem statement and whether or not to create a working group to address this. More work is required to understand the potential side effects of using something like TCMTF beyond satellite links.

DNS-SD Extensions (dnssdext)

Description: The proposed WG will develop solutions to provide scalable DNS-SD (Domain Name System-Service Discovery) services in multilink, routed networks as found in academic, enterprise, home, and mesh radio networks. This was the second BoF on this topic, following the mdnsext BoF held during IETF 85. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-dnssdext Outcome: A good meeting with strong support shown for IETF work on this topic and people willing to contribute. More work is required to refine the charter, but this is likely to proceed.

IPv6 over networks of resource-constrained nodes (6lo)

Description: This BoF discussed a proposed working group that would focus on adaptation layers for constrained node networks, working closely with the Internet Area working groups and other IETF WGs focused on constrained node networks. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-6lo Outcome: Very strong support for IETF work on this topic and lots of people willing to contribute to reviewing, editing, and implementing documents. Further scoping discussions are required, but this is likely to proceed.

Active Queue Management (aqm)

Description: Internet routers, lower-layer switches, and other middleboxes include buffers or queues to hold packets when they are not immediately able to be forwarded to the next hop. These queues are intended to absorb bursts of traffic that may naturally occur, and to avoid unnecessary losses. However, queues also cause latency and jitter in the eventual arrival times of packets. This can cause issues and complications for interactive applications. The Active Queue Management and Packet Scheduling working group (AQM) is intended to work on algorithms for proactively managing queues. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-aqm Outcome: A very productive discussion with strong support shown to form an IETF WG on this topic. Lots of people are interested in contributing.

DTLS in Constrained Environments (dice)

Description: There is an increased use of wireless control networks in city infrastructure, environmental monitoring, industrial automation, and building management systems. These wireless control networks comprise many electronic devices, sensors, and actuators that are connected to each other, and in most cases Internet connected. The CoRE working group has defined a framework for resource-oriented applications intended to run on Constrained Node Networks (CNN) (see I-D-ietf-lwig-terminology). The Constrained Application Protocol (CoAP) can be used to manipulate resources on a device in a CNN. Unsecured group communication for CNNs is enabled by using CoAP on top of IP-multicast. However, it must be secured as it is vulnerable to the usual attacks (e.g., eavesdropping, tampering, message forgery, and replay). Datagram Transport Layer Security (DTLS) has been chosen by CoRE to protect CoAP unicast communications, and it would be beneficial if the same security protocol can be used to protect CoAP group communication as well. This WG combines expertise from both the IETF Application and Security areas in order to develop the appropriate security solutions. Proceedings: http://www.ietf.org/proceedings/87/minutes/minutes-87-dice Outcome: A well-organised meeting that detailed the problem statement, scope of the proposed work, and relationships with other Working Groups. Lots of enthusiasm for starting a WG on this topic and people with energy to contribute to doing the work.

Secure Telephony Identity Revisited (stir)

See pp.XX-XX for our article on this topic.]]> 361 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2014/ Sat, 01 Mar 2014 18:44:04 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=746 746 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-ietf-view-of-iana/ Sat, 01 Mar 2014 18:46:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=748 Background The IETF community has long thought of IANA as an entity that exists by itself. In fact, IANA is more properly thought of as a set of functions covering the operation and management of a number of key Internet registries, which are places for officially recording values and ensuring that they are assigned properly and uniquely. Much like a register of deeds, IANA ensures that registrations are made only via authorized procedures, are documented clearly (e.g., purpose, contact information, etc.), and have followed appropriate policies. At the highest level, IANA coordinates three classes of registries: domain names, number resources (e.g., IP addresses), and protocol assignments. It is important to note that there are (at least) two different views of who and what IANA is. To the IETF community, IANA is thought of mostly within the context of protocol assignments. This is not surprising, because for most IETFers, the only interaction they have with IANA involves protocol assignments. To the larger Internet community, the term IANA generally refers to all three functions, or possibly just domain names, since there has been so much new and highly visible activity in the domain name arena in the last decade. The IANA functions are operated by the Internet Corporation for Assigned Names and Numbers (ICANN) under a no-cost contract with the U.S. Government. While ICANN has played a very prominent role in domain names, almost all protocol assignment discussions have been between the IETF and the IANA part of ICANN, outside of the ICANN spotlight.

The Need for Protocol Parameter Registries

Using protocol constants is basic to all protocols. For example, browsers access Web pages via the hypertext transfer protocol (HTTP) protocol. Packets carrying HTTP contain such protocol fields as the transmission control protocol (TCP) port numbers and Internet protocol (IP) addresses that identify the client and the HTTP server, protocol-type fields that show the packet carries IP (whether IPv4 or IPv6) and TCP (as opposed to user datagram protocol or UDP), etc. Many of these protocol fields have associated registries. Individual protocols use their own registries. TCP, for example, has a registry for recording well-known port numbers. Registering port numbers makes it possible for all software to understand that HTTP servers can usually be found on servers at TCP port 80, whereas secure Internet message access protocol (IMAP) servers are found at port 993. Most standards organizations make use of protocol registries, since they are so intimately tied to protocols. The Institute of Electrical and Electronics Engineers (IEEE), for instance, operates a registration authority for recording organizationally unique identifiers (OUIs) used in ethernet addresses.[1] While the IETF could operate its own protocol parameters registry, it uses a separate organization—the IANA function operated by ICANN—for this purpose.

Example Protocol Usage

Dynamic host configuration protocol (DHCP) (RFC 2131 Dynamic Host Configuration Protocol) is a core IETF protocol used almost everywhere. When a device connects to the Internet, it uses DHCP to obtain an IP address and other such parameters as a default router and domain name system (DNS) server. The parameters exchanged via DHCP are encoded in DHCP options. Each option has its own assigned unique value, so that the option for a DNS server isn't confused with the option denoting a default router. As with other IETF protocols, DHCP parameters are recorded in protocol parameter registries administered by IANA.[2] DHCP defines a number of individual registries in addition to option numbers; there are DHCP registries for message types (to distinguish different kinds of messages), status codes (for signaling different types of errors), etc. Although DHCP is an “old” protocol (it dates back to the early 1990s), it continues to evolve and new options continue to be defined. Hence, it demonstrates the importance of protocol parameter registries. When someone proposes a new DHCP option, they write it up in an Internet Draft and (most likely) bring it to the IETF DHCP Working Group (WG) for discussion. If the proposal is accepted, it is refined in the WG and eventually sent to the IESG for approval and RFC publication. At some point during the process, the proposed option needs a DHCP option code assigned to it. That is where IANA comes in. The IETF has defined a formal process for requesting protocol parameter assignments from IANA, a process that is intimately tied to the IETF standards process. In most cases, protocols and extensions are published in IETF RFCs. As a document is being finalized, it goes to the IETF for Last Call processing and to the IESG for formal approval. Any requests for IANA actions (e.g., to request a code point assignment) are usually made within an "IANA Considerations Section" of the document under review. As part of the IETF Last Call process, IANA reviews the document for actions, and verifies that any requests can be carried out. Once approved by the IESG, IANA carries out its actions and coordinates with the RFC Editor to make sure that any assigned option values appear in the published RFC.

The Details

New registries are typically created by protocol documents. Protocols define the fields in packet headers and the allowed values for those fields. Some fields contain enumerated types, in which specific values have well-defined meanings that will never change once defined and that all implementations will interpret the same way forever. For example, a security protocol might have a field denoting a specific encryption transform, with one value defined for Triple-DES. Once assigned, the value denoting the triple data encryption algorithm (Triple-DES) transform would always have the same meaning. Later, a new or otherwise different algorithm could be added (e.g., one based on the advanced encryption standard, or AES). It would be given its own distinct value. That way both could be supported simultaneously in an interoperable manner. Once a registry has been created, future additions to it can be expected. To properly evaluate such future requests, governing policies are needed to define the criteria under which requests are to be granted. The IETF defines these policies for the protocol parameter registries. The details of what policies make sense almost always depend on the specifics of the actual protocols using the registry. For example, some registries have a limited number of possible values (e.g., the 4-bit IP version field can represent only 16 distinct values), so assigning additional values must be done prudently. Other registries may be essentially unlimited in size (e.g., long text strings) and can be done with much less review. Also, some types of registries record values that can have a big impact on how a protocol works (e.g., defining a new message type). Such requests may warrant a more in-depth review, perhaps involving consultation with the IETF working group responsible for maintaining the protocol of interest. The IANA functions for managing the Internet protocol parameter registries have existed since the dawn of the Internet. The formal processes for creating and managing registries were first documented in 1998 in RFC 2434's Guidelines for Writing an IANA Considerations Section (later obsoleted by [RFC 5226]Guidelines for Writing an IANA Considerations Section in RFCs), and the IETF now has more than 15 years of operational experience in creating, using, and updating registries via the IANA Considerations Section framework. RFC 5226 provides guidelines on how to create registries, how to populate those registries with initial values, etc. RFC 5226 also provides best practices on defining policies for governing future assignments to a registry. A number of predefined, “cookie-cutter” policies have been defined that handle many of the common cases. For example, the policy of "Standards Action" indicates that an assignment only happens via approval of a Standards Track document, whereas “First Come, First Served” denotes registries in which assignments are given out with little or no review.

Bottom Line

Having the protocol parameters function separate from the IETF has worked well in practice and works well today with ICANN executing that function. Many details have been formalized, beginning with theMemorandum of Understanding Concerning the Technical Work of IANA [RFC 2860] and Defining the Role and Function of IETF Protocol Parameter Registry Operators [RFC 6220], as well as yearly service-level agreements (SLAs) since 2006.[3] Performance reports called for in the SLAs can be found athttp://www.iana.org/performance/ietf-statistics. The IETF and IANA worked closely together for years to develop the current system. In it, IANA performs an administrative function—fielding requests, processing them, and publishing the results. Matters of policy, including matters requiring technical evaluation of a specific request or what policies should govern assignments, reside squarely within the IETF. The close, day-to-day working relationship between IANA and the IETF has in practice resulted in a shared understanding of the respective roles of each entity. The current IETF/IANA relationship is strong and its maintenance will continue to require diligence going forward. Where does the IETF fit into the Internet governance discussion? Any change to the current overall IANA functions could potentially impact the protocol parameters portion of IANA. Since the IETF depends on its smooth operation, it is critical that the IETF be engaged in any such discussion. The IETF has a unique need for the protocol parameters function and a unique view of IANA, and that view needs to be understood by the broader community in any Internet governance discussions related to IANA. This is particularly true when discussion of IANA (or ICANN) is really specific, for example, to DNS names, and does not apply to the protocol parameters function.

Conclusion

A properly operating protocol parameters function is critical to the IETF. The current relationship, in which ICANN operates IANA, has worked well for a number of years and continues to work well today. But given that IANA inevitably seems to come up in Internet governance discussions, the IETF must engage in such discussions so that its interests are not marginalized and the broader community fully appreciates the IETF/IANA relationship.

References

1. http://standards.ieee.org/develop/regauth/oui/public.html
2. http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml
3. http://iaoc.ietf.org/documents/ICANN-IETF-Agreement-2012-Executed.pdf

]]> 748 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-14/ Sat, 01 Mar 2014 18:48:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=750 Words from the IAB Chair" in this issue.) TLS and HTTP protocols are cornerstones of the Web protocol stack, and their revisions (TLS 1.3 and HTTP 2.0) make them more secure and faster to use—important improvements in light of the pervasive monitoring discussion. Outside of the security concerns, we have been working with the W3C, other developers, and the WebRTC on a plugin-free mechanism that allows browsers to make voice and video calls—this is an exciting and much needed functionality that’s drawn so much attention that some of the technical choices (e.g., video codec selection) have sparked intense debate. Software-defined networking (SDN) and network virtualisation also have been hot topics in the industry. IETF efforts on these topics include the I2RS, SFC, FORCES, NVO3, and SPRING working groups and the SDN research group. Expect to see even more activity in this space in 2014. Internet governance discussions in 2013 occurred in both existing and new forums and were largely fueled by surveillance discussions. This will continue in 2014. Our role at the IETF is to be a part of the growing Internet community who cares that the Internet can continue to be managed in appropriate ways, consistent with its long evolution. We have often discussed the central role of the Internet Engineering Steering Group (IESG) in the IETF, but the problems in finding a candidate to fulfill the position of the transport area director (AD) last spring drove the point home. Our organisation is too centralised, which in turn puts a high load on the ADs and disempowers the working groups. To alleviate this issue, so far we’ve implemented early directorate reviews and invited document shepherds on IESG calls. I believe this isn’t nearly enough, but it’s a start. More effort in this direction will come. None of the aforementioned accomplishments would be possible without a strong and growing organisation. To that end, we’re improving inclusiveness at all levels: in March 2013, we started a conversation around improving the diversity of IETF participants and leadership, and ensuring that all voices are heard. I’m proud of the programmes and initiatives that we have that make diverse participation easier: Internet Society policymaker and Fellow programmes, the mentoring programme, our antiharassment policy, the update of the IETF code of conduct, the decision to hold a meeting in South America, and so forth. The discussion itself is perhaps the most important result, as it will remind all of us how important this issue is and enable us to actively take these considerations into account. But rest assured, our work on this front to date is just the first step—it is part of the kind of long-term process that helped the IETF evolve into the respected international organisation it is.]]> 750 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-12/ Sat, 01 Mar 2014 18:51:34 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=752 Two Statements The IAB, alongside the Internet Society, the Institute of Electrical and Electronics Engineers (IEEE), and the World Wide Web Consortium (W3C), affirmed the OpenStand principles for the development of global, open standards: While the OpenStand principles cannot ensure that all participants are acting in good faith, following the principles is the best way we know to decrease the risk that any participant can inappropriately manipulate the standards development process. We believe organizations that operate according to the OpenStand principles create the most robust basis for trustworthy standards in all fields of technology, including security and privacy.¹ A second statement has become known as the “Montevideo Statement.” The IAB chair and leaders of nine other Internet organizations signed a statement regarding the Internet Assigned Numbers Authority (IANA) that is consistent with RFC 6220 and previous IAB statements.²

Highlights since IETF 87

The IAB appointed Russ Mundy to the Internet Corporation for Assigned Names and Numbers (ICANN) NomCom for 2014. Many thanks to Ole Jacobsen for his contributions to the ICANN NomCom over the last two years. The IAB published RFC 6950 on “Architectural Considerations on Application Features in the DNS.”³ The IAB sent comments⁴ to the US National Institute of Standards and Technology (NIST) supporting the reopening of the comment period on NIST SP 800-90A and recommending changes to the review process for cybersecurity and cryptographic standards to enhance transparency and openness.

Upcoming IAB Workshop

The IAB and W3C are hosting a workshop entitled, "Strengthening the Internet Against Pervasive Monitoring (STRINT)"⁵ on 28 February 2014. The workshop will take place in London with support from the European Union FP7 Strategic Research Roadmap for European Web Security (EU FP7 STREWS) programme.⁶ Participants are required to submit short position papers or Internet-Drafts. References

1. http://open-stand.org/statement-from-openstand-on-the-strengths-of-the-openstand-principles/
2. http://www.iab.org/documents/correspondence-reports-documents/2013-2/montevideo-statement-on-the-future-of-internet-cooperation/
3. http://www.rfc-editor.org/rfc/rfc6950.txt
4. http://www.iab.org/wp-content/IAB-uploads/2013/10/IAB-NIST-FINAL.pdf
5. https://www.w3.org/2014/strint/
6. http://www.strews.eu/

]]> 752 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-explores-measuring-ipv6-momentum/ Sat, 01 Mar 2014 18:53:07 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=754 754 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2014/ Tue, 01 Jul 2014 16:26:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=448 Global Access to the Internet for All (GAIA) proposed research group is a new initiative hoping to find a home in the Internet Research Task Force—we wish them luck in their important work. We have articles about the transport services Birds-of-a-Feather, a behind-the-scenes look at the team that organizes the pre-IETF educational tutorials, and the RFC series editor, Heather Flanagan, offers an update on the work to modernise the format of the RFC series. We also include an article on the Internet Architecture Board (IAB)- and World Wide Web Consortium-hosted pre-meeting workshop on strengthening the Internet against pervasive monitoring, celebrate themost recent winners of the Applied Networking Research Prize, and document the Internet Society panel event on the evolution of the end-to-end principle. As always, we have our regular columns from the IETF, IAB, and Internet Research Task Force chairs, and coverage of hot topics discussed during the plenary meetings. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available athttp://wiki.tools.ietf.org/area/int/trac/wiki/IETF89. We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions athttp://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.]]> 448 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/researching-global-access-to-the-internet-for-all-gaia/ Tue, 01 Jul 2014 16:28:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=458 Introduction The Internet has crossed new frontiers—access to it has gotten both faster and relatively cheaper, with novel applications and services being offered every day. As a result, today’s Internet represents a critical infrastructure enabling remote health care, education, employment, e-governance, digital economy, social networks, and more. As such, Internet access should be universal in terms of availability and ability to contribute to the wider community, thereby enabling true digital inclusion to all. Although this vision is shared among both major stakeholders and global governments, the reality of today’s Internet and its level of digital inclusion is confronted by a growing digital divide—increasing geographic and socioeconomic challenges between those with sufficient access to the Internet and those who cannot afford access to its services.

Geographic challenges

Access problems often occur with sparsely spread populations in physically remote locations—it is simply not cost effective for Internet service providers (ISPs) to install the required infrastructure for broadband Internet access to these areas. Coupled with the physical limitations of terrestrial infrastructures (mainly due to distance) to provide last mile access, remote communities using wired technologies also incur higher costs for connection between the exchange and backbone network because the distances are larger. A large exchange may accommodate many users and allow for competition between service operators; in contrast, a rural/remote broadband often does not offer economies of scale, and raises the costs per user. Most important, in many developing countries, poor connectivity between ISPs is so prevalent that local traffic is routed over expensive international links in an effort to ensure that it successfully reaches destinations within the country of origin. These kinds of geographic challenges motivate questioning the way we do things, such as insisting on end-to-end delivery, versus promoting more localized communication. The result is a socioeconomic obstacle: mainstream business models don’t work.

Socioeconomic challenges

Addressing digital exclusion due to socioeconomic barriers is critically important. The United Nations revealed the vast global disparity in fixed broadband access by showing that in some countries the access to fixed broadband costs almost 40 to 100 times the national average income. This problem is also applicable to developed countries where individuals are unable to pass a necessary credit check or are living in circumstances that are too unstable to commit to lengthy broadband contracts. There are both research and policy challenges to the realization of a future Internet capability that offers appropriate access to all parts of society. It will require proactive collaboration and a shared vision among researchers, corporations, community groups, and governments, as there can be no single solution that is enforced on all types of users in all locations.

Global Access to the Internet for All

The proposed IRTF Global Access to the Internet for All (GAIA) research group aims to:

1. Create maximum visibility and interest among the community on the challenges in enabling global Internet access.
2. Create a shared vision among researchers, corporations, and nongovernmental and governmental organisations on the challenges.
3. Articulate and foster collaboration among them to address the diverse Internet access and architectural challenges.
4. Document and share deployment experiences and research results to the wider community through scholarly publications, white papers, and Informational and Experimental RFCs, etc.
5. Have a longer term vision on influencing standardisation efforts at the IETF that could potentially change the Internet landscape to be more inclusive.

Exploration Areas

Addressing the geographic challenges

In rural and remote areas, both the service requirements and the delivery mechanisms towards customers are often different than those in cities. For instance, while cities might call for densely connected options for delivery, such as DSL and fibre optical lines, remote areas are likely to rely more on wireless-based access to the Internet through wireless mesh, satellite, or TV White Space options to bridge distances not seen in cities.   The reluctance of network operators (who are economically motivated) to provide wired and cellular infrastructures to rural/remote areas has led to several community led initiatives to build large-scale, self-organized, and decentralized community wireless networks that use WiFi mesh technology due to the reduced cost of the unlicensed spectrum. These community wireless mesh networks have self-sustainable business models, which provide more localised communication services, as well as Internet backhaul support via peering agreements with traditional network operators who see such networks as a way to extend their reach at a lower cost. There also are community-led wireless initiatives such as crowd-shared wireless networks, in which home broadband owners share a portion of their home broadband with friends, neighbours, or other users either for free or as part of a service offering by the ISP. Recent years have also seen a rise in innovative ways of providing broadband Internet access via dynamic spectrum sharing, including the successful TV white spaces (TVWS) trials in Malawi, Kenya, and South Africa, which use the white spaces left by the termination of analog TV broadcasting, and which hold promise as an access technology for providing long-distance wireless broadband Internet access. In addition, companies such as Facebook and Google are exploring ways to connect remote communities via unmanned aerial vehicles (UAVs) and balloons. Finally, satellite technology is being viewed as a key access technology to provide ubiquitous Internet access. The ability of the satellite to provide global coverage makes satellites a key enabling technology to provide broadband access and to gather and deliver critical information to areas and locations that cannot be reached by other wired or wireless technologies. The two-way satellite market has undergone dramatic changes over the last 10 years in terms of IP adoption, coupled with the move to higher capacity Ku/Ka bands. The satellite industry can now provide a lower-cost “broadband” IP-based service that was not possible only a few years ago. Low-earth-orbit satellites, such as Cubesats and Picosats, can now be launched into orbit to provide a communications infrastructure (especially for emergency communications) at a relatively lower cost. GAIA will explore and document the diverse set of characteristics and integration challenges of these technologies via measurement studies and deployment experiences. GAIA will also explore the regulatory and political obstacles of deploying some of these access technologies (e.g., spectrum regulation), as well as the challenges in deploying Internet Exchange Points (IXPs) in developing regions.

A Common Platform

GAIA will take a longer-term approach to exploring new architectures that would make the Internet more flexible and accessible. We hope to utilize well-researched practices, results, and working platforms from related IRTF groups in key networking areas, such as Delay Tolerant Networking (DTN) including Opportunistic Communications, Information Centric Networking (ICN) and Software Defined Networking (SDN) to explore innovative architectures that will enable new methods of access to Internet services over a wide range of connectivity options at lower cost and better efficiency in terms of performance, network utilisation, and energy. GAIA will enable aninclusivevision, in which multiple transmission technologies, novel architectures, and new access models are integrated into a single platform. Such connectivity inclusion has the potential to reduce transmission costs and increase efficiency, flexibility, and dependability, and the common platform will help overcome socioeconomic obstacles to economically sustainable global access for all.

Addressing the socioeconomic challenge

Internet access can be made more affordable by coupling social and economic incentives with a common platform that enables these incentives to spur innovation for a wide range of new business models: more-localized communications, opportunities for nongovernmental organizations and local governments (driven by social rather than economic goals) to become virtual network operators, revenue creation from currently underutilized infrastructures, time-shifted services, and micropayments and reverse payment models (e.g., remote doctors pay for additional capacity or Quality of Service to video conference patients). To promote some of these new models, we need to address both technological and regulatory/policy challenges (e.g., net neutrality and tiered services). It is important to emphasize that there also is room for innovation and experimentation in policy. The major obstacles to more persistent and affordable access in sub-Saharan Africa, parts of Asia, the Middle East, and other regions are not technological but regulatory. We need to create a regulatory space for new business models and wireless technologies that also requires innovation. The diversity of its members help make GAIA a suitable forum in which to discuss, collaborate, and disseminate the aforementioned issues.

Next Steps

Today, the GAIA group has more than 100 members. Its mailing list is at http://irtf.org/mailman/listinfo/gaia The first GAIA meeting was held at the IETF 89 meeting in London. It included several presentations from members (academia, industry, and nongovernmental organisations) that showcased the diversity of problem areas, projects, and solutions. The next GAIA meeting will be collocated with ACM DEV 5 in December 2014. The group is currently finalising the topics of interest, and will ask to be formally chartered by the IRTF next year. Members aim to keep the proposed charter as more exploratory considering the diverse set of challenges that need to be addressed.]]> 458 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-7/ Tue, 01 Jul 2014 16:37:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=493

Topics related to strengthening the security and privacy of the Internet continue to draw attention. The pre-meeting STRINT workshop (see related IETF Journal article) attracted 100 participants and more than 60 papers. More would have joined us, but there was no space. During the meeting, various working groups continued the discussion. The Using TLS for Applications (UTA) working group (WG), which was specifically created to address issues surrounding pervasive monitoring, had its first meeting. The Transmission Control Protocol Maintenance (TCPM) WG discussed a proposal to add opportunistic keying mechanisms directly onto the TCP protocol. And the Encryption of Domain Name System (DNSE) Birds-of-a-Feather (BoF) considered the possibility of adding confidentiality support to DNS queries. Finally, there is an ongoing effort to review old specifications for areas that might benefit from better privacy and data minimisation.

Projects related to key components of the web platform continued. The Transport Layer Security (TLS) WG has been rechartered to work on TLS 1.3, a redesign of the TLS protocol that provides security and efficiency benefits. The Hypertext Transfer Protocol Bis (HTTPBIS) WG continued another redesign effort around HTTP 2.0, which may enable the use of TLS even for http uniform resource identifiers (URIs) and provide limited protection against passive attacks. Work on HTTP 2.0 is nearing completion.

The WebRTC work on real-time communications from browsers continued. The group has deferred a controversial mandatory-to-implement video codec question, but is making excellent progress in all other areas.

The IETF has worked on various aspects of the Internet of Things for years. A new proposal was discussed in the Authentication and Authorization for Constrained Environments (ACE) BoF, which addressed how to authorise different smart objects and their users to do the actions that they are allowed to do.

Internet governance has been a hot topic around the world—at the IETF we are focused on technology, but we also care that governance associated with the Internet is both stable and reliable. In addition, we are directly impacted by the protocol parameters registry function at the Internet Assigned Numbers Authority, which records all the assignments of protocol-related constants. At the IGOVUPDATE session, Olaf Kolkman spoke about the protocol parameters registry, its evolution, and the principles under which the IAB has guided this evolution. After some amendments, the room voted unanimously to continue to operate under these principles.

Network node configuration is becoming increasingly dominated by Network Configuration Protocol (NETCONF)/YANG-type solutions rather than Simple Network Management Protocol (SNMP)-based solutions. The Internet Engineering Steering Group (IESG) issued a statement to make sure WGs take note of this.

As an open organisation, anyone can join IETF discussions. While this is a good thing, it can present challenges. A recent discussion on our mailing list raises the question of how to deal with repetitive postings and impolite messages.

After each meeting, these and other topics continue to be discussed on our mailing lists. Join the discussions at www.ietf.org. Finally, many thanks to our host, ICANN, as well as to BT for our connectivity, and to Comcast for sponsoring the welcome reception.]]> 493 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-6/ Tue, 01 Jul 2014 16:40:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=506 IAB Statement on Pervasive Monitoring At IETF 88 in Vancouver, the IAB held a technical plenary in which pervasive monitoring was discussed. The IAB, like many others who attended the session, believes that pervasive monitoring represents an attack on the Internet. Their view is supported by the fact that during such monitoring large amounts of information that is intended to be confidential is gathered and aggregated by third parties. Such broad-scale attacks undermine public confidence in the Internet infrastructure, no matter the intent of those collecting the information. In response, the IAB encourages individuals to take practical measures to limit pervasive monitoring within their environments.

Strengthening the Internet (STRINT) Workshop

The IAB and World Wide Web Consortium (W3C) held a workshop called Strengthening the Internet Against Pervasive Monitoring (STRINT)[1] in London on 28 February 2014. The workshop assembled 100 participants and was supported by the EU FP7 STREWS project[2]. Discussions covered terminology, the role of user interfaces, classes of attack mitigation, specific use cases, and transition strategies. The workshop ended with a few high-level recommendations outlined in the report at https://datatracker.ietf.org/doc/draft-iab-strint-report.

Sessions at IETF 89

During IETF 89, the IAB hosted two sessions. The first, rfcform, gathered input from the community for the RFC Series Editor on the proposed publication of RFCs in formats other than plain text. The second,igovupdate, gathered input from the community on the evolution of the IANA protocol parameter registries. First-hand comments confirm that ICANN’s administration of the protocol parameter registry functions works well for both the Internet and the IETF. We are pleased with the publication and maintenance of the protocol parameter registries and with the coordination of the evaluation of registration requests through the IANA function provided by ICANN. Session discussions led to the following guiding principles for IAB efforts that impact IANA protocol parameter registries. These principles must be taken together; their order is not significant.

1. The IETF protocol parameter registry function has been and continues to be capably provided by the Internet technical community.

The strength and stability of the function and its foundation within the Internet technical community are both important given how critical protocol parameters are to the proper functioning of IETF protocols. We think the structures that sustain the protocol parameter registry function needs be strong enough that they can be offered independently by the Internet technical community, without the need for backing from external parties.  And we believe we largely are there already, although the system can be strengthened further, and continuous improvements are being made.

2. The protocol parameter registry function requires openness, transparency, and accountability.

Existing documentation of how the function is administered and overseen is good [RFC2860,RFC6220].  Further articulation and clarity may be beneficial.  It is important that the whole Internet community can understand how the function works, and that the processes for registering parameters and holding those who oversee the protocol parameter function accountable for following those processes are understood by all interested parties.  We are committed to making improvements here if necessary.

3. Any contemplated changes to the protocol parameter registry function should respect existing Internet community agreements. 

The protocol parameter registry is working well.  The existing Memorandum of Understanding [RFC2860] defines "the technical work to be carried out by the Internet Assigned Numbers Authority on behalf of the Internet Engineering Task Force and the Internet Research Task Force."  Any modifications to the protocol parameter registry function should be made using the IETF process to update RFC 6220 and other relevant RFCs.  Put quite simply: evolution, not revolution.

4. The Internet architecture requires and receives capable service by Internet registries.

The stability of the Internet depends on capable provision of not just IETF protocol parameters, but IP numbers, domain names, and other registries.  Furthermore, DNS and IPv4/IPv6 are IETF-defined protocols.  Thus we expect the role of the IETF in standards development, architectural guidance, and allocation of certain name/number parameters to continue.  IP multicast addresses and special-use DNS names are two examples where close coordination is needed.  The IETF will continue to coordinate with ICANN, the RIRs, and other parties that are mutually invested in the continued smooth operation of the Internet registries. We fully understand the need to work together.

5. The IETF will continue management of the protocol parameter registry function as an integral component of the IETF standards process and the use of resulting protocols.

RFC 6220 specifies the role and function of the protocol parameters registry, which is critical to IETF standards processes and IETF protocols.  The IAB, on behalf of the IETF, has the responsibility to define and manage the relationship with the protocol registry operator role.  This responsibility includes the selection and management of the protocol parameter registry operator, as well as management of the parameter registration process and the guidelines for parameter allocation.

6. The protocol parameters registries are provided as a public service.

Directions for the creation of protocol parameter registries and the policies for subsequent additions and updates are specified in RFCs.  The protocol parameters registries are available to everyone, and they are published in a form that allows their contents to be included in other works without further permission.  These works include, but are not limited to, implementations of Internet protocols and their associated documentation.

Highlights since IETF 89

The IAB published RFC 7101,[3] “List of Internet Official Protocol Standards: Replaced by a Web Page.” The IAB published RFC 7094,[4] “Architectural Considerations of IP Anycast.” The IAB appointed two people to the ICANN Technical Liaison Group: Warren Kumari for a two-year term and Daniel Migault for a one-year term.

References

1. https://www.w3.org/2014/strint/
2. http://www.strews.eu/
3. http://www.rfc-editor.org/rfc/rfc7101.txt
4. http://www.rfc-editor.org/rfc/rfc7094.txt

]]> 506 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-evolution-of-the-internets-end-to-end-architecture/ Tue, 01 Jul 2014 16:43:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=520 520 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/getting-educated-meet-the-ietf-edu-team/ Tue, 01 Jul 2014 16:46:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=532 The Education (EDU) Team manages the internal educational activities of the IETF with the goal of improving the effectiveness of IETF operations. We strive to improve the effectiveness of IETF leaders and participants by offering training sessions and educational materials that clarify their roles and responsibilities and prepare them to be more effective in their roles. To fulfill the goals of the charter, the team offers two types of tutorials:

1. Process-oriented tutorials, such as newcomers tutorials, tutorials on how to use IETF tools, and tutorials on how to write an RFC.
2. Technical tutorials, such as tutorials on those technical topics widely relevant for IETF participants, including privacy, security, routing, and wireless.

Specifically, the team aims for topics on which specialist knowledge might affect the work of multiple different working groups. Anyone may suggest a tutorial. The IETF chair and IESG members propose tutorials when they feel there is a need for certain topics. In addition, tutorials that have not been presented in a long time and may be useful for new participants are often presented a second time. The Edu Team recently began offering area-overview tutorials designed to both educate newcomers about the scope and activities of certain areas and offer long-standing participants updates on areas they don’t actively follow. So far, the following area-overview tutorials have been organized. The team plans to continue these tutorials at IETF 91 in Honolulu and beyond. Check the agenda pages for topics.

• IETF 88–Introduction to the Real-Time Applications and Infrastructure Area (RAI)
• IETF 89–Introduction to the Applications Area (APP)
• IETF 90–Introduction to the Operations Area (OPS)

Tutorials are presented by IETF participants who are experts in their fields, and they are free to registered IETF attendees. As dictated by its charter to “present topics that assist IETF participants in building better protocols,” the Edu Team does not provide general technical tutorials. All tutorials specifically focus on what IETF participants need to know in order to build better protocols. At each IETF meeting, the Edu Team also organises an informational lunch where working group (WG) chairs can discuss topics of mutual interest. WG chairs are invited to suggest topics for forthcoming sessions. The Edu Team is now considering whether or not to take on other projects, such as the mentoring programme, additional training for WG chairs, and review of IETF website content. It is actively seeking new, energetic members who are interested in helping with these activities. If you have feedback for the team or are interested in joining it, please contact edu-team@ietf.org or speak to any of its members during the next IETF meeting. A list of tutorials slated for the next IETF meeting are included on the registration pages and on the meeting agenda. Slides and recordings from recent tutorials can be found at www.ietf.org/edu. The Edu Team Cochairs: Mirjam Kuehne and Radia Perlman Members: Jari Arkko, Scott Bradner, Brian Carpenter, Avri Doria, Russ Housley, Thomas Narten, Alice Russo, Margaret Wasserman.]]> 532 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-technical-plenary-debates-the-opportunities-and-challenges-of-internet-payment-systems/ Tue, 01 Jul 2014 16:48:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=539 Short Message Service (SMS) for authentication, while others use the mobile network or Subscriber Identification Module (SIM) card in the device to authenticate the transaction. Quick Response (QR) codes offer another layer of protection as they provide the mobile network operator with some validation that the user was present when the purchase was made. “Authentication can be tied around the mobile device and then transferred to the carrier,” Pearson said. “The carrier has good ways to be able to trust the mobile device and then pass on strong proof to the merchant that funds are available.” Issues to consider with mobile billing include whether possession of a device is enough to authenticate a transaction given that devices can be stolen or hacked. Another issue is the popularity in some countries of cash kiosks and retail centers, where customers pay for online purchases rather than using credit cards. Pearson said e-wallets have the potential to address these issues because they behave like a bank account and can be funded through cash kiosks, mobile networks, and credit cards. “E-wallets could be relevant in North America as well as emerging markets,” he added. Pearson said there are opportunities for standardization within the online payments area where the IETF might contribute. These include invoices, user authentication, source payment authorization, cash reconciliation, and financial reporting. “One place where we’ve been applying pressure is just to do cash reconciliation protocols, just getting the file formats converged,” he said. “We actually have found that the participants are pretty willing to play. So there is, in fact, hope that the parties do want to work towards convergence.” Next up at the plenary was Steve Kirsch, Founder and CEO of OneID, who gave a talk in which he debunked 15 myths in the area of secure payment authentication. “Authentication and secure payment authorization are almost the same thing,” Kirsch said. “So we can use the same protocols, and it is just what we sign that’s different. So I’m going to be talking about identity and about secure authorization. But they’re really interrelated.” Kirsch’s first myth is that there is no way to fix mass password and credit card breaches. The problem, he said, is that both passwords and credit cards are shared secrets. Further, half of Internet users have one password for all of their accounts. “The solution to this breach problem is that we just get rid of all the shared secrets… and replace them with digital signatures,” he said, adding that digital signature technology has been available for many years but that companies and individuals are not motivated enough to adopt them despite major losses from data breaches. The second myth is that adopting two-factor authentication eliminates password breaches. Kirsch said that while this technology prevents keylogging attacks, it is not a remedy against mass breaches because it ends up being another shared secret. “Users hate it,” he added. Myth number three is that out-of-band two-factor authentication must be safe because banks use it. “The problem is that it’s in-band two-factor authentication,” Kirsch said. “You’re entering code on the same computer as user name and password. If I compromise that computer, you’re done.” Kirsch also debunked the myth that biometrics will solve this problem. While they are useful locally, he said, the reader has to be controlled at all times. Another myth Kirsch addressed is that it’s impossible to store credit cards in a secure manner. He argued that there are secure Payment Card Industry (PCI) compliant vaults that use a crypto secret on the user’s device to encrypt the card. When a purchase is made, the user’s device asks for encrypted card data, decrypts it, and passes it to the merchant. Kirsch argued that passwords are not inherently bad; they just aren’t used appropriately. What’s wrong about today’s Internet security systems is that passwords are used as shared secrets, which leaves them open to a breach. “The right way to use passwords is to never disclose them and never share them off your local device,” he said, adding that passwords should be combined with random data and then used as a signing key. Additionally, Kirsch argued that popular crypto methods such as Public Key Infrastructure (PKI), RSA Crypto, and EMV (Europay, MasterCard, and Visa) standards aren’t as safe as Internet engineers believe. Instead, Kirsch recommends using elliptic curve cryptography (ECC) and its companion digital signature algorithm (ECDSA). Kirsch debunked the idea that the FIDO (Fast IDentity Online) Alliance will solve this problem because it is developing online identity technology that addresses authentication only and not authorization of transactions. “If you lose your device, you’re screwed,” he said. Further, Kirsch argued that Internet users should not trust most federated identity providers, including Facebook, Google and LinkedIn. However, Kirsch said that there are trustable federated identity providers where security is guaranteed by the architecture and ECDSA replaces shared secrets. “There is no single point of compromise because it uses multiple digital signatures,” Kirsch said. Another myth that Kirsch debunked is that trustable federated identity service is too hard to use and not as safe as proprietary identity systems. He argued that these services are as easy to use as Facebook and are immune to all known threats. Kirsch argued that an IETF standard is not necessarily the best way to fix the online security problem. He pointed out that the IETF itself is using computer security technologies that are outdated, such as passwords for its mailing lists. As far as Bitcoin is concerned, Kirsch said that nothing on the horizon looks lethal for this technology, but that there is also no evidence that it is going to be the future of online payments. “The winner will be digitally signed end-to-end secure transactions,” he said, adding that he favors open application programming interfaces (APIs) and a simple technique for transferring money. Kirsch concluded that it is likely Bitcoin will be regulated in the future. But until then, he warns against storing Bitcoins in services that use in-band two-factor authorization because these systems are a type of shared secret and are susceptible to mass breach and malware.

Applied Networking Research Prize Nominations Increase by 36 Percent

In other news, the Internet Research Task Force (IRTF) reported that it received the largest-ever number of nominations for its Applied Networking Research Prize, a three-year-old program supported by the Internet Society. The IRTF received 46 nominations—up from 36 last year—for the prize, which is given to academic researchers to recognize the best new ideas in networking, and bring them to the IETF and IRTF meetings. The IRTF chose six winners for 2014, and two winners spoke at the London meeting: Kenny Paterson from the University of London discussed new attacks on Transport Layer Security (TLS); and Keith Winstein from Massachusetts Institute of Technology spoke about a new transport protocol to support interactive applications over cellular networks.]]> 539 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/strint-workshop-focuses-on-pervasive-monitoring/ Tue, 01 Jul 2014 16:51:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=546 1 concluded with a broad consensus that pervasive monitoring is an attack. This consensus has been subsequently documented as “Pervasive Monitoring Is an Attack,” BCP 188, RFC 7258². The STRINT workshop started with that consensus and proceeded to discuss the scope and implications of pervasive monitoring on the global Internet, possible near term actions for both the IETF and W3C communities, and harder topics for further discussion and analysis.

Workshop Goals and Structure

The STRINT workshop was jointly sponsored by the IAB³ and the W3C⁴ with hosting support from the European Union STREWS project⁵. All interested parties were invited to submit position papers and participants were selected from that set, resulting in a capacity crowd. The agenda and submissions are available on the workshop website⁶. The workshop comprised a series of sessions with short kick-off presentations followed by moderated discussions. Topics for the sessions included workshop goals, threat models, usage of existing security tools, policy implications, improved tools, metadata, and deployment. The final sessions were a series of breakouts on research, clients, defaults, and terminology. A draft report detailing the results of the workshop is available⁷.

General Observations

While it is not possible to summarize all the discussion and results from the workshop, key themes from the workshop are discussed below. First, there is general agreement that there are technologies and tools that have been developed that would improve the state of privacy and security in the Internet. For example, well-implemented cryptography can be effective, and more use of it would improve security and privacy. This raises the question of why existing technologies and tools that have already been developed don’t get deployed and used. Cost is an argument often used against cryptography; however, costs are significantly declining. Another concern is the difficulty with deployment and use. The technical community could do more to make the tools easier to use and ensure that the default settings provide the highest levels of protection using well respected algorithms. Additionally, the community as a whole could benefit from more examples of how to do things correctly, including examples of good software configurations to facilitate the deployment and use of existing technology. And to help the developers who are often not security experts, the community should consider the development of examples of quality code for product development.

Near-Term Actions

In addition to the general observations above, the workshop identified specific activities for the IETF.

1. Not surprisingly, terminology is a problem. The term opportunistic encryption has been used in a number of IETF discussions related to pervasive monitoring. However, that terminology is used differently in related communities, causing confusion. To reduce this confusion, consensus needs to be reached on generic terminology. Subsequent to the STRINT workshop, the Security Area in the IETF has pursued this topic with the latest state being discussed on the SAAG mailing list (saag@ietf.org) and in draft-kent-opportunistic-security “Opportunistic Security as a Countermeasure to Pervasive Monitoring”⁸.
2. A documented threat model would be helpful. There is already an excellent start for that document in draft-barnes-pervasive-problem “Pervasive Attack: A Threat Model and Problem Statement”⁹. This will be used as the starting point and developed in the IETF.

Longer-Term Challenges

This brings us to some of the tougher challenges identified during the STRINT workshop. Most of these challenges represent significant tensions between legitimate competing concerns.

1. The tension between the desire to deploy more encryption and the difficulty that this deployment creates for network operations. Some visibility into traffic is necessary to optimize network performance and troubleshoot problems. However, that same visibility provides a wealth of information about the source and nature of communications even when the actual data itself is encrypted. Exacerbating this issue is the fact that traffic analysis is not well understood in the Internet community. Additional research and the development of techniques like data minimization are needed. In another example of this first tension, devices like captive portals and firewalls have legitimate roles to play in deployed networks but may not be distinguishable from a man-in-the-middle attack. Policies associated with using these devices may limit or prohibit the use of encryption.
2. The tension between privacy and business models. Many products and services in today’s Internet are provided on a low- or no-cost basis. The information gathered in the process of providing the service is a valuable commodity, and the cost associated with providing the service is offset by the value of the information gathered. In this case, the business model is in direct conflict with the proposed mechanism for enhancing privacy.
3. The last significant challenge discussed herein is the problem of user interfaces. Existing user interfaces are a significant barrier to the adoption of many security technologies. If the security mechanism stands between an operator or a user and his desired objective, it needs to be easily understood and used. That is often not the case. Internet users have long since been conditioned to hit the OK button without fully understanding the implications of their decisions. A user cannot be expected to fully understand the intricacies of certificate models and encryption in order to be protected by the security mechanism. The IETF and W3C have long considered user interfaces to be primarily outside their scope; however, the time may have come to better integrate these topics into the discussion.

    Finally, while the STRINT workshop was primarily a technical meeting, there was some discussion of the interdependency of technology and policy in addressing pervasive monitoring. Better communication and understanding between the two communities could lead to technical and policy approaches that are viable and support each other instead of working against each other.

Ongoing Related Activities

Beyond the STRINT workshop, the IETF and the W3C are both responding to pervasive monitoring with renewed focus on privacy and security. The IETF has revived an effort to provide adequate privacy reviews to protocols under development. This will be part of the existing security review process and be informed by “Privacy Considerations for Internet Protocols”¹⁰. At some point, the IETF may update the existing security considerations document “Guidelines for Writing RFC Text on Security Considerations”¹¹ to better address pervasive monitoring. In addition to review of emerging protocols, there is a new effort to review existing RFCs for any privacy or pervasive monitoring concerns. A mailing list has been established (ietf-privacy@ietf.org) and a wiki page has been set up to track any issues identified during the course of these reviews (https://trac.tools.ietf.org/group/ppm-legacy-review/). On the working group front, a new working group in the IETF has been chartered to look at the use of Transport Layer Security (TLS) in application protocols, Using TLS in Applications (UTA). Several other working groups and Birds-of-a-Feather sessions are looking at this issue with renewed energy. In the W3C, the Privacy Interest Group continues to provide overarching privacy review for W3C recommendations¹². In addition, a Web Security Interest Group¹³ has been established to advance security in W3C recommendations.

Conclusions

While it has been a tough year for privacy and security in the Internet, the STRINT workshop showed that there is an energized and passionate community. This community, while not in total agreement, does have rough consensus on some general principles, near term actions, and longer-term efforts that would help to mitigate pervasive monitoring. All of this is encouraging for the improvement of overall security and privacy for the global Internet.

References

1. http://www.internetsociety.org/publications/ietf-journal-march-2014/iab-plenary-debates-attacks
2. Farrell, S. and H. Tschofenig, “Pervasive Monitoring Is an Attack,” BCP 188, RFC 7258, May 2014. (https://www.rfc-editor.org/rfc/rfc7258.txt)
3. www.iab.org
4. www.w3.org
5. http://www.strews.eu
6. https://www.w3.org/2014/strint
7. https://datatracker.ietf.org/doc/draft-iab-strint-report
8. https://datatracker.ietf.org/doc/draft-kent-opportunistic-security
9. https://datatracker.ietf.org/doc/draft-barnes-pervasive-problem
10. Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, “Privacy Considerations for Internet Protocols,” RFC 6973, July 2013.
11. Rescorla, E. and B. Korver, “Guidelines for Writing RFC Text on Security Considerations,” BCP 72, RFC 3552, July 2003.
12. http://www.w3.org/Privacy
13. http://www.w3.org/Security/wiki/IG

 ]]> 546 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/visiting-policymakers-tout-ietf-policy-programme-experiences/ Tue, 01 Jul 2014 17:01:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=556 556 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-programme-builds-bridge-between-ietf-and-regulators/ Sat, 01 Mar 2014 18:55:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=756

Fred Baker, Cisco Fellow and former IETF chair, gave presentations about border gateway protocol (BGP) routing and the history of the Internet.

Mark Kosters, chief technology officer of the American Registry for Internet Numbers, provided a deep dive into Internet protocol (IP) addressing, with an explanation of the differences between IPv4 and IPv6.

Former Internet Architecture Board Chair Olaf Kolkman, director of NLnet Labs, gave a talk about the domain name system (DNS) and the need to secure it with DNS security extensions.

Geoff Huston, chief scientist at Asia-Pacific Network Information Centre, spoke about the concept of quality of service in the Internet in comparison to predecessor voice-only networks.

Alvaro Retana, a Cisco distinguished engineer, spoke about the impact of the IETF on Internet development, including the group’s new efforts to harden the Internet against pervasive monitoring attacks and to improve the diversity of its membership.

Milton Kaoru Kashiwakura, director of the Brazilian NIC, gave a talk about regional interconnection from Latin America.

They also attended the Internet Governance Update (igovupdate) Birds of a Feather session, which all of the policymakers noted was a highlight of the week. This session was sponsored by the Internet Architecture Board to discuss IANA matters. “Policymakers gained a greater understanding of how the Internet and Internet standards work, something that had never been explained to them in such depth before,” Wentworth said. “Giving policymakers a chance to attend the IETF helps build trust among organizations, and this trust is key for the future of the Internet.” The Internet Society will provide a similar set of presentations for a new group of policymakers at IETF 89 in London that include senior policy leaders from Africa, Europe, and the Middle East. “Past participants of the ISOC’s IETF Policy Programme want to get more experts from their countries involved in the IETF,” Wentworth said, noting that it is always difficult to get academic and industry participation in standards work because it is a voluntary effort. “This programme is helping build awareness of the IETF in developing countries, which is needed.”]]> 756 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/packed-iab-plenary-debates-pervasive-monitoring-attacks/ Sat, 01 Mar 2014 18:57:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=758 758 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/meetecho-how-we-turned-an-ietf-experiment-into-an-ietf-tool/ Sat, 01 Mar 2014 18:59:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=760

A Jabber chatroom associated with each session, in which participants, both local and remote, can join using any compliant client in order to discuss the presentations

An MP3 audio feed to listen to what is being discussed in the physical rooms

In addition, the Jabber room typically is used to give remote participants hints about ongoing presentations, e.g., the name of the slide deck being projected, slide numbers, and so on. It is expected that remote participants download the slides and open them in a compliant viewer to follow the presentation. While this is an easy and often effective means for remote participation, it does not afford an optimal user experience. Users must download and install various applications (e.g., an extensible messaging and presence protocol (XMPP) client, a multimedia player, a slide viewer/editor), and use them at the same time. While the audio feed has a good quality, it also can have up to a 10-second delay, making seamless interaction (e.g., questions and answers) harder to achieve.

A Brief History

A few years ago, while considering our efforts to build a standards-compliant conferencing architecture, mostly based on IETF protocols, and our regular attendance at IETF meetings as active contributors, we asked ourselves: why can't we eat our own dog food? In fact, the IETF had already devised several protocols and architectures that could be leveraged for a better remote participation experience. We had already tested some remote participation using Meetecho at IETF 76 in Hiroshima, where Lorenzo Miniero had a presentation scheduled at the MEDIACTRL session but couldn't make it to Japan. In particular, a desktop application implementing XMPP, (session initiation protocol) SIP, and (real-time transport protocol) RTP, and providing slide sharing functionality was effectively used for a bidirectional interaction between Lorenzo and the local MEDIACTRL attendees. IETF 80, Prague This motivated us to propose a wider remote-participation experiment at IETF 80. Specifically, considering that a desktop application would have been more of an obstacle than an asset, we devised a web-based, front-end to our platform, thereby providing an integrated view of the Jabber room, the slides being projected, and an audio/video feed from the room. We focused on real-time delivery of the streams by extending our platform, which was already based on modified versions of open source components such as Asterisk, Openfire, and Tomcat, to better interact and seamlessly merge with the available IETF remote participation tools. We discussed the possibility of exploiting this new interface with IETF management, particularly with respect to the interaction with local equipment (e.g., room mixers) and supported seven sessions. The experiment proved quite successful—remote participants tested our platform and we received useful feedback that we used to further develop and strengthen our prototype experiment. While the presence of a video feed (a webcam in the sessions) confused some of the local participants, it was a very welcome feature by remote participants, who praised the possibility of looking at the mic line queues. Not all feedback was positive, but it was constructive and helpful. For example, all the sessions were recorded and made available a few days later, initially by means of a Java playback application. Several users complained about relying on an untrusted Java application, despite the fact that the source code had been made available. During the week we developed a completely web-based HTML5 player for the same recordings. That Web application was the first version of the one we use today to provide all the IETF recordings. IETF 81, Quebec City The success of the Prague experiment motivated us to improve our platform, improve the user interface, and propose another round at IETF 81. At the meeting, the number of supported sessions increased to 12, including two plenaries, resulting in a couple of parallel sessions. IETF 82, Taipei The experience we gained in Prague led us to new improvements that we applied at IETF 82, an important meeting in terms of remote participation—28 sessions were supported with up to three sessions in parallel; and for the first time, we used the tool for active remote participation. IETF 83, Paris By IETF 83, Meetecho wasn’t news anymore. We prepared a tutorial session on it, focusing on the so-called Meetecho Scribe, a role that can be played by any local participant in order to help remote attendees. Approximately 30 sessions were supported. IETF 83 also represented a milestone with respect to realization of a system for the automated management of floor control and the moderation of both local and remote participants (http://ietf83.conf.meetecho.com/index.php/UMPIRE_Project). This system is called UMPIRE (Universal Moderator for the Participation in IETF Remote Events) and is built around the Binary Floor Control Protocol (BFCP) that  represents the IETF standard protocol for moderation. At the time of this writing, UMPIRE has not yet been used to moderate actual meeting sessions. Although at the 83, 84, and 85 meetings it was demonstrated in a tutorial. Today we are awaiting completion of the Remote Participation Services document in order to further fine-tune UMPIRE and propose it for official adoption within the IETF. IETF 84, Vancouver With regard to the main functionality of the platform, we started work on WEBRTC/RTCWEB, the joint standardization of the W3C and the IETF to enable native, real-time multimedia communications within browsers. We implemented the missing bricks and added a way to make use of WebRTC to join the audio/video conference. We made the completed feature available for the RTCWEB session at IETF 84 (a possibility that was praised by the active contributors in the same working group). Vancouver also saw our platform used, for the first time, to stream and record both meeting sessions and some of the tutorials, which were recorded and converted to video files now available on the IETF education pages. IETF 85, Atlanta Intrigued by the possibilities offered by WebRTC, we started working with the Opus codec. At IETF 85 we made available an additional stream for remote participants—an HTTP-based Opus stream, which could be played in either HTML5 or an external player. We also added a Flash-based video stream. IETF 86, Orlando A decisive improvement was made for IETF 86: we changed the audio backend of our platform and got rid of the narrowband audio constraint by moving to a higher quality, wideband audio mix. Participants were now able to get a real-time audio feed as good as the official MP3 stream. The improved audio quality was a welcome addition to recordings and enabled us to better integrate the Opus codec into our platform and to take advantage of its novel features. IETF 87, Berlin The Opus integration motivated us to organize a high-quality, remote participation experiment based on Opus for the technical plenary at IETF 87, whose topic was Opus itself. We envisioned a completely Web-based attendance to the plenary, involving a high-quality VP8 video feed and a 48kHz mixed audio feed based on Opus. Our efforts were briefly discussed during the plenary. IETF 87 was also a training ground for experiments in recording tutorials, including a brief presentation of the MILE WG by Kathleen Moriarty. By that time, session recordings had become a fundamental asset for the community. IETF chairs rely on them when editing meeting minutes. WG participants, in turn, count on such synchronized multimedia assets for ex-post fruition of one or more recorded sessions.

Next Steps

We recently obtained a formal agreement with IETF management for support of an increasing number of sessions at upcoming meetings. (We supported nearly 40 sessions at IETF 88.) Future meetings will be both challenging and stimulating as we simultaneously cover more and more sessions. The plan is to cover all of them in Honolulu at IETF 91. With that goal in mind, we’re working on new features, including ways to automate the scribe role (instead of relying on a local participant for videos and slides) and obtain detailed participation statistics. We’re also seeking a more seamless integration with the community’s tools (meeting agenda, materials page, meeting minutes, etc.). We’re proud to be working with the community and for the community—whether you attend in person or not, we look forward to seeing you in London.]]> 760 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-the-geonet-bof/ Sat, 01 Mar 2014 19:03:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=762 An Overview of the GeoNet BoF GeoNet stands for geographical networking. The concept relates to the intertwining of Internet Protocol (IP) networking with geographical addressing. As used today, IP routing and addressing operate outside of geographic parameters such as coordinates or postal addresses. Possible applications of future Internet-wide geo-networking mechanisms include, but are not limited to, dissemination of IP packets to particular geographical areas, and precise tracking of package positions during a shipping process. More use cases are under discussion. The Birds-of-a-Feather (BoF) meeting at IETF 88 was the result of a multiyear effort initiated in 2012 in the context of IP communications in vehicular networks. The initial email list is still being used despite a change in the name—it is hosted at https://www.ietf.org/mailman/listinfo/its and includes approximately 250 subscribers. We held a bar BoF at IETF 87 with the participation of some key contributors, including the chair of ETSI ITS WG3 “Networking and Transport,” and an IAB shepherd. After the publication of an initial set of Internet-Drafts, a request to meet as an official GeoNet BoF was approved by the IESG. More than 100 participants attended the Vancouver BoF meeting. Current discussions target the development of a Charter and of a problem statement that will identify realistic goals for a potential working group. We also are refining a list of use cases around the topic of geographical dissemination of IP packets. While the first use case was related to vehicular communications (see below), more uses have been identified by partners at various organizations. The use case discussion is ongoing. For the London meeting, the group is preparing a charter proposal that would briefly lay out the problem, list the use-cases, and develop a list of deliverables. See the current text at https://github.com/melindashore/geonet.

Older Activities

Earlier efforts in this area targeted vehicular communications with geonetworking as a potential side-product. Vehicular traffic efficiency and management improve traffic flow, traffic coordination, and traffic assistance, and provide up-to-date local information, maps, and relevant messages well-defined in space and time. This has obvious applications in ensuring traffic safety. A fully functional mechanism for geographical dissemination of data to vehicles over IP networks would need the participation of many underlying mechanisms. Previous discussions revolved around the use of the DNS subsystem in the initial steps of resolving an IP address into a set of geocoordinates, and vice-versa. However, during the BoF meeting in Vancouver this was discarded based on certain drawbacks of a fully DNS-based architecture. One aspect considered very early is related to IP-over-foo. In the context of vehicular communications several wireless link layers are used for exchanging data among vehicles—one is IEEE 802.11p, which makes use of spectrum in the 5.9GHz band. The particularly dynamic nature of vehicle movement leads to stringent requirements on the use of IP datagrams on these dynamic links, hence a potential activity ofIP-over-foo, in which foo equals 802.11p, has been identified. However, at this time, this topic seems dedicated solely to vehicular communications, rather than the generic problem of geographical dissemination of data across paths that may traverse the Internet. In addition, several groups of external Standards Development Organizations (e.g., IEEE P1609.3, ETSI ITS TC WG3, and ISO TC204 WG16) have already developed stack models that are in near-deployment phases. Other interest has been expressed in vehicle-to-vehicle IP networking, alarm distribution among vehicles, vehicles in smart cities, autonomous driving, and more.

Current Goals

Mechanisms and IETF protocols are needed for authorized source nodes anywhere in the Internet to disseminate packets to other nodes in areas described by geographic parameters, while respecting the privacy concerns of sender and receiver. Parameters such as geographical coordinates and other geolocators, such as civic addresses, should be usable in order to specify the destination. Privacy concerns need to guarantee from the start that the new dissemination mechanism cannot be used to identify the geographical situation of computers issuing requests to resources or to prevent access based on such supposed identification. The main use cases currently under discussion are listed below. We expect that some will be merged to others or simply disappear. We will be meeting in London to discuss this.

• Dissemination to a geographical area (first figure): A source node, which may be located anywhere, sends packets to a wireless access router through the Internet. Those wireless access routers are selected based on geographical location information, and traffic is routed to them using the IPv6 address of the router and conventional IP routing. Each of the destination access routers then copies and broadcasts the received packets to listeners within its radio coverage area. 
• Goods tracking (second figure). A good delivered by a shipping organization has a provider-independent IP address. This good is tracked in that its geographical position is known to end-users continuously throughout the entire delivery process. The IP address of the good is associated to the geographical coordinates of the router to which it connects. Using IP addresses enables very finely grained and precise tracking.
• Vehicular traffic safety, efficiency, management, and infotainment. The data disseminated to roadside units (RSUs) is relevant for traffic management and  on-board infotainment.
• Mobile roadside unit. Most RSUs are placed at a fixed geographical location that will most likely not be changed until the device either reaches its end of life or is no longer needed at that location. But a mobile roadside unit, on the other hand, is portable and not switched off while moving, meaning that among other settings its geographical position adjusts as it moves. Such a mobile RSU allows more flexible use in multiple situations. For example, at a location along a road where there is ongoing road works, a road worker could take a Mobile RSU, position it somewhere at the road works site, and start sending warning messages to incoming vehicles. The next day it would position it elsewhere.
• Identification of originating area. In some IP network deployments in large cities, Internet Service Providers (ISPs) and Internet Content Providers (ICPs) need to identify which parts of the city originate the most IP traffic. When it has knowledge of the geographic location of an IP address, it can deduce the origin of the IP traffic and thus subsequently schedule its resources among the entire network to realize the best service for the Internet users.
• Geolocation of an instrumented ambulance. When an ambulance transports a casualty, the primary objectives are to get the medical data (e.g., vital signs) securely delivered to the hospital by telemetry through the Internet and to allow the Emergency Room doctor to remain connected to the emergency medical technicians in the ambulance. In addition, during this process the communication between the ambulance driver and the dispatcher, and the communication afforded by the ambulance hotspot to public authorities (Bring-Your-Own-Device, Bring-Your-Own-Communication), is critically qualified by geographical coordinates and geolocators such as civic addresses. This case should be further described because some of these functions are sometimes provided over radio by way of voice dispatching and by GPS trackers.

Relationships between GeoNet and other IETF Working Groups

Any new use cases GeoNet comes up with that require protocol changes for any overlay technology, such as LISP, can be done in the appropriate protocol working groups, such as the LISP WG. The GEOPRIV working group concentrates on protocols that allow applications to represent location/geography objects and to allow users to express policies on how these representations are exposed and used. Moreover, GEOPRIV analyses the authorization, integrity, and privacy requirements that must be met when these representations of location/geography are created, stored, and used. GeoNet mainly focuses on how IP routing and addressing use such location/geography representations. The LISP WG mainly focuses on network-layer-based protocol solutions that enable the separation of routing locators (where you are attached to the network) and identifiers (who you are) in one number space. GeoNet mainly focuses on how IP routing and addressing use geographic parameters to disseminate packets from a sender located anywhere in the Internet to nodes in the area specified by these geography parameters. The ECRIT WG focuses on how location data and call routing information are used to enable communication between a user and a relevant emergency response center. In particular, the ECRIT WG has specified protocols to map emergency services identifiers and geodetic or civic location information to service contact URIs. GeoNet mainly focuses on how IP routing and addressing use location information to disseminate packets from a sender located anywhere in the Internet to nodes that are located in the area specified by this geodetic or civic location information.

Next Steps

The most important next steps are to refine the set of use cases to a subset of achievable goals and agree on a charter. We will be meeting in London to progress both. The initial objectives of the group are focused on a common vocabulary for contexts using IP protocols and geography coordinates, on a data definition of geolocators, and on defining a bidirectional relationship—and not a mechanism—between geospatial locators and IP locators. For a complete solution, many solutions at different layers would be needed for the items below:

• The accurate representation of geographic areas using coordinates such as geolocators/logical coordinates and geographical/physical coordinates, and for the naming of geographic areas.
• Ensuring that geographical area information (for example,  geolocators, names, and physical geographic coordinates) is accurately mapped to an IP address or addresses.
• Databases associating locations with addresses may be  maintained at the source, intermediate or edge nodes, and at specific IP locator nodes.
• Ensuring that an IP address can be accurately mapped to geographic area information (geolocators, names, and geographic  physical coordinates). Note that this refers to the addresses of access routers, roadside units (RSUs), and so on, and not end nodes.
• Ensuring that data packets generated by source nodes placed arbitrarily in the Internet can be forwarded over multiple hops by using, where possible, geographic location representations of the destination node(s) and/or the intermediate nodes for the  routing decisions, instead of using their IP addresses. Note that in order to solve the above challenge it is not mandated that all nodes located on the path from source to destination nodes are able to forward packets using the geocoordinates of the destination node(s) and/or the intermediate nodes for routing decisions. This is emphasized by using the words where possible.

]]> 762 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-governance-for-ietfers/ Sat, 01 Mar 2014 19:18:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=789 WEIRDS and WHOIS Chris Disspain presented a description of the progress of the ICANN Expert Working Group (EWG) on gTLD Directory Services. Disspain is the ICANN Board liaison to the EWG. He observed that there are two kinds of issue. One has to do with the protocol itself: the WHOIS protocol has no structure to its data, and is badly designed for the international Internet we have today. The other kind has to do with policy questions such as accuracy, consistency, and privacy. Next, Murray Kucherawy, WEIRDS Working Group cochair, outlined the progress of the WG in delivering a new Registry Data Access Protocol (RDAP) that uses hypertext transfer protocol (HTTP). The idea is to use the facilities that HTTP already offers in order to reduce the effort required to satisfy all the needs. The goal of the discussion was to highlight the ways in which external needs of policy-making bodies can be satisfied by IETF work without the IETF work grinding to a halt while those needs are determined. As Olaf Kolkman (the other WEIRDS cochair) observed, the WG is depending on the extensibility of its design. The RDAP specification can proceed for number resources even while the exact problem description for name resources is not ready. Once the latter is ready, more extensions can be added to meet those needs. The result, it is hoped, will be able to satisfy even unknown policy requirements. Some BoF participants expressed skepticism about this approach. But unless the IETF is prepared to do nothing until external parties establish all requirements, it may not be able to do any work. In the case of WHOIS, the policy disputes have been going on for more than 10 years. If we want to proceed with flexible protocols, this is our way forward.

The Internet Governance Forum

The purpose of the discussion of the IGF was partly to make IETF participants aware of the way in which others in the world view “the technical community,” and partly to begin a discussion of how we might respond to those views. Some of these issues have come to the fore as a result of political developments having little to do with the IETF. Nevertheless, they make the IETF’s job more challenging. One of the things that came out of the IGF meeting was a plan for a spring 2014 meeting in Brazil on the topic of Internet governance. It is unclear the extent to which this meeting, or others, will continue to favour the multistakeholder approach with which many of us are familiar. A competing model is a more traditional, multilateral approach in which governments negotiate exclusively with one another. Such an approach could be bad for the IETF traditions of standards development. One of the central issues here is a mismatch of expectations. Organizations that work primarily through or extensively with governments often try to divide issues by representative groups. The IETF does not work that way: we officially take input from individuals, individuals act within working groups, and so on. This can be an awkward interface for government employees, who are often not allowed to deviate from an official government position. At the same time, as a community we have sometimes been loathe to engage in governance topics because we do not have a representative model, and therefore cannot appoint a representative to interact with other bodies. There was a great deal of feedback after the IGF about how useful it was to have Jari Arkko (as IETF chair) at the meeting, and it seems important to continue this work. In an effort to continue toward a resolution, BoF participants were invited to discuss issues on the internetgovtech@iab.org list.

Conclusion

While the two topics for this meeting may appear to be quite different, they have at their cores the fundamental question of how the IETF can deal with groups involved with policy rather than protocol. The policy/protocol distinction, while often relied upon, is not really as clear as one might wish. As the importance of the Internet grows, and especially in light of changing political circumstances, the IETF needs to establish how best to address policy demands. Advancing that work is what IGOVUPDATE at IETF 88 was all about. There will surely be more of this kind of work at future meetings.]]> 789 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-11/ Sat, 01 Mar 2014 19:21:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=794

Internet Congestion Control Research Group (iccrg)

Information-Centric Networking (icnrg)

Network Complexity Research Group (ncrg)

Network Management Research Group (nmrg)

Software Defined Networking Research Group (sdnrg)

In addition to the meetings of the already-chartered research groups, a new proposed research group on Network Coding held a third side meeting. The discussion was positive, and the Network Coding Research Group (nwcrg) was formally chartered on 13 November 2013. Since IETF 87, one new RFC (Request for Comment) has been published on the IRTF RFC Stream by the Scalable Active Multicast Research Group (samrg): RFC 7019 on “Application-Layer Multicast Extensions to REsource LOcation And Discovery (RELOAD).” The IRTF Open Meeting at IETF 88 was the venue for the final Applied Networking Research Prize (ANRP) winner of 2013 to present his research. Idilio Drago presented insights into characterizing the traffic and workloads of the Dropbox cloud storage system. You can read more about his work in "Cloud Storage Dissected: A View Inside Dropbox" in this issue. The 2014 nomination cycle of the ANRP concluded after IETF 88 with 46 nominations. The selection committee selected six award winners for 2014, with each of the three IETF meetings in 2014 scheduled to see two award talks, which will be announced shortly before each meeting.]]> 794 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/codematch-programme-aims-to-attract-computer-science-students-to-the-ietf/ Sat, 01 Mar 2014 19:22:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=797 797 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/cloud-storage-dissected-a-view-inside-dropbox-applied-networking-research-prize-winner-presentation/ Sat, 01 Mar 2014 19:25:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=799 http://irtf.org/anrp. The selection committee for the 2014 ANRP awards recently concluded its work of sifting through the highest number of nominations to date. The call for nominations for the 2015 award cycle will open in the autumn of 2014. Put it in your calendar now and submit your nominations when the time comes!

About the ANRP

The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The goal of the prize is to recognize the best new ideas in networking, and bring them to the Internet Engineering Task Force (IETF) and its research arm, the Internet Research Task Force (IRTF), especially in cases where they would not otherwise see much exposure or discussion. Researchers with relevant, recent results are encouraged to apply for this prize, which offers them the opportunity to present and discuss their work with the engineers, network operators, policy makers, and scientists who participate in the IETF the IRTF. Third-party nominations for this prize are encouraged. The Applied Networking Research Prize consists of:

• an invited talk at the IRTF Open Meeting
• a cash prize of $500 (USD)
• a travel grant to attend a week-long IETF meeting (including airfare, hotel, registration, and stipend)
• recognition at the IETF plenary
• an invitation to related social activities
• potential for additional travel grants to future IETF meetings, based on community feedback

]]> 799 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-14/ Sat, 01 Mar 2014 19:26:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=802 Internet Governance Update (igovupdate) Description: This meeting provided the IETF community with an opportunity to hear about and discuss some Internet governance developments, especially as they relate to protocol development in the WEIRDS working group (WG). There was also an update on proceedings at the Internet Governance Forum. Proceedings: http://www.ietf.org/proceedings/88/minutes/minutes-88-igovupdate Outcome: The meeting generated a lively discussion about the evolving Internet governance landscape, the issues that people believe need to addressed, and where those issues have touch points with the IETF.

RFC Format Design Team Update (rfcform)

Description: This will serve as a report out to the community and opportunity for discussion on the requirements for tool specifications for a revised RFC Format. Proceedings: http://www.ietf.org/proceedings/88/minutes/minutes-88-rfcform Outcome: The RFC Editor provided an update on the progress of the RFC Format Design Team. The community engaged in a detailed discussion of various open and ongoing issues.

Internet-wide Geo-Networking (geonet)

Description: Internet-wide geo-networking concerns IP-layer extensions that allow source nodes anywhere in the Internet to disseminate packets to all/any node(s) with geographic location awareness within a specified destination area. Use cases include environmental monitoring and vehicular networking. Proceedings: http://www.ietf.org/proceedings/88/minutes/minutes-88-geonet Outcome: More work is required to narrow the scope of this proposed activity so that it more closely aligns with IETF work. Another BoF meeting seems necessary to achieve that. Approximately 20 attendees expressed interest in working on documents on this subject.

Handling Pervasive Monitoring in the IETF (perpass)

Description: The perpass BoF was for discussion of the privacy properties of IETF protocols and concrete ways in which those properties could be improved. The meeting was not intended to be a precursor to formation of a WG, but rather to, for example, discuss ways in which IETF protocols at any layer can be made more robust against pervasive passive monitoring. If subsequent protocol work is to be done in the IETF, it will likely happen in existing or new protocol-specific WGs. Proceedings: http://www.ietf.org/proceedings/88/minutes/minutes-88-perpass Outcome: A lot of good discussion including identification of many potential work items for IETF, IAB, and others. The threat model is fairly mature. Discussion will continue on the perpass mailing list (https://www.ietf.org/mailman/listinfo/perpass).

Service Function Chaining (sfc)

Description: Network operators frequently utilize service functions such as packet filtering at firewalls, load-balancing, and transactional proxies (e.g., spam filters) in the delivery of services to end users. Delivery of these types of services is undergoing significant change with the introduction of virtualization, network overlays, and orchestration. Deploying service functions to support service delivery is currently both a technical and an organizational challenge involving significant modification to the network configuration, impacting the speed at which services can be deployed, and increasing operational costs. Such services are typically implemented by the ordered combination of a number of service functions that are deployed at different points within a network. Today, common deployment models have service functions inserted on the data-forwarding path between communicating peers. Going forward, however, there is a need to move to a model in which service functions—physical or virtualized—are not required to reside on the direct data path and traffic is instead steered through required service functions wherever they are deployed. For a given service, the abstracted view of the required service functions and the order in which they are to be applied is called a Service Function Chain (SFC). An SFC is instantiated through selection of specific service function instances on specific network nodes to form a service graph: this is called a Service Function Path (SFP). The service functions may be applied at any layer within the network protocol stack (network layer, transport layer, application layer, etc.). Proceedings: http://www.ietf.org/proceedings/88/minutes/minutes-88-sfc Outcome: This meeting was very well attended. The group of active participants have made considerable progress since their last meeting in Berlin (where they had a non-WG forming BoF). Lots of attendees volunteered to work on this topic and write documents. More work is required to define key terminology and more discussion will be required on the mailing list. (Editorial note: The Service Function Chaining working group was chartered on 20 December 2013).]]> 802 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-88-at-a-glance/ Sat, 01 Mar 2014 19:28:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=804 On-site attendees: 1,142

Newcomers: 123

Number of countries: 54

IETF Activity since IETF 87 (July 2013–November 2013)

New WGs: 7

WGs closed: 0

WG currently chartered: 115

New or revised Internet-Drafts (I-Ds): 1547

IETF Last Calls: 105

Internet-Drafts approved for publication: 101

RFCs published: 55

• 46 IETF (42 WG, 7 Individual/AD Sponsored), 1 IAB, 1 IRTF, 4 Independent

Live and Social Media

• YouTube: 276 max concurrent viewers, 748 total views by 3:30pm
• Twitter: 837 tweets on #IETF88, exposure via @IETF= 217,466, exposure via #IETF88=1,658,351, 40 new followers to @IETF
• Facebook: 327 Likes

Antiharassment Policy (www.ietf.org/iesg/statement/ietf-anti-harassment-policy.html)

• Specifies “IETF participants should not engage in harassment,” and establishes an ombudsperson.

Mentoring Programme now has 58 participants

IANA Activity since IETF 86 (July 2013–September 2013)

Processed 946+ IETF-related requests, including:

• Reviewed 79 I-Ds in Last Call and reviewed 64 I-Ds in Evaluation
• Reviewed 66 I-Ds prior to becoming RFCs, 35 of the 66 contained actions for IANA

SLA Performance

• Processing goal average for IETF-related requests: 99%
• Currently drafting the 2014 SLA

IANA and DNSSec

• 119 TLDs have a full chain of trust in the root, see http://stats.research.icann.org/dns/tld_report/

RFC Editor Activity since IETF 87 (July 2013–November 2013)

Published RFCs: 62

• 26 Standards Track, 3 BCP, 6 Experimental, 27 Informational

]]> 804 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-5/ Tue, 01 Jul 2014 15:01:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1643 ]]> 1643 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk/ Sat, 01 Nov 2014 14:50:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=232 The beautiful Canadian city of Toronto was the venue for the 90th meeting of the InternetEngineering Task Force hosted by Ericsson. As always, The IETF Journal presents an interesting sample of the events, discussions, and people that contributed to another great IETF meeting. Our cover article discusses the emerging field of autonomic networking—a potentially important step forward for plug-and-play networking. We also have an article about the Internet-of-Things Plugfest that took place during IETF 90, information about the Stack Evolution in a Middlebox Internet (SEMI) workshop coming in January 2015, and an article concerning routing on content locators that describes the technology demonstrated during the IETF 90 Bits-n-Bites event. We also celebrate the most recent winner of the Applied Networking Research Prize, and document an Internet Society panel event on the prospects for Internet security and privacy. Our regular columns from the IETF, IAB, and IRTF chairs, and coverage of hot topics discussed during the plenary meetings wrap up this issue. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available at http://wiki.tools.ietf.org/area/int/trac/wiki/IETF90. We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions at www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.

]]> 232 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/autonomic-networking/ Sat, 01 Nov 2014 15:19:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=250 Autonomic Networking (AN) One way to look at autonomic networking is “plug and play for the ISP” or “plug and play for the enterprise network.” This is a step forward from the original concept of plug and play for home networks, which has long been recognised as a vital requirement (see, for example, the work of the IETF HOMENET working group). The goal of self-management includes self-configuration, self-optimization, self-healing, and self-protection. AN puts operational intelligence into algorithms at the node level in order to minimize dependency on human administrators and central management. Nodes that participate in AN discover information about the surrounding network and negotiate parameter settings with their neighbours and other nodes. Ideally, autonomic nodes use stable closed-loop control methods to achieve self-management, instead of using more traditional top-down network configuration and monitoring tools to set and verify their parameters. Nodes may also have learning and cognitive capability, including the ability to self-adapt decision-making processes based on information and knowledge sensed from their environment. In the most sophisticated cases, advanced data analytics may be part of the input to the autonomic mechanisms.

More than Science Fiction

Many aspects of small networks have been self-configuring for years, including unmanaged home and small office networks. And numerous existing protocols have a flavour of autonomic properties (e.g., the spanning-tree algorithm needs no manual configuration in order to operate, and some routing protocols require very little configuration). Recently, prototypes and initial products of explicitly autonomic protocols have emerged from some of the major networking equipment vendors. However, it is clearly necessary to have some basic standards in place if AN is to become relevant to large multivendor networks.

Why Now

The main motivation is not new: large network operators, both Internet service providers (ISPs) and enterprises, have been increasingly suffering from the problems and difficulties caused by the central configuration of hundreds or thousands of network elements. Now, after years of research and discussion, ideas about how to achieve autonomic networking are becoming concrete. Fortunately, it is now also economic to provide enough computing power and memory in network elements to support AN. The time is therefore ripe for a standardisation effort.

Network Parameters

A number of use cases for large networks were proposed at the UCAN BoF: network address and prefix management, optimisation of mobile backhaul links, risk-aware routing, and detection of service-level agreement (SLA) violations. Other examples are starting to emerge as well, including monitoring and reporting, and others will certainly follow. Two very fundamental aspects of AN can be viewed as use cases in themselves: securely bootstrapping new devices, and creating a secure autonomic control plane for use by specific AN applications.

Keeping Control

While it is obviously desirable to reduce the need for tedious human interventions, it is essential that network managers can ensure that the network does what is needed and remains fully secure, even if many nodes are configuring and managing themselves. For this reason, the model for AN must include a mechanism for communicating the intent of human managers to all self-managing nodes for matters such as resource control, service requirements, and security policy. At the same time, in real networks, AN mechanisms will need to coexist with traditional top-down management and monitoring tools for many years, so it must be possible to introduce AN technology in small steps.

Next Steps

At the time of this writing, an ANIMA working group is under discussion in the IETF. A complete solution for autonomic networking would be a very ambitious goal. The scope of the proposed effort is much more modest: define a minimum set of specific reusable infrastructure components to support autonomic interactions between devices, and specify the application of these components to one or two elementary use cases of general value. The main goal is therefore to develop common infrastructure components for distributed functions. The infrastructure should be capable of providing the following services to those distributed functions:

• A common way to identify nodes
• A common security model
• A discovery mechanism
• A negotiation mechanism to enable closed-loop interactions
• A secure and logically separated communications channel
• A consistent autonomic management model

Some important topics are intentionally not included in these initial goals as they are considered separate matters that should be considered later:

• Mechanism for distributing policy intent to autonomic nodes
• Use of data analytics by autonomic nodes
• Other external information sources
• Systemwide integration of autonomics

Further Reading

draft-irtf-nmrg-autonomic-network-definitions and draft-irtf-nmrg-an-gap-analysis Mailing list: anima@ietf.org Acknowledgements: Several IRTF and IETF drafts were raided for text and ideas, and useful comments on this article were made by Leo Dorrendorf, Sheng Jiang, and Alexandre Petrescu.]]> 250 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-3/ Sat, 01 Nov 2014 15:41:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=286 The Internet of Things This is a big topic for the IETF—we seem to add more work every meeting! Three new items arose this time.

• The low-power and lossy networking Plugfest, where participants tested their implementations against each other. These kind of tests are a big part of the IETF mode of operation. While formally outside the meeting, implementers often gather at the IETF meeting to run such tests.
• The ACE working group (WG), which is focusing on how to bootstrap security and authorisation in a network of smart objects.
• The Bits-n-Bites event, which debuted new format and a focus topic. This time, ten organisations demonstrated Internet of Things solutions to a large audience of interested participants. We will continue the Bits-and-Bites event series at future IETF meetings—please propose focus topics that you would like to see.

Security and Privacy

Earlier this year we concluded that the IETF needs to do its part to ensure that Internet technology provides better tools against mass surveillance activities. Improving the security of the Internet is no easy task, but we are working hard on several fronts, including updating the Transport Layer Security (TLS) and Hypertext Transfer Protocol (HTTP) protocols (see TLS and HTTPBIS working group efforts). One of the difficult tradeoffs discussed was how increased use of encryption affects caching and other network functions. Although this continues to be a challenge, it is clear that HTTPS remains as an end-to-end security solution. Various caching and secure tunneling solutions may arise for other traffic, however. The new TCPINC working group had it first meeting on developing a new layer of opportunistic security. This is mainly for applications, such as the Web, that don’t use current transport layer security.

IANA

The IETF has been actively discussing the transition since the announcement from the US government in March. I am happy about it, but we at the IETF also see it as a part of longer-term evolution already in place with regards to how we deal with the oversight of IANA. In the last 15 years, we have developed the contracts, oversight mechanisms, and processes on which our part of IANA runs. Our meeting confirmed that the IETF community believes these mechanisms are sufficient going forward. In the coming weeks and months, we will document how these mechanisms address the oversight requirements. I feel very optimistic about the process. A few weeks after the meeting, we created the IANAPLAN WG as a forum to discuss the topic.

Next Up

IETF 91 is scheduled for 9–14 November in Honolulu, Hawaii. I would like to welcome everyone to the meeting! Between meetings, the work of the IETF runs on mailing lists. What can we expect in the coming months? The major projects, such as WebRTC, HTTP 2.0, and so on will continue. Some of the key milestones ahead include the publication of the final HTTP 2.0 RFC (later this year), as well as the conclusion of our part in the IANA transition work (planned for completion within 2014). Please visit our newcomers page if you would like to join us in this important work.]]> 286 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-3/ Sat, 01 Nov 2014 15:45:00 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=300 Highlights from the IAB Retreat For three days in May 2014, in Cancun, Mexico, the IAB met in conjunction with the Latin America and Caribbean Network Information Centre (LACNIC). One day of the three was spent meeting jointly with the Internet Engineering Steering Group (IESG); we also reached out to the LACNIC community—an effort that will hopefully bring more engineers from Latin America and the Caribbean into the IETF community. The IAB restructured its programs, thereby enabling the IAB to focus on those topics most relevant to today’s Internet. Specifically, as a reaction to revelations about pervasive monitoring, the Privacy and Security Programme represents a significant effort for the IAB in 2014. Following are the current IAB programmes:

• Emergency Services
• IANA Strategy
• Internationalization
• IP Stack Evolution
• ITU–T Coordination
• Liaison Oversight
• Name Resolution
• Privacy and Security Programme
• RFC Editor (includes RSOC)

More information on each of these programmes is available at www.iab.org/activities/programs/. IAB Encourages NIST to Use Open and Transparent Processes The IAB sent comments to the US National Institute for Standards and Technology (NIST) encouraging transparency and openness in their standards development processes. These comments are particularly relevant as it seems that at least one of the NIST security standards provides unexpected access. The entire comment can be seen at www.iab.org/wp-content/IAB-uploads/2014/04/IAB-NIST7977-20140407.pdf.

IANA Stewardship Transition

The IAB sent comments to the Internet Corporation for Assigned Names and Numbers (ICANN) on the principles, mechanisms, and process to develop a transition plan for the stewardship of Internet Assigned Numbers Authority (IANA) from the US National Telecommunication and Information Administration (NTIA) to the multistakeholder community. NTIA asked ICANN to facilitate a process to create a proposal, and the IAB provided these comments on the draft plan. The entire comment can be seen at www.iab.org/wp-content/IAB-uploads/2014/04/iab-response-to-20140408-20140428a.pdf. During IETF 90, participants of the IANAPLAN Birds of a Feather (BoF) set the direction for the creation of an IETF community plan for the IANA protocol parameters. The community decided that the IAB IANA Evolution Programme would take the pen, and that a new working group in the General Area would provide review and comment. Once the working group reaches consensus, there will be an IETF-wide last call. Then, the resulting plan will be sent to the recently formed IANA Stewardship Transition Coordination Group (ICG) to be combined with the plans from the names and numbers communities. Finally, the ICG will deliver the combined plan to NTIA after the Internet community has reviewed it. The ICG comprises 30 members and two liaisons from a vast number of Internet-related organizations.

• The IAB appointed Russ Housley and Lynn St.Amour to the ICG.
• The IESG appointed Alissa Cooper and Jari Arkko to the ICG.
• The ICG selected Alissa Cooper to be its chair.

The entire ICG membership is listed at www.icann.org/resources/pages/coordination-group-2014-06-17-en. Highlights since IETF 89

• The IAB appointed Sarah Banks and Robert Sparks to the RFC Series Oversight Committee (RSOC).
• The IAB appointed Sean Turner to the Internet Society Board of Trustees.
• The IAB appointed Matt Miller as liaison manager to ECMA TC39.
• The IAB published RFC 7288 on “Reflections on Host Firewalls.”
• The IAB published RFC 7295 on “Report from the IAB/IRTF Workshop on Congestion Control.”
• The IAB published RFC 7305 on “Report from the IAB Workshop on Internet Technology Adoption and Transition (ITAT).”
• The IAB published RFC 7241 on “The IEEE 802/IETF Relationship.”

]]> 300 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/experts-say-economics-and-politics-hamper-efficient-routing-of-internet-data/ Sat, 01 Nov 2014 15:51:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=309 “There are, of course, people and governments who are keen to link intranetwork traffic to geography, to geopolitical boundaries. But there are also real issues of geography that affect the way the network operates. ” IXmaps wants to dispel the notion that the Internet is a “cloud,” and instead demonstrate that it consists of a few Internet exchange points that route a massive amount of traffic. In the United States, for example, almost all Internet traffic passes through switching centers in 18 cities. Further, traffic that begins and ends in Canada often travels through the United States, a phenomenon IXmaps calls boomerang routing. What worries IXmaps researchers is the fact that the NSA has a wide-ranging surveillance system that intercepts, copies, analyzes and stores all Internet traffic on US networks. “Our work has shown that NSA interception in just 18 US cities can capture nearly 100 percent of US domestic traffic,” Gamba-Bari said. “Foreign traffic that transits the United States is also very likely to be intercepted. From our data, we estimate that 25 percent of domestic Canadian traffic is routed via the United States and, hence, subject to NSA surveillance.” University of Toronto researchers are transforming IXmaps from a prototype into a more widely usable Internet mapping and policy analysis tool, thanks to a grant from the Canadian Internet Registration Authority (CIRA). The goal is for IXmaps to become more reliable and flexible as well as to improve the accuracy of the geolocation component. IXmaps also hopes to expand beyond North America. “We welcome offers of help internationalizing IXmaps and making it more sustainable,” Gamba-Bari said. “We will put it under a free Open Source software license to make it easier for others to take it in their own directions.” Next, the Internet Society’s director of development, Jane Coffin, spoke about the group’s effort to build local infrastructure, which includes Internet exchange points (IXPs) as well as the human, technical and governance infrastructure around them. An IXP “is a physical location where different IP networks meet to exchange traffic and to keep local traffic local,” Coffin said, adding that it is more than boxes and wires. “Ninety-five percent of this is the human engineering—how we bring the different character sets together of ISPs, network operators, and research and education networks.” By building IXPs in far-flung locations, ISOC is creating local communities of interest. “You improve the quality of Internet services,” Coffin said. “You drive up demand. Latency comes down. Quality of service usually goes up.” In addition, IXPs attract content development. “Content is generated by businesses that have confidence in those infrastructures,” she said. “We know this is a catalyst for overall Internet development from our experience and what we’ve seen.” For example, a new IXP in Kenya resulted in latency reductions from 200 to 600 milliseconds down to a range of 2 to 10 milliseconds. Not only did end users in Kenya see better Internet performance from the new exchange point, but there were cost savings of $1.5 million per year on international transit for local mobile operators.  Further, the new IXP facilitated e-government services, with the Kenya tax authority peering there. Coffin said similar improvements in Internet performance and economics are occurring in Argentina and Brazil. “In Ecuador, before the IXP went in, international transit was $100 per megabit per second,” Coffin said. “It is now local traffic that is $1 per megabit per second.”

"When you improve the quality of Internet services, you drive up demand. Latency comes down, and quality of service usually goes up."

Coffin said developing countries can use these new IXPs to deploy emerging technology, such as public key encryption, IPv6 and top-level domains. “After a content delivery network [CDN] cache was installed in Quito in 2009, traffic went up by 700 percent. This is local traffic,” she added. Coffin said there are more than 350 IXPs around the world. ISOC is not only building new IXPs around the globe, but helping grow IXPs that already exist. ISOC provides equipment, technical assistance, and economic guidance, and cooperates with local government. She outlined two ongoing projects in the Africa Union, called Axis I and II. So far, they’ve held 30 best practices workshops and launched four IXPs this year. In addition, they’ve sponsored five regional meetings across Africa to bring regulators, policymakers, and network operators together to discuss the importance of growing the regional Internet infrastructure. “There are so many landlocked countries in Africa that it’s important for some of those government entities to try to work together,” Coffin said. “There was one instance in Zimbabwe where it took almost two months to string some fiber about a hundred meters, due to the fact that it was over a bridge that was historic.” Coffin said ISOC is working with the Regional Internet Registries such as LACNIC in Latin America as well as individual country network information centers like NIC.br in Brazil. Large corporations are supporting the work by providing grants and equipment. Coffin emphasized that IXPs are designed to keep Internet traffic local for better performance and lower costs, not to be centralized locations for government surveillance. “It is not set up to be a monitoring facility for deep packet inspection. Or at least that’s our philosophy,” she said. Finally, Amogh Dhamdhere described the data regarding network topology and geography available from the Center for Applied Internet Data Analysis (CAIDA) at the University of California, San Diego. CAIDA operates a network measurement infrastructure called Archipelago that consists of 102 monitors, which collect data about IPv4 and IPv6 traffic in 39 countries. Archipelago collects traceroutes from the entire routed IPv4 and IPv6 space, as well as alias resolution measurements for router-level topologies and measurements of interdomain congestion. Dhamdhere, a researcher at CAIDA, said the Archipelago infrastructure has collected 6 terabytes of compressed data since 2007, all of which is available to network research and operators. CAIDA provides the raw traceroutes in their original form, curated topology data sets and asynchronous number topologies for IPv4 and IPv6. “One of the goals of a currently funded project that we’re working on is to make it easier for researchers and people interested in this kind of analysis to actually access this data and do interesting things with it,” Dhamdhere said. “We’re building support for rich queries on this traceroute data, and the idea is to put them together with other kinds of data such as geolocation, annotated AS-level topologies, and router-level topologies.” Eventually, CAIDA wants to provide data that can be used for regional analysis such as measuring how many routes for Canada-to-Canada communications exited Canada and traverse through US networking hubs. “Suppose we predicted that a certain region was going to be affected in the sense of a natural disaster like a hurricane or a storm coming up or political instability. We’d like to know all the paths from our current monitors that actually traverse that region,” Dhamdhere said. “These paths might be rerouted or might even go down when something actually happens.” He said CAIDA is looking for volunteers to host additional Archipelago monitors, which are Raspberry Pi computers that cost only $35 each. People with Archipelago monitors can take advantage of an interactive topology-on-demand service called Vela, which visualizes traceroutes on a map. Another CAIDA service is a DNS-based geolocation service, which gives hints about the geographic location of a domain. Finally, CAIDA offers a repository of tools and data regarding autonomous systems (AS), including a map that uses geolocation data to infer where an AS has deployed infrastructure. “We have an interface where operators can go in and enter corrections to the inferences we’ve made,” Dhamdhere added. One work in progress at CAIDA is data about which networks peer at IXPs. “We’re trying to expand the set of Internet exchange points from which we can actually infer reliably the set of connected networks,” Dhamdhere said. “We’ve recently done some work on mining historical peering data… to figure out colocation by different networks at IXPs, what kind of peering policies they advertise, how all of this evolves over time, and we can actually find interesting things like geographical expansion of networks just by looking at historical peering data.” CAIDA has used its data to analyze country-level Internet blackouts and outages such as those that happened in the Arab Spring as well as the impact of natural disasters such as earthquakes and hurricanes. CAIDA is “trying to develop metrics and tools to automatically detect outages of this type,” Dhamdhere said. He said most of CAIDA’s data, research, and tools are available online to the IETF community. “If you’d like to collaborate on anything or just get access to the data, then we’d love to hear from you,” he added. Sullivan asked the panelists why network operators don’t spend money to build IXPs given that it is more efficient to keep traffic local. Coffin said that in countries such as Chad, the network operator can’t afford to build new infrastructure. In other countries, such as Cote d’Ivoire, the incumbent doesn’t have an economic incentive to build a community of interest around an IXP. She said ISOC has to explain to governments the importance of IXPs and that the benefits are not always obvious. Being able to donate equipment and staff to install it and train others to run it helps get IXPs built, she added. With regard to boomerang routing, Gamba-Bari said it may occur because network infrastructure doesn’t exist to support a more direct route. For example, traffic from Halifax to Vancouver must travel through the United States. In other cases, inefficient data paths result from networks deciding to peer with some networks and not others. That’s why traffic from one Toronto building to another might end up going through the United States. A commenter from the audience, Jacques Latour of CIRA, pointed out that Canada’s network incumbent doesn’t want new IXPs built or to peer with local ISPs because it cuts into their revenue stream. He said all of the new IXPs in Canada are bringing in tier one carriers from other countries that are competing with the Canadian incumbent provider and driving down prices, which is good for consumers. He said CIRA is helping set up new IXPs in every province. “The core of the Internet is the IXP,” Latour said. “That’s where you generate bandwidth. That’s where content providers go. This is where people can get high volume of data for low cost.” Coffin added that it takes years to build a community of interest around new IXPs in developing countries, explaining the economic advantages and addressing worries about surveillance systems being installed in these locations. In Trinidad, it took seven years, while Bolivia took three years, she added. “It is very difficult to grow those communities of interest,” Coffin said. “They are not mushrooms—you don’t just sprinkle some water and they come up. It takes a lot of time and energy.”]]> 309 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-explores-internet-security-privacy-outlook/ Sat, 01 Nov 2014 15:55:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=335 “As we design technology and as we build on it, we need to think of the interfaces for social controls and legal and regulatory controls to make sure the systems we are building have the properties of protecting users.” McPherson expanded on that notion by explaining his concerns about information sharing among security-related groups. Today, there is no process for removing misinformation from the data these groups share, he said. “Closed security groups that are trying to protect against some aspect of attack or a botnet or deal with cybercrime… are very effective,” he said. “But there is not a lot of provenance of where did this data come from, how we get the information back, how we get our reputation back, or what happens if misinformation is injected into this information. In 10 years, we will have a lot of scorched earth in numbers and name spaces. It’s going to be hard to find situations where a number doesn’t break in some [intrusion detection system] or some sensor or some [intrusion prevention system] or is blacklisted somewhere.’’ Robachevsky asked the panelists to identify emerging privacy or security approaches that may prove to be revolutionary. Oran outlined the pros and cons of an alternative architecture known as information-centric networking (ICN) that he has been working on for three years. While the Internet focuses on securing transport channels through protocols, such as TLS and IPsec, ICN doesn’t worry about channels and instead secures content with built-in encryption. “There are a couple of benefits to this approach. It’s simpler to understand the chain of custody of the content, and it allows you to protect the content at rest in the same way as it was protected while in the communication system,” Oran explained. “These systems were designed with integrity and provenance built in.” Oran pointed out that while the source of data in an ICN architecture is anonymous, the name of the content is public. “You’re trading off consumer anonymity for content anonymity,”’ he said. “It’s not clear if that’s the right tradeoff.” While the ICN approach eliminates many types of attacks, it still leaves the Internet open to Distributed Denial of Service attacks. It’s unclear how Internet business models would evolve in an ICN architecture, Oran added.

“There is no magic bullet,” Oran said. “The hard problems are still hard. Trust management is an unsolved problem in the ICN world, just like in the IP world.”

Oran mentioned two other promising technologies: functional encryption and privacy-preserving query systems. Functional encryption allows a user to perform computations on encrypted data, which is useful for middle boxes that perform operations on data. However, today’s computing technology needs to be orders of magnitude faster in order to make functional encryption practical. Meanwhile, privacy-preserving query systems attempt to improve the data confidentiality of large database systems by conducting limited queries on encrypted data. “These are just some technologies that may be important in our Internet lives some number of years out,” Oran concluded. Seltzer added that privacy-preserving query systems depend on cooperative protocols where data collectors limit the data that is being shared and participants limit their disclosures. “Along with these mathematical tools, we will also need the social organizing functions of distributed systems and technologies that build from control by the end user and that enable us as users to exercise some collective action to demand better security and privacy from the systems that we use,” she explained. Lynch said the future will require Internet engineers to keep balancing between security and privacy and that this tussle will not end in the foreseeable future. She said the relationship between data collectors and users is asymmetric today, with data collectors having an enormous amount of power while individual data subjects have little power. “People don’t pay to be part of some of these systems. So they pay with data instead of paying with cash. An economic model that shifts all of that might shift the concern for protecting the individual data subject in a way that’s privacy preserving, but it would require the data subject to be willing to put up something, either accurate and anonymized data or cash or something else,” Lynch said. “It’s more about finding balance points between security, privacy, secrecy, and the public good.” In response to a question from the audience, Oran pointed out that the Internet engineering community is better at security and privacy than it was 10 years ago, and that more improvement can come in the next decade, too. “It’s no longer acceptable to design, let alone deploy, a technology without understanding the security properties and consider security as part of the design,” Oran said. “I’m somewhat optimistic that we’ve gone through a phase change. It’s unlikely that somebody gets very far with a design before somebody else asks: How secure is it? What is the threat model? What are the vulnerabilities? And how does it change the attack surface?”]]> 335 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/information-routing-on-content-locators/ Sat, 01 Nov 2014 16:02:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=350 Context The increase in Internet traffic volume for applications, such as mobile video and cloud computing, has led to various technologies enabling content distribution that rely on caching and replication. As they are proprietary and deployed in silos, these content-distribution technologies do not allow unique and securely identified named information independent of the distribution channel. Moreover, these technologies are usually implemented as an overlay, which leads to needless inefficiency. Two seed models—the overlay model and the name-based routing model—can be identified as the root of most currently proposed approaches to information-centric networking (ICN). The latter aims at enabling data to become independent from their network/physical location, application, and storage support, as well as their transport/distribution channel in support of both user and content mobility.

The Limits of Name-based Routing

The name of a resource indicates what we seek, an address (locator) indicates where it is. Following this distinction, the two major alternatives currently under investigation consider either routing on content names (with IP addresses keeping the network locator semantic) or introducing another level of indirection (overlay) by extending the IP address semantic to include a location name from where the information can be retrieved. The first alternative suffers from limited scaling (in terms of memory space) as approaches such as Content-Centric Networking (CCN)[1] are confronted with name spaces that have not been designed to sustain forwarding performance and scaling. Indeed, the routing information corresponding to each content object has to be maintained in the routing table, the number of content objects is very large (between 10¹⁵ and 10²²[2]), and the size of the routing tables becomes a key concern. Assume for instance that routing tables would include one entry per top-level domain, a name-based routing table would have to hold 2x10⁸ routes (compared to the 5x10⁵ active BGP routes as of mid-2014). Moreover, the resulting size increase of the routing tables and associated processing would worsen over time as the number of domains increases by 10–15% per year (as indicated in the Verisign report of April 2013). Finally, the adoption of a new content name space is challenging, but the maintenance of a hierarchical tree-based structure (summarization) is even more difficult. The second alternative raises the same kinds of issues as any network overlay following the well-known aphorism of D. Wheeler that describes the problem of too many levels of indirection: “All problems in computer science can be solved by adding another level of indirection ... but that usually will create another problem.” If names become the fundamental structure of the information exchange process, name-based routing becomes a scaling and performance bottleneck. So, unless names get overloaded with locator semantics, there is no means by which the resolution of a name into an address can be avoided. The implication being that conventional approaches to ICN like CCN or its multiple variants (see “Networking named content”[3] and “Named Data Networking”[4]) shift this operation to a network-layer functionality. On the other hand, this concept exacerbates the memory-scaling limits of stretch-1 shortest path routing already observed in many experimental studies and theoretic investigations.

Content Locators

With both alternatives, the fundamental problem is as follows: localization and routing refer to distinct functions associated to distinct objects (address vs. route), which cannot be derived from each other using local knowledge. Moreover, the higher the level of information on which the routing decision is performed, the higher the memory cost. On the other hand, lowering the level by providing additional resolution processes increases the communication cost and latency. This observation leads to the consideration that (1) content-based forwarding requires one to keep locators (instead of names) as the information unit for routing/forwarding decisions and, (2) the locator space, say X, should also elevate the memory-scaling problem induced by stretch-1 shortest path routing. To this end, the localization function performing at x ∈ X shall, after resolving the content name into the corresponding locator, say y ∈ X, compute the distance d(x,y) and the routing function (distributed by nature) shall determine locally and independently for any destination the adjacent node along a loop-free path, such that incoming messages directed to destination y can reach it. Hence, we seek a locator space X that can be processed at end-points by the localization function and at intermediate nodes by the routing function. It remains to be seen which locator value space would best fit this combined role. An obvious choice would be a so-called topology-dependent label space. However, such a value space is prone to renumbering, even in the case of non-local topological change; hence, it is unsuitable. Another possible choice would be the reuse of the IP address space as existing Internet routing protocols operate using such a locator space. However, IP locators have no associated distance metric; meaning, no distance computation and no selective localization of content are possible when the same content object is available at multiple locations. Ideally, the locator space should be as independent as possible from topology changes, while also providing sufficient information to compute distances where it is processed provided that different receivers compute distances following the same distance function (we will see later the implications of the model selection when detailing coordinate computation). Instead, by associating data objects with content locators from a (geo)metric space (X,d)  where, to each element of the space X corresponds a globally unique geo­metric coordinate and d is a distance function (or metric) which verifies that " x,y ∈ X, d(x,y)=d(y,x) > 0 when x≠y otherwise d(x,y)=d(y,x)=0 together with the triangular inequality, we satisfy these requirements and prevent renumbering in the case of topology change.

Geometric Routing on Content Locators

In addition, the selection of this coordinate space must be performed hand-in-hand with the design of a routing scheme capable of addressing the memory space complexity (O(n.(log(n))) characterizing stretch-1 routing algorithms such as Border Gateway Protocol (BGP). For this purpose, we introduce in “Geometric information routing”[5] a variant of geometric routing in which distances between nodes are computed from the length of the corresponding geodesic segments drawn out of the hyperbolic plane H². From a routing-information-distribution perspective, this routing scheme operates following a modified distance-vector algorithm enabling the construction of geodesic segments. These segments are combined by means of procedures similar to pathlet/segment routing. To reduce the number of routing entries, coordinate sets are represented by geometric areas. As geometric coordinates are associated with the locations of content objects, the underlying model is referred to as geometric information routing. Coordinates can be computed offline by different procedures: by means of distance preserving graph embedding or a variant of the Vivaldi algorithm in the hyperbolic space represented by the hyperboloid model (also referred to as the Loid model). The distortion introduced by the hyperbolic model is determined by two parameters: the distance function and the curvature, which represents the amount by which an object in the space deviates from being flat (i.e., Euclidean). Instead of selecting the hyperbolic space curvature that produces the lowest error (thus avoiding the trial-and-error of embedding functions), we make use of the fundamental formula which relates the curvature κ of the hyperbolic space to the value δ of the topology graph. In other words, the knowledge of the geometric properties of the Internet topology yields a coordinate-computation algorithm of similar computational complexity to the canonical Vivaldi algorithm with Euclidean distance. If the coordinate computation procedure could not be unified with the routing-information primitive exchange, a simple extension to the Inverse ARP protocol would enable coordinate allocation. Compared to the map-based model proposed in “Greedy forwarding in dynamic scale-free networks embedded in hyperbolic metric spaces”[6], the proposed approach does not rely on the construction of a virtual map obtained by applying empirical rules derived from the hidden hyperbolic space underlying the observable Internet router/AS topology, instead it uses the observable topological properties. Compared to Border Gateway Protocol (BGP) with IP geolocation it relies on the exchange of content locators taken out of the IP address space (also known as a push model). However, the IP locator space has no associated distance metric preventing selective localization when the same content object is available at multiple locations. Figure 1. Content Name Registration and Resolution To illustrate the operation of this information routing model, assume that the requester r associated with coordinate x queries for a given content object and issues a request following the process illustrated in Figure 1. Referring to the middle of Figure 2, the requester receives locator (coordinate) y1 which is associated to the server s1. Since the path following the minimum hop-count distance dG(r,s1) (in red) does not correspond to the path with the shortest hyperbolic distance dH(r,s1) (in blue), the path-selection process depends on the distance metric. Moreover, as a copy of a given object can be available at multiple servers locations s1,s4, which is often the case in distributed information systems, the requester may receive a response including multiple locators, i.e., the coordinates set {y1,y4} (see right-hand-side of Figure 2). From this set, it can determine the hyperbolic distance dH . Hence, it can also select the `nearest' server where a given content object is accessible by computing the minimum distance dH which is actually different from one obtained if the hop count distance dG would be used to perform that selection.  Indeed, referring to the right-hand-side of Figure 2, one can see that min{dG(r,s1),dG(r,s4)} = dG(r,s1) (in blue) whereas min{dH(r,s1),dH(r,s4)} = dH(r,s4) (in green); thus, the selection of the closest (or nearest) server differs between the metric graph XG and the topology graph V(G). The reverse operation also applies: by receiving incoming packets that include in their header the coordinate associated to the source x (i.e., the locator associated to the requesting terminal r), the destination can determine the distance d(s1,r) without involving additional resolution or translation. This technique avoids requiring discovery of a reverse forwarding path from y1 back to the requester x, as is the case when the content object name is used to forward the request towards the content host. Figure 2. Example for Geometric Information Routing Operation

Conclusion and Next Steps

We propose an alternative routing scheme for ICN in which content names are assigned locators, and geometric routing is performed on those locators. This model—in which routing decisions are performed on content locators—avoids name-to-locator resolution by intermediate nodes, and instead considers that name resolution by end hosts provides them with the information they need to select the destination. The salient feature of this addressing and routing model comes from (1) the property of coordinate-based content locators: these coordinates can be used by the distributed routing function to perform geometric routing decisions, and (2) the fact that as both localization and routing functions are performed on content locators, the result is localization of cached content. Indeed, as there is no distinction between a server and a cache locator, if an intermediate node keeps a local copy of a content object, it can register it as any other object stored on a content server. Subsequently, a requester could receive from the name resolver a (set of) content locator(s) associated to a (set of) intermediate node(s) instead of a server. To demonstrate the successful operation of the proposed information routing scheme—based on functionality and potential performance gains in memory, bandwidth, and sender-to-receiver delay—we developed new routing and forwarding elements to enable packet processing according to geometric routing operations. We experimentally validated this information-routing model and scheme on the iLab.t virtual wall testbed and compared it with information-centric networking based on BGP with IP geolocation.[7] Against the latter, we gain a factor n (number of nodes) in memory space required to store routing information, and a factor √n in the memory space required to store routing tables while limiting the routing path stretch increase to a small additive constant (characterizing the geometric property of the topology). The notion of distance in geometric routing and caching in intermediate nodes affects the capacity utilization and results in more-balanced traffic on the links and a significantly decreased end-to-end delay between terminals and servers. Future work will investigate the possible unification of coordinate computation procedures with routing information exchange primitives. Novel caching strategies exploiting topology properties (such as node degree and centrality) remain for further exploration. Even more importantly, investigation of information routing on content locators can also seed new research topics combining addressing and routing algorithms.

References

1. T. Koponen, M. Chawla, B. G. Chun, A. Ermolinskiy, K. H. Kim, S. Shenker, and I. Stoica, “A data-oriented (and beyond) network architecture,” Proc. of 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ACM SIGCOMM ’07, pp.181–192, New York, NY, USA.
2. D. Kutscher (Ed.), “ICN research challenges,” Work in progress, February 2014.
3. V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard, “Networking named content,” Proc. of CoNEXT 2009, pp.1–12, Rome, Italy, December 2009.
4. L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, K. Claffy, P. Crowley, C. Papadopoulos, L. Wang, and B. Zhang, “Named Data Networking,” ACM SIGCOMM Computer Communication Review (CCR), 44(3):66–73, July 2014.
5. D. Papadimitriou, D. Colle, P. Audenaert, and P. Demeester. “Geometric information routing,” Proc. of  IEEE International Conference on Advanced Networks and Telecommuncations Systems (ANTS), pp.1–8, Dec.2013.
6. F. Papadopoulos, D. Krioukov, M. Bogua, and A. Vahdat, “Greedy forwarding in dynamic scale-free networks embedded in hyperbolic metric spaces,” Proc. of IEEE INFOCOM 2010, pp.1-9, 2010.
7. S. Sahhaf, D. Papadimitriou, W. Tavernier, D. Colle, and M. Pickavet, “Experimentation of geometric information routing on content locators,” To appear in Proceedings of CNERT 2014, colocated with International Conference on Network Protocols (ICNP) 2014, October 2014.

]]> 350 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/routing-security-on-the-internet-is-it-really-worth-the-effort/ Sat, 01 Nov 2014 16:05:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=360 Proc. ACM SIGCOMM, Hong Kong, China, August 2013), Lychev and his coauthors, Sharon Goldberg and Michael Schapira, report that (1) partially deployed security measures sometimes introduce new vulnerabilities, and (2) partial deployment provides only meagre benefits over RPKI if operators do not prioritise security over all other considerations in their routing policies. Speaking about the award and his trip to the IETF meeting in Toronto, Lychev said, “I think that I have learned quite a bit from this meeting. I met a lot of people, and I hope to start new collaborations with some of them in the near future.” Robert’s slides are available at  http://www.ietf.org/proceedings/90/slides/slides-90-irtfopen-1.pdf. Audio from the presentation is available at http://recordings.conf.meetecho.com/Playout/watch.jsp?recording=IETF90_IRTFOPEN&chapter=chapter_0 (starting at 00:09:00). The nomination period for prizes to be awarded in 2015 closed on 31 October 2014.]]> 360 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-lossy-network-plugfest-demonstrates-running-internet-of-things-code/ Sat, 01 Nov 2014 16:07:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=367 Introduction Several WGs design solutions for wireless networks of constrained devices, also known as low-power and lossy networks, the cornerstone of the Internet of Things.

• The 6lo (WPAN) WGs has standardized an adaptation layer to efficiently carry (long) IPv6 packets over (short) IEEE802.15.4 frames, and other link-layer technologies.
• The ROLL WG has defined the RPL routing protocol, which enables multihop topologies in those constrained networks.
• The 6TiSCH WG is chartered to enable an IPv6-based upper-stack to run on top of the IEEE802.15.4 TSCH link layer. TSCH technology, widely deployed in low-power wireless industrial monitoring solutions, enables ultra-low power and high reliability, and introduces determinism to LLNs.
• Other groups in the LLN space include the CoRE, ACE, DICE, and LWIG WGs.

Each of the aforementioned WGs focuses on a subset of the IoT. For this reason, it is important that we also keep the big picture in mind, that we continuously integrate RFCs and I-Ds from these WGs into one working network to enable the flagging of potential conflicts or missing work. To that end, the 6TiSCH, 6lo, and ROLL WGs cohosted Plugfest3 at IETF 90, cochaired by Xavier Vilajosana from the Universitat Oberta de Catalunya and Ines Robles from LMF Ericsson.

Technical Outcomes

Pascal Thubert from Cisco Systems4 and Thomas Watteyne from Linear Technology5 presented a joint implementation of the multi-LLN architecture defined by the 6TiSCH WG. They interconnected two SmartMesh IP wireless networks through two Cisco i3000 industrial switches. Linear Technology’s SmartMesh IP is a commercial product which implements 6LoWPAN and IEEE802.15.4e TSCH, and uses techniques similar to the ones being standardized by 6TiSCH. The Cisco switches play the role of 6LoWPAN Backbone Router6, federating the two independent SmartMesh IP wireless networks under a single IPv6 prefix. The University of California, Berkeley’s OpenWSN7 project is an open-source implementation of the protocol stack standardized by the 6TiSCH WG, ported on a variety of hardware and software platforms. Nicola Accettura (University of California, Berkeley), Pere Tuset and Xavier Vilajosana (Universitat Oberta de Catalunya), Qin Wang and Tengfei Chang (University of Science and Technology Beijing), Marcelo Barros and Vitor Garbellini (Universidade Federal de Uberlândia), and Thomas Watteyne (OpenWSN project coordinator) showed a 10-mote network of OpenMote devices implementing the latest I-Ds developed by the 6TiSCH WG.8,9,10,11 The demonstration consisted of a Constrained Application Protocol (CoAP) client triggering the reservation of link-layer cells along a multihop route. OpenMote12 is a startup company that provides an ecosystem of hardware for the Internet of Things. At its core is the OpenMote, a fully programmable and easy-to-use IEEE802.15.4-embedded communication platform. Multiple open-source implementations, including OpenWSN, fully support the OpenMote. Cofounders Pere Tuset and Xavier Vilajosana demonstrated how an OpenMote can be turned into a wireless packet-capture device for Wireshark, and discussed ongoing work supporting the FreeRTOS operating system in tickless mode. Cedric Adjih from Inria gave a live demonstration of FIT-IoT’s IoT-LAB13 testbed. This open testbed comprises 2,728 wireless devices deployed on six sites across France. A RESTful web interface enables a user to remotely reserve a number of devices, reprogram them with custom firmware, and monitor their activity. Several open-source implementations, including OpenWSN and RIOT14, can be used on the IoT-LAB platforms. Oliver Hahm (Inria) and Thomas Eichinger (FU Berlin) presented RIOT, the friendly operating system for the IoT. They gave a live demonstration of the RIOT operating system running the protocol stack from the OpenWSN project on the IoT-LAB_M3 board. Jürgen Schönwälder (Jacobs University Bremen) demonstrated an implementation of the 6loWPAN-MIB15 in Contiki, running on the AVR Raven. This I-D defines a set of counters for monitoring the behavior of a 6LoWPAN stack implementation for packets, errors, compression, fragmentation parameters, etc. The demonstration involved retrieving those counters both through Simple Network Management Protocol (SNMP) and CoAP on 6lo16 devices. Vincent Ladeveze17 is developing Wireshark dissectors for IEEE802.15.4e TSCH and other I-Ds from the 6TiSCH WG. He is building a 16-channel IEEE802.15.4 sniffer by connecting 16 devices running custom OpenWSN firmware to a computer on which there is software that aggregates these streams of captured packets and forwards them to Wireshark. The ability to simultaneously sniff 16 IEEE802.15.4 frequencies is necessary for debugging channel hopping solutions, such as IEEE802.15.4e TSCH. Nestor Tiglao (University of the Philippines) presented Sewio's open sniffer solution, in which multiple wireless devices can be scattered around an area and report, through the Ethernet subnet, the different wireless packets they have captured to a single Wireshark instance. This enables the debugging of wireless networks that are geographically spread apart.

Nontechnical Outcomes

The success of the IETF 90 LLN Plugfest underscores the importance of running code early in the standardization process. In the case of ongoing standardization work in the 6TiSCH WG, having implementations running when the documents are still at the I-D stage enables both verification of what is being proposed and iterative improvement and reconsideration of decisions taken to improve the quality of the documents being produced. Because the ability to formally acknowledge implementations increases the quality of the produced I-Ds or RFCs, we support efforts that do so, such as the CodeMatch outreach program. Moreover, in the LLN standardization space, multiple WGs are focused on a subset of the standardization space. The Plugfest reinforced the importance of continuously integrating the I-Ds and RFCs produced by different WGs, and verified that this kind of integration is a complete and conflict-free solution. It also suggests that the IETF considers creating a body that oversees the IoT-related WGs to flag potential conflicts early-on in the standardization process, probably well before implementers could.

Acknowledgements

We thank WG Chairs Michael Richardson, Pascal Thubert, Samita Chakrabarti, and Ulrich Herberg for hosting the event; IETF Chair Jari Arkko and Area Directors Adrian Farrel, Alia Atlas, and Ted Lemon for making the event possible; Stephanie McCammon for helping to organize the event; and particularly acknowledge the teams who participated in the Plugfest, whose sleepless nights made the event a great success.

Footnotes

1. “Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks” [RFC 6282]
2. “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks” [RFC 6550]
3. Guidelines and additional details are available at https://bitbucket.org/6tisch/meetings/wiki/140720a_ietf90_toronto_plugfest
4. http://www.cisco.com/
5. http:// www.linear.com/dust
6. 6LoWPAN Backbone Router [draft-thubert-6lowpan-backbone-router-03, work-in-progress]
7. http://openwsn.berkeley.edu/
8. Minimal 6TiSCH Configuration [draft-ietf-6tisch-minimal-02, work-in-progress]
9. 6TiSCH Operation Sublayer (6top) [draft-wang-6tisch-6top-sublayer-01, work-in-progress]
10. 6TiSCH On-the-Fly Scheduling [draft-dujovne-6tisch-on-the-fly-03, work-in-progress]
11. The IPv6 Flow Label within a RPL domain [draft-thubert-6man-flow-label-for-rpl-03, work-in-progress]
12. http://www.openmote.com/
13. https://www.iot-lab.info/
14. http://www.riot-os.org/
15. Definition of Managed Objects for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) [draft-ietf-6lo-6lowpan-mib-01, work-in-progress]
16. A 6lo stack is based on 6LoWPAN (RFC 4944, RFC 6282, RFC 6775) supporting different Link-layers
17. Presented by Thomas Watteyne, on behalf of Vincent Ladeveze.

]]> 367 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iana-transition-update/ Sat, 01 Nov 2014 16:12:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=382 web page at https://www.icann.org/en/stewardship/community. The ICG, comprising 32 individuals from the Internet community, coordinates among these efforts. Work is underway, and with very few exceptions, everyone believes the transition is a good thing for the Internet. However, there are some challenges. The first challenge is the timeline. A year sounds like a long time to develop and agree on a plan. However, developing a plan requires many steps and a lot of community discussion across the world. Time needs to be reserved (a) for the NTIA to determine if they find it acceptable, (b) to test drive any new mechanisms, (c) to ensure all plans work well together, and (d) for sufficient community comment periods. Another challenge is accountability. Some viewed the NTIA as a backstop in case something bad happened. While not everybody shares that view, everyone does want to ensure that after the transition there are sufficient safeguards in place. ICANN has started an accountability improvement project to ensure this, but finding a solution that satisfies every concern will not be easy. The necessary solutions depend on which IANA registries are discussed. For instance, I believe the IETF has good accountability mechanisms for protocol parameters. A contract between the IETF and ICANN governs the duties and roles of both parties. Any difficulties are tracked daily and any serious problem could be raised in the organisations, up to invoking the contract’s termination clause. Similarly, if IETF policy decisions are mismanaged, there are last call, appeal, nominations committee, and recall mechanisms that enable the community to correct failures or replace leadership. Accountability improvements at ICANN would be useful, but not absolutely required for the IETF part of the transition. This is probably not true for the names part of the IANA registries, however, and significant work is needed there. A third challenge is reaching everyone who needs to be involved, and finding an agreement. We all have to discuss with a broader community than usual—a broadly supported transition plan needs buy-in from different corners of the Internet community, from engineers to domain name experts to businesses and governments. I am committed to ensuring that the IETF communicates our plan broadly, and draws in interested participants.]]> 382 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-3/ Sat, 01 Nov 2014 16:13:56 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=392 During IETF 90 in Toronto, Canada, four out of the nine chartered Internet Research Task Force (IRTF) research groups (RGs) held meetings:

• Information-Centric Networking (ICNRG)

• Crypto Forum (CFRG)

• Software-Defined Networking (SDNRG)

• Network Management (NMRG)

In addition to the meetings of those already chartered research groups, a proposed research group on Datacenter Latency Control (DCLCRG) held its first public meeting. In addition, a meeting was held to discuss a new research group on Network Function Virtualization (NFVRG). Both proposed research groups are planning meetings during IETF 91 in Honolulu, Hawaii; NFVRG also planned an interim meeting in the San Francisco Bay area on 4 September 2014. A third proposed research group on Global Access to the Internet for All (GAIA) did not meet at IETF 90, and instead will meet 20–21 October 2014 in Cambridge, UK, and again plans to colocate with the Association for Computing Machinery (ACM) Symposium on Computing for Development in December 2014. Robert Lychev, the third Applied Network Research Prize winner of 2014, presents his research.

2015 ANRP Nominations

The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The nominations period for the 2015 ANRP awards closed on 31 October 2014. Please see https://irtf.org/anrp for more details. Since IETF 89, three new RFCs were published on the IRTF RFC Stream:

• RFC 7122 on Datagram Convergence Layers for the Delay- and Disruption-Tolerant Networking (DTN) Bundle Protocol and Licklider Transmission Protocol (LTP)

• RFC 7242 on Delay-Tolerant Networking TCP Convergence-Layer Protocol

• RFC 7253 on The OCB Authenticated-Encryption Algorithm

The IRTF Open Meeting at IETF 90 was also where the winner of the third Applied Networking Research Prize (ANRP) of 2014 presented his research. Robert Lychev presented his study on the security benefits provided by partially deployed S*BGP. A second ANRP presentation was postponed until IETF 91 due to visa difficulties, so now the IRTF Open Meeting in Honolulu will feature the final three award presentations for 2014. In lieu of the second ANRP presentation, local Toronto professor Michele Mosca talked to participants about quantum-safe cryptography. Stay informed about these and other happenings by joining the IRTF discussion list at www.irtf.org/mailman/listinfo/irtf-discuss.

]]> 392 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-4/ Sat, 01 Nov 2014 16:17:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=406 Abstraction and Control of Transport Networks (actn) Description: Network operators build and operate multidomain networks. These domains may be collections of links and nodes, each of a different technology, administrative zone, or vendor-specific island. Establishment of end-to-end connections spanning multiple domains is a perpetual problem for operators, both because of operational concerns and because of interoperability issues. Due to these issues, the introduction of new services, often requiring connections that traverse multiple domains, needs both significant planning and several manual operations to interface different vendor equipment and technology. The aim of ACTN is to facilitate virtual network operation: the creation of a virtualized environment enabling operators to view and control multiple multisubnet, multitechnology networks as a single virtualized network. Network abstraction of transport networks is also necessary for operators who consolidate their network services into multitenant virtual transport networks. This will accelerate rapid service deployment of new services, including more dynamic and elastic services, and will improve overall network operations and scaling of existing services. Discussion with operators has highlighted a need for virtual network operation based on the abstraction of underlying technology and vendor domains. This BoF was not intended to form a working group. It was intended to give operators an opportunity to express their current operational practices, highlighting operational pain points, network virtualization requirements and objectives, short-term goals, and longer-term aspirations. Proceedings: http://www.ietf.org/proceedings/90/minutes/minutes-90-actn Outcome: Discussion enabled operators to express their needs and issues, and some common threads were visible, e.g., end-to-end services over multidomain or multilayer networks. It was less clear what that would mean in terms of protocol work. Discussion of use cases, potential solutions, scoping the problem etc. will continue on the mailing list.

Virtualized Network Function Pool (vnfpool)

Description: This is the second BoF meeting on this topic, the previous session having taken place during IETF 89. The main goal of this meeting was to come to consensus on a charter for a vnfpool working group. Since the previous meeting, the proposed charter was updated to focus on pooling within an individual VNF, not reliability for the whole service graph; to clarify the relation of vnfpool to the service function chaining working group, and; to leave service state synchronization out of scope in the initial phase of work. Proceedings: http://www.ietf.org/proceedings/90/minutes/minutes-90-vnfpool Outcome: It remains unclear whether or not standardization of new technology is needed here, and further discussion with a broader community is required to answer some of the outstanding questions. More work on the mailing list is expected.

Delay Tolerant Networking Working Group (dtnwg)

Description: The meeting investigated interest in transitioning technologies developed in the IRTF DTN research group into standards-track activities through the formation of a new IETF working group. The meeting was presented with a draft working group charter, including work items based on the DTN Bundle Protocol. The goal of the meeting was to discuss the draft charter and present the candidate work items, as well as to determine the level of support for conducting the work in the IETF. The desired end state was the formation of a new working group soon after IETF 90. Proceedings: http://www.ietf.org/proceedings/90/minutes/minutes-90-dtnwg Outcome: Although further work is required to refine the charter, this was a productive and positive session in which several people expressed willingness to work on documents in a DTN working group.

Use Cases for Autonomic Networking (ucan)

Description: See “Autonomic Networking,” on page 1 of this issue of The IETF Journal. Proceedings: http://www.ietf.org/proceedings/90/minutes/minutes-90-ucan Outcome: This meeting was not intended to form a working group. Many different use cases were presented and the chairs and other interested parties will continue the work of developing a more focused working group charter on the mailing list.

IANAPLAN (ianaplan)

Description: This was a working-group forming BoF meeting. It began by recapping the outcome from the IETF 89 igovupdate session, and then discussing both the NTIA transition in the larger Internet community and the Coordination Group. Finally, the impact for the IETF and proposed plans for action were discussed, including a draft working group charter. For more discussion of the IANA transition, see “IANA Transition Update,” from IETF Chair Jari Arkko on page 22 of this issue of The IETF Journal. Proceedings: http://www.ietf.org/proceedings/90/minutes/minutes-90-ianaplan Outcome: This discussion went well. There was agreement in the room to support formation of a working group with a slightly tighter charter than was presented during the BoF.]]> 406 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-90-at-a-glance/ Sat, 01 Nov 2014 16:19:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=418 418 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/happy-10th-anniversary-ietf-journal/ Fri, 06 Mar 2015 16:25:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=444 The very first issue of the IETF Journal was published in October 2005, just prior to IETF 64. Its editor, Peter Godwin, explained in the publication’s first article, “Our aim is to provide an overview of what’s happening in the world of Internet standards with a particular focus on the activities of the IETF Working Groups (WG). While we won’t be able to provide in-depth coverage of every WG, each issue of the IETF Journal will highlight some of the hot issues being discussed in IETF meetings and in the IETF mailing lists.”

Over the past ten years, much has changed in the world of Internet standards, but the goals of the IETF Journal remain the same. We still keep you up-to-date on what’s happening at the IETF, whether you attend meetings in person or via remote participation, whether you’re seeking to get up to speed after missing a few meetings or are just getting started in the IETF space.

The look of the Journal has also remained the same... until now. In celebration of our 10th anniversary, we’ve updated the layout. It’s fresh, clean, modern, and we hope you like it.

Forging ahead, we are committed to upholding the Journal’s original goals, in addition to offering the community a sense of the diversity, breadth, and excitement of the IETF’s thrice-yearly meetings. Most important, we always welcome your thoughts, feedback, content suggestions, and author contributions. Contact us anytime at ietfjournal@isoc.org.

Happy anniversary, IETF Journal community! We’re so proud to serve you.

]]> 444 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/transport-services-taps-birds-of-a-feather/ Tue, 01 Jul 2014 17:03:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=565 Low Extra Delay Background Transport (LEDBAT) congestion control mechanism offer a large number of services to applications, in addition to the long-standing two services provided by TCP and UDP. For example:

• SCTP provides reliable and potentially faster-than-TCP delivery of data chunks to applications that may be able to accept such chunks out of order.
• DCCP provides various forms of congestion control for applications that need it, but prefer their packets be dropped rather than retransmitted, as the latter can lead to delay.
• LEDBAT provides a scavenger-like background transfer mode, in which LEDBAT traffic does not get in the way of other transfers that use TCP, for instance.

As useful as these services may be, implementing them can be difficult: not all protocols are available everywhere, hence fall-back solutions are often required. In addition, some protocols provide the same services in different ways, and layering decisions must be made (e.g. should a protocol be used natively or over UDP?). As a result, some programmers resort to using TCP or implementing their own customized solution over UDP (e.g., Google with Quick UDP Internet Connections (QUIC)¹ and Adobe with Real-Time Media Flow Protocol (RTMFP)²), at which point the chances of benefiting from other transport protocols are lost. The intention of the Transport Services (TAPS) initiative is to identify the services provided by IETF transport protocols and congestion control mechanisms, as well as the network requirements of applications and the APIs they use to communicate. By mapping the connections between these lists, a later working group (WG) may define services that a transport API should offer. It could then specify howthese transport services can be implemented using native IETF transports and encapsulated transports, including the definition of mechanisms to validate that a transport (or transports) can be supported on a path. The TAPS initiative began in August 2013 with a mailing list and an accompanying Web page. We held a Bar Birds-of-a-Feather (BoF) at IETF 88 in Vancouver, where it was already clarified that TAPS should be careful to provide what application programmers really need, rather than being too focused on the Berkeley Sockets application programming interface (API). Accordingly, several Internet-drafts were written, including use cases and an overview of how higher level APIs could better be supported by enhanced IETF transport services. By breaking the dependency of applications on specific protocols, TAPS has the potential to make the currently rigid transport layer more flexible (figure 1). In December 2013, a presentation was given at the Internet Architecture Board (IAB) Workshop on Internet Technology Adoption and Transition in Cambridge, UK, explaining how the evolutionary benefit of TAPS is connected to its best-effort nature. These activities culminated in a BoF meeting at IETF 89. This BoF was designated “non-WG-forming” to enable the IETF community to discuss the various angles of this large problem space without having to spend time on charter wordsmithing. Discussion was lively at this two-hour long session that included 129 attendees and a debate at which more than 6,650 words were spoken at the microphone. The following four individuals presented their viewpoints at the TAPS BoF:

1. Jon Crowcroft outlined the potential of this activity by calling it “socket science” and relating it to security.
2. Martin Sustrik presented how middleware, such as his own ZeroMQ, could benefit from transports other than TCP; most notably, he explained how the strict reliability of TCP is a poor match for pub/sub communication. Middleware layers are increasingly common and often have enough information about what the user is trying to achieve to be able to make informed transport choices on their behalf. Updating middleware offers an easy deployment path, in which applications could exploit some of the benefits of TAPS without having to be changed unless recompiling with a new version of the middleware (figure 2).
3. Gorry Fairhurst presented a possible implementation of TAPS.
4. Margaret Wasserman presented the API of the Multiple Interfaces (MIF) WG. This API is clearly related, and it seems obvious that a TAPS API should be somehow connected to the MIF API.

Each presentation was accompanied by an active debate—not everyone in attendance was in agreement with every presented way of providing transport services. The major concerns that were raised include:

• Predictability. The flexibility shown in figure 1 comes at a cost—application programmers may need a predictable behavior, whereby a certain way of using an API consistently leads to the same protocol choice underneath. It was suggested that such decisions are better made at development time than at runtime.
• Safety. The importance of testing was emphasized; changing the transport protocol must not break an application.
• Binding mechanisms. Going beyond the TAPS proposal, the support of name-based transports instead of IP-address-based transports was suggested as an option.
• Layer versus API. Several participants stated that TAPS should not be focusing on an API. It was suggested that (1) TAPS be thought about in terms of a layer, and (2) it be left to the operating systems that interface with applications to build the API and to produce the layer that we want with the information we want and whatever APIs are needed.

An ongoing conversation about next steps is occurring among the Transport Area (TSV) area directors (ADs) who sponsored the TAPS BoF, the Applications Area and Real-time Applications and Infrastructure Area Directors, and interested IAB members. The group’s mailing list (taps@ietf.org) currently has 120 subscribers, and can be joined at https://www.ietf.org/mailman/listinfo/taps. The accompanying webpage is at https://sites.google.com/site/transportprotocolservices. Note: Activities of some TAPS participants (i.e., Michael Welzl and Gorry Fairhurst) were partly funded by the European Community under its Seventh Framework Programme through the Reducing Internet Transport Latency (RITE) project (ICT-317700). The views expressed are solely those of the author.

Footnotes

1. http://www.ietf.org/proceedings/88/slides/slides-88-tsvarea-10.pdf
2. RFC 7016, “Adobe's Secure Real-Time Media Flow Protocol”

]]> 565 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-8/ Tue, 01 Jul 2014 17:04:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=575

Information-Centric Networking (ICNRG)

Crypto Forum (CFRG)

Internet Congestion Control (ICCRG)

Network Complexity (NCRG)

Software-Defined Networking (SDNRG)

Network Management (NMRG)

Network Coding (NWCRG)

Side Meetings

In addition to the meetings of chartered research groups, the proposed research group, Global Access to the Internet for All (GAIA), held a successful side meeting. It plans further meetings at the IETF and other events, including the ACM Symposium on Computing for Development for December 2014. The mailing list for this effort is gaia@irtf.org. Read the related IETF Journal article. A second side meeting was held to discuss the Datacenter Latency Control research group. Proponents plan a public meeting for IETF 90 in Toronto. The mailing list for this effort is dclc@irtf.org.

New RFC Published

Since IETF 88, one new RFC was published on the IRTF RFC Stream by the Scalable Active Multicast Research Group (SAMRG): RFC 7046, A Common API for Transparent Hybrid Multicast.

Applied Networking Research Prize Winners

The first two Applied Networking Research Prize (ANRP) winners of 2014 presented their research at the IRTF Open Meeting at IETF 89. Kenny Paterson presented findings and documentation of new attacks against TLS and DTLS; Keith Winstein presented a transport protocol design for interactive applications requiring high throughput and low delay. Read the related IETF Journal article.

Requests and Appeals

Finally, the IRTF chair received a request from Trevor Perrin to replace one of the Crypto Forum Research Group (CFRG) cochairs. After reviewing the facts and discussing the matter with community members, the IRTF chair declined the request. The decision was appealed to the Internet Architecture Board, which upheld the decision. Stay informed about these and other happenings by joining the IRTF discussion list at www.irtf.org/mailman/listinfo/irtf-discuss.]]> 575 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-rfc-series-and-the-21st-century/ Tue, 01 Jul 2014 17:12:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=599

The 'XML2RFC' version 2 Vocabulary (https://datatracker.ietf.org/doc/draft-reschke-xml2rfc/)

The 'XML2RFC' version 3 Vocabulary (https://datatracker.ietf.org/doc/draft-hoffman-xml2rfc/)

The Use of Non-ASCII Characters in RFCs (https://datatracker.ietf.org/doc/draft-flanagan-nonascii/)

HyperText Markup Language Request For Comments Format (https://datatracker.ietf.org/doc/draft-hildebrand-html-rfc/)

SVG Drawings for RFCs: SVG 1.2 RFC (https://datatracker.ietf.org/doc/draft-brownlee-svg-rfc/)

PDF for an RFC Series Output Document Format (in progress)

Documenting the requirements in those drafts is a huge, critical piece of the new format effort. And there is still more to do—from prototyping code to test the requirements, to creating a digital preservation policy that describes how the RFC Editor will handle this new diversity in digital assets for future generations, to developing the actual production code that will generate the new formats. Changing a more than 40-year-old tradition of plain text documents is not something that can—or even should—happen without a great deal of planning and testing to ensure that RFCs remain a useful way to consume information on Internet standards, best practices, experiments, and information for decades to come. Tune in to rfc-interest and the next format BoF for an update on the status of the format effort.

Footnotes

1. http://www.rfc-editor.org/pipermail/rfc-interest/2013-May/005584.html

]]> 599 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-11/ Tue, 01 Jul 2014 17:15:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=609 Authentication and Authorization for Constrained Environments (ace) Description: A problem with constrained devices is the realization of authentication and authorization operations. The aim of ACE is to form a working group (WG) that will provide constrained devices with the necessary prerequisites to use REST operations in a secure way, considering such things as authorization information and the related keying material. Constrained devices will thus be enabled to authenticate operations from other (constrained or less-constrained) devices, to communicate securely with them, and to verify their individual authorization to access specific resources. Proceedings: http://www.ietf.org/proceedings/89/minutes/minutes-89-ace  Outcome: A good discussion with some concrete problems identified, although more work is required to clearly delineate the scope of any new WG. Since the meeting, a new working group has been proposed in the Security Area (https://mailarchive.ietf.org/arch/msg/ietf-announce/xR8bmbZLOU6QR80mS-HIDVcxEJs).

Domain Boundaries (dbound)

Description: Both users and applications make inferences from domain names, usually in an effort to make some determination about identity or the correct security stance to take. Such inferences, however, are usually based on heuristics, rules of thumb, and large static lists describing parts of the Domain Name System (DNS) name space. These mechanisms are unlikely to be sustainable in the medium term as the DNS root undergoes rapid expansion. There have been some proposals to improve this state of affairs and the purpose of this BoF is to identify the problems, the work to address each problem, and to determine whether there is sufficient interest and energy to set up a working group to complete that work. Proceedings: http://www.ietf.org/proceedings/89/minutes/minutes-89-dbound  Outcome:  This is an important problem for the community to address and further work is required to come to agreement on a clearly described problem statement to help focus the effort. A discussion list has been created (https://www.ietf.org/mailman/listinfo/dbound) and a design team formed to come up with a clear problem statement and some boundary conditions.

Encryption of DNS requests for confidentiality (dnse)

Description: As part of the discussion about responding to pervasive surveillance and the need to make such surveillance more difficult and costly to perform, DNS has been identified as a protocol that can reveal a lot about users and their activities. Existing security solutions (like DNSSEC) do not provide confidentiality of user traffic. There have been proposals to encrypt DNS requests, to prevent information disclosure to third parties, both inside the IETF (draft-wijngaards-dnsop-confidentialdns) and outside of it (DNScurve). The intention of the dnse BoF is to start from existing problem statements and to find out if something can be recommended to improve DNS traffic confidentiality. The recommendation could be an existing solution (such as IPsec) or a way to map DNS requests into a general-purpose security solution (such asDatagram Transport Layer Security (DTLS)) or the development a new standard for DNS encryption. In the last case, this may require a new WG. Proceedings: http://www.ietf.org/proceedings/89/minutes/minutes-89-dnse Outcome: The BoF discussion went well and triggered a second session of the DNS Operations working group to continue the discussion. A mailing list has been created (https://www.ietf.org/mailman/listinfo/dns-privacy) for focused discussion of the problem statement 
surrounding the addition of privacy to the DNS protocol.

Transport Services (taps)

Description: Many transport protocols and congestion control mechanisms offer services to applications in addition to the long-standing services provided by Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). For an application programmer, using protocols other than TCP or UDP is hard: not all the alternative protocols are available everywhere, hence a fallback solution must be implemented. Some protocols provide the same services in different ways. Because of these complications, programmers often resort to either using TCP or implementing their own customized solution over UDP, and the potential benefits of other transport protocols are lost. This BoF is intended to identify the services provided by existing IETF transport protocols and congestion control mechanisms as well as network requirements for common APIs that applications use to communicate. By finding a mapping between these two lists, it is possible to define services that a transport application programming interface (API) should offer. Specifying how these transport services can be implemented using native IETF transports and encapsulated transports, including the definition of mechanisms to validate that a transport (or transports) can be supported on a path would be the next step. Proceedings: http://www.ietf.org/proceedings/89/minutes/minutes-89-taps Outcome: This was not a working group forming BoF. The meeting included many interesting presentations and useful discussions. More focus is required with regards to a shared understanding of the issues and concrete, useful next steps. Read the related IETF Journal article.

Tunneling Compressed Multiplexed Traffic Flows (tcmtf)

Description: RFC 4170 Tunneled Multiplexed Compressed Real-time Transport Protocol (TCRTP) defines a method for grouping packets when a number of UDP/RTP VoIP flows share a common path, considering three different layers: header compression, multiplexing, and tunneling. TCRTP optimizes the traffic, increasing the bandwidth efficiency of Voice over Internet Protocol (VoIP) and reduces the amount of packets per second at the same time. More recently, real-time services that use bare UDP instead of UDP/RTP have become popular. There is a need to replace RFC 4170 with an extended solution able to optimize these new flows, also using improved compression methods. The BoF will discuss the proposed charter, with the aim of the creation of a WG in order to specify the protocol stack, signaling mechanisms, and maximum added delay recommendations for tunneling, compressing, and multiplexing traffic flows (TCM-TF). This BoF is intended to form a WG. Proceedings: http://www.ietf.org/proceedings/89/minutes/minutes-89-tcmtf Outcome: This is the second BoF of TCMTF. The problem statement was well presented and the use scenarios are quite clear. TCP is now out of scope. Discussion continues on applicability and latency considerations, but it seems that for very low bandwidth links in developing countries, a new standard here would be useful. There is a mailing list for continuing discussion (https://www.ietf.org/mailman/listinfo/tcmtf).

Virtualized Network Function Pool (vnfpool)

Description: A Virtualized Network Function (VNF) provides a network function (e.g., packet filtering at firewalls, load balancing, etc.) and is typically implemented as a software instance running on a commodity hardware server via a virtualization layer (i.e., hypervisor). This is distinct from monolithic network devices, where either a single or a number of different network functions are provided in the same specialized hardware server. There is a trend to move such network functions away from specialized hardware to commodity hardware servers, based on virtualized resources, to support VNF and further also to support Service Function Chaining (SFC). In SFC, a network service can be implemented by a set of sequentially connected VNFs deployed at different points in the network. We call a group of VNFs a VNF set, which can be used not only as an SFC, but also solely as one or more pools of VNFs. A VNF set can introduce additional points of failure beyond those inherent in a single specialized server, and therefore poses additional challenges on reliability of the provided services. Currently, generalized pooling and other redundancy mechanisms may be applied to address some reliability requirements of a single VNF. However, the complexity of dealing with a growing number of VNFs including stateful and stateless functions, and extending the redundancy across a VNF set (i.e., multiple pools for multiple VNFs) requires further solution development. In the current charter, the WG would focus on the work around several mechanisms supporting the reliability of a VNF set: redundancy across a VNF set and stateful failover among pool members. Proceedings: http://www.ietf.org/proceedings/89/minutes/minutes-89-vnfpool Outcome: A good discussion that identified a need for further work on the intended scope of any potential working group on this topic, and the need to work closely with the SFC WG to avoid any potential overlap.]]> 609 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-80-at-a-glance-2/ Tue, 01 Jul 2014 17:16:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=614 IETF Activity since IETF 88 (November 2013–March 2014) New WGs: 7 WGs closed: 0 WG currently chartered: 120 New and revised Internet-Drafts (I-Ds): 1707 IETF Last Calls: 96 Internet-Drafts submitted: 132 RFCs published: 91

• 74 IETF (61 WG, 13 Individual/AD Sponsored), 2 IAB, 3 IRTF, 12 Independent
• Live and Social Media
• STRINT workshop: 525 tweets, exposure 1.352K
• IETF 89: 269 tweets on #IETF89, exposure via @IETF= 161K, exposure via #IETF89=529.6K, 73 new followers since 19 February 2014
• Facebook: 460 Likes

Mentoring Programme now has 20 mentor matches Mailing List Discussion Style Guide: In progress

• Inspired by recent discussions on list, to promote professionalism and respect on lists and email

IANA Activity since IETF 88 (October 2013–January 2014)

Processed 1337+ IETF-related requests, including:

• Reviewed 110 I-Ds in Last Call and reviewed 131 I-Ds in Evaluation
• Reviewed 116 I-Ds prior to becoming RFCs, 63 of the 116 contained actions for IANA

SLA Performance (August 2013–January 2014)

• Processing goal average for IETF-related requests: 99%
• Currently revising the 2014 SLA between ICANN and IAOC for the protocol parameter work

IANA and DNSSEC

• 265 TLDs have a full chain of trust from the root, http://stats.research.icann.org/dns/tld_report/

RFC Editor Activity since IETF 88 (November 2013–March 2014)

Published RFCs: 91

• 35 Standards Track, 6 BCP, 4 Experimental, 46 Informational

]]> 614 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/overcoming-the-obstacles-to-internet-evolution-announcing-the-semi-workshop/ Sat, 01 Nov 2014 14:43:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1627 1627 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2015/ Mon, 06 Jul 2015 16:09:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=376 Dallas, Texas, was the location for the 92^nd meeting of the Internet Engineering Task Force hosted by Google. In this issue of the IETF Journal we’ve tried to capture some of the highlights of the week and convey a small sample of the many exciting people and discussions that make up an IETF meeting.

Our cover article, a retrospective of the Journal from our first editor, Mirjam Kühne, continues the celebration of our publication’s 10-year anniversary. We also have articles about the first-ever IETF Hackathon, a newcomer’s report on his freshman experience at an IETF meeting, and a great technical article for folks wondering what the buzzwords SDN and NFV are all about.

You’ll also find an update from the cochair of the OSPF Working Group. We encourage all working group chairs to consider periodically writing for the Journal!

Our regular columns from the IETF, Internet Architecture Board, and Internet Research Task Force chairs, and coverage of hot topics discussed during the plenary meetings wrap up this issue. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available athttps://wiki.tools.ietf.org/area/int/trac/wiki/IETF92.

We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions athttps://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.

]]> 376 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/10-years-of-the-ietf-journal-how-it-began/ Mon, 06 Jul 2015 16:10:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=381 During the late 1990s and early 2000s, the IETF meetings became very popular and the number of attendees increased significantly. This was likely due to a number of factors: the tech boom, the fact that many IETF meetings took place in beautiful California, and an increase in the IETF’s work load. At the time, working group sessions were sometimes so crowded that it could be difficult to even enter them, and those who actively participated in the work became annoyed when seats were taken by attendees who were looking to gather information, rather than actively participate in building standards. 

Some of the active participants and I wondered if there might be a way to keep the information gatherers in the loop, while also retaining space in the working group sessions for more serious participants—a newsletter, for example. 

We envisioned that a newsletter could serve multiple purposes. 

• Those who were only peripherally interested in IETF developments could read about them without having to attend meetings.
• Those who wanted to participate on site could use the newsletter to convince their manager of the meetings’ importance.
• It could be used to engage newcomers and other potential participants.
• It could help keep present IETF participants of all levels up-to-date on activities throughout the organization.

When I began working at the Internet Society in 2003, I saw my chance to develop such a newsletter. I was aware of the skepticism within the IETF towards press and glossy magazines, so I decided to build the newsletter into the IETF process and, more important, to establish it from within the IETF to increase the odds of acceptance and support by both the IETF administration and its participants. I approached Brian Carpenter, chair of the IETF, and Leslie Daigle, chair of the Internet Architecture Board (IAB). It took some convincing but, in the end, we all agreed that this would best fit as an activity of the IETF Education Team (see www.ietf.org/edu/)—thereby making it an internal IETF activity, rather than an external media publication. We also decided that the IAB and the IETF chairs would be both members of the newsletter’s editorial board and regular contributors, as they still are today. 

So I joined the Edu Team mainly to set up the IETF Journal. And although today the IETF Journal is a well-established and independent publication—no longer part of the Edu Team—I’ve stayed with the Edu Team (see http://www.internetsociety.org/publications/ietf-journal-july-2014/getting-educated-meet-the-ietf-edu-team). 

Once the concept was approved, we needed a name. I was aware of Ole Jacobsen’s success with the IP Journal; and Jacobsen was a valuable advisor during the establishment of our newsletter. In collaboration with the IP Journal, we chose the name IETF Journal and a simple, nonglossy design. 

Together with Peter Godwin who helped with the layout and copyediting, I created the first issue of theIETF Journal. Later, I enjoyed a wonderful collaboration with the Internet Society’s longtime editor, Wendy Rickard, who passed away much too early in 2012 (see www.internetsociety.org/articles/remembering-wendy-rickard). The first issues had very few photos. Later, Peter Löthberg became the Journal’sunofficial photographer, primarily because he was the only one who could get away with holding a camera in people’s faces at IETF meetings. 

I had no idea how I would fill an entire newsletter three times a year without creating all the content by myself. So at each and every IETF meeting, I pushed myself out there, and sought volunteers to write updates about hot topics that I’d combine with regular features, such as articles from the Internet Research Task Force (IRTF), a list of Bird-of-a-Feather (BoF) sessions, and summaries from the plenary sessions. In the beginning, we also listed new RFCs published since the previous issue of the Journal,but that quickly became unmanageable. I remain grateful to the volunteer contributors and advisors who made and still make the IETF Journal the informative and varied publication it is.

Some highlights from my years as editor include having the privilege of interviewing a number of people for the IETF’s 20th anniversary (IETF 65) who attended the first IETF meeting and who were still active. I gained some great insights into the history of the IETF, as well as the future challenges these early members foresaw. For a different perspective, I also interviewed a number of newcomers at IETF 65. You can find these interviews at http://www.internetsociety.org/publications/ietf-journal-spring-2006. I’d be curious to hear what some of them have to say now—several of them are still active in the IETF community.

Also in 2006, we added a regular feature: reports from what later became the Internet Society Fellows to the IETF programme, a programme that enables engineers and policy makers from developing countries to get involved in the workings of the IETF.

In 2009, after IETF 75 in Stockholm, I handed the IETF Journal to my colleagues at the Internet Society. I created the first issue of the new IETF Journal with high hopes that the IETF community would accept it. Happily, they did! The Journal has been published three times a year since then, reporting from each IETF meeting, informing the community on the developments at the IETF—and now after ten years, it has gotten a complete facelift.

Congratulations to everyone who has helped the IETF Journal succeed. Did it keep the number of information-gathering participants at bay? Did anyone use it to convince their manager of the importance of a meeting? I don’t know. But I do know that I still enjoy reading it and that it helps keep at least this IETF participant up-to-date on developments now that I don’t attend every meeting.

]]> 381 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-4/ Mon, 06 Jul 2015 16:11:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=384 As I write this, our next meeting in Prague is just a few weeks away. I’m looking forward to interesting discussions from our new working groups (WGs) and Birds-of-a-Feather (BoF) sessions, including the Deterministic Networking (DETNET) BoF, Distributed Denial-of-Service Open Threat Signaling (DOTS) WG, and the privacy-enhanced Real-time Transport Protocol Conferencing (PERC) WG. I’m also excited to hear the latest conversations around educating new IETF participants from the EDUNEXT BoF, as well as the advances made by our ongoing efforts in Web protocol development, Internet of Things, and the privacy of Internet communications.

Active work is also happening in our leadership groups. The Internet Engineering Steering Group (IESG) recently reorganised its IETF areas to enable a greater focus on growing areas of work and make the IESG’s work more flexible. The reorganisation created a new area that focuses on applications and real-time traffic in the Internet and that is managed by three area directors—we increased the number of area directors dealing with routing to match the high amount of work happening in that area. Working groups will be assigned area directors who have the most relevant expertise for the given topic, regardless of the specific areas in which the working groups reside.

But how the IETF community as a whole works is even more important than the IESG’s organisation. The community is where the real work happens! One of the trends that we’re seeing is the more prominent role of open-source efforts. The IESG noted the positive experiences that came from the IETF Hackathon (page 10), so we plan to continue and expand these events. We also noted the positive results that arose by focusing IETF work related to data models—a lot already happens with data models at the IETF, but there’s plenty to do to make open source and IETF worlds work even better together. For example, at the IETF 92 Hackathon, Benoit Claise worked on tools to integrate checking and Internet-Draft generation of YANG models. When data models can be easily moved to different formats or checked against each other, the production of high-quality models becomes easier for everyone. We eagerly await the upcoming Hackathon in Prague and continue to brainstorm new ideas for the next one.

Finally, the Internet Architecture Board (IAB) is focusing on a number of issues, including overseeing Internet Assigned Numbers Authority stewardship transition discussions in the global community and thinking about the privacy issues from an architectural perspective. Internet users and service providers are producing an increasing fraction of end-to-end secured traffic in the Internet. Changes like this can have a global impact on the Internet, including how networks are managed. The IAB is working with the GSM Association to understand what new tools may be needed in this situation, including arranging a workshop on managing radio networks in an encrypted world. See https://www.iab.org/2015/06/22/call-for-papers-managing-radio-networks-in-an-encrypted-world-marnew-workshop/ to submit your thoughts and join the workshop. I look forward to seeing you there!

]]> 384 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chairs/ Mon, 06 Jul 2015 16:12:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=386 Marching with a New Group

March represents the IETF’s time for change as the new NomCom appointments take effect at each March IETF meeting. This year, three members of the Internet Architecture Board (IAB) ended their terms: Joel Halpern, Eliot Lear, and Xing Li; and the NomCom selected three new members to appoint to the IAB: Ralph Droms, Robert Sparks, and Suzanne Woolf. We thank Joel, Eliot, and Xing for their service; and welcome Ralph, Robert, and Suzanne.

This year also saw internal change at the IAB. Russ Housley chose not to stand for another term as IAB chair. The IAB selects its chair each year and this year it selected Andrew Sullivan, which is why there are two authors on this report.

For Russ, the outgoing IAB chair, the theme of the meeting was transition. “It has been a real pleasure to serve this community, and it has been easy to pass the baton to such a credible and qualified individual.”

For Andrew, the new IAB chair, the theme of the meeting was, "Wow, there are a lot of side meetings to go to.”

Immediately after IETF 92, the IAB selected Gonzalo Camarillo and John Levine to sit on the Internet Society Board of Trustees, each for a term of three years. The Internet Society announced this selection in April.

Programs

The IAB operates programs for two primary reasons. First, IAB programs facilitate the identification of topics that require focus over a period that could extend beyond member terms. Note that individuals need not remain members of the IAB in order to continue their work within programs. Second, they enable the IAB to recruit outside expertise—the IAB can’t know everything.

In Dallas, the work of two programs was highlighted during the technical plenary. First, Brian Trammel gave a presentation on the IAB Stack Evolution program, with a focus on the Stack Evolution in a Middlebox Internet (SEMI) workshop. The ossification of the Internet protocol stack is a critical issue for the overall architecture. If the Internet architecture is not flexible, it will become obsolete. We have witnessed this with previous communications technologies. The IAB is committed to seeking improvements in this area, which is why it held the workshop and enthusiastically promoted the Session Protocol for User Datagrams (SPUD) Birds-of-a-Feather (BoF) meeting. For more details about the SEMI workshop, look for the workshop report coming soon to an Internet-Draft repository near you.

Second, Andrew Sullivan gave a presentation on the IAB Internationalization program, in which he outlined some history and reasoning behind a recent IAB statement and promoted the Locale-free UniCode Identifiers (LUCID) BoF. Also in Dallas, program participants gave a presentation to WG chairs about the PRECIS approach to internationalization, with a goal of helping chairs know what their working groups need to do. In 2014, the IAB believed that internationalization would be quiescent. It lowered the priority of its Internationalization program on the theory that the issues there were less pressing than other IAB topics. But events conspired to make this a bad bet. The result was a statement (https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-identifiers-and-unicode-7-0-0/) about identifiers and recent versions of Unicode. The IAB has now identified the topic of internationalization as a serious gap for the Internet community. There are simply too many issues for the tiny number of interested people to tackle—the result is festering problems, like the one that the LUCID BoF tried to address in Dallas.

Naturally, the change in IAB personnel also meant changes to program oversight and membership. Learn more about IAB programs and membership at https://www.iab.org/activities/programs.

Highlights since IETF 91

The IAB published RFC 7452, “Architectural Considerations in Smart Object Networking.” The issues around smart objects were again highlighted during the Technical Plenary, where they were the central topic of the technical presentation.

The IAB published RFC 7500, “Principles for Operation of Internet Assigned Numbers Authority (IANA) Registries.” With the transition of the IANA away from the stewardship of the National Telecommunications and Information Administration (NTIA), it is important to outline the principles by which any IANA operation must function. That's what this RFC does.

The IAB continued the liaison relationship with the Internet Corporation for Assigned Names and Numbers (ICANN) Root Server System Advisory Committee (RSSAC). See the joint statement athttps://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-liaison-to-icann-root-server-system-advisory-council-rssac.

Finally, the IAB issued a statement that individuals appointed by the IAB to liaison positions should serve without expectation of direct compensation. See the statement athttps://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-liaison-compensation.

]]> 386 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-releases-guidelines-for-internet-of-things-developers/ Mon, 06 Jul 2015 16:13:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=391 A new Request for Comment (RFC), which provides guidance to network engineers designing Internet-connected smart objects, was the main topic at the Technical Plenary session of IETF 92 in Dallas.

RFC 7452, entitled “Architectural Considerations for Smart-Object Networking,” explains how and when IP-based protocols can be used for embedded devices that have constrained energy, bandwidth, size, memory, and other factors.

RFC 7452 was written as a follow-up to the Internet Architecture Board’s (IAB’s) Smart Object Workshop, which was held in March 2011. During that workshop, the IAB noted that many smart objects used protocols other than IP because developers felt that IP was too heavyweight. The goal of RFC 7452 is to demonstrate the benefits of interconnecting smart objects with the Internet.

“Companies make decisions based on what’s cheapest and most financially beneficial for them,” explained Dave Thaler, an IAB member and coauthor of RFC 7452. “We want to show smart-object developers that IP will be a cheaper Layer 2 because of the large ecosystem of personnel, experience, and tools that we in the IETF have developed.”

Thaler and another coauthor, Hannes Tschofenig, presented RFC 7452 to the Technical Plenary audience.

Thaler noted that the IETF has seven working groups making progress in various areas related to smart objects, as well as a new Internet Research Task Force group. Other standardization organizations are also active in smart objects: the ZigBee Alliance adopted a standard for IPv6-based wireless mesh networks called ZigBee IP, and Bluetooth version 4.2 enables low-power IP connectivity.

“Meanwhile, hackers themselves have also been working overtime,” Thaler said. “We’ve had attacks against televisions, hacks against thermostats, hacks against lightbulbs. We’ve had hacks against front-door locks and power outlets and even certain toilets.”

Given the threats associated with these Internet-connected devices, Thaler said it is important for the IETF community to understand smart-object architecture.

Thaler said smart objects differ from PCs in four main ways. First, these devices are constrained in such areas as memory or bandwidth. Second, they interact directly with the physical world even when a human isn’t present, as in thermostats and security systems. Third, they may be physically accessible by untrusted parties, or inaccessible by trusted parties, making them hard to secure. Further, they have a long lifespan, up to 40 years.

If smart-object developers use IP, they must devote resources such as memory and power to it, and they have to worry about securing the device from Internet-based attacks. Alternatively, developers who don’t put IP in a smart object will need an application-layer gateway and may end up reinventing work that the IETF has already done like congestion control and security mechanisms.

RFC 7452 examines four common communication patterns for smart objects:

1. Device-to-device within the same network, which rarely uses IP today and instead uses such protocols as Bluetooth, Z-Wave or ZigBee. Given that these devices often have a direct relationship, they usually have built-in security and trust, but they also use device-specific data models that require redundant development efforts.

2. Device-to-cloud, in which a device connects to a cloud service through a widely deployed communications mechanism such as WiFi. Typically, the device and cloud service are from the same vendor. One risk is that the device might become unusable if the vendor goes away, a scenario that standard protocols would mitigate. In addition, standards in such areas as configuring smart objects with cryptographic keys could slash development time and eliminate silos.

3. Device-to-application-layer gateway, which uses a nonubiquitous networking layer, as well as local authentication and authorization. These types of smart objects require interoperability with non-IP devices. Sometimes this approach is taken for integrating IPv6-only devices, which means a gateway is necessary for legacy IPv4-only devices and services. Often the smart object and the gateway are from the same vendor, and the gateway is a smartphone app. While the application-layer gateway approach supports IPv6, it adds complexity and cost to the development process.

4. Back-end data sharing, which creates data silos from proprietary schemas. The result is federated cloud services or cloud application programming interfaces. Standard protocols can help but are not sufficient to eliminate data silos because common information models are needed between the vendors.

“A plethora of data models is being defined right now, but most are out of the scope of the IETF, which focuses on data models for routers and bridges but not thermostats and light bulbs,” Thaler said.

Smart-object developers have indicated some desire for common mechanisms, such as an application-layer mechanism to configure WiFi settings, but it isn’t clear whether the IETF has a role in developing these mechanisms. Another worry for the IETF is that the lack of standardization will affect the Internet’s end-to-end capabilities, Thaler added.

“When we talk about cost with smart objects, we have to think about total cost of ownership, which is the sum of at least three things: hardware, energy, and deployment costs and maybe some other things,” Thaler said. “This notion of ‘it’s too expensive to put IP in’ is focusing just on hardware.”

RFC 7452 acknowledges that the Internet-of-Things (IoT) model creates many new security threats, but the IETF has security recommendations that are applicable. For example, the IETF recommends using random numbers for authentication, key generation, key transport, and other capabilities. In PCs and servers, that’s easy to accomplish. But embedded systems don’t usually have access to random numbers due to the size and power of their processors. Without randomness, embedded systems are more vulnerable to attack.

‘In the wild, you actually see many systems basically having no sources of randomness, generating the same keys over and over again, which is obviously fatal for security,” Tschofenig said.

Key length is another important consideration with smart objects.

“Because many IoT devices have constraints in processing power and memory, the temptation is huge to reduce key size to increase performance. But if you go below a certain threshold, the security isn’t worth anything anymore,” Tschofenig added. “IETF recommends 112-bit symmetric keys to be used as a standard. If you look at many IoT products, you will see that those do not meet the recommended key size.”

Previous attacks on smart objects illustrate common problems such as limited software update mechanisms, missing key management, missing access control, lack of encryption, and vulnerability to physical attacks.

“It was reported that hackers used lightbulbs missing configuration settings to turn on and off the lights, which is pretty annoying,” Tschofenig said. “Other products have the very same vulnerabilities, like surveillance cameras, baby cameras and cameras at gas stations… If you switch to industrial control systems, you can very easily see the potential for harm.”

IoT also enables physical attacks. Special hardware is available to bypass access control mechanisms or extract keys. These tools are getting cheaper and more accessible, so the IAB expects a rise in physical attacks.

“I think it’s fair to say that Internet-of-Things security we see today is very much like PC security was 20 years ago,’’ Tschofenig said. ‘If you look outside the consumer space to the industrial environment, you already see the potential or direction of where this is headed. One example is an attack last year at a German steel factory where attackers managed to change the process and damage the steel factory.”

Privacy challenges with the deployment of IoT technologies also arise, such as the quality of user consent and data gathering about user behavior. For example, a smart watch sending out radio signals would enable the person wearing it to be physically tracked. Tschofenig added that these privacy problems associated with smart objects do not yet have a satisfactory solution.

“Without a user interface in the device, it is very difficult to ask the user for consent in a real-time fashion,” Tschofenig says. “Also, there is a desire on the part of companies to collect lots of data from different devices and correlate those to find lots of interesting insight. Doing that obviously raises privacy concerns for the end users.”

RFC 7452 concludes that developers should always use state-of-the-art key length, encryption, and automatic key management in smart objects. The guidelines also say developers should integrate a software update mechanism and a hardware-based random number generator while taking physical attacks into account.

“We believe that using IETF and Internet protocols for Internet of Things is definitely do-able and important and prevents a lot of problems,” Tschofenig summed up.

One point of contention during the question and answer period was the issue of whether Internet of Things devices need a predetermined end-of-life date. Tschofenig pointed out that the idea of having an expiration date for IoT devices was mentioned in a recent US Federal Trade Commission report and was inspired by Microsoft discontinuing Windows XP. However, several audience members argued that a secure update protocol that is small enough for devices to run without a buffer needs to be developed so that devices don’t have an expiration date.

After the technical topic, the IAB highlighted its Stack Evolution in a Middlebox Internet (SEMI) workshop held in January. Brian Trammell outlined the findings of the workshop, which focused on the evolution of interfaces to transport and network-layer services beyond UNIX domain sockets, as well as a strategy for improving path transparency in the presence of firewalls and middleboxes.

Trammel said the goal of the workshop was to discuss ossification of the transport player and how to fix it for emerging applications such as Real Time Communications in Web browsers (RTCWEB). He said the IAB is looking into this now because there is new energy in the IETF to create more flexible interfaces through such working groups as Transport Services (TAPS). In addition, the transport layer is under pressure due to increasing deployment of encryption, with everything being sent over Transport Layer Security (TLS).

“There is also pressure created by increasing deployment of encryption,” Trammel said. “If we do everything over TLS, which is the easiest way to do it, then we are going to break a lot of deployed middleboxes. There is an opportunity between breaking everything and having no privacy.”

The SEMI workshop featured 20 researchers, who were invited to present papers on deeper understanding of transport architectures, broadening transport interfaces, and defining approaches to middlebox cooperation. The presenters were split on TCP, with some wanting to continue supporting it and others wanting to replace it.

The workshop concluded that future work on middlebox cooperation was necessary, including mechanisms for detection of path characteristics, path impairment, and troubleshooting. Other goals are a better understanding of how transport should evolve and interface improvements that will expose more information to applications about transport. One hard problem is identifying trust issues and deployment incentives for middlebox cooperation and evolution approaches.

The workshop concluded with a commitment to measurement. Participants said service providers and platform developers have access to data which, in aggregate, could better inform decisions about transport protocols. This issue is being discussed under the IETF mailing list called HOPS, for How Ossified is the Protocol Stack?

“We’re making decisions on how to move forward, and we need data to do it. And we need to get the people who have the data together with the people who have the questions to ask of the data,” Trammel said.

In addition, the IETF’s Session Protocol for User Datagrams (SPUD) group is looking at methods of encapsulation for path exposure in user-space transports. SPUD is considering such issues as what information should be exposed and what incentives will exist to expose information and only accurate information.

Next steps include writing the initial workshop report, cooperating with ETSI’s NFV Forum on middlebox issues, UDP encapsulation guidelines, and a statement on architectural assumptions in transport evolution.

Finally, Andrew Sullivan, the new IAB chair, explained the IAB’s statement on Identifiers and Unicode 7.0.0. The issue occurs when a script contains both a precomposed form of a character and decomposed form of a character and these two forms are not canonically equivalent. While humans can’t tell the characters apart, machines treat them differently. This problem occurs in both Arabic-script and non-Arabic script characters.

The IAB has called for further work on this problem, which was discussed in the Locale-free UniCode Identifiers (LUCID) Birds of a Feather held during the Dallas meeting.

]]> 391 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-announced-2/ Fri, 06 Mar 2015 16:26:38 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=450 The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The call for nominations for the 2015 ANRP award cycle received approximately 40 nominations.Three ANRP awards were presented during IETF 91.

• Sharon Goldberg for discussing threats when Border Gateway ProtocolResource Certification (BGP RPKI) authorities are faulty, misconfigured, compromised, or compelled to misbehave. See the full paper at http://www.cs.bu.edu/~goldbe/papers/hotRPKI.pdf.
• Tobias Flach for the design of novel loss-recovery mechanisms for Transmission Control Protocol (TCP) that minimize timeout-driven recovery. See the full paper athttp://nsl.cs.usc.edu/~tobiasflach/publications/Flach_Latency.pdf.
• Misbah Uddin for developing matching and ranking for network search queries in order to make operational data available in real-time to management applications. See the full paper athttp://www.cnsm-conf.org/2013/documents/papers/CNSM/p251-uddin.pdf.

Goldberg, Flach, and Uddin presented their findings to the Internet Research Task Force open meeting during IETF 91.

Slides are available (Goldberg: http://www.ietf.org/proceedings/91/slides/slides-91-irtfopen-4.pdf; Flach:http://www.ietf.org/proceedings/91/slides/slides-91-irtfopen-3.pdf; Uddin:http://www.ietf.org/proceedings/91/slides/slides-91-irtfopen-0.pdf), as are audio and video from the presentations thanks to Meetecho (http://recordings.conf.meetecho.com/Playout/watch.jsp?recording=IETF91_IRTFOPEN&chapter=chapter_0, start at 00:18:50).

The nomination period for 2016 will start in the summer of 2015. Join the irtf-announce@irtf.org mailing list to be notified when it begins.

]]> 450 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2015/ Fri, 06 Mar 2015 16:27:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=454 The nerds returned to paradise for the IETF 91 meeting, hosted by Cisco in stunning Waikiki, Honolulu. Despite the temptation to devote the week to surfing, attendees got a lot of great work done at this memorable meeting.

Our cover article, "Open Standards, Open Source, Open Loop," discusses the challenges for standards organisations like the Internet Engineering Task Force (IETF) in the face of agile software development paradigms. We also have articles about the upcoming IETF website revamp, a new initiative on human rights and Internet protocols, and a report on the WiFi privacy trial that ran on the meeting network in Hawaii.

You’ll read about the most recent winners of the Applied Networking Research Prize, and learn about theInternet Society panel event that explored the question, Is Identity an Internet Building Block?

Our regular columns from the IETF, the Internet Architecture Board, and the Internet Research Task Force chairs, plus coverage of hot topics discussed during the meeting’s plenary sessions wrap up the issue. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available at http://wiki.tools.ietf.org/area/int/trac/wiki/IETF91. And last, the issue debuts a new look for the IETF Journal, part of a year-long celebration of the publication’s 10-year anniversary.

We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions athttps://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.

]]> 454 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-fellow-to-the-ietf-brings-lessons-learned-back-to-kenya/ Fri, 06 Mar 2015 16:28:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=459 Thanks to the information and guidance he received as a Technical Fellow at IETF 91 in Honolulu, Mwendwa Kivuva, information and communications technology administrator at the University of Nairobi, is now deploying IPv6.

Kivuva, who is also a member of the Consolidated Regional Internet Registries IANA Stewardship Proposal (CRISP) team, gained additional perspective at the meeting on the IANA transition.

Kivuva was one of 11 fellows at IETF 91. The Internet Society Fellowship to the IETF programme provides financial support for Internet technologists from emerging economies to attend IETF meetings, exchange ideas, enhance their participation in open-Internet standards development, and network with individuals from around the world with similar technical interests. The programme raises global awareness about the IETF and develops future leaders from underrepresented countries.

“Attending the IETF meeting [also] gave me perspective,” Kivuva said. “I understood clearly the eight work areas and the working groups in each area. It was great to connect with the people who make the Internet what it is today. Initially, I wondered if I needed special training to effectively work on drafts, but I soon learned that participation becomes more effective as time goes by.”

He notes that the financial support was key. “I am grateful to the Internet Society for the opportunity.”

As a leading network engineer in Kenya, Kivuva was an ideal choice for the Fellowship programme. At the University of Nairobi, his work involves designing, implementing, and managing network infrastructure with a focus on security and performance. He serves as secretary general of the Internet Society’s Kenya Chapter and participates in several Internet Corporation for Assigned Names and Numbers working groups. He also moderates discussions via the Kenya ICT Action Network.

Kivuva attended the newcomers’ meeting, as well as meetings related to the working groups that he follows: IPv6 Maintenance (6man), IPv6 Operations (v6ops), Domain Name System Operations (dnsop), and Planning for the IANA/NTIA Transition (ianaplan).

“I realized I was stretching myself by participating in so many working groups. Going forward, I’ll concentrate on only two or three working groups, then increase my engagement as I become more adept in IETF work,” Kivuva said. “Since meeting people in my domain, I have a good grasp on how to participate more effectively and look forward to contributing to the mailing lists.”

Kivuva was thankful for the mentorship of Fred Baker during the IETF meeting. “I liked the mentoring programme,” he said. “It helped newcomers prepare so it was easier to integrate during the actual meeting. Mentors also introduce newcomers to IETF people of interest, like chairs of working groups and area directors.”

Kivuva plans to bring the lessons he learned back to the network engineering community in Kenya. “Other IETF fellows from my country and I plan to have mentorship sessions at local universities and [to educate] engineering and computer science students about the work of the IETF and how they can contribute to it,” he said.

Kivuva encourages the Internet Society to continue funding its Fellowship to the IETF programme. “Sponsoring IETF Fellows ensures that there is diversity in the IETF,” Kivuva said. “More engineers from other areas of the world, not just Europe and America, need to be brought on board. The programme offers exposure to those in developing worlds who could otherwise never attend an IETF meeting or participate in drafts or mailing lists.”

]]> 459 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/fred-baker-celebrates-25-years-of-ietf-internet-society-service/ Fri, 06 Mar 2015 16:29:01 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=462 When Fred Baker attended his first IETF meeting in 1989, it comprised 150 people who were mostly researchers, operators, and vendors from the United States. At IETF 91 in Honolulu, Baker mingled with more than 1,000 attendees, including a Nigerian ccTLD operator. In a wide-ranging interview, Baker reminisced about how the IETF has changed during the past 25 years. Following are excerpts from that conversation.

Question: How was your first IETF meeting?

Fred Baker: My first IETF meeting was IETF 14 at Stanford University in June 1989. I worked for Vitalink, which made what today we might call a remote ethernet switch. I had started working on a router product. I was designing a proprietary SPF-based protocol, and an employee suggested I look into the IETF’s protocol. About that time, I got a long flame from a government customer who told me in no uncertain terms that the IETF and IETF protocols including OSPF [Open Shortest Path First] and PPP [Point-to-Point Protocol] needed to be on my roadmap. I had an employee and a customer saying the IETF was important, so I showed up. IETF 14 had maybe 150 people. It was located in the basement of one of Stanford’s buildings, and I think the first meeting fee was $25.

Q: What were some of the key differences between then and now?

FB: At IETF 15 in Honolulu, I tried to walk into the Open Systems Routing Working Group meeting. I was met at the door by a woman who I assumed was the chair. She told me I wasn’t welcome, that it was an invitation-only meeting. That was a wake-up call for me, and it colored my participation in the IETF for a while. I was very aware of being on the outside looking in, the disliked competitor to all who sat in the room. One key difference between then and now is the openness of the process.

I dropped in on two meetings, one a BoF [Birds of a Feather] regarding the SNMP MIB [Simple Network Management Protocol Management Information Base] and one on PPP. I came home from IETF 15 with two writing assignments. So there was also acceptance based on willingness to work.

Back then, there was far more willingness to shoot from the hip. People would write up an Internet Draft, implement it, and then put it in a network. Sometimes really bad things would happen, but improvements often happened rapidly. In my opinion, now it takes far too long to publish an RFC [Request for Comments]. What we really want is a happy medium.

Q: How did you go from being an outsider to chair?

FB: By November 1990, I was working at ACC, a company that built IP [Internet Protocol] routers. After that, I don’t recall the strong feeling of being an outsider. Dave Crocker asked me to chair the 802.1d Bridge MIB Working Group, which was contentious. I chaired several working groups: ISDN [Integrated Services Digital Network] MIB; DS1/DS3 MIB and PPP Extensions. Someone figured out that I could chair a working group that was contentious and get results. In 1993, I chaired the Nomcom. Truth be told, in that, we were making it up as we went along. I was, of course, also doing technical work. I published 14 RFCs between 1989 and 1996.

In 1995, the Nomcom asked me to consider being the chair of the IETF. I was working at Cisco by then. Cisco told me that they would give me the leeway and financial support to do that and would back me up on my technical work. They asked only one thing: wherever my travels took me, they wanted me to be willing to talk with a customer. It seemed like a fair deal. I served in that capacity for five years. One thing I concluded is that term limits are a good thing. I was exhausted and more than willing to hand the role to the next person, whom I had been mentoring. I stayed on the IAB [Internet Architecture Board] until March 2002.

Q: What were the highlights of your tenure as IETF chair?

FB: In 1996, the IETF was pretty much the Wild West. In a certain sense, it still is. One big thing that was happening during that interval was the IETF coming of age. When I first showed up, it was 150 people, largely US researchers, but also people in uniform, a few operators, and a few vendors. By December 2000, we had almost 3,000 people in San Diego, California, including college kids, the press, and drop-ins.

We also were starting to get on the radar at the White House. I remember meeting with a guy who worked at the equivalent of the Office of Science and Technology Policy. Our November 1999 meeting in Washington, DC, culminated in a huge discussion about wiretapping that had gone on for about a year and a half. Only about 40 percent of the messages on the Raven mailing list were from IETF people.

Another change is that we were starting to have meetings outside the United States. The first one was a happy accident. Microsoft planned to host a meeting in August 1990 in Redmond, Washington, that fell through. The University of British Columbia said they would host it, so we went 80 miles north. The next meeting outside the United States was in Amsterdam in 1993. Then we went to Stockholm in 1995, Montreal in 1996, Munich in 1997, Oslo in 1999, and Adelaide, Australia, in 2000. I thought internationalization and the willingness to go Down Under were a question of fairness to the people doing the work of the IETF.

Q: How have you been involved with the IETF since your term ended as chair? 

FB: In large part, it has been technical work. I have published 54 RFCs and have 11 drafts in the mill. Organizationally, I served on the Internet Society Board from 2002 to 2008, the first four years of which I was chair. The Internet Society was changing dramatically as well. By 2002, it had organizational members that provided money and held power, chapter members who often felt disenfranchised by the Internet Society’s financial woes, and individual members like myself who had little or no voice. I presided over the middle stages of change, and the recent reorganization of the Internet Society bylaws finalized it. I think the Internet Society has largely become what it needs to be, but still has some work ahead in terms of its consultation process.

I served on the IAOC [IETF Administrative Oversight Committee]—essentially the finance department of the IETF—at the request of the IETF from 2005 to 2010. I’m still on the IAOC’s meetings committee. I cochaired two working groups: IEPrep and v6ops, and chaired the RSOC [RFC Series Oversight Committee], which was tasked with finding a new RFC Editor.

I have been involved with the IETF policy and technical fellowship programs from the beginning. They serve important roles in connecting the great wide world and the IETF. We have been able to provide education for regulators, which is important, and improve relationships with the operators and regulators who have participated. At the recent IETF in Honolulu, I talked with a woman from Nigeria and put her in contact with a person from the US Federal Bureau of Investigation who is familiar with Boko Haram and some of the issues in her country. Helping her understand the processes in the Internet was important to her job.

Q: What are some of the lessons you learned from your experiences with the IETF?

FB: If there is one thing that I have observed about the IETF from 1989 until now, it is that a lot of people seem to be willing to think the worst of each other, or at least make statements to that effect. But I have found few who actually deserve that. Personal integrity goes a long way, and the people who serve in the IETF are usually examples of that kind of integrity, regardless of their quirks.

The IETF needs to think about its tone. It’s not that I feel we shouldn’t have knock-down, drag-out arguments if we need to have them. But we need to be a little more respectful. People need to be more accepting of each other’s differences.

I do consider our open process and the accessibility of our documents—working and RFCs—to be the gold standard. But that gold doesn’t shine as brightly as it needs to. In 1990, I chafed that it might take as many as six months to move a document from an Internet Draft to an RFC. Right now, I have a document in the mill that hasn’t seriously changed since 2013 and is now languishing in the area director’s in-basket. If we want to remain the gold standard, we need to deliver working documents with supporting prototype reference code in a finite and predictable period of time.

I also think the IETF needs to have a better working relationship with the Internet Society, which has a history of putting the IETF first, even when it was within a couple weeks of bankruptcy. The IETF has very much been a beneficiary of the Internet Society.

]]> 462 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/human-rights-at-the-ietf/ Fri, 06 Mar 2015 16:31:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=469 A lively debate about standards, protocols, and human rights occurred during the meeting of the Security Area Advisory Group (SAAG) at IETF 91 in Hawaii. The discussion was framed by the Internet Draft (I-D), Proposal for Research on Human Rights Protocol Considerations.[1]

The draft departs from previous work done by the IETF on privacy and Internet protocols, such as RFC 6973 on Privacy Consideration Guidelines[2], and suggests that some standards and protocols can solidify, enable, or even threaten human rights, such as freedom of expression and the right to association online. Specifically, the draft aims to establish a research group under the Internet Research Task Force to study the structural relationship and impact between Internet standards and protocols and freedom of expression and association. 

A deeper rationale for the proposal was explained during the SAAG presentation, where the presenters, who are also the authors of this article, emphasized that the Internet was designed with freedom and openness of communications as core values, and questioned if these structural values can or need to be preserved on a technical level. It was argued that as the politicization of the Internet management space increases, the IETF should take an active role in promoting a more structured and holistic approach, thereby future-proofing standards and protocols and avoiding ad hoc decisions following incidents or disclosures elsewhere.

The proposal raised both eyebrows and concerns about the politicization of the work of the community. Dan Harkins posited, “Doing the human rights study will likely politicize protocols. [I don’t] want the technology to have political context. Rather, I want it to be as nonpolitical as possible.” Another respondent stated, “We have to stop pretending that technology is a nonpolitical decision.” A round of applause followed. The presenters then clarified that their research proposal was aimed at (1) avoiding further politicization of both protocols and the community, and (2) offering the community the time and proper processes to define its position on the interrelationship between protocols and human rights, such as freedom of expression.

Both John Levine and Alissa Cooper remarked that, in order to keep the research manageable and to keep the different rights balanced, it is crucial to start the conversation by focusing on specific human rights. The presenters reaffirmed that the primary focus will be on the right to freedom of expression and right to association. Alissa Cooper pointed to the Internet Architecture Board I-D on filtering considerations[3] and the I-D, Policy Considerations for Internet Protocols,[4] as relevant sources for future research. 

Several RFCs already make explicit statements about the objectives of the Internet, including RFC 1958 that reads, “the community believes that the goal [of the Internet] is connectivity, the tool is the Internet Protocol,” and, “the current exponential growth of the network seems to show that connectivity is its own reward and is more valuable than any individual application, such as mail or the World Wide Web.” This RFC notes the intrinsic value of connectivity that is facilitated by the Internet, both in principle and in practice. It also indicates that the underlying principles of the Internet aim to preserve connectivity, which is similar to a section of Article 19 of the Universal Declaration of Human Rights that defines a right to receive and to impart information.

There are also protocols that enable freedom of expression and access to information in an unprecedented way, such as Hypertext Transfer Protocol. Although RFC 7230 does not explicitly reference rights, it does form the basis for a rights-enabling architecture. The challenge of the research then is to define the specific protocol attribute(s) made by this protocol that specifically affect human rights.

Next Steps

The next major challenge lies in developing appropriate methodologies to research implicit safeguards in current standards and protocols in order to make them explicit. Open discussions offered insights to possible methodological approaches. Richard Barnes said, “[It] seems that you are reading RFCs and that you are looking for statements on human rights that are laid out in RFCs. You might risk irritating people by reading technical documents as [if they are] political statements. It might be more useful to use RFCs as a window into the community that developed the rights that these RFCs presume.”

Mark Nottingham proposed a perspective of stakeholder prioritization as described in the I-D, Representing Stakeholder Rights in Internet Protocols,[5] which is already implemented at the World Wide Web Consortium.

Useful remarks were made during the session, after the session, and on the mailing list[6], that are being used to improve the next version of the draft slated for further discussion at IETF 92 in Dallas, Texas.

This session raised considerable interest in the community. The presenters and authors of the Proposal for Research on Human Rights Protocol Considerations are continuing their research and will produce an updated I-D before IETF 92. In addition, plans for the Dallas meeting include adding another research methodology and conducting interviews aimed at deepening the understanding that area directors and RFC authors have of specific protocols and the role rights play in them. 

If you have questions for the presenters or an interest in their research, please join the mailing list at https://lists.ghserv.net/mailman/listinfo/hrpc.

References

1. Proposal for Research on Human Rights Protocol Considerations, http://www.ietf.org/id/draft-doria-hrpc-proposal-00.txt.
2. “Privacy Considerations for Internet Protocols” [RFC 6973], https://www.rfc-editor.org/rfc/rfc6973.txt.
3. Technical Considerations for Internet Service Blocking and Filtering,http://www.ietf.org/archive/id/draft-iab-filtering-considerations-06.txts.
4. Policy Considerations for Internet Protocols, https://tools.ietf.org/html/draft-morris-policy-cons-00.
5. Representing Stakeholder Rights in Internet Protocols, https://tools.ietf.org/id/draft-nottingham-stakeholder-rights-00.txt.
6. https://lists.ghserv.net/mailman/listinfo/hrpc.

]]> 469 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-91-at-a-glance/ Fri, 06 Mar 2015 16:33:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=475 Participants: 1,100

Newcomers: 136

Number of countries: 50

IETF Activity since IETF 90 (20 July–9 November 2014)

New WGs: 12

WGs closed: 0

WG currently chartered: 135

New and revised Internet-Drafts (I-Ds): 1665

RFCs published: 86

• 45 Standards Track, 0 BCP, 3 Experimental, 37 Informational

IESG Restructuring

In October 2014, the IESG announced plans to reorganise the IETF areas and working groups by summer 2015. Goals include:

• Match IETF structure to current topics
• Support growth in emerging topic areas
• Match management resources to workload
• Improve flexibility re fluctuations in workload and topics

IANA Activity since IETF 90 (July–October 2014)

Processed 1363+ IETF-related requests, including:

• Reviewed 111 I-Ds in Last Call and reviewed 125 I-Ds in Evaluation
• Reviewed 82 I-Ds prior to becoming RFCs, 44 of the 82 contained actions for IANA

Document collaboration with the IETF

• RFC 5226bis finished IETF Last Call on 30 October 2014. Authors are now addressing Last Call comments from the community. https://datatracker.ietf.org/doc/draft-leiba-cotton-iana-5226bis/.

SLA Performance (May–October 2014)

• Processing goal average for IETF-related requests: 99.5%

IANA and DNSSEC

• As of 4 November 2014, 548 TLDs have a full chain of trust from the root. http://stats.research.icann.org/dns/tld_report/.

RFC Editor Activity since IETF 90 (July 2014–February 2015)

Published RFCs: 167

• 134 IETF (13 IETF non-WG), 4 IAB, 1 IRTF, 15 Independent

]]> 475 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-6/ Fri, 06 Mar 2015 16:34:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=477 The IETF 91 meeting had 1,100 participants from 50 countries. In addition, we offered seven remote hubs throughout Latin America, and 25 presentations were held by people attending remotely. We expect remote attendance to grow even more in the future, thanks to technologies that the IETF and others have been working on. They will enable more participation and lower barriers to increased IETF involvement.

With more than 120 working groups, there are always many interesting things going on both at meetings and after them. Following are highlights of where large and important changes are happening.

• Work on the Web protocol stack improvements reached a major milestone, when the HTTP/2 specification was approved in February 2015. The new specification builds on the foundations of existing HTTP protocols, but improves on it in many ways. For example, HTTP/2 should measurably speed page loads, and thanks to compressed headers, use less network bandwidth. I expect this technology to be in very broad use in the coming years—there are already 30 implementations and a fair amount of experience with it.
• The IETF, the Regional Internet Registries (RIRs), and The Internet Corporation for Assigned Names and Numbers (ICANN) have been working together to transition the role of the US government in the stewardship of IANA functions to the Internet community. In January 2015, the proposed plans for  IETF and RIR parts of this transition were completed by the communities confirming how they want to address the transition. Both proposals have received positive feedback from the broader Internet community. In the case of the IETF, the plan largely is to continue with the arrangements we’ve already built up over the years. The community processes and roles for various organisations already work well.
• We are seeing a surge of YANG data models submitted to the IETF. YANG is a data modeling language for the NETCONF network configuration protocol, and these models are needed to manage network nodes in operator networks in centralised fashion. Working groups across the IETF, and particularly in the Routing Area, are working on these models to ensure that the industry has the interoperable standards it needs.
• Work on the difficult problem of improving Internet security and privacy continues in multiple working groups. For me, the new highlight of this effort at IETF 91 in Honolulu was the newly chartered DPRIVE working group, which addresses Domain Name System (DNS) privacy. Their meeting systematically walked through various design alternatives to enable DNS queries to be done in a private manner. Other efforts on the general problem continue, as well. The Transport Layer Security (TLS) working group is working on version 1.3 of the TLS specification, a fairly large redesign of the protocol. None of this work is easy: we need deployable security solutions, technology that enables the network to do its work while protecting privacy, and algorithms we know we can trust.

Lastly, the Internet Engineering Steering Group is working hard on ensuring that the IETF structure matches today’s needs. The intent is to increase flexibility as IETF work evolves and to balance and reduce the workload across our steering group. We have changed the roles of area directors to match current work areas and have a proposal out for merging the applications and real-time applications areas.

Next up, Dallas, Texas, in March 2015. Until then, back to the mailing list for work on many of the above and other important issues.

]]> 477 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-website-revamp/ Fri, 06 Mar 2015 16:35:13 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=480 After input and review by the IETF community on the scope of work, the IETF Administrative Oversight Committee (IAOC) put out a request for proposals to revamp the public-facing IETF website (www.ietf.org). Its goal is to provide the IETF with a front door to the information that its users—active IETF participants, new and potential participants, and those looking to learn more about the IETF—need to accomplish their work. Specific goals for the revamp include improving the site’s ease of navigation, accessibility by mobile devices, and content maintenance. The IAOC considered several proposals and selected Torchbox (www.torchbox.com) to undertake the project.

A key aspect of the project includes engaging the IETF community as the redesign effort progresses. Key milestones and deliverables (e.g., site architecture, technology, wireframes, page design, and content updates) will be reviewed and approved by a committee chosen from IETF community volunteers.

The project will build on input and review from representatives of key audience groups on such topics as how those audiences use the current IETF Web presence, and will employ focus groups and task testing to evaluate proposed changes before they are implemented.

]]> 480 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-6/ Fri, 06 Mar 2015 16:35:54 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=485 During IETF 91 in Honolulu, four out of the eight chartered Internet Research Task Force (IRTF) research groups (RGs) held meetings:

• Information-Centric Networking (ICNRG)
• Internet Congestion Control (ICCRG)
• Software-Defined Networking (SDNRG)
• Network Coding (NWCRG)

In addition to the meetings of already-chartered research groups, a proposed research group on Datacenter Latency Control (DCLCRG) held its second public meeting.

Another proposed research group, Network Function Virtualization (NFVRG), also held a public meeting. They subsequently held an interim meeting at the IEEE Globecom conference in Austin, Texas, in December 2014. Following both of these successful meetings, the NFVRG was officially chartered in January 2015; its charter page and additional information is available at https://irtf.org/nfvrg.

Prior to IETF 91, the Global Access to the Internet for All (GAIA) research group was also chartered. GAIA did not meet at IETF 91, but instead held two interim meetings: October 2014 in Cambridge, UK, and December 2014 with the Association for Computing Machinery Symposium on Computing for Development (ACM DEV) conference in Berkeley, California. GAIA will meet again at IETF 93 in Prague.

Since IETF 90, no new Request for Comments (RFCs) were published on the IRTF RFC Stream. This is not unusual.

At the IRTF Open Meeting at IETF 91, the final three winners of the third Applied Networking Research Prize (ANRP) of 2014 presented their research.

• Sharon Goldberg discussed threats when BGP RPKI authorities are faulty, misconfigured, compromised, or compelled to misbehave.
• Misbah Uddin talked about matching and ranking for network search queries to make operational data available in real time to management applications.
• Tobias Flach presented novel loss recovery mechanisms for Transmission Control Protocol (TCP) that minimize timeout-driven recovery.

The nominations period for the 2015 ANRP awards closed in October 2014. There were 39 eligible submissions, out of which the selection committee picked five award winners for 2015. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The five winners for 2015 will present their work at the three IRTF Open Meetings during the year.

Stay informed about these and other happenings by joining the IRTF discussion list at www.irtf.org/mailman/listinfo/irtf-discuss.

]]> 485 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/expert-panel-urges-ietf-to-tackle-identity-issues/ Fri, 06 Mar 2015 16:36:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=489 The Internet lacks a scalable infrastructure for trust management, and the Internet engineering community should develop technical solutions to help address this complex problem. That was the conclusion of an Internet Society-sponsored panel entitled, “Is Identity an Internet Building Block?” held 11 November 2014 concurrent with the IETF meeting in Honolulu, Hawaii.

“Identities and the attributes that relate to identities are somewhat key to establishing trust in the Internet,” said Olaf Kolkman, chief Internet technology officer at the Internet Society and moderator of the panel. “When we perform any sort of communication on the Internet, identities are used for that. Attributes are used for authentication. Attributes are used as the basis of opportunistic encryption. Knowing who or what is on the other end of the line is sometimes very important.”

Kolkman asked panelists to discuss what components are necessary to build a scalable, nonhierarchical and reusable trust model for the Internet.

Jeff Hodges, a PayPal engineer who spoke as an individual rather than as a corporate representative, set the stage for the discussion about identity on the Internet.

“The context of the discussion is how do we human subjects interact with various other entities, human or not, throughout the Internet and be known as us or ourselves?” Hodges asked, adding that that this process is not necessarily under our control. “Do we have some control to assert ourselves as us?”

Identity involves mapping human subjects to actions, events, processes, communications channels, and physical devices, Hodges said. He pointed out that identity is involved whenever you log into a Web site or device.

“We also need to keep in mind there are various tensions and tussles involved in the areas of naming, identification, agency, autonomy, privacy, security, and such,” Hodges added. “The more we work to make it smooth and seamless, we also have to take into account the individual’s use case and requirements. Maybe they don’t want to be identified with certain attributes, and they do want to assert other ones. How do we accommodate that and make it seamless across different modes of communication?”

Hodges said it is inevitable that devices will use biometric identification systems, and controls will be needed to determine where the information your device has about you goes. “Not everything can be enforced technological layers,” he added. “We need to keep in mind that [regulation] can be a useful tool.”

Natasha Rooney, cochair of the Web and Mobile Interest Group at W3C and Web technologist at Groupe Speciale Mobile Association (GSMA), provided an overview of the use cases for identity management as well as debates around businesses involved in identity management.

Among the use cases for identity management are situations in which strict security is necessary, such as transferring money or accessing health records, while other services such as social media platforms favor speed over security. Other situations, such as purchasing alcohol or renting a car, require attribute authentication such as verifying age or a valid drivers’ license.

“There is some attribute brokerage that can be done,” Rooney said. “The questions are: who owns the attribute? And can you be trusted to relay that attribute?”

She pointed out that users will want anonymity in some situations.

“There are a number of services on the Internet that I don’t want to know I am this exact person,” she said. “We need to consider that when we talk about use cases.”

Rooney said the Internet engineering community needs to ask questions about the companies that provide identity management services, including whether these companies can be trusted and how they should be handling identity management.

“If we’re going to transport attributes over the Internet, how do we want to do that?” she asked. “How should they be secured?”

Rooney suggested that the IETF start with the simplest use case first: log in services. “Can we just get log-in right? Then would we be able to extend that?” she asked.

Leif Johansson, with the Office of the chief executive officer at Swedish University Computer Network (SUNET), pointed out that identity has more aspects to it than authentication and authorization. Further, he called the push to remove middlemen from the identity management process in order to be more user centric a distraction because it has resulted in the consolidation of identity information in the possession of one or two content providers.

“I understand why user centric strikes a nerve with the IETF crowd because it sounds like the end-to-end principle, but the end-to-end principle is always assisted by infrastructure,” Johansson said. “We don’t really have the infrastructure that we need to do large-scale identity and trust on the Internet.”

Johansson argued that there shouldn’t be an identity layer on the Internet, rather, that identity needs to be supported at all layers.

He said the IETF should concentrate on areas where gaps exist in the identity infrastructure. In particular, he’d like to see the IETF develop a protocol like the Border Gateway Protocol (BGP) for trust and key management.

“We do need an Internet-scalable mechanism for trust management,” Johansson said. “I don’t know what it needs to look like, but I do know we need to focus an effort and figure out a solution for this.”

The panel’s final speaker was Ken Klingenstein, senior director in the Internet2 Trust and Identity area. Klingenstein pointed out that the Internet engineering community is more careful about trust issues than it was 30 years ago, when the original BGP standard was so simple that it was designed on a cocktail napkin.

“It’s not creative noodling on a deploying greenfield anymore,” Klingenstein said. “We are taking some big beasts and making them work together and interoperate, and they don’t all have the same intensions.”

Klingenstein outlined several areas where new technology is being developed to improve the Internet’s trust mechanisms: federated and dynamic metadata, level of assurance and vectoring of trust, attributes and their metadata, reconciling regimes of privacy, managing downstream use of attributes, and scalable privacy with the federated infrastructures to support it.

“All of the scale we get is because of metadata,” Klingenstein said, adding that it is a very powerful mechanism but has its own security needs. “The packets of metadata that we pass around as operators have gotten so big and so volatile that we’ve had to move to dynamic metadata.”

Klingenstein said operators of trust infrastructure spend a lot of time on attributes.

“Privacy and scale both flow from attributes,” he said. “Replacing that access control list of names with attributes gives us not only scale, but it gives us privacy. We need to know a lot of metadata about attributes, such as did you have the authority to sign that attribute and how was it bound to the individual.”

Other challenges include reconciling privacy rules from country to country and managing downstream attributes. “Managing downstream use of anything is really hard. Look at the music industry,” he said. “With identity, it’s about making all of this scale and having the infrastructure to support it.”

Klingenstein identified several building blocks for identity systems, including identity providers, attribute authorities, attribute aggregators, key management, trust management, and consent management.

“We have a lot of aggregators such as portals, and they make things very tricky,” he said. “If a portal is hiding many applications, I don’t want to dump all of my attributes into a single location. I would like to refine my attributes and provide them on a per-application basis.”

Klingenstein noted that policy issues play a role in identity management, too, including what organizations will act as registries, if there will be a registry of registries or a standard format for attributes that is consistent across registries, and how technology will be transferred to emerging nations.

“There are activities around the world trying to set the rules of the road for identity,” he added. “When I think of the purity of the IETF and ISOC, I would recommend that we stay away from [the policy issues.]”

Klingenstein noted that the research and education community has widely deployed federated identity, and that Sweden and Denmark use similar technology for commerce and for interactions between government agencies and citizens.

In the United States, the biggest deployments of federated identity are from Google, Yahoo, and Facebook. On the horizon are deployments for online medical records, and the US government is supporting several pilot projects for government-to-citizen communications through its National Strategy for Trusted Identities in Cyberspace (NSTIC) activity.

Another issue Klingenstein noted is the need for federated identity portability. “This is the ability to move my identity and my preferences for privacy management from one provider to another,” he said. “If we’re going to create a marketplace, we need identity portability.”

In closing the discussion, Johansson emphasized his view that the Internet needs a protocol like BGP for trust. “We have a protocol that runs the network and is used to model business relationships. That is what BGP is,” he said. “We don’t have that for trust.”

]]> 489 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-7/ Fri, 06 Mar 2015 16:37:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=492 Deterministic Networking (detnet)

Description: Institute of Electrical and Electronics Engineers (IEEE) 802 has defined Audio Video Bridging, providing time synchronization and precise scheduling for zero congestion loss and finite latency in reserved Layer-2 streams. The need for equivalent Quality of Service (QoS) features now appears in networks that include routers in addition to, or instead of, bridges, for instance in industrial, vehicular, and public infrastructure applications. The goals of this meeting were to consider whether to form a working group in conjunction with the IEEE802.1TSN Task Group and to specify both how to get these QoS features into routers and how new and/or existing control protocols can be used to control these flows.

Proceedings: https://www.ietf.org/proceedings/91/minutes/minutes-91-detnet

Outcome: This meeting was not intended to form a working group. Discussion concluded with a call for a clearer statement of the problems that need to be addressed and a gap analysis to understand what, if anything, is missing.

Archive Top Level Media Type (arcmedia)

Description: The purpose of this meeting was to discuss registering a top-level media type for file archives, i.e. formats that package files and file metadata into a single data stream.

Proceedings: https://www.ietf.org/proceedings/91/arcmedia.html

Outcome: Participants concluded that a charter should be drafted to proceed with this work, and that a draft charter would be discussed further on the Applications Area mailing list.

Bit Indexed Explicit Replication (bier)

Description: This BoF was to discuss a new architecture for the forwarding of multicast data packets. The goal is to provide optimal forwarding of multicast packets through a multicast domain without requiring either explicit tree-building protocols or intermediate nodes to maintain a per-flow state.

Proceedings: https://www.ietf.org/proceedings/91/bier.html

Outcome: The meeting provided a good overview of the current state of multicast and the nature of the problem to be solved; and input from operators was received. Further work on use cases and a clearer problem statement is needed before this can be chartered as an IETF working group.

Abstraction and Control of Transport Networks (actn)

Description: The aim of this proposed work is to facilitate centralized operation and construction of virtual networks based on multisubnet, multitechnology, multivendor domain networks. The work could enable rapid service deployment of new dynamic and elastic services, and could improve overall network operations and scaling of existing services.

Proceedings: https://www.ietf.org/proceedings/91/minutes/minutes-91-actn

Outcome: The meeting included discussion of the problem-statement draft and options for architectural approaches. Polling at the end of the meeting indicated a lot of interest in this work and a reasonable number of folks willing to actively contribute. It is not clear whether there is new protocol work here that would require the formation of a working group.

Interface to Network Security Functions (i2nsf)

Description: This non-WG forming BoF discussed interfaces for clients (especially enterprises) to request, negotiate, operate, and/or verify network security functions not physically present at the requesters’ premises. Those security functions, hosted by service providers or other third parties, can be instantiated on physical appliances, or as virtual machines instantiated on common computer servers.

Proceedings: https://www.ietf.org/proceedings/91/minutes/minutes-91-i2nsf

Outcome: The meeting covered a lot of ground and concluded that whilst there is probably something useful here to advance into a chartered IETF working group, more refinement is required to focus on a clearly articulated and well-defined activity. Discussion will continue on the mailing list.

]]> 492 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-details-transport-security-efforts/ Fri, 06 Mar 2015 16:38:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=496 The Internet Architecture Board (IAB) highlighted two of its programmes—IP Stack Evolution and Privacy and Security—during a technical plenary session held during IETF 91 in Honolulu in November.

Joe Hildebrand reported on the activities of the IAB’s Internet Protocol (IP) Stack Evolution Programme, which is studying the implications of how the IP stack is evolving as a result of dual-stack communications supporting IPv4 and IPv6. Further, more applications are being built for Transport Layer Security (TLS) and Hypertext Transfer Protocol (HTTP), which add two more layers between TCP and applications.

These trends result in the IP stack evolving from a normal hourglass shape to a taller, thinner hourglass with separate stems for IPv4 and IPv6. The new IP stack makes it harder to innovate at the transport layer, Hildebrand said.

“Some things envisioned by protocol developers are not as accessible to application programmers as is desired,” he said. “This means that there are not as many opportunities to add new security. Even if one fixes the interface, there is the matter of middleboxes.”

Hildebrand pointed out that middleboxes aren’t evil; they serve a purpose and solve a problem. Although Internet engineers prefer end-to-end communications, the majority of paths are broken due to widespread deployment of middleboxes such as network address translators (NATs).

As a starting point for its IP Stack effort, IAB is considering a proposal for a new layer on top of UDP, dubbed udp35, to provide a partial defense against middleboxes.

“UDP gives us a partial defense against middleboxes, provides port multiplexing and works from userspace,” Hildebrand says, adding that the new UDP-based protocol would provide hooks for policy decisions and would facilitate the evolution of Internet-over-HTTP applications.

The IAB’s IP Stack Evolution Programme was formed to provide guidance and coordinate efforts by several IETF working groups: Transport Services (TAPS), TCP Increased Security (TCPINC), and Active Queue Management (AQM). The programme hopes to evolve interfaces to transport and network-layer services and improve path transparency in the presence of firewalls and middleboxes.

In addition, the IAB hosted a workshop on Stack Evolution in a Middlebox Internet (SEMI) in Zurich in January 2015. IETF participants were invited to read the workshop report when it is eventually published.

“The aim of the workshop is to get people from research and industry working in this space together to refine the scope and solution space considered by the program,” Hildebrand said.

Ted Hardie reported on the IAB’s Privacy and Security Programme. He noted that the programme is focused on three challenges. First, Internet protocols are developed as building blocks and thus security and privacy protections are piecemeal. Second, security approaches presume that attackers have resources on par with those available to secure the system. Third, many systems breach confidentiality to simplify the delivery of services or meet other requirements.

To address these challenges, the IAB’s Privacy and Security Programme is split into three streams of work: Internet-Scale Resilience, Confidentiality, and Trust.

The Internet-Scale Resilience stream, led by Brian Trammel, is doing work on route hijacking, Distributed Denial of Service (DDoS), and related attacks. Documents are planned that will describe the available mitigations and work with related IETF programs to limit the development of protocols that offer amplification opportunities to the attackers.

The Confidentiality stream, led by Joe Hall, is working on threat models related to surveillance. An IAB statement on the applicability of cleartext protocols is in progress.

The Trust stream, led by Karen O’Donoghue, is working on public-key infrastructure, trying to understand how to work with multiple sources of truth within a system. Planned work includes a threat-model document as well as an IAB statement on designing protocols with multiple sources of truth.

In response to a question during the open mic session, Hardie encouraged IETF participants to email the IAB’s Privacy and Security Programme with relevant threats or issues raised in IETF working groups.

In administrative news, the IETF is putting its RFC Production Center contract out to bid and is experimenting with writing labs at the IETF meetings in order to help authors improve their documents.

In addition, Sally Wentworth briefed the IETF community about the International Telecommunication Union (ITU) Plenipotentiary Conference. The Conference featured discussions on privacy, surveillance, human rights, policy affordability, and sovereignty. She said the ITU did not expand its scope with respect to Internet operational issues. In addition, the ITU treaty and official definitions remain the same.

Wentworth said she believes the outreach the IETF has undertaken with policymakers over the last few years is paying off.

“The work done in home countries to bring greater knowledge about the technical work do have a bearing on how policy discussions play out,” she said.

]]> 496 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/wifi-privacy-trials-at-ietf-91-and-ietf-92/ Fri, 06 Mar 2015 16:39:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=498 Privacy and security issues have become priority items for the IETF, the Internet Architecture Board (IAB), and the Internet Society. Documents such as RFC 7258 and the recent IAB Statement on Internet Confidentiality demonstrate the community’s commitment to addressing the issues and concerns raised. The goals are to fix existing Internet technologies and protocols, and to develop more-secure solutions to protect users’ privacy.

Although the IETF is taking major actions on several fronts and via a host of working groups, its privacy and security efforts don’t stop there. Coordination and collaboration with other standards organisations on the development of Internet technologies is a necessary next step to providing coherent solutions to today’s privacy and security issues. One of the most important standards organisations is the Institute of Electrical and Electronics Engineers (IEEE), which has developed several technologies at the core of Internet connections, including IEEE 802.1 bridges, IEEE 802.3 Ethernet, and 802.11 WLAN (wireless local area network, a.k.a., WiFi).

As part of coordinated efforts between these organisations, a joint collaboration between the IETF and the IEEE has been established and an IEEE 802 Privacy Executive Committee Study Group was created in July 2014. The group is assessing privacy issues related to IEEE 802 technologies and is planning to develop recommended practices for all IEEE 802 protocols.

One of the privacy issues identified by the group so far relates to the use of media access control (MAC) addresses in over-the-air communications. Protocols such as IEEE 802.11 WLAN openly transmit MAC addresses in several messages. Because MAC addresses, in most cases, are globally unique identifiers that can be associated to personal devices, they can become privacy risks by exposing users to unauthorized tracking.

A possible solution to this tracking issue is the use of randomized MAC addresses. Although it seems like a straightforward thing to do, several implications should be studied. MAC addresses are not only used in link-layer (i.e., layer-two) communications, but also in different higher-layer protocols, such as Dynamic Host Configuration Protocol (DHCP), Internet Protocol Version 6 Neighbor Discovery (IPv6 ND), and Address Resolution Protocol (ARP). In order to assess the implications of MAC address changes in an operating network, an experiment was suggested in which certain individuals randomized their MAC addresses while connecting to the meeting network during IETF 91 in Honolulu.

For this experiment, the first of its kind outside of a lab, a parallel network was established and a different WiFi service set identification (SSID) was broadcast during the meeting. Experiment participants were asked to run scripts on their computers to randomize MAC addresses when connecting to the network. The network was isolated from the rest of the IETF meeting via a different virtual local area network (VLAN) and a separate DHCP address pool. Preliminary observations indicated that several client drivers supported this technique, no major changes were required on the network configuration, and the probability of address duplication in a network of this size was negligible. Since more details and statistics are needed to continue the analysis, the group is fine-tuning the experiment for further exploration in March 2015 at both the IEEE 802 plenary meeting in Berlin and the IETF 92 meeting in Dallas. In addition, the group is developing tools to enable more users to participate in the experiment, this time also with mobile devices. All those attending IETF 92 are encouraged to participate.

MAC randomization is just one way to improve Internet privacy for nontechnical users. Watch for more collaboration and more proposals from the community in the near future.

]]> 498 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-5/ Fri, 06 Mar 2015 16:40:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=502 Highlights since IETF 90

• The IAB appointed John Levine to the 2015 Internet Corporation for Assigned Names and Numbers Nominating Committee.
• The IAB published RFC 7322, “RFC Style Guide.”
• The IAB reappointed Nevil Brownlee as independent submission editor.
• The IAB reappointed Lars Eggert as chair of the Internet Research Task Force.

IAB Statement on Internet Confidentiality

In 1996, the IAB and Internet Engineering Steering Group recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

The IAB urges protocol designers to design for confidential operation by default.  We strongly encourage developers to include encryption in their implementations and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.

We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.

IAB Statement on the NETmundial Intiative

The IAB thinks it is valuable to develop tools to support communities that can share solutions, expertise, and research related to Internet Governance. We welcomed the initial NETmundial meeting as an additional way to foster the development of a broadly based community engaged in supporting the Internet’s distributed systems and methods. We believe that the recent NETmundial Initiative (https://www.netmundial.org/press-release-1) to develop a long-running dialogue on these topics, in the form of a web site and collection of materials, may be a valuable addition to the overall community efforts.

We are concerned, however, that the creation of a highly structured coordination council for the Initiative may impede the development of broad participation, and so may be premature. Because the coordination council members appear to be the responsible parties for the effort, the effort may not foster the sort of community engagement that we believe is fundamental to the Internet’s distributed nature and the NETmundial principles (https://www.netmundial.org/principles).

To make the Internet work, many people with unique perspectives of the Internet and from different communities must cooperate. We believe a broadly based dialogue among all these communities is necessary, and support any effort to enable this dialogue. The permissionless innovation given as the goal of this effort is better served by first enabling technical infrastructure to further that cooperation; that might require some lightweight administration driven by community consensus. No coordination council is needed now, and therefore the IAB will not participate in the council at this time.

]]> 502 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/open-standards-open-source-open-loop/ Fri, 06 Mar 2015 16:41:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=511 There exists an unavoidable question for both community participants and observers: are standards development organisations (SDOs), such as the Internet Engineering Task Force (IETF), still relevant in today’s rapidly expanding environment of Open Source Software (OSS) projects?

For those new to the conversation, the question is not whether SDOs should exist—they are a political reality inexorably tied to trade policies and international relationships. The fundamental reason behind their existence is to avoid a communications Tower of Babel and to establish governance over the use of a global commercial and information infrastructure. The question is whether these organizations have a role in enabling innovation.

SDO Challenges

SDOs, such as the IETF, must evolve their processes in order to keep up with the technological landscape and for its development processes to remain relevant.

Software has come to dominate what we perceive asthe Internet, and the agile development model has created a sharp knee in the rate of innovation over the past couple of years—innovation that needs standardization. Although code is “coin of the realm” in Open Source Software (OSS) projects, code is not normative.

It is important to have SDOs and consensus-based standards. But SDOs need to realize that the OSS cycle time can create a market-based consensus to fill a standards void and that this realization may be the key to our collective futures.

There is an impedance mismatch between SDOs and OSS projects of at least 2:1 (two years to a paper standard versus one year to a product that creates a de-facto standard).

Globally, many SDOs appear incapable of defining and maintaining their boundaries, and new technology study groups are exploding across them. Every organisation is potentially—and dangerously—self-perpetuating. Few SDOs have a life-cycle plan that bounds their authority and scope as applied to new technologies.

Real coordination between SDOs is not readily detectable. This dilutes the efforts and resources of participating companies and individuals, and is creating confusion for the consumers of these technologies.

Within the IETF, we face numerous issues around our own life cycle. How much of our time are we spending on further standardization of established technology at the expense of more-pertinent and relevant working groups? How do we handle issues, technologies, and new architectures that would span our existing structure when they arise (e.g., the recent YANG model explosion across working groups)? What does the subject matter of popular, network-centric OSS projects imply might be missing at the IETF?

Most important, how do we offer startup companies, new vendors, and newly invested consumers the assurance that they have a voice, while avoiding the appearance of being an aristocracy and not a meritocracy-driven body?

Conway’s Law: Organisations that design systems are constrained to produce designs that are copies of the communication structures of these organisations.

To an outsider (and even some insiders), the recent reorganizing of the workgroups has the appearance of shuffling the deck chairs. It doesn’t change our process. Conway’s Law applies here.

Without more fundamental structural change, we can only expect more of the same process. The world shouldn’t wait two years for a standard for Service Function Chaining, or even more years for Network Virtualization Overlays (or Network Functions Virtualization in general, which is more of a European Telecommunications Standards Institute problem).

Open Source

While there is much to say regarding the challenges that both the global SDO community and the IETF face, there also are potential risks were the OSS communities to run away with the standardization mantle.

In short, the danger is the coopting of open source due to the lack of governance. Open source software projects with poor governance risk multiple, equally bad fates.

Like the confusion stemming from the uncontrolled overlap of standards from multiple SDOs, OSS projects that overlap can also create confusion. Competition can be both unintentional (e.g., a difference in technical opinions) and purposeful (e.g., vendor freeware offered as open source with no real community diversity to offer support alternatives, complimentary products, or hooks to other projects). The result can be multiple small communities that are underfunded or understaffed monocultures dominated by a single party.

Good and impartial third-party governance helps avoid the creation of overlapping, nondiverse, and confusing projects.

OSS projects that don’t connect to form larger architectures can create fragmentation. Fragmentation results when multiple projects each deliver part of an overall solution but cannot be used together, thereby frustrating any progress and interfering with higher-level innovation.

Good governance creates a community that considers both the upstream and downstream connectivity of a project.

Security flaws can result when the project has a weak security focus, often the result of critical technology with too few reviewers and maintainers. This result recently manifested in OpenSSL (HeartBleed), and is now being addressed through the Linux Foundation Core Infrastructure Initiative (for OpenSSL, OpenSSH, and NTPd).

Good governance establishes an effective development process—not only for new contributions, but also for maintenance, updates, and releases.

Proper governance also provides essential business, legal, management, and strategic processes that ensure a proper ownership and licensing of contributions, release management, and open community involvement. Excellent examples exist in the Linux Foundation, the Apache Foundation, and the OpenStack Foundation.

Alternative SDO Model

There have been several SDO proposals to subsume and standardize network-centric architectures developed in OSS via the endpoint/interface/ application program interface (API) definition exercise. The Open Networking Foundation (ONF) is an example of an early attempt at a different hybrid model: attempting to bridge both worlds, it used the word standard to describe its wire protocol and the wordopen to describe its architecture.

The protocol evolved through numerous and sometimes not-backward-compatible specifications, and the organisation moved very quickly into advocacy and market development for the protocol, architecture, and OpenFlow controller (the latter activity not normally associated with a traditional SDO).

Although open-source controllers and switches were available, most were developed outside the ONF by individual interest groups. The ONF provided no reference implementation of their own.

The most important lesson from the ONF experience is fundamental to both SDOs and OSS: a truly successful ecosystem and community is created via the openness of a solution framework and via collaboration, not via ownership, and only in that way can one avoid fragmentation and confusion. Unlike in an SDO, marketing has a place in OSS projects, but should be focused primarily on community building and engagement.

Why Open API and Framework Standards Are Important

Many of the emerging OSS projects provide broadly scoped and connected solution architectures. It’s important that we discuss the role of SDOs, such as the IETF, in making the connective-tissue of these new architectures normative, in order to ensure the functional interoperability that some fear may diminish in this environment (https://tools.ietf.org/html/draft-opsawg-operators-ietf-00, posted by members of the Internet Society).

The future standards in a software-driven network will be in the form of APIs and application/service frameworks. The same reasons that the underlying Internet protocols are standardized apply to these higher-level concepts: interoperability, choice, and system design.

Standardization is necessary to vanquish the myths that a future, which integrates a large amount of OSS, means a future in which all software and solutions are free, and that the only viable economic model for a vendor is solely to support OSS.

On the contrary, properly designed, open, and standardized frameworks, protocols, state machines, and the like enable vendors to provide intellectual property in a modular, and, if need be, replaceable manner. There will certainly be community-supported OSS components within developing solutions, but via standardization the incentives for innovation remain for established and startup vendors.

In this way, vendor support of OSS becomes rational and credible—as does its consumption in the operator community.

Open Loop

In spite of political or economic mandates for existence, the right of any SDO to be an authority must be earned. The IETF is arguably the most appropriately focused SDO to engage in standardizing the software-driven network. The IETF is neither too broad (e.g., not involved with health and safety or environment and climate change) nor too narrow (e.g., not a single service or network domain), and the IETF experience with architecture definition, protocol development, and information/data modeling (YANG) overlaps well with the interests and outputs of network-centric OSS projects.

How to Make the IETF Relevant in this Environment

To make the IETF the SDO authority for new things that IT professionals and operators need, I propose that the IETF do the following.

• Consider reforming and restructuring itself to facilitate a more agile process. Kill off what should be dead and make room for new work. Specifically, fail fast in order to succeed faster with fewer yet better ideas that move at the speed the market moves: more Birds of a Feather meetings leading to more successful, relevant working groups with shorter lifespans, less paper to wade through, and more tangible outputs. Enable new working groups to proceed with technical work in parallel with some of the Framework, Architecture, Requirements, and Use-Case drafts that have bogged down so many people for so long. Cut the cycle time for everything (rough consensus shouldn’t take two or more years).
• Emphasize software development more in the IETF structure. Encourage interoperability and function demonstrations all the time. Running code used to be part of the IETF mantra, but running code later is not agile. Think “hackathon” during the standards development process. From experience, the best standards have been produced hand in hand with writing the code at the same time.
• Engage in even more research (already a strength), thereby engaging a broader range of participants.
• Fix, change, or reinvent the liaison process because it will be critical to collaboration with OSS projects. In fact, don’t even use the liaison process as a model.
• Embrace Open Source projects. The heart of this effort will require the establishment of an open-loop engagement between the Internet Engineering Steering Group and reputable OSS foundations on productive and compatible projects. A good example of such a compatible and properly governed project is the OpenDaylight Project (Linux Foundation), which is driving the use of YANG models into the IETF as well as other open source projects.

By researching and monitoring OSS projects, we can actively invest our energy in emerging technologies instead of waiting for it to show up on our doorstep.

A feedback loop between parties will identify the areas of new and existing projects that need to be standardized, should use existing standards, or are out of compliance with standards. From a viewpoint of experience, writing code before standardizing has produced the most complete and simplistic definition of protocols.

Part of this process will require that the IETF resist the need to own or copy everything into IETF working groups. SDO geeks and OSS geeks are not the same. Paradoxically, for our purposes, code is not normative. But it’s also hard to define and standardize APIs if you’re not writing code. Forcing an integration of skills and purposes changes a community with potentially bad results—collaboration, interaction, and an exchange of ideas is a better model for all of us. (Note that collaboration will not work if the SDO cycle creates unnecessary drag on the OSS partner. Conversely, a nonvibrant OSS community won’t be able to interact with any SDO.)

Finally, we must (1) adapt and adopt new laws, and (2) avoid Conway’s Law.

Law of OpenSource: The quality and strength of a project is 100 percent dependent on the interests, energy, and capability of the developer community.

Law of OpenStandards: The importance, validity, and timeliness of relevant specification is 100 percent dependent on the interests, energy, and compromises of those who have been empowered to manage, organize, and complete the work effort of the SDO.

If we realize that these laws exist, we must also understand that the roles of OSS and SDOs need to change. We must set a new trajectory, move faster, and focus on building a bigger and better Internet.

]]> 511 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2015/ Sun, 01 Nov 2015 14:46:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=229

The Internet Engineering Task Force returned to the stunning city of Prague for our 93rd meeting, which was hosted by Brocade and the Czech domain registry CZ.NIC. In this issue of IETF Journal we share highlights of the week-long meeting and attempt to convey the spirit of the many people and discussions that make up an IETF meeting.

Our cover article provides an update on the status of exciting new work to simplify the deployment of security technologies on the Internet. We also have an article about the IETF Hackathon, a great introduction to the fast growing world of NETCONF and YANG, and a report on the live video Q&A session with Edward Snowden that took place prior to the meeting.

You can find out what ideas the community had for improving IETF educational and mentoring programs in our readout from the EDUNEXT BoF, and learn about one of the technology demonstrations on show during the Bits-N-Bites session.

Our regular columns from the IETF, IAB, and IRTF chairs, and coverage of hot topics discussed during the plenary meetings wrap up the issue. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available at https://wiki.tools.ietf.org/area/int/trac/wiki/IETF93.

We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions at https://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.

 

]]> 229 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/acme-better-security-through-automation/ Sun, 01 Nov 2015 15:36:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=278 278 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-2/ Sun, 01 Nov 2015 15:39:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=285 IETF 93 in Prague was a record meeting in terms of attendance: 1,384 people from 65 countries were on site, and many more attended remotely. While our European meetings are always popular, this kind of attention is a testament to both how we are growing and the variety of interesting projects underway.

Another striking aspect of this meeting was the amount of coding that was done. The IETF Hackathonwas held the weekend prior to the meeting; so many people showed up, we could barely fit them in one room. We also had a ETSI Plugtest to test 6TISCH protocol implementations, the Code Sprint to work on tools for the IETF, and the CrypTech meeting to hack on open-source hardware designs. I estimate over 150 people participated altogether—many were first-timers to the IETF, others were from major open source efforts, such as OpenDaylight, OPNFV, and RIOT. We look forward to more coding activities in the coming meetings. When you book your tickets to Yokohama, make sure to include time for some programming the weekend before the meeting: 31 October–1 November.

The IAB technical plenary addressed vehicular networking. Christoph Sommer and William Whyte explained how networking in vehicles is developing and the security challenges it brings. I found this topic interesting, as I recently have been working on some related prototyping. It will be fascinating to see how the area develops in the future. I can see both local applications that run between vehicles, as well as Internet-based applications that use it to communicate with Internet-based servers or connect vehicles.

This was the first meeting of the NETVC Working Group. This group works on video codecs for Internet applications, the basis of browsers and other applications being able to exchange video streams in an efficient and interoperable manner. Work on security and privacy continued, essentially touching all the Working Groups to some extent.

The Bits-N-Bites event was very active this time. I spent some time trying to understand how I could install and test one of the open source projects that participated. This is the sort of thing that is exceptional at Bits-n-Bites: you can talk directly to effort leaders and programmers, and obtain first-hand knowledge.

We also had occasion to observe ways in which the IETF meeting is intentionally different than a traditional industry conference. Although promotional models are still common at some trade shows, they were not received as a constructive addition to the technical Bits-n-Bites session. The IETF failed to be clear enough that this wasn’t appropriate. I have asked the IETF Administrative Oversight Committeeto develop policies and practices to ensure that future meetings have clear guidelines to communicate expectations to sponsors and exhibitors.

We also had a visit from ITU Secretary-General, Houlin Zhao at the technical plenary. He put on the IETF t-shirt from his previous visit; we gave him a Hackathon t-shirt from this IETF. I’m looking forward to the code focus at ITU and the collaborative spirit that Zhou clearly represents.

A side event at IETF 93 (outside the official meeting and organized by a group of individuals) was a screening of the movie, Citizenfour, followed by a surprise Q&A with Edward Snowden.

Our local sponsor, CZ.NIC, gave us a warm Czech welcome at our social event at the Žofín Palace. The event ended with fireworks!

Finally, I thank all the participants, our hosts CZ.NIC, Brocade, and all the other sponsors for their help in making IETF 93 work so well. This was one of our best meetings. As always, there is still much to do. Most of the work at the IETF happens on the lists and virtual meetings, so for now, it is time to go back to those. Our next face-to-face meeting is in Yokohama. Interestingly, OpenStack and W3C are also meeting there around the same time, so I’m looking for even more possibilities for joint work.

]]> 285 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-2/ Sun, 01 Nov 2015 15:40:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=289 It always surprises me how little time there seems to be between IETF meetings, at least by the time the meeting is upon us. IETF 93 in Prague was no exception. Still, the Internet Architecture Board (IAB) had plenty to report to the community.

Plenaries and IAB Engagement with the Community

We have heard people say that plenaries are too long and include too much reporting. Yet the plenary, the reporting we do, and our open microphone sessions are our basic accountability mechanisms. In Prague, the plenaries were in the morning. We shortened the technical plenary by 30 minutes to give people more “hallway time,” and the session turned out to be somewhat crowded. But we're going to try again in Yokohama, in a combined plenary with the Internet Engineering Steering Group (IESG). While we don’t expect to do this every time, we think it is worth trying these different approaches to see whether we can concentrate on protocol work, keep the meeting week as short as possible, and still engage with the IETF community.

One of the IAB’s jobs is to be the interface between the IETF and other standards bodies. We were pleased to welcome Mr. Houlin Zhao, Secretary-General of the International Telecommunications Union (ITU). We don’t expect regular visits of other standards bodies to the technical plenary, but we were happy that Mr. Zhao paid a visit, and look forward to future successful collaboration with the ITU.

Appeal

The IAB handles appeals when someone disagrees with an IESG appeal decision. The IAB takes this job seriously. Part of that job is to ensure that participants work within the IETF processes. In this case, the IAB concluded that the appellant needed to work within those other processes. See the full decision at https://www.iab.org/appeals/2015-2/response-draft-ietf-ianaplan-icg-response/.

When You Speak, We Listen

Because the IAB supervises the Request for Comments (RFC) Editor (via the RFC Editor Program and the RFC Series Oversight Committee), we publish documents pertinent to the RFC series. A recent change to the RFC series was the addition of Digital Object Identifiers (DOIs). The IAB asked for comments early, but DOIs were implemented before the IAB proceeded with publication of draft-iab-doi-04. It seemed to many that the IAB was asking for rubber-stamp feedback. That was not the goal, but the IAB could have done better and we’re grateful for the comments to that effect. In the future, we will use a new process for developing these RFCs:

The proposal for the relevant change will be an Internet Draft (I-D) that outlines the plan and so on. We will process this like any other IAB stream document, with the appropriate community comment period.  The draft will call out areas that could vary due to implementation. When the comment period is over, we will proceed as usual toward publication (assuming it is warranted).

Implementation will follow the resulting RFC, but any variances due to implementation will be called out to the community on relevant IETF lists.

When everything is ready, a new I-D will be prepared to obsolete the earlier RFC and document what happened. It will be subject to community comment just to ensure it conforms with what people think has been implemented.

More changes will come as the RFC series evolves. We’re listening carefully to ensure we’re managing this well.

Other Highlights since IETF 92

The IAB made a statement on Trade in Security Technologies (https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/), and sent comments to the US Bureau of Industry and Security about it. The IAB also sent comments to the US Office of the Chief Information Officer and to the Internet Corporation for Assigned Names and Numbers (ICANN) Cross Community Working Group on Enhancing ICANN Accountability (CCWG). We undertake these sorts of communications as part of our job to interact with external bodies. All our communications are at https://www.iab.org/documents/correspondence-reports-documents/.

With the Internet Society and in collaboration with FIRST 2015, the IAB sponsored the Coordinating Attack Response at Internet Scale (CARIS) workshop. The IAB undertakes workshops like this as part of its external liaison responsibility and because we are supposed to offer architectural guidance for the Internet. Attack response on the Internet is a critical part of the operational environment. The workshop aimed to strengthen the links among different organizations across the attack-response community. In the long run, attack response must grow as vigorously as the capabilities of attackers on the Internet. Kathleen Moriarty, a Security Area Director and the program chair for the workshop, gave a quick report about the workshop during the IETF 93 technical plenary. Look for the workshop report Internet Draft in an I-D repository near you.

The IAB also announced another workshop: Managing Radio Networks in an Encrypted World (MaRNEW). The workshop was held on 24–25 September; the IAB will share more on it at IETF 94.

]]> 289 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/vehicular-networks-are-expected-to-save-lives-but-carry-privacy-risks/ Sun, 01 Nov 2015 15:42:25 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=295 Vehicular communications systems, which hold the promise of preventing crashes and saving lives, are poised for wide-scale deployment during the next decade. IETF 93’s technical plenary session discussed the underlying networking technologies and protocols required by vehicular communications, as well as related privacy and security challenges.

Cristoph Sommer, assistant professor at the University of Paderborn, opened the discussion with an overview of the status of vehicular communication systems deployment, including the standards that have been developed to support these systems and field trials conducted to date.

Vehicular communications refer to networked vehicles talking to each other and to roadside nodes for safety warnings and traffic information. For example, when a vehicle brakes suddenly, it would automatically warn the cars behind it to stop as a way of preventing rear-end collisions.

Sommer said the idea for vehicular communication systems date back to the 1970s, but it wasn’t until mobile networking became ubiquitous in the 1990s that systems such as General Motors’ OnStar and BMW Assist became viable.

“After 2000, the sharp increase in computing power made it possible to deploy fully distributed and highly reactive ad hoc systems that allow cars to directly communicate to other cars on the road,” Sommer said. “This generated a number of activities, including lots of coordinated research programs... between the biggest manufacturers in the United States, Europe, or Japan. That culminated in numerous large-scale field trials that concluded this technology is hugely beneficial.”

The US National Highway Traffic Safety Association (NHTSA) concluded that two simple applications—intersection movement and left turn assist—could prevent 500,000 crashes and save 1,000 lives annually. In August 2014, NHTSA said it is going to propose rulemaking for all new vehicles to be equipped with vehicular networks by 2020. Indeed, some US car manufacturers say they will deliver this technology as early as 2017.

Meanwhile, innovators like Google are developing autonomous driving systems, which would enable self-driving cars or platooning, where a vehicle driven by a human is followed closely by several autonomously driven vehicles that accelerate or decelerate based on the lead car’s actions.

“Vehicle networking represents the third evolution in networking,” Sommer said. “The first was traditional wired networks with nonmoving, static configurations. The second was mobile ad hoc networking, based on wireless mobile technology and dynamic configuration. The third is vehicular ad hoc networks, which are a completely new field of deployment.”

The lower level network protocol for vehicular communications already has been developed: Dedicated Short Range Communication (DSRC), which is the underlying “wire” for these applications. DSRC comprises extensions to the IEEE 802.11 standards for wireless communication. DSRC uses: 802.11e for quality of service; 802.11j-2004 for half-clocked operations, which are a more robust form of communication; and 802.11p for operation in the 5.9 GHz band and a new mode called OCB for Outside the Context of a Basic Service Set.

“OCB mode allows devices at all times to transmit frames addressed to a wildcard service and to always receive wildcard service packets,” Sommer explained.

Sommer said the 5.9 GHz band is reserved for vehicular communications, with the United States dedicating seven channels for communication and Europe dedicating five channels. While these channels have no licensing costs, they have strict usage rules to ensure that only vehicular networks operate on these frequencies.

Sommer said IP-based communications only fit into a small space in the vehicular networking paradigm because routing requires too much network overhead for most applications. Only entertainment applications might support data streaming to cars, he said.

“It’s just a necessity to assemble a new stack that needs to meet lots of old challenges, such as multicast, low load, and low delay, and new challenges such as highly dynamic topology, safety, partitioning, and complex mobility,” Sommer said.

So far, three standards have been developed to meet the challenge of vehicular networks:

•IEEE 1609 WAVE, for Wireless Access in Vehicular Environments, is being adopted in the United States. The WAVE stack features: a physical layer; a MAC (Media Access Control) layer with channel coordination; an LLC (Logical Link Control) layer; and finally the Wave Short Message Protocol or WSMP. Sommer said it is possible that IPv6 and TCP/UDP could ride upon the LLC layer, but more development is needed to make that happen. WAVE supports single or multiple radio devices, with single radio devices periodically tuning to the Control Channel (CCH) to ensure receipt of important messages.

•ETSI ITS G5, or Intelligent Transportation Systems, is being adopted in Europe. This standard focuses more on multiradio scenarios, with one radio always being tuned to the CCH. This stack features Cooperative Awareness Messages, which are periodic messages about speed and location of surrounding vehicles. ITS G5 stack consists of physical and MAC layers based on IEEE 802.11p, with Decentralized Congestion Control (DCC) that handles traffic management tasks for the access layer, the networking and transport layer, and the facilities layer. This standard also features Geonetworking, which enables disseminating information to an area determined by a particular latitude and longitude.

•ARIB T109, or 700 MHz Band Intelligent Transpot Systems, which was designed in Japan. Sommer didn’t describe this standard in detail.

“The outlook for vehicular networking leaves us with a lot of applications, but each is tailor made to a specific use case with each also using a very different part of the network,” Sommer said.

Among the applications for vehicular networking that Sommer cited along with the corresponding standards were: electronic payment through IEEE 1609.11; traffic signal timing through SAE SPAT; periodic broadcast safety messages through ETSI CAM and IEEE/SAE BSM; and geo-based broadcasting of warnings using ETSI DENM.

“Aside from all of these apps, vehicle networking opens up a whole lot of opportunities with one of the biggest being the merging of in-vehicle and vehicle-to-vehicle communication,” Sommer said. “This will be the first time we can do sensor data fusion of local vehicle sensors and sensors in other vehicles. So if another car tells me there is an obstacle in the road, I might try to double-check using my computer vision system.”

After Sommer concluded his talk, the security and privacy aspects of vehicular networking were discussed by William Whyte, chief scientist of Security Innovation.

Whyte said vehicular networking has all the security challenges typical of networks, such as confidentiality, integrity, authenticity, authorization, and nonrepudiation, as well as cryptography requirements. However, vehicular networking adds privacy concerns such as not wanting to enable tracking or traffic analysis.

“If you have this radio in your car—and the plan in the United States is that cars will be mandated to be equipped with these radios in 2020 or 2022—you don’t want that radio to give you automatic speeding tickets. You don’t want wide-scale tracking to be possible,” Whyte explained.

In addition, vehicular networking involves constrained devices in terms of size, power, storage, and connectivity, which puts limits on the hardware-based security capabilities. The communications are constrained because there are a limited number of 10 MHz channels.

“If you have 200 or 300 vehicles in an area, and they all have you communicate at the same time, you need to make sure the communications overhead is not too much,” Whyte said.

Whyte identified several security-related efforts within the IETF that may overlap with vehicular networking, due to similar certificates, automated certificate issuance, and certificate management.

“One thing I hope we will do in the next few years is work more closely with existing technologies and existing technology groups to make sure that we don’t reinvent the wheel,” Whyte said.

In terms of the vehicular networking trust model, the plan is to use IEEE 1609.2 and ETSI TS 103 097 certificates. The signed PDUs (Protocol Data Units) are authorized by certificates, with Service Specific Permissions within applications. The Certificate Authority ensures that the sender is entitled to those permissions. The receiver checks that the PDU is consistent with permissions.

For example, emergency vehicles would have special permissions to allow them to send messages to other vehicles saying essentially “get out of my way,” Whyte explained.

In terms of security performance, vehicular network standards use Elliptical Curve Digital Signature Algorithm (ECDSA) with 256-bit curves for cryptography. Due to the significant security overhead of the digital signatures, IEEE permits implicit certificates with no explicit signatures to improve performance, while ETSI uses only explicit certificates.

Another performance concern is that the system can handle 600 incoming messages per second. While the EU is using hardware acceleration to improve performance, the United States is filtering messages and using butterfly keys, which are a one-time request to the certificate authority to generate a certain number of distinct certificates.

Whyte said new legislation will be needed to prevent vehicles from being tracked. One technical way to minimize tracking is that the vehicle will receive multiple certificates for an application so that it can be tracked here and there but not on all points in between. Another privacy threat is that an insider at the Certificate Authority could track a vehicle, or the Certificate Authority could be hacked.

One precaution is that vehicular networks won’t reveal information about the previous movement of a vehicle. “If a car is stolen in June, it can be tracked going forward, but not the movements before,” Whyte said.

The ETSI model requires that all packets sent over geonetworking are signed at the geonetworking layer; this indicates that the sender has permissions to ask that a packet is forwarded. In addition, packets are verified before forwarding. By preventing unauthorized requests for forwarding, congestion is reduced.

“This is a further optimization because if you’re signing at the network layer anyways, you don’t need to sign at the application layer,” Whyte said.

Vehicular networks may carry advertisements for services, such as high-speed towing or electric vehicle charging, but the network protocols assume a buyer beware strategy. Another risk would be if hardly anyone uses that service, the buyer’s privacy might be at risk.

“One outstanding research area in privacy is… if you have multiple apps such that the combination of them is a fingerprint for your device,” Whyte said. “The device should support some kind of separation such as a separate virtual device for each of the apps. It has yet to be seen if that works.”

Whyte said that the key security system challenges in preparing vehicular networks for deployment in the next decade are working within channel capacity and processing constraints, while supporting different trust levels and protecting privacy against likely attacks. The future, however, involves integrating vehicular networks into the general Internet of Things security framework.

“Vehicular networks will be a subset of machine-to-machine systems; in general, we will be moving into their frameworks over the next few years to make sure we can scale,” Whyte said. “We need to manage congestion in adversarial settings as DoS attacks might have real impact in the future. And we need to harmonize policy about which applications can use which channels.”

At the end of the formal presentations, IAB member Russ Housley moderated a question-and-answer session.

Allistair Woodman asked whether the information collected when a vehicle crosses a bridge or tunnel or pays a toll can be subpoenaed and used against the driver.

“The governments are aware that they are mandating this and looking on very suspiciously at the privacy concerns,” Whyte said. “The whole purpose is to save lives. If 1 percent of people turn it off to avoid being tracked, there is a 2 percent drop in effectiveness. Everyone takes seriously the idea that information won’t be used by law enforcement and won’t be subpoenable.”

Christian Huitema asked if there are any plans to bring the technology developed for vehicular networks into other domains such as the IETF.

“The technology is all public, and none of it is subject to patent,” Whyte said. “We’re building PKI to the capacity of issuing 1,000 certs a year to every vehicle on the road. That massive scale should be possible to support other uses. I’d be very interested in exploring other uses.”

Finally, Charlie Perkins asked if there is a difference in the networking protocols for car with drivers and self-driving cars.

“On the application layer, there will be huge differences depending on who the information is for, whether a human or an autonomous vehicle,” Sommer said. “But at the physical layer and the MAC layer, they don’t care.”

ITU Secretary-General Shares His Vision

At the conclusion of the IAB plenary session, ITU Secretary-General Houlin Zhao addressed the audience emphasizing the importance of a strong relationship between the ITU and the IETF.

“I would like to strengthen cooperation between the ITU and the Internet Society, the IETF, the IAB, and ICANN for the benefit of our global families,” Zhao said, adding that he is focused on helping the many people around the world who are not yet Internet users. “I encourage you not only to talk about new technologies for those who are already connected, but also encourage you to find innovations for those not connected with technologies that are physical and sustainable.”

]]> 295 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/cryptech-at-ietf-93/ Sun, 01 Nov 2015 15:43:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=298 Most people think of the IETF as software and protocols, but at IETF 93, a CrypTech workshop gave participants the opportunity to work together on open source hardware: cryptographic engines developed by a multinational team designed to restore the public's trust in cryptography.

What Is the CrypTech Project?

The CrypTech project was motivated by the loss of trust in cryptographic algorithms and products resulting from revelations of pervasive monitoring and potentially compromised algorithms and products. It evolved out of discussions within the IETF and Internet Architecture Board (IAB) community.

CrypTech was founded as an independent international development effort to create trusted, open source designs and prototypes of an inexpensive hardware cryptographic engine. The first output from CrypTech will be a trusted reference design for a Hardware Security Module (HSM, a specialized device used to securely store the public/private key pairs used with digital certificates, most commonly used in Secure Sockets Layer/ Transport Layer Security (SSL/TLS). CrypTech’s open source HSM can be used as the basis for commercial products; CrypTech supports the Internet community by providing an open and auditable alternative to existing crypto devices. CrypTech’s first use case is for HSMs. However, there are other applications for this type of technology. The CrypTech development model is based on a composable system that lets the designer select the bare minimum of components needed, thereby further reducing the risk and attack surface of a CrypTech-based device.

CrypTech is starting from the bottom up by implementing a wide variety of cryptographic algorithms to be loaded into a specialized Field Programmable Gate Array (FPGA), designing the hardware required for a true random number generator (TRNG), building high-assurance auditing and management tools for key and cryptographic operations, and writing the necessary support software to link the CrypTech HSM to existing public key infrastructure (PKI) applications such as DNSSEC and RPKI.

By moving the research and development (R&D) associated with hardware PKI to the Internet community, CrypTech can dramatically reduce costs. This gives enterprises the opportunity to make much greater use of cryptographic hardware, thus increasing overall security compared to software-based key management.

Why Hardware?

CrypTech’s goal of designing a hardware cryptographic device is significantly more complicated than writing open source software. Because the project must integrate both hardware and software components, there are also real materials costs that most open source projects don’t incur. For example, CrypTech has to build a tamper-proof system, so that if the hardware falls into the wrong hands or under physical attack, the device won’t release the keying material.

CrypTech is also building a true random number generator that requires some specialized hardware components to be a source of “randomness.” Cryptographers have always been critical of algorithmic methods of generating random numbers; poorly written random number algorithms have been critical factors in security failures. A true random number generator is an important building block in a secure cryptography infrastructure. CrypTech’s initial TRNG has been tested by a number of reputable sources and the reports are amazingly positive.

The most significant hardware component in the CrypTech project is the use of an FPGA for crucial cryptographic functions. When an encryption or hash algorithm is written in software and built into a general-purpose central processing unit (CPU), or loaded into a general-purpose computer, such as a Windows or Linux system, it remains very vulnerable to attack. Software can be changed, often very subtly. Memory contents can be read during operations. Even the length of time to perform operations can be measured and reveal information. However, when the cryptography is performed in a dedicated hardware device, completely inaccessible to the normal operating system, these weaknesses are reduced significantly.

The CrypTech Workshop at IETF 93

From its very beginnings, the motto of the IETF has been “rough consensus and running code.” The weekend preceding IETF 93 was filled with activities that highlight the development of open source running code including the Code Sprint, the Hackathon (page 14), and finally the CrypTech (www.cryptech.is) workshop. All of these activities involved open source software, but CrypTech also included open-source security hardware.

During this workshop, participants were able to configure their own prototype hardware based on CrypTech designs and software. Participants were able to bootstrap the cryptographic services on the prototype hardware, configure it to use PKCS11 for communications to a server, configure OpenDNSSEC to get its keys from the CrypTech prototype, and finally use the system to perform DNSSEC zone signing.

An overview of CrypTech, including results from the workshop, was discussed in the IETF Security Area Advisory Group (SAAG) and IRTF Crypto Forum Research Group (CFRG) sessions. Detailed questions about the status of implementation, including specific algorithm support, illustrated the interest in and relevance of the effort.

In addition, George Michaelson summarized his workshop experience and posted photos in a detailed blog post at https://blog.apnic.net/2015/07/21/its-alive-blinkenlights-in-cryptech-ietf93/.

Community Support for CrypTech

Open source has been one of the major success stories of the Internet, and open source software is part of every piece of hardware and software produced today. The CrypTech project is no different: by bringing an open source philosophy to cryptographic software and hardware, the plan is to increase trust and transparency, offer alternatives to commercial products, and reduce costs. To learn more about CrypTech, including how you can help support this important effort, visit https://cryptech.is.

What Is a Hardware Security Module?

A hardware security module (HSM) is a specialized device designed to securely store the public/private key pairs used with digital certificates. An HSM provides significant additional security for enterprise PKI and CAs because it removes the need—and the risk—of storing keys on disks or in memory.

When an HSM safeguards a private key, it must also be able to perform cryptographic operations with those keys. For example, when a CA needs to sign a digital certificate, it sends the information to the HSM and requests that the HSM create the digital signature. The HSM signs the certificate, and sends back the result.

Storing keys out of reach of any application ensures that they are never exposed outside of the HSM and cannot be stolen, as they cannot be retrieved from the HSM.

HSMs implement a combination of storage, cryptographic, and auditing functions, including:

• •Key storage, backup, and management, including hardware tamper resistance.
• •Accelerated cryptographic processing, including common hash and encryption algorithms.
• •A true random number generator.
• •System management and integrity, including logging, authentication, and auditing.

]]> 298 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/snowden-meets-the-internet-engineering-task-force/ Sun, 01 Nov 2015 15:45:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=304 https://gist.github.com/mnot/382aca0b23b6bf082116a transcript]

During IETF 93, approximately 170 participants attended a screening of Citizenfour, the movie about Edward Snowden’s revelations and the information that led the IETF to declare such pervasive monitoring as an attack on the Internet itself. The audience, the very people who design and maintain the Internet, watched the movie intently, their eyes glued to the screen; not a laptop was open.

There was also a surprise guest: Edward Snowden via video chat. After a standing ovation, Snowden shared his perspective on the very technology we’re defining—from DNSSEC and DANE to WiFi privacy. Audience questions were answered, and we got a rare insight into both his motivations and the technical capabilities and mindsets of those performing the pervasive monitoring attack.

Audience members say that they were impressed by the depth of his thinking. Several times he cautioned against making the Internet “anti-NSA” (National Security Administration); instead, he says our focus should be on making the user our primary stakeholder. His statement especially resonated for me because last week when we were discussing the Unsanctioned Web Tracking finding in the TAG (W3C Technical Architecture Group), Tim Berners-Lee exhorted us to design for the Web we want, not just the Web we have today.

A Word about How It Happened

This was not an official IETF event; rather, it was entirely an effort of individuals working within the rules for requesting a room at IETF meetings. When we floated the idea originally, some folks were uninterested; they thought that everyone who wanted to see the movie already had. In fact, we received enough donations to cover the screening and to make a 670 Euro donation to the Courage Foundation(https://couragefound.org/)—a fantastic result.

Thank you to Daniel Kahn Gillmor for arranging the Q&A and to Jake Applebaum and Laura Poitras for facilitating the screening.

]]> 304 0 0 0 ]]> https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/yang-and-netconfrestconf-gain-traction-in-the-industry/ Sun, 01 Nov 2015 15:47:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=308 In 2003, Request for Comment (RFC) 3535, “Overview of the 2002 IAB Network Management Workshop”¹ documented the outcomes of a dialog between network operators and protocol developers about focusing the IETF on future network management work. The workshop identified 14 operator requirements and identified ‘ease of use’ as a key requirement for any new network management system. This ease of use includes an ability to manage a network, not just a device in the network, and asserts that there should be a clear distinction between the configuration, operational, and statistical information of the device. The requirements also include the ability to stage a configuration, validate it before committing, and roll back to the previous configuration in case of failure.

These 14 operator requirements led to the creation of the NETCONF Working Group (WG) that same year, the NETMOD Working Group in 2008, and the development of core data models for network management. The work resulted in XML-based Network Configuration Protocol (NETCONF) RFCs 6241, 6242, 6243, and 6244 in 2011 (respectively revised from 4741, 4742, 4743, and 4744), and the associated data modeling language YANG RFCs 6020 and 6021 in 2010.

Over the last couple of years, NETCONF and YANG have gained traction in the networking industry. They’ve moved from the definition phase into the implementation phase. At the IETF, the number of YANG models under development has seen incredible growth. New YANG models are being developed in the Operations and Management (OPS) area, as well as in the Routing (RTG), Internet (INT), Transport (TSV), and Security (SEC) areas. But the most impressive YANG model adoption comes from the open source OpenDaylight project, where the Lithium release has seen the publication of more than 480 YANG models².

Other Standards Development Organizations (SDOs) have also initiated YANG model development projects. For example, Metro Ethernet Forum was an early pioneer in developing Service OAM (SOAM) Fault Management (FM) and Performance Management (PM) YANG models; it is currently working onservice-level YANG models³ (Figure 1). In addition, the Institute of Electrical and Electronics Engineers (IEEE), has approved a project for 802.1x and 802.1q models, with interest in developing an 802.3 model. Similarly, the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) is seeing interest in the development of a G.8032 model. Models from all the SDOs can be found inGitHub (https://github.com/YangModels/yang).

The rapid growth in the number of YANG models is not without its challenges, primary among them is the coordination of models. While all models do a great job of defining how particular features can be configured or monitored, they also must interact with models being developed in both the IETF and other SDOs. The first practical coordination is happening in the routing area undertaken by the Routing Area YANG Coordination Forum⁴. Coordination of the YANG development work in the IETF and other SDOs falls under the umbrella of the Operations and Management Area (OPS) area director, Benoît Claise, with the help of the YANG Model Coordination Team⁵.

IETF Working Groups that cover aspects of YANG model development include:

LIME (OAM YANG models)

L3SM (L3VPN service YANG model)

SUPA (consistent policy YANG models)

I2NSF (security-related YANG models)

To help with the development of YANG models, the YANG doctors⁶ are available both via email and during the week of IETF meetings in YANG advice/editing sessions. In addition, there are several tools available for the development and compilation of YANG models (seehttp://trac.tools.ietf.org/area/ops/trac/wiki/YangModelCoordGroupfor a complete list).

Probably the most important tool is pyang, a python-based YANG compilation tool that does syntactic checking and enables generation of output formats, such as UML, a tree based model, YIN, and so forth. These tools must be run with an IETF option set in order to check for YANG guidelines in RFC 6087. Many YANG models still don’t compile correctly (seehttp://www.claise.be/IETFYANGPageCompilation.html). An online, graphical equivalent of the pyang tool is found at http://yangvalidator.com; it takes a YANG file or an IETF draft/RFC, extracts the model, and then validates the model.

Thanks to the extent of the development and implementation experience of some YANG models, the NETMOD WG has been getting feedback on YANG 1.0. Based on the feedback, a YANG version 1.1 is currently being finalized. This new version is a maintenance release of the YANG language; it addresses ambiguities and defects in the original specification.

With NETCONF and YANG specified, operators can start using them for configuration and monitoring. Some operators, however, have already started to use the proprietary REST APIs provided by different vendors to manage their networks. RESTCONF is a REST-like protocol running over HTTP for accessing the data defined in YANG. The REST-like API is not intended to replace NETCONF, but rather provide a simplified interface, thereby meeting a need of application developers. For that reason, the NETCONF WG decided to add support for the RESTCONF protocol in its charter. RESTCONF supports two encoding formats: XML and JSON.

Although often overlooked as a capability, devices can also send notifications defined in the YANG model. The newly adopted NETCONF charter includes an update to the NETCONF Event Notifications⁷ and the development of a subscription-and-push mechanism that allows client applications to request notifications about changes in the data store. These capabilities will open NETCONF to the world of telemetry: pushing data towards the network management system (NMS) applications.

One result of the popularity of YANG is that now operators wanting to develop their own protocol for management use YANG as the data modeling language. This includes CoMI, which defines a management interface for constrained devices. Even among existing protocols NETCONF and RESTCONF, there are different encodings (e.g., XML and JSON) for YANG models.

Ultimately, what counts is the data models. There is a clear need across the industry for standard data models in order to ease the management and, more precisely, the programmability of multivendor networks. YANG has clearly positioned itself as the data model language for these standard models. It is up to us at IETF to coordinate all the YANG models if we want them to work seamlessly together.

References

¹ http://tools.ietf.org/html/rfc3535.

² http://www.claise.be/YANGPageMain.html.

³ https://wiki.mef.net/ (requires login).

⁴ http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgYangCoord.

⁵ http://www.ietf.org/iesg/directorate/yang-model-coordination-group.html.

⁶ http://www.ietf.org/iesg/directorate/yang-doctors.html.

⁷ http://datatracker.ietf.org/doc/rfc5277/.

]]> 308 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/going-mainstream-a-recap-of-the-ietf-93-hackathon/ Sun, 01 Nov 2015 15:49:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=313 IETF 93 in Prague kicked off with a Hackathon the weekend of 18-19 July. Following the success of thefirst IETF Hackathon at IETF 92, Cisco DevNet and the IETF teamed up again to host it.

More than 135 participants formed into 18 teams and worked across 15 different technologies. Among the participants were many first time IETFers from various open source communities and universities. This was great to see, given the stated goals of the Hackathon to bring running code back into the IETF, bridge the gap between open source and open standards, and introduce more developers and young people to the IETF. It was a huge success by these and other measures, and established the Hackathon as a valuable and vibrant addition to the IETF community going forward.

The Hackathon featured technology relevant to many IETF working groups (e.g., 6tisch, ace, bier, dane, homenet, httpbis, mptcp, netvc, netconf, sfc, and sidr) and corresponding open source projects (e.g., Dalla, Kea, OpenDaylight, OpenDNSSEC, OPNFV, Quagga, RIOT, and SPUDlib).

How Does It Work?

The event began at 09:00 with technology champions introducing each technology and proposing sample projects. Next, champions and participants self-organized into teams, including some with participants from multiple IETF Working Groups and open source communities. This mix of people, ideas, and cultures gave rise to some of the most interesting projects and highlights the opportunity for long-term benefits that extend well beyond those achieved over the weekend.

The energy in the room was contagious. Motivated by altruistic aspirations, participants worked cooperatively and diligently to develop the standards that provide the Internet’s foundation, as well as the open source implementations that validate these standards and make them easier for others to use.

Those who didn’t have other IETF activities stayed for dinner, and many worked late into the night—well beyond the advertised closing time of 21:00. But this is not to say that the day was void of fun. There was, of course, plenty of that.

There was no loss of enthusiasm the next morning; many people arrived before the advertised start time of 09:00. A few new faces arrived; they were welcomed and either plugged into existing teams or formed new teams.

The Presentations

By midafternoon Sunday, the teams presented their accomplishments to the judges: Jari Arkko, IETF chair; Ray Pelletier, IETF administrative director; Rick Tywoniak, director of Cisco DevNet; and Martin Thomson, IETF draft author and tireless contributor. The judges were left with an unenviable task given the vast array of projects, including tests, experiments, implementations of protocols, and new services. At stake were bragging rights and first dibs on tech goodies, such as Raspberry Pis, Arduinos, and IoT accessories, and tickets donated by Brocade to the IETF’s social event.

Among the winners were three projects that the judges awarded “Best of Show”:

ACE – Key Technology Award

DNSSEC – Broadest Coverage Award

HOMENET – Best WiFi Router Feature Award and the Cool Kids Award

Bits-N-Bites

The awards ceremony concluded the Hackathon, but the payoff for all the great work was yet to come. Hackathon projects were shared more broadly with the IETF community at an extremely well-attendedBits-N-Bites session.

Results and insights from the projects were fed into Working Group sessions held throughout the week. One of the best examples was from the NETVC Working Group meeting. According to Nathan Egge of Mozilla, “Over the course of two days a team of 11 participants (both local and remote) hacked on theThor and Daala codebases, open source video codecs that have been contributed by Cisco and Mozilla respectively to the NETVC Working Group. The results of the Hackathon included adding support for Thor to the AreWeCompressedYet.com testing framework, running four experiments using Thor’s motion compensation within Daala, and fixing a long-standing issue in Daala by adding the CLP post-processing filter from Thor. Cisco committed changes to Daala and Mozilla committed changes to Thor, which shows the collaborative spirit of the IETF. Having a Hackathon is an excellent way for new ideas to be tested out in running code, and NETVC will be back for the IETF 94 Hackathon in Yokohama.”

The complete set of technologies and projects, as well as photos and a video summary are available via the event Wiki at https://www.ietf.org/registration/MeetingWiki/wiki/93hackathon.

From the main Hackathon page (https://www.ietf.org/hackathon/) it is easy to navigate to information about all of the IETF Hackathons. The IETF and open source communities are encouraged to reference these sites to help with their ongoing work.

What’s Next?

The IETF has already announced a Hackathon at IETF 94 in Yokohama, and Cisco DevNet is on board to sponsor it again. In addition, the Hackathon is now a regular part of IETF meetings. Sponsorship opportunities exist for anyone wanting to show their support for this important effort. Contact Ray Pelletierfor details.

Stay Informed

To stay informed about past and future IETF Hackathons, subscribe to hackathon@ietf.org.

]]> 313 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-93-bof-edunext/ Fri, 06 Nov 2015 15:50:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=316 In IETF Journal, Vol. 10, Issue 1, I wrote about the activities of the IETF Education Team (http://ietf.org/edu/). Since then, in addition to organizing the Sunday tutorials and Working Group (WG) chair sessions, we’ve reviewed our portfolio, our training methods, the audiences we’ve reached, and the topics we’ve covered. It brought up a number of questions: Should we keep the Sunday tutorials? Should we provide more online training in the form of short, topical videos? Are webinars the way to go? How do we reach other audiences, such as the open source community? Should we review our charter or does it already cover both current activities and possible changes and adjustments in the future? Finally, and most important, some Edu Team members will retire soon—how will we find new members?

In addition, we began collaborating more with the IETF mentoring program and looking at ways to more effectively collaborate and share resources. Would it make sense to merge the Edu Team and the mentoring program?

Our discussions culminated in both the organization of the EDUNEXT Birds-of-a-Feather (BoF) session at IETF 93 chaired by Dan Romascanu and myself, and an Internet Draft written by Nalini Elkins and myself in preparation for the BoF.

The main goal of the EDUNEXT BoF was to obtain input from the community on the aforementioned questions—for both the Edu Team and the mentoring program. The BoF was very well attended; it started with a description of the activities of the Edu Team and the (much younger) mentoring program. The remaining time was spent in active, sometimes heated, and chaotic discussion. It was great to see how passionate people are about the IETF, sharing knowledge, and integrating newcomers into the process. We also had a number of newcomers share their experiences; everyone was a newcomer once and can remember how it felt to attend their first IETF meeting—I certainly do!

Most of the session was dedicated to the mentoring program; it only recently started and is still defining its mission and goals. But, the Edu Team also got a lot of attention. For example, interesting ideas were raised about regional mentorships and remote training hubs. By the end of the session, we had answers to most of the questions we’d posted at the beginning of the BoF.

• Keep the Sunday tutorials, but consider providing shorter training sessions (shorter than two-hour slots).
• The Edu Team charter is good. It enables both process oriented and technical tutorials, and therefore needn’t be adjusted.
• Continue to provide technical tutorials (not only process-oriented).
• Don’t only target newcomers; also target existing participants, WG chairs, and area directors.
• Consider providing content that is more digestible over the Internet, such as videos and webinars.
• Gather more feedback after each tutorial.
• Follow up with newcomers after their first IETF meetings to find out what worked for them and what didn’t.

There was strong sentiment that the Edu Team should not merge with the mentoring program at this stage. First, the mentoring program needs to better define its goals, plus it needs both a charter and a mailing list. Also, participants felt that it is not clear what newcomers need. There is more than one type of newcomer—each individual comes to the IETF with a different background and different goals. Jari Arkko, IETF chair and the area director who oversees the activities of the Edu Team and the mentoring program, will work with the mentoring team to further define their activities.

Throughout the process, Arkko was extremely supportive and helpful. It is good to see that our activities are deemed valuable and useful, and that they are becoming more visible in the overall IETF structure.

I’m very happy that we found two new members: Karen O’Donoghue and Dan Romascanu. Nalini Elkins will stay on the Edu Team to ensure continued positive collaboration between the mentoring program and the Edu Team. And Greg Wood agreed to be on the Edu Team during the IETF website restructuring process (and hopefully longer). A list of Edu Team members can be found at http://ietf.org/edu/team-members.html.

Thanks to all who participated in the BoF preparations and in the BoF session. And thanks for all the good suggestions. Please don’t hesitate to contact us at edu-team@ietf.org with your questions, comments, concerns, criticism, or suggestions. There is also a public mailing list at edu-discuss@ietf.org.

]]> 316 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-website-revamp-first-peek-at-ietf-93/ Fri, 06 Nov 2015 15:51:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=320 During the IETF 93 administrative plenary, community members got their first look at updated designs for the new public-facing IETF website (https://www.ietf.org). The design was developed based on usage data of the current IETF website, input from the target audiences, and consultations with the IETF Community Review Committee. The updated design aims to be widely usable, including being accessible on mobile, and working well over low-bandwidth/high-latency network connections. 

Torchbox, the UK-based vendor selected for the project, was on hand at IETF 93 to answer questions from meeting attendees. The project remains on schedule, with plans to roll out the final site after IETF 94. Meanwhile, work is underway to further test the design, including its accessibility, and to smoothly migrate content to the new platform. On the current timeline, the website’s new look will be in place by the beginning of 2016.

]]> 320 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/open-shortest-path-first-the-state-of-the-link-state/ Mon, 06 Jul 2015 16:14:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=395 The Open Shortest Path First (OSPF) protocol is one of two Interior Gateway Protocol (IGP) routing protocols being standardized in the IETF. It is widely deployed in both enterprise and service-provider networks, and is the control plane protocol of choice in optical networks. The OSPF Working Group (WG) is one of the older IETF working groups and, after more than two decades, you’d think that it would be reaching maintenance mode. Yet, in fact, we are at a crossroads as we standardize flexible type-length-value (TLV)-based extension mechanisms.

For OSPFv2, we have chosen to leave the base protocol intact and originate separate link-state advertisements (LSAs) to advertise TLVs for applications such as segment routing and maximally redundant trees. The OSPFv2 Prefix/Link Attributes draft has completed WG last-call and publication has been requested. There are no less than five known implementations. There is, however, one disadvantage to this approach in that the attributes for additional applications are advertised independent of the base OSPF topology and IP reachability. Hence, implementations must correlate the base LSAs with the attribute LSAs.

For OSPFv3, a more ambitious approach is proposed in which even the base LSAs are replaced with completely TLV-based LSAs. With this encoding, all the information for a given prefix or link can be advertised in the same LSA, thereby greatly simplifying implementation and reducing network overhead. These mechanisms will position OSPFv3 as an ideal candidate for the Next Generation Interior Gateway Protocol (IGP) since OSPF has the distinct advantage over other IGPs in that information can be partitioned and advertised in multiple LSAs, as opposed to monolithic protocol data units (PDUs). With OSPFv3, when the topology or reachability changes, only the affected LSAs need to be readvertised. These mechanisms are defined in the OSPFv3 Extended LSAs draft. The discussions, reviews, and editing have gone well, and we are now waiting for implementations. There are basically two barriers to implementation. The first barrier is that OSPFv3 is not nearly as widely deployed as OSPFv2 and, as a result, there is less incentive to extend it. The second barrier is the complexity added by the protocol’s backward-compatibility mechanisms.

With these base LSA extension mechanisms, OSPF is being used to support some exciting new applications. Segment Routing is probably the most important of these as it avails the existing Multi-Protocol Label Switching (MPLS) data plane without any MPLS specific control plane protocols (i.e., no LDP or RSVP). In addition, segment routing simplifies traffic engineering and offers improved IP Fast Reroute (IPFRR) coverage because packets can be steered over any router adjacency.

Other applications using the TLV-based OSPF encodings include an IPFRR algorithm known as Maximally Redundant Trees (MRT), support of the Bit-Indexed Egress Replication (BIER) multicast data plane, and support for additional OSPF metrics in satellite networks.

Model-Driven Programmability (MDP) is a common requirement for many IETF working groups. In the OSPF WG, we formed a multivendor design team that has met weekly for almost a year to define a common OSPF YANG model. We have reached consensus, despite some significant differences in vendor configurations. One key decision was settling on the virtual routing and forwarding (VRF)-centric over the protocol-centric model. In VRF-centric model, protocol configuration for individual VRFs (aka, routing instances) are contained within that VRF rather than the being consolidated within a single routing protocol instance. Another key hierarchal decision that will impact multiple IETF models is whether to adopt a proposal from OpenConfig to group the operational state at the same level as the configuration. In the current version of the OSPF model, there are separate configuration and operational state YANG hierarchies. However, the model will likely be reorganized by the time this article is published. Since this decision impacts many YANG models, the discussion is also taking place in the NETMOD working group.

Finally, the working group is also looking at ways to scale OSPF beyond its practical limits. One such proposal is the Topology Transparent Zone (TTZ) enhancement that abstracts an arbitrary portion of an OSPF network as a full mesh of connections between the routers bordering that abstracted topology. Another is the OSPF stub neighbor proposal that optimizes LSA flooding in hub-and-spoke topologies.

]]> 395 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-hackathon-brings-running-code-back-to-ietf/ Mon, 06 Jul 2015 16:15:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=398 The first-ever IETF Hackathon was held 21–22 March, the weekend before IETF 92 in Dallas, Texas. It was a late addition to the meeting schedule, an answer to the call to action in Dave Ward’s talk at IETF 91, Open Standards, Open Source, Open Loop (see https://www.internetsociety.org/publications/ietf-journal-march-2015/open-standards-open-source-open-loop). Cisco’s DevNet team collaborated with IETF leaders to put the event together in short order. Stated goals included bringing running code back into the IETF, bridging the gap between open source and open standards, and introducing more developers and young people to the IETF. It was a huge success by these and other measures, as evident by the announcement at the plenary session of a second Hackathon at IETF 93 in Prague.

The Hackathon featured six technology areas representing a mix of existing IETF working groups, proposals with Birds of a Feather (BoF) sessions occurring later in the week, and a combination of the following new and established open source projects:

• BIER (Bit Index Explicit Replication)
• NETVC and Daala (Internet Video Code)
• I2RS/OpenDaylight + NETCONF/YANG
• Services Function Chaining (SFC) in OpenDaylight (ODL)
• SPUD (Session Protocol Underneath Datagrams)
• STUN/DISCUSS (Differentiated prIorities and Status Code-points Using Stun Signaling)

We kicked things off with a series of brief presentations to introduce each technology and proposed sample project. Participants self-organized into teams and started hacking. The knowledge transfer and productivity that ensued was astounding. People were so engrossed in their projects that lunch sat untouched for half an hour. Even the fresh cookies provided as an afternoon snack did not distract—a scenario unimaginable to most IETF veterans.

Nearly everyone stayed for dinner and many worked well beyond the advertised closing time of 21:00; the last few groups of dedicated developers were kicked out over an hour later.

There was no loss of enthusiasm the next morning—many people arrived before the advertised start time of 09:00. Even a few new faces arrived, their previously established travel plans or airline strikes not allowing them to participate the previous day. They were welcomed, plugged into existing teams, and started contributing.

By Sunday midafternoon, teams switched gears to prepare and deliver short presentations of their accomplishments to their peers and a set of esteemed judges: Jari Arkko, Richard Barnes, and Mark Nottingham. Following the presentations, the judges conferred to determine the winners. At stake were bragging rights, plus tech goodies that included Raspberry Pis, Infiniter green laser pointers, and Kill-o-Watt power meters.

Projects included the following:

• BIER powered HOMENET multicast routing
• NETVC/Daala, new contributor added, video analyzer created
• OpenDaylight ietf-syslog model used to configure Linux rsyslog daemon
• OpenDaylight developer VM created, used, and refined to provide complete development environment for I2RS, SFC, ietfsyslog project, and others projects involving OpenDaylight
• SFC traceroute draft implemented, revealing error in the specification fixed by a new version of draft
• NETCONF integration for SFC
• YANG model inventory; tool that produces RFC/Internet-Draft template from YANG model
• SPUDlib open source project contributors increased by 200 percent
• SPUD prototype draft implemented, used as input in BoF later in week
• STUN/DISCUSS demo created

We look forward to continuing to shape the future of the IETF—including another Hackathon at IETF 93 in Prague. See the IETF meeting wiki (https://www.ietf.org/registration/MeetingWiki/wiki/ietfhackathon) for more information, links to presentations and projects, and photos. For the latest IETF Hackathon information, including how to join us at IETF 93, see https://www.ietf.org/hackathon/.

]]> 398 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/sdn-nfv-and-all-that/ Mon, 06 Jul 2015 16:16:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=401 Background

There was once a clear-cut dichotomy between communications and computation: telephones were pure communications devices, and mainframes were for number crunching. Today, while few people use their home computers to solve differential equations, many do use them to retrieve content from the Internet, to exchange email, and to video conference with friends. Similarly, our phones have morphed into app-full smartphones that contain stronger central processing units (CPUs) than computers of past times.

Despite this blurred distinction between communications and computation, conventional network elements, such as routers and switches, are still hardware devices and not software packages running on standard servers. NFV’s mission  is to bring about the transformation of network functionalities from proprietary hardware to software that can run on open computational platforms. Moreover, this virtualization of network functionalities facilitates their relocation to where they are least expensive or most effective.

Another notable distinction involves implementation of novel computation and communications systems. Producing a new app (from conception to delivery) can take from hours to days, while implementation of a new protocol (from conception through standardization to deployment) often takes years. This timescale chasm is a result of a fundamental difference between algorithms and protocols.

Both algorithms and protocols are recipes for accomplishing desired tasks. Yet algorithms are logically carried out by a single entity, while protocols are used to communicate between remotely situated entities. So when coding a new algorithm, one needs to consider the input, the environment, and the desired output. When implementing a new protocol, on the other hand, one needs to additionally take into account the behavior of remote entities. The conventional approach to protocol design involves exhaustively standardizing all protocol details and to extensively testing interoperability.

Software-defined networking proposes the alternative approach of eradicating protocols altogether by replacing intelligently conversing network elements with white-box switches that are completely configured by centralized controllers.

SDN

The most popular definition of SDN is that it separates the control plane from the forwarding plane. The logical separation into planes was already well documented by the 1980s, and it is commonly recognized as worthwhile to distinguish three planes: forwarding, control, and management. SDN’s genuine originality is the physical separation of forwarding and control functions. While conventional network elements comprise both forwarding hardware (for handling user packets) and control protocol software (with which they interact with neighboring network elements), white-box switches retain only the forwarding functionality and do not participate in any distributed protocols. All the control functionality is performed by centralized software, and forwarding behavior is remotely configured.

A white-box switch is an abstraction of the forwarding behavior of network elements in packet networks. Today’s packet networks comprise many different network elements, including routers, switches, network address translations, and firewalls. Yet, at a high enough level of abstraction, all of these network elements perform exactly the same operations. They all receive a packet from some input port, observe some fields of the packet, perform some computations (e.g., table look-up or longest prefix match), take some decisions (whether and how to forward the packet), optionally modify the packet, and forward the packet through some output port. The difference between different network elements is in the details: which fields they observe, what decision algorithm they perform, and so forth.

Once we have abstracted away the differences between different network elements, we no longer need to populate our network with them. Instead we universally deploy white-box switches and simply configure them with the desired forwarding behavior. Of course this configuration requires a protocol between the SDN controller and the white-boxes, but this is simple configuration protocol. SDN proponents further hide the fact that they ever use protocols by calling this an application programming interface (API), and more specifically the southbound interface between the SDN controller and the SDN switches.

As previously mentioned, the SDN community acknowledges two planes: forwarding and control, while the networking world recognizes an additional management plane. The distinction between control and management was once based on whether a human was in the loop (management) or not (control). Over time, many sophisticated functions once left to humans are now more ably handled by software, and SDN further bolsters this development. However, a distinction remains between the two: control plane functions are local and fast (e.g., routing or protection switching), while management plane functions are centralized (e.g., in a network operations center or data center) and slow (experiencing at least a round-trip time, and frequently intentional hold-off timers). Thus determining a path through the network at a central site and then configuring network elements to execute this path is, in fact, a management-plane function. In this light, a more appropriate wording of the basic tenet of SDN is that it replaces the distributed control plane with a centralized management plane.

The primary advantage of SDN is that it enables network agility. If the Internet had been based on SDN, transitioning to IPv6 would have taken twenty seconds rather than twenty years (and I may be overly optimistic regarding the twenty years).

Another advantage of the SDN approach relates to the kind of paths that can be found and the optimizations that can be performed. Distributed routing protocols are excellent at discovering basic connectivity and very good at optimizing a single monotonic cost function (such as hop count); but there are many tasks that are beyond their capabilities. SDN assumes an omniscient controller that has access to the entire network topology and state. All of this information may be stored as a graph, and routing is thus reduced to running graph optimization algorithms.

For example, consider the problem of finding two disjoint paths between S and D (e.g., two paths with no links or network elements in common) in order to provide a high-availability service. It is clear that distributed protocols are not suitable for solving this problem, while algorithms such as Suurballe’s are available to solve it on a stored graph.

Similarly, distributed routing is not very good at finding paths obeying arbitrary constraints or minimizing nonmonotonic cost functions (dynamic programming algorithms, such as Dijkstra’s, only work when local decisions lead to global minima). Another problematic case is that of a network that needs to support strong isolation, i.e., to prevent the existence of a node from being discoverable by certain other nodes.

On the other hand, SDN networks suffer from a significant disadvantage—the whole idea of centralized management might seem to be a giant step backwards, from the robust Internet based on distributed routing protocols, to the public switched telephone network. Obviously, the centralized controller is a single point of failure, and even if the controller is made fail-proof, connectivity must be continuously maintained between the controller and every SDN switch.

NFV

The NFV movement was initiated by service providers in order to address their existential problem: over time the aggregate data rates they need to process increase exponentially, and their expenses tend to scale with data rate. On the other hand, competition has compelled their revenues to remain constant or even to decrease. It is clear that constant income can’t indefinitely sustain exponentially increasing expenses.

Further aggravating this problem is that the number of new service types has been accelerating even as their lifecycles have been diminishing. New services engender not only the capital expense of acquiring new devices, but the allocation of shelf space, the power to accommodate them, and the training of staff to configure and maintain them.

How can expenses be forced to track revenue at a safe operating margin? The argument proffered is that users can afford to increase their data rates because commercially available platforms are growing exponentially more powerful due to Moore’s law. If service providers adopt the same commercial platforms, then margins will remain unchanged. Furthermore, since software can be written and upgraded quickly and at low cost, new service types could be rapidly developed and deployed.

To understand the mechanism that enables utilization of commercial computational platforms as network devices, one needs to understand the concept of virtualization that has become immensely popular in data centers.

Every time we plan the implementation of a computational task, we need to consider where to instantiate it on the hardware-software spectrum. Usually it is optimal to situate simple logic that needs to run at high speeds as close to the hardware as possible; while complex functions with low computation needs are best located close to the software end of the spectrum. Concretization is the act of moving a task usually implemented closer to the software end of the spectrum towards the hardware end.Virtualization is the opposite procedure, i.e., moving a task usually implemented closer to the hardware end of the spectrum towards the software end (from left to right in the aforementioned figure), although the term is frequently reserved for the extreme leap of taking hardware functionality directly to software.

The reasons for performing concretization are fairly obvious: reduced cost, miniaturization, better performance, higher energy efficiency, and so forth. The reasoning behind virtualization is initially harder to grasp. One desirable attribute gained by software implementation is flexibility; virtualization also facilitates upgrading of functionality or even adding totally new functionality.

Even more initially bewildering is the concept of a virtual machine (VM). A VM is software that emulates hardware (e.g., an x86 CPU) over which one can run software as if it is running on a physical computer. One reason for using VMs is that a single host CPU can run multiple fully independent guest VMs, each with its own operating system and/or applications. This enables a datacenter to economically rent out tremendous numbers of virtual CPUs.

Software-defined radio (SDR) is an example of virtualization of physical layer communications processing. Transmitters and receivers were once exclusively implemented by analog circuitry, which was subsequently replaced by digital signal processor (DSP) code both for higher accuracy and to enable more-sophisticated processing. The SDR approach leveraged this development and further allowed downloading of DSP code for the transmitter and/or receiver of interest. The term SDN was coined to mimic SDR, although the analogy is actually to NFV.

NFV is virtualization of layers higher than the physical one. The specific pain being addressed is that each new service offered requires the deployment of one or more new hardware appliances throughout the service provider's network. NFV proposes the implementation of new virtualized networking functionalities (VNFs) in industry standard servers, thus reducing expenses, consolidating multiple equipment types, reducing time-to-market, and simplifying both initial deployment and maintenance.

NFV is managed by what is called the MANO (management and orchestration) made up of the NFV orchestrator, the VNF Manager (VNFM), and the virtualized infrastructure manager (VIM). The VIM manages the lifecycle of VMs, the VNFM manages the life-cycle of VNFs (e.g., inventory, set-up, maintenance, tear-down of VNF instances), and the orchestrator controls the VIMs and VNFMs.

While NFV was originally proposed to enable relocation of VNFs from the field to data centers where economies of scale may be realized, Distributed NFV now advocates placement of VNFs where the function is most effective or inexpensive—in data centers, at points of presence (PoPs), or even at the network edge.

Epilogue

The above discussion is designed to both help put SDN and NFV into perspective and elucidate their relevance to IETF work. Were NFV to be universally adopted, equipment vendors would disappear or at least need to transform into specialized software development houses. Were SDN to completely replace conventional networking protocols, the last vestiges of differentiation between computation and communication will disappear—and with them the need for the IETF as we know it.

There are strong reasons to doubt such radical predictions will come to pass. There are many networking tasks, especially in the network core, that require processing too intensive to be economically feasible for general purpose processors. Indeed, Moore’s law predicts that CPUs will leap forward by factors of two every two years, but that gap will not be breached since communications rates are increasing by that factor every nine months. Thusly, NFV will remain mostly suitable at the network edge and for control tasks.

SDN has been widely adopted in data-center applications, but seems to be less suitable for some other applications. Its reliance on a centralized management plane not augmented with a local control plane, means that it may be sluggish when reacting to network events and may break down upon network failure when intelligent control is most needed. The paradigm of a single omniscient controller is not in accord with the present Internet, which is a product of multiple autonomous systems. Even staunch SDN advocates don’t expect IP routing to disappear; at the very least they rely on it to help whiteboxes find and communicate with the SDN controller.

While SDN and NFV are being developed elsewhere, the IETF should view these technologies not as threats, but as force multipliers. They can simplify experimentation with new networking ideas, accelerate deployment of new service types, enable new forms of path optimization, and simplify network management. In short, SDN and NFV are rapidly becoming tools we can’t afford to leave outside our toolbox.

]]> 401 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/isoc-fellow-shares-experiences-with-cutting-edge-v6-net/ Mon, 06 Jul 2015 16:17:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=408 The IPv6 Operations (v6ops) working group had an opportunity to learn first-hand about the promises and pitfalls of IPv6 deployment in India, thanks to a presentation from Internet Society Fellow and IETF newcomer, Suprita Lnu.

“I thought she did an excellent job, and I wasn’t the only one,” said Fred Baker, cochair of the v6ops working group. “Comments in the room and on Facebook were very complimentary.”

Lnu is a network engineer with Mumbai-based broadband service provider Reliance JIO Infocomm, which is deploying v6-only 4G services across India. Her role there is the design and implementation of fiber-to-the-home services, and she works closely with vendors on standardization of Internet Protocol/Multiprotocol Label Switching (IP/MPLS) devices and their configurations. She has been following IETF working group activity and Request for Comments (RFCs) for seven years, but until now hadn’t participated in a meeting or contributed a document.

Lnu was sponsored to attend IETF 92 via the Internet Society’s Fellowship to the IETF Programme, which supports technology professionals from developing economies. Programme participants are paired with a mentor and are expected to contribute to the IETF’s work. The goal of the programme is to increase the diversity of IETF participation and to foster global awareness of the Internet’s premier standards body.

Lnu’s mentor at IETF 92 was Baker, a former IETF chair and current Cisco Fellow, who was impressed with her from their first contact.

“I concluded that not only would she benefit from meeting the IETF, but the IETF would benefit from meeting her,” Baker said. “She is on the design team for a network in a developing country that is, from scratch, deploying an IPv6-only network with an IPv4 overlay for legacy systems. While that is the point we will all eventually reach, she and her company are among those blazing the path.”

For Lnu, attending the IETF meeting in Dallas was “a dream come true.”

“I wanted to get more insight into the IETF working process and guidelines of the working groups and RFC development,” she said. “It was great to meet Xing Li from CERNET Center/Tsinghua University, author of the MAP-T Draft, which we have been testing extensively for implementation in our own network, and to discuss some of the challenges we were facing. His experience with his implementation at CERNET is indispensable for our testing and implementations.”

Lnu said she had a wonderful time at IETF 92, especially interacting with other v6ops contributors. She intends to follow up her experience by writing documents about Reliance JIO Infocomm’s v6 deployment experiences and operational challenges.

“The opportunity to attend an IETF meeting in-person for the first time can only be [repaid] by my continuous contribution to the whole community,” she said. “The whole process of RFC creation, from its birth as a draft to being assigned a number with RFC status, is now clear… Authoring an RFC now feels achievable.”

Lnu said she feels more confident about sharing her ideas on the v6ops mailing list, as well as other IETF and Internet Research Task Force (IRTF) working groups whose meetings she attended, including Softwire, IS-IS for IP Internets (isis), Software Defined Networking (sdnrg), Network Function Virtualization (nfvrg), and BGP-Enabled Services (bess).

“I was glad to be able to scribe the meeting minutes for the Radext (RADIUS Extensions) working group,” she said. “It gave me the opportunity to closely understand the workflow and draft process.”

But the highlight of IETF 92 for Lnu was giving a presentation at the v6ops meeting.

“The brilliant opportunity provided by V6OPS chairs Fred Baker and Lee Howard to present [our] IPv6 deployment status, operational challenges, and MAP-T trial experience was one of the most prestigious moments for me,” she said. “Meeting Chris Grundemann, [former] director of the Internet Society Deploy360 Programme, was also great and [having] him appreciate my presentation in the v6ops working group was very encouraging.”

Suprita intends to bring what she learned about the IETF back to her peers at Reliance JIO Infocomm and the South Asian Network Operators Group (SANOG), which meets in August in Mumbai. She also plans to increase her involvement with the V6OPS, SOFTWIRE, and ISIS working groups.

“The Internet Society Fellowship to the IETF Programme is an awesome initiative to involve people from developing and emerging countries into the IETF process,” she said. “This is a win-win situation for both the parties and is highly appreciated.”

Baker said Lnu was an ideal candidate for the Internet Society Fellowship to the IETF Programme.

“I’m looking for not only a contribution to the fellow’s education and career, but a contribution by the fellow to the IETF,” Baker said. “That’s the type of person I would like to invite to the IETF.”

]]> 408 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-newcomers-experience-at-ietf-92/ Mon, 06 Jul 2015 16:18:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=412 IETF 92 was a unique experience for me, particularly compared to the Association for Computing Machinery (ACM) and USENIX conferences I regularly attend. As an organization, the IETF is focused on concrete solutions and detailed specifications for working systems, as opposed to conceptual research. This practical focus appealed to my interest in systems-building research and is one of the reasons I chose to attend IETF 92.

By attending the working and research group sessions that are closely related to my research, including the SFC, NFVRG, and SDNRG groups, I gained a better understanding of what problems are currently in need of solutions, what problems will need to be solved in the near future, and what constraints shape the space of possible solutions. For example, the SFC session had a presentation on dealing with legacy network functions, a problem I have attempted to address in some of my own research. The presentation itself affirmed for me the relevancy of this problem and discussions during the session helped me realize that the solution I’d originally proposed—repurposing a field in the Ethernet or IP header to serve as a tag—is not well suited for an actual deployment. I now think it’s worth exploring how program analysis techniques can help organizations easily retrofit legacy functions with support for new SFC standards.

The NFVRG session included several presentations on open-source virtual network function management and orchestration (MANO) frameworks. These specific MANO frameworks address some of the practical issues I have encountered in my research, including the high-speed forwarding of packets to network-function virtual machines. As a result, I look forward to using them to conduct more-realistic evaluations of some of my solutions and systems.

A favorite session was the plenary presentation on security in the Internet-of-Things. This topic has received little attention at the networking conferences I usually attend, so I was especially pleased with the great introduction I gained to this emerging area.

In summary, attending IETF 92 gave me new research problems to think about, and helped me identify better ways to evaluate my research. What’s more, it's improved my teaching: I am now better equipped to teach students about Internet standards and the Internet-of-Things. I’ll be back.

]]> 412 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners/ Mon, 06 Jul 2015 16:19:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=416 The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The ANRP award presented during IETF 92 went to Aaron Gember Jacobson for designing and evaluating a network functions virtualization (NFV) control plane. See his full paper athttp://agember.com/docs/gember-jacobson2014opennf.pdf.

Jacobson presented his findings to the Internet Research Task Force open meeting during IETF 92. Slides from the presentation are available at https://www.ietf.org/proceedings/92/slides/slides-92-irtfopen-0.pdf and, thanks to Meetecho, audio and video from the presentations are available at http://recordings.conf.meetecho.com/Playout/watch.jsp?recording=IETF92_IRTFOPEN&chapter=chapter_0.

]]> 416 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-4/ Mon, 06 Jul 2015 16:20:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=420 During IETF 92 in Dallas, six out of the nine chartered Internet Research Task Force (IRTF) research groups (RGs) held meetings:

• Crypto Forum (CFRG)
• Internet Congestion Control (ICCRG)
• Information-Centric Networking (ICNRG)
• Network Function Virtualization (NFVRG)
• Network Coding (NWCRG)
• Software-Defined Networking (SDNRG)

In addition to the meetings of those already-chartered research groups, a proposed research group on Human Rights Protocol Considerations Research (HRPC) held its first public meeting. A second proposed Thing-to-Thing research group related to Internet-of-Things networking held a longer kickoff meeting on the weekend before the IETF.

Since IETF 91, one new RFC was published on the IRTF RFC Stream by the Crypto Forum RG: RFC 7539 on ChaCha20 and Poly1305 for IETF Protocols.

At the IRTF Open Meeting at IETF 92, the first winner of the Applied Networking Research Prize (ANRP) of 2015 presented his research. Aaron Gember-Jacobson presented a design for a control plane for network function virtualization (NFV) and showed the results of a performance evaluation.

The nominations period for the 2016 Applied Network Research Prize (ANRP) awards is open now and will close on 31 October 2015. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. Everyone is encouraged to nominate relevant scientific papers that they have recently authored or read for consideration. Please see https://irtf.org/anrp for details.

Stay informed about these and other happenings by joining the IRTF discussion list at https://www.irtf.org/mailman/listinfo/irtf-discuss.

]]> 420 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-5/ Mon, 06 Jul 2015 16:20:48 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=423 Locale-free UniCode Identifiers (lucid)

Description: The Internet Architecture Board (IAB) recently issued a statement about issues found by the use of some characters in identifiers (https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-identifiers-and-unicode-7-0-0/). The IAB expects that the IETF investigate ways to address this problem. Work could be done in existing Working Groups or elsewhere. The purpose of the BoF meeting is to define a plan.

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-lucid

Outcome: This meeting was not intended to form a Working Group. There was vigorous discussion of the problem statement and possible ways forward. Meeting participants agreed that there is potentially a serious problem here and that getting the Unicode Technical Consortium experts engaged and working on the drafts are key next steps.

Managing, Ordering, Distributing, Exposing, and Registering telephone Numbers (modern)

Description: The MODERN working group will define a set of Internet-based mechanisms for the purposes of managing and resolving telephone numbers (TNs) in an Internet Protocol (IP) environment. Existing mechanisms for these purposes face obsolescence as the voice communications infrastructure evolves to IP technology and new applications for TNs become possible. The traditional model of a TN having an association to a single service provider and a single application is breaking down. Although its use as a network locator is going away, its use as an identifier for an individual or an organization will remain for some time. Devices, applications, and network tools increasingly need to manage TNs, including requesting and acquiring TN delegations from authorities.

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-modern

Outcome: There was lively discussion of the problem of adapting telephone-number handling to all-IP networks. The charter discussion was very detailed and indicated that more work on the charter is necessary before a WG can be formed. There was strong support to form a WG to address this problem.

Automated Certificate Management Environment (acme)

Description: This meeting was to discuss ongoing work related to automated public-key certificate management. Let’s Encrypt (https://letsencrypt.org/) was a primary discussion point, but other Certificate Authorities and other stakeholders were also represented.

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-acme

Outcome: There was strong community support for working on this problem and consensus in the room to try to charter a WG as soon as possible via further discussion on the mailing list.

Simplified Use of Policy Abstractions (supa)

Description: The purpose of SUPA is to develop a methodology by which management of network services can be done using standardized policy rules. The working group will focus in the first phase on interdatacenter traffic management in the use case of a distributed data center, including the automated provisioning of site-to-site virtual private networks of various types.

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-supa

Outcome: There was agreement in the meeting that there is a problem to solve here, it is reasonably well understood and that there may be some work relevant to the IETF. Further work is required to more clearly articulate and scope the charter of a proposed WG in this space.

DDoS Open Threat Signaling (dots)

Description: There is a need for a standards-based approach for on-premise distributed denial-of-service (DDoS) mitigation devices to communicate threat and telemetry data to service provider based solutions. On-premise DDoS mitigation devices are sophisticated entities that may already identify, profile, and mitigate a wide range of attacks. Although flow export, syslog, and Simple Network Management Protocol (SNMP) are currently used by service providers to identify anomalies, there is no agreed standard allowing for any device to signal to any other device or service provider what the anomaly is and the subsequent threat telemetry data. 

DDoS open threat signaling (DOTS) would enable any on-premise DDoS mitigation device to effectively communicate the current threat landscape and load and response data to a mitigation service provider. The upstream solution would then have a clear view of the threat should the on-premise solution be required to redirect attack traffic to a more capable handler. A vendor-agnostic approach would allow any combination of vendor, service provider, or community-driven efforts to interoperate. DOTS would be extensible and may, in the future, be expanded as a method of real-time information exchange between other security devices and potentially across organisations.

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-dots

Outcome: This meeting was not intended to form a WG.  Attendees discussed two draft documents and held a panel discussion with people building services and appliances related to DDoS threat signaling. It was agreed that there was work worth standardizing in the IETF here, if appropriately and narrowly scoped. Charter text will be refined on the mailing list.

Session Protocol for User Datagrams (spud)

Description: The deployment of new transport protocols, as well as the extension of existing IETF-defined transport protocols faces the continuing challenge of how to make these protocols robust against packet and flow modification in the Internet at the hands of middleboxes. The increasing deployment of these middleboxes have made expectations about packet handling behaviors implicit. For example, a Transmission Control Protocol (TCP) packet with the SYN and ACK flags set not only synchronizes sequence numbers and sets up state on both endpoints for a TCP connection (its explicit meaning), it also confirms network address translation (NAT) mappings along the path and signifies to any firewalls along the path that the endpoint has accepted the connection (implicit meanings). One strategy to resolve this tussle was identified and discussed during the recent IAB workshop on Stack Evolution in a Middlebox Internet (SEMI): provide a mechanism for applications at the end as well as boxes along the path to explicitly declare their assumptions and intentions.

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-spud

Outcome: This was not a Working Group forming meeting. A good community discussion of the SPUD proposal was had and while it was clear that there is not work ready for standardization here, there is further discussion to be had about where to continue the work (e.g. in the IAB program, or the IRTF).

Internet Video Codec (netvc)

Description: The Internet needs a royalty-free (RF) video codec that can become the backbone for universal deployment of video related technologies. Royalty-bearing codecs put constraints on implementors that are unacceptable, but current RF codecs are not yet competitive with royalty-bearing offerings. This dilemma stalls innovation and means large sets of consumers don't have access to the best video technology.

There are efforts underway by several groups to produce a next-generation RF video codec, including VP10 by Google and Daala by Mozilla/Xiph.Org. While far from complete, these efforts aim to surpass the royalty-bearing competition. Efforts within other standards organizations to create RF video standards have been unsuccessful so far, but have showed that many consumer device manufacturers would support an RF codec.

The success of Opus from the CODEC WG has also shown that collaboration, based on the IETF’s principles of open participation, can produce better results than competition between patented technologies. 

Proceedings: https://www.ietf.org/proceedings/92/minutes/minutes-92-netvc

Outcome: There was unanimous agreement that there was a problem that needed solving and strong support for the idea that the scope of the problem was well-defined and understood. The majority of those present felt that an IETF WG should be formed. [Note: The Internet Video Codec (netvc) WG was formed on 18 May 2015.]

]]> 423 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-92-at-a-glance/ Mon, 06 Jul 2015 16:21:37 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=429

Participants: 1,176

Newcomers: 172

Number of countries: 57

IETF Activity since IETF 91 (9 November 2014–22 March 2015)

New WGs: 4

WGs closed: 8

WG currently chartered: 139

New and revised Internet-Drafts (I-Ds): 1797

RFCs published: 78

35 Standards Track, 4 BCP, 5 Experimental, 33 Informational

IESG Restructuring

Decisions made include:

Flexible assignment of ADs to WGs (tools)

Flexible definition of areas (RFC 7475)

Additional focus on data models work, routing area

Area-reorganisation for APP/RAI

Various WG moves between ADs and areas

IANA Activity since IETF 91 (November 2014–February 2015)

Processed 1345+ IETF-related requests, including:

Reviewed 96 I-Ds in Last Call and 104 I-Ds in Evaluation

Reviewed 108 I-Ds prior to becoming RFCs, 55 of the 108 contained actions for IANA

Document collaboration with the IETF

RFC 5226bis is in IESG evaluation. https://datatracker.ietf.org/doc/draft-leiba-cotton-iana-5226bis/.

SLA Performance (November 2014–February 2015)

Processing goal average for IETF-related requests: 99.25%

IANA and DNSSEC

As of 20 March 2015, 679 TLDs have a full chain of trust from the root. http://stats.research.icann.org/dns/tld_report/.

Stewardship Transition

We look forward to successful execution of the plans, while being mindful of continuing work in the names community, and international attention at all levels.

RFC Editor Activity since IETF 91 (November 2014–16 March 2015)

Published RFCs: 79

65 IETF (7 IETF non-WG), 0 IAB, 2 IRTF, 5 Independent

]]> 429 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/marnew-workshop-explores-the-challenges-of-encryption/ Fri, 06 Nov 2015 15:53:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=325 The IETF and the IAB have long been engaged in activities to rebuild user trust and strengthen the Internet in the face of pervasive monitoring and potential product vulnerabilities. The Managing Radio Networks in an Encrypted World (MaRNEW) workshop (https://www.iab.org/activities/workshops/marnew/) was the latest in a series of collaborative activities. 

In November 2014, the Internet Architecture Board (IAB, www.iab.org) issued a Statement on Internet Confidentiality (https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/). This statement encouraged the widespread use of encryption to provide confidentiality and to improve the overall security of the Internet. One area of concern regarding this statement was the possible difficulty in the deployment of widespread encryption. Most of these concerns appeared to be overstated. The amount of deployed encryption appears to be rising steadily in most deployment scenarios. However, concerns remain in mobile environments. The MaRNEW workshop brought together the IETF and Groupe Speciale Mobile Association (GSMA) communities to discuss these challenges and to explore possible near-term and longer-term solutions. 

Held in Atlanta, Georgia, 24–25 September 2015, the workshop was jointly sponsored by the IAB, the Internet Society (www.internetsociety.org ), AT&T (www.att.com ), and the GSMA (www.gsma.com ). Approximately 50 experts from around the world representing various constituencies, including browser vendors, content providers, content delivery networks, equipment vendors, and mobile operators, gathered to better understand the unique challenges presented by the mobile environment and to explore ways to address these challenges. 

The workshop started with a couple of discussions to set the stage: an overview and process background from both the IETF and GSMA communities, followed by a session devoted to deployment considerations from IETF and GSMA perspectives. Next was a session on trust models and user choice that explored some of the perspectives and tradeoffs. The two sessions that followed explored sending data up and down for network management benefits. That was followed by sessions on application models, transport issues, and policy/regulation. The early sessions were challenging and all paths seemed to lead back to transport issues. However, by the end of the second day, several key themes emerged.

Key Themes

One primary observation was that the problem isn’t encryption itself, but rather current management and optimization techniques that don’t work well (or at all) in the presence of encryption. New or different ways to optimize the customer experience are needed. Topics like cooperative resource management and content delivery network (CDN) improvement were identified as key solutions. A possible new protocol for keyless SSL to make distributed CDN deployments easier was identified as near-term work. 

There was also momentum gathering around the fact that the problem isn’t fully understood, and additional metrics and data that characterize how various optimization approaches work would be helpful. A framework for gathering and sharing operational data was discussed. The baseline against which new solutions would be measured is past resource management algorithms in an unencrypted world. There is a strong need for better testing and analysis tools.

Next Steps

Minutes from the workshop will be available on the MaRNEW workshop website in early November (https://www.iab.org/activities/workshops/marnew/). A draft report is planned by the end of the year; it will also be available on the MaRNEW website. A preliminary report from the workshop will be discussed at the Security Area Advisory Group (SAAG) meeting during the upcoming IETF 94 meeting in Yokohama. 

While waiting for these more comprehensive reports and analyses, a couple of early summaries have been published. Natasha Rooney, a workshop cochair, provided a summary for the IETF chair blog athttp://www.ietf.org/blog/2015/09/impressions-from-the-marnew-workshop/. Also, Dirk Kutscher, one of the energetic participants, has posted his perspective on the workshop at http://dirk-kutscher.info/publications/managing-radio-networks-in-an-encrypted-world-2/.

The following pointers provide perspective from the GSMA and W3C: 

• Network Management of Encrypted Traffic, GSMA, Feb 2015, http://www.gsma.com/newsroom/wp-content/uploads/WWG-04-v1-0.pdf.
• The W3C Tag Finding on “Securing the Web”, January 2015, https://w3ctag.github.io/web-https/.

 

All in all, it was an intense two days of discussion. By the end, there was general consensus on some near-term work items and an agreement that further discussion and analysis is required. 

]]> 325 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update/ Fri, 06 Nov 2015 15:54:49 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=332 During IETF 93 in Prague, eight out of the nine chartered Internet Research Task Force (IRTF) research groups (RGs) held meetings:

• Crypto Forum (CFRG)
• Global Access to the Internet for All (GAIA)
• Internet Congestion Control (ICCRG)
• Information-Centric Networking (ICNRG)
• Network Function Virtualization (NFVRG)
• Network Management (NMRG)
• Network Coding (NWCRG)
• Software-Defined Networking (SDNRG)

In addition to the meetings of those already chartered research groups, three proposed research groups held meetings. A proposed Human Rights Protocol Considerations Research Group (HRPC) held its second public meeting. The proposed “Thing-to-Thing” research group (T2TRG), related to Internet-of-Things networking, held a second, longer meeting the weekend before the IETF, in addition to a shorter session held during the week. And lastly, the third proposed research group, “How Ossified is the Protocol Stack?” (HOPSRG), discussed measurements at its first face-to-face meeting.

At the IRTF Open Meeting, two of the five winners of the 2015 Applied Networking Research Prize (ANRP) presented their research. Haya Shulman analyzed the deficiencies of Domain Name System (DNS) privacy approaches. João Luís Sobrinho designed a route-aggregation technique that allows filtering while respecting routing policies.

The nomination period for the 2016 ANRP awards is now closed. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. You are encouraged to nominate relevant scientific papers that you have recently authored or read for consideration. Please see https://irtf.org/anrp for details.

Stay informed about these and other happenings by joining the IRTF discussion list at www.irtf.org/mailman/listinfo/irtf-discuss.

]]> 332 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ultra-low-delay-for-all/ Fri, 06 Nov 2015 15:56:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=339 At the Bits-N-Bites session at IETF 93 in Prague, something quite remarkable was demonstrated: a streamed football match that you could pan and zoom with finger gestures on a touch screen—and still get (high definition) HD at full zoom. The app in itself was pretty neat, but the responsiveness was the remarkable thing; it seemed to stick to your finger as you panned or pinched. As you’d expect, attendees had some pretty pointed questions for those responsible: Reducing Internet Transport Latency (RITE), a team of European Internet researchers whose goal it is to remove the root causes of unnecessary latency over the Internet. The initiative is funded by the European commission under the fp7-ICT programme.

Was it cached locally?

No. Each client was feeding the finger gestures to a remote proxy, which, which was generating the HD scene on the fly  for that user from a panoramic video of the whole stadium.

Was it just a short cable?

No. Earlier in the week, in the active queue management (AQM) Working Group (WG), the same technology had been demonstrated using remote login on Bell Labs’ broadband testbed. They were streaming from a proxy in a data centre to a home network across real core, backhaul, and digital subscriber line (DSL) access network equipment—overall 7ms base round trip delay—the sort of base delay you should get to your local content delivery network (CDN). For Bits-N-Bites, they were using netem to emulate the same delay.

Was this Diffserv quality of service (QoS)?

No. That was the remarkable thing. Diffserv only gives QoS to some at the expense of others. This was for all traffic, even under high load. Through a dashboard you could click to add up to 100 parallel Web flows per second, and you could start dozens of downloads to pile on even more load. Not only did the pan and zoom responsiveness stay ‘finger-sticking’ good, but a chart on the dashboard showed that all the other flows were seeing the same ultra-low queuing delay. It measured the queuing delay of each packet—not just the video but all the Web flows and downloads. The worst delay was so low you could hardly see the plot—just a couple of pixels. 

Had they just configured very shallow buffers?

No. The dashboard showed the link was fully utilized.

So what was the magic under the covers?

Quite simply, all they were doing was not using regular Transmission Control Protocol (TCP) (no New Reno, no Cubic). Instead, they had switched the stacks at both ends to what they called a scalable TCP, with no need to change the apps. They said any scalable TCP will work, as long as it uses explicit congestion notification (ECN) as well.  For scalable TCP, they were using Data Centre TCP (DCTCP) unmodified, which Microsoft deployed since Windows Server 8, and there’s a Linux version too. 

Then they had set the bottleneck queue to ECN-mark packets above a shallow step threshold. Access link capacity is typically the bottleneck for DSL, cable, and cellular. So, for their downstream DSL case they only needed this marking at the Broadband Network Gateway (BNG, a.k.a., BRAS or MSE). The same in the home gateway ought to sort out the upstream, as well.

Incremental Deployment?

Could we have this Nirvana on the public Internet? Surely any “classic” TCP flows from older machines would introduce queuing delay that would ruin everyone else’s perfect day. Also, “scalable” TCPs are much more aggressive than classic TCPs. So whenever the two competed, you would expect classic TCPs to get only a small share of the capacity. 

This was where the demo got really interesting. Using the dashboard, you could add classic flows, as well. But you couldn’t get it to affect the ultra-low queuing delay of the scalable packets at all. And the queuing delay of the classic flows wasn’t compromised either—it was no worse than it would have been if all the load had been classic. 

Most impressive, all the flows still shared out the capacity roughly equally, as if they were all the same type of TCP. But there was no per-flow scheduling—indeed, they weren't inspecting anything above the Internet Protocol (IP) layer. 

How did they do that?

They classified classic traffic into a separate queue to prevent it delaying the scalable traffic. Then, they coupled dropping and ECN-marking between the two queues, marking scalable flows more aggressively to exactly counterbalance their more aggressive response to the marks. This required a square relationship, which they coded really neatly; they just compared the queuing time against one random number for marking and against two for drop. They have a nice aide-mémoire for this: “Think twice before dropping.”

Sunsetting TCP?

Back in 2012, when the IETF embarked on the real-time comms in Web browsers (RTCWEB) effort, it was known that queuing delay and jitter would often degrade RTCWEB. An Internet Architecture Board (IAB) workshop led to the birth of the RTP Media Congestion Avoidance Techniques (RMCAT) and the active queue management (AQM) WGs. RMCAT would avoid real-time traffic adding to the problem, and AQM would at least remove unnecessarily long queues by tackling so-called buffer-bloat. But the elephant in the room was TCP. Per-flow queuing was included in the AQM charter as a way to isolate a delay-sensitive flows from TCP, but it was hedged round with caveats, given the implication that the network would have to identify transport-layer flows, and decide on their relative capacity shares, not to mention the extra cost—a thousand-odd queues for a typical residential access.

The technology shown in Prague gives us a new component, using just two queues; a sort-of semipermeable membrane that partitions off the harmful delay of classic TCP, without prejudging where to partition the bandwidth.

The demo showed that the Internet could be so much better without classic TCP. It demonstrated that a superior scalable class of TCP algorithms already exists. And it showed the path to get from here to there. It was the IETF at its best.

For more information about RITE, see http://riteproject.eu/dctth/.

]]> 339 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-announced/ Fri, 06 Nov 2015 15:58:40 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=344 The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The ANRP awards presented during IETF 93 went to the following two individuals:

Haya Shulman. For analysing the deficiencies of DNS privacy approaches in the paper, “Pretty Bad Privacy: Pitfalls of DNS Encryption.”

Read the full paper at https://www.ietf.org/mail-archive/web/dns- privacy/current/pdfWqAIUmEl47.pdf.

João Luís Sobrinho. For designing a route-aggregation technique that allows filtering while respecting routing policies in the paper, “Distributed Route Aggregation on the Global Network.”

Read the full paper at http://www.cs.princeton.edu/~jrex/papers/dragon14.pdf.

Shulman and Sobrinho presented their findings to the Internet Research Task Force open meeting during IETF 93.

Slides are available at https://www.ietf.org/proceedings/93/slides/slides-93-irtfopen-1.pdf andhttps://www.ietf.org/proceedings/93/slides/slides-93-irtfopen-0.pdf.

Thanks to Meetecho, audio and video from the presentations is available athttp://recordings.conf.meetecho.com/Playout/watch.jsp?recording=IETF93_IRTFOPEN&chapter=chapter_1 (from 00:17:45).

The call for nominations for the 2016 ANRP award cycle is now closed. ANRP winners for 2016 will be announced prior to each of the three IETF meetings scheduled in 2016. Join the irtf-announce@irtf.org mailing list for all ANRP related notifications.

]]> 344 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intent-based-network-modeling/ Fri, 06 Nov 2015 15:59:29 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=349 Proponents of Intent-Based Network Modeling (IBNEMO) held two bar–Birds-of-a-Feather (BoF) meetings during IETF 93 in Prague. Many people are interested in standardizing a minimal language capable of expressing intent in networking configurations and work on this topic is ongoing via various projects using the OpenDayLight platform. Our aim is to define a minimal set of commands that can cover 80 percent of the intent expressions needed in network configurations (figure 1). Seehttps://tools.ietf.org/html/draft-hares-ibnemo-overview-00 for an Internet-Draft that includes both an overview of IBNEMO and a problem statement.

The meetings attracted 15–20 people in each of two sessions. Sue Hares gave both an overview and explanation of the aims of IBNEMO and presented her Internet-Draft. Dr. Pedro A. Aranda Gutiérrez from Telefónica, I+D shared an example of IBNEMO at work in the context of the European Union-funded collaborative research project, NetIDE* (figure 2). And Tianran Zhou from Huawei demonstrated an early implementation of IBNEMO.

A number of good questions were raised that in turn encouraged us to help newcomers better understand the technology. We also concluded that there is a need for more awareness and interest in the technology before trying to establish an IETF Working Group.

If you are interested in IBNEMO technology, please join our mailing list at https://www.ietf.org/mailman/listinfo/ibnemo. A fuller report of the bar-BoF can be found athttps://mailarchive.ietf.org/arch/msg/ibnemo/69t80ww_gkWuEuxetugQxkgMSlg.

We plan to have presentations or BoFs at the Réseaux IP Européens (RIPE) and North American Network Operators’ Group (NANOG) meetings to spread the word about this interesting new work.

*The NetIDE Project is cofunded by the European Commission DG CONNECT in FP7 under grant agreement 619543.

]]> 349 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings/ Fri, 06 Nov 2015 16:01:08 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=354 Getting new work started in the IETF usually requires a birds-of-a-feather (BoF) meeting to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. In this article, we review the BoFs that took place during IETF 93, including their intentions and outcomes. If you’re inspired to arrange a BoF meeting, please read RFC 5434: Considerations for Having a Successful Birds-of-a-Feather (BoF) Session.

Captive Portal Interaction (capport)

Description: Captive portals are used to control wireless Internet access in many locations (e.g., coffeeshops, hotels). With the ongoing move to a more secure Internet, the interception techniques employed by these portals become increasingly problematic. The user experience also leaves much to be desired. This BoF meeting sought to understand if there is sufficient energy to work on the problem and design a protocol for interacting with captive portals.

Proceedings: https://www.ietf.org/proceedings/93/minutes/minutes-93-capport

Outcome: The meeting attracted a number of relevant technical experts who write code for captive portals or operating systems that have to deal with captive portals. More work is required to both narrow the scope of the problem and obtain more data about the types of captive portals and the extent of their deployment. A taxonomy document may be a good first step.

Education and Mentoring Next Generation (edunext)

Description: This meeting was to obtain community input on the future direction of the IETF education (http://www.ietf.org/edu/) and mentoring (https://www.ietf.org/resources/mentoring-program.html) activities.

Proceedings: https://www.ietf.org/proceedings/93/minutes/minutes-93-edunext

Outcome: Lots of good ideas were proposed and discussed to improve both the education and mentoring programs. See the article on p.XX for details.

Deterministic Networking (detnet)

Description: Institute of Electrical and Electronics Engineers (IEEE) 802 has defined Audio Video Bridging as “providing time synchronization and precise scheduling for zero congestion loss and finite latency in reserved Layer-2 streams.” The need for equivalent Quality of Service (QoS) features now appears in networks that include routers in addition to, or instead of, bridges (for example, in industrial, vehicular, and public infrastructure applications). The goals of this meeting were to consider whether to form a Working Group in conjunction with the IEEE802.1TSN Task Group and to specify both how to get these QoS features into routers and how new and/or existing control protocols can be used to control these flows.

Proceedings: https://www.ietf.org/proceedings/93/minutes/minutes-93-detnet

Outcome: A very well-attended meeting that strongly supported the need for open standards in this space. A large number of use cases were identified and discussed leading to some concerns about the need to narrow the scope of proposed work items to make them tractable. There was support in the room for the IETF to work on this problem in a DETNET WG. (The DETNET WG was chartered on 5 October 2015, http://datatracker.ietf.org/wg/detnet/charter/.)

Simplified Use of Policy Abstractions (supa)

Description: The SUPA WG defines a data model to be used to represent high-level and possibly network-wide policies that, in turn, can be input to a network management function (within a controller, an orchestrator, or a network element). Processing that input likely results in network configuration changes. SUPA, however, does not deal with the definition of the specific network configuration changes; it deals with how the configuration changes are applied (e.g., who is allowed to set policies and when and how the policies are activated, changed, or deactivated).

Practically, SUPA defines base YANG data models to encode policy that will point to device-, technology-, and service-specific YANG models developed in other working groups. The WG focuses on a single management domain, and is designed to work with device, protocol, network, and service-data models.

Proceedings: https://www.ietf.org/proceedings/93/minutes/minutes-93-supa

Outcome: A reasonably well-attended meeting that identified work for the IETF and demonstrated that the right people to do the work are available. Further discussion is required to narrow the scope and clarify expectations for a working group on this topic. (The SUPA WG was chartered on 2 October 2015, http://datatracker.ietf.org/wg/supa/charter/.)

Interface to Network Security Functions (i2nsf)

Description: The primary goal of I2NSF is to define an information model, a set of software interfaces and data models for controlling and monitoring aspects of physical and virtual network security functions (NSFs). Other aspects of NSFs, such as device or network provisioning and configuration, are out of scope. Controlling and monitoring of NSFs should include the ability to specify, query, monitor, and control the NSFs by one or more management entities. Since different security vendors support different features and functions on their devices, I2NSF will focus on flow-based NSFs that provide treatment to packets/flows, such as IPS/IDS, Web filtering, flow filtering, deep packet inspection, or pattern matching and remediation.

Proceedings: https://www.ietf.org/proceedings/93/minutes/minutes-93-i2nsf

Outcome: The charter for this proposed WG is now more focussed than when this proposal was first made at IETF 91. Lots of support was shown in the meeting for forming a working group and several meeting participants indicated that they were interested in either implementing or deploying an I2NSF solution.  (The I2NSF WG was chartered on 18 September 2015, http://datatracker.ietf.org/wg/i2nsf/charter/.)

]]> 354 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-93-at-a-glance/ Fri, 06 Nov 2015 16:02:24 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=357 Participants: 1,384

Newcomers: 204

Number of countries: 65

IETF Activity since IETF 92 (22 March–19 July 2015)

New WGs: 12

WGs closed: 8

WG currently chartered: 143

New and revised Internet-Drafts (I-Ds): 1739

RFCs published: 116

• 76 Standards Track, 5 BCP, 6 Experimental, 27 Informational

IESG Restructuring

Restructuring complete

• Seven areas: ART, GEN, INT, OPS, RTG, SEC, TSV
• IESG working on experiments around moving more work from ADs to WGs and the community

IANA Activity since IETF 92 (March–June 2015)

Processed 1,458+ IETF-related requests, including:

• Reviewed 97 I-Ds in Last Call and 118 I-Ds in Evaluation
• Reviewed 110 I-Ds prior to becoming RFCs, 57 of the 110 contained actions for IANA

Added 12 new registries since IETF 92 (March–June 2015)

• gmpls-wson, precis-parameters, precis-tables-6.3.0, rdap-asn, rdap-dns, rdap-ipv4, rdap-ipv6, gmpls-wson, precis-parameters, precis-tables-6.3.0, babel, ppspp, security-label-format-selection, battery-technologies, scim

SLA Performance (January–June 2015)

• Processing goal average for IETF-related requests: 99%

IANA and DNSSEC

• As of 15 July 2015, 834 TLDs have a full chain of trust from the root. http://stats.research.icann.org/dns/tld_report/.

RFC Editor Activity since IETF 92 (March–15 July 2015) 

Published RFCs: 135

• 108 IETF (12 IETF non-WG), 2 IAB, 4 IRTF, 9 Independent

]]> 357 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-april-2016-2/ Sun, 17 Apr 2016 18:53:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1338 94th meeting of the Internet Engineering Task Force (IETF) was held in Yokohama, Japan, and was hosted by the WIDE Project. In this issue of the IETF Journal we present some of the highlights of the week and offer a peek at the many interesting people and discussions that comprised the meeting. Our cover article celebrates the upcoming IETF meeting in Buenos Aires and shares the opportunities it brings for both the IETF and the region. Other articles explore IETF work on the Internet of Things,special-use domain names, the benefits of a data definition language for JSON, the pre-IETF Hackathon, the Simplified Use of Policy Abstractions (SUPA) working group, and some impressions from anewcomer to the IETF. You’ll also find our regular columns from the IETF, IAB, and IRTF chairs, as well as coverage of hot topics discussed during the plenary meeting. Finally, as 2016 marks the 30th anniversary of the IETF, I’d like to take this opportunity to wish the IETF a long and prosperous future making the Internet work better. We are hugely grateful to all of our contributors. Please send your comments and suggestions for contributions to ietfjournal@isoc.org. Subscribe to hardcopy or email editions by visitinghttps://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.]]> 1338 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-ietf-flies-to-south-america/ Sun, 17 Apr 2016 18:55:36 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1340

For only the second time in its history and on the event of its 30th anniversary, the IETF’s next meeting will be held south of the equator in Buenos Aires, Argentina.

For the technical community in Latin America this is an important milestone: the Buenos Aires meeting will provide visibility to the technical work in the region that keeps the Internet humming. Many also anticipate that a meeting in the region will motivate a new generation of Latin American engineers to take up protocol engineering.

Development asymmetries are abundant in Latin America. While the region as a whole is classified as developing, some of its countries are nearing developed status by having been accepted in or applying for membership at the Organisation for Economic Co-operation and Development; others are lagging behind.

These asymmetries also manifest in Internet access. The region has countries with Internet penetration percentage rates in the low 20s or even less, while other countries have rates of 75–80%.

In terms of infrastructure, the availability of fixed copper or fiber plant can vary widely. Some countries are focusing their efforts on growing mobile networks as a means to bridge the Internet penetration gap and deliver services to their populations.

Geography and population density also play roles. Although Latin America is home to some of the largest cities in the world (e.g., Sao Paulo and Mexico City), the overall population density of the region is low, with many small communities scattered throughout the continent. Distances can be long and natural barriers like the Andes mountains and the Amazon rainforest make traditional communications difficult.

Internet access in the region not only offers access to entertainment and social networking, it is routinely leveraged to deliver eMedicine, education, eGovernment, and disaster warning and relief services. Examples include electronic textbook delivery in the Peruvian Andes and video-conferenced medical appointments in Central America. Information and communications technology (ICT)-related and knowledge-related industries are booming in several countries, in some cases quickly catching up with the primary, commodities-based sectors of the economy.

What It Means for the IETF

Protocol engineering is critical to ensuring that the Internet remains a useful tool that developing regions can use to cope with the many challenges imposed by geography, population distribution, and asymmetric economic development.

In technical terms, this means taking into consideration the following factors and challenging the following assumptions:

• Power efficiency can be critical. Some communities might have access to power during certain hours during the day or could suffer power outages due to weather or other natural events.
• Permanent, “always-on” connectivity is not always present, particularly in rural areas.
• Error rates do not always go down over time. Radio links spanning long distances can be part of any path.
• Bandwidth goes up over time, but not as quickly as in other regions. Efficiency in the wire should be considered in new protocol work.
• Efficient spectrum usage is critical. Many countries deploy mobile networks as a faster method for bridging the connectivity divide.
• Security is a priority for all protocol work. However, in regions where the Internet is still making its first inroads, it is critical to get security right and to build trust among users and applications in order to avoid the victimization of users.
• Pure client/server applications could behave poorly in mobile, radio, high-delay, or intermittent communication environments, and natural events could render large territories disconnected. Peer-to-peer protocols could provide solutions for certain niche problems.
• Operational practices can be very different than those in other regions, particularly in routing, peering, and ISP interconnection.
• IPv6 adoption is a must in a region that still needs to connect a significant portion of its population.

This is by no means an exhaustive list and the IETF has been working on several related topics, including whitespaces, Global Access to the Internet for All (GAIA), low-power protocols, and constrained environments. This work also will benefit from increased involvement by the local technical communities in the developing regions themselves, which could make the Buenos Aires meeting a very pivotal moment.

]]> 1340 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-22/ Sun, 17 Apr 2016 18:57:18 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1343 Perhaps the uppermost thing on my mind is how friendly and welcoming Japan was. I thoroughly enjoyed the incredibly well-working network, the wireless that covered all the way to the Ferris wheel, the ceremonies, the food, the modern facilities, and the long list of supporters for our meeting. Thank you!

We had a very good turnout in terms of participation: more than 1,300 participants on site at the end of the week.

Hackathon

Our third IETF Hackathon had 70–95 participants (depending on whether you count official registrations or the number of t-shirts handed out). It drew new participants to the IETF and a coder who was only 16 years old. That said, as with the overall meeting, the number of participants is not the key metric of success. What matters is the work that gets done and whether that work brings improvements to the Internet. This year’s Hackathon focused largely on key Internet issues, including the privacy of metadata and ability to easily build networks. I also was impressed with how people learned. For example, although one team failed to do what they wanted, that failure had a lesson in it and later in the week the working group in question realized that they have to change their approach. Well done!

Each of the ten teams made a significant contribution. Notable examples are the DNS security and privacy team (DPRIVE), which led a professional and systematic approach to securing the DNS infrastructure and eliminating metadata leakage, and the HOMENET team, which had an impressive demo involving multiple platforms ranging from routers to iPhones.

Birds of a Feather Sessions

Our one Birds of a Feather (BoF) this meeting, Internet Storage Sync (ISS), focused on synchronization protocols for Internet-based storage services. The origins of this topic are in academic research on optimized synchronization mechanisms, protocols that can improve the efficiency of other, widely used protocols. The BoF itself emphasized the prospect of broader synchronization protocol interoperability. I believe that this is of key interest and potentially very useful, particularly for enterprise customers and third-party application developers who would benefit from the ability to more easily switch between providers. It is also necessary to obtain interest from service providers, perhaps initially from the smaller players. ISS BoF members will search for that interest, especially from the industry. Join the mailing list at https://www.ietf.org/mailman/listinfo/storagesync.

Working Groups

The Domain Name System Operations (DNSOP) Working Group (WG) meeting covered the impacts of the recent .onion allocation and issues in the RFC 6761 process that specifies that such allocations can be made, but not when those allocations are appropriate. The discussion will continue, hopefully with appropriate interest from other parts of the IETF. The first goal is to define exactly what the problem is with RFC 6761. It is unlikely that many other allocations will be made before that process is reevaluated and redesigned.

The increase in YANG data models continued; the current count is 160 drafts. Benoit Claise and his colleague Jan Medved have produced a dependency graph tool that shows the dependencies between the drafts (see http://www.claise.be/modules.png).

The security area (SAAG) WG had several local presenters. I particularly enjoyed the presentation on the security analysis of IPv6 transition technologies and the report from the workshop on impacts of encryption in mobile networks.

The DISPATCH WG talked about opportunistic security for RTP flows.

Plenary

We had one combined plenary instead of separate technical and administrative ones. It appears to be a reasonable starting point for future arrangements, although there’s a lot to improve still, such as shortening the presentations part even more.

Before the plenary, we were fortunate to preview of “A Net of Rights,” a short film produced by members of the proposed Internet Research Task Force research group on human rights protocol considerations (HRPC).

Collaboration

Because both the W3C TPAC meeting and the OpenStack Summit were in Japan the previous week, we were able to visit and be visited by key individuals from these organizations. Having the IETF meeting in a similar area and time frame as other meetings may be useful in the future.

Once again, we saw many new participants—nearly three hundred! We also had visitors from the Internet Society Policy and Fellowship to the IETF programmes, under-scoring that participation at the IETF is a collaborative project, a working group that you care for and contribute to. I’m hoping to see these new participants involved in projects that are important to them.

There were many remote participants, including presenters. For example, Jürgen Schönwälder held an hour-long discussion in the LMAP WG via Meetecho. We also learned from remote connection issues. For example, I didn’t set up backup jabber channels to be monitored appropriately during the plenary. I apologize for the inconvenience this may have caused.

What’s Next?

We will continue work over the Internet in the coming months, and then meet in person 3-8 April in Buenos Aires, where our host will be LACNIC. This will be the first meeting in South America and only the second meeting held south of the equator.

Finally, the Buenos Aires IETF Hackathon is 2-3 April, so be sure to be on site early!

For More Information

For more detailed information, see https://datatracker.ietf.org/meeting/94/materials.html. The information page for the Buenos Aires meeting can be found at http://www.ietf.org/meeting/95/index.html.

]]> 1343 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-20/ Sun, 17 Apr 2016 18:58:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1345 IETF 94 was in Yokohama, Japan, and as usual, the Internet Architecture Board (IAB) had some things to report. But this time, instead of using plenary time for it, we sent a report in advance to the community (see https://www.iab.org/2015/11/02/report-from-the-iab/). This was inspired by a change to the way the meeting worked, and the IAB has concluded that it is a positive approach for our reports. Expect to see this kind of advance report again before Buenos Aires.

No News Is Good News?

One of the things that the IAB does is pay attention to new work coming to the IETF. The IAB tries very hard to make sure that at least one IAB member covers every Birds of a Feather (BoF) at an IETF meeting. We report back to the Internet Engineering Steering Group (IESG) about what we saw, how we think it fits into other work we know about, whether we think the effort is likely to produce a successful working group, and so on. So, it was with some discomfort that I contemplated the Yokohama meeting, since there was only one BoF.

In some ways, that shouldn’t be too surprising. There were lots of working groups chartered last year, and previous meetings had record numbers of BoFs (more requests than were accommodated). Also, some areas have become good at chartering working groups without holding BoFs. Nevertheless, it was an unusual occurrence, and so it did not surprise me that it came up as a major topic at the plenary.

An important part of that discussion was about process. How does new work get started? How do people meet informally to start working on a problem?  Many people talked about reducing formal barriers. Yet it seems that the formal barriers are mostly a figment of our collective imagination. A significant reason for the IETF holding its meetings is exactly so that people can get together informally and explore topics collaboratively. At the IETF, you don’t need permission to get started. You don't even need forgiveness. If you think a topic is interesting and you can convince a few other people to talk about it, then you have all you need to get a conversation going. Discuss, improve the idea, and so on. The barriers are low.

But to make the more formal parts of the process easier, the IAB is happy to help. If you are struggling with how an idea fits together or need help with how to approach your topic (or, perhaps, how it relates to the Internet), feel free to contact iab@iab.org. Talking about these issues is part of our job.

Collaboration and Meetings

The Yokohama meeting coincided with several other meetings in the region. The World Wide Web Consortium (W3C) held its meeting in Sapporo the week prior to the IETF meeting. The Internet Measurement Conference (IMC) was in Tokyo just before the IETF meeting, as was the OpenStack Summit. And the Internet Research Task Force (IRTF) organized a workshop around the IMC.

One of the IAB’s responsibilities is to serve as the IETF’s formal interface to other organizations. When the happy coincidence of all these meetings came up in the plenary, it got me thinking about how we build our connections to other groups. There are lots of people participating in the IETF and other organizations, and they represent a large store of knowledge about what is going on there. This is, I suspect, a part of what people found great about having so many meetings close to each other. It isn’t just the saved travel costs, but also the opportunity to experience work modes and hear views you otherwise might not.

I have been wondering whether there might be a way to make more links of this sort across the IETF without the happy accident of having a lot of meetings in physical proximity. Given the existing constraints on IETF meetings (and others’ meetings), it will be hard to arrange this sort of schedule often. Would it be useful to identify some groups with whom we have significant overlap and try to do some recruiting there? Or is this better left to the natural processes of people working on these problems to pick the right venue for their work? If you have thoughts, the IAB is interested.

Not Just IETF Meetings

Of course, the IAB doesn’t only do work at IETF meetings. Since the Yokohama meeting, the IAB has sent comments to the ICANN CCWG-Accountability survey and also to the ICANN call for comments on the Registration Data Access Protocol (RADP) Operational Profile proposals. You can see what the IAB sends to other organizations at https://www.iab.org/documents/correspondence-reports-documents/.

The IAB is responsible for a number of appointments both inside and outside the IETF community. The appointments are tracked at https://www.iab.org/activities/iab-appointments-and-confirmations/. An important ongoing appointment process is that of the IRTF chair. The current IRTF chair, Lars Eggert, has announced that he will not seek reappointment, and the IAB is looking for his replacement. Lars leaves some big shoes to fill, so we have our work cut out for us. By the time you read this, the IAB will also have made decisions about the appointments to the Internet Society Board of Trustees and the RFC Oversight Committee.

The IAB also convenes workshops on topics relevant to Internet architecture. By IETF 95, the IAB will have held the Internet of Things Semantic Interoperability Workshop. Interoperability is the core value of internetworking, and we anticipate that the workshop will make a positive contribution to it. For more about our work-shops, see https://www.iab.org/activities/workshops/iotsi/. 

Our next IETF meeting will be in April 2016, when new Nomcom appointments are seated. The IAB will both welcome new members and miss those who are departing. I have been grateful to serve on the IAB with the group this year and I look forward to next year with my IAB colleagues both new and returning.

]]> 1345 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-ietf-is-30/ Sun, 17 Apr 2016 18:59:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1347 On 16–17 January 1986, in San Diego, California, 21 people attended what is now known as IETF 1. Several participants of that meeting are still active contributors, and some of the topics mentioned in the proceedings from that meeting still surface at IETF meetings. And although the IETF has evolved over the past 30 years, its goal of addressing challenges to improve the network via meetings and other means has remained.

The Internet also has evolved over the past three decades. In 1986, there were a few thousand hosts on the Internet; today there are more than 3 billion users. Many of today’s users access the Internet via mobile devices, and the Internet of Things is gathering an increasing amount of attention.

The Internet’s technical development community has expanded, too. Starting about 15 years ago, IETF meetings were held exclusively in Europe and Asia. Today, IETF meetings draw participants from all over the world, and this year marks the first IETF meeting to be held in South America.

While it may be impossible to predict what the Internet will look like 30 years from now, it is safe to say that literally billions more devices will be connected and that  security and privacy will be increasingly important. Until then, our community will continue to work tirelessly on the standards that enable that growth.

]]> 1347 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/how-internet-traffic-measurements-can-bolster-protocol-engineering/ Sun, 17 Apr 2016 19:00:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1349 Can the IETF adopt measurement-driven engineering in the design of Internet protocols? That was the technical topic at the IETF meeting held in Yokohama, with presenters Brian Trammell, who leads the Internet Architecture Board’s (IAB’s) IP Stack Evolution Program, and Alberto Dainotti, a research scientist with the Center for Applied Internet Data Analysis (CAIDA).

Trammell introduced the topic by saying that measurement-driven engineering would allow protocols to be designed for common occurrences, while taking into account the risks of uncommon occurrences.

“We’d like to apply measurement wherever we can to know the difference“ between these two situations, he explained, adding that it might even be possible to take measurements at runtime.

Trammell focused his talk on the role that measurement can play in writing protocols related to IP stack evolution and path impairment. He noted that many solutions assume that the Internet can be run over User Datagram Protocol (UDP), but said “we need more data” before making that decision.

Trammell showed a picture of the evolving IP stack, which resembles a two-stem martini glass,and noted that we now have two layer threes, with IPv4 and IPv6 coexisting “more or less well.”

However, he said that we have problems with fuzzy boundaries between layers three and four, with Transmission Control Protocol (TCP), Transport Layer Security (TLS), and Hypertext Transfer Protocol (HTTP) on top of IPv4, while UDP and new transports will be layered on top of IPv6.

“We’d like to fix this problem by putting in new transport layers and by rethinking the layer boundary with UDP encapsulation, crypto to reinforce the boundary between endpoint and path visible headers… and add explicit cooperation to give back transport and application semantics the path they actually need,” he explained.

Trammell said the IETF has taken the assumption that all of this explicit relayering can be done with UDP encapsulation. “We assume that UDP works. Does it?” he asked.

Trammell explained that it’s important to measure path impairment, which shows the likelihood that traffic with given characteristics will experience problems on a given path. These problems might include increased latency, reordering, connectivity failure, or selective disablement of features. The goal of measuring path impairment is to discover how and how often a proposed feature would break.

“Basically, the way we measure this is we put a bunch of packets on the Internet, and we see what happens,” Trammell said.

He provided results from two testbeds, PlanetLab and Ark, which cover about 10,000 paths and have widely different results in measuring the percentage of paths modifying a selected packet feature. For example, with a TCP Initial Sequence Number (ISN), PlanetLab measures an error rate of 10.7% and Ark measures a rate of 1.8%.

Trammell pointed out that these two testbeds represent “a really tiny fraction of the Internet, which has billions and billions of paths,” Trammell noted. “So the results are highly dependent on the vantage point.”

Further, these testbeds have the same bias because they are deployed by people who are knowledgeable about networking. Yet they have widely different results.

“We need more data here and more diversity,” Trammell added. Trammell said the IETF needs to engineer protocols that work for path impairments that are common, such as Network Address Translators (NATs), but that they shouldn’t create a lot of excess code to deal with rare problems.

“We need information about the prevalence of these [situations] in order to make informed decisions,” he said.

Trammell pointed out several challenges for measurement-driven protocol engineering. First, measuring the Internet is hard, and measurements don’t always measure what you want. Further, the Internet is not homogenous, so it is difficult to extrapolate from measurements on any given link. Further, researchers face the problem of having not enough data and too much data at the same time.

Trammell recommends that the IETF consider using measurements that are inadvertently gathered by protocols such as how TCP measures its round-trip time. Further, he suggests that the IETF design protocols with built-in measurements in mind, thereby making instrumentation accessible and operational at runtime.

He also suggested that the IETF enhance the testbeds that are available, such as PlanetLab and Ark, as well as existing measurement tools like the Large Scale Measurement of Broadband Performance (LMAP). The IETF should use these testbeds and tools to create a framework to bring comparability and repeatability to observations.

“The goal would be to combine measurements from different vantage points and data sources for wider and deeper insight,” he explained. “Here are a couple things we can do: develop common information models and query sources, and develop common coordination and control protocols.”

Next, Dainotti considered the role that Internet traffic measurement can play in the development of protocols related to the Border Gateway Protocol (BGP).

“BGP is the central nervous system of the Internet,” Dainotti said. “BGP design is known to contribute to issues in availability, performance, and security. So we know that we need to engineer protocol evolution. However, it’s difficult to make protocol engineering decisions because we know very little about the structure and dynamics of the BGP ecosystem.”

Dainotti said researchers need more and better data about BGP operations, including more information from routers, as well as more data collectors and more experimental testbeds. Further, the Internet engineering community needs better tools to learn from the data, so that data analysis is easier, faster, and better able to cope with larger data sets. Researchers would like to monitor BGP in near real-time and tighten data collection, processing, and visualization.

Dainotti shared his research related to BGP outages, including those caused by country-level Internet blackouts and natural disasters. Before his Internet Outage Detection and Analysis (IODA) project, it took four months to analyze an Internet shut-down such as the Arab Spring in 2011. With IODA’s live Internet monitoring, he is able to detect Internet outages, such as a 20-minute outage experienced by Time Warner Cable in September 2015, in near real-time.

“We built some complex software and hardware to track outages in near real-time and to perform additional measurements while the event is actually happening,” Dainotti explained. “Christmas last year, we were able to follow the outages in North Korea in almost real-time—just a 30-minute delay. This was thanks to the infrastructure we built.”

Now CAIDA is making these tools more generally available. For example, it has a new tool called BGPstream that provides a software framework for historical and live BGP data analysis. This tool is available open source at bgpstream.caida.org.

BGPstream is “used mostly by the scientific and operational community,” Dainotti said. “It efficiently deals with large amounts of distributed BGP data from multiple BGP collectors. The main library offers a time-ordered data stream from heterogeneous sources. It supports near real-time data processing and targets a broad range of applications and users.”

CAIDA has built several tools including PyBGPstream, which can be used to study AS path inflation, and BGPcorsaro for monitoring address space. Another project tracks BGP hijacking attacks.

In conclusion, Dainotti described a BGP Hackathon that CAIDA hosted in February focused on live BGP measurements and monitoring. To learn more about this event, visit bgp-hackathon-info@caida.org.

“How you can contribute is to… propose problems that are worth addressing and things you would like to see in tools used to study BGP,” he concluded.

To start the Q&A discussion, Trammell returned to the question of why the IETF doesn’t have enough data to support the idea of running the Internet over UDP.

“This is a question I’m spending a fair amount of time working on,” he said. “Lots of firewalls block or limit or impair UDP for security reasons, particularly DDOS attacks. So they turn it off… Depending on which of the commonly available testbeds that we consider, we see 2% to 6% of access networks are actually blocking UDP. That’s kind of a high number. We’d like to understand the shape of that impairment before we talk about UDP encapsulation.”

Audience members questioned both the overhead costs and privacy risks associated with having protocols take live measurements, essentially those monitoring user behavior.

“There is a huge cost in data, not just in storage of it but in privacy,” Dainotti admitted, adding that the research community has many ways to anonymize data and doesn’t need to retain the data forever.

In response to another question, Trammell said two protocols that could benefit from additional measurement are DNS and DNSSEC. “We should be measuring the tradeoffs of assurance versus the ability to use it for attacks,” he said.]]> 1349 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-benefits-of-a-json-data-definition-language/ Sun, 17 Apr 2016 19:01:42 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1351 JavaScript Object Notation (JSON) [RFC 4627, RFC 7159] is a very popular method for exchanging data in protocols. Where Extensible Markup Language (XML) was once considered the go-to choice for data serialization, now JSON is the preferred format. As with XML, there are a number of JSON-centric building blocks, standards, and conventions and tools for using JSON to create applications and protocols. But where XML has a handful of data definition languages, JSON has none (that have been standardized).

The Wikipedia entry for data definition language is: “A data definition language or data description language (DDL) is a syntax similar to a computer programming language for defining data structures, especially database schemas.” They are also referred to as schema languages.

The IETF’s JSON Working Group has discussed a JSON DDL in the past. Understandably, the discussions often invoked the scars of experience with XML’s most widely used DDL, XML Schema. The influence of XML Schema on the XML ecosystem is extensive; shortcomings of XML Schema almost always have a negative cascading impact with any XML work. But XML is not JSON, and although the complexities of XML are by-necessity present in an XML DDL, such entanglements can be avoided in a JSON DDL. I posit that a JSON DDL can be more powerful and flexible than an XML DDL because JSON’s scope is narrowed to data serialization (a markup language is much more than data serialization, as commonly used).

Are Prose and Examples Good Enough?

Some reasoning against the need for a JSON DDL, or a DDL for any data format, is that descriptive text accompanied by examples should be all that is necessary for a programmer to implement a specification, and that the overhead of a DDL complicates matters. I agree that for most simple cases this is true. But I have first-hand knowledge that not every case is simple.

RFC 7483 describes the JSON used by Registration Data Access Protocol (RDAP), by far the largest of the documents produced by the Web Extensible Internet Registration Data Service (WEIRDS) Working Group. As part of an area review, Tim Bray wrote this of RFC 7483:

“Speaking as a person who’s been skeptical of JSON schema efforts, it pains me to say this, but the information about large-scale message structure is scattered through this document in a diffuse way and it’d make me nervous as an implementer whether or not I was getting it right. I think it might be helpful to have a “large-scale message structure” section that quickly runs through the allowable top-level shapes of messages, and exactly what can be nested inside what.”

Despite RFC 7483’s extensive prose describing JSON and its copious, multipage examples, a DDL would have really been helpful. (For the curious, https://datatracker.ietf.org/doc/draft-newton-rdap-jcr/ shows what a DDL can do for RFC 7483).

In my opinion, Tim Bray’s precognition was borne out during the several interoperability sessions held for RDAP at the IETF. Some implementers made assumptions about the data structures that were incorrect. And in a few cases, we found that the examples were incorrect.

In addition, I drew another conclusion from my experiences with the RDAP interoperability tests: textual descriptions are not as easy to read for the many programmers who are not native English speakers. Even I often succumb to the TL;DR (“too long; didn’t read”) nature of specifications. The tediousness of prose could be worse for them, and the precise-ness and conciseness of a DDL might be more helpful.

Testing and Test Software

Bad experiences with XML Schema have led some to believe that DDLs often focus implementers on correctness of the XML document to the detriment of other aspects of interoperability. “Just hand me the XSD (XML Schema Document). I don’t need to read the specification.” Indeed, this is one of several reasons I personally switched to Relax NG for all my XML work.

But this aspect of XML Schema is not a universal constant with all DDLs, not even all XML DDLs. It is not even a function of XML Schema, but rather a so-called feature of the tooling and the push-button, code-generation development frameworks that abstracted away all protocol aspects from the programmer (environments popular with XML technologies such as Simple Object Access Protocol).

Negative experiences aside, DDLs can be an important part of interoperability testing. DDL validators aid the creation of test suites, knocking out the low-hanging fruit with regards to syntax.

Further still, some DDLs such as JSON Content Rules (JCR) contain features to aid the creation of specific test cases: is a value Y under condition X. The nature of JCR accommodates locally overriding rules to a narrower definition (e.g., specific constants or ranges). Writing a test can involve a simple rule change instead of tediously traversing nested data structures to access the value to be inspected. (Bias warning, I am one of the coauthors of JCR).

DDL validators, or schema validators as they are sometimes known, also have the benefit of helping implementers develop software as specifications progress through the standards process. For example, during the standardization of RFC 7484, I was able to provide valuable feedback to the specification authors—feedback that was vital to the performance of software using the specification. At some point during the standardization process, however, a small, unsubstantial change was made to the JSON that I had not noticed. The result was that my software would not interoperate despite the many, many unit tests I had written. Had RFC 7484 used JCR or JSON Schema, I could have easily dropped in the final DDL and quickly discovered the problem.

Desired Features of DDLs

For the purposes of the IETF, some DDLs are more practical than others. When writing a specification, one aspect of a DDL that is a benefit is conciseness. Internet Drafts have many sections and seldom pass muster without explanatory text. Therefore a DDL that does not add bloat is appreciated. While conciseness can sometimes reduce readability, for complex uses “TL;DR” is much more of an issue. As a specification writer, if you feel writing a computer language can be tedious, the same is probably true for the many readers of the document.

Figure 1 shows JSON used as an example in RFC 4627.

And now let’s examine two different JSON DDLs describing the aforementioned example: JCR and JSON Schema. Figure 2 is the JCR example, which has a more concise syntax .

By contrast, in Figure 3, the JSON Schema is more verbose.

DDLs, such as XML Schema and JSON Schema, use the syntax of their respective formats to construct rules. This has the benefit of easing implementation of their DDL validators but jettisons conciseness. These forms also make it difficult to inter-leave instructive prose as normal draft text between the DDL rules, a habit of IETF authors familiar with notations, such as Augmented Backus–Naur Form (ABNF).

Figure 4 is an excerpt from RFC 4287 (The ATOM Format). ATOM is an XML format, and RFC 4287 uses the Relax NG Compact Syntax to define it. RFC 4287 is well written and makes good use of mixing explanatory text with formal syntax rules.

Another common usage with ABNF is to reference rules across documents. This promotes reuse and reduces error. Figure 5 is an excerpt from RFC 6270 (the tn3270 URI scheme). It references back to RFC 3986 for a normative definition of the ABNF rule for authority.

A DDL with this feature provides the same benefit as we see with ABNF. And while this is also possible with prose, it is much more precise and concise when referencing specific rules.

Conclusion

As of this writing, there is no standard for a JSON DDL. Having one (or more—there is no harm in giving specification authors a choice) would benefit software developers when they write test suites. It would also make for better RFCs, as definitions would be more precise. On top of this, I believe JCR has many properties that flow more naturally with the style in which RFCs are written.

If you are writing or plan to write a specification using JSON, I invite you to take a look at both JCR and JSON Schema.

]]> 1351 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/how-the-ietf-helps-emergency-calls-save-lives/ Sun, 17 Apr 2016 19:03:03 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1353 In late 2004, members of the Session Initiation Protocol (SIP) working group (WG) gathered to discuss how SIP-based devices could place emergency calls (e.g., 1-1-2, 9-1-1). Around the same time, SIP-based phones started making such calls. In the case of North America, the calls were received with concern at public safety answering points (PSAPs, the call centers where emergency calls are answered). The concern stemmed from the fact that neither the devices nor the back-end systems that supported them were capable of adequately placing the calls or sending the information needed to correctly route them. North American PSAPs had recently settled a related issue with mobile operators: while no one anticipated that mobile phones would be used for emergency calls, users found their mobile phones were perfect for them. And because mobile phones and their systems were unprepared to handle such calls, when they were made problems ensued. Ultimately, regulation prompted the ability of mobile phones to support emergency calls. The SIP members realized that handling emergency calls properly would be a critical step in order for SIP to succeed as a multimedia session-initiation protocol.

Many of the standards that governed how emergency calls are handled in the United States and Canada come from the North American Emergency Number Association (NENA). In spring 2005, the SIP members met with NENA’s technical people to discuss how the existing emergency call system worked. They were surprised to learn that in addition to seeking a way to correctly handle VoIP calls in the current E9-1-1 system, NENA sought a redesign of the entire emergency call system based on modern IP protocols and mechanisms. The result of that meeting was a three-pronged plan:

1. NENA would document several ad hoc mechanisms that VoIP providers had implemented, and detail the strengths and weaknesses of the ideas.
2. NENA would standardize a method for SIP-based VoIP phones to place emergency calls using the current telephone network-based system. The IETF would assist with any needed SIP standards.
3. The IETF would work with NENA to create a new IP-based emergency calling system for North America with IETF standards as the base and NENA standards built on top of the IETF standards.

Their efforts have been largely successful. NENA i2 standards now largely govern VoIP emergency calls on the existing E9-1-1 network. No significant work in the IETF was required to achieve this goal. NENA i3 standards, based on several IETF standards in the now concluded GEOPRIV WG and the still active ECRIT WG, form the technical base for the Next Generation 9-1-1. And the European Union Emergency Number Association (EENA) has developed its standards based on NENA and IETF standards for new pan- European Union 1-1-2 IP-based emergency calling.

One of the core standards that underpin these developments is RFC 5222, the “Location to Service Translation (LoST)” protocol. LoST accepts location information typically extracted from a Presence Information Data Format-Location Object (PIDF-LO), RFC 4119, which may be a civic (street) address or a latitude/longitude/altitude. LoST then maps that location information into a route the emergency call should take towards a PSAP. LoST is also used to validate a civic location prior to it being loaded into a Location Information Server (LIS). In this way, if an emergency call is subsequently placed by a SIP-based phone using the location associated with the phone stored in the LIS, that location will be recognized by emergency authorities, the call will route correctly, and responders can be directed to the location of the caller.

The entire NG9-1-1 system is based on emergency calls being routed by LoST and calls accepted by the PSAP being SIP-signaled. Calls that originate in legacy wireline or wireless networks are passed through a Legacy Network Gateway to translate the legacy signaling and routing information to SIP signaling and LoST-based routing.

The framework for how multimedia emergency calls are handled on the Internet is described in RFC 4883. RFC 6881 describes the best current practice for originating devices and networks to obtain the location of a caller, access a LoST server to get a route, and send a call using SIP signaling towards the PSAP.

Next Generation 9-1-1 is being deployed, albeit slowly. In a small number of U.S. states, emergency calls are being routed by LoST. The protocol is an unheralded IETF success—there are dozens of interoperable implementations, it’s deployed, and thousands of emergency calls are routed every day using the LoST protocol.

Emergency authorities, organizations like NENA and EENA, and callers who need help rely on IETF protocols, frameworks, and data structures to save lives. And we can trace the entire effort to a single meeting between a dedicated cohort of IETF members and NENA participants, who had a vision of what could be done and then did it.

]]> 1353 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/special-use-domain-names-a-registry-under-review/ Sun, 17 Apr 2016 19:04:21 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1355 In October 2015, just prior to IETF 94, publication of “The .onion Special-Use Domain Name” (RFC 7686) put an end to intense debate within the Domain Name System Operations (DNSOP) working group (WG) and the wider IETF community. RFC 7686 added the “onion” label to the Special-Use Domain Names registry[1] maintained by the Internet Assigned Numbers Authority (IANA). This was  the second addition to that registry after RFC 6762 to reserve “local” for the Multicast DNS protocol.

A blog post[2] by IETF Chair Jari Arkko explained the details and external dependencies of the Certificate Authority system that led to the approval, while also suggesting that the registration procedure laid out in RFC 6761 needed review and action.

The first and last time that the IETF reserved top-level domain names under its formal standardization process was in 1999, when RFC 2606 reserved “test”, “example”, and “invalid”, for test and documentation purposes and “localhost” to document operational practices. This was done in light of the recently founded Internet Corporation for Assigned Names and Numbers (ICANN) opening the first round of top-level domains.

A few months later and within the same historic context, the Internet Architecture Board (IAB) published “IAB Technical Comment on the Unique DNS Root” (RFC 2826) and the “Memorandum of Understanding Concerning the Technical Work of the Internet Assigned Numbers Authority” (RFC 2860) was achieved between the IETF and ICANN. The following excerpt from the Memorandum clearly separates the roles regarding domain names: 

4.3. Two particular assigned spaces present policy issues in addition to the technical considerations specified by the IETF: the assignment of domain names, and the assignment of IP address blocks. These policy issues are outside the scope of this MoU. 

Note that (a) assignments of domain names for technical uses (such as domain names for inverse DNS lookup), (b) assignments of specialized address blocks (such as multicast or anycast blocks), and (c) experimental assignments are not considered to be policy issues, and shall remain subject to the provisions of this Section 4. (For the purposes of this MoU, the term “assignments” includes allocations.) 

In the event ICANN adopts a policy that prevents it from complying with the provisions of this Section 4 with respect to the assignments described in (a) – (c) above, ICANN will notify the IETF, which may then exercise its ability to cancel this MoU under Section 2 above. 

Another year later, in September 2001, the ARPA top-level domain, initially named after the Advanced Research Projects Agency (ARPA)  was renamed the Address and Routing Parameter Area Domain and the IAB took responsibility and published a registration policy in RFC 3172. 

In 2011, the DNSOP working group published “Locally Served DNS Zones” (RFC 6303) to establish an IANA registry of DNS zones that every recursive resolver should serve from local knowledge, instead of following the normal DNS delegation path. The registry was seeded with various domains in the IN-ADDR.ARPA and IP6.ARPA reverse mapping space, particularly for private addresses of RFC 1918, where there cannot exist a globally unique mapping due to multiple independent instances of the same IP address. This was done primarily to reduce the DNS load on the sacrificial servers of the so-called AS112 project. The domains reserved in RFC 2606 deliberately were not imported into the new registry. 

In early 2013, the IETF published “Special-Use Domain Names” (RFC 6761), which established a new registry quite similar to that initiated by RFC 6303. Names (and their descendants) in the new Special-Use Domain Names registry would be considered non-DNS names and their resolution would be redirected to other mechanisms before they were fed into the local DNS resolver: 

[...] Hence, the act of defining such a special name creates a higher-level protocol rule, above ICANN’s management of allocable names on the public Internet. 

In other words, these names would be greyed out of the Domain Name System and thus any registration within the DNS would not make sense, since compliant resolvers would never even try to resolve them the generic way. 

RFC 6762, specifying Multicast DNS, then added the “local” TLD to the new registry that had been seeded with domains from RFC 2606. It should be noted that neither “local” nor any other TLD will be subject to a DNS delegation in the public DNS tree. Quite the opposite: it is expected that presence in the Special-Use Domain Names registry will prevent any such delegation. 

Several questions arose around the procedure in RFC 6761, some of which will require wider community discussion: 

Is the registration available for protocols not under IETF change control? RFC 6761 specifiesStandards Action or IESG Approval as the registration policy for Special-Use Domain Names, where RFC 5226 states that the latter should be a rare exception to the former only. How should the eligibility criteria for non-IETF protocols be defined? 

Are the seven questions meant as criteria or as directions? RFC 6761 gives seven different entities that may need to implement special treatment of a Special-Use Domain Name, including application software, stub and recursive resolvers, and authoritative DNS servers. It also suggests that if there is no special handling by any of the seven, the registration might not be useful. However, no guidance is given to assess treatment of how many of the entities ought to be necessary or sufficient for registration and what alternate approaches might be chosen. 

Can the Special-Use Domain Names registry keep its promise? Following from the previous question, how would software compliant with RFC 6761 learn the existence of a future Special-Use Domain Name and the special handling required? This is even more important if leaking DNS queries into the Internet is to be avoided for security reasons, as in the case of “onion”. 

How will consistency with RFC 2826 and RFC 2860 be maintained? Can the emerging view of the existence of domain names that are not DNS names be made consistent with the uniqueness postulate expressed in RFC 2826? What mechanisms exist or need to exist to avoid conflicts between registrations under RFC 6761 and (future) ICANN TLD application rounds?

Since names have a tendency towards controversy, there are also the questions of who is going to determine the exact name at what stage in the process and whether a whole subtree of the DNS could be safely set aside for the intended purpose. The risk for the IETF is that it might find itself entangled in a mesh of legal and economic challenges without access to the resources necessary to inform or defend its decisions. 

A detailed discussion will take place in the DNSOP WG. In addition, the ARCING BoF will address the question of  signaling other resolution contexts beyond the Internet’s Domain Name System.  

Footnotes

1 http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml#special-use-domain.

2 https://www.ietf.org/blog/2015/09/onion/.

]]> 1355 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-94-hackathon-open-source-and-open-standards/ Sun, 17 Apr 2016 19:06:10 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1357 Originally posted by Charles Eckel in the DevNet Open Source Community on 12 November 2015.

Yokohama, japan, was the host city for IETF 94. The IETF Hackathon, sponsored by Cisco DevNet, got things started the weekend prior: 31 October–1 November. The Hackathon was the third in a continuing series designed to advance the pace and relevance of IETF standards activities by bringing the speed and collaborative spirit of open source software into the IETF.

More than 70 developers came together to test experimental protocols, produce reference implementations, create useful utilities, and so forth. Many participants were long-time IETF contributors; there also were several first-time attendees and young developers with new ideas, including our youngest coder at 16 years of age.

Participants formed into roughly a dozen teams working across a wide range of technologies. These included many IETF working groups (e.g., dane, dhc, dnsop, dprive, homenet, i2rs, iptube, netconf, netvc, and sfc) and corresponding open source projects (e.g., Dalla, getdns, Kea, OpenDaylight, OPNFV, RIOT, and Thor). Each team produced significant results, including the DNS privacy and security team that extended and demonstrated use of getdns APIs to eliminate metadata leakage; and the Homenet team, which prototyped and demonstrated a provider-aware selection of IPv6 prefixes for home routers, PCs, and mobile devices.

How an IETF Hackathon Works

The Hackathon started Saturday at 09:00. Technology “champions” introduced each technology and proposed projects. Next, champions and participants formed teams and started hacking. Several teams included members from more than one IETF working group and/or open source community. The ensuing collaboration, mix of cultures and ideas, and new friend-ships all point to the long-term benefits that extend beyond the Hackathon itself. 

Motivated, caffeinated, and energized, participants worked tirelessly, advancing the standards that provide the Internet’s foundation and creating open source implementations that validate these standards and make them easier for others to consume. Not everything worked according to design and there were frustrating moments, but course correction and eventual success ruled the day.

Sunday afternoon, each team shared accomplishments and lessons learned with peers and a panel of esteemed judges: Jari Arkko (IETF chair), Ray Pelletier (IETF administrative director), and Adam Roach (NETVC chair). The judges recognized teams based on various criteria established for the Hackathon:

• Advance pace and relevance of IETF standards
• Bring speed and collaborative spirit of open source software into the IETF
• Expand upon ideas, feed into Working Group sessions
• Produce sample code/reference implementations
• Create useful utilities
• Attract developers, young people to IETF

There were techie prizes compliments of Cisco DevNet and tickets to the IETF social event donated by WIDE, but the real winner was the IETF community. The hackers’ efforts were shared in corresponding working group meetings the following week and a number of teams demonstrated their work at Bits-N-Bites on Thursday night.

A complete list of this and archived Hackathon technologies and projects are available on the event Wiki (https://www.ietf.org/registration/MeetingWiki/wiki/94hackathon), which is accessed from the main Hackathon page (https://www.ietf.org/hackathon/). The IETF and open source communities are encouraged to bookmark and reference these sites to help with their ongoing work.

Next Steps

For the first time ever, the IETF is going to South America! IETF 95 will be held in Buenos Aires, and the Hackathon will kick things off the weekend prior: 2–3 April. Mark your calendars and join us as we accelerate the pace and relevance of the IETF’s tireless work of extending and improving the Internet we all know, love, and use every day.

Stay informed

To keep up to date with all things related to past and future Hackathons, subscribe to hackathon@ietf.org.

]]> 1357 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/supa-helps-to-simplify-service-management/ Sun, 17 Apr 2016 19:07:41 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1359 Simplified use of policy abstractions (SUPA), a new working group (WG) in the OPS Area, held its first meeting at IETF 94. The rapid growth of traffic flowing over service provider networks brings new challenges in network operations and management applications. Policy-based service management is one efficient approach that uses policy rules to manage the behavior of one or more managed entities. Unlike conventional policies, which are interpreted into devices as ACLs (Access Control Lists) and packet filters, SUPA introduces policies at the service-management level. More specifically, SUPA works on policy models, but not policy content. Operators can use the policy model to define their policies at a different abstraction level.

The SUPA WG’s History and First Session

The first IETF activity to propose policy abstractions to help simplify service management, SUPA made its initial call for interest at IETF 91, where it held a bar-BoF, followed by BoFs at IETF 92 and 93. During the second BoF session, more than ten operators supported the work and were willing to use this mechanism with standardized policy models. After public and Internet Engineering Steering Group (IESG) reviews the WG was created before the 94th meeting and held its first session in Yokohama. 

Chaired by Daniel King and Nevil Brownlee, the first meeting focused on four topics: SUPA’s value, the policy-information model, the policy-data model, and applicability. There was also discussion about the possibility of using the SUPA policy model to guide specific policy design in routing systems. Finally, a SUPA policy engine demo was prepared for Bits-N-Bites.

During the WG meeting, Maxim Klyus introduced the value proposition of the SUPA work. For example, the Interface to the Routing System (I2RS) WG is considering whether the SUPA policy framework can be used to benefit I2RS. John Strassner presented a generic policy-information model that defines a common set of terms independent of protocol and technologies. A key point of the work is knowing how to use the information model to design data models. Michiaki Hayashi presented the current status of the event-condition-action policy-data model, the key component of deliverables in the current charter. Audience feedback indicated that one measure of success is whether operators can use the policy model to handle service management. The chair and Area Director encouraged more operators to get involved with the design of the policy-data model. 

Another interesting aspect of the SUPA WG is the implementation and possible contribution to the Open Source community. Yiyong Zha introduced a policy engine demo which focused on building a working system to take a policy and translate it into configuration changes. 

SUPA’s Bits-N-Bites Demo

A SUPA policy engine was demonstrated in Bits-N-Bites. The demo presented VPN service management in a packet transport network with a demo topology including 5000 nodes (Figure 1). In this schematic, the user of the external API selects the policy model and defines the policies, and the policy engine derives the policies using a constraint solver. Information from the network infrastructure devices is also needed to evaluate the policies and make the configuration changes. For a VPN service with connectivity from node A to node B, the user may want the connection to have two paths: a main path and a backup path. In reality, the user may want the two paths to be disjoint for resilience purposes. The user will express the policy of two disjoint paths using the given policy models and then the policy engine will find two disjoint paths and do the rest. Note that the user does not need to know the details of the path computation and network infrastructure, the user only expresses the policy using policy models. The policy models decide the level of abstraction to meet the user’s needs.

Q&A On Phe SUPA Demo

Was the demo based on the SUPA drafts?

Yes, the demo was based on the SUPA framework as described in draft-klyus-supa-proposition¹. The policy engine’s role is to perform the policy translation. The policy model used here follows the style in the policy model draft². 

Why was it called policy-based service management?

The user needs only to express its policy using the given policy model for the policy engine to generate the configuration change. There is no need to rewrite the code for different policy needs. For example, a user can set up a VPN connection with more than two pairs of disjoint paths by simply changing the policy. 

Was it only used for path changes in VPN management?

Not really. The policy model is defined for one problem domain, but anything that can be expressed via the policy model is supported for more than only VPNs. However, we are working on more problem domains, such as inter-datacentre traffic optimization, load balancing for NFV (Network Functions Virtualisation), and network operations, administration, and management (OAM).

Acknowledgements

This work has benefited from the reviews, suggestions, comments, and proposed text provided by the following individuals: Juergen Schoenwaelder, John Strassner, and Liya Zhang. 

References

1. Maxim Klyus, John Strassner, SUPA Value Proposition, draft-klyus-supa-proposition-02 (work in progress), July 2015.

2. John Strassner, Generic Policy Information Model for Simplified Use of Policy Abstractions (SUPA), draft-strassner-supa-generic-policy-info- model-01 (work in progress), July 2015.

]]> 1359 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-of-things-standards-and-guidance-from-the-ietf/ Sun, 17 Apr 2016 19:11:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1361 A true Internet of Things (IoT) requires “things” to be able to use Internet Protocols. Various “things” have always been on the Internet, and general-purpose computers at data centers and homes are usually capable of using the Internet protocols as they have been defined for them. However, there is considerable value in extending the Internet to more constrained devices that often need optimized versions or special use of these protocols.

Background

During the past ten years there have been a variety of IETF activities initiated to enable a wide range of things to use interoperable technologies for communicating with each other—from quite small microcontroller-enabled sensors to large computers in datacenters.

When we wrote about IoT in the IETF Journal in 2010, there were three IETF working groups (WGs) focusing on IoT with constrained devices and networks: 6LoWPAN, which defined IPv6 adaption layer and header compression suitable for constrained radio links; ROLL, which focuses on routing protocols for constrained-node networks; and CoRE, which aims to extend the Web architecture to most constrained networks and embedded devices. The activity around IoT has increased since 2010 and today we have seven WGs actively looking into various aspects of IoT (an additional two are completed), as well as an Internet Research Task Force (IRTF) research group focusing on open IoT research issues.

IETF IoT Activities

The first IETF IoT WG, IPv6 over Low-power WPAN (6LoWPAN), was chartered in March 2005. It defined methods for adapting IPv6 to IEEE 802.15.4 (WPAN) networks that use very small packet sizes by means of header compression and optimizations for neighbor discovery. The 6LoWPAN WG concluded in 2014, and the 6Lo WG that replaced it applies similar adaption mechanisms to a wider range of radio technologies, including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave/Token-Passing (MS/TP) that is widely used over RS-485 in building automation.

The Routing Over Low-power and Lossy networks (ROLL) WG produced specifications for both the RPL protocol “IPv6 Routing Protocol for Low-Power and Lossy Networks” (RFC 6550) and a set of related extensions for various routing metrics, objective functions, and multicast. Another output of ROLL was a number of requirements documents and applicability statements, a terminology document, and a security threat analysis.

The Constrained RESTful Environments (CoRE) WG is still one of the most active IoT groups. Its main output centers around the “Constrained Application Protocol” (CoAP, RFC 7252), a radically simplified UDP-based analog to HTTP. Extensions to CoAP enable group communications (RFC 7390) and low-complexity server-push for the observation of resources (RFC 7641). This is complemented by a discovery and self-description mechanism based on a weblink format suitable for constrained devices (RFC 6690). Current WG activities focus on extensions that enable transfer of large resources, use of resource directories for coordinating discovery, reusable interface descriptions, and the transport of CoAP over TCP and TLS. The CoRE WG is being rechartered to include RESTCONF-style management functions and publish-subscribe style communication over CoAP. CoRE is also looking at a data format to represent sensor measurements, which will benefit from the “Concise Binary Object Representation” (CBOR) (RFC 7049), a JSON analog optimized for binary data and low-resource implementations.

Since 2010, it has become clear that IoT will not work without good security. Accordingly, most new IoT WGs have been added in the Security Area. The DTLS In Constrained Environments (DICE) WG (already completed) produced a TLS/DTLS profile that is suitable for constrained IoT devices. The Authentication and Authorization for Constrained Environments (ACE) WG is working on authenticated authorization mechanisms for accessing resources hosted on servers in constrained environments and a comprehensive use case document (RFC 7744) was recently completed. This work is supported by the recently chartered COSE WG that is building simplified CBOR analogs for the JSON object signing and encryption methods that were developed in the JOSE WG.

As a special development somewhat beyond the usual 6Lo work, the 6TiSCH WG (IPv6 over the TSCH mode of IEEE 802.15.4e) was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. This work aims to capitalize on the deterministic, real-time oriented features of TSCH, and includes architecture, information model, and configuration aspects. The 6TiSCH overview and problem statement document (RFC 7554) was published in 2015; a specification for a minimal configuration interface is next in line.

In addition to the new protocols and other mechanisms developed by IETF working groups, Internet protocols for constrained environments often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (LWIG) WG is working on such documents, including ones for CoAP and IKEv2 protocols, asymmetric cryptography, and CoAP in cellular networks. The LWIG WG published RFC 7228, which defines common terminology for constrained-node networks.

Beyond the IETF work specifically focusing on IoT scenarios, the whole Web protocol stack is evolving fast and many of the new technologies developed in other IETF working groups will likely end up being used also for IoT. The HTTPbis WG recently finalized the specification for the HTTP/2 protocol that is more suitable for IoT scenarios than earlier versions of HTTP, thanks to a more-compact wire format and simplified processing rules. The TLS WG is defining TLS version 1.3, including DTLS 1.3, which can establish secure transport sessions more efficiently and will therefore be better suited for IoT. The Homenet WG is working on enabling automatic configuration of IPv6 networks in homes and beyond. In parallel to IETF’s standardization work, two IRTF research groups are of special interest: ICNRG (Information-Centric Networking) that explores the applicability of their technologies for IoT scenarios, and CFRG (Crypto Forum) that progresses advanced cryptographical foundations, such as new elliptic curve cryptography (ECC) curves that will be more appropriate for IoT use cases. Finally, the Internet Architecture Board (IAB) is organizing multiple related workshops (e.g., about security, architecture, and semantic interoperability) and has published informational documents such as “Architectural Considerations in Smart Object Networking” (RFC 7452).

While the IoT-oriented IETF working groups have already produced the first wave of mature standards for IoT, new research questions are emerging based on the use of those standards. The IRTF Thing-to-Thing Research Group (T2TRG) was chartered in 2015 to investigate open research issues in IoT, focusing on issues that exhibit standardization potential at the IETF. Topics being explored include the management and operation of constrained-node networks, security and lifecycle management, ways to use the REST paradigm in IoT scenarios, and semantic interoperability. There is also a strong interest in following and contributing to other groups that are active in the IoT area. For example, the W3C Web of Things (WoT) interest group recently began activities and the two groups have been working together to explore the future of IoT and Web technologies.

Conclusion

The IETF already has a decade of history specifying and documenting key IoT standards and guidance, and today there is more activity than ever around IoT. Other organizations and consortia working on IoT have adopted the Internet protocol stack as the basis of their solutions. IP and specifically IPv6 are the obvious choice for networking, but the rest of the IETF IoT stack, including CoAP and DTLS, are also widely used. The base IETF IoT protocol stack as published in RFCs today is mature and suitable for deployment. Additional needs are emerging for standardization, and the active groups at the IETF and the IRTF are working hard to ensure that they are identified and addressed.

]]> 1361 0 0 0 6805 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/reflections-on-the-ietf-94-public-policy-programme/ Sun, 17 Apr 2016 19:12:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1363 IETF 94 in Yokohama was my first IETF meeting. While subscribing to specific Working Group lists offers exposure to the IETF’s work, to obtain a true overview of how the organization works you must attend one of its meetings. The Yokohama meeting was my first such opportunity.

Quite a few people were curious about why I was there. As a relatively new Internet Corporation for Assigned Names and Numbers (ICANN) Board Member, I felt it was important to have a better understanding of the IETF, a key client of the Internet Assigned Numbers Authority (IANA) functions. I sought a better sense of the scope of the IETF’s work, its priorities, community, and norms. The meeting in Japan was opportune in terms of timing and location.

Once at the meeting, I joined the Internet Society Public Policy Programme, for which I am extremely grateful. This programme provided crucial introduction and context for nontechnical participants who focus on policy matters. The Policy Fellows who convened in Yokohama came from Australia, Bhutan, Fiji, Japan, Kenya, Philippines, and Vanuatu. My participation brought Malaysia into the mix. It was a small group, designed for high interaction under the skilled guidance of Sally Went-worth, vice president of Global Policy Development.

Policy Fellows were introduced to both ISOC and IETF members and projects. Briefings covered topics such as IP addressing, DNS, IANA, routing, encryption, IXPs, interconnection, CSIRTs, as well as key programmes like Deploy360. IETF 94 hot topics were highlighted for our attention. I found the prominence of YANG modeling puzzling, but the rest of the hot topics fell within the range of my expectations. I was pleased to see the IETF continue its work on hardening the Internet and address issues of trust, identity, and privacy, while enhancing infrastructure resilience and security. New areas of work based on recent Birds of a Feather meetings (BoFs) also were flagged, including ISS, HOPSRG, NMLRG, HRPC, and T2TRG. 

Policy Fellows had structured opportunities to interact with a select group of Working Group chairs and subject matter experts. Chairs of the IETF and the Internet Architecture Board (IAB) also popped by and discussions were lively and interesting. How the IETF deals with conflicts of interest, how it collaborates with other standards development bodies, and what progress has been achieved in enhancing the diversity of IETF participation were topics of interest to we Policy Fellows. 

The IETF meeting schedule was woven into the Policy programme. Time slots were allocated for Policy Fellows to attend Working Group sessions. Before I arrived in Yokohama, I drew up a schedule of sessions I wanted to attend based on personal interest and suggestions from friends who are veterans of the IETF. The Policy programme made the following addi-tional schedule-enhancing suggestions: RMCAT, NETVC, DPRIVE, V6OPS, ISS, HRPC, MODERN, IRTFOPEN and SIDR. Among the Working Group sessions that I attended, DNSOP distinguished itself in being the one with the most number of consensus-seeking hums. 

The Policy Fellows were asked how we found the Working Group sessions. To my mind, the Policy Fellows were equally fascinated and frustrated by what they encountered. Without a technical background, it was extremely hard to under-stand the substance of Working Group discussions and to pinpoint the policy implications. The primary barrier was the technical vernacular. It did not matter how much one prepared ahead of time or how much material was read or whether one had followed the work in other spaces. 

For us, the value of attending an IETF Working Group session was primarily in observing the interaction, dynamics, and norms. Understanding the policy implications and interacting effectively on those points require a dedicated forum where policy specialists can engage with technical people who can bridge the technical/policy language barrier. The Public Policy Programme was invaluable precisely for this reason: It provided a structured introduction to the IETF and its work, and it framed that introduction through a specialized lens for a policy audience. The programme could add further value by extending itself to provide a policy engagement platform on topics of interest beyond the meeting.

At the start of the meeting, it was impressed upon the Policy Fellows that at the IETF no one is in charge, anyone can contribute, and that everyone can benefit in the effort to make the Internet work better. I came away from the meeting thinking that there is truth to this, but to engage and contribute meaningfully there is a certain level of technical knowledge and language that is required. I also came away from the meeting with a deeper appreciation for the IETF and what it does. The breadth and depth of its work is challenging to absorb in one go, but it was clear that the work is essential to improving the Internet.

I took a bit of time in Yokohama to observe the IANA Team at work during the IETF meeting and to listen to feedback about them. It was evident to me that the IANA service and team were highly regarded and appreciated by the IETF community. 

Overall, I had a great time at IETF 94. I found the meeting intellectually stimulating and I enjoyed interacting with the IETF community. People were wonderfully warm, welcoming, and helpful. The out-of-meeting activities were equally memorable: the coffee runs, the musical event at Minato Mirai Hall, and the meals with IETF friends. And who could forget the Cosmo Clock 21, the gigantic Yokohama Ferris wheel that added color to the night?

]]> 1363 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-autumn-2005/ Wed, 08 Jun 2016 15:44:20 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1263 ietfjournal@isoc.org.]]> 1263 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-winter-2005-2006/ Wed, 08 Jun 2016 15:47:45 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1266 1266 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-spring-2006/ Wed, 08 Jun 2016 15:51:05 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1269

Lixia Zhang, professor at UCLA: "At the first IETF I was a graduate student. I felt that I had so much to contribute. I had lots of great ideas. As years go by, I have better appreciation of how much I can learn from this community. Each time I come to an IETF Meeting, I learn from others. Now, I feel how little I know. As a graduate student, I felt how much I know."

Dave Clark, a professor at MIT, gave a presentation, referring back to a speech he gave in 1992, pointing out issues the IETF was facing back then, namely Routing and Security. The network has changed tremendously and much work has been done to get it to where it is today. However, these topics are still high on the agenda of the IETF today. During the meeting, many enthusiastic attendees recorded their congratulations on video. You can view these here. Throughout this issue of the IETF Journal, you will find reflections on the past and the future of the IETF from IETF participants, some of them involved since IETF 1, others that were Newcomers at IETF 65. ISOC has declared 2006 the "Year of the IETF" and activities are planned throughout the year to celebrate the IETF@20. Check back often for activities which will be announced throughout the year onhttp://ietf20.isoc.org.]]> 1269 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-autumn-2006/ Wed, 08 Jun 2016 15:54:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1272 1272 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2006/ Wed, 08 Jun 2016 15:57:57 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1275 1275 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-may-2007/ Wed, 08 Jun 2016 16:00:53 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1278 1278 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ipv6-captures-the-spotlight-at-ietf-69-2/ Wed, 08 Jun 2016 16:02:33 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1281 IPv6 Captures the Spotlight at IETF 69 If it were possible to assign a theme to the IETF 69 meeting in Chicago last July, the obvious choice would be IPv6. Now that IPv6 has become an integral part of the community, as evidenced by the number of working groups that are connected to it, it is the actual deployment of IPv6 that is capturing the attention of the IETF. Chicago, site of IETF 69 Photo by Alexandru Petrescu A good place to start is the summary of a special meeting that took place at IETF 69 with the IESG and the IAB (see below). The purpose of the meeting was to find out what the IETF can do to help with the deployment of IPv6. Similarly, Shane Kerr takes a look at the historical development of IPv6 in an effort to determine if opportunities were missed then and, if so, whether they might offer useful lessons on the deployment issues we face now. (See page 9.) One topic that frequently comes up in discussions of IPv6 deployment is network address translation (NAT). For many, NAT is a fact of life when it comes to working with and around IPv4. It’s also possible that ignoring that reality could mean missing the opportunity to standardise IPv6. Lixia Zhang offers her perspective on page 14. Another notable event at IETF 69 was an informal panel discussion with several IAB members and former IETF chair Brian Carpenter. The discussion, organised by the ISOC Chicago chapter, offers interesting insights into the challenges that await the IETF as the Internet grows. (See “ISOC Chicago Arranges for Experts’ Panel at IETF 69″ on page 25.) As always, we wish you fun reading, and we welcome both your comments and your contributions for future issues of this publication.]]> 1281 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-december-2007/ Wed, 08 Jun 2016 16:06:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1286

Vancouver, site of IETF 70 Photo Credit: Mirjam Kühne, with permission

The subject stimulated good discussions at IETF 70 and raises some interesting issues, particularly as it relates to Internet security and security protocols. While opinions may vary about whether security protocols developed by the IETF are successful, security remains a topic close to IETF’s heart. For more than 10 years, every document has been required to include a section on security considerations. Still, the enormous amounts of unwanted traffic on the Internet cause concern. A few years ago, the Internet Architecture Board held a workshop on the subject. In this issue of the IETF Journal, we feature an updated summary of the workshop, including a number of important facts and notable observations. Also in this issue you’ll read about João Damas’s and Frederico Neves’s solution to a long-standing security hole in the Domain Name System, which is described in their article The Perfect Attack. Typically, the IETF Journal features short updates of the ongoing activities of Internet Research Task Force research groups. In this issue, we are pleased to offer more-detailed reports of those activities, including current work, achievements, and future plans. We would also like to call attention to a number of newcomers who have contributed to this issue of the IETF Journal. One is Tomas Carlsson, who, in addition to an in-depth report on the IETF 70 fellows, offers an analysis of IETF culture. Another is Bryan Ford, an MIT student who reports on new directions in the Transport Area. We thank all of our contributors to this issue, and we wish you fun reading. And, as always, we welcome both your comments and your contributions for future issues.]]> 1286 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2008/ Wed, 08 Jun 2016 16:08:12 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1289 A Week of Firsts in Philadelphia

Independence Hall in Philadelphia

Like several other organizations (most notably some of the Network Operator Groups), the IETF took the opportunity of having many engineers in one room at one time to switch off the IPv4 network and make only the IPv6 network available, which they did during the IETF 71 plenary in Philadelphia (see below). The IPv4 outage experiment nearly coincided with a power outage, which took place just as Scott Bradner was presenting a report about the recent use of arbitration during the Nomination Committee process. This was the first time in the history of the NomCom that the arbitration process had to be employed (more on this in the plenary report). An-other interesting development in Philadelphia was a BoF on IDNA, which could lead to the formation of a new IDNA working group at the IETF 72 meeting in Dublin (see a report on the BoF on page 11). We thank all of our contributors to this issue, and we wish you fun reading. As always, we welcome both your com-ments and your contributions for future issues.]]> 1289 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-october-2008/ Wed, 08 Jun 2016 16:11:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1292 IPv6 was, once again, a hot topic, most notably during the Wednesday plenary, for which the Internet Architecture Board organized a panel to discuss IPv6. Panelists consisted of a number of IPv6 operators and experts, each of whom described their experiences deploying IPv6 within their networks and organizations. Read more about the panel discussion… In this issue, Shane Kerr takes a look at the IETF response to the DNS vulnerability that was discovered by Dan Kaminsky and that is often referred to as the Kaminsky Attack – Read more…. While the discussions within the IETF took place primarily within working groups, Shane offers a good look at the history of DNS security and a brief review of recent DNS security work as well as a compilation of IETF responses. Stepping outside the usual technical discussions, the IETF Journal sat down with IETF lawyer Jorge Contreras, who discussed his work with the IETF and, in particular, the latest developments in the field of intellectual property rights. Read the interview with Jorge. Once again, the IETF meeting played host to a number of engineers from various parts of the developing world. Their participation at IETF 72 was made possible through generous support by the Internet Society as part of its Fellowship to the IETF programme. This was also the first time that some of the earlier fellows returned to attend their second IETF meeting. See more about the fellows and their experiences. Thank you to the contributors to this issue. We wish everyone fun reading. And as always, we welcome both your comments and your contributions for future issues.]]> 1292 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-february-2009/ Wed, 08 Jun 2016 16:13:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1295 1295 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-june-2009/ Wed, 08 Jun 2016 16:19:02 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1298 “The Seven Stages of IPv6 Adoption”. On a related topic, a BoF (birds-of-a-feather) session looked at a possible solution to the problem of how public IPv4 addresses can be shared among different networks in the event that IPv4 addresses are no longer available to be assigned. A description of that proposal can be found below. A similarly hot topic these days is trust and identity. In this issue, the IETF Journal talks to the cochairs of the OAuth BoF as well as the author of the OAuth specification. The OAuth specification recently was brought into the IETF. Also in this issue is a summary of the plenary session, including a review of the panel discussion on multiprotocol label switching and an update on what the IETF can learn from the development and deployment of that protocol. IETF 74 hosted a number of the Internet Society fellows to the IETF and former fellows, who travelled from developing countries for the opportunity to enhance their knowledge and technical skills through involvement with the IETF and to contribute to the work of the IETF (See here.). Finally, in an effort to gain a better understanding of our readers, we are embarking on our first IETF Journal reader survey. We encourage you to take a minute and fill it out. We extend our thanks to those who contributed to this issue. We wish everyone enjoyable reading, and as always, we welcome both comments and contributions for future issues.]]> 1298 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-september-2009/ Wed, 08 Jun 2016 16:20:59 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1301 Tina Tsou, the first woman to chair an IETF working group from a Chinese business enterprise, and Geoff Mulligan, chair of the IPSO (Internet Protocol for Smart Objects) Alliance. Geoff offers an interesting look at the Internet of Things and how it relates to the deployment of IPv6. Alissa Cooper and Ted Hardie discuss the history of GEOPRIV, a mechanism that develops and refines representations of location in Internet protocols; and Iljitsch van Beijnum takes us through Multipath Transmission Control Protocol (TCP), which enables TCP to use multiple paths simultaneously and to distribute the load among the subflows of each path based on congestion. Also in this issue is a summary of the administrative and technical plenaries, including a discussion on network neutrality and what the IETF can do about it. Many thanks to those who contributed to this issue; I wish enjoyable reading for all. And I look forward to seeing you all again in the future.]]> 1301 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-june-2010/ Wed, 08 Jun 2016 16:26:06 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1307 It’s the F-Word“. Anaheim, California, site of IETF 77 Another area of growing interest within the Internet Engineering Task Force (IETF) is that of peer-to-peer technologies (P2P). And in this issue, we get a good overview of the work to date and future directions for P2P in the IETF. IPv6 deployment is a regular topic for discussion at IETF, and the IETF 77 meeting was no exception. ISOC organized a well-attended panel session, adjacent to the IETF meeting, that exposed the growing momentum behind IPv6 deployment (see page 9). In addition, there was output from the 3GPP/IETF workshop on IPv6 transition that took place in March 2010. Reflecting on the successes and failures of an organization’s working life is an important part of developing and maturing as an organization. A new initiative to catalogue the outcomes of IETF workoffers just such an opportunity, and the case history of Uniform Resource Names leads to an important conclusion about Internet development and the role of the IETF. Also in this issue are our regular columns from the chairs of the IETF, the Internet Architecture Board, and the Internet Research Task Force; coverage of the hot topics discussed during the plenary meetings; and an opportunity to get to know the ISOC Fellows to IETF 77 from around the world. As always, we are hugely grateful to all of our contributors, and we welcome comments as well as suggestions for contributions to future issues. Readers can send email to ietfjournal@isoc.org]]> 1307 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-15/ Sun, 17 Apr 2016 19:13:39 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1365 During IETF 94 in Yokohama, five of the nine chartered Internet Research Task Force (IRTF) research groups (RGs) held meetings:

• Crypto Forum (CFRG)
• Information-Centric Networking (ICNRG)
• Network Function Virtualization (NFVRG)
• Network Management (NMRG)
• Software Defined Networking (SDNRG)

In addition to the meetings of those already chartered research groups, the following four proposed research groups met:

• Human Rights Protocol Considerations Research Group (HRPCRG)
• Thing-to-Thing Research Group (T2TRG). Related to Internet-of-things networking, this proposed RG held a longer meeting on the weekend before the IETF with the W3C Interest Group on Internet of Things.
• Network Machine Learning Research Group (NMLRG)
• How Ossified is the Protocol Stack? Research Group (HOPSRG)

Since IETF 94, both HRPCRG and T2TRG have been formally chartered. HOPSRG has been renamed and is now the proposed Measurement and Analysis for Protocols Research Group (MAPRG).

Prior to the IETF 94 meeting, the IRTF and the Internet Society held a workshop on Research and Applications of Internet Measurements (RAIM) in cooperation with ACM SIGCOMM. This one-day workshop was very well attended and helped to increase collaboration between industry and academia in the field of networking. For more information on the RAIM workshop, visit https://irtf.org/raim-2015/.

The IRTF Open Meeting included presentations from Xiao Sophia Wang on a systematic study of Web page load times using SPDY and comparisons with HTTP, and from Roland van Rijswijk-Deij on a detailed measurement study using a large dataset of DNSSEC-signed domains.

The nominations period for the 2016 ANRP awards is now closed. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. Everyone is encouraged to nominate relevant scientific papers they have recently authored—or read—for consideration for the award. Nominations for the 2017 awards will be accepted later this year. Please see https://irtf.org/anrp for details.

Stay informed about these and other happenings by joining the IRTF discussion list at www.irtf.org/mailman/listinfo/irtf-discuss. 

]]> 1365 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-announced-3/ Sun, 17 Apr 2016 19:14:35 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1367 The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The ANRP awards presented during IETF 94 went to the following two individuals:

• Xiao Sophia Wang. For a systematic study of Web page load times using SPDY (an open networking protocol developed primarily at Google for transporting Web content) and comparisons with HTTP. Read the full paper at http://homes.cs.washington.edu/~arvind/papers/spdy.pdf.
• Roland van Rijswijk-Deij. For a detailed measurement study on a large dataset of Domain Name System Security Extensions (DNSSEC)-signed domains. Read the full paper at https://conferences2.sigcomm.org/imc/2014/papers/p449.pdf.

Xiao and Roland presented their findings to the Internet Research Task Force (IRTF) open meeting during IETF 94. 

Slides are available at https://www.ietf.org/proceedings/94/slides/slides-94-irtfopen-1.pdf and https://www.ietf.org/proceedings/94/slides/slides-94-irtfopen-0.pdf. 

Thanks to Meetecho, audio and video from the presentations is available at http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF94_IRTFOPEN&chapter=chapter_1 (from 00:10:49).

ANRP winners for 2016 also have been selected. The following winners will be the first to present their work at an IRTF meeting:

• Zakir Durumeric, a Google Research Fellow and PhD candidate in computer science and engineering at the University of Michigan. Zakir will present an empirical analysis of email delivery security.
• Roya Ensafi, a postdoctoral researcher at Princeton University. Roya will present an examination of how the Great Firewall of China discovers hidden circumvention servers.

The call for nominations for the 2016 ANRP award cycle is now closed. ANRP winners for 2016 will be announced prior to each of the three IETF meetings scheduled in 2016. Join the irtf-announce@irtf.org mailing list for all ANRP related notifications. Nominations for 2017 ANRP awards will open later this year.

]]> 1367 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-15/ Sun, 17 Apr 2016 19:15:28 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1369 Getting new work started in the IETF usually requires a Birds-of-a-Feather (BoF) meeting to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. In this article, we review the BoF that took place during IETF 94, including its intentions and outcomes. If you’re inspired to arrange a BoF meeting, please read RFC 5434, “Considerations for Having a Successful Birds-of-a-Feather (BoF) Session.”

Internet Storage Sync (iss)

Description: Network-based storage services that allow users to sync local files with remote servers on the Internet are getting more and more popular. They attract huge numbers of users and produce a significant share of Internet traffic. However, most of them employ proprietary protocols to achieve data synchronization. Such proprietary formats create challenges for users when they want to use multiple services or wish to share local files with users from other services. These proprietary sync protocols are also often inefficient and lacking in important collaboration features. The goal of this BoF meeting was to explore whether there is sufficient interest to work on this topic, the possible scope of work, and a plan for doing the work identified.

Proceedings: https://www.ietf.org/proceedings/94/minutes/minutes-94-iss

Outcome: The BoF meeting stimulated a wide-ranging discussion about the landscape of storage services, what could sensibly be standardized, and whether there were any incentives for storage providers to participate in a standardization effort. Further work is required to identify a clear use case for this work, and to narrow the scope to something that is both well understood and supported by a defined user community.

]]> 1369 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/anrp-prizewinners-present-on-breaking-internet-security-and-making-videoconferencing-work-better/ Mon, 27 Jun 2016 15:58:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1462 Proc. IEEE Symposium on Security and Privacy, pp. 526-540, San Francisco, CA, USA, May 2013), Paterson and his coauthor, Nadhem Al Fardan, demonstrate practical attacks against Transport Layer Security, a fundamental security building block for much of today's online activity. Paterson’s presentation to the Internet Research Task Force open meeting in London gave great insight into the techniques he and others have developed to leverage seemingly tiny differences in the timing of protocol operations to reveal plaintext, and thereby break the security of the transaction. There is now a real need for constant-time, constant-memory access implementations to be confident that such potential implementation weaknesses have been completely eliminated. Paterson noted the importance of the virtuous cycle that sees widely used security protocols gaining a high profile in the research community, leading to more analysis and more development work to patch weaknesses as they are discovered and ultimately stronger security protocols for everyone. Responsible disclosure practices and close collaboration with the IETF were key aspects in this instance. Paterson’s slides are available at www.ietf.org/proceedings/89/slides/slides-89-irtfopen-1.pptx, and audio from the presentation is available at www.ietf.org/audio/ietf89/ietf89-viscount-20140305-0900-am1.mp3 starting at 00:18:25. Trying to conduct a videoconference over a cellular network from a moving car “wasn’t working very well” for Keith Winstein, so he started trying to find a solution to the problem. The result was a new transport protocol called “Sprout” and the paper he and his coauthors wrote earned Winstein the second Applied Networking Research Prize for 2014. Winstein won his award for designing a transport protocol for interactive applications that desire high throughput and low delay. In their paper, “Stochastic Forecasts Achieve High Throughput and Low Delay over Cellular Networks” (Proc. 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Lombard, IL, USA, April 2013), Winstein and his coauthors, Anirudh Sivaraman and Hari Balakrishnan, describe Sprout, a transport protocol that works well over cellular wireless networks, where link speeds change dramatically with time, and current protocols build up multi-second queues in network gateways. Motivated by his subpar videoconferencing experience, Winstein and his team developed a novel end-to-end transport protocol that tries to maximize throughput while simultaneously bounding the risk of delay by modeling the variation in link speed based on observations of packet arrival times. The model is then used to predict the future link speed. The results are compelling: experiments conducted on traces from four commercial cellular networks show many-fold reductions in delay, and increases in throughput over Skype, Facetime, and Hangout, as well as over Cubic, Compound TCP, Vegas, and Low Extra Delay Background Transport (LEDBAT). Although Sprout is an end-to-end scheme, in this setting it matched or exceeded the performance of Cubic-over-CoDel, which requires modifications to network infrastructure to be deployed. Winstein received his award at the recent Internet Research Task Force open meeting at IETF 89 in London, where he also presented his results. Winstein’s slides are available at www.ietf.org/proceedings/89/slides/slides-89-irtfopen-0.pdf, and audio from the presentation is available at www.ietf.org/audio/ietf89/ietf89-viscount-20140305-0900-am1.mp3 starting at 01:22:35. The nomination period for prizes to be awarded in 2015 is now open and nominations can be submitted via the system at https://irtf.org/anrp/2015/.]]> 1462 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-rfc-series-and-the-twenty-first-century/ Mon, 27 Jun 2016 16:50:44 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1502

The 'XML2RFC' version 2 Vocabulary (https://datatracker.ietf.org/doc/draft-reschke-xml2rfc/)

The 'XML2RFC' version 3 Vocabulary (https://datatracker.ietf.org/doc/draft-hoffman-xml2rfc/)

The Use of Non-ASCII Characters in RFCs (https://datatracker.ietf.org/doc/draft-flanagan-nonascii/)

HyperText Markup Language Request For Comments Format (https://datatracker.ietf.org/doc/draft-hildebrand-html-rfc/)

SVG Drawings for RFCs: SVG 1.2 RFC (https://datatracker.ietf.org/doc/draft-brownlee-svg-rfc/)

PDF for an RFC Series Output Document Format (in progress)

Documenting the requirements in those drafts is a huge, critical piece of the new format effort. And there is still more to do—from prototyping code to test the requirements, to creating a digital preservation policy that describes how the RFC Editor will handle this new diversity in digital assets for future generations, to developing the actual production code that will generate the new formats. Changing a more than 40-year-old tradition of plain text documents is not something that can—or even should—happen without a great deal of planning and testing to ensure that RFCs remain a useful way to consume information on Internet standards, best practices, experiments, and information for decades to come. Tune in to rfc-interest and the next format BoF for an update on the status of the format effort.

Footnotes

1. http://www.rfc-editor.org/pipermail/rfc-interest/2013-May/005584.html

]]> 1502 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-89-at-a-glance/ Mon, 27 Jun 2016 17:10:47 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1510 IETF Activity since IETF 88 (November 2013–March 2014) New WGs: 7 WGs closed: 0 WG currently chartered: 120 New and revised Internet-Drafts (I-Ds): 1707 IETF Last Calls: 96 Internet-Drafts submitted: 132 RFCs published: 91

• 74 IETF (61 WG, 13 Individual/AD Sponsored), 2 IAB, 3 IRTF, 12 Independent
• Live and Social Media
• STRINT workshop: 525 tweets, exposure 1.352K
• IETF 89: 269 tweets on #IETF89, exposure via @IETF= 161K, exposure via #IETF89=529.6K, 73 new followers since 19 February 2014
• Facebook: 460 Likes

Mentoring Programme now has 20 mentor matches Mailing List Discussion Style Guide: In progress

• Inspired by recent discussions on list, to promote professionalism and respect on lists and email

IANA Activity since IETF 88 (October 2013–January 2014)

Processed 1337+ IETF-related requests, including:

• Reviewed 110 I-Ds in Last Call and reviewed 131 I-Ds in Evaluation
• Reviewed 116 I-Ds prior to becoming RFCs, 63 of the 116 contained actions for IANA

SLA Performance (August 2013–January 2014)

• Processing goal average for IETF-related requests: 99%
• Currently revising the 2014 SLA between ICANN and IAOC for the protocol parameter work

IANA and DNSSEC

• 265 TLDs have a full chain of trust from the root, http://stats.research.icann.org/dns/tld_report/

RFC Editor Activity since IETF 88 (November 2013–March 2014)

Published RFCs: 91

• 35 Standards Track, 6 BCP, 4 Experimental, 46 Informational

]]> 1510 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-88-at-a-glance-2/ Mon, 27 Jun 2016 18:43:31 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1512

On-site attendees: 1,142

Newcomers: 123

Number of countries: 54

IETF Activity since IETF 87 (July 2013–November 2013)

New WGs: 7

WGs closed: 0

WG currently chartered: 115

New or revised Internet-Drafts (I-Ds): 1547

IETF Last Calls: 105

Internet-Drafts approved for publication: 101

RFCs published: 55

• 46 IETF (42 WG, 7 Individual/AD Sponsored), 1 IAB, 1 IRTF, 4 Independent

Live and Social Media

• YouTube: 276 max concurrent viewers, 748 total views by 3:30pm
• Twitter: 837 tweets on #IETF88, exposure via @IETF= 217,466, exposure via #IETF88=1,658,351, 40 new followers to @IETF
• Facebook: 327 Likes

Antiharassment Policy (www.ietf.org/iesg/statement/ietf-anti-harassment-policy.html)

• Specifies “IETF participants should not engage in harassment,” and establishes an ombudsperson.

Mentoring Programme now has 58 participants

IANA Activity since IETF 86 (July 2013–September 2013)

Processed 946+ IETF-related requests, including:

• Reviewed 79 I-Ds in Last Call and reviewed 64 I-Ds in Evaluation
• Reviewed 66 I-Ds prior to becoming RFCs, 35 of the 66 contained actions for IANA

SLA Performance

• Processing goal average for IETF-related requests: 99%
• Currently drafting the 2014 SLA

IANA and DNSSec

• 119 TLDs have a full chain of trust in the root, see http://stats.research.icann.org/dns/tld_report/

RFC Editor Activity since IETF 87 (July 2013–November 2013)

Published RFCs: 62

• 26 Standards Track, 3 BCP, 6 Experimental, 27 Informational

]]> 1512 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2014-2/ Mon, 27 Jun 2016 18:45:26 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1514 1514 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/online-exclusive-bits-n-bytes-running-code-at-ietf/ Mon, 27 Jun 2016 19:06:52 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1516 Cable, IPv6, and the Broadband Home The earliest Bits-N-Bytes exhibited production implementations of IPv6 for cable broadband networks. At the core of cable broadband is DOCSIS®. DOCSIS 3.0-capable cable modem termination systems (CMTS) and cable modems (CMs) were used to demonstrate production-grade implementations of dual-stack-enabled and IPv6-only cable broadband. Demonstrations focused largely on native IPv6 implementations in lieu of various tunneling or encapsulations approaches. While these approaches are valuable first steps toward IPv6 deployment, most adopters agree that native IPv6 needs to be deployed to properly enable IPv6 support for next-generation services. An often overlooked element of any broadband deployment is the back office. Back-office elements, such as provisioning, are key enablers for most of the new technologies offered to today’s broadband customers. IPv6-enabled home networking is no different. Back-office systems implement support for IETF-developed protocols, including DHCPv6 (RFC 3315) and DHCPv6 prefix delegation (RFC 3633), as well as the core IPv6 protocols (RFC 4861, RFC 4862) found in CMTSs and CMs. Cable eRouters also leverage many of the open standards developed within the IETF, including DHCPv6 and DHCPv6 prefix delegation. The cable community, among others, has leveraged IETF-developed IPv6 specifications to catapult adoption to new highs—cable eRouters are enablers for next-generation home networking, including work in the IETF’s HOMENET working group. Support for prefix delegation and other planned specifications will enable cable-broadband technology to further fuel home networking innovation.

IPv6 Transition Technologies

There is no escaping the fact that IPv4 will fully deplete. Those of us working feverishly to deploy IPv6 recognize that technologies need to be deployed now to enable Internet operation during the transition to IPv6. As this transition progresses, technologies needed for support of the same are being developed and deployed. One interesting example is the combination of NAT64 and DNS64. NAT64 is implemented over an IPv6 access network and allows a service provider to reclaim precious IPv4 address space and lay the foundation for an all-IPv6 infrastructure. IPv6 packets originating from clients are translated into IPv4 packets by the CGN device implementing NAT64. Source addresses and ports are dynamically translated between IPv6 and IPv4, thereby creating a stateful binding in the CGN device between the IPv6 and IPv4 transport addresses. All facets of the packet header including IP header, TCP/UDP header, and ICMP parameters are translated, providing a seamless, transparent connectivity construct from IPv6 client to IPv4 server. A necessary counterpart to NAT64 translation is DNS64 functionality. The IPv6 client initiates communication with a host using its fully qualified domain name (FQDN). This creates an AAAA resource request (RR) that is specific to IPv6 and not directly compatible with IPv4-only DNS. The DNS64 implementation translates the AAAA request to an A request, enabling the DNS server to respond with an IPv4 address. DNS64 then creates a synthetic AAAA record by appending the 32-bit IPv4 address to the configured NAT64 prefix and relays it to the requesting client. The client now has an IPv6 destination address towards the NAT64 CGN device that corresponds with the desired FQDN. NAT64/DNS64 is an excellent foundation for IPv6 transition in that it enables providers to incrementally deploy IPv6. As more IPv6 content becomes available, DNS64 can bypass the NAT64 component by providing the requesting node with the AAAA record for a particular FQDN, thus providing a simple and controlled migration from translated to native IPv6 services.

Traffic Steering Using RR+ and PCE+

MPLS and IP networking are two types of widely deployed network technologies. Routing Reflect Plus (RR+) technology can be introduced to realize traffic steering in a traditional IP network; Path Computation Element Plus (PCE+) can be introduced to realize traffic steering in a MPLS network. In an IP network, setting and adjusting the IGP metrics is the most practical method to control traffic and optimize network performance. Typically, both the Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP) are deployed to forward traffic from one domain to another. The IGP is responsible for the internal routing and connectivity; the BGP is responsible for interdomain routing. Interdomain traffic is forwarded based on the BGP routes—when the traffic enters a specific domain, the BGP routes depend on the IGP routes to reach the next BGP hop router. Traffic follows the IGP routes to reach Autonomous System Border Routers (ASBRs) and then is forwarded to next domain. In this way, IGP topology, link metric, and related policies determine traffic paths within a domain. The following problems can arise when setting and adjusting IGP metrics

• Routing considers only the destination, not the source, and cannot steer traffic per user traffic flow and is based on its own IGP metric and local information.
• Routing design and adjustment is based on an estimated/projected traffic model with multiple nodes involved, resulting in a complex and error-prone configuration.
• IGP metric adjustment is the primary method, but setting or changing the IGP metric is sensitive and changes can have a significant impact on the entire network.

In the draft of draft-chen-idr-rr-based-traffic-steering-usecase, a method called RR+ using enhanced Route Reflect (RR) is introduced to steer traffic in IP networks. It uses a centralized computation for routes, and uses BGP to control the router’s RIB. RR+ enhances the RR with computation based on IGP and eBGP metric, computation based on source and destination, and computation considering both the link’s and the service’s bandwidth requirements. In MPLS networks, although the traffic engineering technology already exists, it too has some problems:

• Independent calculation on each node (no global view of topology)
• Bandwidth allocation based on peak flow (waste of resources)
• No integration of fragmented resources (waste of resources)
• Decentralized policy control (no synergies)

In the draft of draft-zhao-pce-central-controller-user-cases, a new method is introduced that uses enhanced a Path Computation Element called PCE+ as SDN controller. One of the main functionalities of PCE+ is to steer the traffic in MPLS networks. It uses expanded Path Computation Element Protocol (PCEP) to control Label Switched Path (LSP) setup, while the signaling protocol is eliminated from the routers. PCE+ simplifies the network operation and reduces capital and operational expenditures by using the following enhanced mechanisms:

• Adjusting the existing LSPs when a new high-privileged LSP must be provisioned but the bandwidth resource is not enough
• Integrating the fragmented resources to maximize network utilization
• Allocating bandwidth based on real-time traffic to improve link utilization and reduce transport cost
• Automatically adjusting the traffic according to traffic privilege when congestion occurs

Figures 1 and 2 show the topologies used for the Bits-N-Bytes demonstration. The demonstration illustrated how PCE+ integrated the fragmented resources to provide maximum network utilization. In figure 1, there is a service with 100M bandwidth; the LSP carrying the service uses the path PE1->PE2. In figure 2, the bandwidth must be increased to 150M, but the link of PE1-PE2 cannot carry the service because its bandwidth is limited to 100M. Without the service being aware of the change, the PCE+ controller can set up a new LSP with an additional 50M of bandwidth to carry the traffic.       Traffic steering is a mandatory requirement in Data Center Interconnect (DCI) and IP CORE. RR+ and PCE+ satisfy that requirement by leveraging traditional protocols—they’re practical solutions for traditional networks seeking to migrate to an advanced SDN network.

OpenV6: A Unified IPv4/IPv6 Transition Solution Based on Open API and Unified Forwarding Plane

The transition from IPv4 to IPv6 is expected to be slow and complicated. In most cases, transition cannot be completed in one step—operators need to choose the proper transition technology for different stages and transition from one technology to the next as adoption evolves. Some operators will need to deploy two or more transition technologies in their networks. OpenV6 is an open platform for the development and deployment of IPv6 transition technologies. A prototype of OpenV6 was demonstrated at the IETF 88 Bits-N-Bites event. During the demonstration, independent address pools and IPv6 addresses and prefixes were configured for each transition technology while Internet access via both IPv4 and IPv6 was available to visitors. Visitors could accesshttp://ipv6-test.com/ via their tablets or mobile phones, which displayed their IPv4 and IPv6 addresses. Flexible switching among different transition technologies was also demonstrated. OpenV6 employs the concept of control and forwarding separation, incorporating a unified forwarding plane and open API for any transition application, including third-party implementation (figure 3).   The unified data plane can support the IP-in-IP (including IPv4-in-IPv6, IPv6-in-IPv4, etc.) tunnels and NAT functions required by most transition technology. This prototype aims to support most of the common features required to support an IPv6 transition. By combining these features, most of the existing transition technologies can be supported, as can future transition technologies. The forwarding plane can be flow-based (like OpenFlow or OpenvSwitch) or it can be provided by a commercial router with ASIC or another acceleration component with a set of common programming API. IPv6 transition and third-party applications can send instructions to the data plane via a common northbound API. The demonstrated prototype currently supports transition technologies such as Dual-Stack, DS-Lite, MAP, LW4over6, NAT64, and NAT44. Its architecture allows for the parallel running of multiple transition applications and easy switching from one application either to another or to a transition technology with different configurations. To support new types of transition technologies, one must only develop new software applications—there is no need to modify the data plane. OpenV6 includes a management interface, which enables administrators to configure transition applications (e.g., tunnel endpoint, NAT address pool, etc.) and to stop or start transition applications. The standardization of the configuration interface is ongoing. OpenV6 architecture also supports centralized management of IP address pools, rather than independent address pools for each transition technology or network device. This can reduce the difficulty of IP address planning and management and enable a more efficient use of IP addresses.

Voice over IPv6: CSCF Control IMS Voice over IPv6 solution

From an architecture perspective, IMS is flat. Unlike TDM-based terminals, every IMS terminal must have IP connectivity to function properly. To increase performance or improve flexibility, carriers may allocate different IP addresses for different services. eDVAs most likely have different IP addresses for VoIP and Internet. Also consider the headache of NAT traversal—public IP addresses are almost always preferred over the use of private address space. But as IPv4 address resources are running out, we must evolve voice-network architecture to be IPv6 capable in an incremental manner. There are several factors to consider before choosing how to do this:

1. Gradually increasing the number of IPv6 terminals to avoid heavy costs at the onset. It is important to implement a Voice-over-IPv6-capable network to support a large number of IPv4 terminals with a small number of IPv6 terminals at the initial stage.
2. An IP-conversion strategy for both on-net and off-net calls. Most voice calls are still on-net to off-net. As IP networks become more common, the ratio of on-net to on-net calls will increase.
3. Investment protection. Eventually, IPv4 terminals will all be replaced or upgraded to support IPv6 terminals, and IPv4/IPv6 conversion will no longer be necessary. We must consider how to reuse our old equipment.

  IETF Bits-N-Bytes demonstrations illustrated the following Voice over IPv6 solution benefits:

1. IPv4 to IPv6 conversion is done only when necessary, meaning conversion occurs only between two terminals with different IPv4/IPv6 types.
2. TrGW resources are fully shared by P-CSCF and I-BCF through H.248 interfaces, which benefits even when off-net traffic declines—TrGW resources are still fully used for IPv4/IPv6 conversion for on-net-on-net calls.
3. IBCF and TrGW are capable to evolve to I-SBC when IPv4/v6 conversion is not required anymore.

For on-net calls, PCSCF control TrGW performs IPv4/IPv6 conversion when necessary (e.g., two peer terminals have different IPv4/IPv6 types). For on-net with off-net calls, IBCF control TrGW performs IP conversion when necessary (e.g., when the peer network has different IPv4/IPv6 types of IMS terminals). When P-CSCF at the terminated side identifies that the caller IP type is different than that of the destination, it adds the TrGW into the media path to enable IPv4/IPv6 conversion. P-CSCF SIP ALG function then changes the corresponding IPv6 header to IPv4 in INVITE messages. After all terminals and the network move to IPv6, I-BCF and TrGW repurpose to I-SBC. The VoIPv6 demonstration showed basic IPv4 and IPv6 voice client interoperability, including: IPv4 and IPv6 clients registration

• IPv4 client registration on IMS
• IPv6 client registration on IMS

Call flow

• IPv4 client call IPv6 client
• IPv6 client call IPv4 client

Announcement

• IPv4 voice call announcement
• Pv6 voice call announcement

Further, the following implementations illustrated innovative ways that the transition to IPv6-only voice can be simplified: Mechanism of dynamic insert TrGW for IPv4/IPv6 conversion

• Unlike SBC static conversion, the Huawei IMS dynamically inserts TrGW when needed
• Less conversion, higher performance

SIP ALG separated from TrGW makes TrGW shared in the beginning phase of deployment, which reduces costs

• Choose the transport protocol for signaling path
• Based on the attribute of the address of next hope returned by DNS, choose the correct transport protocol

Smooth revolution to the final all IPv6 network

Summary

Over the past two years, the Bits-n-Bytes event has offered impressive displays of Internet-based technology—all developed under the umbrella of the IETF. At the convergence of thousands of meeting participants, this unique event helps key players understand how their collective and collaborative efforts define the Internet and further the innovation that enables open communications around the globe. And there is more to come as the Internet continues to evolve and change! You can support the IETF’s Bits-n-Bytes by bringing your ideas and innovation to the floor. We look forward to seeing you at the next event.

Acknowledgements

We would like to acknowledge David Fang, Robin Li, Yizhou Li, Qiong Sun, Tom Taylor, and Chongfeng Xie for their valuable contributions to Bits-N-Bytes and to this article.

Additional References

1. Sun Q., Liu W., Zhou C., Problem Statement for Openv6 Scheme, draft-sun-openv6-problem-statement-00, October 2013
2. Liu W., Zhou C., Sun Q., Openv6 Architecture for IPv6 Deployment, draft-liu-openv6-architecture-00, October 2013
3. Xie C., Sun Q., Zhou C., Address Management for IPv6 Transition, draft-sun-openv6-address-pool-management-00, October 2013
4. Zhou C., Sun Q., A YANG Data Model for Open IPv6 Transition, draft-zhou-netmod-openv6-transition-cfg-00, October 2013
5. Duran A., Droms R., Woodyatt J., Lee Y., Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion, RFC6333, August 2011
6. Troan O., Dec W., Li X., Bao C., Matsushima S., Murakami T., Taylor T., Mapping of Address and Port with Encapsulation (MAP), draft-ietf-softwire-map-08, August 2013
7. Cui Y., Sun Q., Boucadair M., Tsou T., Lee Y., Farrer I., Lightweight 4over6: An Extension to the DS-Lite Architecture, draft-ietf-softwire-lw4over6-03, November 2013
8. Bagnulo M., Matthews P., van Beijnum I., Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers, RFC6146, April 2011
9. Srisuresh P., Egevang K., Traditional IP Network Address Translator (Traditional NAT), RFC3022, January 2011

]]> 1516 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-attracts-record-number-of-students-to-ietf-87/ Mon, 27 Jun 2016 19:14:51 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1518 London, Toronto and Honolulu area faculty sought for IETF University Outreach in 2014 The Internet Society is seeking computer science and engineering faculty to participate in University Outreach programmes for IETF 89, 90 and 91. If you teach at a college or university in or near one of next year's IETF host cities and you wish to provide your students with exposure to the standards development process, please contact Kevin Craemer at craemer@isoc.org.]]> 1518 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2013-2/ Mon, 27 Jun 2016 19:20:43 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1521 student outreach pilot project and the MANIAC challenge explain why. Our cover article this issue documents a real IETF success story—the development, specification and deployment of the Opus audio codec. And we have articles about two other hot new IETF work areas:security for telephony identity and mitigating email abuse. Other BoF meetings are covered in our regularIETF Ornithology column. We also have articles on an online gaming tutorial (it was work, honest!) and a very timely roundup ofprivacy and security developments. We celebrate the most recent winners of the Applied Networking Research Prize, and document the Internet Society panel event that debated the need for coordinated optimisations to improve Internet experience. We also discuss the work being done to promote the IETF in the Latin American and Caribbean region. Of course this edition wouldn’t be complete without columns from the IETF, IAB, and IRTF chairs, and coverage of hot topics discussed during the plenary meeting. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available athttp://wiki.tools.ietf.org/area/int/trac/wiki/IETF87.]]> 1521 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-newcomers-experience/ Mon, 27 Jun 2016 19:23:58 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1525 1525 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-87-at-a-glance/ Mon, 27 Jun 2016 20:33:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1529 Registered attendees: 1,426 Newcomers: 316 Number of countries: 62

IETF Activity since IETF 86 (March 2013–June 2013)

New WGs: 6 WGs closed: 3 WG currently chartered: 108 New or revised Internet-Drafts (I-Ds): 2020 IETF Last Calls: 92 Internet-Drafts approved for publication: 101 RFCs published: 99

• 84 IETF (68 WG, 16 Individual/AD Sponsored)
• 3 IAB, 0 IRTF, 12 Independent

IANA Activity since IETF 86 (March 2013–June 2013)

Processed 1292+ IETF-related requests, including:

• Reviewed 79 I-Ds in Last Call and reviewed 71 I-Ds in Evaluation
• Reviewed 80 I-Ds prior to becoming RFCs, 43 of the 80 contained actions for IANA

SLA Performance

• Processing goal average for IETF-related requests: 98%
• Currently drafting the 2014 SLA

Projects and Deliverables

• Phase 2 of integration completed!
• XMLization of registries 99% complete

IANA and DNSSec

• 107 TLDs have a full chain of trust in the root,

see http://stats.research.icann.org/dns/tld_report/

]]> 1529 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2013-2/ Mon, 27 Jun 2016 21:39:09 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1532 th meeting of the Internet Engineering Task Force took place in sunny Orlando, Florida, U.S.A. IETF meetings are week-long affairs packed-full of interesting presentations and discussions—the IETF Journal can merely provide a snapshot of the proceedings and the people who helped make IETF86 another great meeting. If there’s some aspect of IETF that you’d like to read more about, please let us know. Our cover article this issue provides an introduction to what has become a very hot topic in networking circles lately: software-defined networking (SDN). The article presents an outline of the IETF’s current SDN work, and provides examples of related use cases. We also present articles on the most recent winner of the Applied Networking Research Prize, and the Internet Society panel event that debated the future of content rights on the Internet. Note that the call for nominations for the 2014 awards period of the Applied Networking Research Prize is now open until 30 November 2013. Nominations can be submitted via http://irtf.org/anrp/2014/ . Of course this edition wouldn’t be complete without our regular columns from the IETF, IAB, and IRTF chairs, and coverage of hot topics discussed during the plenary meeting. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available at http://wiki.tools.ietf.org/area/int/trac/wiki/IETF86.]]> 1532 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-86-at-a-glance/ Tue, 28 Jun 2016 14:51:23 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1544 IETF Activity since IETF 85 (1 Nov 2012–28 Feb 2013) New WGs: 3 WGs closed: 13 WG currently chartered: 105 New or revised Internet-Drafts (I-Ds): 1700 IETF Last Calls: 71 Internet-Drafts approved for publication: 96 RFCs published: 116 • 98 IETF (83 WG, 15 Individual/AD Sponsored), 1 IAB, 12 IRTF, 5 Independent

IANA Activity since IETF 85 (1 Nov 2012–28 Feb 2013)

Processed 1275+ IETF-related requests, including: • Reviewed 107 I-Ds in Last Call and reviewed 81 I-Ds in Evaluation • Reviewed 97 I-Ds prior to becoming RFCs, 60 of the 97 contained actions for IANA

SLA Performance

• Processing goal average for IETF-related requests: 98% • Currently drafting the 2013 SLA

Projects and Deliverables

• Phase 2 of integration of tools beginning testing • XMLization of registries 98% complete

IANA and DNSSec

• 101 TLDs have a full chain of trust in the root, see http://stats.research.icann.org/dns/tld_report/ • Ceremony 12 was executed successfully 12 Feb 2013 • Ceremony 13 is planned for 2 May 2013

RFC Editor Activity since IETF 85 (1 Nov 2012–28 Feb 2013)

Published RFCs: 122 • 62 Standards Track, 4 BCP, 21 Experimental, 34 Informational New search page at http:www.rfc-editor.org/search/rfc_search.php, updates based on community feedback Datatracker extensions (RFC 6359): two phases • 1. RFC Editor – Datatracker (complete) • 2. Datatracker – RFC Editor (for IETF 87) Beta testing XML2RFRC v2 posting to issue tracker]]> 1544 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/comic-bof-2/ Tue, 28 Jun 2016 14:53:19 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1546 ]]> 1546 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/dr-douglas-c-engelbart-computing-pioneer-1925%c2%ad-2013/ Tue, 28 Jun 2016 14:54:32 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1549 1549 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-october-2012-2/ Tue, 28 Jun 2016 17:58:15 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1562 ietfjournal@isoc.org. And remember, you can subscribe in hardcopy or via email at https://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.]]> 1562 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2015-2/ Tue, 28 Jun 2016 18:07:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1568 The Internet Engineering Task Force returned to the stunning city of Prague for our 93rd meeting, which was hosted by Brocade and the Czech domain registry CZ.NIC. In this issue of IETF Journal we share highlights of the week-long meeting and attempt to convey the spirit of the many people and discussions that make up an IETF meeting.

Our cover article provides an update on the status of exciting new work to simplify the deployment of security technologies on the Internet. We also have an article about the IETF Hackathon, a great introduction to the fast growing world of NETCONF and YANG, and a report on the live video Q&A session with Edward Snowden that took place prior to the meeting.

You can find out what ideas the community had for improving IETF educational and mentoring programs in our readout from the EDUNEXT BoF, and learn about one of the technology demonstrations on show during the Bits-N-Bites session.

Our regular columns from the IETF, IAB, and IRTF chairs, and coverage of hot topics discussed during the plenary meetings wrap up the issue. For more details of the Internet Area of the IETF in particular, a Working Group summary report is available at https://wiki.tools.ietf.org/area/int/trac/wiki/IETF93.

We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions athttps://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.

]]> 1568 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/world-ipv6-launch-the-future-is-forever/ Tue, 28 Jun 2016 21:50:27 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1575 The need for IPv6 deployment and the advantages of an open, globally addressable network should be very familiar to readers of the IETF Journal. In a nutshell, the healthy future of the Internet depends on the rapid deployment of IPv6. World IPv6 Launch served to accelerate planning for some, encourage adoption for others, and helped define IPv6 as the ‘new normal’ for global internetworking.

In order to ensure real and lasting impacts from the initiative, strict criteria were established for the three participant categories. For access networks, a commitment to make IPv6 part of their regular business was required. This meant new subscribers getting IPv6 on by default from 6 June 2012 and no special user configuration required to access the IPv6 Internet. To enable verification of progress towards this goal, access networks were also required to be delivering 1 percent of visits to major IPv6-enabled websites over IPv6 by 6 June. The level of IPv6 usage depends on the IPv6 capabilities and configuration of home networks, so the enabled customer base needed to be greater than 1 percent to reach this target. Measurements were made by the major website participants to verify meaningful participation.

The second category of participant was home router vendors. Again, the requirement was that IPv6 become part of regular business. This meant a majority of products shipping with IPv6 on by default, meaning no user configuration is required to use IPv6. The University of New Hampshire Interoperability Lab provided independent verification of IPv6 interoperability.

Finally, websites wishing to participate were required to enable IPv6 access to their main website permanently, meaning IPv6-enabled users can now access their content over IPv6 without any additional configuration.

Industry leaders in all three categories of participation made early commitments to the Launch and welcomed additional commitments from others.

For more information, see http://www.worldipv6launch.org/.

World IPv6 Launch by the Numbers

• 2,696: Website participants now available over IPv6
• 60: Network operators who are delivering over 1% IPv6 traffic
• 5: Home-router vendor participants

http://ams-ix.net/sflow-stats/ipv6/: Evidence of doubled IPv6 traffic is seen in this monthly graph from the AMS-IX Internet Exchange.

http://eggert.org/meter/ipv6: The combined impact of World IPv6 Day (2011) and World IPv6 Launch is illustrated by the number of IPv6-enabled websites in this global ranking by Lars Eggert.

]]> 1575 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-introduction-to-simple-cloud-identity-management/ Tue, 28 Jun 2016 22:10:30 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1585

Introduction

Simple Cloud Identity Management, or SCIM for short, made its first foray into the standards process at IETF 83 with a standing room only birds-of-a-feather (BoF) session. Since then SCIM has been working on finalizing its charter, which went to the area directors in late April and has been a topic of interest in numerous identity- and access-management communities, such as the Internet Identity Workshops (IIW), working groups (WGs) of Internet2 and TERENA, the Kantara Initiative, and several advocacy campaigns of SCIM contributors.

What is SCIM?

The SCIM protocol takes a pragmatic approach to the challenge of provisioning user identity across cloud-based service providers. The Simple in Simple Cloud Identity Management is more than just a name; it is a principle participants have used to evolve the concept and hope to continue as it goes through the IETF process to become a formal standard. The SCIM website has a phrase that succinctly sums up the approach: “In essence, make it fast, cheap, and easy to move users in to, out of, and around the cloud.”

Clearly articulating what is in scope for SCIM has been a vigorous exercise of how to strike a balance between complexity, simplicity, and the appropriate level of utility to provisioning identity and identity-related information.

Why now?

Without broad adoption of a standard way to do user provisioning, services have had to build custom systems. In turn, anyone doing business with that service must bear the cost of using a custom provisioning interface for each service and a custom schema with little re-use along the way. Provisioning within organizations also suffers this same fate.

While there are standards in this space, adoption is low. There is an unexpected scaling challenge in that instead of worrying about whether it can ‘scale up,’ the primary question is whether it can scale to just the right size. An organization may only need a fraction of what other protocols offer and need to operate on the corresponding fraction of resources and infrastructure.

SCIM’s pragmatic approach is attractive as it is designed to be nimble, less burdensome to adopt than other protocols, and it is more cost effective than to write, staff, and maintain a custom provisioning environment.

The Protocol

The SCIM protocol exposes a common user schema and extension model expressed in JavaScript Object Notation (JSON)1 format or XML format over HTTP using a Representational State Transfer (RESTful)2 API. Figure 1 illustrates the following key elements in SCIM:

• the service provider, which holds the identity information being operated on;

• the consumer, which is a website or application using the SCIM protocol to manage identity data maintained by the service provider; and

• resources, which are service provider-managed artifacts containing one or more attributes.

[Figure 1. Key elements of SCIM]

SCIM requests are made via HTTP operations and responses are returned in the body of the HTTP response, formatted as JSON or XML depending on the request, with the request status indicated in both the HTTP status code and the body of the response.

Operations and Expected Actions for HTTP

HTTP Operation Action

GET Retrieves a complete or partial resource.

POST Creates a new resource or bulk modifies resources.

PUT Modifies a resource with a complete, consumer-specified resource (replace).

PATCH Modifies a resource with a set of consumer-specified changes (partial update).

DELETE Deletes a resource.

Resources with Respective Endpoints

Resource	Endpoint	Operations	Description
User	/Users	GET, POST, PUT, PATCH, DELETE	Retrieve/Add/Modify users
Group	/Groups	GET, POST, PUT, PATCH, DELETE	Retrieve/Add/Modify groups
Service Provider Configuration	/ServiceProviderConfigs	GET	Retrieve the service provider’s configuration
Schema	/Schemas	GET	Retrieve a resource’s schema
Bulk	/Bulk	POST	Bulk modify resources

Full details of the protocol responses can be found on the SCIM website3.

Schema

The SCIM schema was inspired by the approach to schema taken by Portable Contacts4, along with some extra elements from initial participants. The Portable Contacts model offers more flexibility than other formats to capture data complexity, which translates into the ability to capture complex data relationships at a user level. In keeping with the spirit of simple, the core schema for SCIM is intended to meet 80 percent of a user’s basic attributes and allow implementers to get up and running as quickly and easily as possible. If mappings between the identity set being used and SCIM do not exist, extensions are available to tailor the schema. SCIM endpoints can be interrogated for schema much like Lightweight Directory Access Protocol (LDAP) servers so schema customizations are discoverable.

A side effect of this schema style is that SCIM can encapsulate more detail about an identity than LDAP’s inet-OrgPerson or a Security Assertion Markup Language (SAML) profile. The approach to address this is to have recommendations for LDAP and SAML mappings that will provide guidance on how to take a high-fidelity SCIM schema and transform it to a lower-fidelity format. The intended outcome of the mappings is to make it easier for implementers and to help foster consistency for those who need mappings. Other mappings maybe published depending on the demand for them.

SCIM, Schema, and Scope

Schema has been one of the most frequentlydiscussed items on both the SCIM and IETF lists with topics like:

• should attribute values be constrained based on other attribute values?

• should applying certain access control methodologies using certain attributes be expected or required? and,

• what is expected of SCIM regarding management of unique identifiers?

Each question is interesting on its own as an identity-management topic. That said, SCIM’s guiding principle of simplicity suggests that those requirements should be overlaid/profiled atop the specification to meet the demands of each unique use case. Constraining SCIM to a minimal standard schema with a flexible information model, combined with structured data transport, has broader utility and encourages adoption. At the same time, there is opportunity to leverage SCIM as the lower-level building block for those advanced uses and focus on the application of policy and delegate transport of the data to SCIM.

Running Code

Specification interoperability sessions are held where possible to exercise implementations and gain running code experience. Three have been held so far with the second held in Paris just before IETF 835 with a total of nine participants. The face-to-face sessions have been invaluable for identifying gaps or ambiguities that need to be clarified. The most recent was held at an Internet Identity Workshop from 1–3 May in Mountain View, California, U.S.A.6 There were nine participants, some of whom have SCIM implementations in production.

The Road Ahead

SCIM has been at the 1.0 state since December 2011 as a result of strong community participation. Vendors have been running code for months and a number have SCIM as features in their products7 collecting valuable real-world experience living with the technology and going through their product lifecycle with it. Others have stayed on the sidelines, either to see if the protocol gains more traction or because they are not comfortable with the uncertainty surrounding a new protocol and are waiting to see what will happen with SCIM and the IETF.

Draft charter milestones have been proposed to adopt the SCIM core schema, RESTful interface definition, and use cases as a living document by the end of summer 2012 and by summer 2013 to have formalized SAML bindings and LDAP mappings. This fills some gaps for those who may have been waiting to see what will happen and provides guidance on other areas of the protocol.

The SCIM WG has a number of topics vying for attention that we will introduce here as a glimpse into future discussions.

Defining and Recommending Possible Topologies

Describing possible deployment topologies will help identify where and how SCIM could be applied as a way to encourage adoption. The word cloud in SCIM is a bit of a misnomer and shouldn’t preclude SCIM from being deployed internally. Internal deployments may be more compelling than connecting to a Software as a Service (SAAS) vendor. There is more customization and more ownership of provisioning processes internally and hence equal if not more utility in deploying SCIM to simplify the internal provisioning environment and consolidate to a common model with SCIM as a foundation element.

Detailing End-Point Security Approaches

The challenge is that one size does not fit all and not all sites are equally equipped to execute one model over another. SCIM requires TLS 1.2 to be used and recommends OAuth Bearer Token as a method to encourage interoperability between SCIM endpoints, but remains flexible to allow other protocols to be used.

One of the bindings being examined with the SCIM protocol is SAML and how it could and should interact with SCIM. From a security perspective, SAML offers SCIM a trust model through SAML federations (private or public) and raises other interesting security conversations. Should all endpoints within a trust set be equally trusted?, is just one of many questions in this space. It is likely SAML environments would benefit from the option to augment their experience with formalization around provisioning to SAML end points.

Schema

There are a number of discussion points that could appear under the schema heading. Some have been mentioned already but not the more subtle and slippery slope of a ‘just one more thing’ approach to schema additions. This is manifested by the appearance of more and more attributes outside the core schema until there are more attributes appearing in the extension than in the core. SCIM is flexible enough to allow this, but should this pattern be encouraged, discouraged, or not something to be concerned about? Is this the antipattern of fortifying t

he core attribute model? It may very well be an acceptable way to use SCIM if it simplifies the entire infrastructure or is a technique to keep the schema evergreen and allow for maximum flexibility as the years go by. It will be an interesting discussion to dig into.

This brief tour of provisioning topics highlights only some of the areas to be explored.  As SCIM heads into the next round of improvements, keeping the balance between simplicity, practicality, and flexibility—even though they may be at odds with each other —will improve the durability of SCIM as a tool in the middleware toolkit. If these topics strike a chord with you, or if you have thoughts and would like to contribute, please join in by trying SCIM8 and joining the mailing list at scim@ietf.org.

References

1. A lightweight text-based open standard designed for human-readable data interchange

2. http://en.wikipedia.org/wiki/Representational_state_transfer

3. http://www.simplecloud.info/specs/draft-scim-api-00.html

4. http://www.portablecontacts.net/draft-schema.html 

5. http://code.google.com/p/scim/wiki/FirstInteropEvent

6. http://code.google.com/p/scim/wiki/SecondInteropEvent

7. http://code.google.com/p/scim/wiki/Implementations

8. http://simplecloud.info

It was standing-room-only at the Simple Cloud Identity Management birds-of-a-feather session.

Update

The System for Cross-domain Identity Management (scim) working group was chartered by the IESG on 21 June, 2012, in the Applications Area of the IETF. The agreed charter of the working group, including goals and milestones, is available at http://datatracker.ietf.org/wg/scim/charter/.

]]> 1585 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-june-2012-2/ Tue, 28 Jun 2016 22:12:11 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1587

The beautiful city of Paris, France, played host to the 83rd meeting of the IETF, which, as always, contained a vibrant and diverse mix of Internet technology discussions, debates, and proposals from attendees drawn from every region of the globe. In this issue of the IETF Journal we have tried to capture a flavour of the proceedings.

Our cover article provides a useful introduction to the important topic of provisioning user identity for online services. As more and more applications and services run ‘in the cloud’, building efficient and scalable infrastructure to support them and lend them increased flexibility is important.

Another question that received renewed attention during IETF 83 is that of congestion control for real-time communication. On page 18, Randell Jesup provides an interesting introduction to the problem space, some of the relevant preexisting work, and one proposal now being discussed.

Jose Saldana had a baptism by fire as a new attendee when he offered a tutorial on online gaming network traffic and found many interested attendees ready to hear him speak. He writes about his experiences and his work on improving efficiency of gaming traffic on page 20.

Also in this issue are our regular columns by the IAB, IETF, and IRTF chairs; coverage of hot topics discussed during plenary meetings; and a piece on the contributions fellows make to the IETF.

As always, we are grateful to all our contributors. Send comments and suggestions for contributions toietfjournal@isoc.org. And remember, you can subscribe to the hardcopy version or via email athttps://www.internetsociety.org/publications/ietf-journal/ietf-journal-subscription.

]]> 1587 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/demonstrating-ipv4-multicast-service-continuity-during-ipv6-migration/ Wed, 29 Jun 2016 14:00:50 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=1603 Demo 1: The IETF Softwires working group’s (WG’s) document draft-ietf-softwire-dslite-multicast (http://datatracker.ietf.org/doc/draft-ietf-softwire-dslite-multicast/)documents multicast extensions to the DS-Lite technique for delivering IPv4 multicast services to IPv4 receivers connected to an IPv6 multicast-enabled network. The demonstration of draft-ietf-softwire-dslite-multicast (Figure 1) was composed of an IPv4 receiver, a multicast B4 capability embedded in a CPE device, an MLD querier, and a multicast Address Family Transition Router (mAFTR) capability colocated with a DS-Lite CGN device. France Telecom/Orange has developed the “mB4 function” that conveys the contents of the Internet Group Management Protocol (IGMP) report messages sent by the IPv4 multicast receiver into the equivalent Multicast Listener Discovery (MLD) report messages that are forwarded by the CPE towards the MLD querier located upstream in the IPv6 multicast network for further processing. The mB4 capability is embedded in an OpenWRT-based CPE (see https://openwrt.org/), while ZTE Corporation has developed the mAFTR function, which is used to extend the Protocol Independent Multicast (PIM) v4-computed multicast distribution tree into an equivalent PIMv6-computed multicast distribution tree that is established and maintained in the IPv6 multicast-enabled access infrastructure. From the perspective of a control plane, the mB4 is responsible for conveying the contents of the IGMP Report messages into the equivalent MLD Report messages by means of a specific IGMP/MLD interworking function and the use of the IPv6 prefixes that are derived from the IPv4 multicast addressing used by the original IPv4 source, as documented in http://tools.ietf.org/html/draft-boucadair-behave-64-multicast-address-format-03. The mAFTR capability is then used to extend the PIMv4-computed multicast distribution tree with the equivalent PIMv6-computed multicast distribution tree, by means of a PIMv4/PIMv6 interworking function that allows the triggering of PIMv4 Join messages towards the original IPv4 source based upon the processing of PIMv6 Join messages sent by the PIMv6 DR router colocated with the MLD querier. Once the IPv6 multicast tree has been established to convey the IPv6 multicast packets that embed the original IPv4 multicast content, the latter is delivered thanks to a stateless IPv4-in-IPv6 encapsulation/decapsulation scheme implemented in both the mB4 and the mAFTR. _{Figure 1: Demonstrating multicast extensions to DS-Lite based on a stateless encapsulation mode.} Demo 2: Huawei has developed code for multicast IPv4-to-IPv6 translation that runs in the forwarding plane (Figure 2) in Huawei’s router product NE40E with wire-speed forwarding for multicast flows. In order to demonstrate interoperability, the France Telecom/Orange CPE was used to connect to a multicast receiver. This code demonstrates two of the use cases documented in: http://tools.ietf.org/html/draft-jaclee-behave-v4v6-mcast-ps-03, https://datatracker.ietf.org/doc/draft-venaas-behave-v4v6mc-framework/, and http://www.ietf.org/internet-drafts/draft-tsou-multrans-use-cases-00.txt Huawei’s 4-6-4 implementation uses translation capabilities that assume the support of so-called adaptation functions that associate the contents of IGMPv2/v3 Report messages with the triggering of PIMv6 Join messages. The specific devices used for the demo are shown in Figure 2, where translation is activated in edge routers. ^{Figure 2: Demonstrating multicast extensions to 4-6-4 [DS-Lite] based on translation capabilities in the forwarding plane.}  Huawei also addressed the IPv6-IPv6-IPv4 (6-6-4) use case by providing the relevant adaptation functions in the forwarding plane. This allows IPv4 multicast content traffic to be sent via an IPv6 multicast network to an IPv6 receiver (as shown in Figure 3). The multicast distribution tree is set-up by the IPv6 signaling (MLDv2 and PIMv6). The IPv4 multicast distribution tree is set up using IPv4 multicast. The 6-6-4 context allows IPv6-only receivers that are connected to an IPv6 multicast network to access IPv4 multicast content. _{Figure 3 – Accessing IPv4 multicast content from an IPv6-only receiver through an IPv6 multicast access infrastructure (6-6-4 Use Case).} Multicast Content for the Demos The IPv4 multicast content was provided by BUPT and delivered through the China Education and Research Network (CERNET) and the Chunghua Telecom (HiNet) network infrastructure for both demos. BUPT, serving as an IPTV content provider in CERNET and CERNET2, has acquired significant experience in serving IPv6 multicast content. BUPT started to provide IPTV service in 2006, and supports both IPv4 and IPv6 access. In order to promote IPv6 technology, BUPT delivers IPv6-only IPTV content to receivers connected to the CERNET2 network. Currently, the average number of unique IP addresses that are used to visit the IPTV portal each day is around 20,000. According to the statistics, around 90 percent of the traffic comes from universities other than BUPT that are connected to the CERNET2 network. IPTV service has become one of the most popular services of CERNET2. Sometimes, the 10G router port in the BUPT-managed CERNET2 POP is fully occupied by IPTV traffic. BUPT has already conducted several other IPv4-to-IPv6 transition technology experiments that have been successful. IETF 82 was another opportunity to demonstrate the progress that is being accomplished to solve some of the issues raised by the forthcoming transition period. From that perspective, we can expect to look forward to more demos at future IETF meetings that further strengthen the key role played by IETF standardization in promoting IPv6 deployment and usage. Demonstration team personnel include:

• France Telecom Orange: Christian Jacquenet, Xiaohong Deng, Mohamed Boucadair, Gu Daqing, Wang Lan
• Huawei Technologies:  Susan Hares, Tina Tsou, Thomas Zhang, Cathy Zhou, Charlie Zha, James Huang, Leaf Yeh
• Beijing University of Posts and Telecommunications: Yan Ma, Xiaohong Huang, Qin Zhao, Zhenhua Wang, Xiaodong Zhang
• ZTE Corporation: Jacni Qin, Fei Zhang, Huaikuo Yang, Jun Wang
• China Telecom: Qian Wang
• Comcast: Yiu Lee

Photos In INTERNET SOCIETY_TAIPEI_132-1 from left to right: Charlie Zha, Thomas Zhang, Cathy Zhou, Tina Tsou, James Huang, Xiaohong Deng In INTERNET SOCIETY_TAIPEI_133-2 from left to right: Bo Wu, Qilei Wang, Tian Tian, Xiaohong Deng, Fei Zhang, Yuan Wei]]> 1603 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2016/ Wed, 06 Jul 2016 14:48:19 +0000 https://www.ietfjournal.org/?p=1686 th anniversary year with a very memorable meeting in Buenos Aires, Argentina. This was only the second the IETF has meet in the southern hemisphere. In addition to drawing a large number of local participants, it included a relatively high number of remote attendees. Our cover article this issue was prompted by a presentation and debate that took place in the sunset4 Working Group on the subject of declaring IPv4 Historic. Read Lee Howard’s and Geoff Huston’s perspectives and make up your own mind! In addition, we have Working Group updates from L3SM and TAPS, observations from one of the Internet Society Fellowship to the IETF Programme participants, a view from the pre-IETF Hackathon, and an article about a potential new technology direction for the IETF, namely Intelligent Transportation Systems. Our regular columns from the IETF, Internet Architecture Board, and Internet Research Task Force chairs, and coverage of hot topics discussed during the plenary meetings wrap up the issue. Finally, I’m thrilled to announce our newly redesigned website has been launched. Check it out at ietfjournal.org. I hope you find the IETF Journal content more accessible and interactive. We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hard copy or email editions at https://www.internetsociety.org/form/ietfj.]]> 1686 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/declaring-ipv4-historic-one-issue-two-sides/ Wed, 06 Jul 2016 14:54:26 +0000 https://www.ietfjournal.org/?p=1689 Historic has a particular meaning. RFC 2026 defines Historic to mean: A specification that has been superseded by a more recent specification or is for any other reason considered to be obsolete is assigned to the Historic level. While it looks simple on paper, actually acting on RFC 2026 is anything but. Lines have been drawn and supporting arguments on both sides show significant merit. To shed light on the pros and cons of declaring IPv4 Historic, the IETF Journal invited Lee Howard and Geoff Huston to share their thoughts.

Lee Howard: Yes!

The original document defining IPv6 says that “IP version 6 (IPv6) is a new version of the Internet Protocol, designed as a successor to IP version 4 (IPv4)” [RFC 1883]. A “designed successor” may not instantly supersede its predecessor, but that sounds like the intent, and the successful deployment of IPv6 means the time is near. IPv4 is historic. It has enabled new means of communicating that have changed the world. IPv4 is also historical: it belongs to the past. Like stone knives, it is a technology that enabled other life-improving innovations, but whose time has passed. A Historic protocol can still be used. Early discussion in the sunset4 working group shows that it is too soon to deprecate IPv4. “Deprecating” would be saying it should be avoided because it is harmful or not recommended. IPv4 does have inherent limitations that cannot be mitigated: primarily, the length of the address space. IPv6 does not have this limitation. IPv4 may still be perfectly viable for communication in some circumstances. Other historic protocols are still in use, when administrators understand the risks, usually when both end points and the network between them are under single administrative control. Network operators are free to continue using IPv4 as long as it suits their needs. Declaring an Internet Standard to be Historic does have implications. When RFC 791 is moved to Historic status, any Standards Track RFC with a Normative reference to RFC 791 becomes Historic. Over one hundred RFCs cite RFC 791, but not all of them are normative references, and not all of them would reasonably be obsolete. For instance, RFC 7676 defines “IPv6 Support for GRE” and even though it includes RFC 791 as a normative reference, there’s nothing in it that fails if IPv4 is declared Historic. Some RFCs define IPv4 options, which would seem to make them Historic. Most, such as RFC 1035 “Domain Names - Implementation And Specification” which defines A records and the IN-ADDR.ARPA zone, will be updated by this document, but are not Historic. Other documents with incidental references to RFC791 should not be affected. Documents requiring updates should be included in [draft-ietf-sunset4-gapanalysis]. Why go to all this trouble? It’s not just housekeeping. Although a tidy house is appealing, there’s plenty of clutter in the RFC series. Some clutter doesn’t matter, though—there’s no need to tell people to ignore the disused ashtray under the sofa, they’re ignoring it already, and fewer and fewer people need ashtrays. IPv4, however, is significant, with new transition mechanisms, new optimizations, and new Network Address Translation (NAT) workarounds still being introduced. Developing consensus on that work distracts people, whose time could be better spent developing IPv6 features or optimizing performance or security in IPv6. It is therefore important to stop working on IPv4. This tool is becoming more fragile (or brittle) over time with patchwork like NAT and its workarounds. An IETF consensus declaring IPv4 to be Historic will signal to future IETF contributors that we are done with it. The process of considering, discussing, and building consensus on that declaration is how we as a community determine how we want to spend our precious time. We can decide that we no longer want to support those who refuse or have taken too long to upgrade to IPv6. For those who choose to continue using IPv4, there are some considerations. The IETF may not normally update Historic RFCs. This doesn’t mean that the IETF can never update IPv4, but the bar is set higher, requiring scrutiny from the IESG. Maybe we continue optimizing transition technologies. As described in RFC 6540, IPv6 support is required, and some documents may be confusing as to whether “IP” means IPv4 plus IPv6, IPv6-only, or IPv4-only. We can’t declare IPv4 Historic tomorrow. “Standards track specifications normally must not depend on other standards track specifications which are at a lower maturity level” [RFC 2026]. Therefore, any RFC depending on IP must have IPv6 at full maturity before declaring IPv4 Historic. Since the IETF IPv6 Maintenance (6MAN) Working Group is in the process of promoting IPv6 to Full Standard, we would have to wait. Being dependent on that work does not mean it’s too soon to discuss it and to work on building consensus. It is possible that bugs inherent to IPv4 may yet be discovered. This seems unlikely, given the extent of testing and production use it has. RFC 791 has only been directly updated three times:

1. RFC 1349 “Type of Service in the Internet Protocol Suite”
2. RFC 2474 “Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers”
3. RFC 6864 “Updated Specification of the IPv4 ID Field”

Still, it is conceivable that an inherent flaw will be found, and if IPv4 is Historic, it will be easier to update IPv6 than IPv4. Therefore, for security reasons, the use of IPv6 only is recommended; IPv4 should be used only as needed for backward compatibility. “Art is never finished, only abandoned.”[1] It’s time to stop working on our previous master work, and show how much farther we have come than our original stone knives. The combined focus of the IETF on IPv6 can give it a even greater resilience, flexibility, and security than we did with IPv4.  

Geoff Huston: Not Yet!

The rationale for the proposed redesignation of IPv4 was that the protocol has been superseded by a more-recent specification, IP version 6. Furthermore, it is thought that this action would add to the impetus to deploy IPv6. The take-up of IPv6 is not overly uniform. While some service providers are enthusiastic proponents of IPv6, many more providers are at best hesitant and at worst ignoring it and hoping that it will go away. As a message to both the laggards and potentially their customer bases, it was argued that the IETF should clearly indicate that it is time to move to IPv6. One way to do that is to declare IPv4 a Historic technical specification. If that were all there is to it, then perhaps a case can be made that the IPv4 technical specification should be declared Historic. But there are additional aspects to consider. As pointed out by RFC 2026: Not Recommended: A Technical Specification that is considered to be inappropriate for general use is labeled “Not Recommended”. This may be because of its limited functionality, specialized nature, or historic status. This text seems to imply that a status of Historic also suggests Not Recommended, which may send the wrong signal to the existing user base that relies on IPv4. The proposed redesignation also would throw the IPv4 specification out of the Internet Standards set. Specifications that are not on the standards track are labeled with one of three "off-track" maturity levels: "Experimental", "Informational", or Historic. The documents bearing these labels are not Internet Standards in any sense. So maybe this is a bigger step than just observing that IPv6 supersedes IPv4. As one commenter in the Working Group session pointed out, declaring IPv4 Historic would likely backfire and serve no better purpose other than exposing the IETF to ridicule. Certainly there is some merit in wondering why a standards body would take a protocol specification used by more than 3 billion people and approximately 10 billion devices every day and declare it to be Historic. In any other context, such adoption figures for a technology would conventionally be called outstandingly successful! Perhaps we can put this into a broader context by looking at other Historic specifications. Unfortunately, the IETF does not have an obviously consistent story when declaring technical specifications Historic. Some very old and now unused services as described in Request for Comments (RFCs) are not declared to be Historic. For example, we can go a long way back in time to RFC 162, and find a specification that the completely forgotten protocol, "netbugger3", is not Historic. If there are any extant implementations of this curiously-named protocol, I would be keen to learn of them. Similarly, Gopher, a specification that enjoyed a brief moment in the sun in the early 90s before the juggernaut that is today’s Web superseded it, is not, according to the IETF, Historic. So if some pretty obviously defunct protocols are not Historic, what is? A browse of the Historic RFCs reveals a collection of TCP extension specifications, including RFC 1072 and RFC 1106. They were declared Historic by RFC 6247 with the rationale that they “have never seen widespread use”. That’s not applicable to IPv4 by any stretch of the imagination! Browsing the Historic RFC list at https://www.rfc-editor.org, it’s evident that there are more than a few RFC documents that never even saw the light of day as current specifications, as they were declared Historic at the outset. Again, quite obviously, this is not applicable to IPv4. What about other Internet Standards? There is a reasonable case to be made that Internet Standards numbers 23 and 24 (Quote of the Day and Finger, respectively) have long passed out of common use. Historic status seems to be entirely applicable for both of those quite venerable standards, as their previously widespread use has waned to the point of almost complete invisibility. So we appear to treat Historic status somewhat whimsically. We could be a little more consistent, and in that vein there is a case to be made to push Finger, Quote of the Day, Gopher, Netbugger3, and their like into Historic. The world has moved on and these protocols are stuck in an older world. But not IPv4. And not just because it is used by an unprecedented number of people and devices and we all still rely on it. It’s not just that. It’s because we probably haven’t finished with IPv4 yet. While many folk, including myself, would dearly like to see an all-IPv6 Internet today, I’d like to think I’m pragmatic enough to understand that we’re stuck with a dual-stack Internet for many years to come. And that pragmatic observation has its consequences. So far, we have managed to cram some 10 billion unique devices into the Internet. The silicon industry is not going to stop and wait for us to complete this IPv6 transition, and, in the meantime, we can readily imagine a near future that crams every new computer, smartphone, personal pad, television, new car, and a whole heap of other applications, on this dual-stack Internet. We may well need to push the IPv4 Internet to encompass 20 billion or so devices on this strange and protracted dual-stack journey to IPv6. One immediate change so far is the semantics of IPv4 addresses. Increasingly, IPv4 addresses are ephemeral short-term elements of conversation stream identifiers. The have lost any concept of being a stable endpoint identifier. The more devices we push into the network, the more we change the way IPv4 behaves. As we try and make IPv4 stretch just that little bit farther, we may need to make more subtle changes, which may or may not impact the current specification for IPv4. We just don’t know yet. What we do know is that right now the story is by no means over for IPv4. As a standards body, it may sound like a good idea for the IETF to send a strong signal to the industry about the need to take this transition seriously by declaring IPv4 to be Historic. But if this is what the IETF does, then the work on IPv4 will probably continue. The risk is that it will continue without the benefit and support of the acknowledged Internet Standards organization, the IETF. And we have some prior experience with what happens then. The last time the IETF turned its back on a technology specification was the development of the specification of Network Address Translation (NAT). The result was that implementers could not rely on a complete and coherent specification, and they were forced to make it up as they went along. Every NAT product had subtle behavioural differences with every other NAT product. The losers in this scenario were application developers and, ultimately, the users. Applications had to work across NATs and negotiate functionality across a diverse set of undocumented and, at times, inconsistent behaviours. The resulting environment can be brittle and fail in unanticipated ways. Standards help us understand how to interoperate and how to rely upon predictable ways to interoperate. It takes a lot of the guesswork out of technology specification, and can eliminate a large amount of complexity in implementing technology. I would be horrified if we managed to repeat this mistake at this point in IPv4’s life history. Oddly, it is now, while we continue to work through the dual stack phase of the transition to an IPv6 Internet, that the IPv6 part of the Internet needs a consistent and relevant IPv4 specification the most! IPv4 Historic? No. We haven’t finished with it yet! [1] Attributed to Leonardo da Vinci.]]> 1689 0 0 0 23 0 0 25 https://people.dsv.su.se/~jpalme/ 0 0 26 23 0 28 23 0 10410 http://www.Avinta.com 28 0 10411 http://www.Avinta.com 25 0 10915 0 0 10916 23 0 11266 http://www.Avinta.com 10915 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-july-2016/ Wed, 06 Jul 2016 14:58:32 +0000 https://www.ietfjournal.org/?p=1692 Internet Engineering Task Force. Another remarkable aspect of IETF 95 was that it was our first meeting held in South America. We saw slightly more than 1,000 participants on-site, about 140 people from the region. I was very happy to see such strong and active local participation. The meeting was cohosted by LACNIC and the Internet Society—thank you for stepping up to support this meeting! I was happy to see many local sponsors, too, including IPLAN, CABASE, .AR, and NIC.BR. And my thanks to the other sponsors as well: Neustar, Level 3, Comcast–NBC Universal, Huawei, A10 Networks, and ICANN. For a summary of the meeting in video form, see https://www.youtube.com/watch?v=pdjunL22WZA.

Technical Topics

Two meetings on the growth of encrypted traffic stood out: (1) LURK, which was on building a distributed system that allows Content Data Networks (CDNs) to employ HTTPS/TLS while not releasing a copy of the private keys to the CDNs; and (2) ACCORD, which was about whether better queuing algorithms or more information about traffic flow priority would be useful for better scheduling of radio resources in mobile networks. The Internet of Things is another active and interesting area. Low-power wide-area networks were discussed in the LPWAN BoF, and some IoT-related Working Groups, including CORE and ROLL, have completed their initial batches of work and are now looking at new work. This meeting also saw the first official meeting of the Thing-to-Thing Research Group (T2TRG) at the IETF. This active Research Group is focusing on device-to-device communications and has met twice before the meeting. At the technical plenary, we heard a report from the recent IAB workshop on semantic interoperability problems (page 8). There was also plenty of work on Internet security. One of the most interesting topics was the work on TLS 1.3, specifically the discussions about its super-efficient 0-roundtrip initialization mode and under what conditions replay attacks can be avoided in that mode.

IETF Hackathon

This was a wonderful experience, both in terms of what got worked on and the people who participated. There were more than 30 new participants, including more than 10 who were new to the IETF. See Charles Eckel’s article on page 21. And thank you to Huawei, our new sponsor for all of this year’s IETF Hackathon events. I very much enjoyed Ole Troan’s new project on adding source address routing to Vector Packet Processing (VPP). There was also work on DNS privacy, big data, and many other things.

Admin Stuff

During the meeting, we announced that the IETF is creating an ombudsperson team to help handle any harassment concerns. For more about this team and how to report harassment, see https://www.ietf.org/ombudsteam. Finally, Alia Atlas gave a talk at the plenary on challenges and opportunities associated with the IETF’s changing environment. For example, our participation and funding models are changing as more participants attend remotely. ¡IETF 95 se concluyo! ¡Gracias a LACNIC, Internet Society, Buenos Aires, y a todos participantes!]]> 1692 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-23/ Wed, 06 Jul 2016 15:01:38 +0000 https://www.ietfjournal.org/?p=1695 The IAB Reports As I noted in the previous edition, we heard positive reactions to the idea that the IAB would make most of its report in email and devote some time to just a few highlights in the meeting. So, we did that again. The report is available at https://www.iab.org/2016/04/04/report-from-the-iab-before-ietf-95/. We plan to keep working this way as long as it is useful. Don't forget, you can discuss with the IAB anything you see in that report or in this note, or anything else you want the IAB to attend to. If you want to do it in public, send mail to architecture-discuss@iab.org. If you want to talk to the IAB without causing a public discussion, send mail to iab@iab.org.

The IAB Changes

The first meeting of the calendar year is the time when appointment terms end and new appointments begin. At IETF 95, the IAB had to say good-bye to two departing colleagues: Mary Barnes and Marc Blanchet. At the same meeting, we welcomed Lee Howard and Martin Thomson. It is always difficult to accept that valued colleagues will no longer be available in the same capacity as before. Yet the changes bring fresh perspective and renewal, and that renewal is what ensures that the IAB can be of service to the IETF and the Internet. The Internet does not sit still. Neither should we. The IAB also annually appoints its chair. I am flattered by my IAB colleagues' trust in me in selecting me for another year. I hope this one doesn't go as fast!

Technical Plenary Discussions

After IETF 95, we received some expressions of disappointment that there was no technical topic at the plenary. When we decided that less plenary time is better—and we got a lot of feedback to that effect—we had to acknowledge that every year one plenary needs to include more administrative detail. New IESG, IAOC, and IAB members get introduced. Once a year we simply must go through a detailed outline of the accounts in public, lest basic transparency be lost. For the same transparency reasons, we cannot cut the open mic. Under these constraints, it is necessary that something be cut from the program, and the technical topic had to be it. But fear not! We expect to continue technical topics at the other plenaries in the year. Look for one in Berlin.

Time Demands and Making the IAB Work

I noted at the beginning that, since I’ve been chair, the IANA stewardship transition has taken a lot of time. This has been frustrating for me because there are lots of other things that I wanted to do. But it has likewise been inspiring, and has reminded me how effective we are when we divide up the work. Because I’ve had to devote so much time to the transition, the IAB as a whole has had to work harder to do what otherwise might be done by the chair. The programs, as you have seen from our reports, have become both more effective and more subject to regular review. The good consequences are, I think, seen in the workshops the IAB is holding to address pressing issues and the way that programs are producing topics that inspire IETF work. But to me, the other lesson is just important: when the IAB spreads out its work among many different collaborating people, the work happens and we don’t have a single choke point. There is still work to do in this direction. The IAB chair automatically inherits certain jobs by virtue of being the chair. Why? Especially in an organization like the IETF, any IAB member is as able to speak unilaterally for the IAB as the chair is. You may have noticed that we now sometimes send out notices from different members of the IAB saying “for the IAB”. We think this is correct: the IAB speaks as one when it does speak, regardless who the mouthpiece is. What matters is that it reflect the IAB’s view. We’ll probably always need to have a chair to make other organizations think we work like they do. But we don’t have to work that way for real.

Retreating to Advance

Every year, the IAB holds a retreat, usually not too long after the new IAB is seated. The goal is to try to ensure that each IAB member has a clear understanding of what others’ priorities are for the year, and to ensure that we have a common direction so that we work effectively together. This year, we met in Cambridge, Massachusetts, USA, on 17 and 18 May. Inevitably, some of this is IAB members talking to each other—the goal, after all, is partly to ensure we’re aligned. But the IAB tries to ensure that the discussions in our retreat are also responsive to factors impinging on the Internet. This year, our topics about those external factors included the ongoing influence of the so-called Internet of Things on the Internet’s architecture; this discussion led directly to the IAB’s comments to the United States National Telecommunications & Information Administration in response to their request (https://www.iab.org/documents/correspondence-reports-documents/2016-2/iab-comments-to-ntia-request-for-comments-the-benefits-challenges-and-potential-roles-for-the-government/). We spent some time talking about cross-organization workshops: what has worked, what could use improvement, and what more of this we need to do. By the time you read this, the IAB-cosponsored Internet of Things Software Update workshop will have happened (https://www.iab.org/activities/workshops/iotsu/). We also discussed developments in Internet architecture that tend to promote the power or control of the network operator. And we had the good fortune of welcoming Danny Weitzner, Taylor Reynolds, and Dave Clark from the Massachusetts Institute of Technology (MIT) Internet Policy Research Initiative. Together, they discussed with us the ways that the IAB can and cannot interact effectively with policy makers. Our goal always is to identify those issues that are relevant to the Internet as a whole, and to find the people who are interested in the topic and can help make it better.

Let’s Advance

By the time you read this, the IETF will be meeting in Berlin for IETF 96, and the IAB will be pressing ahead on its issues: keeping the different parts of the Internet working as a coherent whole, while remaining faithful to the core design of a network of networks. If you want help understanding how different parts might fit together, or want another point of view on an issue you’re trying to sort out, feel free to ask us for it. Send us mail at iab@iab.org or discuss your topic on architecture-discuss@iab.org. Or, if you’re in Berlin, you can just talk to us. We have red dots, and we’re all friendly. Even me.]]> 1695 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-systers/ Wed, 06 Jul 2016 15:07:38 +0000 https://www.ietfjournal.org/?p=1701 systers-admin@ietf.org.]]> 1701 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/turning-30-ietf-seeks-ideas-for-growth/ Wed, 06 Jul 2016 15:12:08 +0000 https://www.ietfjournal.org/?p=1704 th birthday, the group’s leadership team is looking for ways that the standards body can remain influential and effective for the next 15 years. It invites everyone to participate in this ongoing discussion. During the plenary session at IETF 95 in Buenos Aires, the Internet Engineering Steering Group (IESG) discussed Internet trends and observations affecting how the IETF operates. Routing Area Director Alia Atlas gave a report from a design team that has developed a draft entitled, IETF Trends and Observations. At issue is how the IETF should continue evolving to meet its goal of making the Internet work better. “We have changed the world, and we all know that,” Atlas said. “The Internet is critical to public and private life. People who are under 30 can’t imagine what the world was like before the Internet... Now the IETF is living in the world that we helped to create, and that creates more opportunities for us.” In particular, the IESG is looking for ways that working groups can do more of their business online using cutting-edge collaboration tools. In addition, the IESG hopes to enhance remote participation, develop local hubs of activity, and reduce its financial dependency on hosting three large meetings per year. “We’re going to keep changing because we’re going to keep taking advantage of the technology and collaboration abilities that we enabled,” Atlas said. “We need to continue expanding our community, expanding our social circle. We need to add more people to our meetings… but we also need to keep the operators, developers, and researchers comfortable participating in the low-volume way that they want to.” Atlas pointed out that at its first meeting, the IETF had only 30 people with “the simple idea of rough consensus and running code. The question as we look ahead is: How can the IETF continue to be true to our roots, thrive in this world, and create the future Internet that we need?” Atlas explained that the Internet Society is reorganizing its support for the IETF and seeking more global sponsors for what it now calls The IETF Endowment. She said the IETF must transition its funding structure away from in-person meetings to a more sustainable structure that will support an increase in remote participation. She said companies are interested in sponsoring the IETF because it “is a trusted technical authority. People respect the work we do. They know that we understand the technology and that we care that it makes the Internet keep going and get better.” In addition to increasing remote participation, the IESG hopes to create local hubs with active communities engaged in technical sharing, Hackathons, and social activities. “We’re going to spread the idea of the IETF and grow the community,” she said. “There are two things that tie us together: one is our love of technology and finding a good practical solution, and the other is finding someone else—one or five other people—to have an awesome technical discussion with… The community is where we have our strength.” Atlas said the IETF must do a better job of communicating what it is doing and to be more outward-focused, rather than exclusively inward-focused. “New communities may be joining us because they want a technology standardized. We need to be welcoming,” she added. Atlas concluded by asking IETF participants to read the draft and participate in the mailing list discussion at ietf@ietf.org. “What we really want is your ideas on how the IETF should adapt and improve,” she said. “We’re looking for community discussion that converges and sets new direction.” Also at the plenary session, the IAB described its recent Internet of Things Semantic Interoperability Workshop and its Names & Identifiers Program. IAB member Dave Thaler said the IoT workshop was “extremely productive”, attracting almost 40 attendees to discuss the many different definitions and schemas emerging for various objects in the evolving IoT area. Suzanne Woolf gave an overview of the IAB Names & Identifiers Program, which has several drafts about the history and semantics of domain names, what an idealized naming system might look like, and how to look at names and naming in context. Additionally, the IAB held a Birds-of-a-Feather session in Buenos Aires aimed at looking beyond DNS and default context for Internet names. In other news, Scott Bradner was given a standing ovation after it was announced that he would retire in June. Bradner has been active in the organization since IETF 16 in 1990. He has published 44 Request for Comments (RFC) documents and is the author of the most-cited RFC (2119), which outlines key words for use in RFCs to indicate requirement levels. He was area director in four different areas and is a current Internet Society Board Member and IETF Administrative Oversight Committee member. Bradner was the second person to win the IETF’s highest honor, the Postel Service Award, after Jon Postel himself. “For me, you have been the person to look up to. It was very easy to work with you. You always have an intelligent answer, and you always go all the way thinking about topics and trying to do the right thing,” said IETF Chair Jari Arkko as he presented Bradner with an award for being the “Mother of Consensus”. “In general, it’s been positive for me and hopefully for the organization. But the time does come, and it has. Thank you very much,” Bradner said.]]> 1704 0 0 0 19 http://www.isology.com 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/using-i2nsf-for-overlay-network-to-avoid-distributed-denial-of-service-attacks/ Wed, 06 Jul 2016 15:16:26 +0000 https://www.ietfjournal.org/?p=1707 Figure 1. The I2NSF Service and Capability Layers[/caption] I2NSF has two types of interfaces: a service layer and a capability layer. The service layer specifies how a client’s security policies may be expressed to a security controller. The capability layer specifies how to control and monitor flow-based security functions (NSFs) at a functional implementation level. The policies over the Service Layer Interface don’t care which NSFs are used to enforce the policies. There could be multiple NSFs to enforce one Service Layer policy. The policies over the Capability Layer Interface are to specific NSFs. The I2NSF Working Group (WG) was charted in October 2015. From IETF 94 to IETF 95, I2NSF WG has adopted four Internet-Drafts: draft-ietf-i2nsf-problem-and-use-cases-00, draft-ietf-i2nsf-framework-00, draft-ietf-i2nsf-gap-analysis-01, and draft-ietf-i2nsf-terminology-00. The WG has agreed to use the Event-Condition-Action paradigm for the Flow Based Security Rules polices over both the Service Layer Interface and the Capability Layer Interface. [caption id="attachment_1709" align="alignnone" width="300"] Figure 2. The I2NSF Framework[/caption]]]> 1707 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/intelligent-transportation-systems-and-the-ietf/ Wed, 06 Jul 2016 16:04:54 +0000 https://www.ietfjournal.org/?p=1712 [1] IP family of protocols in these use-cases is relatively limited, if not outright absent. ITS discussions at the IETF offer hope of TCP/IP protocols in vehicular communications in the near future. TCP/IP protocol stacks are already present in many cars that are connected to the Internet with a cellular modem, typically LTE. In addition, widespread in-car technologies like MirrorLink, Apple CarPlay, and Android Auto use IP. Current demonstrators of security mechanisms for out-of-car DSRC[2] need an ancillary Internet connection, often LTE with TCP/IP support, to realize the transfer of security material (certificates, revocation lists, and so on). Recent demonstrators featuring vehicle-to-vehicle (V2V) use-cases (e.g., platooning), rely on ITS-G5 link-layers and CAM application-layers. Within these demonstrators, the platoon size limits (number of cars in a platoon) have been exhibited due to the radio range of ITS-G5. It is believed that the involvement of IP protocols (with ETSI ITS applications) featuring IP subnet structures between cars may lead to arbitrary-size platoons (like the size of the Internet can be arbitrary), where packets are IP-forwarded rather than broadcasted. Adopting TCP/IP would also help address the fact that the pairing operation of vehicles is independently being developed by organizations that often overlook fundamental interoperability requirements. Furthermore, recent lessons learned at a European demonstration event illustrated the necessity of sending vehicle position corrections over IPv6. DSRC and ITS-G5 messages, such as BSP or CAM, are broadcast periodically (IP is not used); there is a need for a mechanism to allow the sender to learn whether or not a message was received with a certain degree of reliability. Using the request-response semantics of some IP protocols may help achieve improved reliability when necessary (e.g., ICMP Neighbor Solicitation/Advertisement, or TCP SYN/ACK). Arguably, where smartphone-to-server TCP/IP is the preferred method of mobile interaction, rarely, if ever, does a deployed multimodal travel planning application run on IPv6. More importantly, too often application-glued-on-link communication protocols (i.e., protocols without networking layers[3]) are involved in communications between automobiles. In this context, further involvement of applications relying on TCP/IP and of IP forwarding mechanisms is expected to result in significant improvements to the security of communications (IPsec), and orders of magnitude more interactions between numerous directly reachable devices in vehicles (IPv6). Applications that are unimaginable today will be possible, when every car can talk to every other car around the world, as computers do via the Internet. And since the value of the network grows with the number of connected parties, it is expected that the Internet’s value and reach will increase even more when cars are connected. The potential growth can be further illustrated by vehicles forming an independent network on a road linking smart cities; to some extent the question whether to connect the network of vehicles to the Internet may be turned the other way around.

The ITS BoF in Buenos Aires

Participants at the IETF have published Internet-Drafts that are explicitly or implicitly related to ITS use-cases on many occasions in recent years. In April 2016, at the IETF meeting in Buenos Aires, a Birds-of-a-Feather (BoF) meeting, chaired by Carlos Pignataro and Russ Housley, was held specifically on the topic of ITS. Problem statements were discussed about the use of IP in vehicle networks: IP for vehicle-to-vehicle and vehicle-to-infrastructure communications, IPv6-over-foo, IP path establishment, and naming. The presented use-cases involve direct communications between vehicles (V2V), for example, vehicle platooning. Additional use-cases involve communications between a server situated along or near the road (Road-Side Unit) and vehicles passing by. A tutorial on the use of IP in vehicle networks exposed the advantages of a narrow-waist networking layer (compared with network layer absence or with other link-specific or application-specific networking layers), including the support of link layers, such as 802.11-OCB (also known as DSRC or 802.11p), with a variety of modulation methods (e.g., WiFi, LTE, and VLC). Other aspects of using packetised data exchange principles were described as comparing favorably to the use of bouncing-signal principles of communication between vehicles, such as when Light Detection And Ranging (LIDAR) or cameras are involved (Figure 1). These two aspects raised a number of comments from the audience; together with the previously expressed security and privacy concerns, these comments can be found in the meeting minutes. [caption id="attachment_1722" align="alignnone" width="640"] Figure 1. Vehicle-to-vehicle communication prinicples[/caption] The establishment of a Category A liaison between the IETF and the ISO Technical Committee TC204, ITS, was announced during the ITS BoF in Buenos Aires. One liaison statement from ISO/TC204 was announced, with a slide set from the ISO/TC204 liaison officer.

Charter Work and Interim

The initial text of a charter[4] for an ITS WG was presented in Buenos Aires. In the initial phases of charter writing, a significant number of work domains were suggested: communications between automobiles (V2V, V2I), space, airline, and unmanned aerial vehicle communications, information- and content-centric networking applied in vehicular communications, alternative mobility protocols and locator-identifier split for networked vehicles (AERO, LISP) and more. Facing this potentially enormous scope, extensive discussions led to more than just improving the text, it helped narrow down the number of deliverables: two Informational documents on the context and the problem statement for the use of IP in vehicular communications, and one Standards Track document on “IPv6-over-802.11p”. This charter structure was further finalized during the virtual interim ITS BoF held on 31 May 2016 via audio-conference with remote slide presentation. The details are described in the minutes of the virtual interim meeting. The item “IPv6 over 802.11p” is regarded as a typical IETF “IPv6 over foo” document, based on “IPv6 over Ethernet” RFC 2464. The model of an IPv6-over-802.11p layered stack of protocols can be compared against other models of running IPv6 over 802.11p (DSRC) found at pertinent Standards Development Organizations. Three such models are illustrated in Figure 2. [caption id="attachment_1718" align="alignnone" width="640"] Figure 2. Models of Running IPv6 over 802.11p[/caption] Prior to the BoF in Buenos Aires, the topic of vehicular networks was presented at the IETF 93 technical plenary in Prague, Czech Republic. Presentations from academic and industry experts in vehicle networks, security, and standardization  were discussed. For more on the plenary, see “Vehicular Networks Are Expected to Save Lives But Carry Privacy Risks,” IETF Journal, Vol. 11, Issue 2 (https://www.internetsociety.org/publications/ietf-journal-november-2015/vehicular-networks).

A Proposal for an ITS WG

The goal of the proposed ITS WG is to standardize and/or profile IP protocols for establishing direct and secure connectivity between moving networks.

Definitions

The Working Group defines the terms V2V, V2I, and V2X as follows: V2V (vehicle-to-vehicle communications). The communications can be direct (without requiring an access point or relay by the road-side), or indirect (relying on one or multiple relays along the road-side). V2I (vehicle-to-infrastructure communications). Data flows happen between a mobile vehicle and a server in the fixed infrastructure nearby. Sometimes V2I stands for vehicle-to-Internet communications, referring to a server anywhere in the Internet. V2X (vehicle-to-‘any other’ communications). In some contexts it is a handy term to mean both V2V and V2I at the same time, e.g., “V2X technology enables a vehicle to stay connected to both the Internet and other cars”. In other contexts it means vehicle-to-‘something other than vehicle or infrastructure, most notably a human’ communications, e.g., V2P (vehicle-to-pedestrian), V2N (vehicle-to-nomadic pedestrian), and V2D (vehicle-to-device of pedestrian).

Models and Use-Cases

Two use-cases were discussed at the BoF: cooperative adaptive cruise-control (C-ACC) and platooning. These communication models are illustrated in Figures 3 and 4. [caption id="attachment_1720" align="alignnone" width="640"] Figure 3. Example Application Using IP Messages for C-ACC[/caption]   [caption id="attachment_1724" align="alignnone" width="640"] Figure 4. Scalability and Interoperability Issue of Initial Non-IP Platooning Demonstrators[/caption]

Looking Forward

The charter text is now stable, and work has started on the initial work items. Four Internet-Drafts have been identified as good candidates for the first three work items. More people have joined the email list and some of those have expressed interest in submitting Internet-Drafts to address the goals in the current proposed charter. If you are interested in the use of IP protocols in vehicular communications, please subscribe to the email list https://ietf.org/mailman/listinfo/its and submit an Internet-Draft targeting one of the three proposed work items: ITS General Problem Area, IPv6 over 802.11p, or Problem Statement. You are also invited to read the existing Internet-Drafts in this group, review them, and make comments.

Footnotes

[1]Ahead of general thinking, the IETF considers the current version of the IP family of protocols to be IPv6. Work is being considered to declare IPv4 as “Historic”, or “Restricted Standard”, and, simultaneously, work is ongoing to promote IPv6 as “Internet Standard”. See page 1. [2]The term Dedicated Short-Range Communications (DSRC) is used with multiple meanings. An earlier IETF Journal article defines DSRC as “802.11e for quality of service; 802.11j-2004 for half-clocked operations, which are a more robust form of communication; and 802.11p for operation in the 5.9 GHz band and a new mode called OCB for Outside the Context of a Basic Service Set.” Also, DSRC MAC and PHY layers are defined by ASTM E2213 - 03(2010), which may refer to IEEE documents. The DSRC application layer is defined by SAE J2735_201603. In Europe, DSRC is defined by CEN/TC278. An additional standard used in Europe for 5 gigahertz, in lieu and place of DSRC, is defined by ETSI as “ITS-G5”. [3]An early example of an application protocol glued onto the link layer (without a network layer) is the Wireless Application Protocol (WAP). It was used in the initial deployments of interactive applications in the first smartphones, only to be phased out by the arrival of TCP/IP. Today, WAP has largely disappeared, yet similar tendencies persist to develop such protocols within and outside ITS. [4]See the latest proposed charter at https://tools.ietf.org/wg/its/trac/ . ]]> 1712 0 0 0 25271 https://profiles.wordpress.org/coinmasterspins/ 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/things-talking-to-other-things-about-things/ Wed, 06 Jul 2016 16:15:43 +0000 https://www.ietfjournal.org/?p=1730 Rough consensus and running code are all about making diverse things work together as much as possible. One of the places that things—in this case, “Things”—need to line up is in the application layer. For the Internet of Things (IoT) to become the reality many popular accounts would suggest, various kinds of Things need to be able to talk to one another, and not only at the lowest levels. For example, one promise of the Internet of Things is that the lights and the thermostat and the garage door can all collaborate to make your house more comfortable. And the whole system is likely to be better overall if each part works together, no matter who made each device—just the way the Internet has grown and succeeded. A key theme of Dave Thaler and Hannes Tschofenig’s talk at the IETF 92 Technical Plenary was the duplication and gratuitous differences arising from many organizations independently defining data models, or schemas, for each type of IoT device. For example, there were already many different definitions of what a light bulb was! As a follow-up to help tackle this problem, the Internet Architecture Board organized the Internet of Things Semantic Interoperability (IoTSI)  workshop held 17–18 March 2016. Facing this issue brought many people together, including, but not only, those who participate in the IETF, World Wide Web Consortium (W3C), Open Mobile Alliance (OMA), AllSeen Alliance, Open Connectivity Foundation (OCF), National Institute of Standards and Technology (NIST), CableLabs, ZigBee, and European Telecommunications Standards Institute (ETSI). We convened at the IoTSI workshop in the Ericsson offices in Santa Clara, California. For two days, we tried to work out ways to improve semantic interoperability. How can diverse systems interoperate? Are better standards in information models or data models needed? Is a single framework necessary or is some sort of mapping possible? What can you do when frameworks are formally incompatible? And what do we do about end-to-end security when intermediate security models are incompatible? One of the very encouraging items from the workshop is that people from many different sectors of the industry all agree that there is a serious problem to be solved. Some groups had already started developing common solutions for some things, and the level of information sharing across the group was quite remarkable. This is how interoperation works best: not by trying to impose a single model, but by people with different interests all recognizing a common problem. Of course, recognition is just a first step. Work still needs to be done to move from recognition to results. While a workshop report is in progress, more important are the follow-on activities. We agreed to start with a wiki to provide pointers to schema repositories, with further developments to follow. We in the IETF, in other SDOs, and in industry have an opportunity to make interoperability in the Internet of Things the positive force that earlier Internet innovations were. Interoperation is what we do, so let’s do it again. For more information on the IoTSI workshop, visit https://www.iab.org/activities/workshops/iotsi/.]]> 1730 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-regulators-technologists-seek-ongoing-dialogue/ Wed, 06 Jul 2016 16:19:16 +0000 https://www.ietfjournal.org/?p=1733 1733 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-l3sm/ Wed, 06 Jul 2016 16:28:42 +0000 https://www.ietfjournal.org/?p=1736 Figure 1. A Simplified SDN Architecture[/caption] The service model applies a level of abstraction so that it contains only the questions operators would ask their customers in order to activate the service (versus including all possible configuration knobs for the devices). That is, because a service request is network agnostic, it must be mapped onto the network orchestrator’s view of the network. This can be achieved by introducing a service orchestrator, as shown in Figure 2. The service orchestrator receives service requests from the customer and maps them to the correct network orchestrator of the operator’s network (or networks) that was chosen to deliver the service. [caption id="attachment_1738" align="alignnone" width="551"] Figure 2. An SDN Architecture Showing the Service Orchestrator[/caption] The L3SM Working Group took a different approach to working from the usual way. First, the work was driven entirely by network operators, not equipment vendors. Participation in the IETF by operators is a precious resource that can focus our work on real problems that need to be solved. Because network operators are the consumers of the data model, it was essential to both involve them and have them control the work. In addition, it has been a challenge for operators to agree on a common set of parameters to describe the L3VPN service that they each offer in their own unique way. Achieving this agreement was one of the ways the Working Group measured its success. L3SM also is unusual in that it was created by Area Director Benoit Claise without holding a Birds-of-a-Feather (BoF) meeting. Instead, as soon as the team of operators had written a relatively early, but stable version of the data model and posted it as an Internet-Draft, Benoit chartered the Working Group. This is an example of how the IETF can be relatively quick at handling and progressing new work: the L3SM Working Group expects to last call this data model around IETF 96—14 months after the Working Group was chartered and only 15 months after the first version of the draft was posted. The L3SM Working Group and draft can be found at https://datatracker.ietf.org/wg/l3sm.]]> 1736 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-taps/ Wed, 06 Jul 2016 16:36:50 +0000 https://www.ietfjournal.org/?p=1742 Transport Services can play a vital role in transport protocol evolution The Transport Services (TAPS) Working Group addresses one of the trickiest challenges that application and service developers face while designing and deploying an application or service: choosing a transport protocol to use. Different applications and services have different requirements. Some, for example, can be tolerant of delay but not of lost data, like file download; others are very sensitive to delay but can accept some data loss, like interactive video. Over time, the IETF has standardized several transport protocols in order to address different application requirements, including TCP for reliability, UDP for unreliable and unordered data, Stream Control Transmission Protocol (SCTP) for multiplexed data streams, and Datagram Congestion Control Protocol (DCCP) for congestion control without reliability. Developers need to understand the capabilities of the various IETF protocols to determine which one is the best fit for their applications and services. If they identify a protocol that is not vanilla TCP or UDP, it may not work end-to-end. Frequently, middleboxes, such as Network Address Translations (NATs), firewalls, and load balancers, block or break unfamiliar protocols. As a result, developers have a strong incentive to choose only between TCP and UDP, and many potential improvements in Internet transport protocols are impeded. TAPS addresses this situation by defining the relationship between the application and the transport layer in terms of services. In the TAPS model, an application specifies the service features it requires from the transport, and a TAPS mechanism selects the best possible transport protocol to serve the purpose, possibly using probing to verify end-to-end transparency. In this way, the applications can take advantage of modern transport protocols, thereby enabling the network provider and/or stack developer to utilize new protocols and protocol features without breaking the applications. TAPS does face several challenges. The TAPS Working Group must understand application developers’ requirements on transport. The approach used is to create an abstract interface between application and transport, where application preferences and requirements can be expressed. However, there will be situations where an application would like to influence the way transport works in a very protocol- or OS-specific way. One example would be an application that wishes to influence path selection where there is more than one path available. The transport might not have the knowledge about the cost associated with a certain path that the application may have. Another example is an application capable of handling certain adaptations that might be seen as a job for transport protocol, such as Dynamic Adaptive Streaming over HTTP (DASH) adaptive bitrate for streaming services. These sorts of optimizations are needed, and in turn, the understanding of both applications and transports are needed in order for the TAPS model to be successful. This combination of expertise can be rather rare in our community. Because TAPS creates an abstraction layer between the application and transport, we need to understand the existing interfaces of each transport protocol. One of the current issues is the lack of proper interface descriptions in RFCs, as well as the differences between what is implemented in the protocol stack and what is specified in the RFC. There exists a chicken-and-egg problem with new transport protocols. The lack of transparency inhibits application developers from making use of the new protocols, as they require additional fall-back mechanisms for the parts of the Internet where they don’t work. However, without the pressure of new protocols being used, there is little incentive for middlebox operators and vendors to fix their behavior and permit protocols other than TCP and UDP. The TAPS Working Group endeavors to break that deadlock by making it easier for application developers to probe and fallback (e.g., by using a TAPS library). This solution would facilitate the use of new protocols where the network permits and would make partial transparency useful. The IETF recently published the HTTP/2 standard and there are proposals to start working on new transport protocols, such as QUIC and PLUS. While HTTP/1 is still dominant in the Web world and TCP/SCTP is still evolving, the TAPS Working Group can promote that both application and network developers try new transport protocols with new features and help evolve the upcoming transport protocols. It is a unique opportunity for the entire community—including application developers, service providers, protocol stack developers, and network vendors—to collaborate in TAPS to ensure the natural evolution of transport protocol.]]> 1742 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/tron-workshop-connects-ietf-tls-engineers-and-security-researchers/ Wed, 06 Jul 2016 18:09:48 +0000 https://www.ietfjournal.org/?p=1745 http://tiborjager.de/) for his work on, “On the Security of TLS 1.3 (and QUIC) Against Weaknesses in PKCS #1 v1.5 Encryption”. The award was presented to the workshop participant whose work was most likely to have a positive impact on the IETF work in this space. Part of the award includes Tibor attending IETF 96 in Berlin to further the collaboration with IETF security engineers. For more information, see the workshop programme at http://www.internetsociety.org/events/ndss-symposium-2016/tls-13-ready-or-not-tron-workshop-programme.]]> 1745 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-hackathon-breaks-new-ground-in-buenos-aires/ Wed, 06 Jul 2016 18:13:32 +0000 https://www.ietfjournal.org/?p=1748 Originally published at https://communities.cisco.com/community/developer/opensource/blog/2016/04/26/ietf-hackathon-breaks-new-ground-in-buenos-aires The IETF 95 Hackathon in Buenos Aires kicked off what was both the first and an extremely rewarding trip by the IETF community to South America. Roughly 100 participants—a record 10% of the total IETF meeting attendees—arrived before the meeting in order to put their talents to use tackling a diverse set of projects aimed at improving the Internet we rely on every day. The list of projects and teams included many familiar faces, as well as a refreshing set of new participants and challenges. This was the first Hackathon for approximately one third of the participants, with more than a dozen attending their first ever IETF meeting. Many first timers were from the host country, including from Buenos Aires and Mendoza; there were two participants from Africa, and others from Europe and the United States. See the story shared by one IETF and IETF Hackathon first timer here: https://communities.cisco.com/community/developer/opensource/blog/2016/04/25/first-timer-at-ietf-and-ietf-hackathon-shares-his-story. Others firsts for this Hackathon include:

• IETF Hackathon materials appeared in the regular meeting proceedings (https://www.ietf.org/proceedings/95/hackathon.html).
• An IETF Hackathon github organization was created (https://github.com/ietf-hackathon).
• Huawei took the torch from Cisco DevNet as the financial sponsor.

Charles Eckel from Cisco DevNet continues to run the Hackathon in his role as Hackathon chair, and he welcomes Barry Leiba from Huawei as an appreciated and valued Hackathon cochair. As at previous Hackathons, participants worked cooperatively and tirelessly, producing fantastic results. Each team summarized their achievements in a brief presentation to judges and their peers. Top honors and prizes were awarded for especially brilliant accomplishments, including those of the FD.io/VPP team, the TLS 1.3 team (see https://www.ietf.org/blog/2016/04/ietf-hackathon-getting-tls-1-3-working-in-the-browser/), and the network-based network analytics team. Some teams demonstrated their work at Bits-N-Bites, including the NETCONF/YANG, I2RS, OpenDaylight teams, DNS/DNSSEC/DANE/DNS-over-(D)TLS teams, and the IBNEMO team. All the presentations and results are available at https://www.ietf.org/proceedings/95/hackathon.html. Following the success in Buenos Aires, the IETF 96 Hackathon this summer in Berlin on 16–17 July, is sure to be the biggest IETF Hackathon ever. Hackathon Highlights

• 100+ participants, 30+ new
• 10+ new IETFers
• New projects: TLS 1.3, VPP, Big Data
• Huawei sponsoring entire year
• Cisco DevNet supporting
• CodeSprint/Hackathon interworking: PYANG improved, in draft submit tool
• YANT Pub/Sub client extended - contribute to OpenDaylight
• 12RS findings discussed in WG
• Projects on display at Bits-N-Bites
• Hackathon Proceedings in IETF Datatracker

For more information, see http://www.ietf.org/hackathon/96-hackathon.html. Mark your calendars now and subscribe to the Hackathon list (https://www.ietf.org/mailman/listinfo/hackathon) to receive the latest information, including announcements of new projects and the ability to reserve your place in this history-making event.]]> 1748 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/integrating-the-worlds-of-technology-design-and-policy/ Wed, 06 Jul 2016 18:19:09 +0000 https://www.ietfjournal.org/?p=1751 [1] It also lists five cardinal principles that it adheres to in pursuit of its mission: open process, technical competence, volunteer core, rough consensus and running code, and protocol ownership. At first glance, the mission statement reads as quite technically oriented. However, the second half of the statement, “...influence the way people design, use, and manage the Internet,” alludes to things other than just technical standards. Use and management are often related to things like policies, the human factor, behaviors, rights, acceptability, implementation criteria and protocols, and even politics. It is in this context that this paper explores the IETF experience for participants in the Internet Society Fellowship to the IETF Programme. The IETF structure and participation protocols are fairly clear to most participants interested in the technical aspects of engineering of and for the Internet. The pathway of in-person or online voluntary participation, discussions, Working Groups, Request for Comments documents (RFC), and so forth, is clear to those interested in discussing, developing, and addressing specific technical issues. There even exists a Working Group on human rights that bridges the gap between the purely technical and human involvement sides of Internet technologies. However, for the most part, IETF meetings lean mostly toward the development of technology and not as much toward the human interaction component. This is in part because the application layer is usually exempt from IETF discussions, and most human interactions occur at that layer. Even though its mission statement refers to people and use, the integration of policy as an interface between technology and human use is currently at a nascent stage in IETF activities. It is against this background that the Internet Society invites a variety of users and developers of technology to engage with the IETF community as Policy Fellows. My first experience as a Policy Fellow was at IETF 94 in Yokohama in November 2015. In parallel to the IETF conference, some end-users and policymakers from around the world were invited to attend a Policy Fellows meeting. The intent of the meeting was to introduce the policymakers and implementers to the structure of IETF, basic Internet technologies, management tools for such technologies, and networks of technologists; and to provide exposure to the mechanisms and issues around development of Internet technologies, standards, and protocols. Even though policy and its role in the development (and sometimes control) of the use of Internet and Internet-related technologies is not directly discussed at IETF conferences, exposing the Policy Fellows to the technologists and the technologies helped bridge the gap from the technology developers side to the policymakers side. In other words, the policy people now were slightly more aware of the world of the technologists and engineers. Meeting activities included presentations by technologists and technology developers, as well as attendance at Working Group meetings. But there were no activities designed to expose the technologists to the world of the policymakers and implementers. Thus, the world of the technologists and the policy people remained separated, despite being connected by a single-lane, one-way bridge. A true development environment requires that this bridge be two-way and that there be points of contact between both worlds. The interdependence between technology development and policy development collectively defines the Internet of tomorrow. Generating mechanisms whereby these two worlds become more and more aware of each other is an essential component of true development for the future. My experience at IETF 95 in Buenos Aires in April 2016 was significantly different in two ways. One, I attended the IETF conference as a technologist in areas of interest to me and not as a policy maker or implementer. Two, I attended some of the sessions organized for the Policy Fellows as an outsider. At IETF 95, the Policy Fellows group mostly consisted of South American regulators and telecommunications’ operators. The format of the meetings was similar to IETF 94, but with one major difference: a joint session of technologists and Policy Fellows was organized in which a panel of technologists, policymakers, and regulators discussed the role of and interaction between technology developers and policy developers. The session was filled to capacity and was very well attended on the webcast, as well. It was obvious that the idea of a marriage between future technology protocols and policies was of interest to many. Awareness of the need for a coalition between core protocols and policies centers around the following three points:

• Acknowledging that even though most policies are executed at the application layer, awareness of policy needs at the protocol design phase is both necessary and useful.
• Efficiency as a design driver for technology is not necessarily the best way to develop technology protocols that require integration with policies for optimal deployment outcomes.
• Envisioning the future where machines talk to each other and impact human lives, sometimes without humans being aware, lays great responsibility on the shoulders of designers to see the good and bad of possibilities. The designs of today are the ones that will either help or hinder much of humanity from progressing and being equal players in the future.

Communications and information are perhaps the two most significant contributors to the development of an individual’s opportunities. Control over communications and information is also perhaps the most significant way in which peoples’ lives, development, culture, and freedom can be influenced. Technologies and technology protocols together form the basis on which machines store, generate, and communicate information; without proper balance between freedom and control at the base level, it is not possible to enhance either freedom or control at higher levels. Policies are what govern the end-user experience, both as individuals and as peoples. If the base level of technology design curtails freedoms, there is no policy that can provide it at the end-user level. Most engineers design from the perspective of achieving efficiencies. Efficiencies mean that certain objectives are met via the shortest route possible. Designing by efficiency produces unexpected consequences as the social context evolves and the technologies of tomorrow become the technologies of today. In order to preserve the human freedoms in the evolving social context, the degrees of freedom in the design phase of technologies need to be carefully increased. This is best accomplished by introducing the slightly inefficient world of policies into the very efficient world of technology design engineers. The IETF and Internet Society environments play a vital role in bringing together both technologists and policy people. Exposure to each others worlds is the linchpin to sustaining awareness of the importance of the marriage between technology protocols and policy. To that end, I envision that IETF and the Internet Society Fellowship to the IETF Programme build on the success of the joint panel discussions of IETF 95 and generate more pathways in future meetings that continue to promote the integration of technology design and policy into the work of its intellectuals, designers, engineers, and implementers. [1] RFC 3935]]> 1751 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-july-2016/ Wed, 06 Jul 2016 18:20:50 +0000 https://www.ietfjournal.org/?p=1754

Crypto Forum (cfrg)

Human Rights Protocol Considerations (hrpc)

Internet Congestion Control (iccrg)

Information-Centric Networking (icnrg)

Network Function Virtualization (nfvrg)

Software Defined Networking (sdnrg)

Thing-to-Thing (t2trg)

In addition to the meetings of those already chartered research groups, the Proposed Measurement and Analysis for Protocols Research Group (maprg) and the Proposed Network Machine Learning Research Group (nmlrg) met. At the IRTF Open Meeting at IETF 95, the first two of six winners of the 2016 Applied Networking Research Prizes (ANRP) presented their research. Roya Ensafi presented her examination on how the Chinese “great firewall” discovers hidden circumvention servers, and Zakir Durumeric presented an empirical analysis of email delivery security. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. Everyone is encouraged to nominate relevant scientific papers they have recently authored—or read!—for consideration for the award. Please see https://irtf.org/anrp for details. Please join the IRTF discussion list to stay informed about these and other happenings. The website is https://www.irtf.org/mailman/listinfo/irtf-discuss.]]> 1754 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-2/ Wed, 06 Jul 2016 18:26:36 +0000 https://www.ietfjournal.org/?p=1757 ANRP winner Roya Ensafi[/caption] The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The ANRP awards presented during IETF 95 went to the following two individuals: Roya Ensafi. For examining how the Chinese “great firewall” discovers hidden circumvention servers. See the full paper at http://conferences.sigcomm.org/imc/2015/papers/p445.pdf. Zakir Durumeric. For an empirical analysis of email delivery security. See the full paper at http://conferences.sigcomm.org/imc/2015/papers/p27.pdf. Roya and Zakir presented their findings to the Internet Research Task Force open meeting during IETF 95. [caption id="attachment_1759" align="alignright" width="200"] ANRP winner Zakir Durumeric[/caption] Slides are available at https://www.ietf.org/proceedings/95/slides/slides-95-irtfopen-0.pdf and https://www.ietf.org/proceedings/95/slides/slides-95-irtfopen-1.pdf. Thanks to Meetecho, audio/video from the presentations is available at  http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF95_IRTFOPEN&chapter=chapter_1 (from 00:05:30). ANRP winners have been selected for all of the IETF meetings in 2016. The following winners will present at the IETF 96 meeting in Berlin: Samuel Jero, a postgraduate researcher at Purdue University. Samuel will present a security analysis of the QUIC protocol. Dario Rossi, a professor at the computer science and networking department of TELECOM ParisTech. Dario will present on characterizing anycast adoption and deployment in the IPv4 Internet. The call for nominations for the 2017 ANRP award cycle opens in July. Join the irtf-announce@irtf.org mailing list for all ANRP related notifications.]]> 1757 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-july-2016/ Wed, 06 Jul 2016 18:31:22 +0000 https://www.ietfjournal.org/?p=1761 Babel Routing Protocol (babel) Description: Babel is a loop-avoiding distance vector routing protocol that has good provisions for dynamically computed metrics and remains robust even in the presence of metric oscillations and failure of transitivity. Babel has seen some production deployment, notably in hybrid networks (networks that combine classical, wired segments with mesh segments) and in global overlay networks (networks built with large numbers of tunnels spanning continents). Babel is also considered as part of the IETF Homenet protocol stack. There exist three independent implementations of Babel, all of which are open source. The core of the Babel protocol is described in detail in RFCs 6126 and 7557, which are both Experimental. While these RFCs have been useful (as indicated by the independent reimplementations of Babel), a number of parties have expressed a desire to have a new specification that clarifies RFC 6126 according to the feedback provided by the independent reimplementations, and to integrate the contents of RFC 7557 without expanding the scope of Babel. The goal of this BoF was to discuss the value and scope of the work required to create a standards track successor to RFCs 6126 and 7557, including what technical topics need attention as part of advancement. The BoF also discussed the applicability of Babel. Proceedings: https://www.ietf.org/proceedings/95/minutes/minutes-95-babel Outcome: This was a well-moderated and productive discussion that focussed on the background to Babel and the work that needs to be done in an IETF working group. There was solid interest in the room from people interested in contributing to the work and reviewing documents. A charter for a WG has been circulated for review.

Low Power Wide Area Networks (lpwan)

Description: Low-Power Wide Area Networks (LPWAN) are long-range low-power lossy networks, many of which operate in license-exempt bands. LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles. Existing pilot deployments have shown the huge potential and met industrial interest, but the loose coupling with the Internet makes the device management and network operation complex and implementation-specific. As of today, there is little to no use of IETF technologies in LPWANs at large, and there is a need to evaluate their applicability. Proceedings: https://www.ietf.org/proceedings/95/minutes/minutes-95-lpwan Outcome: Discussion ranged across a wide variety of L2 technologies that could be classified as LPWANs. The implications for the IP protocol stack of each were also discussed. The group will need to focus more on fewer L2 technologies and engage with external SDOs to make progress.

Alternative Resolution Contexts for Internet Naming (arcing)

Description: RFC 819 describes Internet names as a set of directed graphs in an absolute naming context. While that work eventually led to the creation of the Domain Name System, it is important to note that it does not imply that there will be a single resolution system for Internet names. While the most common Internet names by far are those which are part of the Domain Name System, that set of names is not the whole. A number of independent naming and resolution contexts have emerged. In addition to those created for onion routing and multicast DNS, there are large sets associated with the Handle system, Uniform Resource Names (URNs), and Internet scale proprietary names (e.g., Twitter handles). It is apparent that the desire to reuse Internet protocols that default to DNS-based resolution in other resolution contexts has created ambiguities in the resolution context that should be used for individual names. Those ambiguities may result in operational difficulties (queries in the wrong context) and in concerns about limitations implied for DNS-based names. Proceedings: https://www.ietf.org/proceedings/95/minutes/minutes-95-arcing Outcome: This meeting was intended to address the questions of whether there are interesting problems here and whether it is possible to provide good guidance on resolving them. There was some support for the idea that a WG-forming BoF could be held during IETF 96 in Berlin. The chairs encouraged attendees to write drafts describing their preferred solutions for this problem. Writing about technology efforts that have these issues now would also be helpful.

Limited Use of Remote Keys (lurk)

Description: HTTPS in typical use authenticates the server by proving ownership of a private key, which is associated with a public-key certificate. Currently, most trust models assume private keys are associated and owned by the HTTP server, and that the server is responsible for both the hosted content and for the network delivery. Although these assumptions were largely true in the past, today the deployment of services on the Internet often relies on multiple distributed instances of the service. Similarly, the delivery of popular content often splits the roles of providing the content and delivering the content. In such architectures, the application, such as a Web browser, expects to authenticate a content provider, but is actually authenticating the node delivering the content. In this case, the confusion mostly results from using a secure transport layer to authenticate application-layer content. Proceedings: https://www.ietf.org/proceedings/95/minutes/minutes-95-lurk Outcome: There was a lack of agreement about the problem and how to address it, and a range of potential solutions were identified and discussed. Focussing on the Content Delivery Network use case was identified as a way to make progress, and there was consensus that the IETF was an appropriate place to work on this problem. It is clear that more work to define the problem scope will be necessary before that work can start in earnest. This seems likely to return as a future BoF meeting.

Intelligent Transportation Systems (its)

Description: The goal of this group is to standardize and/or profile IP protocols for establishing direct and secure connectivity between moving networks. It concentrates on 1-hop moving network to nearby moving network communications. This has immediate applicability in mobility environments such as vehicle-to-vehicle or vehicle-to-infrastructure communications. In some of the moving network applications, the window of opportunity for exchanging data with the immediate infrastructure may be very short. The safety and security requirements are higher in connected mobility environments. The links are very heterogeneous, such as 802.11p/ac/ad OCB, Infra-red, VLC, cellular, 802.15.4, and so forth. The BoF was intended to bring implementers, users, and experts from academia, institutes, IT, the automotive industry, and public authorities together to discuss. Proceedings: https://www.ietf.org/proceedings/95/minutes/minutes-95-its Outcome: There was good discussion of the problem space and several comments about the need to address security and privacy considerations. There is a pressing need to engage key SDOs and industry players, in order for the output of any IETF work on this topic to see widespread deployment in vehicular networks. A WG charter will be developed on the mailing list.

Alternatives to Content Classification for Operator Resource Deployment (accord)

Description: Mobile Radio Access Networks (RANs) have historically allowed content-type based classification to associate service descriptions with flows with the goal of efficient use of the often-volatile radio bearer. The increased use of Transport Layer Security (TLS) and other encrypted transports eliminates this metadata from the view of the operator and forces a reexamination of this method. While having endpoints expose metadata to the radio access network (RAN) outside of the encrypted channel would resolve this, it would degrade the confidentiality expected by users and require extensive coordination among application developers, user endpoint manufacturers, and RAN operators. To avoid these disadvantages, the WG will examine both what specific network treatments need to be elicited for the efficient operation of RANs, if any, and what the minimal communication to elicit those treatments would be. This BoF session was part of the follow-on activity stemming from the Internet Architecture Board (IAB) Managing Radio Networks in an Encrypted World (MaRNEW) workshop in 2015 (https://www.iab.org/activities/workshops/marnew/). Proceedings: https://www.ietf.org/proceedings/95/minutes/minutes-95-accord Outcome: The meeting benefited from a high-level introduction that helped bring attendees up to a minimal understanding of the relevant parts of mobile network architecture. Discussion revolved around whether progress could be made now by running experiments without any additional protocol machinery (0-bit solution) and whether it was necessary to provide some minimal signalling (1-bit solution). The difficulty of extracting useful data from operators was noted. It was also noted that TCP optimizers seem to have fallen out of favour with many operators as they don’t offer any performance improvement. Discussion also included general ways to improve performance in radio networks.

IAOC Meeting Venue Selection Criteria & Procedures (mtgvenue)

Description: The IETF has expressed concern regarding the process of selecting a meeting venue. The IETF Administrative Oversight Committee (IAOC) and IAOC Meetings Committee have undertaken to document the process, which has been posted at an IAOC-private site for some time and is being updated, in an Internet-Draft for community discussion. This meeting was to allow community discussion of concerns relating to meeting venue selection and the draft process. Proceedings: (N/A) Outcome: The session provided a lot of background about the way the IAOC Meetings Committee has been operating and the draft set of meeting venue criteria that have been developed. An analysis of the impact of applying the draft meeting criteria to IETF venues for IETF 74 to IETF 100 was also presented. There was some time available for input and discussion from the community, and that continues on the mailing list.]]> 1761 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-95-at-a-glance/ Wed, 06 Jul 2016 18:33:56 +0000 https://www.ietfjournal.org/?p=1764 On-site participants: 1002 (140 from South America) Newcomers: 171 Number of countries: 55 IETF Activity since IETF 94 (01 November–3 April 2016) New WGs: 5 WGs closed: 7 WG currently chartered: 144 New and revised Internet-Drafts (I-Ds): 1968 RFCs published: 133

• 76 Standards Track, 6 BCP, 7 Experimental, 44 Informational

IANA Activity since IETF 94 (October 2015–February 2016) Processed 1581+ IETF-related requests, including:

• Reviewed 113 I-Ds in Last Call and 133 I-Ds in Evaluation
• Reviewed 133 I-Ds prior to becoming RFCs, 68 of the 133 contained actions for IANA

Added 11 new registries since IETF 94 (October 2015–February 2016): mrt-parameters, abfab-parameters, ppsp-tp, emergency-call-additional-data, bgp-ls-parameters, content-security-policy-directives, dncp-registry, ospf-parameters, cdni-parameters, markdown-variants, owamp-parameters SLA Performance (September 2015–February 2016)

• Processing goal average for IETF-related requests: 97%
• The draft 2016 SLA between ICANN and IAOC for the protocol parameter work is still under review.

IANA and DNSSEC

• As of 28 March 2016, 1093 TLDs have a full chain of trust from the root. http://stats.research.icann.org/dns/tld_report/.

RFC Editor Activity since IETF 94 (January–March 2016) Published RFCs: 101

• 63 IETF (10 IETF non-WG), 2 IAB, 1 IRTF, 5 Independent

Improvements to website based on community feedback

• Cluster pages make it easier to check the I-D holding up a cluster.
• Added “Discuss this RFC” (pointing to the WG mailing list), where applicable.

Responded to three legal requests.]]> 1764 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2016/ Tue, 01 Nov 2016 09:00:37 +0000 https://www.ietfjournal.org/?p=1898 threat posed by the Internet of Things to Internet performance, reliability, and security. This informative article also includes some interesting measurement results. We have several Working Group and Birds-of-a-Feather updates, a readout from the Hackathon, an article about the deployment of Multipath TCP, and a discussion of some of the history behind the GAIA Research Group’s recent output. And don’t miss our coverage of Ross Callon’s provocative presentation to the IETF plenary. Finally, you’ll find our regular columns from the IETF, IAB, and IRTF chairs. We are hugely grateful to all of our contributors. Please send your comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy and email editions at https://www.internetsociety.org/form/ietfj.]]> 1898 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-november-2016/ Tue, 01 Nov 2016 07:15:31 +0000 https://www.ietfjournal.org/?p=1902 Not Just about the IETF Many other meetings happen around the IETF. This time we had a 6LO interop event with the European Telecommunications Standards Institute (ETSI), the Applied Networking Research Workshop, an informal gathering of operators in the Internet Engineering and Planning Group (IEPG) meeting, interaction between the RIOT summit and IETF Working Groups, and many others. And, of course, we also love running code, for it is what actually makes the Internet tick. One of the ways we focus on running code is the IETF Hackathon, which had 158 participants. The winning project hacked FD.io to make it do identifier-locator based forwarding over IPv6. Another project interop tested seven implementations of TLS1.3. This will have a direct impact on how well our browsers work.

Meeting Highlights

The Quick UDP Internet Connections (QUIC) birds-of-a-feather (BoF) considered a proposal that originally came from Google and is already seeing widespread usage there. The basic idea is that an efficient and secure transport can be built by applications and encompass both TCP and TLS functionality. See this issue’s article on page XX. The LEDGER meeting discussed standards for interoperability between payment systems (e.g., the ability to make payments across multiple payment networks or Bitcoin-like systems). The HOMENET Working Group identified a mistake that was made with respect to the recently published RFC 7788. The RFC refers to the “.home” special-use name, but (1) doesn’t specify its semantics in other DNS systems and (2) didn’t go through the required process for special-use name allocations. While there’s now an approved erratum for the RFC, it is important that a more permanent fix be developed via a new RFC in the near future. The assignment of possible special-use names for HOMENET use can take place in parallel. The NETMOD Working Group and the IETF Routing Area have been working on YANG models. We are now focusing on getting them completed in the next year. Implementation experience on these is very welcome. The LPWAN meeting discussed how to run IPv6 and higher layer Internet protocols on highly constrained low-power wide-area networks (LPWANs). The energy and packet-size constraints on these networks require highly innovative solutions to just be able to run IP in these networks. Participants representing four of the major LPWAN technologies were present and were interested in both participating and using the output of this effort. The recently chartered SIPBRANDY Working Group met for the first time. The group is describing best practices for cryptographic protection of SIP-signaled real-time media. It hopes to solve keying issues that have so far prevented wide deployment of the Secure Realtime Protocol (SRTP). Open source is a big part of our efforts. Some of the events beyond the IETF Hackathon included the first meeting of the BABEL Working Group, focused on a new routing protocol from the open source world, and a gathering of the open source developers from the routing area.

IETF Financing and Sponsors

I would very much like to thank our host, Juniper Networks. Juniper is an IETF Global Host, a company that is committed to supporting several meetings across 10 years. I am happy to announce that the IETF Endowment received more than $3 million from AfriNIC, ARIN, RIPE NCC, and the Internet Society. This is a major show of support for the IETF mission and much appreciated.

Next Steps

We’re back to work on the mailing lists, virtual meetings, and design teams. I look forward to seeing you at IETF 97 in Seoul, South Korea!]]> 1902 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-november-2016/ Tue, 01 Nov 2016 07:16:56 +0000 https://www.ietfjournal.org/?p=1904 RFC Format Changes As I hope everyone knows, the format for a Request for Comments (RFC) is undergoing a change. The format with which many of us are familiar was basically formatted to be output to a printer from another era of computing. And while it has a number of benefits, the limitations have been showing for several years. The RFC Series is overseen by the RFC Series Oversight Committee, which is an IAB program. Changes to the series must be approved by the IAB. After many years of work, in August of this year the IAB approved a group of documents that make sweeping changes to the RFC series. It now will be possible to use UTF-8 characters, and not just the ASCII subset. So, authors will be able to spell their own names correctly, and internationalization examples will not need to obscure more than they reveal. The canonical format for the documents is a prepublication XML file, which can produce reflowable text that is as easy to read on a phone as it is on a laptop. PDF files appropriate for printing on modern printers will be easy to produce and will be more attractive than before. Diagrams, rather than just ASCII art, also will be possible. Expect to see more of these changes as the new tools become available. Not all the available features will appear in every RFC stream right away. The different stream managers will no doubt move at different speeds. It seems likely that the IAB stream will embrace some of the new features early, in light of the IAB’s relationship to the RFC Editor. Heather Flanagan, the RFC Series Editor, led this work and endured what were doubtless many frustrating periods as the IETF community came to conclusions about what it wanted from the series. I am happy she persisted and is taking the series into the future with a format that will enable its continued usefulness for everyone.

IANA Stewardship

If you have spoken to me since I became IAB chair, you surely have heard my observations of the Internet Assigned Numbers Authority (IANA) stewardship transition. It might even be the case that not every one of those observations was a model of patience and equanimity. On 1 October 2016, the contract between the United States Department of Commerce National Telecommunications and Information Administration, and the Internet Corporation for Assigned Names and Numbers, expired. When I became chair, I believed that “the IANA transition” would be done in no more than one year. I was wrong. But it is over now, and the Internet continues to function as the collaborative, distributed network of networks that it is. To the people in our community, who understand that IANA is a basically clerical although important job, the degree of political interest in it was somewhat surprising. But the attention we attracted because of this change brought home an important fact about our IETF and IAB activities: people rely on the Internet. They do not take our word for it that things are safe in our hands. Instead, we need to convince the wider world—regularly—that we really have the best interests of the Internet in mind. Otherwise, we will continue to find ourselves the subject of unwelcome attention from people who do not share our level of technical understanding. This outward-facing job will remain an important part of the IAB’s role in the future, even though the IANA stewardship issue itself is no longer a focus of the IAB. At the same time, it is safe to say that for my colleagues on the IAB and me, it will be nice to return some of our attention to pressing architectural issues. They were the reason for our interest in the IAB in the first place. To my colleagues on the IAB, as well as to the many people in the IETF and Internet communities who helped complete the IANA stewardship transition, I express my deepest thanks.

Another Transition

Now that the IAB has completed those large tasks, we are turning our attention to other issues. Of course, this is also the moment for work on another transition: the Nominating Committee (NomCom) is selecting IAB members to be seated at the first meeting of 2017. The deadline for feedback is 24 November. For more information about the 2016 NomCom and to send feedback, visit https://datatracker.ietf.org/nomcom/2016/. The NomCom can’t do its important work without your comments.]]> 1904 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-november-2016/ Tue, 01 Nov 2016 08:39:42 +0000 https://www.ietfjournal.org/?p=1931

Crypto Forum (CFRG)

Information-Centric Networking (ICNRG)

Network Function Virtualization (NFVRG)

Network Management (NMRG)

Software Defined Networking (SDNRG)

Thing-2-Thing (T2TRG)

Human Rights Protocol Considerations (HRPCRG)

Global Access to the Internet for All (GAIARG)

Internet Congestion Control (ICCRG)

In addition to the meetings of those already chartered RGs, two proposed research groups met:

• The proposed Network Machine Learning Research Group (NMLRG)
• The proposed Measurement and Analysis for Protocols Research Group (MAPRG)

Since IETF 96, MAPRG has been formally chartered. Prior to the IETF 96 meeting, the Association for Computing Machinery (ACM), IRTF and the Internet Society held the inaugural Applied Networking Research workshop. This one-day workshop was a “a forum for researchers, vendors, network operators and the Internet standards community to present and discuss emerging results in applied networking research.” The workshop received 30 paper submissions: 17 full papers and 13 short papers of which the program committee accepted nine full papers and nine short papers. Full papers were six pages (plus references) in length, and were orally presented at the workshop. Short papers were two pages (plus references) in length, and were presented via a combination of lightning talks and posters. Fifty-three people attended the meeting and another 25 watched via live online streaming. Thanks to generous industry sponsorship, the IETF was able to award six travel grants to student attendees from Belgium, Brazil, India, and the United Kingdom. The IRTF Open Meeting received presentations from Samuel Jero on a security analysis of the QUIC protocol and Dario Rossi on characterizing anycast adoption and deployment in the IPv4 Internet. The nominations period for the 2017 ANRP awards closes 6 November. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. Everyone is encouraged to nominate relevant scientific papers they have recently authored or read. For details, please see https://irtf.org/anrp. Join the IRTF discussion list to stay informed about these and other happenings. The website is https://www.irtf.org/mailman/listinfo/irtf-discuss.]]> 1931 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-of-things-unchecked/ Tue, 01 Nov 2016 09:00:59 +0000 https://www.ietfjournal.org/?p=1900 lately.¹ Smart TVs, DVRs, and World Wide Web-connected cameras have been named as sources in some of the largest distributed denial of service (DDoS) attacks to date.² But what exactly are the things, or class of devices, that comprise the Internet of Things? These things are devices that are (1) designed to be dependent on the Internet, where such a device would not have depended on the Internet previously, and (2) rapidly manufactured, homogeneously configured, and deployed across the Internet. From an engineering and operation perspective, these two aspects are important. IoT devices are not merely personal electronics equipment. Instead, IoT devices involve Internet resources by design. In addition, we usually are not informed about the arrival of new kinds of hosts on the Internet. Due to the quick and ongoing arrival of so many homogeneous devices, the IoT presents performance, reliability, and security challenges that grow larger and faster than those ever seen before. The IoT raises a number of questions for our community: How big is the Internet of Things? What is its scope? How can we check? There are two ways in which IoT is currently unchecked. First, we largely haven't measured the IoT. How many devices, and of what sorts, are there? At what rate is the IoT growing? What is the lifetime of an IoT device? And second, what standard engineering and operational practices would limit its performance, reliability, and security impacts? We’ve only begun to answer some of these questions and direct ourselves to address nascent IoT challenges.

A 13-Year IoT Case Study: 2003 to 2016

The challenges presented by IoT devices is not wholly new—in 2003, an accidental IoT DDoS involving hundreds of thousands of Netgear devices was deployed throughout the Internet. These were IoT devices in two ways:

1. While switches and routers did not previously depend on the Internet, per se, these were built to synchronize their clocks with a Network Time Protocol (NTP) server located at the University of Wisconsin–Madison. The Internet Protocol (IP) address of the NTP server is hard-coded in firmware.
2. In only months, hundreds of thousands of these devices were manufactured, sold, and deployed worldwide.

Figure 1 shows the Netgear model MR814, manufactured circa 2003. It is one of the four Netgear device sources that were implicated in this accidental flood of traffic. [caption id="attachment_1966" align="alignright" width="300"] Figure 1. netgear mr814: 802.11b cable/dSl Wireless router circa 2003[/caption] These devices’ SNTP client implementations had design flaws that caused them to query the NTP server once per second until receiving an answer, occasionally resulting in an accidental flood of hundreds of thousands of packets per second. Because the situation was discovered before peak device deployment and the flawed devices continue to operate even today, it represents a unique IoT measurement opportunity. With the help of my colleagues at the University, we plotted the estimated number of flawed SNTP clients observed utilizing the University of Wisconsin NTP server from 2003 to 2016. Figure 2 shows the arrivals (2003–2004) and departures (subsequently) of these devices, over a period of 13 years, ostensibly representing the births and deaths of these IoT devices. About 700,000 total devices were manufactured with the flaw that was ultimately removed in 2003. [caption id="attachment_1969" align="alignright" width="300"] Figure 2. Flawed netgear SnTP client count, 2003–2016[/caption] These measurement studies indicate that some IoT devices have a very long lifetime and that neither a linear nor a simple exponential decay model quite fits empirical observations. Some IoT devices clearly live longer than a decade, leaving many thousands of users and networks encumbered by flaws. This incident resulted in a number of engineering and operational recommendations³ delivered as best current practice in RFC 4085 (BCP 105)⁴. For more details on the Netgear incident, visit http://pages.cs.wisc.edu/~plonka/netgear-sntp/ or see the paper, “The Internet of Things Old and Unmanaged”⁵.

Checking IoT Today

The Internet Architecture Board (IAB), the IETF, and the Internet Research Task Force (IRTF) each have current initiatives in the IoT space. For example, the Internet of Things Software Update (IoTSU) 2016 Workshop considered how one might best tackle the code and configuration changes to IoT devices and reported its findings⁶. As for measurement of the IoT, the IRTF’s Measurement and Analysis for Protocols Research Group (MAPRG) has called for any measurements of the IoT, past or present. And the aforementioned case study was presented and recorded⁷ at the MAPRG meeting during IETF 96 in Berlin, along with some discussion about requirements that might drive IoT measurements. Developing IoT measurements raises a number of questions: What real counts or other metrics of IoT devices are available? Who are the stakeholders? What kinds of measurements are possible? What are the privacy considerations? And how is IPv6 involved? With respect to stakeholders, there are many. Manufacturers will presumably want to know how devices travel the supply chain and become active and then not active. Service providers may wish to manage IoT devices and perform risk assessments. Device users, owners, and customers will likely need to discover or find lost devices and audit premises, perhaps to inform insurers or subsequent buyers about IoT devices that, for instance, run a home. With respect to kinds of IoT measurements and what’s possible, there are World Wide Web User-Agent strings and Ethernet media access control addresses that help identify some IoT devices, but these can be spoofed or obscured. So questions remain: can IoT device identities be authenticated and what features are feasible to measure IoT device uptimes or determine lifetimes? Lastly, there are privacy and operational implications to IoT measurement. Can privacy or anonymity requirements protect IoT users from being victimized? If IoT devices are long-lived and, as many do today, choose not to use IPv6, they present a very significant increasing challenge in address exhaustion, in IPv4, and relief, e.g., via IPv6. The unwanted traffic and vulnerabilities that result from IoT flaws warrant the special attention and concerted efforts of the research, standards, and operator communities. Leaving the Internet of Things literally and figuratively unchecked exposes the Internet to an unprecedented scale of performance, reliability, and security problems foreseen a decade ago, yet still, apparently, unavoided.

Footnotes

1. http://thehackernews.com/2016/09/ddos-attack-iot.html.
2. http://arstechnica.com/security/2016/09/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever/.
3. https://tools.ietf.org/html/rfc4085#page-4.
4. https://tools.ietf.org/html/rfc4085.
5. http://pages.cs.wisc.edu/%7Eplonka/iotsu/IoTSU_2016_paper_25.pdf.
6. https://tools.ietf.org/html/draft-farrell-iotsu-workshop-01.
7. https://www.youtube.com/watch?v=DkAS_Ht6J6U#t=38m50s.

]]> 1900 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-veteran-recommends-reducing-protocol-complexity/ Tue, 01 Nov 2016 09:02:16 +0000 https://www.ietfjournal.org/?p=1906 Operations and Management protocols (such as Label Switched Paths, Ping, and Bidirectional Forwarding Detection) are ways to manage things and measure performance,” he said, adding that MPLS is “widely deployed all over the world and making money for a lot of service providers.” He continued by saying the IETF also offers connectionless encapsulation, and he listed many options. “You can take an Internet Protocol (IP) packet and encapsulate it in an IP header. There are four options just for that: IPv4 in IPv4, IPv4 in IPv6, IPv6 in IPv4, and IPv6 in IPv6. So if a vendor wants to implement all possible options, it really is four options,” he explained. “Given all those options, it’s hard to get one of them implemented and deployed everywhere.” Callon said there are anywhere from 20 to 40 approaches total for connectionless encapsulation. “You’re not going to implement 40 different ways to do encapsulation in an application-specific integrated circuit,” he said. “You run the risk that in some places in the world one gets implemented, and then somewhere else another gets implemented. You can end up with a loss of interoperability.” Callon emphasized that the Internet is the largest machine ever made, with billions of users and hundreds of vendors. He said the Internet exists because of its multivendor and multiservice provider interoperability. “No one vendor could have done this,” he said. “No one vendor could have implemented it, and no one vendor could have thought of it… In order for this explosive growth to occur, we need real, effective, well-written interoperability standards that everyone can implement.” Callon reminded the audience that the motivation for companies and individuals to focus on interoperability instead of standards proliferation is that so many of them have done well because of the explosive growth of the Internet. “We’re all better off because of the growth of the Internet,” he said. “It wouldn’t have happened if we had not had choices to do something, but it also wouldn’t have happened if we had 20 or 30 ways to do something.” Callon made a strong case for the IETF being wary of creating too many unnecessary standards, and he urged each individual participant to focus on this problem. He said this problem can’t be solved by the IETF leadership, but instead needs a bottom-up solution. “The IETF needs to find a way to avoid frivolous standards,” he said. “It is to the advantage of all of our companies and all of our research organizations and all of our government agencies that the Internet continues to grow. I’m asking everybody to think about this when a Working Group is considering a protocol: Is it really needed or can we use an existing tool?”]]> 1906 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-story-of-an-rfc-about-alternative-networks/ Tue, 01 Nov 2016 09:02:35 +0000 https://www.ietfjournal.org/?p=1908

Exploration of new technologies for wireless access, such as TV White Spaces or Wi-Fi long distance, that ease rural and remote network deployments.

Changes in the regulatory space that has been reported to have more priority than adoption of technology itself, particularly in the so-called Global South.

Extension of successful self-sustainable alternative business models that are created from communities themselves and that promote the benefits of localized services.

Exploitation of the advances in working areas that facilitates better sharing of a common pool of resources, such as delay-tolerant networking, opportunistic communications, information-centric networking, and software-defined networking. Strategies based on these technologies should result in more efficient bandwidth use in restrained scenarios.

The idea to write a document that studies community-driven networks arose in the GAIA mailing list in May 2014. Such a document was seen as useful for bringing connectivity to rural areas, which is in line with GAIA’s stated objective “to document and share deployment experiences and research results to the wider community through scholarly publications, white papers, Informational and Experimental RFCs …”. The first Internet-Draft, draft-manyfolks-gaia-community-networks, was submitted on June 2014, and its first versions were intended to cover deployments known as community networks. The draft triggered questions in the mailing list regarding the scope of the document, including should it be limited to community networks or should it be broader? Eventually, a consensus was reached. It was decided that (1) the document would characterize and classify network deployments that differ from mainstream ones in which a company deploys the infrastructure connecting users, who pay a subscription fee; and (2) the document would refer to these networks as Alternative Networks. One of the main topics of discussion was related to the classification itself. Conversation surrounded the criteria we should use, the categories to consider, and which networks could fit inside each of the categories. The result was a fruitful discussion about the terms to be used for each of the criteria and the categories. For reasons of clarity, several examples and references were also included, as well as a summary of the classification criteria for each network type. As the document evolved, many people with experience in real deployments participated in the discussion and provided useful input. Their input was included in an informative section about the technologies employed in these networks. An index of terms was also included in order to clarify key terms, such as urban, rural, digital divide, and underserved area. In March 2015, after several iterations, the Internet-Draft was adopted. It became RFC 7962 in August 2016. RFC 7962 describes the different types of Alternative Networks that stem from the networking visions of independent initiatives all over the world. These initiatives rely on cooperation rather than competition and employ different governance and business models. While the solutions and classifications expressed in the document are not limited to low-income regions or the Global South, emphasis is given to these regions. In 2014, the World Bank reported that 31% of people from low-income regions have an Internet connection, versus 80% of people from high-income regions. In response, the document’s proposed solutions will more likely have a strong impact in terms of connectivity in low-income regions. The core category of Alternative Networks identified in the document is community networks, that is, networks owned by the community that provide coverage to underserved areas and that reach tens of thousands of users (e.g., Spain’s GUIFI.net). The main goal of a community network is to provide affordable Internet access for all. To achieve that, community networks rely on the independent and decentralized collaboration of community members, thereby reducing initial capital expenditure and, eventually, operational expenses, while maintaining Internet connections where there are no business cases for mainstream operators. Other types of Alternative Network deployments that aim to bridge the digital divide include:

• Wireless Internet service providers that are operated by independent organizations different from the main operators.
• Shared-infrastructure models, which are commonly found in the Global South where a number of simultaneous users share low-cost femtocells (e.g., 3G access).
• Crowdshared approaches that allow virtual network operators to piggyback on an existent Internet connection in home routers and provide a public network that consumes only a small fraction of the available bandwidth.
• Rural utility cooperatives, such as electric cooperatives, which collocate their own fiber-based broadband and a low-cost Internet service for communities.
• Testbeds that were initially built as research infrastructure in academic environments and that ended up in noncentralised models, where local stakeholders assume part of the network administration.

All in all, RFC 7962 constitutes a good starting point for the GAIA Research Group—it documents a number of deployments for providing Global Access to the Internet for All based on the input of experienced researchers and practitioners, who have participated in the successful deployments of Alternative Networks. Most important, RFC 7962 presents the socioeconomic aspects of networking, thereby obtaining the attention of communities seeking to create and manage computer networks for the people by the people.]]> 1908 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/cryptech-releases-alpha-hardware-at-ietf-96/ Tue, 01 Nov 2016 09:02:51 +0000 https://www.ietfjournal.org/?p=1910 What Is CrypTech? The goal of the CrypTech project (https://cryptech.is) is to create an open-source hardware cryptographic engine that can be built from public hardware specifications and open-source firmware. Its team comprises a loose international collective of engineers, who seek to improve assurance and privacy on the Internet. It is funded diversely and is administratively housed outside the United States. The CrypTech project was originally motivated by the loss of trust in cryptographic algorithms and products that arose after revelations of pervasive monitoring and potentially compromised algorithms and products. It evolved from discussions within both the IETF and Internet Architecture Board (IAB) communities, and was founded as an independent international development effort charged with creating a trusted, open-source, design and prototype of an inexpensive hardware cryptographic engine. CrypTech is a trusted reference design for a hardware security module (HSM), a specialized device used to securely store the public/private key pairs used with digital certificates, most commonly Secure Sockets Layer/Transport Layer Security (SSL/TLS). It supports the Internet community by providing the possibility of an open and auditable alternative to existing crypto devices. Its development model is based on a composable system that lets the designer select the bare minimum of components needed, thereby further reducing the risk and attack surface of any CrypTech-based device. CrypTech started from the ground up. First, implementing a wide variety of cryptographic algorithms to be loaded into a specialized field programmable gate array (FPGA), then designing the hardware required for a true random number generator (TRNG), and writing the necessary support software to link the CrypTech HSM to existing public key infrastructure (PKI) applications such as DNSSEC. There is much yet to be done, including building the links to additional applications, like RPKI, and building high-assurance auditing and management tools for key and cryptographic operations.

The CrypTech Alpha

Designing a hardware cryptographic device is significantly more complicated than writing open-source software. Because the CrypTech project must integrate both hardware and software components, there are real material costs that most open-source projects don’t incur. The CrypTech alpha board consists of an ARM processor and an FPGA on a EuroCard form factor (120 x 100mm) board. These reside in an enclosure with a pair of Universal Serial Bus (USB) interfaces and power. The interface to the board is a custom Remote Procedure Call over the USB interface with a client-side PKCS #11 library layered on top of it. A significant hardware aspect of the CrypTech project is the use of an FPGA for crucial cryptographic functions. Encryption or hash algorithms written in software and executed on general-purpose CPUs remain vulnerable to attack: software can be changed, often subtly, and memory contents can be read during operations. Even the length of time to perform operations can be measured to reveal information. However, when cryptography is performed in a dedicated hardware device—completely inaccessible to the normal operating system—these weaknesses are significantly reduced. As the CrypTech design matures, the FPGA may be migrated to a specialized application specific integrated circuit (ASIC) in order to further improve security and performance. CrypTech also built a true random number generator that requires specialized hardware components to be a source of randomness. Cryptographers have long been critical of algorithmic methods of generating random numbers, and poorly written random-number algorithms have been critical factors in security failures. A true random number generator (TRNG) is an important building block in a secure cryptography infrastructure. CrypTech’s initial TRNG has been tested by reputable sources and the feedback is overwhelmingly positive. A key feature of HSMs is the potential to resist tampering. CrypTech has implemented and tested tamper circuitry to support this functionality, although the current enclosure does not make use of it. (This was one of the priority development items discussed during the workshop). The delivery and alpha-testing of this portion of the CrypTech project was the successful culmination of two years of community effort. The first batch of alpha-version hardware was delivered to a set of alpha testers and formed the basis for the CrypTech workshop at IETF 96.

The CrypTech Workshop at IETF 96

Participants received their alpha hardware and were given a detailed overview of CrypTech’s major design components, including hardware, firmware, software, and FPGA (see https://trac.cryptech.is/wiki/BerlinWorkshop). They were then given the following tasks:

• Initialize the cryptographic services on their own CrypTech alpha hardware.
• Establish the use of PKCS #11 for communications to a server.
• Configure OpenDNSSEC from NLnetLabs to get its keys from the CrypTech alpha hardware.
• Utilize the system to perform DNSSEC zone signing.

While the CrypTech technology has a number of applications, the first target use case is as an HSM for DNSSEC key management. After the workshop, the CrypTech engineering team met to discuss the results of the workshop and to plan the next steps for the project based on these results. In the near term, the engineers plan to continue improving CrypTech’s quality, capacity, and performance in order to make it suitable for production applications. In addition, the team plans to add features that increase its appeal for production environments and make it suitable for applications beyond DNSSEC. During the week of IETF 96, highlights from the CrypTech workshop were discussed in several meetings, including the IEPG, IETF Security Area Advisory Group, and IRTF Crypto Forum Research Group sessions. Detailed questions about it pointed to the relevance of the effort.

Join the CrypTech Community

Open-source development was critical to the successful development and growth of the global open Internet. The CrypTech project is the same—by bringing an open source philosophy to cryptographic software and hardware, our plan is to increase trust and transparency, offer alternatives to commercial products, and reduce costs. Interested in obtaining your own version of the alpha hardware and being a CrypTech alpha tester? Although the first batch of hardware is in the hands of the current alpha testers, additional boards will be made available via CrowdSupply (https://www.crowdsupply.com/cryptech). To learn more about CrypTech and how you can help support this important effort, see https://cryptech.is.]]> 1910 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/low-power-wide-area-networks-at-the-ietf/ Tue, 01 Nov 2016 09:03:08 +0000 https://www.ietfjournal.org/?p=1912

Humidity measurement in soils

Corrosion monitoring on silos and tanks

Snow or natural water levels outdoors

Presence and/or rough location of goods (e.g., cars in a manufacturer’s parking lot)

Detection of vibrations in an engine (e.g., indicating an increasing chance of failure in the coming hours or days)

In these types of use cases, each reading is of low individual value since the data that is reported is usually simple and mostly constant, such as a bit expressing an “OK” status. This is why, to a large extent, that type of data was not effectively reported so far; apart from very specific industries such as oil and gas, the cost of deploying wires would largely overwhelm the value of the reported data, and the rare event of production stopping due to a failed vent or waste of irrigation water would be accepted as irremediable. Though the value of one individual datum may be negligible, the overall value of all this unmeasured information is now seen as the next goldmine for optimization of processes in all sorts of industries, and leads to the industrial Internet effort. To enable typical LPWA use cases, the cost of a monitoring device must be kept very low, the deployment must be very secure yet as simple as peel-and-stick, and the operational expenses per device must be kept minimal during the device’s life cycle. Another challenge comes from the large amount of monitored things—possibly thousands or tens of thousands for one application—and the span of the deployment, which often spreads over a very large area, far wider than that traditionally covered by wireless LAN (WLAN) and low-power wireless PAN (LoWPAN) technologies, and roughly in the range of wireless neighborhood area networks (Wi-NAN) and cellular technologies. Both possible approaches—evolve the low-power wireless technologies to reach farther out or evolve cellular technologies for lower cost and energy consumption—could be taken to design LPWA Networks (LPWAN). In fact, all possible paths are being explored, yielding a variety of novel technologies with a range of specific capabilities (Figure 1). [caption id="attachment_1913" align="alignnone" width="300"] Figure 1. 3GPP lPWA Technologies[/caption] For operation in the licensed band, 3GPP has standardized a new narrowband radio technology called NB-IOT that offers low complexity, low power consumption, and long range. NB-IOT can also utilize the existing LTE and legacy infrastructure and coexist in the same frequencies for reducing time to deployment. 3GPP has also standardized a category of low-complexity low-bandwidth UEs (called Cat-M1) for LTE, and IoT related improvements to GSM/GPRS networks called EC-GSM-IoT. Another set of LPWA technologies (e.g., LoRa, SIGFOX, INGENU) was designed to operate on the unlicensed industrial, scientific and medical (ISM) radio bands, with capabilities for reaching tens of kilometers with data rates in the order of tens of Kbps, using sometimes very diverse kinds of radios, from SIGFOX’s Ultra Narrow Band (UNB), which uses a thin peak of spectrum, to LoRa’s Chirp Spread Spectrum (CSS), which spans all the available bandwidth. Surprisingly, this variety of technical approaches appears to be beneficial to the end user as it provides an additional form of diversity, and therefore also an improved immunity between deployments competing for the same portion of spectrum. These new technologies complement capabilities that are already in operation in the ISM band with IEEE802.15.4 for applications such as the smart grid (Wi-SUN) (Figure 2). [caption id="attachment_1914" align="alignnone" width="300"] Figure 2. LPWA approaches to spectrum use[/caption] The balance between cost, energy budget, service guarantees, and manageability indicates that an optimization has to be found for each individual application, and that different radio technologies with different capabilities and different service offerings will continue to coexist—each serving the applications for which it is best suited. This variety of choices, as well as the potential to adopt new types of radios and services as technologies and needs evolve, is the enabler of a wide variety of ecosystems and applications, and a core value of the LPWA approach (Table 1).

	Wi-SUN	SIGFOX	LoRa	EC-GSM	CAT-M1	CAT-NB1
Deployed	Y	Y (EU,NA)	Y	Y	Q4 2016	Q4 2016
Deployment	Private	SIGFOX	Private / MO	Mobile Operator / Software upgrade
(SDO) Standard	IEEE802      IETF	(ETSI) LTN	LoRaWAN (ETSI) LTN	3GPP
Spec. avail. free to IETF	Y	Announced free YE 2017	Y	Y
Certification	Wi-SUN alliance	SIGFOX	LoRa Alliance	Regional 3GPP members                (ETSI, ATIS…)
TX up (dBm)	8-14	14	14	23/33	20/23	23
Bandwidth up	200-400-600KHz	100/600Hz (EU/NA)	125-500KHz	200KHz	1.08MHz	200KHz
Modulation	FSK	DBPSK up GFSK down	Chirp Spread Spectrum	GMSK	QPSK    QAM	QPSK
Data rate up	50 Kbps to 300 Kbps	100 bps (EU) 600 bps (NA)	0.3 Kbps to 50 Kbps	70Kbps	375Kbps	65Kbps
Band	Unlicensed, Sub-GHz ISM band                                          (433 & 868MHz in EU, 928MHz in NA)			2G	LTE	2G & LTE

Table 1. LPWA technologies compared This diversity could also be a threat if the complexity that appears as its downside cannot be controlled—for instance, if each technology comes with a different application, identity, security, and service management model, making it impossible to migrate an application as its needs evolve, or if the design of the cloud side of the application is so very different from one technology to the next that no software or operational skillset and toolset can be factorized. In order to avoid a combinatory explosion of complexity, there is a clear need for a convergence—an hour-glass model—at a layer above the radio and in a fashion similar to what IP provides for the Internet. IPv6 and CoAP can act as a potential convergence layer for LPWAN, providing device reachability and yet relative isolation in a manner that can abstract the actual underlying radio technology. A new LPWAN Working Group was formed after a successful WG-forming BoF at IETF 96 in Berlin; the LPWAN WG meets for the first time at IETF 97 in Seoul. The WG will address IPv6 over LPWA Networks, and how LPWANs can join the Internet community in a mutually beneficial way.

A Generic LPWAN Architecture

At first glance, LPWA technologies appear diverse and not all requiring the same work items from the IETF. For example, Wi-SUN already supports IPv6 with 6LoWPAN, and may not need additional work in that area. But Wi-SUN may still benefit from other components, such as security and identity management, that may or may not be of interest to other parties due to their existing support. A closer look reveals that LPWAN technologies usually share a very similar structure with both radio-layer gateways (RADIO-GWs) that connect to end devices and network-layer gateways (LPWAN-GWs) that aggregate multiple RADIO-GWs and enable connectivity to the outside world. LPWAN technologies also share a desire to enable IP technology between network applications and the applications that reside in end devices in order to promote more portable services and more generic tools (Figure 3). [caption id="attachment_1915" align="alignleft" width="300"] Figure 3. LPWAN technologies share common components[/caption] For the IETF, it is critical that a generic architecture is derived that enables some common work between technologies. A large part of the IETF’s work is to identify common needs for functionalities in the LPWAN gateway (GW), and to standardize the protocols that enable these functionalities. The new architecture must focus on the core similarities of the LPWAN technologies, such as the need to optimize battery life, very sporadic traffic, and low throughput. These extreme requirements place the bar beyond what could be achieved with 6LoWPAN for low-range, low-power wireless technologies. Leveraging this architecture, the IETF value proposition is to converge the diverse radio technologies towards a common hourglass model with an extremely compressed form of IPv6 and CoAP between the end-device and the network gateway, in order to both provide a common management of the gateway and enable secure, Internet-based services to the applications. [caption id="attachment_1916" align="alignright" width="300"] Figure 4. A potential LPWAN architecture[/caption]

The Need for New Algorithms

Some LPWA technologies are highly sensitive to frame size, due to their very low data rates. As a result,  classical compression techniques may not be enough for technologies in which only an octet or two are available to signal both IP and CoAP. At the extreme, robust header compression (RoHC) may provide that level of compression, but the learning curve in traffic and the variety of flows prevents using that technique as is. The IETF needs to do more work on this, perhaps taking the best of both compression techniques and providing the extreme compression needed to enable IP and CoAP to the device. This work may also enable the LPWAN-GW to terminate the IP flows, in which case the end device would appear as a remote I/O to the gateway, like a USB device would to a PC. The new protocols must take into account application-level protocol compression (e.g. CoAP) and employ all possible mechanisms and LPWAN specificities to achieve optimal compression, most notably the typical star topology and the limited and known-in-advance flows per end-device.

Beyond Compression

If reachability to the device through IP was the only goal for new work at the IETF, the creation of a specific WG for LPWAN would probably not be mandated. Bringing CoAP to the end-device also allows for the use of the IETF interaction model developed in CoRE WG and the T2T RG and recently adopted by Open Connectivity Foundation (among others). But a lot more needs to happen over the Internet in order to offer safe and available services for low-power IoT devices. The recent attacks on Krebs’ blog, On Security, demonstrated that IoT devices cannot be protected and maintained like traditional PCs. Long-term guarantees that the device will not be exploited for harmful activities are needed. This may be achieved by automating posture management and software updates to patch vulnerabilities as they are discovered and by isolating devices from potential attackers and targets. [caption id="attachment_1917" align="alignright" width="300"] Figure 5. IoT deployments must be secure[/caption] In addition to classical practices, IoT devices must be strongly protected from attackers seeking to gain information, influence, and use them for their own purposes. On the one hand, communication between the IoT device and its application should be available at all times, whether the application is in initial commissioning, normal operation, or decommissioning. On the other hand, unwanted communication to or from the IoT device should be barred at all times in order to limit the effects of compromised devices on the rest of the network and to limit the potential for remotely compromising more devices. One simple and solid way to provide such protection is to isolate the device and its application in an overlay network that operates on unique local addresses that cannot be reached from the outside of the overlay. On-demand and scalable overlays are not the only requirement from IoT on the Internet that the IETF could help fulfill. With the advent of connected vehicles, as well as for simple use cases, such as homeowners moving with all their connected appliances, IoT devices must be mobile at the IP layer. IETF overlay technologies, such as NEMO and LISP, enable mobility with traffic isolation, but they have different approaches to security and scalability. Matching solutions to actual needs and real-world use cases requires a combination of skills from the real-world practice of LPWA combined with expertise in Internet technologies.

IPv6 Activities thus Far

The initial work presented in the T2T RG at IETF 93 was a first draft. It showed a glimpse of the potential and the constraints of low-power, wide area networks and what could be done in these networks at the IETF, including, but not limited to, security, mobility, device management, and network and service discovery. The main motivations for the draft were to present the problems LPWANs are facing and to find a way to do the work in existing Working Groups. Multiple discussions during both IETF 93 and 94, as well as with the new industry players, indicated that we needed a new, focused place where this work could either be done, as no existing group is really chartered for it, or be coordinated from when there is an existing group. The rich discussions on the non-WG mailing list, and the active participation in the non-WG-forming BoF at IETF 95 in Buenos Aires further reinforced this view. The critical point was the specific proposal of the Static Context Header Compression draft, which demonstrated for the first time a practical way to bring the IETF stack to these ultra-constrained networks. This, along with the IETF’s robust standardization process, motivated the four major LPWAN technologies—SIGFOX, LoRa, Wi-SUN, and 3GPP—to support the creation of the LPWAN WG and to mandate the IETF to bring its stack to their LPWANs. The WG also plays an important role in bringing together different communities with many people new to the IETF. [caption id="attachment_1918" align="alignright" width="300"] Figure 6. LPWAN Timeline[/caption]

Charter and Roadmap

First steps will be focused on new forms of IP/UDP/CoAP compression, the cornerstone of future work in this field. Milestones are on a very tight schedule (with a goal of finalizing the work by mid-2017) and correspond to the immediate demand of the four baseline technologies. This first stage will also help structure the LPWAN community and prepare the eventual extension of the work, where additional items can be addressed. These may include the Radio-GW and LPWAN-GW management protocols, end-device mobility and AAA procedures, overlays, security, and the use of DNS at the core of these networks, among others.]]> 1912 0 0 0 18187 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/quic-performance-and-security-at-the-transport-layer/ Tue, 01 Nov 2016 09:03:22 +0000 https://www.ietfjournal.org/?p=1920 Background QUIC was developed by Google, implemented in Chrome in 2013, and today provides service for the majority of requests by Chrome to Google services. It operates as an application protocol over User Datagram Protocol (UDP) and integrates ideas from Transmission Control Protocol (TCP), TLS, and Datagram Transport Layer Security (DTLS) in order to provide both security comparable to TLS and minimal latency during connection setup. QUIC provides security by encrypting the application data and most of the protocol header. It provides improved latency with 0–RTT connection establishment, whereby a client that has previously communicated with a server can start a new connection without a three-way handshake, which enables it to send useful data in the very first round trip. The reduction in initial latency in comparison to TLS equals two or three round-trip times (RTTs), depending on whether TLS session resumption is enabled. QUIC improves upon TCP and TLS in a number of other ways, too, including introduction of multiple streams per connection to reduce head-of-line blocking and vastly improved acknowledgment information that eliminates retransmission ambiguity issues (Figure 1). For these reasons, QUIC has attracted significant interest from the networking community. While some documentation about the protocol has been available since its initial release in Chrome and much of the code is available in the open source Chromium project, these sources often are incomplete and lag behind what Google has actually deployed. In response, Google has begun the process of standardizing QUIC through the IETF via a Bar BoF at IETF 93 and a BoF to charter a Working Group at IETF 96. The latest BoF filled the largest meeting room available and concluded with overwhelming consensus in favor of such a Working Group. The central claims of QUIC—encryption and server authentication similar to TLS and significantly improved performance—are stated informally in the protocol documentation. Particularly for a security protocol, it is crucial to have a more formal analysis of the protocol in order to understand precisely what guarantees are being provided and what guarantees are not. To address this issue, Robert Lychev, Alexandra Boldryeva, Cristina Nita-Rotaru, and I developed a provable security analysis of QUIC that precisely characterized the security provided and then leveraged the results of that analysis to identify a number of performance attacks against QUIC. In 2015, we won the IRTF Applied Networking Research Prize for our work, titled “How Secure and Quick is QUIC? Provable Security and Performance Analyses”, which had been published that same year at the IEEE Symposium on Security and Privacy. We again presented our work at a well-attended Internet Research Task Force session at IETF 96.

Our Work

Our work presents a provable security analysis of QUIC that precisely characterizes its security guarantees. Such an analysis consists of a formal model of the protocol, a formal definition of security, and a proof by reduction that shows how QUIC satisfies the security definition. Unfortunately, existing formal security models from the analysis of TLS were unsuitable for QUIC, due to QUIC’s use of multiple session keys and the fact that QUIC must consider reordering and packet injection issues that TLS can hand off to TCP. As a result, we developed a new security model, which we called Quick Authenticated and Confidential Channel Establishment (QACCE). The new model considers attackers, who can initiate and observe communications between honest parties, as well as intercept, drop, reorder, or modify any exchanged messages. The attacker is assumed to have knowledge of all public keys and can adaptively learn and apply collected information. Selective compromise of servers and access to their secret keys and state is also possible. Given such an attacker, a secure protocol should allow parties to establish session keys and use them to send data with privacy and integrity. We prove that QUIC can successfully protect against such a strong attacker and provide QACCE security, under reasonable assumptions about the encryption, authentication, and signing algorithms used. Interestingly, this security model provides different levels of security for data exchanged under QUIC's initial and final session keys. These two keys are an optimization introduced to enable 0–RTT connections. Data sent in the first round-trip is encrypted with an initial key that is derived from a static Diffie Hellman value in a long-term server config object while data sent in all future messages is encrypted using a final session key derived from an ephemeral Diffie Hellman value sent in the first message from the server. This means that QUIC does not satisfy the traditional notion of forward secrecy provided by certain TLS modes, such as TLS-DHE. Forward secrecy is a property, which ensures that an adversary who compromises a server is unable to compromise prior connections to that server. In QUIC’s case, since the 0–RTT data is encrypted under the initial key derived from the server’s cached Diffie Hellman value, this data can be compromised if the server config object has not expired. However, since the final session key is derived from an ephemeral Diffie Hellman exchange, any data encrypted under it (i.e., data exchanged after the first RTT) is  forward secret. Using this analysis of the security guarantees provided by QUIC, we can consider possible attacks against QUIC’s performance and identify five performance-degradation attacks against it. It should be emphasized that these attacks do not impact the authenticity or confidentiality of data sent over QUIC; they impact only QUIC’s performance. But, performance, specifically latency, is a key motivating goal for the development and deployment of QUIC, and these attacks enable an attacker to deny clients access to services offered over QUIC by denial of service against the server or by disrupting a particular target connection. Interestingly, these attacks operate by leveraging the optimizations made to enable 0–RTT connections and either replaying cachable information about the server or manipulating unprotected packet fields.

The Server Config Replay Attack

[caption id="attachment_1957" align="alignright" width="300"] Figure 2. Server config replay Attack[/caption] One attack that we identified is the server config replay attack. The server config is a signed object containing a variety of information about the server, including a Diffie Hellman value and the server’s supported encryption and signing algorithms. This object is designed to be cachable by a client for a specified lifetime and provides the client with all the information needed to perform a 0–RTT connection. It is retrieved from the server the first time a client connects. The server config replay attack takes advantage of the public, cachable nature of this object. In this attack, the attacker listens for new connection requests, and forges a message containing this server config and a randomly generated source address token (STK). This token is used to prevent IP spoofing and is treated by the client as an opaque string. This message races any response from the legitimate server; provided it wins, the client will retry the connection with this new server config and STK. However, the legitimate server has no record of this STK and so will reject the connection. Unfortunately, the client believes it has already received the first message from the server, and so will ignore this rejection message, causing the connection to linger in a stalled state for multiple seconds until the client’s connection establishment timer fires, abruptly terminating the connection. The other attacks we identified operate in a similar manner by either replaying cachable information or modifying unprotected packet fields (Figure 2).

Conclusion

By developing a provable security analysis of QUIC and investigating attacks against performance, we formalize the security that QUIC provides and identify areas of weakness in its current manner of optimizing performance. This work was well received at IETF 96, and we hope it will provide valuable insight as the recently chartered QUIC Working Group begins the standardization process. We look forward to seeing an even-better QUIC emerging from this process in the future.]]> 1920 0 0 0 500 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-6lo/ Tue, 01 Nov 2016 09:03:38 +0000 https://www.ietfjournal.org/?p=1922

Limited power, memory, and processing resources

Hard upper bounds on state, code space, and processing cycles

Optimization of energy and network bandwidth usage

Lack of some Layer 2 services, such as complete device connectivity and broadcast/multicast

[caption id="attachment_1978" align="alignright" width="300"] Figure 1. The 6lo Stack[/caption] Since its formation, the 6lo WG has produced IPv6-over-BLUETOOTH Low Energy (RFC 7668) and IPv6-over-Zwave (RFC 7428), and has been working on documents, including IPv6-over-DECT Ultra Low Energy, IPv6-over-BACNET Master-Slave/Token-Passing networks, IPv6-over-Near Field Communication, extensions for LOWPAN dispatch functions, and a new ethertype request document for assigning a new ethertype for LOWPAN encapsulated IPv6 datagrams. Find the latest status of documents at https://datatracker.ietf.org/wg/6lo/documents/. Recently, the Wi-Sun Alliance (https://www.wi-sun.org/) showed interest in deploying the 6lo stack with IEEE 802.15.9 Multiplexed Data Services. It intends to use the 15.9 Multiplexed Data Information Element to dispatch LoWPAN encapsulation frames to upper stack layers. The 6lo stack is also under consideration for the Wifi Alliance’s HaLoW standard (low-power operation in 900 MHz band), on IEEE 802.11ah and Low-Power Wide Area Networks. The Bluetooth SIG also supports the 6lo-stack by defining a special IP profile (IPSP) in the Bluetooth specifications. RFC 7668 states “Bluetooth SIG has also published the Internet Protocol Support Profile (IPSP), which includes the Internet Protocol Support Service (IPSS). The IPSP enables discovery of IP-enabled devices and establishment of a link-layer connection for transporting IPv6 packets. IPv6 over Bluetooth LE is dependent on both Bluetooth 4.1 and IPSP 1.0 or more recent versions of either specification to provide necessary capabilities.” The 6LoWPAN or the 6lo stack could be a unifying standard for running IP protocols over the multitude of Internet-of-Things (IoT) L2 technologies that today require many application gateways to convert packets to IP networks connecting to data centers or other IoT networks. The 6lo stack supports UDP with compression and RFC 7400 defines generic header-compression mechanisms for further applicability in the constrained node networks. In addition to the RFC 4944 adaptation layer and RFC 6282 IPv6 header-compression mechanism, RFC 6775 allows device registration and minimal or no multicast in energy-sensitive networks. The output and concept of the 6lo WG, in some cases, may be applicable in non-6LoWPAN node networks where energy preservation and stateless header compressions are critical. The WG welcomes work on IPv6-over-foo, 6LoWPAN stack improvements, use-case driven header-compression mechanisms that can work with RFC 4944, network access security solutions, support for reliable communications over deterministic networks, and any energy-sensitive L2-wireless or wired technologies. The 6lo WG is run by its cochairs, Gabriel Montenegro and Samita Chakrabarti and the responsible area director is Suresh Krishnan. For more information or to read the WG charter, visit https://datatracker.ietf.org/wg/6lo/charter/.]]> 1922 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/record-breaking-hackathon-at-ietf-96-in-berlin/ Tue, 01 Nov 2016 09:03:53 +0000 https://www.ietfjournal.org/?p=1924 Goals of the IETF Hackathon

• Advance the pace and relevance of IETF standards activities by bringing the speed and collaborative spirit of open source development into the IETF (e.g., targeted standards areas where ideas are flushed out, sample code is produced, and useful utilities are developed).
• Bring developers and young people into the IETF and get them exposed to and interested in the IETF.

The Hackathon was held in conjunction with IETF 96, over the weekend that marked the start of a full week of IETF activities. By 9:00 am Saturday, the room was already more than half full with both project champions eager to share posters describing their projects and participants seeking the best match for their interests and skills. Project posters are a new component of Hackathons and are being used in place of the short project presentations that typically occurred at the start of the Hackathon. We found that even when presentations were restricted to no more than 5 minutes, having 20 or more of them ate up valuable time that could have been spent hacking. The posters ranged from professional-looking masterpieces to a few words scribbled haphazardly on a flip chart. They all served the intended purpose, and an ad hoc Q&A provided any necessary clarifications. An unofficial survey of participants validated the hypothesis that the posters were, indeed, a welcome change. Teams formed very quickly, and additional participants were welcomed as they trickled in the rest of Saturday and even Sunday morning. A competitive spirit was evident, but even greater was a collaborative spirit aimed at progressing IETF work with speed, quality, and relevance via running code and open source software. The teams worked tirelessly; a coffee machine, lunch, cookies, dinner, and beer provided more than adequate fuel and incentive to remain on task. On Saturday, many participants finally agreed to leave at 10:15 pm in order to allow hotel staff to lock up and go home. When the doors reopened Sunday morning, many got right back to work—even before the officially advertised 9:00 am start time. By early Sunday afternoon, teams had switched gears to create brief presentations that answered the following three questions:

1. What problem you are solving?
2. How do you plan to solve it?
3. What did you achieve, highlighting benefits to IETF work and communities of interest?

The presentations were viewed by fellow participants and judges, and were both recorded and live streamed for the benefit of those not able to join the actual event.

Winners

Best Overall

• ILA - IPv6 Identifier Locator Addressing
  • Implementing draft-herbert-nvo3-ila-02
  • Data plane method to implement network virtualization without encapsulation and its related overhead
  • Implemented ILA as VPP plugin
  • Interop between VPP in FD.io and Linux kernel space fast data path in ioVisor

Best Feedback to Working Groups

• PCE-based Central Control
  • Implemented Label DB sync per draft-palle-pce-controller-labeldb-sync
  • Added TLS security over PCEP per draft-ietf-pce-pceps

• I2RS – Interface to Routing System
  • Tried to implement YANG data models as defined by Working Group
  • Uncovered issues in correctness and level of complexity
  • Great insights and guidance back into working group

Most Important to IETF

• YANG/NETCONF/RESTCONF
  • Implemented draft-openconfig-netmod-model-catalog and developed two YANG Data Model Catalog tools
    • Using NETCONF (http://www.yangvalidator.com/)
    • REST API
    • NETCONF/YANG for any Unix/Linux app via sysrepo 

Best Interop Testing for Imminent Deployment

• TLS 1.3
  • Development and interop testing across various crypto libraries (e.g., NSS, Apache, Firefox, ProtoTLS, MiTLS, BoringSSL)

Most Progress during the Hackathon

• BGP-Flowspec/BGP-LS
  • Implemented segment routing per draft-gredler-idr-bgp-ls-segment-routing-ext-02

• IoT Bootstrapping for Noobs
  • Implemented https://tools.ietf.org/html/draft-aura-eap-noob-01

Best Ecosystem Engagement

• DNS/DNSSEC/DPRIVE/DANE
  • DNS security and privacy enhancements, interoperability improvements
  • Multiple user stories, multiple open source prototypes

Additional information, including the list of registered projects and participants and all presentations, are available via the Hackathon wiki (https://www.ietf.org/registration/MeetingWiki/wiki/96hackathon). Plans are already underway for the IETF 97 Hackathon in Seoul, Korea, 12–13 November. Information will be available soon at the main IETF Hackathon page (https://www.ietf.org/hackathon/). You can remain up to date on Hackathon discussions by subscribing to the Hackathon mailing list (https://www.ietf.org/mailman/listinfo/hackathon).  Share your questions, comments, new project proposals, and the like via the mailing list or by contacting the IETF Hackathon chairs: Barry Leiba (barryleiba@computer.org) and Charles Eckel (eckelcu@cisco.com).]]> 1924 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/actn-from-standard-to-interop/ Tue, 01 Nov 2016 09:04:09 +0000 https://www.ietfjournal.org/?p=1926

A practical approach to repurpose both existing and well-defined technologies and underpinning them with software-defined networking (SDN) principles, ACTN facilitates heterogeneous domain transport networking and control/management technologies (e.g., GMPLS/ASON, PCE, and NMS/EMS), while enabling logically centralized multidomain control/management.

Use of a hierarchical architecture to scale and support the clear domains (vertically and horizontally) that exist in current transport networks

Facilitating role-based access to allow consumers of high-bandwidth services seamless access to the underlying packet and optical transport networks.

Virtual network automation using abstraction, slicing, and in-operation optimization of underlying network resources for higher-layer services, independent of how the underlay domain resources are managed or controlled.

Design objectives and requirements that are derived from network operators’ and service providers’ needs for end-to-end service agility.

Provision of network virtualization services to customers and the ability to control and operate their virtual network slices according to their application requirements and underlying provider policies and technology rules.

This article provides an overview of ACTN: its architecture, Internet standards progress, and academic collaboration via the Towards Ultimate Convergence (TOUCAN) project, and other related work, including the IETF Hackathon, Bits-N-Bites, and inclusion into the Open Network Operating System (ONOS).

ACTN Architecture

Figure 1 shows the architecture of ACTN. ACTN supports controller hierarchies defined for various functions and roles via three controller types: customer network controller (CNC), multidomain service coordinator (MDSC), and physical network controller (PNC). In addition to the controllers, there are devices in the network that are referred to as network elements. There are also three types of interfaces: CNC-MDSC interface (CMI), MDSC-PNC interface (MPI), and southbound interface (SBI). Figure 1. ACTN Architecture The CNC enables the network’s customers to instantiate their virtual networks. Usually, the CNC directly interfaces the applications and forwards their requirements to the MDSC via the CMI. It is assumed that both the CNC and the MDSC have common knowledge about the end-point interfaces based on their business negotiation prior to service instantiation. Given their virtual network, customers can better manage and operate their services/applications with a higher degree of flexibility—a benefit for businesses based on the Internet. The MDSC is usually run by the carriers to provide services to the customer (CNC). The MDSC receives abstracted network information from one or multiple PNCs, and can therefore coordinate resources from various PNCs in multidomain, multivendor, or multitechnology scenarios. The MDSC is the only building block of the architecture that needs to implement all the main ACTN functionalities, including the multidomain coordination function, virtualization/abstraction function, customer mapping function, and virtual service coordination. Carriers will take advantage of ACTN, as interoperation is enabled on the MDSC level, and the corresponding operations and management are also greatly simplified due to abstraction. The PNC is the domain controller in charge of configuring the network elements, monitoring the physical topology of the network, and passing it, either raw or abstracted, to the MDSC. The PNC and its SBI, together with devices, can support a variety of heterogeneous protocols that are suited to a vendor’s choice to pursue high-performance with automation techniques.

IETF Standard Progress

The ACTN requirements and framework documents are progressing in the Traffic Engineering Architecture and Signaling (TEAS) WG in the Routing Area. To date, the ACTN requirement draft (draft-ietf-teas-actn-requirement) and the ACTN framework draft (draft-ietf-teas-actn-framework) are WG documents in the TEAS WG. From the solutions perspective, the TEAS WG and other WGs, including PCE, CCAMP, and RTGWG, are relevant WGs. YANG-based solutions to fulfill ACTN requirements are addressed in the TEAS and CCAMP WGs, while PCEP-based solutions are addressed in the PCE WG. IETF YANG models associated with RESTconf or Netconf protocols are considered solutions for the ACTN interfaces. A topology model (defined in draft-ietf-teas-yang-te-topo) and a tunnel model (defined in draft-ietf-teas-yang-te) have been adopted in the TEAS WG. Other models, such as service and virtual network models (defined in draft-zhang-teas-transport-service-mode and draft-lee-teas-actn-vn-yang) are also applicable to ACTN interfaces. Draft-zhang-teas-actn-yang provides an overview of how various YANG models are applicable to ACTN. Similarly, draft-dhody-pce-applicability-actn offers an overview of how PCEP is applicable to ACTN.

ACTN IETF Events: Hackathon and Bits-N-Bites

ACTN participated in the IETF 96 Hackathon with two independent projects. One was applied on an optical network and involved making a tool for online network survivability analysis. YANG model work was evaluated in the optical project, as a solution for MPI. Two IETF Internet-Drafts—draft-ietf-teas-yang-te-topo-04 and draft-zhang-ccamp-transport-ctrlnorth-yang-00—were implemented. This project successfully concluded that IETF YANG models are applicable to the ACTN architecture. The second project was applied on a packet network to enable customers to dynamically select among multiple destinations. Both of these projects were based on the Open Network Operating System (ONOS) controller platform, and used PCEP as a protocol between controller and network elements. Based on the single domain scenario of IETF 96, the ACTN Hackathon project will bring multiple vendors to further develop multidomain and multilayer scenarios at IETF 97. The packet network will be interworking with the optical network to provide E2E service, and a uniform IETF YANG model will be supported by multiple vendors on MPI. During the Bits-N-Bites session at IETF 97 we will demonstrate an IP and optical multidomain, multivendor scenario using RESTConf/YANG models, as well as Stateful H-PCEP.

ONOS ACTN Project

An open source project has been launched in ONOS. The project aims to implement IETF YANG models and the RESTconf protocol in order to better fit the MPI for multidomain, multivendor service provisioning. Full details about the project can be found at https://wiki.onosproject.org/pages/viewpage.action?pageId=8424694.

Toward Ultimate Convergence Project

The TOUCAN project outlined the grand research challenges of facilitating the optimal interconnection of infrastructure and resource abstraction (virtualization and programmability) of transport network technology. This is the foundation upon which technology-agnostic and seamless end-to-end convergence is achieved. TOUCAN Project partners include University of Bristol, University of Edinburgh, Heriot-Watt University, and University of Lancaster. For more information about ACTN, visit https://sites.google.com/site/openactn/.]]> 1926 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/multipath-tcp-deployments/ Tue, 01 Nov 2016 09:04:24 +0000 https://www.ietfjournal.org/?p=1929 1, is the most recent extension to the venerable TCP. TCP was designed when hosts had a single network interface and a single IP address. Each TCP connection is identified by a four-tuple (source and destination addresses and source and destination ports), and every packet belonging to this connection carries this four-tuple. Once a TCP connection has been established, it is impossible to change any of the elements of the four-tuple without breaking the connection—a severe limitation in today’s networks for the following reasons:

1. Many hosts are dual-stack. Even if they have a single interface, they have two or more addresses and there are different network paths between any pair of communicating hosts.
2. Many hosts have several interfaces, such as smartphones and tablets.
3. There are a growing number of mobile hosts on today’s Internet with addresses that can change as they move from one wireless network to another.

Multipath TCP handles these issues by extending TCP to enable endhosts to exchange data belonging to one connection over different paths. To achieve this, Multipath TCP combines several TCP connections (called subflows in RFC 6824) into a single Multipath TCP connection. The first subflow starts with a three-way handshake, much like a regular TCP connection. The main difference is that the SYN packet contains an MP_CAPABLE option that negotiates the use of Multipath TCP and random keys. Once the first subflow has been established, either of the communicating hosts can create an additional subflow from any of its own addresses toward any of the addresses of the remote host by sending a new SYN with the MP_JOIN option. Such subflows can be created and terminated at any time, which is very important for mobile hosts. Data can be sent over any of the subflows that currently compose the Multipath TCP connection. If a subflow fails, all the data that was transmitted over it that has not yet been acknowledged will be retransmitted over other subflows. (For more information about Multipath TCP, see RFC 6824 or NSDI ’12²). Today there exist multiple independent interoperable implementations of Multipath TCP. The most widely used are iOS/macOS and Linux³. Multipath TCP is supported by load balancers, and there are implementation efforts on FreeBSD and Solaris. This article describes several commercial services that leverage the unique capabilities of Multipath TCP.

Smartphones

The largest deployment of Multipath TCP is on smartphones.

End-to-end Multipath TCP

[caption id="attachment_1947" align="alignright" width="300"] Figure 1. Illustration of Taking Advantage of multiple Interfaces[/caption] Smartphones often have connectivity to both a WiFi access point and a cellular network. If a user has Internet connectivity via WiFi, walking away from the WiFi access point will result in the smartphone losing connectivity, implying that the TCP connection that has been established over WiFi will also fail. One of the benefits of Multipath TCP is its ability to seamlessly hand over from one interface to another—making it the perfect candidate to solve these kind of losses of connectivity (Figure 1). Siri is the digital assistant in Apple’s iOS and macOS operating systems. Because speech recognition requires tremendous processing power, Siri streams spoken commands to Apple’s datacenter for speech recognition; the result is sent back to the smartphone. Although the duration of a user’s interaction with Siri is relatively short, Siri’s usage pattern made this data transfer a perfect client for MPTCP. Many people use Siri while walking or driving. As they move farther away from a WiFi access point, the TCP connection used by Siri to stream its voice eventually fails, resulting in error messages. To address this issue, Apple has been using MPTCP—and benefiting from its handover capabilities—since its iOS 7 release. When a user issues a Siri voice command, iOS establishes an MPTCP connection over WiFi and cellular. If the phone loses connectivity to the WiFi access point, traffic is handed over to the cellular interface. A WiFi connection that is still in sight of an access point can have a channel become so lossy that barely any segments can be transmitted. In this case, another retransmission timeout happens and iOS retransmits the traffic over the cellular link. To further reduce latency, iOS measures the round-trip times (RTTs) on the two interfaces. Bufferbloat is infamously known to cause huge RTTs. The WiFi link may have an RTT much bigger than that of the cellular link. When iOS detects that the RTT over WiFi is much bigger than the one over cellular, it sends the voice stream over the cellular interface. Finally, input from WiFi Assist⁴ and a trigger to hand over traffic to the cellular interface is used. For Siri users, this deployment of MPTCP has resulted in a significant reduction of network errors. After establishing two subflows (one over WiFi and one over cellular), the network error rate decreased by 80%. Thanks to RTT measurements that also trigger handovers, Siri also responds faster to user commands. Siri can provide user feedback 20% faster in the 95th percentile and 30% faster in the 99th percentile. Deploying MPTCP on the Internet has been relatively painless. MPTCP’s ability to handle middlebox interference and fall back to regular TCP has proven efficient and without major issues. Roughly 5% of the connections, however, still fall back to regular TCP, due to both the deployment of transparent TCP proxies in cellular networks and firewalls removing MPTCP options. One challenge of MPTCP is its debuggability. Subflow handling introduces a major code complexity: WiFi interfaces appear and disappear. Some of these networks may have middleboxes that interfere with MPTCP, making subflow establishment impossible. Corner-case scenarios, which are hard to reproduce and only happen when a product is deployed at huge scale, require extensive logging mechanisms to trace the behavior of an MPTCP connection. Due to the uncertainties introduced by middleboxes on a network, it is very difficult to identify root cause of an issue. As a result, one can’t always differentiate between a software bug and a middlebox.

Multipath TCP through SOCKS proxies

Besides the servers deployed specifically for the previous use case, there are very few servers that already support Multipath TCP. Despite this, several network operators seek to enable smartphone users to achieve increased throughput by combining existing cellular and WiFi networks. Network operators in several countries have relied on SOCKS (RFC 1928⁵) to simultaneously use WiFi and cellular networks. From an operator’s viewpoint, the main benefit of coupling SOCKS with MPTCP is that it is easily deployable, since no or few dependencies exist with the existing cellular core and WiFi infrastructure.⁶ Several models of commercial Android smartphones include the Multipath TCP implementation in the Linux kernel and a SOCKS client. The SOCKS client running on the smartphone intercepts any TCP connection attempts to distant servers. It then creates a connection to a SOCKS server managed by the network operator. When the user is authenticated, the SOCKS client sends a command to the SOCKS server, which creates a TCP connection toward the remote server. At this point, there is a Multipath TCP connection between the smartphone and the SOCKS server, and a TCP connection between the SOCKS server and the remote server. The SOCKS server relays all data sent on the Multipath TCP connection over the TCP connection, and vice versa. Smartphones create additional subflows toward the SOCKS server over the other available interfaces. The result is an improved user experience, thanks to aggregated bandwidth and seamless handover.

Hybrid access networks

Another important use case for Multipath TCP lies in access networks. In many regions of the world, the available access networks provide limited bandwidth. A typical example is rural areas, where it is costly for network operators to deploy high-bandwidth access networks. Even if access network bandwidth is limited, it often is possible to subscribe to different network services that, when combined, provide higher bandwidth and higher resiliency. Several companies have deployed solutions that leverage the unique bonding capabilities of Multipath TCP. The first relies on SOCKS proxies and enables endusers to efficiently combine network services from different providers. The second is targeted at network operators seeking to combine fixed (e.g., xDSL) and wireless (e.g., LTE) networks in order to provide higher bandwidth to customers.⁷

Combining access networks with SOCKS

SOCKS is also used with Multipath TCP to combine different access networks. In this deployment, end hosts are regular hosts that do not support Multipath TCP. To benefit from the bonding capabilities of Multipath TCP, a middlebox is installed in the end user’s LAN. This middlebox acts as a SOCKS client and interacts with a server in the cloud. Both the middlebox and the cloud server both use Multipath TCP and, therefore, are able to exploit any available access network, provided an IP address has been assigned to the middlebox on each of the access networks. The middlebox typically acts as a default gateway in the end user’s LAN. It intercepts all TCP packets sent by the hosts on the LAN to external destinations, and then it proxies them over Multipath TCP connections toward a SOCKS server running in the cloud. This server terminates the Multipath TCP connections and initiates regular TCP connections to the final destinations. This solution is already commercially deployed in two countries. Users report successfully combining different types of access links, including xDSL (from ADSL to VDSL), DOCSIS, 3G, 4G, and satellite links.

Multipath TCP in hybrid access networks

[caption id="attachment_1983" align="alignright" width="300"] Figure 2. The multipath TcP handshake[/caption] Some network operators have deployed both fixed (e.g., xDSL) and wireless (e.g., LTE) networks and wish to combine the networks in order to offer higher bandwidth services. Multipath TCP may also be used to provide these services (Figure 2). In this deployment, neither the client nor the server support Multipath TCP. Multipath TCP is used on the CPE and in the hybrid aggregation gateway (HAG) that resides in a datacenter of the network operator that manages both access networks⁸. When a client initiates a TCP connection toward a remote server, it sends a SYN packet. This packet is intercepted by the CPE that virtually terminates the TCP connection and then adds the MP_CAPABLE TCP option before forwarding the packet over the xDSL network. The HAG, which resides on the path followed by all packets sent by the client over the xDSL network, intercepts the SYN packet. It virtually terminates the Multipath TCP connection and then forwards the SYN to the server after having removed the MP_CAPABLE option. The server then confirms the establishment of the connection by sending a SYN+ACK. This packet is intercepted by the HAG that updates its state for this connection and adds an MP_CAPABLE option before forwarding it toward the CPE. The CPE performs similar operations. It updates its state and forwards the SYN+ACK to the client without the MP_CAPABLE option to confirm the establishment of the connection. At this point, there are three TCP connections. The first is a regular TCP connection. It  starts at the client and is virtually terminated on the CPE. The second is a Multipath TCP connection that is virtually terminated on the CPE and the HAG. And the third is a regular TCP connection between the HAG and the remote server. From an operational viewpoint, it is important to note that with IPv6, neither the CPE nor the HAG need to translate the source and destination addresses of the forwarded TCP packets. The client IP address remains visible to the destination server. This is an important advantage compared to SOCKS-based solutions. Furthermore, in this deployment the connection between a client and a server can be created within a single round-trip time.

Conclusion

Despite its young age, Multipath TCP is deployed on a large scale for several commercial services. On smartphones, it combines cellular and WiFi networks both for higher bandwidth and for faster handovers in delay-sensitive applications. In access networks, it supports hybrid access networks that improve customer experience by efficiently combining existing fixed and wireless networks. Acknowledgements The authors thank Christoph Paasch and Simon Lelievre. References

1. Ford, A., Raiciu, C., Handley, M., Bonaventure, O., “TCP Extensions for Multipath Operation with Multiple Addresses”, RFC 6824, DOI 10.17487/RFC 6824, January 2013.
2. Raiciu, C., Paasch, C., Barré, S., Ford, A., Honda, M., Duchêne, F., Bonaventure, O., Handley, M., “How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP”, USENIX Symposium of Networked Systems Design and Implementation (NSDI ’12), April 2012.
3. Paasch, C., Barré, S., et al. “Multipath TCP implementation in the Linux kernel”, https://www.multipath-tcp.org.
4. Apple, WiFi Assist, https://support.apple.com/en-us/HT205296.
5. Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L., “SOCKS Protocol Version 5”, RFC 1928, March 1996.
6. S. Seo, “KT’s GiGA LTE”, IETF 93, https://www.ietf.org/proceedings/93/slides/slides-93-mptcp-3.pdf.
7. Broadband Forum, TR 348 - Hybrid Access Broadband Network Architecture, July 2016, https://www.broadband-forum.org/technical/download/TR-348.pdf.
8. B. Peirens, G. Detal, S. Barré, O. Bonaventure, “Link bonding with transparent Multipath TCP”, Internet-Draft, draft-peirens-mptcp-transparent-00, 2016.

]]> 1929 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-3/ Tue, 01 Nov 2016 09:04:51 +0000 https://www.ietfjournal.org/?p=1933 Samuel Jero for a security analysis of the QUIC protocol. See the full paper at https://www.sjero.net/pubs/2015_Oakland_QUIC.pdf. Dario Rossi for characterizing anycast adoption and deployment in the IPv4 Internet. See the full paper at http://conferences2.sigcomm.org/co-next/2015/img/papers/conext15-final100.pdf. Jero and Rossi presented their findings to the Internet Research Task Force open meeting during IETF 96. Their slides are available at https://www.ietf.org/proceedings/96/slides/slides-96-irtfopen-1.pdf and https://www.ietf.org/proceedings/96/slides/slides-96-irtfopen-0.pdf. Thanks to Meetecho, audio and video from the presentations is also available at http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF96_IRTFOPEN&chapter=chapter_1 (from 00:19:40). ANRP winners have been selected for all of the IETF meetings in 2016. The following winners will present their work at the IETF 97 meeting in Seoul: Olivier Tilmans, a PhD student at the IP Networking Lab, Université Catholique de Louvain, Belgium. Tilmans will present a Fibbing architecture that enables central control over distributed routing. Benjamin Hesmans, a PhD student at the IP Networking Lab, Université Catholique de Louvain, Belgium. Hesmans will present solutions that enable applications to control how Multipath TCP transfers data. The call for nominations for the 2017 ANRP award cycle will close on 6 November 2016. Join the irtf-announce@irtf.org mailing list for all ANRP related notifications.]]> 1933 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-november-2016/ Tue, 01 Nov 2016 09:05:05 +0000 https://www.ietfjournal.org/?p=1939 International Meeting Arrangements (imtg) Description: This meeting was an educational session for experts to share knowledge about human rights, business, and strategies for navigating human rights issues within the IETF’s operations. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-imtg Outcome: The community received helpful expert input and a constructive discussion occurred. The session was explicitly not to make any recommendations.

Low-Power Wide-Area Networks (lpwan)

Description: A new generation of wireless access technologies has emerged under the generic name of Low-Power Wide-Area (LPWA), with a number of common characteristics that make these technologies unique and disruptive for Internet of Things applications. Typical LPWA Networks use license-exempt bands to provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles. Existing pilot deployments show the huge potential and meet industrial interest, but the loose coupling with the Internet makes the device management and network operation complex and implementation specific. There currently is little to no use of IETF technologies in LPWANs at large, and there is a need to evaluate their applicability to contribute to the emerging needs of these technologies, in terms of longevity, scalability, or better integration to existing systems and processes. (See article, Working Group Update: 6LO.) Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-lpwan Outcome: This was a productive meeting that identified several potential work items for a new IETF working group to take on. Since the meeting a proposed Working Group charter has been circulated for review by the community and it is likely that a newly formed working group will meet during IETF 97 in Seoul.

Low-Latency Low-Loss Scalable Throughput (l4s)

Description: L4S provides a mechanism to allow scalable congestion controls, like Data Centre TCP (DCTCP), to coexist on the public Internet with preexisting classic congestion controlled traffic. L4S is made possible by the introduction of new active queue management (AQM) technology that isolates scalable and classic traffic in terms of latency, but behaves as a single queue in terms of bandwidth. The purpose of this non-WG forming BoF was to inform the community about these developments and to gather feedback. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-l4s Outcome: A good discussion was had and the proponents provided a very impressive technology demonstration as part of their presentation. The work is likely to move forward as multiple, discrete work items in existing Transport Area Working Groups.

Limited Use of Remote Keys (lurk)

Description: HTTPS in typical use authenticates the server by proving ownership of a private key, which is associated with a public-key certificate. Currently, most trust models assume that private keys are associated and owned by the HTTP server and that the server is responsible for both the hosted content and for the network delivery. Although these assumptions were largely true in the past, today, the deployment of Internet services largely relies on multiple distributed instances of the service. In such architectures, the application expects to authenticate a content provider but is actually authenticating the node delivering the content. Since the first BoF during the IETF 95 meeting in Buenos Aires, mailing list discussion has established that there is interest in dealing with the “offload transport security without giving the Content Delivery Network my private key” use-case. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-lurk Outcome: Potential approaches to addressing the identified use case were discussed and a number of serious challenges identified. There was no support for forming a Working Group, although some aspects of the work may be pursued in existing working groups (acme).

Intelligent Transportation Systems (its)

Description: The goal of this group is to standardize and/or profile IP protocols for establishing direct and secure connectivity between moving networks. The group is now focussed on specifying mechanisms for transmission of IPv6 datagrams over IEEE 802.11p OCB mode. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-its Outcome: This was a good discussion and the narrow focus on adapting IP for use over a specific link-layer technology helped the group to make progress. Coordination with the Institute of Electrical and Electronics Engineers (IEEE) was identified as important and the group has since progressed to forming an IETF working group, IP Wireless Access in Vehicular Environments (ipwave), that will meet for the first time during the IETF 97 meeting in Seoul.

Path Layer UDP Substrate (plus)

Description: The goal of this proposed Working Group is to enable the deployment of new, encrypted transport protocols, while providing a transport-independent method to signal flow semantics under transport and application control. The initial approach uses a shim layer based on the User Datagram Protocol (UDP), which provides compatibility with existing middleboxes in the Internet as well as ubiquitous support in endpoints, and provides for userspace implementation. This effort follows on from the spud BoF in Dallas and the spud prototyping effort. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-plus Outcome: This was a very well-attended and contentious meeting. It was clear that there was insufficient consensus for this work to proceed in its current form. More work is required on the problem statement, analyzing previous work addressing similar problems, and building a larger community of people interested in this approach.

QUIC (quic)

Description: QUIC is a UDP-based transport protocol that provides multiplexed streams over an encrypted transport. This BoF proposed formation of a Working Group to standardize QUIC’s core transport protocol and the mapping of the transport protocol to the facilities of TLS. An additional work item will be to describe how to map the semantics of applications onto the transport. The first mapping will be a description of HTTP/2 semantics using QUIC. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-quic Outcome: Around 400 people attended this session! This was a very well-organised meeting with clearly defined work and strong consensus that the proposed charter was good. Since the meeting, a new quic IETF Working Group has been formed in the Transport Area.

Ledger (ledger)

Description: Moving digital assets (making payments) between accounts operating on different payment networks or ledgers is not possible in an open, interoperable way. Interledger is a protocol stack for doing this (tranfering digital assets) over the Internet. The project was started within a W3C community group in October 2015 and has produced a number of technical specifications which are candidate Internet-Drafts. It defines a set of formats for representing digital asset transactions and protocols for executing those transactions in a secure and verifiable manner. The purpose of this BoF was to introduce Interledger and the underlying protocols and to discuss how this work might progress at the IETF. Proceedings: https://www.ietf.org/proceedings/96/minutes/minutes-96-ledger Outcome: This was a non-WG forming BoF. It provided an opportunity for information sharing with the community and exploration of the potential for future IETF work. There was no clear consensus about bringing this work into IETF, and discussion is continuing on the mailing list.]]> 1939 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-96-at-a-glance/ Tue, 01 Nov 2016 09:05:18 +0000 https://www.ietfjournal.org/?p=1941 On-site participants: 1424 Newcomers: 283 Number of countries: 61 Hackathon participants: 158 IETF Activity since IETF 95 (3 April–17 July 2016) New WGs: 4 WGs closed: 4 WG currently chartered: 144 New and revised Internet-Drafts (I-Ds): 1061 RFCs published: 100

• 55 Standards Track, 3 BCP, 7 Experimental, 35 Informational

IANA Activity since IETF 95 (March–June 2016) Processed 1553+ IETF-related requests, including:

• Reviewed 97 I-Ds in Last Call and 114 I-Ds in Evaluation
• Reviewed 104 I-Ds prior to becoming RFCs, 63 of the 104 contained actions for IANA

Added 3 new registries since IETF 95 (March–June 2016): opus-channel-mapping-families, http-alt-svc-parameters, vnc-uri SLA Performance (January–June 2016)

• Processing goal average for IETF-related requests: 98.5%
• The 2016 SLA between ICANN and IAOC for the protocol parameter work has been approved and signed.

IANA and DNSSEC

• As of 15 July 2016, 1221 TLDs have a full chain of trust from the root. http://stats.research.icann.org/dns/tld_report/.
• Ceremony 25 was executed successfuly on 12 May 2016.
• Ceremony 26 is planned for 11 August 2016. https://www.iana.org/dnssec/ceremonies/26

RFC Editor Activity since IETF 95 (April–June 2016) Published RFCs: 89

• 77 IETF (5 IETF non-WG), 1 IAB, 0 IRTF, 6 Independent

Improvements to the website based on community feedback. Stats project: testing completed, made preparations for install. Internal: made a number of small updates to make RPC data more accurate and efficient.]]> 1941 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-alissa-cooper/ Sun, 19 Mar 2017 06:47:55 +0000 https://www.ietfjournal.org/?p=2084 Began IETF participation: 2008 Current role: Incoming IETF chair Previous roles: Applications and Real-Time area director, IAB member Day job:  Fellow at Cisco Systems Favorite aspect of leadership: Influencing the future of the Internet I started participating in the IETF in 2008 and went to my first meeting at IETF 72 in Dublin. I was working at the nonprofit Center for Democracy and Technology (CDT) in Washington, DC, where my role was to explore and articulate the technical implications of policy. I worked on a number of issues there, including online privacy. In 2008, real-time applications were the focus of many of the consumer privacy issues of most interest to CDT. Initially, I focused on the Geopriv Working Group. I became a document author and then a cochair of the group. It was a busy time in Geopriv—many tough battles had already been fought concerning the design of the technology, but finishing the protocol suite required substantial effort. Over time, IETF work became a larger portion of my job responsibilities, as it was well aligned with my CDT work. In 2011, I was appointed to the Internet Architecture Board (IAB) and soon thereafter became the lead of the IAB’s Privacy Program. CDT was thrilled—they saw it as a huge honor that one of their own had been selected to serve in this capacity. In 2013, I joined Cisco, and in 2014, I joined the Internet Engineering Steering Group (IESG) as Applications and Real-Time area director (AD). I’ve tried to do my area director work approximately half-time and my day job half-time. I’m leaving the post because I’ve been appointed IETF chair beginning in March 2017—my new full-time role for the next two years. Leadership in the IETF offers exposure to a broad swath of Internet technology that most of us otherwise wouldn’t be able to justify spending our time learning and influencing. This is particularly true on the IESG, but also on the IAB. It’s incredibly enriching and highly beneficial because you’re able to make connections between your day job and things going on across the whole industry. IETF leadership also requires management skills of many kinds. You have to manage authors, your time, big community processes. It requires a lot of strategy and work in the background to achieve good outcomes. Many people do not realize the depth of the management education you get while serving in the IETF leadership. Lastly, you get to (try to) promote your vision of what the future of the Internet should look like. Everybody might not agree with you, but serving in the leadership gives you a platform to steer and influence. Cisco has been a big supporter of the IETF because it is deeply invested in the growth and stability of the Internet. Its customers like the idea that the products they buy from different vendors interoperate. Cisco enjoys having people in leadership positions dedicating a portion of their time to furthering interoperability and making sure that standards are keeping pace with other technological developments. In recent years, some IETF participants have encountered difficulty in trying to convince their employers about the value of the time commitment associated with IETF leadership positions. In reality, it is possible to balance your day job with an IETF leadership role— you set the parameters for how you manage your time. Lots of positions require a half-time commitment or less. Having a well-functioning IETF and an Internet that runs on secure, interoperable standards should be important to any large tech company at this point in history. If that model goes away, the options for how we replace it are all inferior. Hopefully the indirect benefits of supporting IETF leaders are obvious, but if not, current and past IETF leaders are available to explain the benefits. We have a big incentive to expand the population of people willing to take on leadership roles.]]> 2084 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-hackathon-improving-open-standards-through-open-source/ Sun, 19 Mar 2017 06:47:08 +0000 https://www.ietfjournal.org/?p=2087

Advance the pace and relevance of IETF work.

Attract young people and developers to the IETF.

Confirmation of the second goal was evident from the start of this Hackathon, as a show of hands indicated this was the first IETF experience for a few dozen participants and the first IETF Hackathon for many more. Evidence of achieving the first goal would need to wait until the results presentations at the end of the Hackathon.

Not Your Typical Hackathon

The IETF Hackathon is not a typical hackathon. Participants are motivated by a desire to improve the Internet rather than prize money. The spirit is collaborative rather than competitive. Participation is free and attending the IETF meeting that follows is not required. Individuals volunteer to “champion” projects related to IETF work, and teams form around these champions. The list of projects for this Hackathon were as follows:

• ACTN
• Capturing and analyzing network data features – Joy
• COSE/JOSE
• DNS/DPRIVE/DNSSEC/DANE
• Interface to Network Security Functions (I2NSF) Framework
• Interface to the Routing System (I2RS)
• LoRaWAN Wireshark dissector
• Multipath TCP
• PCE
• Service Function DevKit
• SFC
• TLS 1.3
• YANG/NETCONF/RESTCONF

One of the ways the Hackathon increases the pace and relevance of IETF work is via running code. Implementing evolving standards and producing running code validates the standards and highlights things that may be missing, wrong, or ambiguous in draft versions of these standards. Better still, if the code is open source, viewing and sharing the source code aids in understanding of a standard, makes it easier to use, and promotes its adoption. Open source projects that featured prominently this Hackathon included OpenDaylight, ONOS, VPP, Joy, and many others. For a list and brief description of the Hackathon projects, see the wiki at https://www.ietf.org/registration/MeetingWiki/wiki/97hackathon.

Winners and Winners

Despite a lack of big prize money, participants engage in friendly competition for bragging rights and first shot at a set of gadgets donated by sponsors. Teams present their results to a panel of judges, who have the difficult job of choosing winners. The winners and categories this round were as follows:

• Best Overall: Multipath TCP team

This team was composed of a set of professors and students from Ecole Polytechnique de Louvain in Belgium. Since some team members travelled to Seoul and others participated remotely from Belgium, the team had the benefit of working in shifts around the clock. .

• Best Input to a Working Group: ACTN team

The Abstraction and Control of Transport Networks (ACTN) team produced important feedback for both the Traffic Engineering Architecture and Signaling (TEAS) and Interface to Routing System (I2RS) Working Groups, and their code will become an upstream contribution to the ONOS project.

• Best Group Work: I2NSF team

The Interface to Network Security Function (I2NSF) team, powered by energetic professors and students from Sungkyunkwan University in South Korea, used RESTCONF and NETCONF together with YANG data models to implement network security services using OpenDaylight and mininet. In doing so, they validated the approach defined by the I2NSF Working Group.

• Best New Work to IETF: Service Function Dev Kit team and SFC team

The award was given to two separate teams that both did work related to Service Function Chaining (SFC). The first added support for Network Service Headers (NSH) to VPP and the Service Function Dev Kit, making it easier for developers to integrate with service function classifiers and forwarders. The second demonstrated hierarchical SFC with flow stateful classifier using OpenDaylight and intent based SFC with ONOS. Other teams had fantastic achievements, as well. All project presentations have been uploaded to https://datatracker.ietf.org/meeting/97/session/hackathon. One pervasive theme was the continued work involving YANG, NETCONF, and RESTCONF aimed at improving operations through automation. Benoit Claise, one of the operations and management area directors, posted a summary here: https://www.ietf.org/blog/2016/11/yang-quick-status-update-before-this-ietf-97/.

Join the Next IETF Hackathon!

The next IETF Hackathon will be at IETF 98 in Chicago, 25-26 March 2017. As always, participation is free and open to everyone. It is a great way to experience firsthand the far reaching work the IETF does and the people that make it happen. It invites open source communities to join the IETF and other standards organizations to improve the functionality, security, and operation of the Internet we all know and love. The stay up-to-date with all things related to past, present, and future Hackathons, including the opening of registration for the IETF 98 Hackathon, subscribe to hackathon@ietf.org.]]> 2087 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-fellowship-to-the-ietf-programme-march-2017/ Sun, 19 Mar 2017 06:45:58 +0000 https://www.ietfjournal.org/?p=2089 Harish Chowdhary (India) presented at two Birds of a Feather (BoF) sessions: DNSBUNDLED and another on implementation issues associated with internationalized domain names (IDNs). He also addressed the Internet Engineering Steering Group (IESG) on progress in India regarding IETF-related activities. Srimal Andrahennadi (Sri Lanka) entered into an agreement for partnership between Sri Lanka and India to develop an Internet of Things (IoT) research programme and deliver training for young IoT engineers. Eduardo Morales (Brazil) collaborated with Lee Howard, who provided input into updating his IPv6 teaching materials for NIC.br. Tariq Saraj (Pakistan) participated in discussions in the DPRIVE Working Group regarding the inclusion of authoritative name servers in future drafts. He also presented his thesis to the Working Group chair. Konstantine Karosanidze (Georgia) received assistance from IETF attendees to deploy the first root DNS server (K root by RIPE-NCC) in Georgia. He also built relationships with Working Group chairs and other individuals who are supporting him with an IXP deployment in Georgia. Please share this Fellowship opportunity with anyone you think is eligible. Applications open for the next three meetings as follows: IETF 99 (Prague, Czech Republic): Open now; IETF 100 (Singapore): 10 July; IETF 101 (London, United Kingdom): 30 October. Internet Society Fellows at IETF 97 in Seoul: (top row from left) Habtom Tesfaye (Ethiopia), Eduardo Morales (Brazil), Harish Chowdhary (India), Konstantin Karosanidze (Georgia), Raphael Rosa (Brazil), Ricardo Peláez-Negro (Colombia); (bottom row from left) Niel Harper (Senior Manager, Internet Society), Anissa Bhar (Tunisia), Cristhy Jimenez (Ecuador), Nomsa Mwayenga (Zimbabwe), Xiaohong Deng (China), David Gaamuwa (Uganda). Not pictured: Srimal Andrahennadi (Sri Lanka).]]> 2089 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-march-2017/ Sun, 19 Mar 2017 06:42:34 +0000 https://www.ietfjournal.org/?p=2092 Applied Networking Research Prize Winners By Mat Ford The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The ANRP awards presented during IETF 97 went to the following two individuals:

• Benjamin Hesmans for enabling applications to control how Multipath TCP transfers data. See the full paper at http://conferences2.sigcomm.org/co-next/2015/img/papers/conext15-final169.pdf.

• Olivier Tilmans for theFibbingarchitecture that enables central control over distributed routing. See the full paper at http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p43.pdf.

Hesmans and Tilmans presented their findings to the Internet Research Task Force open meeting during IETF 97. Their slides are available at https://www.ietf.org/proceedings/97/slides/slides-97-irtfopen-fibbing-central-control-over-distributed-routing-00.pdf and https://www.ietf.org/proceedings/97/slides/slides-97-irtfopen-towards-smart-multipath-tcp-enabled-applications-00.pdf. Thanks to Meetecho, audio and video from the presentations is also available at www.youtube.com/watch?v=mNL8bwotLMg (from 00:13:50). ANRP winners have been selected for all of the IETF meetings in 2017. The following winners will present their work at the IETF 98 meeting in Chicago:

• Yossi Gilad, a postdoctoral researcher at Boston University and the Massachusetts Institute of Technology. Gilad will present improvements to routing security using the “path-end validation” extension to the RPKI.

• Alistair King, an Internet Data Scientist at the Center for Applied Internet Data Analysis (CAIDA), SDSC, UC San Diego. King will present a framework to enable efficient processing of large amounts of distributed and/or liveBGPdata.

The call for nominations for the 2018 ANRP award cycle will open in mid-2017. Join the irtf-announce@irtf.org mailing list for all ANRP related notifications.]]> 2092 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-march-2017/ Sun, 19 Mar 2017 06:41:35 +0000 https://www.ietfjournal.org/?p=2094

Crypto Forum (CFRG)

Information-Centric Networking (ICNRG)

Network Function Virtualization (NFVRG)

Network Management (NMRG)

Network Coding (NWCRG)

Software Defined Networking (SDNRG)

Thing-to-Thing (T2TRG)

Human Rights Protocol Considerations (HRPCRG)

Measurement and Analysis for Protocols (MAPRG)

Internet Congestion Control (ICCRG)

In addition to the meetings of those already chartered RGs, the proposed Network Machine Learning Research Group (NMLRG) met. Since IETF 97, the SDNRG has closed. The IRTF Open Meeting received Applied Networking Research Prize presentations from Olivier Tilmans on the Fibbing architecture that enables central control over distributed routing, and Benjamin Hesmans for enabling applications to control how Multipath TCP transfers data. See the Applied Networking Research Workshop 2017 call for papers at https://irtf.org/anrw/2017/cfp.html. The paper submission deadline is 3 April 2017. The ANRW’17 is an academic workshop that provides a forum for researchers, vendors, network operators, and the Internet standards community to present and discuss emerging results in applied networking research. Sponsored by ACM SIGCOMM, the Internet Research Task Force (IRTF) and the Internet Society (ISOC), the workshop will take place Saturday, 15 July 2017, in Prague, Czech Republic, the venue of IETF 99 . To stay informed about these and other happenings, join the IRTF discussion list at https://www.irtf.org/mailman/listinfo/irtf-discuss.]]> 2094 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-march-2017/ Sun, 19 Mar 2017 06:40:51 +0000 https://www.ietfjournal.org/?p=2096 Bundled Domains (dnsbundled) Description: This BoF focussed on the challenges of fully mapping one domain name to another domain name. With the emergence of internationalized domain names and new TLDs, it is often useful to redirect one domain name tree fully to another domain name tree. Current DNS protocols do not provide good tools to satisfy these requirements. Proceedings: N/A Outcome: The proponents were unable to demonstrate a coherent set of problems or use cases. Several participants felt that this was work that had been proposed and failed before, due to lack of clarity and lack of due consideration to collateral damage caused by proposed solutions.

Bandwidth Aggregation for Internet Access (banana)

Description: This BoF discussed ways to take advantage of multiple access links provided by one or more access providers in cases where end nodes and applications may not be multi-access-aware. Use of multiple access links could provide bandwidth aggregation when multiple links are available (i.e., improved performance), and session continuation when a link becomes unavailable (i.e., increased reliability). Proceedings: https://www.ietf.org/proceedings/97/minutes/minutes-97-banana-00.txt Outcome: This was a non-WG forming BoF and, as such, provided an opportunity for participants to explore the problem space, identify and share requirements and challenges, and try to scope the work to something that isn’t already being done elsewhere and that is relevant to the IETF community. There was clearly energy and interest to continue working on some aspects of this problem space and discussion will continue on the mailing list to try to better scope the problem (or problems) that people want to work on.]]> 2096 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-97-at-a-glance/ Sun, 19 Mar 2017 06:39:53 +0000 https://www.ietfjournal.org/?p=2098

IETF 97 At–A–Glance

Onsite participants: 1,042 Remote participants: 238 Newcomers: 154 Number of countries: 52 Hackathon participants: 140+

IETF Activity since IETF 96 (17 July–13 November 2016)

New WGs: 6 WGs closed: 4 WGs currently chartered: 146 New and revised Internet-Drafts (I-Ds): 1419 RFCs published: 88

• 53 Standards Track, 3 BCP, 3 Experimental, 29 Informational

IANA Activity since IETF 96 (July–October 2016)

Processed 1281+ IETF-related requests, including:

• Reviewed 95 I-Ds in Last Call and 91 I-Ds in Evaluation
• Reviewed 94 I-Ds prior to becoming RFCs, 51 of the 94 contained actions for IANA

Added two new stand-alone registries since IETF 96 (July–October 2016): iodef2, clue SLA Performance (May–October 2016)

• Processing goal average for IETF-related requests: 99.6%
• The 2017 SLA between ICANN and IAOC for the protocol parameter work is being drafted for review and approval.

IANA and DNSSEC

• As of 9 October 2016, 1351 TLDs have a full chain of trust from the root. http://stats.research.icann.org/dns/tld_report/.
• Ceremony 26 was executed successfully on 11 August 2016. Ceremony 27 was executed successfully on 27 October 2016.
• Ceremony 28 is planned for 2 February 2017. https://www.iana.org/dnssec/ceremonies/28.

RFC Editor Activity since IETF 96 (July–October 2016)

Published RFCs: 91

• 71 IETF (8 IETF non-WG), 2 IAB, 4 IRTF, 6 Independent

Improvements to the website based on community feedback; expect launch of live version prior to IETF 98. Website to document coding projects based on IETF specifications has been renamed CodeStand. (See page 9 for more information about CodeStand.)]]> 2098 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-march-2017/ Sun, 19 Mar 2017 07:04:52 +0000 https://www.ietfjournal.org/?p=2054 th meeting in the bustling city of Seoul, South Korea. In this issue of the IETF Journal we provide a snapshot of some of the proceedings that made this another great meeting. Our cover article is a manifesto of why Internet-enabled businesses should care about the open standards and open source communities. We present the first two of a series of interviews with IETF leadership, in this case outgoing IETF chair Jari Arkko and his successor Alissa Cooper. Also in this issue, you’ll learn about CodeStand, a new initiative that matches developers with coding projects related to IETF activity. We have several Working Group and BoF updates, a summary of the pre-IETF Hackathon, and an article about the Internet Society briefing panel on the topic: The I in IoT: Implications for a Global Open Internet. Our regular columns from the IETF, IAB, and IRTF chairs, and coverage of the IAB technical plenary wrap up the issue. We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hard copy or email editions at https://www.internetsociety.org/form/ietfj.]]> 2054 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/nothing-to-hide-everything-to-gain/ Sun, 19 Mar 2017 07:03:39 +0000 https://www.ietfjournal.org/?p=2057 shouldn’t care about the open communities. A common objection to working in the open communities often voiced by providers runs something like this: Isn’t the entire point of building a company around data—which ultimately means around a set of processing capabilities, including the network—to hide your path to success and ultimately to prevent others from treading the same path you’ve tread? Shouldn’t providers defend their intellectual property for all the same reasons as equipment vendors? To form an answer, it’s important to begin by differentiating between ownership and secrecy. For any technology or innovation, there are two questions that need to be asked:

• Should we own this?
• Should we keep this a secret?

The questions are interrelated, but not identical. Ownership is generally related to controlling your own future. Specifically, owning your architecture means the ability to intertwine your network and your business in a way that leads to competitive advantage. In contrast, handing your architecture to a vendor (almost always) means sharing their business goals with yours in some (not always obvious) way. On the other hand, secrecy is generally related to controlling the ability of others to use your innovations to compete with you. To rephrase the second question for the open communities: Isn’t pushing modifications to an open source project or your ideas to the open standards community ultimately assisting potential competitors (new or established) in their efforts to build a bigger, better, faster network? With the questions clarified, there are two lines of argument for active participation in the open communities—for providers, vendors, and individual engineers. The first line of argument might be called altruistic, the second might be called opportunistic. And they are more closely intertwined than they might first appear. First, every network engineer in the world should recognize that we are all “standing on the shoulders of giants.” The folks who did the initial work of defining the protocols that run the Internet and all of our networks, today, didn’t just live off government funding. They built the companies that put their inventions into practice. From optics to protocols, these people didn’t just invent things, and they didn’t just build them—they built companies that capitalized on those inventions. In other words, they not only made themselves wealthier, they made the world wealthier, as well. At both a personal and corporate level, then, we need to offer our shoulders to future generations just as past generations have offered theirs to us. This means, in part at least, supporting open standards and open source as a natural part of building the products and companies we build now. Failing an actual, conscious effort at building something larger than our companies and our careers, the Internet itself is far too likely to fall to the tragedy of the commons. Imagine an average village in the primarily agricultural times just a few generations ago. In each village, there would have been a green, a space shared by all to play games or hold town meetings or to hold a market. Now imagine that either one person or a small group of people in the village decide to take advantage of the “free land,” building a permanent market in the space. The entire village has lost much to the gain of a few, but there’s little that can be done. The commons are there to be used by anyone, after all. We, as individuals and companies, want to make use of the commons—but we also need to expand the commons, lest they become ruined and the economic good they do for all, including ourselves, is removed to history. The commons of the digital world are not just the media we all share, but also the standards, source code, processes, and knowledge we have developed around building networked systems to solve problems at scale. There is another point to be made: where and how are the next generation of engineers going to learn to build networks at scale? If we abandon the commons the open communities represent, how will we build the engineers we need to expand the scope and scale of our companies and the Internet? Perhaps these altruistic arguments will fall flat to some section of readers—“that’s all well and good, but I’m in business to make money, not to make the world a better place, and I don’t believe the tragedy of the commons will ever really happen.” Even if the counterargument is true—there is another way to turn the argument. Participating not only helps the community, it supports the creation of the products on which your company relies. Consider the automotive market. What would have happened if there had never been, if there weren’t today, people who take their cars out on their driveways and tinker with them? How many inventions would not have been invented, how many improvements left to the wayside? Would we still be able to buy a car in any color we want, so long as it is black? The point is this: open communities are not only a place for creating, but also grounds for competing. The existence of the commons provides a basis for the competition that makes every piece of networking gear we buy better designed, better supported, and less expensive. When a market becomes fragmented enough that you either buy a single vendor or walk away, the market will no longer be useful for building the large-scale networks we use to build businesses. In the end, supporting open source and open standards reduces operator’s costs by increasing choice. Of course, the numbers here are impossible to quantify; perhaps something more concrete is needed to convince providers to participate. For those who are still not convinced of the value of the open community, let me provide one more line of argument. Returning to the automotive market, suppose you were in the business of building a large delivery company. To build such a business, you need delivery vehicles. So you examine every delivery vehicle available and finally conclude that what you need to make your operations efficient doesn’t yet exist. What are your options at this point? One way might be to wave millions of dollars of contracts in front of a manufacturer. This would only get you so far, however, for there are competing customers, perhaps even regulatory agencies, that must be persuaded to allow the vehicle you’re convinced you need to be built. But what if you were to work with other customers to develop a common core of features to which each of you could add, and around which you could all work with manufacturers and regulatory agencies to build the vehicle you need to build your business? This common effort is precisely the open communities in the networking industry. Providers who participate in shaping open standards and open source not only help sway the market in their direction, they help build the foundations on which their businesses can be built. Further, the existence of the open community helps reduce dependence on any single vendor, thereby encouraging independence, which then feeds back into owning your own architecture. To return to the initial question, of course there are things any provider will want to “hold back,” to not share with the larger community. There is no definite line to be drawn in deciding what to hold back for business reasons, and what to share; any such line is likely to shift over time and space in ways that are hard to define. But “difficult to define” doesn’t mean “doesn’t exist.” Several questions might be helpful in this realm, including:

• Does this technology represent my core business?
• Is there the chance that sharing this technology will lead to enhancements that will accelerate my ability to build a great product? This is difficult to judge, because there is no way to know what sort of community might form in any specific case or what gains might be made.

While the answers to these to questions may not be simple, we suggest tilting them in favor of the open communities rather than against. For instance, in the content provider space, the algorithms used to process data to produce the experience and information customers want would seem to be closer to the core of the business than how to build a network. The long-standing ability of the open communities to improve on—and even revolutionize—ideas, adding value far above the investment, should convince every engineer and every company that relies on large scale networks of the open path.]]> 2057 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-march-2017/ Sun, 19 Mar 2017 07:03:17 +0000 https://www.ietfjournal.org/?p=2059 Huawei, cohosts the China Internet Network Information Center (CNNIC) and the Korean Internet & Security Agency (KISA), and a long list of sponsors. Thank you for your support! The topic of the meeting was, of course, Internet tech and its evolution. The two most active discussion topics were (1) the increasingly serious denial-of-service attacks that we are seeing, and (2) the development of a new transport protocol, QUIC, as an alternative to TCP and TLS and especially being more optimized for HTTP/2 usage. The most recent denial-of-service attacks involved a number of compromised Internet of Things devices attacking DNS infrastructure. The Internet Architecture Board (IAB) organized a discussion of these attacks as an example of a more general concern: the addition of millions of new hosts has the capability to overwhelm the Internet infrastructure when those hosts misbehave. There are ways to mitigate the attacks, but not without impacts in other ways, such as finding it necessary to deploy your services on large providers. At the very least, I think it would be beneficial for the IETF community to continue to call attention to folks that the minimum bar, when introducing a large number of devices (or any device) to the Internet, includes things like automatic software updates and avoiding default passwords. I used to think this was so obvious that it needn’t be said, but I’m not so sure anymore. Nevertheless, the area for us to have an impact is improving defense and mitigation mechanisms. See a video of the session at https://www.youtube.com/watch?time_continue=3715&v=qPaaRaNxIY4. The IETF recently chartered a Working Group to specify QUIC (Quick UDP Internet Connections). This new protocol combines the TCP and TLS layers, is typically implemented in user space rather than kernel space, and aims for faster connection setups using resumption, integrated security, and capabilities to evolve the protocol faster (not being in the kernel). A previous version of the protocol, already in use at Google, was taken as a starting point for discussion in the Working Group. I’m quite excited about this development, and eager to see where it takes us, and it seems that I’m not alone—the QUIC room was completely full. Once again, the IETF Hackathon was running the weekend before the IETF. It was outstanding to see large student groups among the participants. A student team from SungKyunKwan University worked on the Interface to Network Security Functions (I2NSF) framework, for instance. They even had jackets made for the event! There was also a second large student team—on the other side of the world! The team from Université Catholique de Louvain worked on Multipath TCP, but much of their team did their work from back home in Belgium. Videos from IETF 97 sessions, interviews, and so forth are available as a YouTube playlist at https://www.youtube.com/playlist?list=PLC86T-6ZTP5gtLuoSjpTGO_mS5Ly2pfIS. The official proceedings with slides, minutes and everything else can be found at https://datatracker.ietf.org/meeting/97/proceedings. See also the blog post on routing area outcomes from IETF 97 at https://www.ietf.org/blog/2016/12/reflections-on-the-routing-area-after-ietf-97/, and the blog post from Srimal Andrahennadi from his experiences in participating as an Internet Society Fellow at the IETF at https://blog.apnic.net/2016/12/14/ietf-97-fellowship-experience/. In addition to the Internet Society Fellows, a number of other gatherings happen during the week. The Internet Society also runs a Policy Fellows programme, with participants from regulators, governments, and other policy makers who do not usually attend technical conferences. Contact Konstantinos Komaitis at the Internet Society if you want to participate in this programme. The IEPG meeting on Sundays is a discussion among network operators. And the Systers Lunch gathers the women participants. Contact Allison Mankin at allison.mankin@gmail.com if you’d like to join them. See you in at IETF 98 in Chicago!]]> 2059 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-march-2017/ Sun, 19 Mar 2017 07:02:44 +0000 https://www.ietfjournal.org/?p=2061 Looking Back IETF 97 was my last meeting as Internet Architecture Board (IAB) chair and IETF 98 will mark the end of my time on the IAB. From the start of my appointment, I hoped to achieve three things. The first was to strengthen the IAB’s programs in relation to Internet architecture. The second was to sort out the IAB’s role in the IETF’s relationship with other organizations—what I sometimes describe as being the “foreign office” of the IETF. The third was to try to root out traces of the “great person” theory of IETF leadership. Now is a chance to reflect on how well that all worked.

Architectural Oversight and Programs

The IAB organizes its long-term work into programs. Since the IAB is unlikely to have experts on everything, programs give the IAB a way to call on outside expertise when the organization needs it. In addition, programs enable an IAB member to engage with work that the IAB starts, even if that work might extend past the end of the member's term. While not every program is about architecture, the IAB should organize its architectural efforts into programs. Perhaps inevitably, architectural programs have sometimes worked better in theory than in practice. In my view they work well when there is at least one and preferably more than one IAB member highly engaged with the work of the program. In that case, it can be an effective amplifier of that interest and a way to get the IAB to contribute something useful to architectural discussion. But the IAB can sometimes keep alive a program that is not really working. Often, this is because the IAB recognizes that the topic is one that has big implications for the IETF, but either does not have any members with an abiding interest in the topic or does not have enough participants with enough time to engage with the program’s needs. Over the course of my tenure, we did make some improvements in this area. We managed to close or reconstitute some programs that were no longer producing results. We increased the frequency of program reviews, and attempted to ensure that program leads were fully engaged by asking them to produce topics for the IETF technical plenary or Birds-of-a-Feathers (BoFs). But some programs floundered, and the floundering ones appear to be the ones least likely to schedule themselves for review. Setting up a new program if there is energy is not hard. And, unlike IETF Working Groups, there is no particular procedural advantage to keeping a program around to “tidy up”. This suggests that the IAB might be better served by aggressive closing of programs on the principle that it is bad for the IETF to offer to do work and not complete it.

The IETF Foreign Office

When I was appointed to the IAB, I thought we needed to tease apart the roles of the IAB and the Internet Engineering Steering Group (IESG). I believed the increasing external profile of the IESG and the IETF chair was risky for the IETF because of the role of the IESG in declaring IETF consensus. We have a hard time explaining rough consensus anyway, and there is some danger that people will mistake “IETF leadership” for people who are in control. For better or worse, the Internet Assigned Numbers Authority (IANA) stewardship transition that happened during my IAB tenure gave me immediate exposure to the relationship between outside organizations and the IETF. It changed my mind about the “foreign office” approach. However we might like to organize ourselves and our work, most organizations are used to dealing with one another through the leadership. So, they want to talk to our leadership, even though our leaders are not really in control. We can either spend a lot of energy trying to change the way others understand us, or we can ignore the mismatch and try to achieve our more important goals. I have come around to the view that the second is more valuable.

The Community Is the Leadership

If our relationship to other organizations needs to conform to convention, then we must ourselves ensure that we do not allow that conventional mode of thinking to undermine our own ways of working. It is important that our leadership does not misunderstand itself as having control. One way of promoting that kind of thinking is to try to reduce the importance of the IAB chair and instead spread that work around. We have tried to do that. Communications from the IAB do not always come from the chair, but instead are sent by whichever IAB member leads the work in question. We separated from the chair some tasks that had previously come with the job, such as that of stream manager for the IAB’s RFC stream. And, of course, the continued emphasis on programs means that there are more opportunities for the IAB to reflect views from outside itself. There is still more to do here, however. Most worrisome to me is the linking of membership in the IETF Administrative Oversight Committee (IAOC) and the IETF Trust with the position of IAB chair. Not everyone who is chosen for IAB chair is likely to be the best candidate to work on issues for the IAOC or the IETF Trust. Because of the IANA stewardship transition, the Trust is more important than it used to be, and has a greater outward role than it originally had. I hope and trust that the “IASA 2.0” effort that the IETF has started will, among other things, permit greater flexibility in how those roles are filled.

Gratitude

In closing, I thank those who have been my colleagues on the IAB, and especially those who put their confidence in me by selecting me as their chair. I also thank my employer, Dyn, particularly for its steadfast support during the period when the IANA stewardship transition took much more time and work than forecast. And I thank the community for recommending me to the Nomcom for appointment and for the good counsel I received so often during my tenure. I am honoured to have served; I hope I have served you well.]]> 2061 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/internet-society-panel-the-i-in-iot-implications-for-a-global-open-internet/ Sun, 19 Mar 2017 07:02:02 +0000 https://www.ietfjournal.org/?p=2065 2065 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/codestand-connect-network-and-support-in-one-location/ Sun, 19 Mar 2017 07:01:47 +0000 https://www.ietfjournal.org/?p=2068 How It Works The tool (https://CodeStand.ietf.org) is linked with Datatracker. Opportunities to develop code for drafts or standards are listed as CodeRequests, which are established by a sponsor or mentor. Software developers can create projects and link them to a CodeRequest that already exists or, if no CodeRequest is available for those documents, developers can create a new project referencing the appropriate IETF standard(s) or I-Ds in development. Software projects themselves are maintained externally to the IETF CodeStand site, either in code repositories (e.g., GitHub, SourceForge) or the tool of choice for that organization. CodeStand will provide a link to the project descriptions for proprietary implementations or the code repository for open source projects. Licensing and intellectual property rights related to the code are provided by the project owner in their external code repository or description page.

How to Contribute

If you are an active IETF participant and are willing to mentor a software developer (as an author or supporting an existing document), create a CodeRequest volunteering yourself as the mentor. With your Datatracker user and password, log into CodeStand, and select “New Code Request” at the bottom of the Code-Requests list. If you’re a software developer and not yet a Datatracker user, create an account in Datatracker (https://datatracker.ietf.org/), log into CodeStand, and look for an appropriate CodeRequest. If there is no CodeRequest available to link your project, list all projects and select “New Project” at the bottom. Give CodeStand a spin! See how its combination of IETF standards and open source software development can help you. Championing a project in an IETF Hackathon? Consider creating a CodeRequest to both get the word out and provide a home for the developed code beyond the single Hackathon. If you already have a CodeRequest in CodeStand, why not champion a project for it in the next IETF Hackathon?]]> 2068 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/iab-panel-explores-causes-potential-remedies-for-massive-ddos-attack/ Sun, 19 Mar 2017 07:00:37 +0000 https://www.ietfjournal.org/?p=2070 2070 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-microwave-modelling-at-ccamp/ Sun, 19 Mar 2017 07:00:03 +0000 https://www.ietfjournal.org/?p=2072 microwave) technologies are becoming critical for radio access networks. These technologies are able to support cost-efficient delivery  with the best possible network performance and quality of experience. The main application for microwave is backhaul for mobile broadband. Today’s microwave can fully support the capacity needs of backhaul in a radio access network. It is expected to evolve to support multiple gigabits in traditional frequency bands and beyond 10 Gbps in the millimeter wave. Layer 2 (L2) packet features are normally an integrated part of microwave nodes and more advanced L2 and L3 features will be introduced over time to support the evolution of transport services that will be provided by a backhaul/transport network. In order to achieve operational support of  seamless multilayer networking and automated network-wide provisioning and operation, there is the need for the unification of the control and management of microwave and millimeter wave radio link interfaces with the control and management of L2 and L3 capabilities. To that end, the Common Control and Measurement Plane (CCAMP) Working Group (WG) established a Microwave Design team and challenged it with defining a unified YANG data model for microwave and millimeter radio links. The team aims to provide a standardized management model that:

• aligns with how other packet technology interfaces in a microwave/millimeter wave node are modeled,
• supports core parameters, and
• allows for optional product/feature-specific parameters that support new, innovative features until they are mature enough to be included in a standardized model.

Currently, numerous IETF data models, Request for Comments (RFCs) and Internet-Drafts (I-Ds) comprise technology-specific extensions that cover a large part of the packet domain. Examples include IP Management [RFC 7277] and Routing Management [RFC 8022], which are based on RFC 7223, the IETF YANG model for interface management and an evolution of the SNMP IF-MIB [RFC 2863]. Since microwave nodes will contain more and more packet functionality that will then be managed using those models, advantages exist if radio link interfaces can be modeled and managed using the same structure and the same approach. This is particularly true for use cases in which a microwave node is managed as one common entity, which includes both the radio link and the packet functionality. All interfaces in a node, irrespective of technology, are then accessed from the same core model (RFC 7223) and can be extended with technology-specific parameters in models that augment the core model. There will always be certain implementations that differ among products. So it is important to focus on those parameters required to support the applicable use cases for centralized, unified, multivendor management, and to allow other parameters to be optional or to be covered by extensions to the standardized model. The Microwave Design team seeks consensus both within the industry and with other standards development organizations (SDOs) around one common YANG model, with respect to the use cases and requirements to be supported, the type and structure of the model, and the resulting attributes to be included.

Characteristics of the Model

Definition of the YANG model has begun and a second version of the draft was published on 23 December 2016. The model uses the structure of the IETF’s Radio Link Model as its starting point, as that model provides the desired alignment with RFC 7223. For the definition of the detailed leafs/parameters, the model uses both the Radio Link Model and the Open Network Foundation’s (ONF’s) Microwave Model as its basis, plus includes new ones to cover identified gaps. The parameters in those models have been defined by both operators and vendors within the industry, and implementations of the ONF Model have been tested in proof-of-concept events in multivendor environments, thereby demonstrating the validity of the approach used. The model also includes data nodes to describe the interface layering for the capacity provided by a radio link, as well as the associated Ethernet and time-division multiplexing (TDM) interfaces in microwave nodes. The model includes support for configuration of microwave specific alarms, but relies on generic models for notifications and alarm synchronization. The same approach is chosen for the general functionality for physical/equipment inventory, which is not supported by the microwave model and instead relies on generic models.

Key Concepts of the Model

Carrier termination is an interface for the capacity provided over the air by a single carrier. It is typically defined by its transmitting and receiving frequencies. Radio link terminal is an interface providing packet capacity and/or TDM capacity to associated Ethernet and/or TDM interfaces in a node. It also is used for setting up a transport service over a microwave/millimeter wave link. Figure 1 illustrates these carrier termination and radio link terminal concepts. Figure 1. Radio Link Terminal and Carrier Termination Figure 2 shows the overall structure of the model with radio-link-terminal and carrier-termination, plus three new containers that describe the relationship and interaction between the carrier terminations in more detail: radio-link-protection-groups, xpic-pairs, and mimo-groups. Figure 2. Overall Structure of the Model

Next Steps

The Microwave Design team created a draft of the unified YANG Data Model for microwave and millimeter radio link, draft-mwdt-ccamp-mw-yang, and it now seeks feedback from and anchoring with a broader industry audience.]]> 2072 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-lwig-building-minimal-yet-interoperable-ip-stacks-on-tiny-devices/ Sun, 19 Mar 2017 06:57:57 +0000 https://www.ietfjournal.org/?p=2076 Background Lower-power and constrained devices connected with lossy links are increasingly seen in today’s Internet. Ensuring that these devices are IP-capable is critical to avoiding a fragmented Internet. Before the LWIG WG, the IETF was working on lightweight IPv6 (6Lowpan WG, now continued by 6Lo), routing protocols (ROLL WG) and constrained application protocols (Core WG). This work has helped move constrained networks toward global interconnectivity (Figure 1). Figure.1 Light-weight Protocol Suite In addition to protocol design, there are various implementation challenges stemming from limited computational space, cost-efficient discovery and security, and low-power operation mode when building a minimal but compliant protocol stack. Sharing these implementation experiences can support interoperation, as well s the avoidance of engineering pitfalls.

LWIG Activities

LWIG started by classifying constrained devices by various aspects, including computing and power efficiency. This work has been summarized into the constrained network terminology document RFC 7228 [1], where the device capabilities are roughly classified into three categories: Class 0/1/2 respectively. Categories represent data/code size and range from very constrained (Class 0, <10 KB Data, <100 KB code size), constrained (Class 1, around 10 K data and 100 KB code), and less constrained (Class 2, 50 KB data and 250 KB code size). While this consensus was finalized three years ago, most terms are still useful in related WG conversations. An updated version of this document [2] is also available and under discussion within the group, which plans to include recent insights from the community on topics such as MTU size implications and lower-power WAN devices. When designing and implementing the stack on nonconstrained Internet devices, it is generally assumed that they are reachable (at least as the server role) and that the maintenance of the always-on connection by sending periodic keep-alive beacons are not too costly to be employed. But these assumptions cannot be taken for granted in a constrained environment, as tiny devices have been built duty-cycled and may switch to sleeping mode for the sake of power efficiency. The draft by Arkko et al. on building power-efficient CoAP devices for cellular networks [3] examines this issue and makes a number of recommendations. The key to enabling network applications on top of sleepy nodes is to inform the other participating nodes of the existence of the sleepy devices and the locations of their data through a discoverable delegator. While data delegation infrastructure has been specified by the CoRE-RD [4], limited support is available for the discovery of the resource directory or other registration services. Arkko et al.[4] point out that multicast discovery over cellular alike point-to-point link is not feasible, and they suggest a number of ways for such initial discovery, including manual configuration, manufacturer server hardwiring, delegated manufacturer server hardwiring, and common global resolution infrastructure. For those implementing their services over cellular devices, Arkko et al.’s draft is a must read. CoAP is an important component for constrained applications. Many open source projects are available, but seldom do they consider how to implement CoAP service in a cost-efficient way. Kovatsch et al. [5] provide lessons learned from implementing CoAP for tiny devices. This document covers many details of CoAP implementation that engineers usually encounter repeatedly but have not been covered by the specification. There are many insights shared, and the authors provide detailed recommendations on Message ID Usage, Duplication Detection/Rejection, Token Usage, (re)transmission state management, and foreseen optimization. One concrete example is about an insight and clever finding on the Token Usage in CoAP observation model. Instead of constantly polling the sensor device to fetch most updated information, CoAP enables an observer to register its interest in a certain resource and subsequently be notified with the most recent data representation, which is called observation model. The observation relationship, represented by URI, IP, Port and Token value (of the observer), is usually kept on the tiny sensors. However, CoAP supports duplicate registrations from one endpoint on the same URI with different Token values, which may add additional cost. Kovatsch et al. instead recommend to assign and reuse a dedicated token value space (8 bytes) for each observe relationship, by keeping four bytes constant and iterating the rest four byte space to avoid replay and spoofing attacks. This method not only saves resources to support CoAP observation, but also is protocol compliant. It is also recommended that retransmission buffers are assigned per observable resource instead of per observer (Section 3.3. [5]), which consequently saves additional state. Specific guidelines of power-efficient protocol design are discussed by Gomez et al. [6], who offer insights about broadcast and nonsynchronized transmissions consuming more than other Tx/Rx operations. If protocols must use these ways to collect information, reducing their usage by aggregating similar messages will help save power. What’s more, operations, such as retransmission management, duplicate detection, and observable conversation turn out to be both memory consuming and power inefficient. Reduction of such states in protocol design is a recommended way to be energy efficient. Security components are generally considered costly, but their absence is a huge risk. Valuable practical considerations and experiences are provided by Sethi et al. [7], who detail the available cryptography libraries and evaluate their performance in terms of execution time and memory footprint. This is an interesting document for implementers to reference before evaluating the computational cost of a relevant security solution. Most important, the authors positively conclude that with the help of an informed selection of algorithms and security protocol exchange, the additional cost (e.g., execution time and memory consumption) can be controlled so as to fit most application scenarios. In addition, Kivinen shares a very small IKEv2 initiator implementation in RFC 7815 [8]. The thinking is that a typical IoT device is deployed to communicate with only one server endpoint, so certain portions of the payload contained in the protocol exchange will be static and duplicate validations will be avoided by the minimal implementation. Kivinen also offers a list of optional payloads (e.g., multiple status notifications) that are only useful for multiple peer cases and can be ignored by such minimal implementation. The minimal initiator protocol described is interoperable with a full backend IKEv2 implementation and, therefore, is quite useful on tiny end points.

Conclusion

This article listed just some of the activities of the LWIG WG. Topics that were not covered here, but are taking place in the WG day to day, include minimal TCP, TLS and DTLS, ESP, and neighbor management implementation. Please drop by the group page at https://tools.ietf.org/wg/lwig to learn more. We are grateful to all contributors who are willing to share their experiences of crafting minimal implementations.

References

1. Bormann, C., Ersue, M., and A. Keranen, “Terminology for Constrained-Node Networks”, RFC 7228, May 2014. 2. Bormann, C., Gomez, C., “Terminology for Constrained-Node Networks”, draft-bormann-lwig-7228bis-00 (work in progress), 2017. 3. Arkko, J., Eriksson, A., Keranen, A., “Building Power-Efficient CoAP Devices for Cellular Networks”, draft-ietf-lwig-cellular-06(work in progress), 2016 4. Shelby, Z., Koster, M., Bormann, C., and P. Stok, "CoRE Resource Directory", draft-ietf-core-resource-directory-09(work in progress), 2016. 5. Kovatsch, M., Bergmann, O., and Bormann, C., “CoAP Implementation Guidance”, draft-ietf-lwig-coap-03 (work in progress), 2015. 6. Gomez, C., Kovatsch, M., Tian, H., and Cao, Z., “Energy-Efficient Features of Internet of Things Protocols”, draft-ietf-lwig-energy-efficient-06 (work in progress), 2017. 7. Sethi, M., Arkko, J., Keranen, A., Back, H., “Practical Considerations and Implementation Experiences in Securing Smart Object Networks”, draft-ietf-lwig-crypto-sensors-02 (work in progress), 2017. 8. T. Kivinen, “Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation”, RFC 7815, 2016.]]> 2076 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/grass-roots-collaboration-enterprise-data-center-operators-group/ Sun, 19 Mar 2017 06:49:27 +0000 https://www.ietfjournal.org/?p=2080 Activities at IETF 98 The first meeting of EDCO will be at IETF 98 in Chicago. We intend to have a Boot Camp on Saturday for our members (the Boot Camp is organized completely by volunteers and is not an official part of the IETF). We will provide members an overview of the IETF, discuss IETF terminology, the mentoring programme, the IETF application, as well as several drafts underway by EDCO members. We have designed the Boot Camp to be a space where people can come together as a cohesive group and learn about the IETF from our unique perspective. To promote networking and integration with IETF members, our members are invited to attend the Sunday newcomers’ sessions, if appropriate, as well as the educational sessions organized by the IETF EDU team and social events. We are coordinating with mentors from the IETF, as well as participating in the IETF Speed Mentoring programme so our members can meet as many experienced IETFers as possible. We will provide EDCO members with a schedule of WG sessions that they are invited to attend, as well as overviews of the WGs, drafts, and terminology for selected WGs. At the last coffee break of each day, we will offer a daily check-in. We believe that conversations among ourselves about how protocol changes will affect us and conversations with IETFers about activities going on in other parts of the world will prove valuable for the EDCO. Some call this the “hallway track”. In our experience, nothing can replace it. We want as many EDCO members as possible to physically attend IETF meetings.

Next Steps

In the future, as the membership of EDCO grows, we may form a trade organization. Ideally, we will work with experts to monitor the Working Groups and upcoming drafts and to provide an assessment of their impacts. In that scenario, members of EDCO will pay for a subscription to those reviews and to webcasts. We may also provide lab facilities so members can get hands-on experience with new protocols. All of this will take money. We want our group to grow organically. If, as our membership grows, members feel that expert reviews and labs are valuable, then we will take that direction. Alternatively, we could also stay a volunteer organization.

Benefits to the IETF

Having sophisticated users of the protocols from large enterprises is a benefit to the IETF. Enterprises are not the only users of the Internet protocols, but they are important ones. The business and government sector organizations, who are  members of EDCO, keep the governments and economies of the world running—and Internet protocols are critical to their functioning. Timely feedback from such users will only make IETF standards stronger. Some cite investments as high as $1 million per standard created. It may be impossible to calculate the real costs of creating an RFC, but one thing is certain: requirements from the people who will use the protocols in their business functions are priceless. For more information about EDCO, please contact Nalini Elkins at Nalini.elkins@insidethestack.com or Darin Pettis at dpp.edco@gmail.com.]]> 2080 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-jari-arkko/ Sun, 19 Mar 2017 06:49:03 +0000 https://www.ietfjournal.org/?p=2082 IETF leader: Jari Arkko Began IETF participation: 1996 Current role: Outgoing IETF chair Previous roles: Internet area director; IAB; cochair of Working Groups for the Extensible Authentication Protocol (EAP), EAP Method Update, and IKEv2 Mobility and Multi-Homing Protocol (MOBIKE) Day job: Senior expert at Ericsson Research Favorite aspect of IETF leadership: Observing Internet developments I had my first contact with the IETF in 1996. I was working at Ericsson on modem pools and access services. Some of what we wanted to build for our products needed standards so they could interoperate. I started working with AAA protocols and extensions, and later became chair of the EAP, EMU, and MOBIKE Working Groups. These were long-term efforts that I was heavily involved in. When I was first approached about the area director (AD) role, it didn’t sound like a feasible goal—but it grew on me. A few years later, I applied for the role and it turned out to be a perfect fit. I got to work on topics I really cared about, such as IPv6 transition techniques. And it was good for Ericsson because this is the layer where our products mostly were. I was an AD from 2006 to 2012—a little on the long side for the position. We say that four years is optimal because it takes about two years to learn the job. During that period, the IETF took up 50–100% of my time. Meanwhile, Ericsson benefitted from my advising them on where the technical pieces that we cared for were heading. I spent the year after my AD term on the the IAB [Internet Architecture Board] and already wondering if I wanted to be the IETF chair. I knew it would be a growing experience, perhaps even a scary challenge. I thought about it for a long time, and decided to go for it. I was IETF chair from 2013 to 2017. And this year things are changing again: I will remain at the IETF and contribute to it, and also again be on the IAB. I have benefitted tremendously from my role in the IETF—it’s been a privilege to witness Internet technology in the making. Plus, the nature of a leadership role in the IETF demanded that I see things in a broader way, talk with other companies, talk with lots of people with new ideas. It forced me to understand the bigger picture. I’ve also become personal friends with lots of people in the industry, a perk I’ve enjoyed a great deal. In a leadership role, you get the feeling that you are in the middle of important issues. As chair of one of the more active or high-profile working groups, you are doing things that are broadly visible and have an impact on the Internet. As IETF chair, I was witness to many interesting things. I am an engineer and have no interest in going into political matters. Yet observing the IANA [Internet Assigned Numbers Authority] transition was a wonderful experience, and I was glad to see how that played out. Being an IETF chair represents almost 100% of my efforts; although I spend a fair bit of time at Ericsson, too, where I share what is changing in the Internet and make sure the company considers that information. There have been many cases, including encryption changes, HTTP, and IoT technology, where Ericsson’s business was affected by what occurred at the IETF. The company appreciates the IETF team’s involvement and expertise on these topics. Are you thinking about applying for an IETF leadership position? Take the challenge! Expose yourself to new things. You’ll learn so much more—a benefit to both you as a person and your employer. Being a leader in the IETF has shown me that we can make a difference. We can make significant technical changes in the Internet and influence how it is administered. Yes, sometimes it is hard and takes a lot of effort, but isn’t that the exciting part?]]> 2082 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-dynamic-host-configuration/ Sun, 19 Mar 2017 06:56:47 +0000 https://www.ietfjournal.org/?p=2107 1 on 12 July 2001. But that can’t be the right date, as its first Request for Comments (RFC) is RFC 1531 from October 1993. Datatracker history for DHC² provides some clues, but the data appears incomplete: milestone updates go back to 2003, followed by a 13-year gap and two entries indicating that the WG was proposed and formed on 1 January 1991. If this is correct, it gives the WG an impressive 26 years of age—at least as old as the Web, whose creation is typically cited as either January (first public server available) or August (Sir Tim Berners-Lee announces the project to alt.hypertext newsgroup) 1991. However, there exists yet another clue that DHC is even older: the Active Working Group list on the IETF website³. While the page itself is a bit basic, the dates next to each WG name look like creation dates. And this page lists DHC’s creation as “1989-Apr-13”— almost 28 years ago. So what has the DHC WG been doing all this time? Its original goal hasn’t changed. It was created to configure hosts in a dynamic way and that’s what it has done. If you think about it for a moment, modern networks look completely different than when the work was started. A so-called large network in the late 80s would likely comprise approximately 100 desktop computers. There was no concept of mobility and work on IPv6 hadn’t really started. Much has changed and DHC has done its best to stay on top of the changing reality. In the process, the WG published 96 RFCs that defined, clarified, and improved various aspects of devices’ autoconfiguration. Devices, because it’s much more than just hosts nowadays. And that raises the question: is there anything else that DHC still needs to do?

DHCPv6bis

Like most IETF Working Groups, DHC prefers not to spend time on legacy technologies, such as IPv4, except in cases when it’s helpful with IPv6 transition. In DHC terms, this means that the WG is almost exclusively focused on DHCPv6. This core protocol (RFC 3315) was published in 2003. A lot has changed since then. Most notably, the ability for routers, not just hosts, to participate. Routers usually use prefix delegation (PD) mechanism (RFC 3633). Also, with recent changes in how networks are organized, the original assumptions no longer hold. The distinction between hosts and routers is blurred (if you use your phone as a hotspot or run virtual machines on your phone, is the phone still a host?), the perceptions of trust have changed (do you trust the hotspot in the coffee shop you visit to be legitimate?), and so have our expectations (wait a whole second when logging into a network?). The DHC WG is addressing some of these changing conditions via an initiative to republish the DHCPv6 specification. Today, this initiative represents the WG’s primary focus. A design team formed in 2013 took the original RFC (fun fact: it was in nroff format); cleaned it up; took all the erratas, corrections, and changes that had been introduced (e.g., RFC 7550, which improved several stateful issues); and published updated versions⁴. The work is organized around a dedicated issue tracker⁵. The document went through a very successful WG Last Call (WGLC) in 2016, in which nearly 300 independent comments were received. The design team holds biweekly meetings with a public spreadsheet on Google docs and an intermediate draft text in a public github repository. Remaining comments are expected to be addressed and presented during IETF 98 in Chicago. The intention is to publish the document as a Draft Standard RFC and advance it to Full Standard some time later.

Privacy and Security

The notion of security has also radically changed over the years. Both Edward Snowden’s revelations and RFC 7258 prompted many Working Groups to reevaluate certain mechanisms that can be used for pervasive monitoring and other attacks on privacy. In addition, the way people use modern networks has changed. Visiting a coffee shop that you know nothing about seems to be a more common use case nowadays than having your device plugged into a wired network, of which you personally know the admin. DHC spent a considerable amount of time going through mechanisms and options of both DHCPv4 and DHCPv6 with the goal of finding out which of them can be used to track devices and users. As a result, a recommendation called anonymity profile has been published in RFC 7844, which recommends certain changes for clients who want to protect their privacy. Clients who implement that recommendation do not reveal anything of use about themselves and don’t use any long-lived identifiers that could be used to track them. At the same time, there are deployment models where almost the opposite is true: in certain deployments clients want to prove their identity to the network and verify that the network is really what it claims to be. Security and preventing pervasive monitoring is of great concern to all, and the lack of security (encryption and authentication) has been a long-standing issue with DHCP as it is used to connect to many networks. This work⁶ started in late 2013 and has had several restarts after review by the Internet Engineering Steering Group (IESG). The current document provides for encrypting client/server interactions. The work is expected to undergo WGLC in the near future, and hopefully it will have another attempt at IESG approval.

Going Forward

DHCPv6 is an extensible protocol with roughly 10 new options being defined every year. Most of those options convey new parameters that the server is expected to deliver to the clients—they do not change how the protocol operates. As such, more and more option definitions work is being conducted outside of DHC in dedicated groups that comprise subject matter experts, who can better verify the actual content of those parameters. In May 2014, DHC published RFC 7227, which provides guidelines for authors who work on new options. Nevertheless, there are several extension mechanisms being discussed that are specific to the protocol, so they belong to DHC. Defining YANG models, providing DHCPv6 failover, and tweaking how relay agents are operating are just some of the examples currently being worked on⁷. You might ask: is the DHC going to wrap up anytime soon? When current chairs Bernie Volz and Tomek Mrugalski took over from Ted Lemon, Lemon made a comment that the group had maybe five years of work left. He then promptly added that when he stepped in, the outgoing chair made the same comment. And who knows? Perhaps Volz and Mrugalski will pass that same prediction to their successors. ¹ https://www.ietf.org/mail-archive/web/dhcwg/current/mail402.html. ² https://datatracker.ietf.org/wg/dhc/history/. ³ https://tools.ietf.org/wg/. ⁴ https://tools.ietf.org/html/draft-ietf-dhc-rfc3315bis. ⁵ http://tools.ietf.org/group/dhcpv6bis/. ⁶ https://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-20. ⁷ https://datatracker/wg/dhc/documents and https://datatracker.ietf.org/wg/dhc/charter/.]]> 2107 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/palabras-del-editor/ Wed, 03 May 2017 14:31:01 +0000 https://www.ietfjournal.org/?p=2176

Por Mat Ford A COMUNIDAD SE REUNIÓ PERSONALMENTE PARA EL IETF 97 EN LA CIUDAD DE SEÚL, Corea del Sur. En este número del IETF Journal ofrecemos una instantánea de algunos de los acontecimientos que hicieron que esta fuera otra reunión muy especial. Nuestro artículo de portada es un mani esto de por qué a los negocios centrados en Internet deberían importarles los estándares abiertos y las comunidades de código abierto. Presentamos las dos primeras de una serie de entrevistas con el equipo de dirección del IETF: Jari Arkko, Chair saliente (página 20), y su sucesora Alissa Cooper (página 21). En este número también aprenderá sobre CodeStand, una nueva iniciativa que acerca a diferentes desarrolladores y proyectos de programación relacionados con la actividad del IETF (página 9). Incluimos varias actualizaciones de BoF y grupos de trabajo, un resumen sobre el Hackathon previo al IETF (página 22) y un artículo sobre el panel informativo de la Internet Society, “La I de la IoT: Impli- cancias para una Internet abierta” (página 7). El número se completa con nuestras columnas habituales de los presidentes del IETF, el IAB y el IRTF, además de la cobertura del Plenario Técnico del IAB. Estamos enormemente agradecidos a todos nuestros colaboradores. Si tiene algún comentario o suge- rencia, por favor envíelos a ietfjournal@isoc.org. Para recibir la edición en papel o la versión digital de esta publicación, suscríbase en https://www.internetsociety.org/form/ietfj.

]]> 2176 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-modelado-de-microondas-en-ccamp/ Tue, 04 Jul 2017 16:31:11 +0000 https://www.ietfjournal.org/?p=2193

Por Jonas Ahlberg, Daniele Ceccarelli y Fatai Zhang LAS TECNOLOGÍAS DE MICROONDAS Y ONDAS MILIMÉTRICAS (EN ADELANTE denominadas colectivamente microondas) son cada vez más críticas para las redes de acceso por radio. Estas tecnologías pueden soportar una entrega rentable con el mejor rendimiento y calidad de experiencia de redes posibles.

La principal aplicación para las micro- ondas es el transporte (backhaul) para banda ancha móvil. La tecnología de microondas de hoy puede soportar ple- namente las necesidades de capacidad de transporte de una red de acceso por radio. Se espera que evolucione para soportar múltiples gigabits en bandas de frecuencia tradicionales y más allá de los 10 Gbps en la onda milimétrica. Las carac- terísticas de los paquetes de la capa 2 (L2) generalmente son una parte integrada de los nodos de microondas, mientras que las características más avanzadas de L2 y L3 se introducirán con el transcurso de tiempo para soportar la evolución de servicios de transporte que se proporcionarán mediante una red de backhaul/transporte. Para lograr soporte operativo para redes de múltiples capas transparentes y apro- visionamiento y operación automatizados en toda la red, es necesario uni car el control y la gestión de las interfaces de los radioenlaces de microondas y ondas mili- métricas con el control y la gestión de las capacidades de L2 y L3. Con este n, el Grupo de trabajo CCAMP (Common Control and Measurement Plane, Plano común de control de medición) esta- bleció un equipo de diseño de microondas y le planteó el desa ó de de nir un modelo de datos YANG uni cado para los radio- enlaces de microondas y ondas milimé- tricas. El equipo tiene como objetivo ofrecer un modelo de gestión estandarizado que: • se alinee con la forma en que se modelan otras interfaces de la tec- nología de paquetes en un nodo de microondas/ondas milimétrica,

• soporte los parámetros básicos, y • permita parámetros opcionales es- pecí cos para ciertos productos o ciertas características y que soporten características nuevas e innovadoras hasta que estén lo su cientemente maduras como para su inclusión en un modelo estandarizado. Hoy en día numerosos modelos de datos, solicitudes de comentarios (RFCs) y bo- rradores de Internet (I-Ds) del IETF com- prenden extensiones especí cas para una tecnología que abarcan gran parte del dominio de los paquetes. Entre los ejemplos se pueden mencionar la RFC 7277 (Gestión de IP) y la RFC 8022 (Gestión de enrutamiento), que se basan en la RFC 7223, el modelo YANG del IETF para gestión de interfaces y una evolución de SNMP IF-MIB [RFC 2863].

Dado que los nodos de microondas tendrán cada vez más funcionalidades de redes de paquetes que luego se gestionarán utilizando estos modelos, el hecho de que las interfaces de los radioenlaces se puedan modelar y gestionar utilizando una misma estructura y enfoque representa una ventaja. Esto es particularmente cierto cuando un nodo de microondas es ges- tionado como una entidad común, que incluye tanto el radioenlace como las fun- ciones de paquetes. Independientemente de la tecnología, a todas las interfaces en un nodo luego se accede desde el mismo modelo central (RFC 7223) y todas ellas se pueden extender con parámetros especí cos de la tecnología en modelos que amplían dicho modelo central. Siempre habrán ciertas implementaciones que di eran entre diferentes productos. Por lo tanto, es importante enfocarse en los parámetros requeridos para soportar los casos de uso aplicables para una gestión centralizada, uni cada y multifabricante y también para permitir que otros parámetros sean opcionales o estén cubiertos por extensiones del modelo estandarizado. El equipo de diseño de microondas busca lograr consenso dentro de la industria y con otros organismos de normalización en torno a un modelo YANG común, con respecto a los casos de uso y requisitos a soportar, el tipo y la estructura del modelo y los atributos resultantes a incluir. Características del modelo La de nición del modelo YANG ya ha co- menzado y el 23 de diciembre de 2016 se publicó una segunda versión del borrador. El modelo utiliza como punto de partida la estructura del modelo de radioenlace del IETF, dado que dicho modelo ofrece la alineación deseada con la RFC 7223. Para la de nición de los parámetros/hojas detallados, el modelo utiliza como base el Modelo de radioenlace y el Modelo de microondas de la fundación Open Network Foundation (ONF) y además incluye nuevos modelos para cubrir los vacíos identi cados. En estos modelos, los pa- rámetros han sido de nidos dentro de la industria por operadores y fabricantes. También se han realizado pruebas de implementaciones del Modelo ONF en eventos de demostración conceptual en entornos multifabricante, demostrando así la validez del enfoque utilizado. El modelo también incluye nodos de datos para des- cribir la disposición en capas de la in- terfaz para la capacidad proporcionada por un radioenlace, además de las interfaces Ethernet y TDM (multiplexación por división en el tiempo) asociadas en los nodos de microondas.

El modelo incluye soporte para la con- guración de alarmas especí cas para microondas pero se basa en modelos ge- néricos para las noti caciones y la sincro- nización de alarmas. Para la funcionalidad general del inventario físico y de los equipos se escoge el mismo enfoque, que no es so- portado por el modelo de microondas y en cambio se basa en modelos genéricos. Conceptos clave del modelo Un punto de terminación del proveedor (carrier termination) es una interfaz para la capacidad proporcionada por aire por un único proveedor. Generalmente se de ne por sus frecuencias de transmisión y re- cepción. La terminal de radioenlace es una interfaz que proporciona capacidad pa- quetizada y/o capacidad TDM a interfaces Ethernet y/o TDM asociadas en un nodo. También se utiliza para con gurar un servicio de transporte en un enlace de mi- croondas/ondas milimétricas. La Figura 1 ilustra estos conceptos de terminación del proveedor y terminal de radioenlace.

La Figura 2 muestra la estructura general del modelo con la terminal de radioenlace y la terminación del proveedor, más tres nuevos contenedores que describen en mayor detalle la relación e interacción entre las terminaciones de los proveedores grupos de protección de radioenlace, pares xpic y grupos mimo.

Próximos pasos El equipo de diseño de microondas creó un borrador del Modelo de datos YANG uni- cado para radioenlaces de microondas y ondas milimétricas, draft-mwdt-ccamp- mw-yang, y ahora espera recibir co- mentarios y a anzarse en la industria en general.

]]> 2193 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-guia-para-implementaciones-ligeras/ Tue, 04 Jul 2017 16:31:11 +0000 https://www.ietfjournal.org/?p=2196

Construcción de pilas IP mínimas pero interoperables en dispositivos diminutos Por Zhen Cao CONSTRUIR DISPOSITIVOS CON PROTOCOLO IP QUE SEAN MÍNIMOS PERO interoperables para entornos restringidos no es tarea fácil. Como lugar donde se com- parten experiencias de ingeniería, el IETF observó este problema y, para intentar solucio- narlo, creó el Grupo de Trabajo LWIG (Light-Weight Implementation Guidance, Guía para implementaciones ligeras) a fin de recoger las experiencias de implementación de pilas IP en entornos restringidos.

Antecedentes Hoy en día vemos cada vez más dispo- sitivos restringidos y de baja potencia co- nectados a Internet a través de enlaces con pérdidas. Garantizar que estos dispositivos puedan utilizar el protocolo IP es funda- mental para evitar la fragmentación de In- ternet. Antes del Grupo de Trabajo LWIG, el IETF estaba trabajando en IPv6 ligero (Grupo de Trabajo 6Lowpan, continuado actualmente por el 6Lo), protocolo de en- rutamiento (Grupo de Trabajo ROLL) y pro- tocolos de aplicaciones restringidas (Grupo de Trabajo Core). Este trabajo ha ayudado a que las redes restringidas avancen hacia la interconectividad global (Figura 1).

Además del diseño de los protocolos, cuando se construye una pila de protocolos mínima pero que cumple con todos los re- quisitos también existen diferentes desafíos de implementación que surgen del espacio computacional limitado, la necesidad de un descubrimiento y una seguridad rentables, y un modo de operación de bajo consumo. Compartir estas experiencias de implemen- tación puede promover la interoperabilidad y evitar algunas trampas de la ingeniería.

Actividades del LWIG El LWIG comenzó por clasi car los dis- positivos restringidos según diferentes aspectos, entre ellos su e ciencia com- putacional y energética. Este trabajo se resumió en el documento sobre termi- nología de redes restringidas RFC 72281, donde las capacidades de los dispositivos se clasi can básicamente en tres cate- gorías: Clases 0/1/2 respectivamente. Las categorías representan los tamaños de datos/código y van desde muy restringido (clase 0, <10KB de datos, <100KB de código), restringido (Clase 1, alrededor de 10KB datos y 100KB de código) y menos restringido (Clase 2, 50KB de datos y 250KB de código). Si bien este consenso se nalizó hace tres años, la mayoría de los términos siguen siendo útiles en las conversaciones de los grupos de trabajo relacionados. También hay una versión ac- tualizada de este documento2 disponible y en discusión dentro del grupo, que planea incluir ideas de la comunidad sobre temas como las implicancias del tamaño de la unidad máxima de transferencia (MTU) y los dispositivos WAN de baja potencia.

Al diseñar e implementar una pila en dis- positivos no restringidos, en general se supone que estos dispositivos son alcan- zables (por lo menos en su función como servidor) y que no es demasiado costoso implementar el mantenimiento de la co- nexión permanente mediante el envío pe- riódico de señales keep-alive. Pero en un entorno restringido estos supuestos no pueden darse por sentado, ya que los dispositivos diminutos se han construido pensando en un determinado ciclo de ope- ración y pueden pasar a modo de reposo para reducir su consumo de energía. El bo- rrador de Arkko et al. sobre la construcción de dispositivos CoAP de bajo consumo de energía para redes celulares3 analiza este problema y formula una serie de recomen- daciones. La clave para habilitar las aplica- ciones de red sobre los nodos "durmientes" es informar a los demás nodos participantes sobre la existencia de los dispositivos de estas características y la ubicación de sus datos a través de un delegador que pueda ser descubierto por los demás dis- positivos. Aunque la infraestructura de de- legación de datos ha sido especi cada por la CoRE-RD4, el soporte disponible para el descubrimiento del directorio de recursos u otros servicios de registro es limitado. Arkko et al. señalan que el descubrimiento multicast sobre un enlace punto a punto similar a uno celular no es factible y su- gieren diferentes maneras de realizar este descubrimiento inicial, entre ellas la con - guración manual, la con guración ja por parte del fabricante, la con guración ja delegada por el fabricante y el uso de in- fraestructura de resolución global común. Para quienes implementan sus servicios a través de dispositivos celulares, el proyecto de Arkko et al. es imprescindible. CoAP es un componente importante para las aplicaciones restringidas. Hay muchos proyectos de código abierto disponibles, pero rara vez consideran cómo imple- mentar el servicio CoAP de una manera rentable. Kovatsch et al.5 presentan las lec- ciones aprendidas de la implementación de CoAP para dispositivos diminutos. Este documento abarca muchos detalles de la implementación de CoAP con los que los ingenieros se encuentran repetidamente pero que no han sido cubiertos por la espe- ci cación. Los autores comparten mucha información y ofrecen recomendaciones detalladas sobre el uso del ID de mensaje, detección/rechazo de mensajes duplicados, uso de tokens, gestión de estados de (re) transmisión y optimización anticipada. Un ejemplo concreto presenta un inteligente descubrimiento sobre el modelo de ob- servación del uso de tokens en CoAP. En lugar de consultar constantemente el dis- positivo sensor para obtener información más actualizada, CoAP permite que un ob- servador registre su interés en un recurso determinado y posteriormente sea noti- cado con la representación de los más re- cientes, lo que se denomina un modelo de observación. Representada por el URI, la IP, el puerto y el valor del token (del ob- servador), la relación de observación ge- neralmente se mantiene en los sensores diminutos. Sin embargo, CoAP soporta re- gistros duplicados desde un extremo en el mismo URI con diferentes valores de token, lo que puede sumar un costo adicional. Por el contrario, Kovatsch et al. reco- miendan asignar y reutilizar un espacio dedicado al valor de token (8 bytes) para cada relación de observación, mante- niendo cuatro bytes constantes e iterando el resto del espacio de cuatro bytes para evitar ataques de reproducción (replay) y suplantación (spoo ng). Este método no solo ahorra recursos para soportar obser- vación mediante CoAP, sino que también es compatible con el protocolo. También se recomienda que los búfers de retrans- misión se asignen por recurso observable y no por observador (Sección 3.3), lo que permite ahorrar estado adicional.

Gomez et al.6 discuten pautas especí cas para el diseño de protocolos de bajo consumo de energía y ofrecen información sobre las transmisiones broadcast y no sin- cronizadas que consumen más que otras operaciones de Tx/Rx. Si los protocolos deben emplear estas formas de recopilar información, reducir su uso al agregar los mensajes similares ayudará a ahorrar energía. Es más, las operaciones como la gestión de retransmisiones, la detección de duplicados y la conversación observable resultan ine cientes tanto por su consumo de memoria como de energía. La reducción de tales estados en el diseño de protocolos es una manera recomendada de lograr e - ciencia energética. Los componentes de seguridad gene- ralmente se consideran costosos, pero su ausencia representa un riesgo enorme. Sethi et al.7 ofrecen valiosas considera- ciones y experiencias prácticas, detallan las bibliotecas de criptografía disponibles y evalúan su desempeño en términos de tiempo de ejecución y consumo de memoria. Este es un documento inte- resante que los implementadores pueden consultar antes de evaluar el costo com- putacional de una solución de seguridad relevante. Más importante todavía, los autores concluyen que, con ayuda de una selección informada de los algoritmos e in- tercambios de protocolos de seguridad, se puede controlar el costo adicional (por ejemplo, el tiempo de ejecución y el consumo de memoria) de forma que se ajuste a la mayoría de los escenarios de aplicación. Además, Kivinen comparte una implemen- tación de un iniciador IKEv2 muy pequeño en la RFC 78158. La idea es que un dis- positivo típico de la IoT se despliega para que se comunique con un solo servidor, por lo que ciertas porciones de la carga útil contenida en el intercambio de pro- tocolos serán estáticas y la implementación mínima evitará las validaciones duplicadas. Kivinen también ofrece una lista de cargas opcionales (por ejemplo, múltiples noti - caciones de estado) que solo son útiles para varios casos con múltiples pares y que pueden ser ignoradas por estas im- plementaciones mínimas. El protocolo ini- ciador mínimo descrito es interoperable con una implementación de backend IKEv2 completa y, por lo tanto, es bastante útil en los extremos diminutos.

Conclusión En este artículo se han listado apenas algunas de las actividades del Grupo de Trabajo LWIG. Los temas que no se trataron aquí pero que se están discu- tiendo día a día dentro del grupo de trabajo incluyen versiones mínimas de TCP, TLS y DTLS, ESP y gestión de vecinos. En la página del grupo https://tools.ietf.org/wg/ lwig encontrará más información. Agra- decemos a todos los colaboradores dis- puestos a compartir sus experiencias en el desarrollo de implementaciones mínimas. Referencias 1. Bormann, C., Ersue, M. y A. Keranen, “Ter- minology for Constrained-Node Networks”, RFC 7228, mayo de 2014. 2. Bormann, C., Gomez, C., “Terminology for Constrained-Node Networks”, draft-bor- mann-lwig-7228bis-00 (trabajo en curso), 2017. 3. Arkko, J., Eriksson, A., Keranen, A., “Building Power-E cient CoAP Devices for Cellular Networks”, draft-ietf-lwig-ce- llular-06 (trabajo en curso), 2016 4. Shelby, Z., Koster, M., Bormann, C. y P. Stok, “CoRE Resource Directory”, draft-ie- tf-core-resource-directory-09 (trabajo en curso), 2016. 5. Kovatsch, M., Bergmann, O. y Bormann, C., “CoAP Implementation Guidance”, draft-ietf- lwig-coap-03 (trabajo en curso), 2015. 6. Gomez, C., Kovatsch, M., Tian, H. y Cao, Z., “Energy-E cient Features of Internet of Things Protocols”, draft-ietf-lwig- energy-e cient-06 (trabajo en curso), 2017. 7. Sethi, M., Arkko, J., Keranen, A., Back, H., “Practical Considerations and Implemen- tation Experiences in Securing Smart Object Networks,” draft-ietf-lwig-crypto-sensors-02 (trabajo en curso), 2017. 8. T. Kivinen, “Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation”, RFC 7815, 2016.

]]> 2196 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-configuracion-dinamica-de-host/ Tue, 04 Jul 2017 16:31:11 +0000 https://www.ietfjournal.org/?p=2200

Por Tomek Mrugalski y Bernie Volz QUIENES PARTICIPAN EN EL IETF HACE TIEMPO SABEN QUE EL GRUPO DE Trabajo sobre Con guración Dinámica de Host (DHC) viene trabajando desde hace mucho tiempo. Sin embargo, determinar su edad con precisión ha sido un desafío. Según los archivos del grupo, su primer correo electrónico se envió1 el 12 de julio de 2001. Pero esa fecha no puede ser correcta, ya que su primera solicitud de comentarios (RFC) es la RFC 1531 de octubre de 1993. El historial del Datatracker sobre DHC2 ofrece algunas pis- tas, aunque los datos parecen incompletos: las actualizaciones signi cativas se remontan a 2003, después de lo cual sigue un intervalo de trece años y hay dos entradas que indican que el grupo de trabajo fue propuesto y se formó el 1 de enero de 1991. Si esto es correcto, el grupo tendría la impresionante edad de 26 años, al menos tan antiguo como la Web, cuya fecha de creación suele ser considerada como enero (primer servidor público disponible) o agosto (Sir Tim Berners-Lee anuncia el proyecto al agrupo de discusión alt.hypertext) de1991. No obstante, hay otra pista que indica que el DHC es todavía más viejo: la lista de grupos de trabajo activos en el sitio web del IETF3. Si bien la página en sí es algo básica, las fechas que aparecen junto al nombre de cada grupo de trabajo parecen ser sus fechas de creación. En esta página, la fe- cha de creación indicada para el DHC es “1989-Apr-13”, hace casi veintiocho años.

Entonces, ¿qué ha estado haciendo el grupo sobre DHC todo este tiempo? Su ob- jetivo original no ha cambiado. Fue creado para con gurar hosts de forma dinámica y eso es lo que ha hecho. Si lo pensamos un poco, las redes modernas son totalmente diferentes a cuando se inició el trabajo. A nales de los años 80, una red “grande” probablemente incluiría alrededor de cien computadoras de escritorio. No existía ningún concepto de movilidad y el trabajo en IPv6 realmente todavía no había co- menzado. Mucho ha cambiado y el DHC ha hecho todo lo posible para seguir el ritmo de la realidad cambiante. En el proceso, el grupo de trabajo publicó 96 RFCs que de- nieron, aclararon y mejoraron diferentes aspectos de la autocon guración de los dispositivos. Dispositivos, porque hoy en día hay mucho más que solo hosts. Y esto plantea la pregunta: ¿hay algo más que el DHC todavía deba hacer? DHCPv6bis Al igual que la mayoría de los grupos de trabajo del IETF, el DHC pre ere no invertir su tiempo en tecnologías heredadas, como IPv4, excepto en los casos en que resulta útil par la transición a IPv6. En términos de DHC, esto signi ca que el grupo trabaja casi exclusivamente en DHCPv6. Este protocolo básico (RFC 3315) se publicó en 2003. Mucho ha cambiado desde en- tonces. Lo más notable es la capacidad de participar de los routers, no solo de los hosts. Los routers generalmente utilizan el mecanismo de delegación de pre jos (RFC 3633). Además, con los cambios re- cientes en la forma en que se organizan las redes, los supuestos originales han perdido validez. La distinción entre hosts y routers se ha vuelto borrosa (si un teléfono se usa como hotspot o ejecuta máquinas vir- tuales, ¿el teléfono sigue siendo un host?), las formas en que se percibe la con anza han cambiado (¿los usuarios confían en que el hotspot de la cafetería que visitan son legítimos?), y también han cambiado nuestras expectativas (¿demora todo un segundo conectarnos a una red?).

El Grupo de Trabajo DHC está abordando algunas de estas condiciones cambiantes mediante una iniciativa para volver a pu- blicar la especi cación DHCPv6. Hoy, esta iniciativa representa el enfoque principal del grupo. Un equipo de diseño formado en 2013 tomó la RFC original (dato curioso: estaba en formato nro ); la emprolijó; tomó todas las erratas, correcciones y cambios que se habían introducido (por ejemplo, la RFC 7550, que mejoró varios problemas relacionados con la gestión del estado); y publicó versiones actualizadas4. El trabajo se organiza en torno a un issue trackerde- dicado5. El documento tuvo un muy exitoso período de últimos comentarios en el grupo de trabajo (WGLC) en 2016, durante el cual se recibieron casi trecientos comen- tarios independientes. El equipo de diseño mantiene reuniones quincenales con una hoja de cálculo pública en Google Docs y un texto borrador intermedio en un repo- sitorio github público. Se espera que los comentarios restantes sean tratados y pre- sentados durante el IETF 98 en Chicago. La intención es publicar el documento como un borrador de RFC y avanzar hacia un estándar pleno en el futuro. Privacidad y seguridad El concepto de seguridad también ha cambiado radicalmente a lo largo de los años. Tanto las revelaciones de Edward Snowden como la RFC 7258 llevaron a que muchos grupos de trabajo evaluaran nuevamente ciertos mecanismos que se pueden utilizar para el monitoreo omni- presente y otros ataques a la privacidad. Además, la forma en que la gente utiliza las redes ha cambiado. Hoy en día, pa- reciera que usar Internet en una cafetería de la que no sabemos nada es mucho más común que tener nuestros dispositivos co- nectados a una red cableada cuyo admi- nistrador conocemos personalmente. El DHC invirtió mucho tiempo en revisar los mecanismos y opciones tanto de DHCPv4 como de DHCPv6 para averiguar cuáles se podían emplear para el seguimiento de dispositivos y usuarios. Como resultado, en la RFC 7844 se publicó una recomen- dación llamada per l de anonimato, que re- comienda ciertos cambios para los clientes que desean proteger su privacidad. Los clientes que implementan esta recomen- dación no revelan ninguna información personal de utilidad y no utilizan ningún tipo de identi cadores de larga duración que puedan ser usados para rastrearlos.

Al mismo tiempo, hay modelos de des- pliegue prácticamente opuestos: en ciertos despliegues los clientes desean probar su identidad a la red y veri car que la red es realmente lo que dice ser. La seguridad y la prevención de la vigilancia generalizada es una gran preocupación para todos y la falta de seguridad (cifrado y autenticación) ha sido un problema de larga data para el DHCP, ya que este protocolo se utiliza para conectarse a muchas redes. Este trabajo6 comenzó a nales de 2013 y se ha reiniciado varios veces después de su revisión por parte del Grupo Directivo de In- geniería de Internet (IESG). El documento actual considera el cifrado de las interac- ciones cliente/servidor. Se anticipa que el trabajo pronto pasará al período de últimos comentarios y esperamos que se vuelva a intentar obtener la aprobación del IESG.

El futuro DHCPv6 es un protocolo extensible para el cual se de nen aproximadamente diez nuevas opciones por año. La mayoría de estas opciones transmiten nuevos pará- metros que se espera que el servidor en- tregue a los clientes —estos parámetros no modi can la forma en que funciona el pro- tocolo—. Como tal, cada vez más la de - nición de opciones se está llevando a cabo fuera del DHC, en grupos dedicados que comprenden expertos en la materia y que pueden veri car mejor el contenido real de esos parámetros. En mayo de 2014, el DHC publicó la RFC 7227, que contiene di- rectrices para los autores que trabajan en nuevas opciones. Sin embargo, se están discutiendo varios mecanismos de ex- tensión que son especí cos del protocolo, por lo que pertenecen dentro del DHC. La de nición de modelos YANG, proveer to- lerancia frente a fallos para DHCPv6 y ajustar cómo funcionan los agentes de re- transmisión (relays) son apenas algunos ejemplos del trabajo que se está realizando actualmente7.

Tal vez se esté preguntando si el DHC ter- minará su trabajo pronto. Cuando entregó la dirección a los actuales presidentes Bernie Volz y Tomek Mrugalski, Ted Lemon comentó que al grupo quizás le quedarían cinco años de trabajo. Luego agregó que, cuando él se hizo cargo, el presidente sa- liente había hecho el mismo comentario. ¿Quién sabe? Quizás Volz y Mrugalski transmitirán ese mismo pronóstico a sus sucesores. Notas al pie 1. https://www.ietf.org/mail-archive/web/dhcwg/ current/mail402.html. 2. https://datatracker.ietf.org/wg/dhc/history/. 3. https://tools.ietf.org/wg/. 4. https://tools.ietf.org/html/draft-ietf-dhc- rfc3315bis. 5. http://tools.ietf.org/group/dhcpv6bis/. 6. https://tools.ietf.org/html/draft-ietf-dhc- sedhcpv6-20. 7. https://datatracker/wg/dhc/documents y https://datatracker.ietf.org/wg/dhc/charter/

]]> 2200 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/colaboracion-desde-las-bases-grupo-de-operadores-de-centros-de-datos-empresariales/ Tue, 04 Jul 2017 16:31:11 +0000 https://www.ietfjournal.org/?p=2202

Por Nalini Elkins y Darin Pettis EL GRUPO DE OPERADORES DE CENTROS DE DATOS EMPRESARIALES (EDCO) se formó para monitorear el impacto de los cambios en los protocolos sobre los centros de datos más so sticados. El grupo representa un esfuerzo a nivel de base to- talmente organizado y dirigido por voluntarios. Aunque nos reunimos simultáneamente con sus eventos, este grupo no es parte o cial del IETF.

Las empresas y las grandes organiza- ciones utilizan los protocolos del IETF tanto en Internet como en los centros de datos. Un pequeño cambio en un protocolo crítico podría signi car un importante cambio en las operaciones y diagnósticos de una or- ganización, lo que, a su vez, podría au- mentar los costos o incluso impedir la realización de alguna función crítica como el monitoreo del fraude. Por ejemplo, aunque justi cado por mejorar la seguridad y la privacidad, el cambio introducido en TLS1.3 para eliminar el in- tercambio de claves estáticas RSA también conduce a importantes cambios en fun- ciones críticas, entre ellas el diagnóstico y monitoreo del fraude y la detección de fugas en el caso de bancos, procesadores de pagos, organizaciones minoristas, ser- vicios de salud y otras grandes organiza- ciones que comprenden tanto a pioneros en la adopción del cifrado como a las in- dustrias reguladas.

Cambiar la forma en que se monitorea el fraude puede implicar un proceso lento y costosos, pero la falta de acción puede comprometer la seguridad dado que las aplicaciones diseñadas para proteger al consumidor podrían no funcionar correc- tamente. El EDCO está trabando tanto con los miembros del grupo TLS como con quienes la implementan para diseñar la mejor solución a estas prioridades contra- puestas. De la experiencia con TLS1.3 aprendimos que las empresas suelen no ser cons- cientes de los cambios a los protocolo pueden afectarlos hasta que el proceso está muy avanzado. Por lo tanto, ahora nos proponemos participar lo más pronto posible en el trabajo de tantos grupos de trabajo como sea posible, para así poder contribuir en forma oportuna y ayudarles a diseñar soluciones e caces. Para ello, miembros individuales del EDCO piensan revisar los borradores en discusión dentro de los grupos de trabajo del IETF en busca de cambios que pudieran afectar a los grandes centros de datos. El IETF tiene más de cien grupos de trabajo, por lo que sería imposible para cualquier organi- zación monitorear esa cantidad por sí sola —si cada empresa intentara hacerlo nece- sitaría un grupo dedicado de hasta 40 o 50 personas—. Nuestra solución consiste en trabajar juntos. Actividades en el IETF 98 La primera reunión del EDCO será durante el IETF 98 en Chicago. El sábado tendremos un Boot Camp para nuestros miembros (el Boot Camp es totalmente organizado por voluntarios y no es una parte oficial del IETF). Ofreceremos a los miembros un panorama general del IETF, hablaremos sobre la terminología del IETF, el programa de mentorías, la solicitud del IETF y varios borradores en curso por miembros del EDCO. Diseñamos el Boot Camp como un espacio donde la gente pueda reunirse, formar un grupo cohesivo y aprender sobre el IETF desde nuestra perspectiva única.

Para promover la creación de redes y la integración con los miembros del IETF, nuestros miembros están invitados a asistir a las sesiones para nuevos partici- pantes el día domingo, si corresponde, a las sesiones educativas organizadas por el Equipo de Educación del IETF y a los eventos sociales. Estamos coordinando con mentores del IETF y también parti- cipando en el programa Speed Mentoring para que nuestros miembros puedan re- unirse con tantos participantes experi- mentados del IETF como sea posible. Vamos a entregar a los miembros del EDCO un calendario de las sesiones de los grupos de trabajo a las que están invitados, además de una resumen de los grupos de trabajo, borradores y terminología para ciertos grupos seleccionados. Todos los días, durante el último co ee break ofreceremos un breve resumen diario. Creemos que conversar entre nosotros sobre cómo nos afectarán los cambios a los protocolos y conversar con quienes participan en el IETF sobre las actividades que se desarrollan en otras partes del mundo será de gran valor para el EDCO. Algunos le llaman "la pista de pasillos" de la conferencia En nuestra experiencia, no hay nada que pueda reemplazarla. De- seamos que tantos miembros del EDCO como sea físicamente posible asistan a las reuniones del IETF. Próximos pasos En el futuro, a medida que crezca la mem- bresía del EDCO, podremos formar una organización de comercio. Idealmente, tra- bajaremos con expertos para monitorear los grupos de trabajo y los próximos bo- rradores y para ofrecer una evaluación de sus impactos. En este escenario, los miembros del EDCO pagarán una sus- cripción para acceder a dichas revisiones y a diferentes webcasts. También quizás ofrezcamos instalaciones de laboratorio para que los miembros puedan tener expe- riencia práctica con los nuevos protocolos. Para todo esto se necesitará dinero. Queremos que nuestro grupo crezca en forma orgánica. A medida que crezca su número, si nuestros miembros encuentran valor en las revisiones de los expertos y los laboratorios, en ese momento tomaremos esta dirección. Alternativamente, también podríamos continuar siendo una organi- zación voluntaria.

Beneficios para el IETF Tener so sticados usuarios de los pro- tocolos en las grandes empresas es un bene cio para el IETF. Las empresas no son los únicos usuarios de los protocolos de Internet, pero sí son muy importantes. Las organizaciones comerciales y el sector gubernamental son miembros del EDCO y son los motores que mueven a los go- biernos y las economías del mundo —los protocolos de Internet son fundamentales para su funcionamiento—. La oportuna contribución de estos usuarios solo servirá para fortalecer los estándares del IETF. Hay quienes mencionan inversiones de hasta un millón de dólares por cada es- tándar creado. Quizás sea imposible calcular los verdaderos costos que implica la creación de una RFC, pero una cosa es cierta: los requisitos de quienes usarán los protocolos desde sus funciones de negocio no tienen precio. Para obtener más información sobre EDCO, comuníquese con Nalini Elkins (Nalini.elkins@insidethestack.com) o con Darin Pettis (dpp.edco@gmail.com)

]]> 2202 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/hackathon-ietf-97-como-mejorar-los-estandares-abiertos-mediante-software-de-codigo-abierto/ Wed, 03 May 2017 16:35:51 +0000 https://www.ietfjournal.org/?p=2211

Originalmente publicado por Charles Eckel en la Comunidad de Código Abierto DevNet el 17 de noviembre de 2016. EL IETF 97 SE REUNIÓ EN SEÚL Y COMENZÓ DE MANERA MUY AUSPICIOSA CON el Hackathon realizado los días 12 y 13 de noviembre. Este sexto Hackathon reunió a alrededor de 120 participantes presenciales, además de otros 20 participantes que se sumaron de forma remota. El trabajo abarcó una amplia variedad de temas de interés para el IETF y los resultados fueron valiosos e inspiradores.

La serie de Hackathons del IETF comenzó en marzo de 2015 durante el IETF 92 con los siguientes objetivos:

1. Acelerar y aumentar la relevancia del trabajo del IETF.
2. Atraer al IETF a personas y desa- rrolladores jóvenes.

La con rmación del segundo objetivo fue evidente desde el comienzo de este Hac- kathon, ya que las manos en alto indicaron que se trataba de la primera experiencia en el IETF para algunas decenas de par- ticipantes y el primer Hackathon del IETF para muchos otros. Las pruebas de haber alcanzado el primer objetivo se harían esperar hasta la presentación de los re- sultados al nal del Hackathon. Un Hackathon poco habitual El Hackathon del IETF no es un típico Hackaton. Los participantes están más motivados por el deseo de mejorar Internet que por el dinero del premio. El espíritu es más colaborativo que competitivo. La par- ticipación es gratuita y no es necesario asistir a la reunión del IETF posterior al Hackaton. Algunas personas se ofrecen como voluntarios para ser los “champions” (proponentes) de proyectos relacionado con el trabajo del IETF y en torno a estos champions se forman los equipos de trabajo. Para este Hackathon, la lista de proyectos fue la siguiente:

• ACTN
• Capturar y analizar características de datos de red – Joy
• COSE/JOSE
• DNS/DPRIVE/DNSSEC/DANE
• Interfaz con el Marco de las funciones
• Función de servicio DevKit
• SFC
• TLS 1.3
• YANG/NETCONF/RESTCONF

Una de las formas en que el Hackathon po- tencia el ritmo y la relevancia del trabajo del IETF es a través de código que funciona. La implementación de estándares en evo- lución y la producción de código que funciona validan los estándares y destacan cosas que tan vez falten, sean incorrectas o ambiguas en los borradores de estos estándares. Mejor aun, si el código es abierto, ver y compartir el código fuente ayuda a comprender un estándar, facilita su uso y promueve su adopción. Los proyectos de código abierto que destacaron en este Hackathon fueron OpenDaylight, ONOS, VPP y Joy. Para obtener una lista y una breve descripción de los proyectos del Hackathon, consulte la wiki en https://www.ietf.org/registration/MeetingWiki/wiki/97hackathon.

Solo ganadores A pesar de que no se ofrecían grandes premios en dinero, los participantes se lanzaron a una competencia amistosa por orgullo y la posibilidad de ser los primeros en acceder a un conjunto de dispositivos donados por los patrocinadores. Los equipos presentaron sus resultados ante un panel de jueces, quienes tuvieron la difícil tarea de escoger a los ganadores. En esta ronda, los ganadores y las categorías fueron los siguientes:

• Mejor trabajo en general: Equipo TCP Multipath Este equipo estaba compuesto por un grupo de profesores y estudiantes de la École Polytechnique de Lovaina, Bélgica. Dado que algunos miembros del equipo viajaron a Seúl y otros participaron de forma remota desde Bélgica, el equipo se bene ció de la posibilidad de trabajar por turnos las veinticuatro horas.

•  Mejor aporte a un grupo de trabajo:
  Equipo ACTN El equipo de abstracción y control de redes de transporte (ACTN) produjo importantes aportes para los grupos de trabajo sobre arquitectura de in- geniería de tra co y señalización (TEAS) e interfaz con el sistema de enrutamiento (I2RS). Su código se convertirá en una contribución aguas arriba para el proyecto ONOS.

•  Mejor trabajo en equipo: Equipo I2NSFFormado por profesores y estudiantes de la Universidad de Sungkyunkwan en Corea del Sur, el equipo sobre in- terfaz con las funciones de seguridad de red (I2NSF) utilizó RESTCONFy NETCONF junto con modelos de datos YANG para implementar ser- vicios de seguridad de red usando OpenDaylight y mininet. Al hacerlo, validaron el enfoque de nido por el Grupo de Trabajo I2NSF.
•  Mejor trabajo nuevo para el IETF: Equipo Kit de desarrollo de software para funciones de servicio y Equipo SFCEl premio se otorgó a dos equipos diferentes que trabajaron en el enca- denamiento de funciones de servicio (SFC). El primer equipo agregó soporte para encabezados de servicios de red (NSH) a VPP y el kit de desarrollo de software para fun- ciones de servicio, lo que hace que la integración con con los clasi cadores y encaminadores de funciones de servicio sea más fácil para los desarrolladores. El segundo equipo demostró un SFC jerárquico con un clasi cador de ujos con estado em- pleando OpenDaylight y SFC basado en la intención con ONOS.
    Otros equipos también tuvieron logros fantásticos. Todas las presentaciones de los proyectos están disponibles en https://datatracker.ietf.org/meeting/97/session/hackathon. Un tema recurrente fue el trabajo continuo sobre YANG, NETCONF y RESTCONF para mejorar las opera- ciones mediante la automatización. Benoit Claise, uno de los directores del área de gestión y operaciones, publicó un resumen en el siguiente enlace: https://www.ietf.org/blog/2016/11/yang-quick-status-update-be- fore-this-ietf-97/. Únase al próximo Hackathon del IETF El próximo Hackathon del IETF se reunirá en el IETF 98 a realizarse en Chicago los días 25 y 26 de marzo de 2017. Como siempre, la participación es gratuita y abierta a todos los interesados. Se trata de una excelente oportunidad de experi- mentar de primera mano el trabajo de gran alcance que se hace en el IETF y conocer a las personas que lo hacen posible. Invita a las comunidades de código abierto a unirse al IETF y a otros organismos de estandarización para así mejorar la funcionalidad, seguridad y operación de la Internet que todos conocemos y amamos.

  Para mantenerse al tanto de todo lo re- lacionado con el pasado, el presente y el futuro de los Hackathons, incluyendo la fecha de apertura de la inscripción para el Hackathon del IETF 98, suscríbase a hackathon@ietf.org.

]]> 2211 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/programa-de-becas-de-la-internet-society-para-asistir-a-las-reuniones-del-ietf/ Wed, 03 May 2017 21:33:13 +0000 https://www.ietfjournal.org/?p=2215

Más que observadores, los Fellows dicen presente y participan en el IETF 97 en Seúl Por Niel Harper EL PROGRAMA DE BECAS DE LA INTERNET SOCIETY PARA ASISTIR A LAS reuniones del IETF apoya a los miembros de la Internet Society de economías emer- gentes o en desarrollo que tienen las habilidades técnicas y experiencia necesarias para contribuir con el trabajo del IETF. Al IETF 97 organizado en Seúl concurrieron 12 Fellows de 10 países: Brasil, China, Colombia, Ecuador, Etiopía, Georgia, India, Túnez, Uganda y Zimbabwe. Participar presencialmente en las reuniones del IETF puede ayudar a promover un mayor entendimiento del proceso de estandarización, a incentivar una activa participa- ción en las actividades del IETF y a facilitar las creación de redes de contactos con otras personas con intereses técnicos similares.

En Seúl, algunos Fellows aprovecharon aún más su participación para demostrar el valor tanto del programa como el de sus participantes al presentar o participar en grupos de trabajo u otras actividades.

• Harish Chowdhary (India) realizó presentaciones en dos sesiones BoF: DNSBUNDLED y una sobre problemas de implemen- tación asociados con los nombres de dominio internacionalizados (IDNs). También le habló al Grupo Directivo de Ingeniería de Internet (IESG) sobre el progreso de las actividades relacionadas con el IETF en India.
• Srimal Andrahennadi (Sri Lanka) suscribió un acuerdo de asociación entre Sri Lanka e India para desa- rrollar un programa de investigación sobre la Internet de las cosas (IoT) y ofrecer capacitación sobre la IoT para ingenieros jóvenes.
• Eduardo Morales (Brasil) colaboró con Lee Howard, quien ofreció comentarios sobre la actualización de sus materiales didácticos sobre IPv6 para NIC.br.
• Tariq Saraj (Pakistán) participó en las discusiones del Grupo de Trabajo DPRIVE con respecto a la inclusión de servidores de nombres autoritativos en futuros borradores. También presentó su tesis al chair del grupo.
• Konstantine Karosanidze (Georgia) recibió asistencia de los participantes del IETF para desplegar el primer servidor raíz de DNS (servidor K ges- tionado por RIPE-NCC) en Georgia. También construyó relaciones con los chairs de los grupos de trabajo y otras personas que lo están apoyando para el despliegue de un IXP en Georgia.

Lo invitamos a compartir esta oportunidad que ofrece el programa de becas con quienes que considere buenos candidatos. Los períodos de recepción de solicitudes para las tres próximas reuniones serán los siguientes: IETF 99 (Praga, República Checa): abierto; IETF 100 (Singapur) 10 de julio; IETF 101 (Londres, Reino Unido): 30 de octubre

]]> 2215 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-bits-n-bites/ Tue, 04 Jul 2017 04:42:28 +0000 https://www.ietfjournal.org/?p=2248

The IETF’s popular Bits-N-Bites events highlight products and services that showcase IETF protocols in action. The two-hour events take place in social settings designed to encourage casual learning and in-depth discussions. With complimentary hor d’oeuvres, wine, and craft beers, these even- ing events are eagerly anticipated by the entire IETF community. IETF 98’s event included demonstrations from the following six organizations:

     

 

 

]]> 2248 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/nada-que-ocultar-todo-que-ganar/ Tue, 04 Jul 2017 16:31:45 +0000 https://www.ietfjournal.org/?p=2180

Por Russ White y Shawn Zandi ¿POR QUÉ A UN PROVEEDOR —PARTICULARMENTE A UN PROVEEDOR DE CONTENI- DO— debería importarle las comunidades de código abierto y los estándares abiertos? Sin duda, existe una cantidad de razones por las cuales los proveedores de contenido con foco en los usuarios podrían no tener interés en las comunidades de código abierto. Una objeción habitual esgrimida por los proveedores para no trabajar en las comunidades de código abierto suele ser algo así: ¿Acaso la idea de construir una empresa en torno a los datos —lo que en de nitiva signi ca construirla en torno a un conjunto de capacidades de procesamiento, incluyendo la red— no es ocultar su camino al éxito y evitar que otros también lo transiten? ¿Los proveedores no deberían defender su propiedad intelectual por las mismas razones que los fabricantes de los equipos?

Para elaborar una respuesta, es importante comenzar por diferenciar entre propiedad y secreto. Para cualquier tecnología o innovación debemos hacernos dos preguntas:

• ¿Deberíamos ser los propietarios?
• ¿Deberíamos mantenerla en secreto?Las preguntas están interconectadas, pero no son idénticas. La propiedad gene- ralmente re ere a controlar nuestro propio futuro. Especí camente, ser propietario de nuestra arquitectura re ere a la capacidad de entrelazar su red y negocio de forma tal de lograr una ventaja competitiva. Por el contrario, entregar nuestra arquitectura a un fabricante (casi siempre) signi ca compartir de alguna forma nuestros ob- jetivos de negocio con los suyos (aunque no siempre, por supuesto).Por otro lado, el secreto generalmente tiene que ver con controlar la capacidad de otros de utilizar nuestras innovaciones para competir con nosotros. Reformulando la segunda pregunta para las comunidades abiertas: ¿Acaso promover modicaciones a un proyecto de código abierto o promover nuestras ideas ante la comunidad de estándares abiertos no signfica estar ayudando a potenciales competidores (nuevos o establecidos) en sus esfuerzos por construir una red mejor, más rápida y más grande?
  Una vez aclaradas estas preguntas, hay dos líneas de argumentación a favor de la participación activa en las comunidades abiertas —para proveedores, fabricantes e ingenieros individuales—. La primera línea de argumentación podría llamarse altruista; la segunda, oportunista. A su vez, ambas están más estrechamente relacionadas de lo que parece a primera vista. Primero, cada ingeniero en redes debería reconocer que todos estamos “parados sobre hombros de gigantes”. Quienes hicieron el trabajo inicial de de nir los protocolos que dirigen Internet y todas nuestras redes no vivían solamente de la nanciación del gobierno. Ellos crearon las empresas que pusieron en práctica sus invenciones. Desde la óptica hasta los pro- tocolos, estas personas no solo inventaron cosas, tampoco solo las construyeron —también construyeron empresas que aprovecharon dichas invenciones—. En otras palabras, no solo generaron bene- cios para sí mismos, sino que también lo hicieron para el mundo entero. Tanto a nivel personal como a nivel empresarial, debemos ofrecer nuestro apoyo a futuras generaciones al igual que las generaciones anteriores lo hicieron con nosotros. Esto implica, en parte al menos, apoyar a los estándares abiertos y el código abierto como una parte natural de la creación de los productos y las empresas que cons- truimos hoy. A falta de un esfuerzo real y consciente para la construcción de algo más grande que nuestras propias empresas y carreras, es muy probable que Internet caiga en la tragedia de los comunes.
  Imagine una aldea en los tiempos mayormente agrícolas apenas unas pocas generaciones atrás. En cada aldea, seguramente había un espacio verde compartido por todos para jugar, realizar reuniones o armar un mercado. Ahora, imagine que una persona o un grupo pequeño de aldeanos deciden aprovechar este “tierra libre” y crear allí un mercado permanente. Es mucho lo que la aldea pierde a cambio de la ganancia de unos pocos, pero no es mucho lo que se puede hacer. Después de todo, los bienes comunes están allí para que los utilice cualquiera. Nosotros, como individuos y empresas, queremos utilizar los bienes comunes, pero también necesitamos expandir los bienes comunes para que no se arruinen ni se pierda el bien económico para todos, incluidos nosotros mismos. Los comunes del mundo digital no son solo los medios que todos compartimos, sino que también son los estándares, el código fuente, los procesos y el conocimiento que hemos desarrollado al crear sistemas en red para solucionar problemas a escala. También hay otro aspecto a tener en cuenta: ¿dónde y cómo aprenderá la próxima generación de ingenieros a construir redes a escala? Si abandonamos los bienes comunes que representan las comu- nidades abiertas, ¿cómo construiremos los ingenieros que precisamos para ampliar el alcance y la escala de nuestras empresas y de Internet? Tal vez estos argumentos altruistas no agraden a algunos lectores. “Todo eso está muy bien pero yo hago negocios para ganar dinero y no para hacer del mundo un lugar mejor. No creo que realmente llegue a producirse la tragedia de los comunes”. Incluso si el contra argumento fuera cierto, hay otra forma de darlo vuelta. La participación ayuda a la comunidad y apoya la creación de los productos que utiliza su empresa.

  Considere el mercado automotriz. ¿Cómo sería el parque automotriz hoy si nadie hubiera intentado modi car sus auto- móviles en sus propios garaje? ¿Cuántas invenciones no se hubieran producido? ¿Cuántas mejoras habrían quedado al costado del camino? ¿Seguiríamos pu- diendo comprar automóviles de cualquier color, siempre y cuando fuera negro? El punto es que las comunidades abiertas no son solo un espacio de creación, sino que también motivan la competencia. La existencia de los bienes comunes pro- porciona una base para la competencia que hace que cada pieza de un dispo- sitivo de red que compramos esté mejor diseñada, tenga mejor soporte y a la vez sea menos costosa. Cuando un mercado se fragmenta lo su ciente como para que las opciones sean comprarle a un único fabricante o no comprar, el mercado ya no es útil para construir las redes a gran escala que utilizamos para construir negocios. En de nitiva, apoyar el código abierto y los estándares abiertos reduce los costos del operador al aumentar sus posibilidades de elección. Por supuesto, en este caso los números son imposibles de cuanti car, por lo que tal vez se ne- cesite algo más concreto para convencer a los proveedores de que deben participar. Para quienes todavía no están convencidos del valor de la comunidad abierta, permítanme ofrecer otra línea de argumentación. Volviendo al mercado automotriz, su- pongamos que usted estaba involucrado en la cons- trucción de una gran empresa de envíos.

  Para construir dicho negocio, necesita vehículos de reparto. Luego de analizar cada vehículo de reparto disponible, usted concluye que el vehículo que necesita para operar con e ciencia todavía no existe. ¿Cuáles son sus opciones? Una opción sería ofrecer millones de dólares en contratos a un fabricante. Pero esto no sería de gran utilidad ya que existen clientes competidores y tal vez incluso deba convencer a las agencias reguladoras para que permitan construir los vehículos que necesita para su negocio. ¿Pero qué pasaría si usted tra- bajara con otros clientes para desarrollar un núcleo común de características a las que cada uno pudiera agregar y en torno a las cuales todos pudieran trabajar junto con los fabricantes y las agencias reguladoras para crear el vehículo que necesita para su negocio? Este esfuerzo común es precisamente lo que ofrecen las comunidades abiertas en la industria de las redes. Los proveedores que participan en la conformación de los estándares abiertos y el código abierto no solamente ayudan a de nir la dirección del mercado, sino que también ayudan a construir las bases sobre las cuales pueden construir sus negocios. A su vez, la existencia de la comunidad abierta ayuda a reducir la dependencia de un único fabricante y de esta forma fomenta la independencia, que luego redunda en la propiedad de su propia arquitectura. Volviendo a la pregunta inicial, obviamente existen aspectos que cualquier proveedor querrá “callar”, es decir, no compartir con la comunidad en general. No hay una línea bien de nida para decidir qué callar por razones de negocios y qué compartir. Además, es probable que esto cambie con el tiempo y el lugar de formas que son difíciles de de nir. Sin embargo, “difíciles de de nir” no signi ca “inexistentes”. En este ámbito, puede que algunas de las siguientes preguntas resulten útiles: • ¿Esta tecnología representa mi negocio principal?

  • ¿Existe la posibilidad de que al compartir esta tecnología se logren mejoras que aceleren mi capacidad de construir un gran producto? Esto es difícil de juzgar, ya que no existe forma de saber qué tipo de comuni- dad se podría formar en un caso es- pecí co ni qué ganancias se podrían obtener. A pesar de que las respuestas a estas pre- guntas pueden no ser sencillas, se sugiere inclinarlas a favor de las comunidades abiertas antes que en su contra. Por ejemplo, en el espacio de los proveedores de contenido, los algoritmos utilizados para procesar los datos para producir la experiencia e información que los clientes desean parecería estar más cerca del núcleo del negocio que de la construcción de la red.

  La capacidad que han demostrado las comunidades abiertas de mejorar —e incluso revolucionar— las ideas y el valor agregado más allá de la inversión debería ser el argumento que convenza a cada in- geniero y empresa que confía en las redes a gran escala de que el camino abierto es el camino a seguir.

]]> 2180 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/mensaje-del-chair-del-ietf/ Tue, 04 Jul 2017 16:31:12 +0000 https://www.ietfjournal.org/?p=2183

Por Jari Arkko QUISIERA RESUMIR MIS PENSAMIENTOS SOBRE LAS DISCUSIONES QUE TUVIERON lugar durante el IETF 97. En Seúl recibimos a 1042 personas de 52 países y fuimos testigos de un desarrollo muy activo en una variedad de frentes. Podemos decir que se trató de una reunión exitosa. La reunión contó con el apoyo de nuestro an trión Huawei, el Centro de Información de Red de Internet de China (CNNIC), la Agencia Coreana de Internet y Seguridad (KISA) y una larga lista de patrocinadores. ¡Muchas gracias por su apoyo!

Jari Arkko, Chair del IETF Los ataques de denegación de servicio más recientes implicaron el compromiso de una serie de dispositivos de la Internet de las Cosas que atacaron la infraestructura del DNS. El Consejo de Arquitectura de Internet (IAB) organizó una discusión sobre estos ataques a modo de ejemplo de una preocupación de carácter más general: la incorporación de millones de nuevos dispositivos podría abrumar la infraestructura de Internet si tales dispositivos no se comportan de- bidamente. Existen formas de mitigar los ataques, pero estas formas también suelen tener otros tipos de impactos, por ejemplo, la necesidad de desplegar los servicios en los grandes proveedores. Como mínimo, considero que sería bene cioso para la comunidad del IETF continuar promoviendo la idea de que, al introducir un gran número de dispositivos (o cualquier dispositivo) a Internet, los requisitos mínimos incluyan, por ejemplo, actualizaciones automáticas de software y evitar las contraseñas predeterminadas. Antes pensaba que esto era tan obvio que no era necesario decirlo; ahora ya no estoy tan seguro. Sin embargo, el área donde podemos in uir es la mejora de los mecanismos de mitigación y defensa. En la página 10 se incluye un resumen de la sesión plenaria del IAB. También puede mirar un un video de la sesión en https://www.youtube.com/watch?time_continue=3715&v=- qPaaRaNxIY4. Recientemente el IETF creó un Grupo de Trabajo para especi car el protocolo QUIC (Quick UDP Internet Con- nections, Conexiones UDP rápidas en Internet). El nuevo protocolo combina las capas de TCP y TLS, generalmente se implementa en el espacio de usuario y no en el espacio de kernel, y apunta a con guraciones de conexión más rápidas con capacidad de reanudación, seguridad integrada y capacidad para evolucionar el protocolo de forma más rápida (por no encontrarse en el kernel). Como punto de partida de la discusión, en el Grupo de Trabajo se tomó una versión anterior del protocolo que ya se utiliza en Google. Estoy muy entusiasmado con este desarrollo y ansioso por ver hacia dónde nos lleva. Además, parece que no soy el único: la sesión sobre QUIC se realizó con la sala completamente llena. Una vez más, el n de semana anterior al IETF se realizó el Hackathon. Un aspecto a destacar fue la presencia de grandes grupos de estudiantes. Por ejemplo, un equipo de estudiantes de la Universidad de SungKyunKwan trabajó en el marco para la interfaz con las funciones de seguridad de red (I2NSF). Incluso mandaron a hacer camperas para el evento. También había otro grupo grande de estudiantes, ¡al otro lado del mundo!. El equipo de la Universidad Católica de Lovaina trabajó en TCP Multipath, pero gran parte del equipo trabajó desde casa en Bélgica. En la página 22 puede leer más sobre el Hackathon.

Los videos de las sesiones y entre- vistas del IETF 97 están disponibles en una lista de reproducción de YouTube en https://www.youtube.com/playlis- t?list=PLC86T-6ZTP5gtLuoSjpTGO _mS5Ly2pfIS. Los procedimientos o ciales con dispositivas, actas y todo lo demás se pueden consultar en https://datatracker. ietf.org/meeting/97/proceedings. También puede leer la entrada publicada en nuestro blog sobre los resultados del área de enrutamiento del IETF 97 (https://www. ietf.org/blog/2016/12/reflections-on-the- routing-area-after-ietf-97/) y la entrada publicada por Srimal Andrahennadi sobre sus experiencias como becario o Fellow de la Internet Society en el IETF (https://blog.apnic.net/2016/12/14/ietf-97-fellowship- experience/). Además de los Fellows de la Internet Society (página 25), durante la semana también tuvieron lugar otras reuniones. La Internet Society también lleva adelante un programa llamado Policy Fellows para par- ticipantes que representan a reguladores, gobiernos y formuladores de políticas que no suelen asistir a este tipo de conferencias técnicas. Si desea participar en este programa, comuníquese con Konstantinos Komaitis de la Internet Society. La reunión del IEPG de los domingos consiste en un espacio de discusión entre operadores de redes. El almuerzo organizado por las IETF Systers reúne a las participantes femeninas. Si desea participar, comu- níquese con Allison Mankin escribiendo a allison.mankin@gmail.com Nos vemos en Chicago en el IETF 98

]]> 2183 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/palabras-del-chair-del-iab/ Tue, 04 Jul 2017 16:31:12 +0000 https://www.ietfjournal.org/?p=2185

Por Andrew Sullivan EL IETF 97 FUE MI ÚLTIMA REUNIÓN COMO CHAIR DEL CONSEJO DE ARQUITECTURA DE Internet (IAB) y el IETF 98 marcará el n de mi tiempo en el IAB. Desde el momento de mi designación, siempre esperé lograr tres cosas. Lo primero era fortalecer los programas del IAB en relación con la arquitectura de Internet. Lo segundo era resolver el papel que desempeña el IAB en la relación del IETF con otras organizaciones —lo que suelo describir como la “o cina de asuntos exterio- res” del IETF—. Lo tercero era intentar erradicar los rastros de la teoría del “gran líder” de la dirección del IETF. Ahora tenemos la posibilidad de ver qué tan bien salieron las cosas. Programas y supervisión de la arquitectura El IAB organiza su trabajo a largo plazo en forma de programas. Dado que es probable que el IAB no tenga expertos en todos los temas, los programas permiten recurrir a expertos externos cada vez que la organización lo necesita. Además, los programas permiten que un miembro del IAB participe en el trabajo que inicia el IAB, incluso si este trabajo se extenderá más allá de su período en el Consejo. Aunque no todos los programas son de arquitectura, el IAB debería organizar sus esfuerzos en el área de arquitectura en programas. Tal vez inevitablemente, los programas de arquitectura siempre han funcionado mejor en la teoría que en la práctica. En mi opinión, funcionan bien cuando hay al menos un miembro del IAB —preferentemente más de uno— altamente comprometido con el trabajo del programa. En este caso, puede servir como un ampli cador e caz de este interés y ayudar a que el IAB contribuya con algo útil a la discusión sobre arquitectura. Sin embargo, a veces el IAB mantiene vivo un programa que no está funcionando bien. Esto suele deberse a que el IAB reconoce que el tema tiene grandes implicancias para el IETF, pero ninguno de sus miembros tiene interés permanente en el tema o bien no hay su cientes participantes con el tiempo necesario para involucrarse en las necesidades del programa.

Durante mi gestión logramos algunas mejoras en esta área. Logramos cerrar o volver a constituir algunos programas que ya no estaban generando resultados. Aumentamos la frecuencia de revisión de los programas e intentamos asegurarnos de que los líderes de los programas estuvieran totalmente involucrados al pedirles que produjeran temas para presentar en el plenario técnico o en las sesiones Birds-of-a-Feather (BoF). Sin embargo, algunos programas fracasaron y es poco probable que se incluyan para su revisión. No es difícil con gurar un nuevo programa si hay ganas y energía. A su vez, a diferencia de lo que ocurre con los grupos de trabajo del IETF, mantener un programa en funcionamiento solo “para atar cabos” no tiene ninguna ventaja desde el punto de vista de los procedimientos. Esto sugiere que podría ser mejor para el IAB cerrar ciertos programas en forma brusca considerando que es malo para el IETF ofrecerse a realizar un trabajo pero no completarlo.  

La Oficina de Asuntos Exteriores del IETF Cuando me nombraron para el IAB, pensaba que era necesario separar con exactitud los papeles del IAB y del Grupo Directivo de Ingeniería de Internet (IESG). Creía que el per l cada vez más externo de los presidentes del IETF y el IESG era peligroso para el IETF dado el papel que el IESG desempeña en la declaración del consenso del IETF. De todas formas, resulta difícil explicar el consenso apro- ximado y existe cierto riesgo de que la gente confunda el “equipo directivo del IETF” con las personas que realmente tienen el control. Para bien o para mal, la transición de la supervisión de las funciones de la Auto- ridad de Números Asignados en Internet (IANA) que se produjo durante mi gestión en el IAB me expuso de forma inmediata a la relación entre las organizaciones externas y el IETF. Cambió mi posición con respecto al enfoque de “o cina de asuntos exteriores”. Sin importar cuánto nos gustaría organizarnos y organizar nuestro trabajo, la mayoría de las organiza- ciones están acostumbradas a tratar unos con otros a través de sus directivos. Esto signi ca que desean hablar con nuestros directivos, aunque en realidad no son ellos quienes tienen el control. Podemos invertir mucha energía en intentar cambiar la forma en que nos entienden los demás, o bien podemos ignorar las diferencias e intentar alcanzar nuestros principales objetivos. Mi conclusión es que la segunda opción es más valiosa. La comunidad es el liderazgo Si hemos de ajustar nuestra relación con otras organizaciones a las convenciones, no debemos permitir que ese modo de pensar convencional socave nuestra propia forma de trabajar. Es importante que nuestros directivos no malinterpreten y piensen que tienen el control. Una forma de promover este tipo de pensamiento es intentar reducir la importancia del presidente del IAB y en su lugar distribuir este trabajo. Esto es lo que hemos intentado hacer. Las comunicaciones del IAB no siempre vienen del chair sino que son enviadas por cualquier miembro del IAB que lidere el trabajo en cuestión. Separamos al chair de algunas tareas que antes formaban parte de su trabajo, entre ellas la de gestor del flujo de RFC del IAB. Además, el continuo énfasis en los programas significa que hay más oportunidades para que el IAB refleje sus puntos de vista.

Pero todavía queda mucho por hacer. Lo que más me preocupa es que algunos vinculen el hecho de ser miembro del Comité de Supervisión Administrativa del IETF (IAOC) y del IETF Trust con la posición de chair del IAB. Es probable que no todas las personas elegidas como chair del IAB sean el mejor candidato para trabajar en los temas del IAOC o el IETF Trust. La transición de la supervisión de la IANA signica que el IETF Trust tiene ahora mayor relevancia de la que solía tener y una mayor función hacia afuera que antes. Espero y confío que el esfuerzo de “IASA 2.0” que ha comenzado el IETF permita, entre otras cosas, una mayor exibilidad en la forma en que se organizan estas funciones. Agradecimientos Para cerrar, me gustaría agradecer a quienes fueron mis colegas en el IAB y especialmente a quienes con aron en mí al seleccionarme como su chair. También me gustaría agradecer a mi empleador, Dyn, particularmente por su apoyo incondicional durante el período en que la transición de la supervisión de las funciones de la IANA llevó mucho más tiempo y trabajo que lo anticipado. Por último, agradezco a la comunidad por recomendar mi designación al Nomcom y por los buenos consejos que recibí durante mi gestión. Fue un honor para mí haber ocupado este cargo y espero haber cumplido con el trabajo que me encomendaron

]]> 2185 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/panel-de-la-internet-society-la-i-en-iot-implicancias-para-una-internet-abierta/ Tue, 04 Jul 2017 16:31:12 +0000 https://www.ietfjournal.org/?p=2187

Por Carolyn Duffy Marsan

EL DESPLIEGUE DE LA INTERNET de las Cosas afectará la naturaleza global y abierta de Internet? Este fue el tema de discusión del panel patrocinado por la Internet Society y realizado junto al IETF 97 en Seúl, Corea del Sur. Moderado por Olaf Kolkman, Director de Tecnología de Internet de la Internet Society, el panel exploró las implicancias de los sistemas de la IoT sobre la propia Internet. Entre los panelistas se encon- traban Hannes Tschofenig de ARM Ltd., Carsten Bormann del Instituto Tecno- lógico de Karlsruhe, Erica Johnson del Laboratorio de Interoperabilidad de la Universidad de New Hampshire, Juan Carlos Zuniga de SIGFOX y Michael Koster del IoT Council. Kolkman abrió la discusión señalando que Internet es una red global de propósito general y accesible para todos. Destacó que Internet es única dado que permite innovación sin pedir permiso, lo que signi ca que cualquiera puede desplegar una nueva aplicación. Además, se basa en la interoperabilidad, el acuerdo mutuo y la colaboración. Otros dos aspectos importantes son que Internet se construye sobre una base de bloques reutilizables y que está en permanente evolución, sin favoritos permanentes en cuanto a tecno- logías o negocios. Kolkman llamó a estas características las “invariantes de Internet”.

Kolkman planteó a los cinco panelistas la siguiente pregunta: “¿Qué consecuencias tiene la presencia de dispositivos autónomos, siempre encendidos, conectados y a veces restringidos, para la Internet global desde la perspectiva de las invariantes de Internet?”

En general, los panelistas se mostraron preocupados por la posibilidad de que los despliegues débiles e inseguros de la IoT menoscaben la accesibilidad y la interoperabilidad general de Internet. También dijeron estar preocupados por la posibilidad de que los problemas de rendimiento o seguridad de los dispositivos de la IoT lleven a una mayor regulación por parte del gobierno, lo que probablemente cam- biaría el espíritu de mutuo acuerdo y colaboración en que se basa Internet. “Creo que hay una falta de con anza en la IoT”, a rmó Koster. “Las fallas en la con anza son fallas de integridad." Esto requiere entender claramente quién es el propietario de los datos y de dónde viene el control de las políticas”. Koster agregó que la IoT representa un nuevo paradigma para Internet. Antes, Internet dependía del despliegue de uno pocos sitios web extremadamente grandes. “Las cosas conectadas no obtendrán grandes bene cios por conectarse a un sitio web masivo”, a rmó. “Por el contrario, las cosas conectadas serán el motor del crecimiento en escala en el borde de las redes”. Zuniga explicó que se vienen desplegado aplicaciones de la IoT de forma exitosa en entornos industriales hace años, pero que lo novedoso es la variedad de dispositivos conectados a Internet. “Son dispositivos muy limitados y de baja complejidad”, agregó. “Es necesario poder ejecutar servicios genéricos basados en IP. Creo que esto es fundamental”. Bormann señaló que la IoT podría dar origen a una regulación gubernamental de los dispositivos conectados a Internet, lo que podría afectar la innovación sin pedir permiso en Internet. “Se podría obligar a los usuarios a gestionar las cosas conectadas a Internet de manera responsable”, dijo. “Si tengo un auto, tengo la obligación de arreglar los frenos. Este podría ser el tipo de cambio económico que se viene”.

Las regulaciones no tienen por qué ser todas malas, agregó. “Cuando voy a un restaurante, me gusta que las regulaciones me aseguren que no me van a envenenar”, aclaró. “Para que comprendamos qué nos gustaría que hagan estos dispositivos, se deben producir ciertos avances como la Certi cación UL en Estados Unidos. Como ingenieros, nuestro producto nal no es la tecnología, sino la con anza”. Johnson dijo que su laboratorio ha estado realizado pruebas de interoperabilidad para algunos proveedores de la IoT que están luchando con la interoperabilidad a través de concentradores hogareños y diferentes tecnologías de accesos. “Desean ofrecer a sus clientes y usuarios con anza y seguridad sobre la interopera- bilidad”, comentó. Una preocupación que Johnson observó es que a estos fabricantes de dispositivos de la IoT parece no preocuparle IPv6, el Pro- tocolo de Internet de la próxima generación que es crítico para mantener la naturaleza abierta y de extremo a extremo de Internet. “Tenemos una oportunidad de ayudar a educar a las empresas que están produ- ciendo estos productos”, dijo. “Al expandir los foros de IPv6 para incluir un logotipo de la IoT, quizás podríamos ayudar a darles seguridad y con anza a los usuarios. Inclui- ríamos las RFPs más básicas, incluyendo 6LoWPAN. Podríamos proporcionar herra- mientas y especi caciones de prueba... de manera que garantizar la interoperabilidad sea fácil y económico”.

Tschofenig estuvo de acuerdo en que el IETF tiene una oportunidad de proveer pilas de protocolos de código abierto a los desarrolladores de la IoT para asegurar la interoperabilidad de Internet sobre la base de estándares. “En ARM tenemos un sistema operativo, pilas de protocolos y pilas de seguridad. Esperamos que se incentive a los desarro- lladores de la IoT a utilizarlos de modo que no escriban los suyos propios e introduzcan vulnerabilidades en la arquitectura”, dijo. Los panelistas acordaron que el IETF y los otros organismos de estandarización han estado trabajando en bloques interope- rables para los despliegues de la IoT pero que la incompatibilidad continúa siendo un problema. “El desafío ha sido pasar los estándares a manos de los desarrolladores para que los implementen. Los desarrolladores no saben cómo utilizarlos”, Tschofenig añadió. Koster destacó que existe mucha frag- mentación en el espacio de los estándares de la IoT. “Muchos organismos están tra- bajando en estándares que se superponen y compiten entre sí y esto se ha trasladado al espacio de los modelos de datos”, dijo, y agregó que es importante que el IETF trabaje con otros organismos de estandari- zación para converger en un único conjunto de estándares para la IoT. Bormann destacó que las empresas tanto grandes como pequeñas están luchando con el despliegue de los estándares de la IoT, aunque por razones diferentes. Dijo que las pequeñas empresas suelen no conocer la importancia o disponibilidad de los estándares de interoperabilidad. “Tenemos que mostrarle a la gente lo que ya existe para que no construyan pro- ductos con protocolos extremadamente de cientes que a largo plazo los dañarán”, comentó. “En el otro extremo, algunas em- presas muy grandes están buscando la forma de crear pequeños monopolios y por lo tanto no tienen demasiado interés en construir una base en común”.

Bormann comentó que le gustaría ver una mayor oferta de código abierto para desa- rrolladores que sea básicamente “la IoT en una caja”. Tschofenig añadió que que no solo se necesitan sistemas operativos, pilas IP y seguridad de código abierto, sino también soluciones para gestionar los dispositivos. Esto ayudará a que las startups de la IoT puedan crear con mayor facilidad nuevos productos con despliegues IP sólidos. Un asunto pendiente es quién realizará el mantenimiento de los dispositivos de la IoT en el campo. Los panelistas observaron que los estándares permitirán que entren al mercado otros fabricantes externos. “Si contrato a alguien para que arregle mi auto, tienen que saber cómo tratar mis neumáticos. En ese ámbito hay estándares que hacen que manejar diferentes tipos de neumáticos sea bastante sencillo”, explicó Bormann. “Del mismo modo, las soluciones estándares para la gestión de dispositivos y los conceptos de seguridad necesarios para que funcionen son realmente importantes para permitir la existencia de estas empresas”. Al nal de la charla, a modo de resumen, Kolkman compartió que pareciera que las invariantes de Internet siguen siendo importantes en los despliegues de la IoT y que los actores con interés en Internet, entre ellos el el IETF, deben apoyar estas características acompañando la evolución de la IoT.

]]> 2187 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/codestand-conexion-red-y-soporte-en-una-sola-ubicacion/ Tue, 04 Jul 2017 16:31:12 +0000 https://www.ietfjournal.org/?p=2189

Por Kathleen Moriarty, Lisandro Zambenedetti Granville, Charles Eckel, Jéferson Campos Nobre y Christian O’Flaherty

EL IETF HA RECONOCIDO LA NECESIDAD DE TRABAJAR ESTRECHAMENTE con el movimiento de software de código abierto. Para un editor, que el código funcione es un requisito para que los documentos atraviesen el proceso de estanda- rización. A su vez, los repositorios de código abierto como GitHub incluyen múltiples referencias a las solicitudes de comentarios (RFC) y borradores de Internet (I-D). Muchos de los esfuerzos de codi cación alojados en estos repositorios se realizan sin apoyo, prue- bas o revisión por parte del IETF.

CodeStand ofrece el eslabón faltante que conecta los documentos del IETF y las implementaciones de software, tanto de código abierto como propietarias. Los autores de los documentos del IETF se pueden bene ciar de saber acerca de las implementaciones de sus propuestas y los desarrolladores pueden recibir apoyo de quienes participan en los grupos de inves- tigación y trabajo (incluyendo los autores), a la vez que desarrollan código basado en las propuestas del IETF. CodeStand actúa como un mercado donde los autores y desarrolladores de software —entre ellos profesionales de la industria, estudiantes, investigadores y profesores— se pueden conectar. Puede destacar oportunidades para desarrollar código que funcione para los protocolos del IETF que ayude, por ejemplo, a los estu- diantes de una clase o a los investigadores de un proyecto, y que así reduzca las barreras de entrada a la participación en el IETF. Cuando los desarrolladores tienen alguna pregunta sobre cómo funciona el protocolo, pueden sugerir cambios que se podrían utilizar para actualizar los docu- mentos y mejorar su precisión e interope- rabilidad para futuras implementaciones. Las actualizaciones de los estándares se seguirían discutiendo en la lista de correo apropiada del IETF, pero CodeStand ofrece una forma para que quienes recién se acercan al IETF puedan interactuar más fácilmente con los demás miembros. CodeStand también puede permitir la promoción de oportunidades patrocinadas por la industria y apoyar el trabajo con estudiantes de grado y de posgrado. Su estructura única introduce a los estu- diantes a las prácticas de ingeniería de software que se utilizan en la industria, a la vez que ofrece tanto a los estudiantes como a los actores de la industria la posibilidad de generar redes de contactos. También puede ayudar a las empresas a identi car talentos.

Cómo funciona La herramienta (https://CodeStand.ietf. org) está vinculada con Datatracker. Las oportunidades de desarrollar código para borradores o estándares aparecen como CodeRequests y son establecidas por un patrocinador o mentor. Los desarrolladores de software pueden crear proyectos y co- nectarlos con un CodeRequest existente. Si no hay ningún CodeRequest disponible para estos documentos, pueden crear un nuevo proyecto haciendo referencia a uno o más estándares del IETF o I-Ds en proceso de desarrollo. Los proyectos de software en sí se man- tienen fuera del sitio de CodeStand, ya sea en repositorios de código (por ejemplo, GitHub, SourceForge) o como herra- mienta preferida para dicha organización. CodeStand proporciona un enlace a las descripciones de los proyectos (imple- mentaciones propietarias) o al repositorio de código (proyectos de código abierto). Las licencias y los derechos de propiedad intelectual relacionados con el código son proporcionados por el dueño del proyecto en su repositorio de código externo o en su página de descripción.

Cómo contribuir Si usted participa activamente en el IETF y está dispuesto a servir de mentor de un desarrollador de software (como autor o en apoyo de un documento existente), cree un CodeRequest ofreciéndose como voluntario como mentor. Con su usuario y contraseña de Datatracker, inicie una sesión en CodeStand y seleccione “New Code Request” (nueva solicitud de código) al nal de la lista de CodeRequests. Si usted es desarrollador de software pero todavía no es usuario de Datatracker, cree una cuenta en Datatracker (https:// datatracker.ietf.org/), inicie una sesión en CodeStand y busque un CodeRequest apropiado. Si no hay ningún CodeRequest disponible para vincular con su proyecto, enumere todos los proyectos y seleccione “New Project” (nuevo proyecto) en la parte inferior. ¡Dele una oportunidad a CodeStand! Vea cómo la combinación de estándares del IETF y desarrollo de software de código abierto puede ayudarlo

]]> 2189 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/panel-iab-explora-causas-potenciales-soluciones-para-ataque-ddos-masivo/ Tue, 04 Jul 2017 16:31:12 +0000 https://www.ietfjournal.org/?p=2191

Por Carolyn Duffy Marsan APENAS UNAS SEMANAS DESPUÉS DE UN ATAQUE A LA INFRAESTRUCTURA DE Internet, el Consejo de Arquitectura de Internet (IAB) presentó una charla técnica muy oportuna y atractiva para los participantes del IETF 97 con el objetivo de compartir las vulnerabilidades asociadas con este ciberataque masivo, así como potenciales soluciones en que podrían trabajar los organismos de estandarización.

El IAB estaba preparando otra charla técnica para el IETF 97, pero descartó estos planes luego de que un ataque dis- tribuido de denegación de servicios (DDoS) a gran escala causara daños a Dyn, el proveedor de infraestructura de DNS, el 21 de octubre de 2016. Dos aspectos del ataque a Dyn fueron poco comunes: primero, el ataque vino de una botnet que comprendía dispositivos para la Internet de las Cosas (IoT); segundo, fue el ataque de este tipo más grande de la historia. El ataque DDoS a Dyn se realizó en tres olas durante un período de seis horas. Aunque Dyn a rma nunca haber sufrido un corte masivo de su red, la infraestructura de DNS que maneja la empresa estuvo tan lenta que muchos de sus clientes — incluidas los grandes de Internet como Twitter, CNN y Net ix— quedaron inalcan- zables. Además de provocar una interrupción masiva de Internet para los clientes, lo que generó interés periodístico en el ataque DDoS a Dyn fue que afectó a miles de di- recciones IP discretas de la botnet Mirai, que comprende dispositivos de la IoT. Esto hace prever un futuro en el que generan ataques los dispositivos de la IoT que generalmente no tienen seguridad ni se mantienen actualizados. “Estamos aquí para hablar sobre una nueva clase de ataques a la arquitectura de Internet o tal vez para ofrecer algunas perspectivas que esperamos sean nuevas”, dijo Suzanne Woolf, miembro del IAB, quien introdujo el plenario técnico. Comentó que el ataque DDoS a Dyn “provocó una explosión de interés por el DNS, la Internet de las Cosas, el compromiso masivo de los dispositivos conectados a Internet y los modelos operativos y de negocio que subyacen el suministro de contenido a escala de Internet”.

El primer disertante fue Nick Sullivan, jefe de cifrado en Cloud are y participante activo en el trabajo del IETF relacionado con el protocolo de seguridad en la capa de transporte (TLS). Agregó que el ataque DDoS a Dyn se destacó principalmente por su magnitud. “Esto no es algo particularmente nuevo. Las botnets existen y han existido por mucho tiempo”, dijo Nick. “Pero este es un ejemplo de botnet a mayor escala y envía una mezcla de ataques”. Nick comentó que la mayoría de los ataques DDoS en Internet que ocurrieron en el 2016 fueron ataques conocidos — inundaciones de consultas al DNS, inun- daciones de paquetes Syn e inundaciones HTTPS— pero que ahora estos ataques se producirán a mayor escala. Los ataques al DNS son de dos tipos: ataques directos al servidor DNS auto- ritativo desde una botnet o ataques de botnets que atraviesan recursores válidos antes de trasladarse al servidor DNS autoritativo. Para los ataques directos, Nick recomendó que los operadores de DNS sospechen de cada solicitud de un resolvedor des- conocido y asuman que una cantidad de solicitudes de los no resolvedores a un servidor autoritativo es un ataque. “Sim- plemente eliminen los paquetes”, aconsejó.

Nick mencionó que estas inundaciones son generalmente solicitudes de un dominio cúspide o de subdominios aleatorios. Añadió que a veces estas inundaciones vienen con direcciones de origen falsi- cadas, que son más difíciles de manejar. “Las botnets Mirai a veces no son direc- ciones falsi cadas, lo que hace que sea un poco más fácil lidiar con ellas”. Al experimentar una inundación de con- sultas al DNS, no se debería anunciar las direcciones IP que están siendo atacadas como “rutas nulas”, dado que esto pro- vocaría su caída de Internet. “Esto es algo bastante peligroso y tiene muchas reper- cusiones”, comentó. “Últimamente, los ataques se están dirigiendo a subredes enteras, lo que hace que este sea un mecanismo de defensa completamente irracional”. En su lugar, Nick sugirió dividir la carga del ataque geográ camente utilizando Anycast y entre diferentes centros de datos usando el protocolo de enrutamiento de caminos múltiples de igual costo (ECMP). También recomendó ltrar los paquetes tan pronto como sea posible. ”La principal forma de manejar una gran inundación es ase- gurarse que a su aplicación solo lleguen aplicaciones legítimas”, aclaró. Nick recomendó ltrar el trá co usando iptables con reglas de ltrado con sintaxis BPF (Berkeley Packet Filter), que son técnicas poderosas para detectar y bloquear paquetes dentro del kernel y que pueden automatizarse. Admitió que las reglas BPF de las iptables deben ser dinámicas y utilizar aprendizaje auto- mático y heurística para mantenerse al día con los per les de ataque en constante cambio. “Los ataques de una botnet no serán iguales a los de otra, por esta razón esto debe ser muy dinámico”, dijo. “Si tiene reglas estáticas, probablemente caerá. En la medida de lo posible, saque las reglas de su servidor y muévalas a la tarjeta de interfaz de red. Esto puede ayudar a reducir la carga”.

Nick dijo que las inundaciones al DNS que atraviesan servidores recursivos son diferentes tipos de ataques y que los operadores de red deberían responder a los mismos antes que intentar bloquear y eliminar el trá co. Esto se debe a que el DNS recursivo realiza solicitudes para clientes legítimos, no solo para los atacantes. “Si puede hacer una lista blanca de servidores DNS recursivos conocidos, hágala”, recomendó. “Esto resulta muy útil y además es lo que se debe hacer”. Recomendó no aplicar limitación de la tasa de transmisión (rate limiting) a este trá co dado que esto podría ocasionar conse- cuencias negativas, entre ellas la ampli- cación del ataque. “Limitar la tasa de transmisión no es un método efectivo para esto. En realidad, hay que gestionar los paquetes”, agregó.

Una sugerencia es aprovechar el NSEC, que es una característica de las Exten- siones de Seguridad para el Sistema de Nombres de Dominio (DNSSEC) que se utiliza para probar que un nombre no existe. “Almacenar esto en caché para rangos sin rmar podría potencialmente ser de ayuda”, sugirió Nick. “Es una de muchas opciones posibles para evitar que el trá co llegue hasta el servidor autoritativo”. Con respecto a la lucha contra los ataques de inundación Syn, observó que el uso de BGP Anycast para TCP y el estableci- miento de reglas iptables BPF dinámicas pueden resultar e caces. Para las inundaciones HTTPS se pueden utilizar las características de limitación de tasa de transmisión del protocolo, que in- cluyen limitaciones por solicitud o volumen. Agregó que “un simple restablecimiento del TCP también ayudará mucho”. Nick dijo que los ataques DDoS son en- viados por botnets que consisten en puntos extremos comprometidos, que cada vez más son dispositivos de la IoT. “Estamos viviendo el inicio de este nuevo conjunto de dispositivos que ejecutan software, pero en muchos de estos dispositivos el software se está poniendo viejo”, dijo, advirtiendo que es probable que los ataques de botnet basados en la IoT empeoren. Explicó que los dispositivos de la IoT son dispositivos de bajo costo y escaso margen y que los fabricantes no tienen ningún incentivo par integrar seguridad o incluso un método para luego actualizar los dispo- sitivos en respuesta al descubrimiento de nuevas vulnerabilidades. “Ningún aspecto de estos ataques debe ser nuevo para ustedes”, dijo Nick a los pre- sentes. “Estamos lidiando con los mismos problemas, solo que ahora a una escala mucho mayor. Esto está exponiendo ciertos aspectos de la Internet de las Cosas que ya conocíamos”.

La mejor recomendación que ofreció Nick fue que los operadores de redes detengan el trá co malo tan cerca del punto de entrada como sea posible y que utilicen Anycast. “Distribuir la carga y ltrado temprano”, aconsejó. También destacó que para poder per- manecer en línea durante un ataque DDoS se requiere escala. “Hay que ser grande, hay que ser inte- ligente y hay que tener las herramientas y trabajar junto con otras personas para detener los ataques tan cerca del borde como sea posible”, concluyó. El segundo orador del plenario técnico fue Andrew Sullivan, Chair del IAB y Fellow de Dyn. Andrew comentó que el ataque contra la infraestructura de Dyn fue a gran escala y que incluso el sistema de DNS basado en Anycast y bien construido de la empresa no pudo soportarlo sin fallos de latencia y resolución. “Hemos visto muchos ataques de ampli- cación estándares”, dijo Andrew. “Este ataque tuvo una gran proporción de TCP, algo que normalmente no vemos. Fue un spoo ng comparativamente bajo. Con- rmamos que 40.000 direcciones parti- ciparon en la botnet, aunque podrían ser hasta 100.000”.

Andrew aclaró que no cree que el ataque DDoS a Dyn haya ocurrido por única vez. “Hubo un ataque muy grande apenas un par de semanas antes”, advirtió. “Sabemos que el software de la botnet Mirai existe y que lo están mejorando día a día”. Andrew observó que este tipo de ataques son irónicos porque utilizan las fortalezas de Internet —su naturaleza distribuida, su facilidad para conectar puntos ex- tremos y la ausencia de inteligencia en la propia red— para atacar la arquitectura de Internet. Aseguró que se supone que los puntos extremos son más inteligentes que la propia red, pero que esta losofía de diseño no es válida para los sistemas de la IoT. “Es obvio que la Internet de las Cosas con- tinuará creando este tipo de problemas”, opinó Andrew. “La IoT crea una conec- tividad ubicua y muchos sistemas extre- madamente ligeros... Si hay miles de estos dispositivos por todas partes, habrá mu- chísimos dispositivos comprometidos”. Andrew teme que ataques como los re- cientes ataques DDoS a Dyn puedan llevar a los gobiernos a implementar regulaciones que apunten a evitar que los dispositivos comprometidos se conecten a Internet, lo que traería como consecuencia una reducción de la apertura de Internet.

“Nosotros somos quienes debemos abordar este problema porque entendemos la tecnología, entendemos los incentivos y entendemos la naturaleza de la arqui- tectura subyacente”, concluyó Andrew. “No tengo una solución mágica pero espero que podamos mantener una discusión interesante y útil”. Esta charla técnica continuó con un animado espacio para preguntas y res- puestas en que se plantearon sugerencias tales como la creación de protocolos de seguridad ligeros para los dispositivos de la IoT y ofrecer recomendaciones a los fabricantes de puntos extremos para que puedan integrar seguridad a un precio más bajo. El objetivo de estas sugerencias era que el IETF encontrara formas de hacer que la construcción de dispositivos para la IoT con seguridad integrada fura más simple y menos costoso. En la conclusión del panel, Suzanne aseguró que el IAB continuaría la discusión en línea. En otro orden de cosas, en su sesión plenaria la Internet Society presentó el Jonathan B. Postel Service Award a Kanchana Kan- chanasut por su trabajo pionero para esta- blecer servicios de Internet en Tailandia, su país natal, y en todo el Sudeste Asiático. Kanchanasut recibió un trofeo de cristal y US$20.000. Se trata de la décimo novena ganadora del premio, que se otorga desde 1999

]]> 2191 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lideres-del-ietf-hoy-jari-arkko/ Tue, 04 Jul 2017 16:31:11 +0000 https://www.ietfjournal.org/?p=2205

Por Carolyn Duffy Marsan

Comienzo de su participación en el IETF 1996 Función actual Chair saliente del IETF Funciones anteriores Director del Área de Internet, IAB; Co-Chair de los Grupos de Trabajo para el Protocolo de Autenticación Extensible (EAP), Actualización del Método EAP y el Protocolo Movilidad y Multi-homing para IKEv2 (MOBIKE) Trabajo actual Experto Senior en Ericsson Research Aspecto favorito del liderazgo Observar los avances de Internet

Mi primer contacto con el IETF fue en 1996. Estaba trabajando en Ericsson con grupos de módems y servicios de acceso. Algunas de las cosas que queríamos construir para nuestros productos pre- cisaban estándares para poder interoperar. Comencé a trabajar con protocolos y exten- siones AAA y luego me convertí en Chair de los Grupos de Trabajo sobre EAP, EMU y MOBIKE. Estos eran esfuerzos a largo plazo en los que estaba muy involucrado. Cuando por primera vez me plantearon la posibilidad de convertirme en director de área (AD), no me pareció un objetivo de- masiado factible, aunque luego, de a poco, me gustó la idea y me motivando para hacerlo. Unos años después, me presenté para el cargo y resultó ser una combinación perfecta. Implicaba trabajar en temas que realmente me interesaban, como por ejemplo las técnicas de transición a IPv6. A su vez, también fue muy bueno para Ericsson, ya que la mayoría de nuestros productos se encontraban en esta capa. Fui director de área desde 2006 hasta 2012, un período relativamente largo para este cargo. Se suele decir que el período óptimo son cuatro años ya que aprender el trabajo lleva dos. Durante ese período, el IETF consumía entre el 50% y el 100% de mi tiempo. Mientras tanto, Ericsson se bene ciaba del asesoramiento que yo les brindaba con respecto a dónde se dirigía el desarrollo de las tecnologías que nos interesaban.

Pasé el año siguiente a mi período como director de área dentro el IAB [Junta de Arquitectura de Internet] —en ese en- tonces ya me preguntaba si quería con- vertirme en chair del IETF—. Sabía que iba a ser una experiencia enriquecedora y un enorme desafío. Lo pensé mucho y decidí aceptarlo. Fui chair del IETF de 2013 a 2017. Este año las cosas están cambiando otra vez: Permaneceré en el IETF y seguiré contri- buyendo aquí. También volveré a estar en el IAB. Me he bene ciado tremendamente de mi función en el IETF. Ha sido un privilegio ver de primera mano el desarrollo de la tecnología de Internet. Además, la na- turaleza de una función directiva dentro del IETF me exigió ver las cosas de una forma más amplia, hablar con otras em- presas y con muchas personas con ideas nuevas. Me obligó a comprender el pa- norama general. También me hice amigo de muchas personas de la industria, uno de los bene cios adicionales que he dis- frutado mucho. Cuando se está en una función de liderazgo, se tiene la sensación de estar participando en cuestiones importantes. Como chair de uno de los grupos de trabajo más activos o de per l más alto, las cosas que se hacen tienen gran visibilidad y un impacto en

Internet. Como chair del IETF, fui testigo de muchas cosas interesantes. Soy in- geniero y no tengo interés en meterme en cuestiones políticas. Sin embargo, ob- servar la transición de la IANA [Autoridad de Números Asignados en Internet] fue una experiencia maravillosa. Fue un honor haber sido testigo del proceso. Ser chair del IETF lleva casi el 100% de mis esfuerzos, aunque también le dedico tiempo a Ericsson, donde comparto los cambios que se están dando en Internet y me aseguro de que la empresa tenga en cuenta esta información. Hubo varios casos, entre ellos los cambios en la tec- nología de cifrado, HTTP y la IoT, donde el negocio de Ericsson se vio afectado por lo que ocurría en el IETF. La empresa aprecia la participación y experiencia en estos temas del equipo del IETF. ¿Está considerando presentarse para una posición directiva dentro del IETF? ¡Anímese y acepte el desafío! Expóngase a cosas nuevas. Aprenderá muchísimo más —será un bene cio tanto para usted como persona como para su empleador—. Ser un líder dentro del IETF me ha de- mostrado que podemos hacer la diferencia. Podemos lograr cambios técnicos signi - cativos en Internet e in uir en la manera en que se administra. Sí, a veces es difícil y lleva mucho esfuerzo, ¿pero no es acaso esta la parte más emocionante?

]]> 2205 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lideres-del-ietf-hoy-alissa-cooper/ Tue, 04 Jul 2017 16:31:11 +0000 https://www.ietfjournal.org/?p=2208

Por Carolyn Duffy Marsan

 Comienzo de su participación en el IETF 2008

Función actual Chair entrante del IETF Funciones anteriores Directora del Area de Aplicaciones y Tiempo Real, Miembro del IAB Trabajo actual Fellow en Cisco Systems Aspecto favorito del liderazgo In uir sobre el futuro de Internet

Comencé a participar en el IETF en 2008 y mi primera reunión fue el IETF 72 realizado en Dublín. En ese entonces estaba trabajando en el CDT, una organización sin nes de lucro con sede en Washington, DC, donde mi función consistía en explorar y ar- ticular las implicancias técnicas de las po- líticas. Trabajé en diferentes temas, entre ellos la privacidad en línea. En 2008, las aplicaciones en tiempo real eran el foco de muchos de los problemas de privacidad de los clientes que más le in- teresaban al CDT. Inicialmente me enfoqué en el Grupo de Trabajo GEOPRIV. Me convertí en autora de documentos y luego fui Co-Chair del grupo. Fueron tiempos de mucho trabajo en GEOPRIV —ya se habían librado muchas batallas con respecto al diseño de la tecnología, pero para nalizar la familia de protocolos todavía se requería de un esfuerzo considerable—. Con el tiempo, mi trabajo en el IETF pasó a ocupar en una parte cada vez mayor de mis res- ponsabilidades, dado que se alineaba con mi trabajo en el CDT. En 2011 me nombraron en el Consejo de IAB y pronto me convertí en líder del Programa de privacidad del IAB. El CDT estaba encantado, se sentían honrados de que una de las suyas hubiera sido selec- cionada para esta función. En 2013 me uní a Cisco y en 2014 me sumé al IESG como Directora del área de aplicaciones y tiempo real. He intentado dedicar aproximadamente la mitad de mi tiempo a mi trabajo como directora de área y la otra mitad a mi trabajo en el Centro. Ahora he decidido abandonar este puesto, ya que me han nombrado chair del IETF, función que asumiré en marzo de 2017. Esta será mi nueva función de tiempo completo durante los próximos dos años.

Formar parte del liderazgo del IETF nos expone a una amplia variedad de tecno- logías de Internet, algo que de otra forma no podríamos justi car por el tiempo y el trabajo que implica su aprendizaje. Esto es particularmente cierto en el IESG, pero también lo es en el IAB. Es increíblemente enriquecedor poder conectar el trabajo que hacemos día a día con las cosas que suceden a diario en la industria. Ser parte del liderazgo del IETF re- quiere de diferentes tipos de habilidades de gestión: es necesario gestionar a los autores, el tiempo propio, los procesos de la comunidad. Requiere de mucha estrategia y trabajo en segundo plano para lograr buenos resultados. Muchos no se dan cuenta de la profundidad de la edu- cación en gestión que se obtiene cuando se es parte del liderazgo del IETF. Por último, intentamos promover nuestra visión de cómo debería ser el futuro de Internet. Puede que no todos estén de acuerdo con nosotros, pero el liderazgo proporciona una plataforma desde donde dirigir e influenciar. Cisco ha sido un gran defensor del IETF porque la empresa está profundamente comprometida con el crecimiento y la esta- bilidad de Internet. A sus clientes les gusta que los productos que compran de los dis- tintos fabricantes sean interoperables. Cisco disfruta de tener personas en po- siciones de liderazgo y que dediquen parte de su tiempo a fomentar la inte- roperabilidad y a veri car que los estándares avancen al mismo ritmo que la tecnología.

A algunos participantes del IETF les resulta difícil convencer a sus empleadores del valor que tiene el compromiso de tiempo que implican las posiciones de liderazgo en el IETF. En realidad, es posible equi- librar nuestro trabajo con una función de liderazgo dentro del IETF —uno mismo establece cómo administrará su tiempo—. Muchas funciones requieren una dedicación de medio tiempo o incluso menos. Tener un IETF que funcione correctamente y una Internet que opere con estándares interoperables y seguros debería ser im- portante para cualquier gran empresa de tecnología. Si dejamos de lado este modelo, cualquier otra opción será inferior. Espero que los bene cios que surgen de apoyar a los líderes del IETF sean obvios, pero en caso que no lo sean los líderes ac- tuales y anteriores del IETF están dispo- nibles para explicarlos. Tenemos un gran incentivo para ampliar la población que desea asumir cargos de liderazgo.

]]> 2208 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-july-2017/ Wed, 05 Jul 2017 19:14:42 +0000 https://www.ietfjournal.org/?p=2237 th meeting of the IETF took place in rainy downtown Chicago, USA. As usual, it was a busy meeting with lots of interesting work to report on. This IETF Journal provides merely a snapshot of the events and discussions that made this meeting so memorable. Our cover article is a deep dive into Segment Routing, a new traffic-engineering technology being developed by the SPRING Working Group. Also in this issue, you’ll learn about the many activities of the new Education and Mentoring Directorate, which aims to enhance the productivity, diversity, and inclusiveness of the IETF. We also present an update from the Security Automation and Continuous Monitoring WG, BoF updates, a readout from the pre-IETF Hackathon, a list of the tech demonstrations at the Bits-N-Bites event, and an article about the Internet Society Policy Guests to the IETF. Our regular columns from the chairs and coverage of the IETF plenary wrap up the issue. We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org. You can subscribe to hardcopy or email editions at https://www.internetsociety.org/form/ietfj.]]> 2237 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-debates-its-role-in-supporting-human-rights-via-internet-protocol-development/ Wed, 05 Jul 2017 19:44:41 +0000 https://www.ietfjournal.org/?p=2257 At its technical plenary session at IETF 98 in Chicago, the Internet Architecture Board sponsored a lively debate about how best to handle human rights considerations in protocol development.

The discussion revolved around a draft document that was developed during the last two years by the Internet Research Task Force’s Human Rights Protocol Consideration (HRPC) Research Group. The HRPC group is exploring how Internet protocol development can enable, strengthen, or weaken rights, such as freedom of expression and freedom of assembly as outlined in widely approved treaties such as the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.

The HRPC group believes that as a global network-of-networks, the Internet should strive to provide continuous connectivity to all users for all content. As such, the group believes that the Internet’s promise of open, secure, and reliable connectivity makes it a key enabler of human rights. The group is exploring the relationship between human rights and protocols, and is working on guidelines for protocol developers to help them avoid situations where a new protocol would inhibit users’ ability to exercise their freedom. Ideally, these guidelines will be similar to the work done for Privacy Considerations in RFC 6973.

Niels ten Oever, cochair of the HRPC Research Group and head of digital for article 19, opened the discussion by conceding that the HRPC group’s effort to understand and demonstrate the human rights impact of Internet protocols is difficult.

“We’ve all seen the Internet as this huge engine for freedom of expression, and it has indeed enabled us to create whole new opportunities for people to express themselves and gather information. But it doesn’t mean there aren’t downsides to our work as in the case of pervasive surveillance,” ten Oever explained.

Ten Oever pointed out that the Internet is playing an increasingly important role in such areas as freedom of expression, association, and assembly, as well as in education, public debate, and even voting. He emphasized that despite the IETF’s efforts, access to the Internet is not equally distributed to the rest of the world.

“We have, in the IETF, contributed greatly to the shaping of the Internet that we have today,” ten Oever said. “But with great power, comes great responsibility. This is a call to assert that power.”

Ten Oever shared that the IETF holds and propagates certain values, such as fairness, decentralization of control, and sharing of resources. So considering ways to mitigate how its protocols might be used to limit human rights is not out of the standards body’s charter. In particular, he pointed to RFC 6973, which outlines privacy considerations for Internet protocols, and to BCP 72, which provides guidelines for security considerations for all protocols.

Ten Oever added that other standards bodies including IEEE and ISO are taking ethical concerns and social responsibility into consideration when creating Internet protocols.

“This is complex,” ten Oever admitted. “We need to understand our own role and take responsibility. This does not mean that our technology is bad nor that it is good, but it definitely means that our technology is not neutral.”

He encouraged all IETF participants to review the draft guidelines for human rights considerations that is published as an information document on the group’s website. “We need protocol developers to road test the guidelines,” he said.

David Clark, head of the Computer Science Artificial Intelligence Lab (CSAIL) at Massachusetts Institute of Technology (MIT), shared with the audience that he has read the draft guidelines and found them both “fascinating” and in alignment with a movement he supports called “values in design”.

“Human rights are not absolute,” Clark said. “Designers of technology have a choice: to be in the conversation or not.”

As an example, he pointed to the Raven debate back in the year 2000, when the IETF declined to develop standards that would allow for lawful intercept of communications by law enforcement agencies.

“By declining, the IETF left the decision to others,” he said. “It doesn’t mean we didn’t get wiretap standards. It just meant they were made by someone else.”

Clark said the IETF has a choice: to continue designing protocols for a preferred outcome as it did in the Raven debate. Or it can incorporate into its protocol design a tolerance for a range of outcomes that it might not prefer, such as the ability to wiretap.

“You are designing the playing field, not the outcome of the game,” Clark pointed out. “But if you are clever enough, you can tilt the playing field.”

Following remarks from ten Oever and Clark, the IAB’s Lee Howard moderated questions from the audience.

Longtime IETF member Scott Bradner provided some background on the Raven debate for audience members who hadn’t participated in those discussions. “It was not an easy discussion,” Bradner said. “There were people who said it is a moral sin that governments wiretap, and also people who said it is a government’s responsibility to do so. It was a political discussion masquerading as technology.”

The audience seemed split on the IETF’s role in human rights discussions. Some members questioned whether the IETF was the right standards body to tackle these types of issues and warned that its engineering goals could be sidetracked by ethical debates. Others, including Clark and ten Oever, encouraged the IETF to take a more active role in these controversial debates than it has in the past.

“There are people such as lawyers, judges, legislators, public opinion, and the market that are thinking about ethics. This does not mean that we should not,” ten Oever said. “We cannot outsource our ethics to others and hope that they take care of it. But it also means that we are not going to replace them. We should, just within our little realm, take our responsibility.”

Similarly, former IETF Chair Harald Alvestrand argued that the IETF has no choice but to get involved in human rights-related debates and try to “tilt the playing field in the direction that we want.”

Daniel Gillmor of the American Civil Liberties Union likewise argued for the IETF to get involved in these debates because it is building important tools that everyone in the world uses.

“It is critically important that engineers, like all of us in this room, think ethically all the time about what the consequences are,” Gillmor said. “I’m really happy to hear that we are having this discussion and acknowledging that we are playing a role about whether people can exercise the rights that they expect to have on the Internet today, tomorrow, and the day after tomorrow.”

Howard ended the discussion by encouraging IETF participants to continue the conversation in the HRPC Research Group.

]]> 2257 0 0 0 2994 http://isology.com 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-group-update-security-automation-and-continuous-monitoring/ Wed, 05 Jul 2017 19:43:19 +0000 https://www.ietfjournal.org/?p=2259 In light of recent network attacks, security automation and continuous monitoring of your network is a must. Up-to-date knowledge about the state of the network and the endpoints that comprise it is more critical than ever. Network posture information provides network defenders with the information they need to properly secure critical data, remediate vulnerabilities before they are exploited, and deflect attacks by malicious actors. The same network posture information underpins network resiliency, enabling operators to fight through and recover from network attacks when deflection fails. Automating the processes to collect this data, leverage it against network attacks, and support resilient network operation saves time and resources, thereby offering both security benefits to the network and economic benefits to network owners.

Why, then, is security automation not ubiquitous? Because proper security automation requires interoperability from a diverse set of products. Each tool or analytic process on the network must work in concert—from orchestrators that direct network security actions to the collectors that feed them data, from Security Information and Event Management tools (SIEMs) that detect attacks to the firewalls that perform commands to block malicious activity, from the routers and switches that form the backbone of the network to the boundary devices that protect them. Each endpoint needs to be a part of a fully automated solution. And the scope of the desired solution—automating network security functions to the fullest extent feasible—is enormous. Currently, network endpoints, tools, and analytics do not interoperate sufficiently within available security automation solutions to truly automate network security functions.

Interoperable solutions for this broad problem space can be achieved only via standards. The IETF Security Automation and Continuous Monitoring (SACM) Working Group has been working to properly scope the security automation problem. This includes identifying what posture information is critical to network security and standardizing how to collect and share that data with the evaluation tools and analytics that can use it to improve their ability to detect and respond to attacks. To make the broad scope of security automation standardization more manageable, it must be broken into a prioritized set of functional security automation tasks.

SACM has chosen vulnerability assessment as the first network security task to automate. The SACM Vulnerability Assessment Scenario¹ describes how an enterprise can evaluate its susceptibility to an announced vulnerability. There are many reasons why vulnerability assessment is a good first choice for a security automation use case.

• It is a critical network security task—the rise of “named vulnerabilities” such as Heartbleed and Shellshock is indicative of that.
• It is a difficult task to perform without a large expenditure of resources.
• The effects of poor vulnerability assessment echo on over time. For example, years after Heartbleed was announced, there are still unpatched SSL implementations threatening network security.
• Vulnerability assessment is certainly a challenge for enterprise networks, but it could be easily automated if evaluators are provided with the right set of data.

Pursuing vulnerability assessment as the first automation use case has the added benefit that it forces us to address the fundamental problem of knowing what is on our network. It is impossible to assess a network’s vulnerability without knowing the composition of the network. Specifically, the evaluator needs to know what endpoints are on the network and what software they are running—knowledge supported by sound hardware and software asset management practices. Hardware and software asset management underpin vulnerability assessment, as well as configuration management, threat detection, malware analysis, and a host of other automatable network security functions.

While it is obvious that network operators must continuously monitor hardware and software assets on the network, how this monitoring is architected is vitally important. To get this data to the evaluators that need it, it must be collected in a well-known, structured format. For the security of the endpoints that network operators are monitoring, the solution requires authenticated and encrypted protocols. Data must be provided as timely as possible when monitored information changes in order to eliminate periodic network scans that could be leveraged for an attack. For scalability, the solution must be flexible and lightweight. And, to support future security automation use cases, the solution must be extensible.

The IETF has standardized the Network Endpoint Assessment (NEA) architecture², so a solution that meets these requirements already exists for client machines. Using the PT-TLS protocol³, any endpoint connected to the network can communicate posture information to a compliance server, including endpoint identity. SACM, building upon work from the Trusted Computing Working Group, has added to these protocols, and specified how to communicate software identification data over NEA in the Software Inventory Message and Attributes for PA-TNC (SWIMA) draft specification⁴.

SWIMA is an instantiation of an NEA collector that can monitor endpoint software inventory and push reports to a compliance server. Using SWIMA over PT-TLS enables collection of endpoint identity and software inventory in advance of a vulnerability being announced. It uses software identity (SWID) tags, an ISO/IEC standard, as a data model, enabling software vendors and owners to develop unique XML representations of a software’s identity. The compliance server can store this data for future reference in a data repository.

Figure 1. Pre-collection of Endpoint Software Inventory Information

Some types of endpoints will not be able to support the client software required by NEA. Others, particularly network devices, already support endpoint type-specific protocols that are designed specifically for generating posture reports. It is impossible to have good network hygiene without posture reports from network devices. An IETF Mailing List, Posture Assessment through Network Information Collection (PANIC)⁵ is exploring solutions for network device posture collection, particularly YANG models that could provide the right information to network defenders about the posture of their network devices. These models, communicated over NETCONF and leveraging the draft YANG Push specification⁶, may help maintain an up-to-date view of the state of the network.

Figure 2. Pre-collection Network Device Software Inventory Information

With a robust collection of endpoint software inventory data now available at the data repository, enterprise security tools with appropriate authorization can access and make use of this data. While the vulnerability assessment scenario focuses on using software inventory data for a very specific use case, it is easy to envision this data being valuable to any number of network security tools—asset management tools, behavioral analytics, and even threat detection tools can improve their outputs with access to accurate, up-to-date software inventory information. Each of these evaluators will query the data repository for the data they require. To extend our vulnerability assessment example, a vulnerability evaluator will query the data repository for endpoints that have the vulnerable software installed, leveraging the hardware and software asset management data collected from the network endpoints. This data can be leveraged by other network evaluators, creating shared situational awareness of the network’s posture.

Figure 3. Evaluators Query the Data Store

In addition to understanding network posture, enterprises need a shared situational awareness of current threats to the network. Situational awareness may take many forms, depending on the use case being addressed. For vulnerability assessment, the vulnerability evaluation tool must know what vulnerabilities it is searching for. The SACM Vulnerability Assessment draft defines a vulnerability data repository that can provide information on weaknesses that could compromise network security. This is a content repository that should be accessed by evaluators to help define the criteria against which they perform their evaluation. Such a content repository could be implemented using the IETF Managed Incident Lightweight Exchange (MILE) Resource Oriented Lightweight Information Exchange (ROLIE) draft specification⁷. ROLIE builds off of ATOM Publishing Protocol⁸ to share software, vulnerability, cyber threat intelligence, configuration checklist, and other security automation information in a scalable way. Vendors, security researchers, and network management personnel can stand up ROLIE repositories to ensure that their evaluators have the most up-to-date security information possible.

Figure 4. Content Repository Shares Security Data

The SACM Working Group will demonstrate how the SWIMA, NEA, and ROLIE standards can meet the Vulnerability Assessment Scenario requirements at the Hackathon prior to IETF 99 in Prague. We invite interested parties to join us on the SACM mailing list⁹. Those interested in security automation for network equipment are welcome on the PANIC mailing list¹⁰, and those interested in content repository work are welcome on the MILE mailing list¹¹.

Footnotes

1. https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario.

2. https://tools.ietf.org/html/rfc5209.

3. https://datatracker.ietf.org/doc/rfc6876/.

4. https://datatracker.ietf.org/doc/draft-ietf-sacm-nea-swid-patnc/.

5. https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/.

6. https://datatracker.ietf.org/doc/draft-ietf-netconf-yang-push/.

7. https://datatracker.ietf.org/doc/draft-ietf-mile-rolie/.

8. https://tools.ietf.org/html/rfc5023.

9. https://www.ietf.org/mailman/listinfo/sacm.

10. https://www.ietf.org/mailman/listinfo/panic.

11. https://www.ietf.org/mailman/listinfo/mile.

]]> 2259 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/education-and-mentoring-directorate-established/ Wed, 05 Jul 2017 19:31:32 +0000 https://www.ietfjournal.org/?p=2284 The IETF is a large, diverse organization with an extensive body of technical work, a unique culture, and an amazing collection of tools and information designed to support a globally distributed community that connects both in-person and, increasingly, remotely. Our broad base of membership and vast content areas present a variety of challenges, including disseminating the right information to the right people at the right time, and, specifically for newcomers, obtaining the information they need to comfortably and effectively enter and contribute to the community. To help address these challenges and create better coordination across the organization’s many ongoing activities, we formed the Education and Mentoring Directorate. This article shares an overview of current directorate activities and includes a call for volunteers to help with its projects. 

Introduction to the Directorate

The Education and Mentoring Directorate was created with the following three primary goals:

• Enhance the productivity of IETF work.
• Expand diversity and inclusiveness of the IETF.
• Enable the IETF to facilitate technical development and innovation in the Internet.

In support of these goals, the directorate will structure and guide the development of educational activities and associated materials to be more accessible, relevant, reusable, and broadly understandable. The directorate will also help the mentoring activities establish relationships among participants that enable productive participation in the IETF. The directorate will help coordinate IETF-related outreach activities and ensure that related activities are sufficiently aligned and have the necessary education and mentoring programme support. Finally, the directorate will work on improved metrics and measurements for assessing the effectiveness of directorate activities.

The directorate serves the General (GEN) area in IETF. Participants include the IESG liaison to educational activities, the IETF chair, the IETF executive director, liaisons to the Tools team and ISOC outreach programmes, and the project leaders of education, mentoring, and outreach coordination projects. The plan is that the directorate itself will focus on coordination and lightweight project management, and the individual projects will have larger teams of volunteers for the execution of the projects.

Directorate Projects

Directorate projects cover the three areas of education, mentoring, and outreach and include two cross-cutting initiatives: metrics and analysis, and improvement of the newcomer experience.

Education projects provide training materials for both newcomers and long-time IETF participants, including Sunday tutorials, online materials, and the Working Group Chairs Forum. In addition, this area includes projects that explore ways to enhance the online accessibility of education materials.

There are also a number of projects related to mentoring and newcomer outreach, all targeted at helping IETF newcomers quickly integrate into the community. For example, the IETF runs a full mentor programme that matches mentors with mentees based on desired outcomes and interests, and includes activities such as speed mentoring and a newcomer’s dinner.

There also are activities that support the building of physical communities beyond IETF meetings. Examples include individuals gathering together to remotely participate in an IETF meeting and local IETF participants gathering outside an IETF meeting for further collaboration.

Cross-cutting the three project areas are two efforts designed to help monitor and evaluate the efficiency and effectiveness of these projects. The first explores ways to improve the newcomer experience across the IETF, and includes the website, training, registration, interaction with Working Groups, and so forth. Primary questions that this project is addressing include: What do newcomers need to become effective contributors? and What can the IETF community do to meet these needs?

The second effort is tasked with identifying metrics and monitoring the effectiveness of all these programmes. Resources are valuable—we must focus first on those projects that offer the biggest benefit from the resources available.

For more information about the directorate projects, see the programme’s wiki¹.

How You Can Help

There are many opportunities for IETF members to contribute to the directorate:

• Your expertise in technical training can be used to improve our online materials.
• Your expertise in metrics and survey design approaches can be used to help us evaluate the effectiveness of our programmes.
• If you are working on a new and exciting technology, you could share your work with a broader audience in a one-hour Sunday tutorial. Recent examples include DNS Privacy² and QUIC³.
• If you are a relatively new participant to the IETF (in the last two years), you could provide feedback on how well the IETF programmes addressed your needs.
• If you are a remote participant—individually or via a remote hub, your feedback and collaboration could help us improve those experiences.
• If you are a seasoned IETF participant, you could offer guidance to newcomers via either the regular mentoring or speed mentoring programme.
• If you are frustrated by the difficulty of finding what you need on IETF platforms (e.g., website, datatracker, tools), you could help us review and reorganize these materials.

To offer comments or suggestions, or to volunteer, please send email to the directorate mailing list (emo-dir@ietf.org) or approach any of the directorate members in the hallway at IETF 99. More information on the directorate can be found on the IETF website⁴ and the directorate wiki.

Footnotes

1. https://trac.ietf.org/trac/edu/wiki/EduMProjects.

2. https://youtu.be/2JeYIecfwdc.

3. https://youtu.be/lPSTcBITbvs.

4. https://www.ietf.org/edu/.

]]> 2284 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/the-internet-society-ietfs-policy-programme/ Wed, 05 Jul 2017 19:29:27 +0000 https://www.ietfjournal.org/?p=2286 The Internet Society looks forward to hosting its 16^th IETF Policy Programme at IETF 98 in Prague. The programme introduces Internet policymakers to the IETF and the Internet standards-making process. During an intensive week, policy guests attend Working Group meetings, as well as sessions led by IETF experts on technical topics such as routing, Internet Protocol (IP) addressing, and the Domain Name System (DNS).

In many ways, the programme acts as a “crash course” on how the Internet works, its history, and how it continues to evolve through the work of the IETF. Policymakers are exposed to comprehensive and interactive presentations from IETF experts, who can offer policymakers the kind of technical foundations they need to effectively make policy decisions.

Over the course of 15 meetings, the programme has brought to the IETF 189 policymakers from 93 countries and territories. In this way, the programme also aids in the diversification of our standards body—policy guests recognise the benefits of their region’s technical experts contributing their expertise and perspectives to the IETF. A common concern among participants by the end of the programme is how to get more engineers from their countries involved in the work of the IETF, whether by attending the in-person meetings or contributing on the mailing lists.

Promoting participation from a new generation of global technical experts is critical for the IETF’s long-term success. By garnering greater support from policymakers and helping drive greater participation around the world, the IETF Policy Programme is another way the Internet Society contributes to the continued success of the IETF.

]]> 2286 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-hackathon-improves-the-internet-through-running-code/ Wed, 05 Jul 2017 19:27:32 +0000 https://www.ietfjournal.org/?p=2288 The Internet Engineering Task Force (IETF) blew into Chicago for IETF 98 on 25-31 March. As has become customary, the week-long meeting kicked off the weekend prior with the IETF Hackathon, a key element of the IETF’s approach to combine running code and open source software with the specification of new and evolving Internet standards.

IETF Hackathons are free and open to everyone. Its stated goals are to:

• Advance the pace and relevance of IETF standards activities by bringing the speed and collaborative spirit of open source development into the IETF.
• Bring developers and young people into IETF and get them exposed to and interested in IETF.

Attending the IETF meeting the following week is encouraged, but optional. One of the ways the Hackathon meets its first goal is by encouraging participants to share what they gained during the Hackathon with the larger IETF community, both by presenting their results during Working Group sessions and by demonstrating their work at the Bits-N-Bites reception.

The Chicago Hackathon saw more than 115 people collaborate on code with colleagues from various companies, standards organizations, open source communities, and universities. For about a third of the participants, this was their first IETF Hackathon. For about a dozen, this was their first experience with the IETF at all.

We had roughly 15 different projects, each led by volunteers called champions. Projects were shared in advance via the Hackathon wiki, and when the doors opened at 8am Saturday, champions posted signs by their tables to help potential contributors locate the teams they wished to join.

Despite jet lag from travel and the early start, teams worked late into the night Saturday, even after the last remnants of dinner were cleared and the last beer was consumed. On Sunday, folks again started early by ironing out bugs and coding up additional functionality until the project presentations started at 2pm. Each team had four minutes to share what they had done, what they had learned, and how they moved IETF work forward.

An esteemed set of judges from the IETF community listened and asked clarifying questions after each presentation. Winners were then announced in the spirit of friendly competition. The winning teams were as follows.

• (D)TLS: Best Overall, for their work on TLS 1.3 and the corresponding version of DTLS.
• NETVC: Measure Twice Cut Once, for a proof of concept that will guide future specifications.
• CAPPORT: Best Kickstart, for a project that kicked new energy into a Working Group that had stalled.
• WebRTC PSAP: Best Students, for a new project from professors and students at the Illinois Institute of Technology.
• LoRaWAN: Best Newcomers, for a project that benefited from significant contribution from first-time IETFers.
• AMT-Multicast: Most Remote Participant, with a team member participating remotely from Mauritius.

Another noteworthy team was the I2NSF project team, which included participants from Sungkyunkwan University in South Korea and traveled to Chicago to continue its award-winning project from IETF 97 Hackathon in Seoul. For details on these and other projects, see the Hackathon Web page at https://datatracker.ietf.org/group/hackathon/meetings/.

Winners were offered first shot at a variety of swag contributed by the IETF secretariat and Google. Winning teams also received priority when it came to Hackathon projects to feature at the Bits-N-Bites reception.

Four teams took advantage of the opportunity to share their work at Bits-N-Bites: AMT/Multicast, CAPPORT, WebRTC PSAP, and (D)TLS.

Special thanks to Hackathon sponsors, Ericsson and Mozilla; and thanks to my employer, Cisco DevNet, for supporting my efforts to organize the Hackathons and providing t-shirts for all participants—including for the first time ever, women’s sizes!

Last, but certainly not least, thanks to Alissa Cooper and Jari Arkko, the incoming and outgoing IETF chairs, who are both big supporters of the Hackathon and who have been instrumental in bringing it to the IETF.

]]> 2288 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/working-together-the-ietf-and-3gpp-on-5g/ Wed, 05 Jul 2017 19:26:29 +0000 https://www.ietfjournal.org/?p=2290 In June 2017, IETF Chair Alissa Cooper participated at the 3GPP plenary meeting in West Palm Beach, Florida, USA. At the invitation of Georg Mayer, the 3GPP liaison to the IETF, she both attended meetings of 3GPP’s radio access network and system architecture groups, and kicked off the organization’s new Wednesday Speaker Club series with a discussion of how 3GPP and the IETF can cooperate on 5G standardization.

The push towards the next generation of wireless networking technology has been gaining attention and spurring new work across the industry, standards developing organizations (SDOs), and open source projects. 3GPP participants are investing tremendous effort to define and prioritize 5G requirements to help bring this technology to fruition. They are also working against very tight timelines—the initial set of 5G standards is due to be completed by June 2018. It is therefore both timely and important to identify whether dependencies between 5G and IETF work exist, as well as to identify mechanisms to ensure smooth collaboration.

The IETF and 3GPP have a long history of working together and many successes to build on, including experiences with SIP/IMS, EAP-AKA, and Diameter. Because 5G encompasses a broader swath of individuals than those who have been involved in previous joint efforts, Cooper spent part of her time at the meeting sharing how the IETF works, examples of the IETF’s focus on broadly deployable Internet technology, and what the organization works on. She highlighted areas of existing IETF work that may be relevant in the 5G context, including work on data models, service chaining, deterministic networking, and QUIC. She also engaged with 3GPP participants around specific strategies to help the two organizations collaborate.¹

The Speaker Club Q&A focused on the potential and practicalities of improving collaboration. Topics included the need for technical experts from each group to engage directly with each other (in addition to the existing liaison managers working in both directions); opportunities to provide more introductory presentations in both directions, so people not familiar with 5G or specific IETF work can learn more; and ways to identify potential 5G requirements that may yield IETF protocol dependencies early on, even if later analysis in 3GPP reduces the urgency of the need for IETF protocol work.

IETF 99 is an opportunity to gain more clarity about specific dependencies that the IETF can expect between the 5G plans and IETF work—there is a slot on the agenda to discuss some of the network slicing work motivated by 5G, in addition to potential hallway conversations and ad hoc discussions. If you’re working on aspects of 5G not covered in the BoF proposals and looking for guidance or input about overlaps with IETF work, please contact the IETF liaison to 3GPP, Gonzalo Camarillo (gonzalo.camarillo@ericsson.com).

Footnote

1. See slides from Cooper’s presentation at https://www.ietf.org/blog/2017/06/working-together-with-3gpp-on-5g/.

]]> 2290 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-july-2017/ Wed, 05 Jul 2017 19:25:34 +0000 https://www.ietfjournal.org/?p=2292 The Applied Networking Research Prize (ANRP) is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts. The ANRP awards presented during IETF 98 went to the following individuals:

Yossi Gilad for the path-end validation extension to the Resource Public Key Infrastructure (RPKI). See the full paper at https://dl.acm.org/ft_gateway.cfm?id=2934883.

Alistair King for a framework to enable efficient processing of large amounts of distributed and/or live Border Gateway Protocol (BGP) data. See the full paper at https://dl.acm.org/citation.cfm?id=2987482.

Gilad and King presented their findings to the Internet Research Task Force open meeting during IETF 98. Slides are available at https://www.ietf.org/proceedings/98/slides/slides-98-irtfopen-jumpstarting-bgp-security-00.pdf and https://www.ietf.org/proceedings/98/slides/slides-98-irtfopen-bgpstream-a-framework-for-historical-analysis-and-real-time-monitoring-of-bgp-data-00.pdf. Thanks to Meetecho, audio and video from the presentations is also available at https://www.youtube.com/watch?v=SP0xzjGelME (from 00:15:25).

ANRP winners have been selected for all of the IETF meetings in 2017. The following winners will be next to present their work at the IETF 99 meeting in Prague:

Stephen Checkoway, an assistant professor in the department of computer science at the University of Illinois, Chicago. Checkoway will present a systematic analysis of the Juniper dual elliptic curve (EC) incident.

Philipp Richter, a doctoral student in the INET group at the Technical University of Berlin. Richter will present a multiperspective analysis of carrier-grade network address translator (NAT) deployment.

The call for nominations for the 2018 ANRP award cycle will open in mid-2017. Join the irtf-announce@irtf.org mailing list for all ANRP related notifications.

]]> 2292 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-july-2017/ Wed, 05 Jul 2017 19:24:19 +0000 https://www.ietfjournal.org/?p=2294 Presented 27 March, 2017 at the IETF 98 Plenary

IETF 98 in Chicago marked the first meeting with newly appointed Chair Allison Mankin. During the meeting, seven chartered IRTF RGs held meetings:

• Human Rights Protocol Considerations (HRPC)
• Internet Congestion Control (ICCRG)
• Information-Centric Networking (ICNRG)
• Measurement and Analysis for Protocols (MAPRG)
• Network Function Virtualization (NFVRG)
• Network Management (NMRG)
• Thing-to-Thing (T2TRG)

The following two RGs recently concluded: Software-Defined Neworking (SDNRG) and the Network Machine Learning (NMLRG) provisional group.

The IRTF Open Meeting received Applied Networking Research Prize presenta-tions from Yossi Gilad for the path-end validation extension to the Resource Public Key Infrastructure (RPKI), and Alistair King for a framework to enable efficient processing of large amounts of distributed and/or live Border Gateway Protocol (BGP) data.

The Applied Networking Research Workshop 2017 call for papers has closed The ANRW’17 is an academic workshop that provides a forum for researchers, vendors, network operators, and the Internet standards community to present and discuss emerging results in applied networking research. Sponsored by ACM SIGCOMM, the Internet Research Task Force (IRTF) and the Internet Society (ISOC), the workshop will take place Saturday, 15 July 2017, in Prague, Czech Republic, the venue of IETF 99.

To stay informed about these and other happenings, join the IRTF discussion list at https://www.irtf.org/mailman/listinfo/irtf-discuss.

]]> 2294 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/todays-ietf-leaders-mirja-kuhlewind-phd/ Wed, 05 Jul 2017 19:21:22 +0000 https://www.ietfjournal.org/?p=2297 Began IETF participation: 2010 Current role: Transport area director Previous roles: RTP Media Congestion Avoidance Techniques (RMCAT) and TCP Increased Security (TCPINC) Working Group chair Day job: Senior Research, ETH Zurich’s Computer Engineering and Networks Laboratory, Network Systems Group Favorite aspect of leadership: Gaining management experience I first got involved with the IETF when I started my PhD. A colleague, who was already involved with the organization, pointed out that it was starting work closely related to my own interests. I attended my first IETF meeting in 2010, when the CONEX [Congestion Exposure] Working Group (WG) held a BoF meeting. From then on, it was my own initiative that kept me working with the IETF—I had support from my group, and they usually had enough travel budget for me to attend the meetings. Three years ago, I became chair of the RMCAT [RTP Media Congestion Avoidance Techniques] Working Group. I gave that up when I became Transport area director (AD). I also was chair of the TCPINT Working Group for half a year. So I became an AD just six years after joining the IETF. A limited number of people are involved in the Transport area. When I became more active, I was encouraged to take the role of a Working Group chair. Transport AD wasn’t an option until I finished my PhD. Ultimately, it worked out nicely because I got stable funding for a project for a little more than two years, which freed me up to consider the job. The project is funded by Switzerland and includes proposed work that we plan to bring into the IETF. So it helped me justify spending so much time on IETF work. My two-year term as Transport AD began in March 2016. I hope that my experience as AD can count as management experience and that people value it. It’s a good way to improve your skills because you are in a management position where you don’t have any power, but you need to motivate people. For me, it is about how well I manage Working Groups and how well I manage my time. I spend 40% of my time on my AD work and 60% on my research project. It can be a challenge to balance them. I don’t think that ETH directly benefits from me being Transport AD. But they did get external funding for our project, and that funding had a strong focus on making an impact on industry. So my standardization work may have helped to get the project funded. I don’t think I needed a leadership role for that. Being a Working Group chair was probably enough to show that I had IETF experience. Everybody’s biggest concern about taking on an IETF leadership role is time management. I do it on a 40% basis. It’s a little stressful, yes, but it is possible. The other reason it’s hard to find people for the Transport AD role is that the right person not only needs support, money, and time for the IETF, but also must have an overview about what’s going on in Transport. I was in the unique position that I was following the same Working Groups that I now carry as AD—it’s no extra effort. I don’t have a plan yet for when my term is over, but I know I’d like to stay involved in the IETF. When my ETH project is finished, I’ll be a four-year post doc. I’ll need to make a decision about whether to stay in academics or go into industry. If I apply for a job next year, I won’t stand as Transport AD—I can’t ask a new employer to let me spend 40% of my time on the IETF. Even as a professor, it would be hard for me to get 40% of my time off for the IETF. It’s been an interesting experience, particularly because I’m just starting my career. I’ve learned a lot, and I’ve made a lot of industry contacts that I’ve gotten to know well. I’m grateful—the IETF as a community has provided me with networking opportunities and a source of ideas for research.]]> 2297 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-july-2017/ Wed, 05 Jul 2017 19:19:58 +0000 https://www.ietfjournal.org/?p=2299 Getting new work started in the IETF usually requires a birds-of-a-feather (BoF) meeting to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. In this article, we’ll review the BoFs that took place during IETF 98, including their intentions and outcomes. If you are inspired to arrange a BoF meeting, please be sure to read RFC 5434, “Considerations for Having a Successful Birds-of-a-Feather (BoF) Session”.

Coordinated Address Space Management (casm)

Description: Organizations use IP address space management (IPAM) tools to manage their IP address space, often with proprietary databases and interfaces. This proposed work is intended to evolve IPAM into standardized interfaces for coordinated management of IP addresses, including software-defined networks and other forms of virtualization. Use cases include dynamic allocation and release of IP addresses and prefixes based on usage and/or user intent. The purpose of the BoF was to gather a common set of requirements from a larger set of operators and to better understand use cases.

Proceedings: Slides, documents, and audio and video recordings are available online (https://datatracker.ietf.org/meeting/98/proceedings, search for “casm”).

Outcome: There was discussion of IPAM services and use cases. The meeting concluded with discussion of whether the IETF should take on this work in the future. There was agreement that there was a problem for the IETF to solve and interest from diverse stakeholders in working on a solution. Further work to refine the problem and scope will take place on the mailing list (https://www.ietf.org/mailman/listinfo/casm).

WGs Using GitHub (wugh)

Description: GitHub is being used by more IETF Working Groups for proposing and tracking changes to WG Internet-Drafts. Using GitHub for normal WG processes requires some training, and edge cases in its usage abound. There are also questions of how to capture information that is created in GitHub into WG mailing lists so it can be both seen by all participants and properly archived. This BoF was also used to discuss the creation of IETF-wide documentation about how to use GitHub effectively in WG processes.

Proceedings: Minutes are available at https://www.ietf.org/proceedings/98/minutes/minutes-98-wugh-00.txt.

Slides, documents, and audio and video recordings are available online (https://datatracker.ietf.org/meeting/98/proceedings, search for “wugh”).

Outcome: A good discussion of the ways in which GitHub is being used by various IETF Working Groups and IRTF Research Groups. Several issues were identified and more work will be required to document best practices and better integrate use of GitHub with IETF processes. The discussion will continue on the mailing list (https://www.ietf.org/mailman/listinfo/ietf-and-github).

A Protocol for Dynamic Trusted Execution Environment Enablement (teep)

Description: The goal of this group is to standardize a protocol for dynamic trusted execution environment enablement. The industry has been working on an application layer security protocol that allows configuration of security credentials and software running in a Trusted Execution Environment (TEE). Today, TEEs are found in home routers, set-top boxes, smart phones, tablets, wearable devices, and so forth. To date, mostly proprietary protocols are used in these environments. This BoF was an attempt to start work on standardizing such a protocol. A straw man proposal has been published at ​https://tools.ietf.org/html/draft-pei-opentrustprotocol-03. 

Proceedings: Minutes are available at https://www.ietf.org/proceedings/98/minutes/minutes-98-teep-00.txt.

Slides, audio and video recordings are available online (https://datatracker.ietf.org/meeting/98/proceedings, search for “teep”).

Outcome: There was an overview presentation on TEEs, presentations from ARM and Intel about their product offerings and presentations on use-cases and possible architectures. The meeting concluded by identifying a number of people willing to volunteer to continue participating in the work to better define the problem and proposed work items. Discussion will continue on the mailing list (https://www.ietf.org/mailman/listinfo/teep).

IASA 2.0 (iasa20)

Description: The IETF community has identified a need to review and possibly rework the administrative arrangements at the IETF, dubbed the IASA 2.0 project (https://www.ietf.org/blog/2016/11/proposed-project-ietf-administrative-support-2-0/). A series of virtual workshops were offered related to this effort. This BoF provided an opportunity to talk about the feedback that was received from the workshops and to solicit further feedback.

Proceedings: Minutes are available at https://www.ietf.org/proceedings/98/minutes/minutes-98-iasa20-00.txt.

Slides, documents, audio and video recordings are available online (https://datatracker.ietf.org/meeting/98/proceedings, search for “iasa20”).

Outcome: A robust discussion about the challenges facing the current administrative structure and arrangements, and an opportunity for those present to express their views and concerns vis-à-vis some of the alternative approaches to reform. Discussion will continue on the mailing list (https://www.ietf.org/mailman/listinfo/iasa20).

]]> 2299 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-98-at-a-glance/ Wed, 05 Jul 2017 19:19:06 +0000 https://www.ietfjournal.org/?p=2301 Onsite participants: 1127

Remote participants: 315

Number of countries: 57

Hackathon participants: 115+

IETF Activity since IETF 97 (16 November–26 March 2017)

New WGs: 2

• Concise Binary Object Representation Maintenance and Extensions (cbor)
• JSON Mail Access Protocol (jmap)

WGs closed: 10

WG currently chartered: 138

New and revised Internet-Drafts (I-Ds): 1,484

IESG Protocol and Document Actions: 124

IESG Last Calls issued to the IETF: 130

RFCs published: 116

• 66 Standards Track, 5 BCP, 9 Experimental, 36 Informational 

Notable process updates

• IETF’s IPR rules revision approved. https://tools.ietf.org/html/draft-bradner-rfc3979bis
• RFC 2119 language clarification. https//tools.irtf.org/html/draft-leiba-rfc2119-update

RFC Editor Activity since IETF 97 (November–March 2017)

Published RFCs: 126 (3,928 pages)

• 37% increase in page count since last reported
• 29% increase in document count since last reported

Cluster AUTH48 pages updates (full view of author approvals on one page)

Server upgrades

Current and ongoing activities:

• Stable URIs for errata
• xml2rfc v3: Continue to follow format developments and be ready to test tools and draft test procedures
• Improving cluster management and transparency

]]> 2301 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/segment-routing-cutting-through-the-hype-and-finding-the-ietfs-innovative-nugget-of-gold/ Wed, 05 Jul 2017 19:48:34 +0000 https://www.ietfjournal.org/?p=2239 Segment Routing (SR) is a new traffic-engineering technology being developed by the IETF’s SPRING Working Group. Two forwarding plane encapsulations are being defined for SR: Multiprotocol Label Switching (MPLS) and IPv6 with a Segment Routing Extension Header. This article provides some historical context by describing the MPLS forwarding plane and control plane protocols, explains how Segment Routing works, introduces the MPLS-SR forwarding plane, and shows how the SR control plane is used. Finally, the article compares SR with legacy MPLS systems, and identifies its unique merits.

MPLS Forwarding

MPLS is a nearly 20-year-old technology. An MPLS domain is a contiguous set of Label Switching Routers (LSRs). Packets enter the MPLS domain through an ingress LSR and exit the MPLS domain through an egress LSR. A single LSR can serve as ingress for some packets and egress for others.

A Label Switched Path (LSP) provides connectivity between an ingress LSR and an egress LSR. An LSP can traverse the least-cost path or it can traverse a traffic-engineered path.

When an ingress LSR receives a packet, it assigns the packet to Forwarding Equivalence Class (FEC) and encapsulates the packet with an MPLS label stack. It then forwards the packet to the next-hop associated with the FEC.

The MPLS label stack contains one or more label stack entries. Each label stack entry contains a label, a time-to-live (TTL) indicator, a Traffic Class (TC) indicator, and a bottom of stack indicator. These data items determine how a transit LSR will process the packet. In that respect, each label stack entry is an instruction to an LSR.

When an LSR receives a packet it examines the top entry in the label stack and decrements the TTL. If the TTL has not expired, the LSR searches its Forwarding Information Base (FIB) looking for an entry that matches the incoming label.

If the LSR finds a FIB entry that matches the incoming label, the FIB entry will contain the following information:

• Label action
• Next-hop interface

Label actions are the following:

• Push one or more new entries onto the label stack.
• Pop the top entry from the label stack.
• Swap the label in the top entry.

Having found a matching FIB entry, the LSR executes the label action and forwards the packet through the next-hop interface. The next-hop interface can be an internal interface or an external interface. If the next-hop interface is an internal interface, the LSR forwards the packet to itself and processes the packet as it had just been received, examining outermost protocol header. If the next-hop interface is an external interface, the LSR forwards the packet appropriately.

When a packet reaches the penultimate hop on an LSP, the LSR may pop the final label stack entry and forward the payload packet without any encapsulation.

MPLS Control Plane

Routing Protocols

An MPLS network makes heavy use of the Interior Gateway Protocols (IGPs)—Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS)—to learn the network topology, establish the least cost paths, and provide information for computing traffic engineering paths. Normal IGP advertisements are used to distribute the connectivity and metrics for the network links, and those messages are enhanced with additional information describing the links (such as bandwidth).

Label Distribution Protocol (LDP)

LDP is a TCP-based protocol that can be run between adjacent LSRs in an MPLS network. Each LSR uses the protocol to advertise the label to use when MPLS encapsulated packets are sent to it for final delivery to an IP prefix. As each LSR receives advertisements from other LSRs it is able to install entries in its FIB showing how to map from the label in a packet it receives (a label it has advertised) to a label in a packet it forwards (a label it has received in an advertisement).

LDP results in traffic being forwarded along the least cost path and does not support traffic engineering.

Resource Reservation Protocol with TE Extensions (RSVP-TE)

In RSVP-TE, network operators administratively assign TE attributes to interfaces. TE attributes include, but are not limited to, available bandwidth, reserved bandwidth and administrative color. These TE attributes are flooded by the IGP so that each node within the IGP domain maintains an identical copy of a Link State Database (LSDB) and a Traffic Engineering Database (TED). The LSDB describes the IGP topology, while the TED augments the LSDB with TE link attributes.

Network operators request LSPs that meet specific constraints. For example, a network operator could request an LSP that originates at Node A, terminates at Node Z, reserves 100 megabits per second, and traverses blue interfaces only. A path computation module, located on a central controller—such as the Path Computation Element (PCE)—or on the ingress LSR, computes a path that satisfies all of the constraints. In order to construct this SR-path, the path computation function consults the LSDB and TED.

RSVP-TE is a signaling protocol that runs directly over IP. It uses a Path message to signal out along the path of the LSP, and a Resv message is returned to reserve network resources and confirm the establishment of the LSP. The Path message contains details of the requested LSP (bandwidth, etc.) as well as an Explicit Route Object (ERO) that lists the nodes and links that the LSP should traverse. The Resv message reports the resources that have been reserved (bandwidth, etc.) and a Record Route Object (RRO) that confirms the path of the LSP.

Each LSR selects a label that it will use to receive traffic on the LSP. It includes this label in the Resv message it sends. Thus, each LSR can build a FIB entry for the LSP mapping the label it has advertised to the label it has received.

RSVP-TE requires that state is maintained in the network for each LSP, and the protocol is a “soft state protocol”, meaning that Path and Resv messages must be exchanged periodically to keep the LSP active.

Segment Routing

Terminology

An SR domain is a contiguous set of SR-capable routers. An SR-Path (i.e., an SR-signaled LSP) provides connectivity through the SR domain. An SR-path can traverse the IGP least cost path between its endpoints. It can also traverse a traffic-engineered path.

An SR-path contains one or more segments and a segment contains one or more router hops. The SPRING WG has proposed many segment types. However, the following segment types are most common:

• Adjacency
• Prefix
• Anycast
• Binding

Adjacency segments represent an IGP adjacency between two routers. They typically contain one router hop, but can contain more. Prefix segments represent the IGP least cost path between any router and a specified prefix. Prefix segments contain one or more router hops. Anycast segments are like prefix segments in that they represent the IGP least cost path between any router and a specified prefix. However, the specified prefix can be advertised from multiple points in the network. Binding prefixes represent tunnels through the SR domain. The tunnel can be another SR-Path, an LDP-signaled LSP, an RSVP-TE signaled LSP, or any other encapsulation.

A Segment Identifier (SID) identifies each segment. SIDs that represent prefix and anycast segments have domain-wide significance. Therefore, network operators allocate them using procedures that are similar to those used to allocate private IP (i.e., RFC 1918) addresses. Conversely, SIDs that represent adjacency and binding segments have local significance only. SR-capable routers allocate these SIDs automatically, without concern for domain-wide coordination.

Every SID maps to an MPLS label. As stated above, MPLS labels have local significant only. Therefore, SIDs that have local significance only can map directly to MPLS labels. However, SIDs that have domain-wide significance require special treatment.

Each SR-capable router reserves a range of MPLS labels, called the SR Global Block (SRGB). For example, Router A might reserve labels 10,000 through 20,000, while Router B reserves labels 20,000 through 40,000. Both routers map SIDs to MPLS labels by adding the SID to the lowest SRGB value. Therefore, Router A maps SID 1 to MPLS label 10,001, while Router B maps the same SID to MPLS label 20,001.

SR Forwarding

When an SR ingress router receives a packet, it assigns the packet to FEC and encapsulates it in an MPLS label stack. Finally, it forwards the packet to the next-hop associated with the FEC.

The MPLS label stack represents an SR-path that is associated with the FEC. Each entry in the label stack represents a segment in the SR-path.

Figure 1. Adjacency Segments

In Figure 1, R1 maintains an SR-path to R4. The SR-path contains five adjacency segments, originating at R2, R3, R7, R6, and R5. The ingress LSR (R1) imposes a label stack with one entry for each adjacency segment. Finally, R1 forwards the packet to R2, where the first adjacency segment begins. R2 processes the outer label stack entry, popping it and forwarding the packet to R3. Each downstream LSR repeats the process until the packet arrives at R4.

Figure 2. Single Prefix Segment

In Figure 2, R1 through R6 all maintain an SR-path to R7. The SR-path contains a single prefix segment, represented by SID 7. We will examine the path from R4 to R7.

The ingress router (R4) imposes a label stack that contains exactly one entry, representing the prefix segment (i.e., the IGP least cost path) between R4 and R7. This label stack entry carries a label that corresponds to SID 7. In order to calculate that label, R4 adds the SID (7) to the SRGB base advertised by the next-hop, R5 (i.e., 200). The result is 207. Finally, R4 forwards the packet to R5.

R5 processes the label. In order to do so, it identifies the router on the IGP least cost path to R7 (i.e., R6). Then R5 swaps the label, replacing it with the value that R6 maps to SID 7 (i.e., 307). Finally, it forwards the packet to R6. R6 repeats this process and the packet arrives at R7.

Figure 3. Traffic-Engineering Using Prefix Segments

In Figure 3, R1 maintains a traffic-engineered SR-path to R4 via R7. The SR-path contains two prefix segments. One prefix segment represents the IGP least cost path from R1 to R7, while the other represents the IGP least cost path from R7 to R4

The ingress LSR (R1) imposes a label stack with one entry representing each prefix segment. It calculates the inner label value by adding R4’s SID (4) to R7’s SRGB base (300). It calculates the outer label by adding R7’s SID (7) to R2’s SRGB base. Finally, R1 forwards the packet to R2. All downstream routers process the packet as described in the previous example and the packet arrives at R4.

IGP Extensions for Segment Routing

Each SR-capable router allocates a SID and a label for the following:

• Each prefix or anycast segment that it terminates
• Each adjacency or binding segment that it originates

Having done so, it creates a RIB entry for each of the above and installs the RIB entries into the FIB.

Next, the SR-capable router advertises the following into its IGP:

• Its SRGB characteristics
• Each prefix or anycast segment that it terminates
• Each adjacency or binding segment that it originates

The IGP floods this data, in addition to the previously mentioned TE link attributes, throughout the IGP domain. Therefore, each node within the IGP domain maintains an identical copy of a Link State Database (LSDB) and a Traffic Engineering Database (TED). The LSDB describes the IGP topology, including SIDs and SRGB data, while the TED augments the LSDB with TE link attributes.

When flooding is complete, every node within the IGP domain constructs two RIB entries for each prefix or anycast segment that it does not terminate. The first RIB entry instructs the local device to process all incoming IP traffic bound for the prefix as follows:

• Push an MPLS label stack entry whose label maps to the SID.
• Forward the packet to the next-hop on the IGP least cost path to the segment endpoint.

The second RIB entry instructs the local device to process all incoming MPLS traffic whose outermost label maps to the segment as follows:

• Swap the outermost label, accounting for the next-hop’s SRGB.
• Forward the packet to the next-hop on the IGP least cost path to the segment endpoint.

Path Computation

A path computation function calculates SR-paths. Given a set of TE constraints, the path computation function yields an MPLS label stack representing an SR-path that satisfies the constraints. In order to construct this SR-path, the path computation function consults the LSDB and TED.

The path computation function can reside on a central controller. Conversely, the path computation function can be distributed among ingress LSRs.

Analysis

LDP and RSVP-TE are end-to-end signaling protocols that establish per-LSP forwarding state in LSRs. Because LDP and RSVP-TE maintain all required forwarding state in LSRs, an LDP, or RSVP-TE signaled LSP can be represented by a single MPLS label stack entry.

By contrast, SR moves some, but not all, forwarding state from the network to the packet. An SR-path is represented by a label stack, with one label stack entry representing each segment in the SR-path. Therefore, the network maintains enough state to route the packet form segment ingress to segment egress, while the packet maintains enough state to route the packet from segment to segment.

By moving state from the network to the packet, SR reduces the amount of memory that LSRs require and the amount of processing needed to maintain state. Recent increases in CPU and memory within routers, and improvements to the RSVP-TE protocol and to implementations have reduced this issue, but it remains an important concern.

A more-significant benefit of moving state from the network to the packet is that it eliminates the need for an end-to-end signaling protocol. While SR requires an IGP and a path computation module, it does not require a signaling protocol like LDP or RSVP-TE.

However, some advanced functions offered by RSVP-TE rely on end-to-end signaling and per-LSP state in the network. Among these are bandwidth reservation, failure detection, and fast-reroute.

In RSVP-TE, the path computation function can be distributed among ingress LSRs, even when TE constraints include bandwidth reservations. This is possible because in RSVP-TE, each LSR maintains state for each LSP that it supports. Having this state, it can compute the remaining bandwidth on each RSVP-enabled interface and flood that information into the IGP. Therefore, every node in the IGP maintains an LSDB and TED with sufficient information to support the path computation function.

In SR, no such mechanism exists. So, when TE constraints include bandwidth reservations, the path computation function must be centralized in a controller where a global view of bandwidth allocation is available.

In RSVP-TE, the end-to-end signaling mechanisms also provides OAM functionality. When an RSVP-TE neighboring session fails, the LSR upstream of the failure signals the ingress LSR, causing it to invoke head-end restoration procedures. If configured to do so, the LSR upstream of the failure can also invoke local restoration procedures.

In SR, restoration is more complex. If the failure occurs at a segment ingress, some OAM mechanism outside of SR detects the failure and informs the path computation module. The path computation module invokes head-end restoration procedures, recalculating the SR-path between the SR ingress and the SR egress. While local restoration procedures for SR are conceivable, none have been standardized to date.

If a failure occurs at some point other that the segment endpoint, SR relies on external recovery mechanisms. For example, if a failure occurs in the middle of a prefix segment, SR relies on an IGP to detect the failure, flood topology changes, and compute the new IGP least-cost path to the segment endpoint. In this example, TI-LFA can be deployed to reduce dependence upon IGP convergence.

Conclusion

SR supports traffic engineering while reducing the amount of state maintained by the network. In many cases, SR eliminates the need for MPLS signaling protocols (i.e., LDP and RSVP-TE). For these reasons, the IETF should continue to develop SR capabilities.

Specifically, IETF should continue to develop IGP extensions for SR, as well as BGP extensions that may be required to extend SR across IGP boundaries. Additional work is essential to develop key networking functions such as OAM and ways to carry entropy to resolve ECMP choices. Furthermore, network equipment vendors and network operators should work together to prototype and experiment with SR to provide operational feedback to the IETF, so that SR can be improved and made ready for wide-scale deployment.

It is likely that network operators will deploy SR incrementally over the next several years. As deployments proceed, the SR community will gain operational experience, SR standards will be refined to address unforeseen problems, and implementations will improve accordingly. Furthermore, network operators will identify use-cases for which SR is well suited, as well as use-cases for which LDP and RSVP-TE may be better suited.

For these reasons, as well as to support a massive installed base, the IETF and network equipment vendors should continue to refine and support LDP and RSVP-TE with the same intensity that they progress SR.

]]> 2239 0 0 0 3003 0 0 3138 0 0 3402 3138 0 6047 http://xpresspath.net 0 0 9477 3402 0 24211 0 0 24239 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-july-2017/ Wed, 05 Jul 2017 19:47:50 +0000 https://www.ietfjournal.org/?p=2244 Looking Ahead, Facing Change

In March I officially took on the role of IETF Chair. My predecessor Jari Arkko noted upon beginning his term just how much can change from one term to the next. While settling into my new role these past months, I’ve been thinking about his comment, about both what is changing in the IETF and what is staying the same.

When I first started participating in the IETF, I soon realized its importance as a venue for creating the building blocks of the Internet. The significance of the IETF derives from a combination of what we choose to work on and how we carry out that work. Producing core standardized protocols wouldn’t have nearly the same impact on the Internet if it were done behind closed doors, if a single constituency could dictate the outcome, or if broad interoperability were not the main objective. The core principles of the IETF process—open participation, cross-area review, and consensus—contribute to the success of IETF protocols in tandem with the design choices and technical trade-offs inherent in protocol design.

Of course, those process features are also often cited as drawbacks of IETF participation. “The IETF moves too slowly,” some people say. “They’re not adaptable,” “they can’t compete with open source,” “the biggest players aren’t interested in consensus.” Sound familiar? Sure, it’s generally true that finding agreement among a large, heterogeneous pool of people requires different time and work investments than deciding things among a close group of friends or hacking something together on your own. A pressing challenge for us is to preserve the benefits of the core IETF model while adapting to changes in the industry and the environment. With collaborative styles of engagement flourishing across both open source and standards development, there is a lot of opportunity for synergy.

How can we do a better job of integrating our work with open source development efforts? How can we evolve our tools and processes to align with how software is being developed and deployed today? How might we apply the model of cross-area review and consensus more broadly than to static text specifications? How can we evolve the administration of the IETF to give the community more flexibility and room to experiment? I have my own thoughts about these questions, but far more important are the ideas and efforts of the IETF community.

Recent IETF standards development work, as well as ongoing community conversations and activities, offer many reasons to be optimistic about tackling these questions. Over the last several years we’ve seen protocol development efforts deeply intertwined with and informed by running code, with the concurrent development of 10 or more independent implementations in cases such as HTTP/2 and TLS 1.3. We’ve seen broad interest across the industry in the kind of security expertise that has become a hallmark of the IETF, and resulting security and privacy improvements being developed for Web, email, DNS, DHCP, real-time, and other kinds of traffic. We’ve seen tremendous energy behind the specification of YANG data models and their integration across the industry into standards processes. And community discussion and activity continues to grow around IETF Hackathons, use of Github, remote participation, and IASA 2.0.

I’m excited to work with the IETF community to tackle these coming changes. In addition to the existing discussion venues, please feel free to send your thoughts directly to me (chair@ietf.org) or post them to the IETF discussion list (ietf@ietf.org).

Highlights from IETF 98

The 98^th IETF meeting was a typically busy work week for IETF participants, but also a special week, as a number of changes in our leadership became official. We welcomed newly selected individuals into the leadership and gave our thanks to outgoing members of the Internet Engineering Steering Group (IESG), Internet Architecture Board (IAB), and IETF Administrative Oversight Committee (IAOC) , including the outgoing IETF chair, Jari Arkko.

Amidst all the Working Group action and leadership transition activities, a few highlights stood out for me. Among more than 1,000 attendees, nearly 17% were attending their very first IETF meeting. We’re constantly evaluating what more we can do to attract cutting-edge standardization work and new participants to the IETF, so it was nice to see many fresh faces.

Meetings at IETF 98 demonstrated that a number of core security and Web application standards are on a path towards high levels of maturity and industry adoption. These include the following:

• Transport Layer Security (TLS) version 1.3, a significant performance and security upgrade to the current version of TLS.
• The Automated Certificate Management Environment (ACME) protocol specification, which has provided the foundation for certificate management automation for the Web.
• The core Real-Time Communication in Web Browsers (RTCWEB) specifications, which together allow for standardized interactive communication using audio, video, and data connections between Web browsers.

Work on all of these standards is heading towards conclusion within their respective Working Groups. There was also a large TLS team at the IETF Hackathon representing 18 independent implementations, and they were named the overall Hackathon winners by the judges.

IETF 98 was also very busy for those working on YANG data models related to both network management and routing. While participants continue to press forward with the standardization of hundreds of different YANG modules in the IETF, they’ve also been focusing on guidelines and tooling (e.g., yangcatalog.org) to help streamline the model development process and aid interoperability.

Our technical plenary speakers, Niels ten Oever and David Clark, addressed questions about the relationship between Internet protocols and human rights. Clark encouraged us to think of standardization activities as “designing the playing field” and to contemplate how we “tilt the playing field” based on the design choices we make. As expected, the topic yielded a provocative community discussion session.

We owe deep thanks to our meeting host, Ericsson. As an IETF Global Host, Ericsson has committed to host three IETF meetings in a 10-year period and affirmed its long-standing support for the work of the IETF. We heard at the plenary session just how important IETF work is to Ericsson’s industry and technology goals, particularly as the coming shift towards 5G inspires potential new requirements around packet transport, network and service management, and virtualization.

Until we gather again in July for IETF 99, work will continue on mailing lists, at interim meetings, and on Github¹. See you in all of those places...

Footnote

1. See the Working Groups Using Github session at https://www.youtube.com/watch?v=HNtCXBg_RnU&feature=youtu.be.

]]> 2244 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-july-2017/ Wed, 05 Jul 2017 19:47:01 +0000 https://www.ietfjournal.org/?p=2246 During the joint Internet Engineering Steering Group (IESG) and Internet Architecture Board (IAB) retreat on 15-17 May 2017, the group discussed a number of topics related to network operator activities for encrypted flows. As part of that conversation, the group looked at RFC 4084 (May 2005), which tackled the question, what does Internet access mean? A dozen years after its publication, the subject probably deserves a new look, and several of the folks at the retreat agreed to draft a new version for community review.

As one of those volunteers, I’d like to dive into RFC 4084 and share what may have changed since it was written. After walking through the need to avoid pejorative terms, the RFC sets out the following types of connectivity: web connectivity, client connectivity only with no public address, client connectivity only with a public address, firewalled Internet connectivity, and full Internet connectivity.

For those who have bought enterprise connectivity recently, it’s obvious that several common categories are missing, including dark fiber, lit service connectivity to a home office, and managed MPLS tunnels, to name a few. More important, however, the RFC doesn’t really touch on cellular wireless connectivity, which is now one of the most common ways people connect to the Internet. This means that it also doesn’t touch on topics like data caps, roaming for data services, zero rating, and data compression proxies. For cellular connectivity, these topics can be the key to understanding the trade-offs in connectivity, privacy, and costs for a particular service offering.

Beyond the proliferation in available offerings, there has been another major change: the ubiquity of filtering. RFC 4084 describes filtering at the ISP level in Section 3, and notes “the effort to control or limit objectionable network traffic has led to additional restrictions on the behavior and capabilities of internet services”. RFC 7754 (March 2016) provides a much more detailed description of blocking and filtering, and highlights restricting objectionable content as a category beyond blocking objectionable traffic that may be a requirement imposed by state regulators. In such jurisdictions, what RFC 4084 described as “full Internet connectivity” has disappeared, because service providers are required to prevent their customers from reaching specific Internet resources, services, or destinations. Even where blocks are not in place, regulatory increases in the amount of Internet tracking data retained and the length of time it is kept have become common. These may contribute to self-censorship in the use of some content. Simply put, firewalled Internet connectivity has become the default offering required of service providers within those territories.

In addition, RFC 4084 describes Internet connectivity in terms that apply to the services that are consumed by a human user and, although some social networking and streaming services are absent, it remains generally useful in that regard. As we move into an era in which devices talk to other devices, we need to examine what a service provides for traffic among devices or between devices and back-end services. Is the implication of a web-only service that the Internet of Things is not supported, or is the implication that it must be reached by a web-based gateway or proxy? The difference between those two scenarios is a topic of serious contemplation today, and the architecture of a number of future services may depend on it.

In many cases, the architecture of the Internet has developed in the course of a commercial dialog between network operators’ offerings and consumers’ use. Many efforts to make cellular systems walled gardens failed, for example, because users simply weren’t willing to use them that way and wanted the broader connectivity of the Internet. As we look at this new tension among users’ desires for confidential communication, network operators’ management practices, and regulatory frameworks, a common vocabulary for the services available to users may help us understand what architectures we can build. If you’d like to contribute to the early discussion, architecture-discuss@iab.org is one place to start.

]]> 2246 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-at-ietf-99/ Thu, 19 Oct 2017 11:51:34 +0000 https://www.ietfjournal.org/?p=2353 Stephen Checkoway for a systematic analysis of the Juniper Dual EC incident. See the full paper here. • Philipp Richter for a multiperspective analysis of carrier-grade NAT deployment. See the full paper here. Checkoway and Richter presented their findings to the Internet Research Task Force open meeting during IETF 99. Slides are available here (Checkoway) and here (Richter). Thanks to Meetecho, audio and video from the presentations is also available (from 00:11:20). ANRP winners have been selected for all of the IETF meetings in 2017. The following winners will be next to present their work at the IETF 100 meeting in Singapore: • Paul Emmerich, a research associate at the Technical University of Munich. Emmerich will present his work to develop the high-speed packet generator, MoonGen. • Roland van Rijswijk-Deij, a researcher at the Centre for Telematics and Information Technology (CTIT) at the University of Twente. Van Rijswijk-Deij will present his analysis of the impact of elliptic curve cryptography on DNSSEC validation performance. The call for nominations for the 2018 ANRP award cycle is open until 5 November. Nominations can be submitted here or by email to anrp@irtf.org. Join the irtf-announce mailing list to receive all ANRP related notifications.]]> 2353 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/palabras-del-editor-2/ Mon, 23 Oct 2017 19:57:10 +0000 https://www.ietfjournal.org/?p=2360

La reunIón número 98 del IETF se llevó a cabo en la ciudad de Chicago, Illinois (EE.uu). como siempre, fue una reunión ajetreada con mucho trabajo interesante para informar. Este IETF Journal ofrece apenas una instantánea de los eventos y discusiones que hicieron que esta reunión fuera tan memorable. Nuestro artículo de portada es un análisis profundo del enrutamiento por segmentos (sr), una nueva tecnología de ingeniería de tráfico que está desarrollando el Grupo de Trabajo SPrInG. En esta edición también aprenderá sobre las diferentes actividades de la nueva dirección de Educación y mentoría, cuyo objetivo es mejorar la productividad, diversidad e inclusión del IETF (página 16). También presentamos un informe del Grupo de Trabajo sobre Automatización y monitoreo continuo de la seguridad (página 13), informes de los BoF (página 24) y un informe del hackathon previo al IETF (página 18), una lista de las demostraciones tecnológicas en el evento Bits-n-Bites (página 8) y un artículo sobre el programa Políticas del IETF desarrollado por la Internet society (página 17). nuestras columnas habituales de los chairs y la cobertura del plenario del IETF completan este número. Estamos enormemente agradecidos con nuestros colaboradores. Si tiene algún comentario o suge- rencia, por favor envíelos a ietfjournal@isoc.org. Para recibir la edición en papel o la versión digital de esta publicación, suscríbase en https://www.internetsociety.org/form/ietfj.

]]> 2360 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enrutamiento-por-segmentos-descubriendo-un-tesoro-de-innovacion-en-el-ietf/ Mon, 23 Oct 2017 20:50:07 +0000 https://www.ietfjournal.org/?p=2362

Por Adrian Farrel y Ron Bonica El Enrutamiento por segmentos (SR) es una nueva tecnología de InGEnIEríA de tráfico que está desarrollando el Grupo de Trabajo SPrInG del IETF. El SR depende de dos encapsulaciones en el plano de reenvío: Conmutación de etiquetas multiprotocolo (MPLS) e IPv6 con un encabezado de extensión de enrutamiento por segmentos. Este artículo ofrece un contexto histórico al describir los protocolos MPLS de plano de control y plano de reenvío. También explica cómo funciona el enrutamiento por segmentos, presenta el plano de reenvío de MPLS-SR y muestra cómo se utiliza el plano de control del sr. Finalmente, el artículo compara el enrutamiento por segmentos con los sistemas MPLS legados e identifica sus méritos excepcionales.

Reenvío MPLS  La tecnología MPLS tiene casi 20 años de existencia. un dominio mPls es un conjunto contiguo de routers de conmutación de etiquetas (LSr). Los paquetes entran al dominio MPLS a través de un lsr de entrada y salen del dominio MPLS a través de un lsr de salida. un único lsr puede servir como entrada para algunos paquetes y como salida para otros. Una ruta conmutada por etiquetas (LSP) proporciona conectividad entre un LSR de entrada y un LSR de salida. una LSP puede atravesar la ruta de menor costo o puede atravesar una ruta de ingeniería de tráfico. Cuando un LSR de entrada recibe un paquete, le asigna este paquete a la una clase de equivalencia de reenvío (FEC) y lo encapsula con una pila de etiquetas MPLS. A continuación, reenvía el paquete al siguiente salto asociado con la FEC. La pila de etiquetas MPLS contiene una o más entradas de pila de etiquetas. Cada entrada de pila de etiquetas contiene una etiqueta, un indicador de tiempo de vida (TTL), un indicador de clase de tráfico (TC) y un indicador de fondo de pila. Estos datos determinan cómo procesará el paquete un LSR de tránsito. de esta manera, cada entrada de pila de etiquetas es una instrucción para un LSR.

Cuando un LSR recibe un paquete, examina la entrada superior en la pila de etiquetas y reduce el TTL. Si el TTL no ha caducado, el lsr busca en su base de información de reenvío (FIB) una entrada que coincida con la etiqueta entrante. Si el LSR encuentra en la FIB una entrada que coincida con la etiqueta entrante, la entrada de la FIB incluirá la siguiente información:

• acción de la etiqueta
• Interfaz de siguiente saltoLas acciones de las etiquetas son las siguientes:

• Empujar una o más entradas nuevas a la pila de etiquetas.
• Quitar la entrada superior de la pila de etiquetas.
• Intercambiar la etiqueta en la entrada superior.Una vez que se encuentra una entrada coincidente en la FIB, el lsr ejecuta la acción de la etiqueta y reenvía el paquete a través de la interfaz de siguiente salto. la interfaz de siguiente salto puede ser una interfaz interna o una interfaz externa. si la interfaz de siguiente salto es una interfaz interna, el lsr se reenvía el paquete a sí mismo y procesa el paquete como si recién lo hubiera recibido, exa- minando el encabezado del protocolo más externo (outermost). si la interfaz de siguiente salto es una interfaz externa, el lsr reenvía el paquete de forma adecuada.Cuando un paquete llega al penúltimo salto en una LSP, el LSr puede quitar la última entrada de la pila de etiquetas y reenviar el paquete de carga útil sin ninguna encap- sulación.

Plano de control de MPLS Protocolos de enrutamiento Una red MPLS utiliza de forma intensiva los protocolos de pasarela interna (IGP) —protocolo del camino más corto primero (OSPF) o protocolo de sistema interme- diario a sistema intermediario (IS-IS) para conocer la topología de red, establecer las rutas de menor costo y proporcionar información para calcular las rutas de ingeniería de tráfico. Para distribuir la conectividad y las métricas para los enlaces de red se utilizan anuncios normales en el IGP, y esos mensajes se mejoran con información adicional que describe los enlaces (por ejemplo, el ancho de banda). Protocolo de distribución de etiquetas (LDP) LDP es un protocolo basado en el protocolo TCP que se puede ejecutar entre LSR adyacentes en una red MPLS. Cada LSR utiliza el protocolo para anunciar qué etiqueta utilizar cuando se envían paquetes encapsulados MPLS para su entrega final a un prefijo IP. Dado que cada LSR recibe anuncios de otros LSR, es posible instalar entradas en su FIB que muestren cómo mapear desde la etiqueta en un paquete recibido (una etiqueta que ha anunciado) hasta una etiqueta en un paquete que reenvía (una etiqueta que ha recibido en un anuncio). El LDP hace que el tráfico se reenvíe a lo largo de la ruta de menor costo y no soporte ingeniería de tráfico.

Protocolo de reserva de recursos con extensiones TE (RSVP-TE) En RSVP-TE, los operadores de red asignan de forma administrativa atributos TE a interfaces. Los atributos TE incluyen, de modo no taxativo, ancho de banda dis- ponible, ancho de banda reservado y color administrativo. Estos atributos TE son dis- tribuidos por el IGP mediante inundación de manera que cada nodo dentro del dominio IGP mantiene una copia idéntica de una base de datos de estado de enlace (LSdb) y una base de datos de ingeniería de trá co (TEd). La LSdb describe la topología IGP, mientras que la TEd aumenta la LSdb con atributos de enlace TE.

Los operadores de red solicitan lsP que cumplan con ciertas limitaciones. Por ejemplo, un operador de red podría solicitar una LSP que se origine en el nodo A, termine en el nodo z, reserve 100 megabits por segundo y solo atraviese las interfaces azules. un módulo de cálculo de ruta, ubicado en un controlador central —por ejemplo, el elemento de cálculo de ruta (PcE)— o en el lsr de entrada, calcula una ruta que satisface todas las limitaciones. Para construir esta ruta sr, la función de cálculo de ruta consulta la lsdB y la TEd.

RSVP-TE es un protocolo de señalización que corre directamente sobre IP. Utiliza el mensaje Path para señalizar a lo largo de la ruta del lsP y se retorna un mensaje resv para reservar recursos de red y confirmar el establecimiento de la lsP. El mensaje Path contiene detalles de la lsP solicitada (ancho de banda, etc.), así como un objeto de ruta explícita (Ero) que enumera los nodos y enlaces que debe atravesar la lsP. El mensaje resv informa los recursos que se han reservado (ancho de banda, etc.) y un objeto de registro de ruta (rro) que conforma el camino de la LSP. Cada LSr selecciona una etiqueta que utilizará para recibir tráfico en la LSP. Incluye esta etiqueta en el mensaje resv que envía. Por lo tanto, cada LSr puede construir una entrada en la FIB para la lsP que mapea la etiqueta que ha anunciado a la etiqueta que ha recibido. RSVP-TE requiere que se mantenga el estado en la red para cada lsP y el protocolo es un “protocolo de estado blando”, lo que significa que los mensajes resv y Path deben intercambiarse periódicamente para mantener activa la lsP. Enrutamiento por segmentos Terminología Un dominio sr es un conjunto contiguo de routers con capacidad de realizar conmutación por segmentos (routers sr). Una ruta sr (es decir, una lsP señalizada por sr) proporciona conectividad a través del dominio sr. Una ruta sr puede atravesar la ruta de menor costo del IGP entre sus puntos extremos. También puede atravesar una ruta de ingeniería de tráfico. Una ruta sr contiene uno o más segmentos y un segmento contiene uno o más saltos de routers. El Grupo de Trabajo sPrInG ha propuesto muchos tipos de segmentos. sin embargo, los siguientes tipos de segmentos son los más comunes: • Adyacencia • Prefijo

• Anycast • Asociación Los segmentos de adyacencia representan una adyacencia IGP entre dos routers. Generalmente contienen un salto de router, pero pueden contener más. Los segmentos de prefijos representan la ruta IGP de menor costo entre cualquier router y un prefijo especificado. Los segmentos de prefijos contienen uno o más saltos de router. Los segmentos anycast se parecen a los segmentos de prefijos en que repre- sentan la ruta IGP de menor costo entre cualquier router y un prefijo especificado. Sin embargo, el prefijo especificado puede ser anunciado desde múltiples puntos en la red. Los prefijos de asociación representan túneles a través del dominio sr. El túnel puede ser otra ruta sr, una lsP señalizada por ldP, una lsP señalizada por rSVP-TE o cualquier otra encapsulación. Un identificador de segmentos (SId) identifica cada segmento. Los SId que repre- sentan segmentos anycast y de prefijos tienen importancia en todo el dominio. Por lo tanto, los operadores de red los distribuyen utilizando procedimientos que son similares a aquellos que se utilizan para distribuir direcciones IP privadas (es decir, rFC 1918). A la inversa, los SId que representan segmentos de asociación y de adyacencia solo tienen importancia local. los routers con capacidad de realizar con- mutación por segmentos distribuyen estos sId de forma automática, sin preocuparse por la coordinación en todo el dominio. Cada SId mapea a una etiqueta mPLS. Como ya se dijo, las etiquetas mPLS solo tienen importancia local. Por ende, los sId que tienen importancia local solo pueden mapear directamente a etiquetas mPLS. Sin embargo, los SId que tienen importancia en todo el dominio requieren un tratamiento especial. Cada router sr reserva un rango de etiquetas mPLS, llamado bloque Sr global (srGB). Por ejemplo, el router A puede reservar las etiquetas 10.000 a 20.000, mientras que el router B reserva las etiquetas 20.000 a 40.000. ambos routers mapean los SId a etiquetas mPLS sumando el sId al menor valor de srGB. Por lo tanto, el router A mapea el sId 1 a la etiqueta mPLS 10.001, mientras que el router B mapea el mismo SId a la etiqueta mPls 20.001.

Reenvío (forwarding) de SR Cuando un router sr de entrada recibe un paquete, asigna el paquete a una FEC y lo encapsula en una pila de etiquetas mPLS. Por último, reenvía el paquete al siguiente salto asociado con la FEc. La pila de etiquetas mPLS representa una ruta Sr que se asocia con la FEC. Cada entrada en la pila de etiquetas representa un segmento en la ruta sr. En la Figura 1, r1 mantiene una ruta sr hasta r4. la ruta sr contiene cinco seg- mentos de adyacencia, que se originan en r2, r3, r7, r6 y r5. El LSr de entrada (r1) impone una pila de etiquetas con una entrada para cada segmento de adya- cencia. Finalmente, r1 reenvía el paquete a r2, donde comienza el primer segmento de adyacencia. r2 procesa la entrada de la pila de etiquetas más externa, quitándola y enviando el paquete a r3. Cada LSr aguas abajo repite el proceso hasta que el paquete llega a r4. En la Figura 2, r1 a r6 mantienen una ruta sr hasta r7. la ruta sr contiene un único segmento de pre jos, representado por el sId 7. Ahora analizaremos la ruta de r4 a r7. El router de entrada (r4) impone una pila de etiquetas que contiene exactamente una entrada, que representa el segmento de pre jos (es decir, la ruta IGP de menor costo) entre r4 y r7. Esta entrada de pila de etiquetas lleva una etiqueta que co- rresponde al sId 7. Para calcular esta etiqueta, r4 suma el SId (7) a la base srGB anunciada por el siguiente salto, r5 (es decir, 200). El resultado es 207. Por último, r4 reenvía el paquete a r5. r5 procesa la etiqueta. Para hacerlo, identica el router en la ruta IGP de menor costo a r7 (es decir, r6). Luego, r5 cambia la etiqueta, reemplazándola por el valor que r6 mapea al SId 7 (es decir, 307). Por último, reenvía el paquete a r6. r6 repite este proceso y el paquete llega a r7.

En la Figura 3, r1 mantiene una ruta sr de ingeniería de trá co hasta r4 que pasa por r7. la ruta sr contiene dos segmentos de pre jos. un segmento de pre jo representa la ruta IGP de menor costo desde r1 hasta r7, el otro representa la ruta IGP de menor costo desde r7 hasta r4. El lsr de entrada (r1) impone una pila de etiquetas con una entrada que representa cada segmento de pre jos. Calcula el valor de la etiqueta interior sumando el SId de r4 (4) a la base srGB de r7 (300). calcula el valor de la etiqueta exterior sumando el sId de r7 (7) a la base srGB de r2. Por último, r1 reenvía el paquete a r2. Todos los routers aguas abajo procesan el paquete como se describe en el ejemplo anterior y el paquete llega a r4.   Extensiones IGP para enrutamiento por segmentos Cada router con capacidad de realizar conmutación por segmentos distribuye un SId y una etiqueta:

• A cada segmento anycast o de pre jos de los cuales es terminación
• A cada segmento de asociación o adyacencia que originauna vez realizado esto, crea una entrada rIB para cada uno de los segmentos ante- riores e instala las entradas rIB en la FIB.luego, el router sr anuncia en su IGP lo siguiente:

• las características de su srGB
• Cada segmento anycast o de pre jos de los cuales es terminación
• cada segmento de asociación o adyacencia que originaEl IGP inunda estos datos, además de los atributos del enlace de ingeniería

de tráfico, en todo el dominio IGP. Por lo tanto, cada nodo dentro del dominio IGP mantiene una copia idéntica de una base de datos de estado de enlace (lsdB) y una base de datos de ingeniería de trá co (TEd) la lsdB describe la topología IGP, incluyendo los sId y datos srGB, mientras que la TEd aumenta la LSdB con atributos de enlaces TE. Una vez renalizada la inundación, cada nodo dentro del dominio IGP construye dos entradas rIB para cada segmento anycast o de prefijos de los que no es terminación. La primera entrada rIB le ordena al dispositivo local que procese todo el tráfico IP entrante que se dirige al prefijo de la siguiente manera: • coloca (push) una entrada de pila de etiquetas mPLS cuya etiqueta mapea al sId. • reenviar el paquete al siguiente salto en la ruta IGP de menor costo hacia el punto extremo del segmento. La segunda entrada rIB ordena al dis- positivo local que procese todo el trá co mPLS entrante cuya etiqueta más externa mapee al segmento de la siguiente manera:

• Cambie la etiqueta más externa, tomando en cuenta la información de la srGB del siguiente salto.
• reenvíe el paquete al siguiente salto en la ruta IGP de menor costo hacia el punto extremo del segmento.
  Cálculo de rutas
  Una función de cálculo de rutas determina las rutas Sr. dado un conjunto de restricciones de ingeniería de trá co (TE), la función de cálculo de rutasproduce una pila de etiquetas mPLS que representa una ruta Sr que satisface las restricciones. Para construir esta ruta sr, la función de cálculo de rutas consulta la lsdB y la TEd. La función puede residir en un controlador central. A la inversa, la función de cálculo de rutas puede estar distribuida entre los lsr de entrada.  
    Análisis LdP y rSVP-TE son protocolos de señalización de extremo a extremo que establecen en los lsr un estado de reenvío por LSP. Dado que LdP y rSVP-TE mantienen el estado de reenvío requerido en los LSr, una LSP señalizada por LdP o rSVP-TE se puede representar mediante una única entrada de pila de etiquetas mPLS. Por el contrario, el sr traslada parte del estado de reenvío, aunque no todo, de la red al paquete. Una ruta Sr se representa mediante una pila de etiquetas, con una entrada de pila de etiquetas para representar cada segmento en la ruta sr. Por lo tanto, la red mantiene estado suficiente para enrutar el paquete desde el segmento de entrada hasta el segmento de salida, mientras que el paquete mantiene estado suficiente para enrutar el paquete de segmento a segmento. Al mover estado de la red al paquete, el Sr reduce la cantidad de memoria que requieren las LrS y la cantidad de procesamiento necesario para mantener estado. Recientes aumentos de la cPu y memoria de los routers y mejoras en el protocolo rSVP-TE y sus implementaciones han reducido este inconveniente. sin embargo, continúa siendo motivo de preocupación. Un beneficio más significativo de mover estado de la red al paquete es que se elimina la necesidad de un protocolo de señalización de extremo a extremo. Aunque el Sr requiere un IGP y un módulo de cálculo de rutas, no requiere un protocolo de señalización como el LdP o rSVP-TE. Sin embargo, algunas funciones avanzadas que ofrece el rSVP-TE dependen de la señalización de extremo a extremo y del estado por lsP en la red. Estas funciones incluyen la reserva de ancho de banda, la detección de fallas y el re-enrutamiento rápido. En rSVP-TE, la función de cálculo de rutas puede estar distribuida entre los lrs de entrada, incluso cuando las restricciones de ingeniería de tráfico incluyen re- servas de ancho de banda. Esto es posible porque, en rSVP-TE, cada LSr mantiene estado para cada LSP que soporta. Teniendo este estado, puede calcular el ancho de banda restante en cada interfaz habilitada e inundar dicha información en el IGP. Por lo tanto, cada nodo en el IGP mantiene una lsdB y TEd con información suficiente para soportar la función de cálculo de rutas.

  En el sr, no existe ningún mecanismo de este tipo. cuando las restricciones de ingeniería de trafico incluyen reservas de ancho de banda, la función de cálculo de rutas se debe centralizar en un controlador donde se encuentra disponible una visión global de la distribución del ancho de banda. En rSVP-TE, los mecanismos de señalización de extremo a extremo también proporcionan funcionalidad OAM (operación, Administración y Gestión). cuando falla una sesión rSVP-TE vecina, el LSr aguas arriba de la falla señaliza el lsr de entrada, haciendo que este invoque procedimientos de restauración desde la cabecera. Si está configurado para hacerlo, el lsr aguas arriba de la falla también puede invocar procedimientos de restauración locales. En el sr, la interoperabilidad es más compleja. si la falla ocurre en una entrada de segmento, algún mecanismo OAM fuera del sr detecta la falla e informa al módulo de cálculo de rutas. El módulo de cálculo de rutas invoca procedimientos de restauración desde la cabecara, recalculando la ruta sr entre la entrada sr y la salida Sr. Aunque es posible concebir procedimientos de restauración locales para el sr, al día de hoy no se ha estandarizado ninguno. Si se produce una falla en algún punto que no sea el punto extremo del segmento, el sr confía en mecanismos de recuperación externos. Por ejemplo, si ocurre una falla a mitad de un segmento de prefijo, el Sr depende de un IGP para detectar la falla, cambios en la topología para inundación y para calcular la nueva ruta IGP de menor costo hasta el punto extremo del segmento.

  En este ejemplo, se podría desplegar una TI-LFa para reducir la dependencia en la convergencia del el IGP. Conclusión El Sr soporta ingeniería de tráfico, a la vez que reduce la cantidad de estado mantenido por la red. En muchos casos, el sr elimina la necesidad de protocolos de señalización MPLS (es decir, ldP y rSVP-TE). Por estas razones, el IETF debería continuar desarrollando capacidades de enrutamiento por segmentos. Específicamente, el IETF debería continuar desarrollando extensiones IGP para Sr, así como las extensiones BGP que se puedan requerir para extender el Sr a través de las fronteras de un IGP. Es fundamental trabajar más para desarrollar funciones de red esenciales tales como OAM y otras formas de transportar entropía para resolver las elecciones del EcmP. además, los fabricantes de equipos y operadores de red deberían trabajar de forma conjunta para desarrollar prototipos y experimentar con el sr para así poder ofrecer sus aportes al IETF, de modo tal de poder mejorar el sr y prepararlo para un despliegue a gran escala. Es probable que los operadores de red desplieguen cada vez más el sr en los próximos años. a medida que se produzca este despliegue, la comunidad del sr ganará experiencia operativa y los estándares del Sr se volverán a definir para solucionar problemas imprevistos. Todo esto resultará en una mejora de las implementaciones. A su vez, los operadores de red identificarán casos de uso para los que se adapta bien el sr, así como casos de uso para los que podría ser mejor utilizar LdP y rSVP-TE. Por estas razones y para soportar una base instalada a gran escala, el IETF y los fabricantes de equipos de red deberían continuar refinando y soportando LdP y rSVP-TE con la misma intensidad que avanzan el sr.  

]]> 2362 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/el-ietf-debate-su-papel-en-el-apoyo-a-los-derechos-humanos-a-traves-del-desarrollo-de-protocolos-de-internet/ Mon, 23 Oct 2017 21:00:17 +0000 https://www.ietfjournal.org/?p=2369

Por Carolyn Duffy Marsan

En su sesión del plenario TécnIco en El IETF 98 En Chicago, la IAB patrocinó un animado debate sobre la mejor forma de manejar las consideraciones en materia de derechos humanos en el desarrollo del protocolo.

El debate giró en torno a un proyecto de documento (draft) desarrollado durante los últimos dos años por el Grupo de Investigación del IrTF sobre consideración de los derechos humanos en los protocolos (hrPc). El grupo hrPc está estudiando cómo el desarrollo de pro- tocolos de Internet puede permitir, fortalecer o debilitar los derechos humanos tales como la libertad de expresión y la libertad de asociación, como se describe en tratados con amplio apoyo como la declaración universal de derechos humanos y el Pacto Internacional de derechos civiles y Políticos.

El grupo HrPC considera que Internet, como una red de redes global, debe pro- porcionar conectividad continua a todos los usuarios para todo el contenido. como tal, el grupo cree que la promesa de Internet de una conectividad con able, segura y abierta es un habilitador clave de los derechos humanos. El grupo está analizando la relación entre los derechos humanos y los protocolos y trabajando en directrices para ayudar a quienes desarrollan protocolos a evitar situaciones donde un nuevo protocolo inhiba la capacidad de los usuarios de ejercer su libertad. Idealmente, estas directrices serán similares al trabajo realizado para las consideraciones en materia de privacidad en la rFC 6973.

Niels Ten Oever, co-chair del grupo de investigación hrPc y jefe del grupo de derechos digitales para Article 19, abrió el debate reconociendo que es difícil el esfuerzo del grupo hrPc para comprender y demostrar el impacto de los derechos humanos de los protocolos de Internet. “Todos hemos considerado a la Internet como un gran motor para la libertad de expresión. de hecho, nos ha permitido crear nuevas oportunidades para que las personas puedan expresarse y recolectar información. Esto no significa que nuestro trabajo no tenga aspectos negativos, como en el caso de la vigilancia generalizada”, explicó oever.

Ten oever señaló que el papel de Internet es cada vez más importante en áreas como la libertad de expresión y asociación, así como en la educación, el debate público e incluso en las votaciones. También hizo hincapié en que, a pesar de los esfuerzos del IETF, el acceso a Internet no está igualmente distribuido en el resto del mundo. “En el IETF hemos contribuido en gran medida a dar forma a la Internet que tenemos hoy”, dijo ten oever. “sin embargo, con un gran poder viene una gran responsabilidad. Este es un llamado a a rmar dicho poder”. Ten Oever dijo que el IETF respeta y propaga ciertos valores, tales como la justicia, la descentralización del control y el compartir los recursos. Por lo tanto, considerar formas de mitigar cómo sus pro- tocolos se podrían utilizar para limitar los derechos humanos no estaría fuera del alcance del organismo de estandarización. En particular, señaló la rFC 6973, que describe consideraciones de privacidad para los protocolos de Internet, y la BcP 72, que ofrece directrices sobre las con- sideraciones de seguridad para todos los protocolos. Ten oever agregó que otros organismos de estandarización, incluidos el IEEE e Iso, están teniendo en cuenta cuestiones éticas y de responsabilidad social a la hora de crear protocolos de Internet.

“Se trata de algo complejo”, admitió Ten oever. “debemos comprender nuestro propio papel y asumir responsabilidad. Esto no signi ca que nuestra tecnología sea buena ni mala, pero de nitivamente signi ca que nuestra tecnología no es neutral”. Ten oever incentivó a todos los partici- pantes del IETF a revisar las directrices sobre consideraciones en materia de derechos humanos, publicadas a modo de documento informativo en el sitio web del grupo. “Precisamos que los desarrolladores de protocolos prueben las directrices”, explicó.

David Clark, jefe del laboratorio de Inteligencia arti cial (CSaIL) del Instituto de Tecnología de massachusetts (mIT), dijo que leyó las directrices y que las encontró “fascinantes” y en línea con un movimiento llamado “valores en el diseño” que él apoya. “Los derechos humanos no son absolutos”, dijo clark. “los diseñadores de tecnología tienen una opción: participar o no participar en la conversación”. A modo de ejemplo, se re rió al debate raven en el año 2000, cuando el IETF se negó a desarrollar estándares que permitieran a los organismos de seguridad interceptar legalmente las comunicaciones.

“Al negarse a hacerlo, el IETF dejó la decisión en manos de otros”, agregó. “Esto no significa que nunca hubo estándares para intervenir las comunicaciones. solo significa que fueron desarrollados por alguien más”. Clark dijo que el IETF puede optar por continuar diseñando protocolos para un resultado preferido como lo hizo en el debate raven. También puede incorporar en el diseño de sus protocolos cierta tolerancia para una variedad de resultados que quizás no sean de su preferencia, por ejemplo, la capacidad de intervenir las comunicaciones. “Lo que estamos diseñando es el campo de juego, no el resultado del partido”, señaló Clark. “Sin embargo, si uno es lo su cientemente inteligente, es posible inclinar el campo de juego”. Tras los comentarios de Ten oever y clark, lee howard del IAB moderó las preguntas del público. Scott Bradner, miembro del IETF de larga data, aportó información sobre el debate raven para los miembros del público que no habían participado en aquellas discu- siones. “no fue una discusión fácil”, dijo Bradner. “Había gente que decía que era un pecado moral que los gobiernos inter- vinieran las comunicaciones, mientras que otros opinaban que hacerlo era responsabilidad del gobierno. Fue un debate político disfrazado de tecnología”.

El público parecía estar dividido con respecto al papel del IETF en las discusiones sobre los derechos humanos. Algunos miembros cuestionaron si el IETF era el organismo de estandarización adecuado para combatir este tipo de problemas y advirtieron que los debates éticos podrían desviarlo de sus objetivos de inge- niería. otros, entre ellos clark y Ten oever, alentaron al IETF a tomar un papel más activo en estos debates controversiales del que tenía en el pasado. “Ya hay gente que piensa en la ética: abogados, jueces, legisladores, la opinión pública y el mercado. Esto no quiere decir que nosotros no debamos hacerlo”, dijo Ten oever. “no podemos tercerizar nuestra ética y esperar que otros se ocupen del tema. Pero también quiere decir que nosotros no vamos a reemplazarlos. deberíamos asumir la responsabilidad dentro de nuestro pequeño reino”. De manera similar, harald Alvestrand, anteriormente chair del IETF, argumentó que el IETF no tiene otra opción que invo- lucrarse en los debates relacionados con los derechos humanos e intentar “inclinar el campo de juego en la dirección que queremos”. Daniel Kahn Gillmor de la unión Estadounidense por las libertades civiles también argumentó a favor de la participación del IETF en estos debates dado que está creando herramientas importantes que todos usan.

“Es críticamente importante que los inge- nieros, como todos los que estamos en este salón, pensemos éticamente todo el tiempo sobre cuáles son las consecuencias”, a rmó Gillmor. “me alegra mucho ver que estamos teniendo esta discusión y reconociendo que tenemos un papel a la hora de decidir si las personas pueden ejercer los derechos que esperan tener en Internet hoy, mañana y en el futuro”. Howard nalizó la discusión alentando a los participantes del IETF a continuar la conversación en el grupo de investigación sobre hrPc.  

]]> 2369 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-grupo-de-trabajo-automatizacion-y-monitoreo-continuo-de-la-seguridad/ Mon, 23 Oct 2017 21:41:18 +0000 https://www.ietfjournal.org/?p=2371

Los recientes ataques a la red significan que la automatización de la seguridad y el monitoreo continuo son fundamentales. Un conocimiento actualizado acerca del estado de la red y los puntos extremos que la comprenden son más importantes que nunca. La información de postura de la red permite a quienes defienden la red contar con la información que necesitan para proteger adecuadamente los datos críticos, corregir las vulnerabilidades antes de que sean explotadas y desviar los ataques de los actores maliciosos. Esta misma información de postura de la red sustenta la resiliencia de la red, permitiendo que los operadores luchen y se recuperen de los ataques a la red cuando no es posible desviarlos. Automatizar los procesos para recolectar esta información, aprovecharla contra los ataques a la red y soportar una operación resiliente permite ahorrar tiempo y recursos y, por ende, ofrece beneficios de seguridad a la red y beneficios económicos a sus dueños.

Entonces, ¿por qué la automatización de la seguridad no es algo generalizado? Porque una correcta automatización de la seguridad requiere la interoperabilidad de un variado conjunto de productos. cada herramienta o proceso analítico en la red debe trabajar en conjunto —desde los orquestadores que dirigen las acciones de seguridad de la red, hasta los recolectores que los alimentan con datos; desde las herramientas de gestión de eventos e infor- mación de seguridad (SIEm) que detectan ataques, hasta los rewalls que ejecutan comandos para bloquear actividades maliciosas; desde los routers y switches que forman el backbone de la red, hasta los dispositivos de borde que los protegen. cada punto extremo necesita ser parte de una solución completamente automatizada. El alcance de la solución deseada es enorme: automatizar las funciones de seguridad de la red en la mayor medida posible. En las soluciones de automatización de seguridad disponibles, los puntos extremos, herramientas y elementos de análisis no interoperan lo su ciente como para realmente automatizar las funciones de seguridad de la red. Solo a través de los estándares se podrán lograr soluciones interoperables para este espacio. El Grupo de Trabajo del IETF sobre Automatización y monitoreo continuo de la seguridad (sAcm) ha estado trabajando para definir correctamente el alcance del problema de la automatización de la seguridad. Esto incluye identificar qué información de postura es esencial para la seguridad de la red y estandarizar cómo recoger y compartir esta información con herramientas de evaluación y análisis que puedan mejorar su capacidad para detectar y responder a los ataques. Para que el alcance de la estandarización de la automatización de la seguridad sea más manejable, es necesario dividirla en un conjunto de tareas de seguridad funcionales automatizadas con un orden de prioridad definido.

El sAcm ha elegido la evaluación de vulnerabilidades como la primera tarea de seguridad a automatizar. El escenario de evaluación de vulnerabilidades del sAcm1 describe cómo una empresa puede evaluar su susceptibilidad frente a una vulnera- bilidad anunciada. Existen muchas razones por las que la evaluación de vulnerabi- lidades es una buena primera opción para un caso de uso de automatización de la seguridad. • Esta es una tarea de seguridad fun- damental, y el aumento de las “vulne- rabilidades con nombre”, por ejemplo, heartbleed y shellshock, es un indicador de ello.

• Es una tarea difícil de realizar sin un gran gasto de recursos.
• los efectos de una evaluación de vulnerabilidades de ciente resonarán con el paso del tiempo. Por ejemplo, años después del anuncio de heartbleed, continúan habiendo implementaciones de ssl sin parchar que amenazan la seguridad de la red.
• la evaluación de vulnerabilidades representa un desafío para las redes empresariales, pero se podría auto- matizar fácilmente si se brindaran los datos correctos a los evaluadores.Investigar la evaluación de vulnerabilidades como el primer caso de uso de la automatización tiene el bene cio agregado de que nos obliga a abordar el problema fundamental de saber qué hay en nuestra red. Es imposible evaluar las vulnerabilidades de una red sin conocer la compo- sición de la red. En particular, el evaluador necesita saber cuáles son los puntos extremos de la red y el software que se está utilizando —conocimiento apoyado en buenas prácticas de gestión de activos de software y hardware—. la gestión de activos de software y hardware sustenta la evaluación de vulnerabilidades, así como la gestión de con guraciones, la detección de amenazas, el análisis de malware y otra serie de funciones de seguridad de red susceptibles de ser automatizadas.

Aunque es evidente que los operadores de red deben monitorear continuamente los activos de software y hardware que se encuentran en la red, es muy importante comprender la arquitectura de este monitoreo. Para que esta información llegue a los evaluadores que la precisan, se debe recolectar en un formato estructurado y conocido. Para la seguridad de los puntos extremos que monitorean los operadores de red, la solución requiere protocolos autenticados y cifrados. cuando cambia la información monitoreada, los datos se deben proveer lo antes posible para eliminar los escaneos periódicos de la red que podrían ser utilizados para un ataque. Por razones de escalabilidad, la solución debe ser exible y liviana. a su vez, para soportar futuros casos de uso de automatización de la seguridad, la solución debe ser extensible.

El IETF ha estandarizado la arquitectura de evaluación de puntos extremos de la red (NEA), por lo que ya existe una solución que cumple con estos requisitos para los dispositivos cliente. usando el protocolo PT-TLP, cualquier punto extremo conectado a la red puede comunicar información de postura a un servidor de cumplimiento, incluida la identidad del punto extremo. construyendo sobre lo realizado por el Grupo de Trabajo sobre computación confiable (Trusted Computing), el sAcm le ha agregado a estos protocolos y ha especificado cómo comunicar los datos de especificación del software sobre NEA en el proyecto de especificación (draft) sobre mensaje y atributos de inventario de software para PA-TNC.

SWIma es una instancia de un colector NEA que puede monitorear inventario de software de puntos extremos y enviar informes a un servidor de cumplimiento. Utilizar SWIma en lugar de PT-TLS permite recolectar la identidad de los puntos extremos y el inventario de software antes de que se anuncie una vulnerabilidad. utiliza etiquetas de identidad de software (SWIdCo), un estándar Iso/IEc, como un modelo de datos que permite a los fabricantes y dueños de software desarrollar representaciones Xml únicas de la identidad de un software. El servidor de cumplimiento puede almacenar esta información en un repositorio de datos para futura referencia (Figura 1).

Algunos tipos de puntos extremos no podrán soportar el software cliente que requiere nEa. Otros, en particular los dispositivos de red, ya soportan protocolos específicamente diseñados para generar informes de postura. Es imposible tener una buena higiene en la red sin informes de postura de los dispositivos de red. En el IETF hay una lista de correo —Evaluación de la postura a través de la recolección de información de la red (PAnIc)— que está explorando soluciones para recolectar la postura de los dispositivos de red, en particular, modelos YanG que podrían ofrecer información adecuada a los dispositivos de defensa de la red acerca de la postura de sus dispositivos de red. Estos modelos, que se comunican sobre NETCONF y aprovechan el draft que especifica el YanG push, pueden ayudar a mantener un panorama actualizado del estado de la red (Figura 2).

Ahora que hay una colección robusta de información de inventario de software de los puntos extremos en el repositorio de datos, las herramientas de seguridad empresarial que tengan autorización apropiada podrán acceder a esta información y utilizarla.

Mientras que el escenario de evaluación de las vulnerabilidades se enfoca en utilizar la información de inventario de software para un caso de uso específico, es fácil ver que esta información puede llegar a ser valiosa para muchas otras herramientas de seguridad de red: herramientas de gestión de activos, análisis de comportamiento, e incluso las herramientas de detección de amenazas pueden mejorar sus salidas con acceso a información de inventario de software precisa y actualizada. cada uno de estos evaluadores consultará el repositorio de datos para obtener los datos que necesite. Para ampliar nuestro ejemplo de evaluación de vulnerabilidades, un evaluador consultará el repositorio de datos para determinar los puntos extremos que tienen instalado el software vulnerable, aprovechando así la información de gestión de activos de software recogida de los puntos extremos de la red. Otros evaluadores también pueden aprovechar estos datos, con lo cual se crea una conciencia situa- cional compartida de la postura de la red (Figura 3).

Además de comprender la postura de la red, las empresas precisan una conciencia situacional compartida de las amenazas actuales a la red. La conciencia de la situación puede tener diferentes formas en función del caso de uso abordado. En el caso de la evaluación de vulnerabilidades, la herramienta debe conocer qué vulnerabilidades está buscando. El proyecto del sAcm titulado Evaluación de las vulnerabilidades de ne un repositorio de datos de vulnerabilidades que puede proveer información sobre debilidades que podrían comprometer la seguridad de la red. Se trata de un repositorio de contenido al que deben acceder los evaluadores para ayudar a definir los criterios que utilizan para realizar su evaluación. Este repositorio se podría implementar utilizando el proyecto de especicación (draft) sobre intercambio de información orientado a recursos (rolIE) producido por el Grupo de Trabajo mIlE (Intercambio liviano de incidentes gestionado). RolIE construye sobre el protocolo de publicación ATom8 para compartir software, vulnerabilidades, inteligencia sobre amenazas en la red, listas de verificación de la configuración y otra información de la automatización de la seguridad de forma escalable. Los fabricantes, investigadores del área de la seguridad y personal encargado de gestionar las redes pueden crear repositorios roLIE para asegurar que sus evaluadores tengan la información de seguridad más actualizada posible (Figura 4).

El Grupo de Trabajo sAcm demostrará cómo los estándares SWIma, nEa y roLIE pueden satisfacer los requisitos del Escenario de evaluación de vulne- rabilidades durante el hackathon previo al IETF 99. Invitamos a las partes interesadas a sumarse a la lista de correo del sAcm9. Quienes estén interesados en la automatización de la seguridad para los equipos de red pueden suscribirse a la lista PAnIc10; quienes tengan interés en el trabajo sobre repositorios de contenido pueden suscribirse a la lista mIlE11.

Notas al pie 1. https://trac.ietf.org/trac/sacm/wiki/ sacmvulnerabilityAssessmentscenario. 2. https://tools.ietf.org/html/rfc5209. 3. https://datatracker.ietf.org/doc/rfc6876/. 4. https://datatracker.ietf.org/doc/draft-ietf- sacm-nea-swid-patnc/. 5. https://datatracker.ietf.org/doc/draft- waltermire-panic-scope/. 6. https://datatracker.ietf.org/doc/draft-ietf- netconf-yang-push/. 7. https://datatracker.ietf.org/doc/draft-ietf- mile-rolie/. 8. https://tools.ietf.org/html/rfc5023. 9. https://www.ietf.org/mailman/listinfo/sacm. 10. https://www.ietf.org/mailman/listinfo/panic. 11. https://www.ietf.org/mailman/listinfo/mile.

 

]]> 2371 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/se-creo-la-direccion-de-educacion-y-mentoria/ Mon, 23 Oct 2017 21:49:42 +0000 https://www.ietfjournal.org/?p=2379

Por Karen O'Donoghue

El IETF Es una organización grande y diversa con un extenso cuerpo de trabajo técnico, una cultura única y una colección espectacular de herramientas e información diseñada para soportar una comunidad distribuida globalmente que se conecta de forma presencial y cada vez mas de forma remota. nuestra amplia membresía y varie- dad de áreas temáticas presentan una serie de desafíos, por ejemplo, cómo divulgar la información correcta a las personas indicadas en el momento indicado. Especí camente en el caso de los nuevos participantes, para que obtengan la información que necesitan para ingresar y contribuir a la comunidad de forma cómoda y efectiva. Para ayudar a abordar estos desafíos y crear una mejor coordinación a través de las distintas actividades que se realizan en la organización, establecimos una dirección de Educación y mentoría. Este artículo comparte un resumen de las actividades que actualmente realiza la dirección e incluye un llamado a voluntarios para ayudar con sus proyectos.

Introducción a la dirección La dirección de Educación y mentoría se creó con los tres objetivos siguientes:

• mejorar la productividad del trabajo del IETF.
• Expandir la diversidad e inclusión del IETF.
• Permitir que el IETF facilite el desa- rrollo técnico y la innovación en In- ternet.Para apoyar estos objetivos, la dirección estructurará y guiará el desarrollo de acti- vidades educativas y materiales asociados para que sean más accesibles, relevantes, reutilizables y completamente compren- sibles. La dirección también ayudará a que las actividades de mentoría establezcan relaciones entre los participantes que permitan una participación productiva en el IETF. la dirección ayudará a coordinar las actividades de difusión relacionadas con el IETF y asegurará que las actividades relacionadas estén lo su cientemente ali- neadas y tengan el apoyo necesario del programa de educación y mentoría. Por último, la dirección trabajará en mejores indicadores y mediciones para evaluar la efectividad de las actividades de la dirección.La dirección sirve al área general (GEn) del IETF. los participantes incluyen el enlace del IEsG para actividades educativas, el chair del IETF, el director ejecutivo del IETF, enlaces con el equipo de herramientas (Tools) y programas de difusión de Isoc, así como los jefes de proyectos de educación, mentoría y coordinación de la difusión. El plan es que la propia dirección se enfoque en la coordinación y gestión de proyectos ligeros, y que los proyectos individuales tengan más cantidad de voluntarios para su ejecución.
  Proyectos de la dirección Los proyectos de la dirección cubren las tres áreas de educación, mentoría y alcance e incluyen dos iniciativas transversales: métricas y análisis, y mejora de la experiencia de los nuevos participantes. Los proyectos de educación ofrecen materiales de capacitación tanto a los par- ticipantes recién llegados como a quienes forman parte del IETF desde hace tiempo, entre ellos, tutoriales de domingo, materiales en línea y el Foro de los chairs de los grupos de trabajo. A su vez, esta área incluye proyectos que exploran diferentes formas de mejorar la accesibilidad de los materiales educativos en línea. También hay una cantidad de proyectos relacionados con la mentoría y la difusión para nuevos participantes, todos ellos diseñados para ayudar a los recién llegados a integrarse rápidamente en la comunidad. Por ejemplo, el IETF tiene un programa de mentoría que reúne a mentores y aprendices en función de sus intereses y resultados deseados. Además, organiza una cena y una actividad de speed mentoring para los recién llegados.

  También hay actividades que buscan apoyar la creación de comunidades físicas más allá de las reuniones del IETF. Entre los ejemplos de este tipo de actividades podemos mencionar grupos de personas que se reúnen para participar de forma remota en una reunión del IETF y partici- pantes locales que se juntan por fuera de una reunión del IETF para continuar cola- borando. Dos esfuerzos diseñados para ayudar a monitorear y evaluar la eficiencia y efec- tividad de estos proyectos atraviesan las tres áreas de proyectos. El primero explora diferentes maneras de mejorar la experiencia de quienes recién se acercan al IETF, e incluye el sitio web, capacitación, registro, interacción con los grupos de trabajo, etc. Este proyecto aborda las siguientes preguntas: ¿Qué necesitan los nuevos participantes para convertirse en colaboradores efectivos? ¿Qué puede hacer la comunidad del IETF para satisfacer estas necesidades? El segundo esfuerzo se encarga de identificar métricas y monitorear la efectividad de todos estos programas. los recursos son valiosos, por lo que primero debemos enfocarnos en aquellos proyectos que ofrecen el mayor bene cio a partir de los recursos disponibles. Si desea obtener más información sobre los proyectos de la dirección, puede visitar nuestra wiki1. ¿Cómo puede ayudar? Existen muchas oportunidades para que los miembros del IETF contribuyan con la dirección:

  • Puede utilizar su experiencia en el diseño de métricas y relevamientos para ayudarnos a evaluar la efec- tividad de nuestros programas.
  • si está trabajando en una tecnología nueva y prometedora, puede compartir el trabajo con un público más amplio a través de un tutorial de domingo. los ejemplos incluyen el tutorial sobre Privacidad del dns y el tutorial sobre QuIc.
  • si usted es un participante relativamente nuevo en el IETF (últimos dos años), podría contarnos qué tan bien los programas del IETF se ajustaron a sus necesidades.
  • si usted es un participante remoto, sea en forma individual o a través de un hub remoto, sus comentarios y aportes podrían ayudarnos a mejorar estas experiencias.
  • si usted es un participante experimentado, podría servir de guía para quienes recién se incorporan al IETF a través de los programas de mentoría rápida o mentoría regular.
  • si se siente frustrado por lo difícil que resulta encontrar lo que necesita en las plataformas del IETF (por ejemplo, sitio web, datatracker, herra- mientas), podría ayudarnos a revisar y reorganizar estos materiales.Para hacernos llegar sus comentarios o sugerencias o para ofrecerse como voluntario, escriba a la lista de correo de la dirección (emo-dir@ietf.org) o acérquese a cualquier miembro de la dirección que encuentre en el IETF 99. Para obtener más información sobre la dirección, visite el sitio web del IETF4 y la wiki de la dirección.Notas al pie
    1. https://trac.ietf.org/trac/edu/wiki/Edum- Projects.
    2. https://youtu.be/2JeYIecfwdc.
    3. https://youtu.be/lPsTcBITbvs.
    4. https://www.ietf.org/edu/

]]> 2379 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/programa-de-politicas-en-el-ietf-desarrollado-por-la-internet-society/ Mon, 23 Oct 2017 21:52:19 +0000 https://www.ietfjournal.org/?p=2381

En muchas formas, el programa actúa como un “curso intensivo” sobre cómo funciona Internet, su historia y cómo continúa evo- lucionando a través del trabajo del IETF. los formuladores de políticas participan en presentaciones interactivas realizadas por expertos del IETF, quienes les ofrecen el tipo de fundamentos técnicos que necesitan para una toma de decisiones e caz en materia de políticas. durante el transcurso de quince reu- niones, el programa ha traído al IETF 189 legisladores de 93 territorios y países. En este sentido, el programa también contribuyealadiversi cacióndenuestro organismo de estandarización: los invitados del programa de políticas reconocen los bene cios de que los expertos técnicos de su región aporten sus conocimientos y perspectivas al IETF. al nal del programa, una preocupación general entre los participantes es cómo lograr que más ingenieros se involucren en el trabajo del IETF en sus respectivos países, ya sea asistiendo a las reuniones o contribuyendo a través de las listas de correo.

Promover la participación de una nueva generación de expertos técnicos globales es fundamental para el éxito del IETF a largo plazo. Al lograr mayor apoyo entre los formuladores de políticas y ayudar a promover una mayor participación alrededor del mundo, el programa Políticas delIETFesotraformaenquelaInternet society contribuye al éxito continuo del IETF.

]]> 2381 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/hackathon-del-ietf-98-mejora-internet-con-codigo-funcional/ Mon, 23 Oct 2017 21:58:09 +0000 https://www.ietfjournal.org/?p=2383

Originalmente publicado por Charles Eckel en la Comunidad de Código abierto DevNet el 12 de abril de 2017.

El GruPo dE TrABAJo En InGEnIEríA dE InTErnET (IETF) llEGó A chIcAGo para el IETF 98 del 25 al 31 de marzo. Como ya es habitual, la reunión comenzó el fin de semana anterior con el Hackathon, un elemento clave del enfoque del IETF para combinar el código en ejecución y el software de código abierto con la especificación de nuevos estándares de Internet.

Los hackathons del IETF son gratuitos y abiertos a todos. sus objetivos declarados son:

• Acelerar y aumentar la relevancia de las actividades de estandarización del IETF e incorporar en el IETF la velocidad y el espíritu de cola- boración del desarrollo del código abierto.
• Atraer desarrolladores y jóvenes al IETF y exponerlos para que desarrollen interés por su trabajo.Se sugiere asistir a la reunión del IETF la siguiente semana, pero esto es opcional. Una de las formas en que el Hackathon cumple su primer objetivo es al incentivar a que los participantes compartan lo que ganaron durante el hackathon con la comunidad más grande del IETF, tanto al presentar sus resultados durante las sesiones de los grupos de trabajo como al demostrar su trabajo en la recepción de Bits-n-Bites.
  Más de 115 personas participaron en el hackathon de Chicago para colaborar con colegas de diferentes empresas, organismos de estandarización, comunidades de código abierto y universidades. Para alrededor de un tercio de los participantes, este fue su primer hackathon del IETF. Para alrededor de una docena, esta fue su primera experiencia con el IETF. Tuvimos aproximadamente 15 proyectos, cada uno dirigido de ellos por voluntarios llamados promotores (champions). los proyectos se compartieron por adelantado a través de la wiki del hackathon. cuando las puertas se abrieron el sábado a las 8 a.m., los promotores colocaron carteles en sus mesas para ayudar a los potenciales colaboradores a encontrar los equipos a los cuales deseban unirse.

  A pesar del jet lag y de que arrancaron temprano, los grupos trabajaron hasta tarde la noche del sábado, incluso después de terminar la cena y de beber todas las cervezas. El domingo también arrancó temprano para los participantes, quienes comenzaron por depurar su código y agregaron otras funcionalidades hasta las 14.00, hora jada para la presen- tación de los proyectos. cada grupo tuvo cuatro minutos para compartir qué había hecho, qué había aprendido y cómo había avanzado el trabajo del IETF.

  Un grupo de jueces de la comunidad del IETF escuchó y realizó preguntas luego de cada presentación. luego se anunciaron los ganadores en el espíritu de una com- petencia amistosa. Los equipos ganadores fueron los siguientes.

  • (D)TLS: Premio al mejor trabajo, por su trabajo en Tls 1.3 y la versión correspondiente de dTls.
  • NETVC: medir dos veces y cortar una, por una prueba de concepto que guiará futuras especi caciones.
  • CAPPORT: Premio al mejor impulso, por un proyecto que inyectó nueva energía a un grupo de trabajo que se había estancado.

  • WebRTC PSAP: mejores estudiantes, por un proyecto nuevo presentado por profesores y estudiantes del Instituto de Tecnología de Illinois. • LoRaWAN: mejores participantes nuevos, por un proyecto que se bene ció de una importante contri- bución de quienes participaban por primera vez en una reunión del IETF. • AMT-Multicast: Participante más remoto, equipo con un miembro que participaba de forma remota desde mauricio.

  Otro equipo digno de destacar es el I2nSF, que incluía participantes de la universidad de Sungkyunkwan (Corea del Sur) que viajaron hasta Chicago para continuar con su proyecto, premiado el año pasado en el Hackathon del IETF 97 realizado enSseúl. Para obtener más información sobre este y otros proyectos, consulte la página web del hackathon: https://datatracker.ietf.org/ group/hackathon/meetings/.

  Los ganadores pudieron elegir entre una variedad de mochilas contribuidas por la secretaría del IETF y Google. Los equipos ganadores también recibieron prioridad para presentar los proyectos desarrollados en el Hackathon durante la sesión Bits- n-Bites. Esta vez, cuatro grupos aprovecharon la oportunidad para compartir su trabajo: AmT/multicast, cAPPorT, (d)Tls y WebrTC PSaP. Un agradecimiento especial para Ericsson y mozilla, patrocinadores del hackathon, y para mi empleador, Cisco devnet, por apoyar mis esfuerzos para organizar los hackathons y ofrecer camisetas para todos los participantes —por primera vez también talles para mujeres—. Por último pero no por ello menos importante, muchas gracias a Alissa Cooper y Jari Arkko, chairs entrante y saliente del IETF, dos grandes defensores de los Hackathons que han sido instrumentales para incorporarlos al IETF.

]]> 2383 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/trabajo-conjunto-ietf-y-3gpp-trabajan-sobre-5g/ Mon, 23 Oct 2017 22:18:01 +0000 https://www.ietfjournal.org/?p=2385

Adaptado de una entrada de alissa Cooper publicada en el blog del IETF el 12 de junio de 2017.

En Junio de 2017, la chair del IETF Alissa cooper participó en la reunión plenaria del 3GPP que se llevó a cabo en West Palm Beach, Florida (EE.uu). Invitada por Georg Mayer, enlace del 3GPP ante el IETF, Alissa asistió a las reuniones de los grupos de arquitectura de sistemas y redes de acceso por radio, y dio inicio a la nueva serie llamada Wednesday Speaker Club con una discusión sobre cómo el 3GPP y el IETF pueden cooperar en la estandarización de 5G.

La siguiente generación de tecnología de redes inalámbricas ha ido ganando atención e impulsando nuevos trabajos entre la industria, las organizaciones de estandarización y los proyectos de código abierto. los participantes del 3GPP están invirtiendo un esfuerzo enorme para definir y priorizar requisitos del 5G de manera de ayudar a llevar esta tecnología a buen término. También están trabajando con plazos muy apretados, ya que el conjunto inicial de estándares 5G debe estar terminado en junio de 2018. Por lo tanto, es oportuno e importante determinar si existen dependencias entre el 5G y el IETF, así como identificar mecanismos para asegurar una colaboración uida entre ambos. El IETF y el 3GPP tienen un largo historial de trabajo conjunto y muchos éxitos sobre los cuales construir, entre ellos las experiencias con SIP/ImS, EaP-aKa y diameter. dado que 5G abarca una franja de personas más amplia que quienes ya han participado en esfuerzos conjuntos anteriores, durante la reunión Cooper dedicó parte de su tiempo a compartir cómo funciona el IETF, ejemplos de cómo el IETF se enfoca en tecnologías de Internet ampliamente desplegables, y en qué trabaja la organización. Destacó áreas de trabajo del IETF que podrían ser relevantes en el contexto del 5G, incluyendo el trabajo sobre modelos de datos, encadenamiento de servicios, redes determinísticas y QuIc. También dialogó con los participantes del 3GPP sobre estrategias específicas para ayudar a las dos organizaciones a colaborar.

La sesión de preguntas y respuestas del Speaker Club se enfocó en el potencial y los aspectos prácticos de mejorar la colaboración. Los temas incluyeron: • La necesidad de que expertos técnicos de cada grupo interactúen en forma directa (además de los gerentes de enlace existentes que trabajan en ambas direcciones).

• oportunidades para ofrecer presenta- ciones más introductorias en ambas direcciones, de modo que quienes no estén familiarizados con 5G o con el trabajo especí co del IETF puedan aprender más.
• Formas de identi car posibles requisitos 5G que en un principio puedan generar dependencias de los protocolos del IETF, incluso si su posterior análisis en el 3GPP reduce la urgencia de la necesidad de trabajar en los protocolos
  El IETF 99 es una oportunidad para ver con más claridad las dependencias específicas que el IETF puede esperar entre los planes 5G y el trabajo del IETF. La agenda incluye un módulo para discutir algunos de los trabajos de subdivisión de red motivados por 5G, además de po- sibles conversaciones de pasillo y discusiones ad hoc. Si usted está trabajando en aspectos de 5G que no están cubiertos por los BoF propuestos y busca orientación o aportes sobre las superposiciones con el IETF, póngase en contacto con Gonzalo Camarillo, enlace del IETF ante el 3GPP, (gonzalo.camarillo@ericsson.com).
  nota al pie
• 1. las diapositivas de la presentación de cooper están disponibles en https://www. ietf.org/blog/2017/06/working-together- with-3gpp-on-5g/. 

]]> 2385 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/anuncio-de-los-ganadores-del-premio-anrp-a-la-investigacion-aplicada-en-redes/ Mon, 23 Oct 2017 22:21:17 +0000 https://www.ietfjournal.org/?p=2388

Por Mat Ford

El Premio ANRP A lA investigación aplicada en redes se otorga a resultados recientes relevantes para llevar al mercado productos de Internet y esfuerzos de estandarización relacionados. Durante el IETF 98, dos personas recibieron este premio:

• yossi Gilad, por la extensión de validación de n del camino (path-end) para rPKI. El trabajo completo está disponible en https://dl.acm.org/ft_gateway. cfm?id=2934883.
• alistair king, por un marco para habilitar el procesamiento e ciente de grandes cantidades de datos vivos y/o distribuidos del protocolo BGP. El trabajo completo está disponible en https://dl.acm.org/ citation.cfm?id=2987482.

Gilad y King presentaron sus conclusiones en la reunión abierta del Grupo de Trabajo para Investigación sobre Internet durante el IETF 98. las presentaciones están disponibles en https://www.ietf.org/proceedings/98/ slides/slides-98-irtfopenjumpstarting-bgp-security-00.pdf y https://www.ietf.org/proceedings/98/slides/slides-98-irtfopen-bgpstream-a-framework-for-historical-analysis-and- real-time-monitoring-of-bgp-data-00.pdf. Gracias a meetecho, el audio y el video de las presentaciones también están disponibles en https://www.youtube.com/watch?v=sP0xz- jGelmE (a partir de 00:15:25). Se han seleccionado ganadores del premio AnrP para todas las reuniones del IETF a realizarse en 2017. Los siguientes ganadores presentarán sus trabajos en la reunión del IETF 99 en Praga:

• Stephen Checkoway, profesor asistente en el departamento de informática de la universidad de Illinois, chicago. checkoway presentará un análisis sistemático del incidente de Juniper relacionado con curvas elípticas.
• Philipp richter, estudiante de doctorado en el grupo InET en la universidad Técnica de Berlín. richter presentará un análisis multiperspectiva del despliegue de traducción de direcciones de red (nAT) carrier grade.

El período de nominaciones para los Premios anrP 2018 abrirá a mediados de 2017. Suscríbase a la lista de correo irtf-announce@irtf.org para recibir todas las noti caciones relacionadas con estos premios.  

]]> 2388 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/informe-del-irtf/ Mon, 23 Oct 2017 22:23:47 +0000 https://www.ietfjournal.org/?p=2390

Del Informe del IRTF presentado el 27 de marzo de 2017 en el Plenario del IETF 98

El IETF 98 celebrado en Chicago marcó la primera reunión con la nueva chair Allison Mankin. Durante la reunión, se reunieron siete grupos de investiga- ción ya formalmente creados dentro del IRTF:

• consideraciones con respecto a los derechos humanos en los protocolos (hrPc)
• control de la congestión en Internet (IccrG)
• redes centradas en la información (IcnrG)
• medición y análisis para protocolos (mAPrG)
• virtualización de funciones de red (nFvrG)
• Gestión de redes (nmrG)
• Thing-to-Thing (T2TrG)Los siguientes dos grupos de investigación terminaron su trabajo recientemente : redes definidas por software (SdnrG) y el l Grupo de investigación provisorio sobre aprendizaje automático para redes (nmlrG).
  La reunión abierta del IrTF incluyó dos presentaciones ganadoras del premio AnrP: Yossi Gilad sobre la extensión de validación de path-end para rPKI, y Alistair King sobre un marco para habilitar el proce- samiento e ciente de grandes cantidades de datos de BGP vivos y/o distribuidos. La convocatoria de trabajos para el Taller de investigación aplicada en redes 2017 ya ha nalizado. anrW'’7 es un taller académico que ofrece un foro para que investigadores, fabricantes, operadores de red y la comunidad de estándares de Internet presenten y discutan resultados emergentes en la investigación aplicada en redes. Patrocinado por Acm sIGcomm, el Grupo de Trabajo para Investigación sobre Internet (IrTF) y la Internet society (Isoc), el taller se llevará a cabo el sábado 15 de julio de 2017 en la ciudad de Praga (re- pública checa), sede del IETF 99.

]]> 2390 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/lideres-del-ietf-hoy-mirja-kuhlewind-phd/ Mon, 23 Oct 2017 22:26:42 +0000 https://www.ietfjournal.org/?p=2392

Por Carolyn Duffy Marsan

Comencé a participar en el IETF cuando empecé mi Phd. un colega que ya participaba en la organización me comentó que el IETF había empezado a trabajar en temas estrechamente relacionados con mis intereses. Fue así como asistí a mi primera reunión del IETF en 2010, cuando el Grupo de Trabajo conEX (Exposición de la con- gestión) organizó una reunión BoF. A partir de entonces, continué trabajando con el IETF por mi propia iniciativa. Tuve apoyo de mi grupo y por suerte muchas veces había presupuesto su ciente para que yo asistiera a las reuniones. Hace tres años asumí el cargo de chair del Grupo de Trabajo rmcAT (Técnicas para evitar la congestión en rTP), al que renuncié cuando me convertí en la directora del área de transporte. También fui chair del Grupo de Trabajo TcPInT por unos meses. Esto signi ca que me convertí en directora de área apenas seis años después de unirme al IETF. La cantidad de personas involucradas en el área de transporte es limitada. cuando comencé a participar de forma más activa, me alentaron a tomar el cargo de chair de un grupo de trabajo. El cargo de directora del área de transporte no fue una opción hasta que terminé mi Phd. En definitiva, todo resultó perfecto porque obtuve nanciamiento estable para un proyecto durante poco más de dos años, lo cual me permitió considerar el trabajo. El proyecto es financiado por Suiza e incluye trabajo que pensamos traer al IETF, por lo que me ayudó a justificar el tiempo invertido en el trabajo del IETF. mi período de dos años como directora del área de transporte comenzó en marzo de 2016.

Espero que mi experiencia cuente como experiencia en gestión y que las personas la valoren. Es una buena forma de mejorar nuestras habilidades, ya que uno se en- cuentra en una posición de gestión en la que no se tiene ningún poder pero desde la cual hay que motivar a las personas. Para mí, se trata de cómo gestiono los grupos de trabajo y mi tiempo. dediqué el 40% de mi tiempo a mi trabajo como directora del área de transporte y 60% a mi proyecto de investigación. mantener un equilibrio entre ambas actividades puede ser un desafío. No creo que ETH se bene cie directa- mente de que yo sea la directora del área de transporte. sin embargo, ETh obtuvo nanciación externa para nuestro proyecto y uno de los objetivos de dicha nanciación era causar un impacto en la industria. de modo que es posible que mi trabajo de estandarización haya ayudado a obtener fondos para el proyecto. no creo que para eso fuera necesario que yo tuviera un cargo de liderazgo. ser chair de un grupo de trabajo probablemente era su ciente para mostrar que tenía experiencia en el IETF. La gestión del tiempo es la mayor pre- ocupación a la hora de considerar una posición de liderazgo dentro del ieTF. yo le dedico el 40% de mi tiempo. Es un poco estresante, pero es posible. la otra razón por la que es difícil encontrar gente dispuesta a asumir el cargo de director del área de transporte es que la persona adecuada no solo necesita apoyo, dinero y tiempo para el IETF, sino que también debe tener una visión general sobre lo que está sucediendo en esta área. Yo me en- contraba en una posición única porque ya estaba siguiendo los mismos grupos de trabajo que ahora lidero como directora — no es un esfuerzo adicional—.

Todavía no tengo un plan para cuando termine mi período, aunque sé que me gustaría seguir participando en el ieTF. cuando termine mi proyecto con ETh tendré que tomar una decisión sobre si permanecer en lo académico o pasar a la industria. Si el año que viene decido pos- tularme para un trabajo, no seguiré como directora del área de transporte, ya que no podría pedirle a mi nuevo empleador que me permita dedicarle el 40% de mi tiempo al IETF. Incluso como profesora, sería difícil dedicarle el 40% de mi tiempo al IETF. Ha sido una experiencia interesante, espe- cialmente porque recién estoy comenzan- do mi carrera. he aprendido mucho y hecho muchos contactos en la industria. me siento agradecida. El IETF como comunidad me ha ofrecido oportunidades de networking y una fuente de ideas para investigar.

]]> 2392 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ornitologia-en-el-ietf-avistamientos-recientes/ Mon, 23 Oct 2017 22:31:51 +0000 https://www.ietfjournal.org/?p=2395

Lograr que comience un nuevo trabajo en el IETF por lo general requiere de una reunión BoF (Birds-of-a-Feather) para discutir las metas del trabajo, la idoneidad del IETF como lugar para desarrollarlo, y el nivel de interés y apoyo existente. En este artículo se repasan las reuniones BoF que tuvieron lugar durante el IETF 98 y se presentan sus intenciones y resultados. si desea organizar una reunión BoF, por favor lea la rFc 5434, consideraciones para organizar una sesión BoF exitosa.

Gestión coordinada de espacio de direcciones (casm) descripción: las organizaciones utilizan herramientas de gestión del espacio de direcciones IP (IPAm), muchs veces con bases de datos e interfaces propietarias. El propósito de este trabajo es convertir a las IPAm en interfaces estandarizadas para la gestión coordinada de las direcciones IP, incluyendo redes de nidas por software y otras formas de virtualización. Los casos de uso incluyen la asignación dinámica y la liberación de direcciones IP y pre jos en base al uso y/o la intención del usuario. El propósito del BoF era reunir un conjunto común de requisitos de un grupo más grande de operadores y para mejor los casos de uso. Actas: las presentaciones, documentos y grabaciones de audio y video están disponibles en línea (https:// datatracker.ietf.org/meeting/98/proceedings, buscar “casm”). Resultado: se discutieron servicios de IPAm y casos de uso. la reunión concluyó con una discusión sobre si el IETF debería hacerse cargo de este trabajo en el futuro. Hubo acuerdo en que existía un problema que el IETF podría resolver e interés de diversos actores en trabajar en una solución. La de nición del problema y su alcance continuará en la lisa de correo (https://www.ietf.org/mailman/listinfo/casm). Grupos de trabajo que utilizan Github (wugh) Descripción: cada vez más grupos de trabajo del IETF están usando Github para proponer y seguir los cambios a sus borradores de Internet. El uso de Github para los procesos normales de los grupos de trabajo requiere de una cierta capacitación. además, en el proceso de su utilización abundan las situaciones espe- ciales. También hay preguntas sobre cómo capturar la información que se crea en GitHub en las listas de correo de los grupos de trabajo de manera que pueda ser vista por todos y archivada correctamente. Este BoF también se usó para discutir la creación de documentación que pueda utilizar todo el IETF sobre cómo usar Github de manera efectiva en los procesos de los grupos de trabajo. Actas: Las actas están disponibles en https://www.ietf.org/proceedings/98/minutes/minutes-98-wugh-00.txt. las presentaciones, documentos y grabaciones de audio y video están disponibles en línea (https://data- tracker.ietf.org/meeting/98/proceedings, buscar “wugh”).

El uso de Github para los procesos normales de los grupos de trabajo requiere de una cierta capacitación. además, en el proceso de su utilización abundan las situaciones especiales. También hay preguntas sobre cómo capturar la información que se crea en Github en las listas de correo de los grupos de trabajo de manera que pueda ser vista por todos y archivada correctamente.

Resultado: una buena discusión de las formas en que GitHub está siendo utilizado por diferentes grupos de trabajo del IETF y grupos de investigación del IrTF. Se identi caron varios problemas y se concluyó que se requiere más trabajo para documentar las mejores prácticas e integrar mejor el uso de GitHub en los procesos del IETF. La discusión continuará en la lista de correo (https://www.ietf.org/mailman/listinfo/ietf- and-github).

Un protocolo para la creación dinámica de entornos de ejecución de con anza (teep) descripción: El objetivo de este grupo es estandarizar un protocolo para la creación dinámica de entornos de ejecución de con anza. La industria ha estado trabajando en un protocolo de seguridad de capa de apli- cación que permite la con guración de credenciales de seguridad y software que se ejecuta en un entorno de con anza (TEE). Hoy en día, hay TEEs en routers hogareños, decodi cadores, teléfonos inteligentes, tabletas, dispositivos para vestir, etc. hasta la fecha, en estos entornos se utilizan mayormente protocolos propietarios. Este BoF fue un intento de comenzar a trabajar en la estandarización de un protocolo. se ha publicado un propuesta simpli cada para discusión: https://tools.ietf.org/html/draft-pei-opentrustprotocol-03.

La industria ha estado trabajando en un protocolo de seguridad de capa de aplicación que permite la con guración de credenciales de seguridad y software que se ejecuta en un entorno de confianza (Tee).

Actas: Las actas están disponibles en https://www.ietf.org/proceedings/98/minutes/minutes-98-teep-00.txt. las presentaciones y grabaciones de audio y video están disponibles en línea (https://datatracker.ietf.org/ meeting/98/proceedings, buscar “teep”). Resultado: hubo una presentación general sobre TEEs, presentaciones de Arm e Intel sobre sus ofertas de productos y presentaciones sobre casos de uso y posibles arquitecturas. La reunión concluyó identi cando a una serie de voluntarios que continuará participando en el trabajo para de nir mejor el problema y los temas de trabajo propuestos. la discusión continuará en la lista de correo (https://www.ietf. org/mailman/listinfo/teep). iasa 2.0 (iasa20) descripción: La comunidad ha identi cado la necesidad de revisar y posi- blemente volver a trabajar los arreglos administrativos en el IETF, un proyecto denominado IaSa 2.0 (https://www.ietf.org/blog/2016/11/proposed-project-ietf-admi- nistrative-support-2-0/). Se ofreció una serie de talleres virtuales relacionados con este esfuerzo. Este BoF ofreció una oportunidad de conversar sobre los comentarios recibidos sobre los talleres y también de solicitar más opiniones. actas: las actas están disponibles en https://www.ietf.org/proceedings/98/minutes/minu- tes-98-iasa20-00.txt. Las presentaciones, documentos y grabaciones de audio y video están disponibles en línea (https://datatracker.ietf.org/meeting/98/proceedings, buscar “iasa20”). resultado: un debate sólido sobre los desafíos que enfrenta la actual estructura administrativa y una oportunidad para que los presentes expresaran sus puntos de vista y preocupaciones con respecto a algunos de los enfoques alternativos a la reforma. La discusión continuará en la lista de correo (https://www.ietf.org/mailman/listinfo/iasa20).

 ]]> 2395 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/sintesis-del-ietf-98/ Mon, 23 Oct 2017 22:33:26 +0000 https://www.ietfjournal.org/?p=2397

Participantes en sala: 1127 Participantes remotos: 315 Número de países: 57 Participantes en el hackathon: 115+

Actividad del ieTF desde el ieTF 97 (16 de noviembre al 26 de marzo de 2017) Nuevos grupos de trabajo: 2

• Extensiones y mantenimiento de la representación de objetos binaria y concisa (cbor)
• Protocolo para acceso al email sobre Json (jmap) Grupos de trabajo cerrados: 10 Grupos de trabajo con charter: 138 Borradores de Internet nuevos y revisados: 1484 Acciones de documentos y protocolos IEsG: 124 Últimos llamados del IEsG al IETF: 130rFC publicadas: 116

• 66 en proceso de estandarización, 5 mejores prácticas actuales, 9 experimentales, 36 informativas

Actualizaciones notables del proceso • se aprobó la revisión de las reglas del IETF en materia de derechos de propiedad intelectual. https://tools.ietf.org/html/ draft-bradner-rfc3979bis • se aclaró el lenguaje de la rFc 2119. https//tools.irtf.org/html/ draft-leiba-rfc2119-update actividad del editor de rFC desde el ieTF 97 (noviembre–marzo de 2017) rFC publicadas: 126 (3928 páginas) • 37% de aumento del número de páginas desde que se informó por última vez • 29% de aumento del número de documentos desde que se informó por última vez Actualizaciones de páginas de clúster AuTh48 (vista completa de las autorizaciones del autor en una página) Actualizaciones de servidor Actividades actuales y en curso: • xml2rfc v3: continuar siguiendo los desarrollos del formato y estar listos para probar las herramientas y redactar los procedimientos de prueba. • mejorar la gestión y transparencia de clúster

]]> 2397 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/from-the-editors-desk-november-2017/ Tue, 31 Oct 2017 06:20:33 +0000 https://www.ietfjournal.org/?p=2431 IETF Journal. Since 2005, the Journal has been printed three times a year, and distributed at IETF meetings and by postal mail. As we explain in “We’re Going Digital!”, starting in 2018 we’ll be shifting our focus to ietfjournal.org. Be sure to follow us on Twitter (@ietfjournal) and Facebook (facebook.com/IETFJournal) to stay current with our future IETF Journal activities. The IETF returned to the beautiful European city of Prague for its 99th meeting. It was a busy meeting with lots of interesting work; we share here only a snapshot of the events and discussions that made this meeting so memorable. In this issue, you’ll learn about implementation work taking place in the Human Rights Protocol Considerations Research Group, the latest security updates to Network Time Protocol, new email-related Working Groups JMAP and EXTRA, as well as the important coding work that took place as part of the IETF Hackathon. Our regular columns from the IETF, IAB, and IRTF chairs and coverage of the Birds-of-a-Feather meetings and presentations from the Applied Networking Research Prize winners wrap up the issue. We are hugely grateful to all of our contributors. Please send comments and suggestions for contributions to ietfjournal@isoc.org or tweet us @ietfjournal.]]> 2431 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/were-going-digital/ Tue, 31 Oct 2017 06:21:32 +0000 https://www.ietfjournal.org/?p=2433 IETF Journal was published in 2005: exponentially more people are online in general, and more people are reading Journal articles online and via social media. The IETF Blog covers many of the organization’s day-to-day updates and Chair reports, items we once relied on the Journal to share. And since the launch of our new website last year, more readers than ever are clicking through to our online version. Like innumerable print publications before us, we took a hard look at the economics of printing and shipping magazines around the world. And between greater access and less expense, the decision was simple. We look forward to closing our print version and launching ourselves fully into the digital world in 2018. Our new format will focus on long-form articles—the detailed technical pieces that share the most current work of IETF Working Groups and BoFs. And keeping up with us will be easy. Join us online at https://www.ietfjournal.org and on social media at https://www.twitter.com/IETFJournal and https://www.facebook.com/IETFJournal. But one thing hasn’t changed... we’re still looking for your contributions from the field! This is still your publication. If you’re interested in writing about your work at the IETF, please contact us at ietfjournal@isoc.org.]]> 2433 0 0 0 5161 0 0 5217 5161 11 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/message-from-the-ietf-chair-november-2017/ Tue, 31 Oct 2017 06:23:54 +0000 https://www.ietfjournal.org/?p=2435 Premeeting Events Nearly 200 people participated in the 8th Hackathon on 15-16 July. In about two dozen teams, they collaborated on more than 25 code projects spanning the breadth of IETF protocols, including security, DNS, transports, and the Internet of Things. (See page XX.) As usual, folks were also invited to join the Code Sprint¹ on 15 July to work on tools for the IETF community. While not an IETF event, the Applied Networking Research Workshop², sponsored by the Association for Computing Machinery (ACM), the Internet Research Task Force, and the Internet Society, also took place on 15 July. The workshop provided a venue for discussing emerging results in applied networking research related to measurements, transport, implementation and operational issues, and Internet health metrics.

Meeting Events

Those interested in 5G attended the NETSLICING BoF, which looked at isolation of resources and virtual network functions to support a variety of services. There was also a plenary lunch panel about 3GPP and IETF collaboration on 5G. Other BoFs included banana, which focused on developing solutions to support dynamic path selection on a per-packet basis in networks with more than one point of attachment to the Internet; ideas, which aimed to standardize a framework to provide identity-based services for use by any identifier-location separation protocol; and iasa20, which continued the community discussion about administrative rearrangements for the IETF. Also in the realm of new work proposals, the IPPM working group discussed a charter update that allows the WG to take on work related to in-situ operations, maintenance, and administration (OAM). We continued to see high interest in ongoing work related to data modeling, QUIC, and security. Among other sessions, the OPSAWG session offered discussion about managing the development and use of YANG models, and the joint CCAMP/MPLS/PCE/TEAS session focused exclusively on YANG models. The QUIC WG met jointly with the HTTPBIS WG to discuss interaction between QUIC and HTTP. And in the security area, both the TLS and ACME WGs shared where they were in terms of finalizing several core deliverables, and the SAAG session featured a talk on post-quantum crypto.

Thank You

Of course we couldn’t offer IETF meetings without the support of our sponsors. Big thanks to IETF 99 hosts Comcast, NBCUniversal, and CZ.NIC, and to all of our sponsors.

Footnotes

1. https://trac.tools.ietf.org/tools/ietfdb/wiki/IETF99Sprint.
2. https://irtf.org/anrw/2017/.

]]> 2435 0 0 0 5115 0 0 5127 5115 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/words-from-the-iab-chair-november-2017/ Tue, 31 Oct 2017 06:24:56 +0000 https://www.ietfjournal.org/?p=2437 ENAME Workshop The IAB held a workshop on Explicit Internet Naming Systems 10-11 October in Vancouver, B.C., and there are a couple of interesting early conclusions to draw. The first conclusion is actually about the form of the workshop, which was an experiment by the IAB. While many of our workshops run like mini conferences, with paper presentations and follow-on questions, this workshop was structured as a retreat. There was a relatively small number of participants gathered around a common table space with sessions organized as joint discussions around specific topics. Moderators kept the conversations on topic, and discussants kept it moving forward if it lagged. The result was one of the most interactive workshops I’ve attended. While we did have to run a queue in most sessions (and the queues could get a bit long), the conversations had real give-and-take, more like an IETF hallway discussion than a series of mic-line comments. While I don’t expect that this style would be appropriate for all our workshops, it’s useful to know that this retreat style can work. I suspect we would use it again in other situations where the IAB is trying to step back from the current framing of an issue and synthesize a set of new approaches. A second early conclusion is that the IAB was right in suspecting that its previous framing of the issues around Internet naming and internationalization wasn’t quite right. Among other things, that framing had us trying to push human interface considerations up the stack and away from the protocol mechanics that worked on what we saw as identifiers. One clear conclusion from this workshop was that the choice of identifier structure and protocol mechanics will constrain the set of possible human interfaces. When those constraints don’t match the needs of the human users, the resulting friction generates a lot of heat (and not much light). One suggestion for follow-on work from the workshop will be to document the user-interface considerations that arise from using different types of identifiers, so that new systems can more easily recognize the consequences of the identifier types they choose. Another point that came up multiple times was the role of implicit context in transforming references in speech or writing into identifiers that drive specific protocol mechanics. While the shorthand for this is “the side of the bus” problem, the space is much larger and includes heuristic search systems ranging from the educated guess to highly personalized algorithmic responses. The participants saw a couple of possible ways in which standards developed in this area might advance how these tuples of context elements and references can be safely used to mint or manage identifiers. A first step in that will be to suggest that the IAB look at language tags, network provider identifiers, and similar common representations of context to see how they function across protocols. Follow-on work from that might include developing common vocabularies, serialization formats, and privacy models. Like many others, I came away from the workshop with the realization that there is a dauntingly large amount of work to be done in this space. The workshop will be recommending more than a half dozen follow-on pieces of work to the IAB, as well as a potential Research Group and some individual drafts. Despite the amount of work facing us, I and many other participants left the room more hopeful than we came in, both that we can make progress and that some of the tools we need are already available. If you’d like to join the conversation, please share your comments on Internet naming by email to architecture-discuss@ietf.org or directly with the IAB at iab@iab.org.]]> 2437 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/extra-and-jmap-improving-mailstore-access/ Tue, 31 Oct 2017 06:27:16 +0000 https://www.ietfjournal.org/?p=2439 Internet Message Access Protocol (IMAP) that have already been written. Once that is complete, we will look for existing vendor-specific behaviour that can be generalised, and coordinate with the JSON Mail Access Protocol (JMAP) WG on common data-model needs. EXTRA will hold our first meeting at IETF 100 in Singapore. JMAP is a new JSON-based protocol for interactions with a mailstore. The charter aims to retain data-model compatibility with IMAP, so a server can provide both JMAP and IMAP access to the same mail. JMAP specifically focuses on simplicity for client authors and efficient synchronisation primitives, including over constrained channels. The JMAP WG held meetings at IETF 98 in Chicago and IETF 99 in Prague, and has an active mailing list. Both the core protocol and the mail-specific drafts have undergone significant revisions, and new drafts are expected to be presented before IETF 100 in Singapore. Many of the significant areas of debate have been resolved, however some ongoing churn is expected before we reach consensus. Both groups look forward to new members and more feedback, particularly from client or server implementers, who are willing to  share how their own data models could implement proposed drafts. Please come by our sessions in Singapore (in person or remotely) and join our mailing lists. EXTRA mailing list: https://datatracker.ietf.org/wg/extra/about/ JMAP mailing list: https://datatracker.ietf.org/wg/jmap/about]]> 2439 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/human-rights-protocol-considerations-bridging-the-implementation-gap/ Tue, 31 Oct 2017 06:29:04 +0000 https://www.ietfjournal.org/?p=2441 Fahrenheit 451, in which books are outlawed and burned. The specification is intended to increase transparency around withheld content by offering a semantic alternative to the 404 “Not Found” and 403 “Forbidden” codes that carry no indication as to the underlying cause of the restriction. Over the course of the IETF 99 Hackathon, the group spent more than 48 hours developing the following three technology components to validate and showcase different aspects of RFC 7725:

• A crawling tool that tests online resources to identify legally withheld web content “in the wild” as part of the NetBlocks Open Source Internet observatory project
• A web-browser extension that enables users to self-report legally withheld content
• A plug-in for the WordPress content-management system designed to withhold pages according to criteria such as the user’s geographic origin

At the conclusion of the Hackathon, a panel of judges for the competition recognised the group’s work as “Best New Work”. Olga Khrustaleva and I presented our implementation report at the HRPC Research Group session; our findings were a mixed verdict for RFC 7725 as it stands today. We found that existing usage of 451 codes on the public Internet is often technically invalid or misapplied; moreover, we noted that the specification does not significantly enhance transparency surrounding online censorship because of prevalent geographic restriction (or geoblocking) that continues to make state-sponsored censorship difficult to remotely discover using technical means. Instances of 451-marked content identified by our tools included material related to gender, sexual health, and democracy that were blocked by two major Western content platforms, when served to people living in the Middle East. Most important, we found that governmental authorities in the countries in question had not taken technical measures to block the material. Rather, media platforms had proactively restricted those pages on their own servers. Consequently, the specification may not only be failing to increase transparency, but may inadvertently be serving as an RFC stamp of approval that legitimises corporate compliance with overbearing censorship. Even when the content violates no platform rules and falls well within generally understood norms of acceptable speech, the 451 code provides an easy way out of difficult discussions with authorities. If this is the case, RFC 7725 serves as an example of the law of unintended consequences in protocol specification and design: an extension that sought to shed light on cases of censorship that may now be in use to rubber-stamp systematic violations of Article 19 of the Universal Declaration of Human Rights and other international conventions and commitments to which we are duty-bound. While the group’s work to assess RFC 7725 is ongoing, our experience already demonstrates how implementation and data on human rights can inform protocol design. Future threads of the work planned for IETF 100 in Singapore include an examination of web surveillance and privacy in real-time communication protocols—key topics that are currently receiving mainstream news coverage. These issues, which often pit the interests of large corporations against those of the general public, can be difficult to approach in a space where vendors and their representatives often take a leadership role. It is in this light that we hope our active participation will lend a new voice to civil society, when bridging concerns arising from the IRTF with the broader spectrum of day-to-day activities at the IETF. Internet pioneer John Gilmore once said, “the Net interprets censorship as damage and routes around it.” Even as the conversation around digital rights has grown infinitely more nuanced, there is no doubt that the collective work of the IETF on core Internet protocols will play a central role in the way society protects its most vulnerable members. The way we adapt will determine to what extent we are able to preserve and enhance those universal values and protections in the years and decades to come. Links

• Implementation Report draft, https://www.ietf.org/archive/id/draft-451-imp-report-00.txt.
• RFC 7725, https://tools.ietf.org/html/rfc7725.
• GitHub repository for Hackathon, https://github.com/451hackathon/.
• Live demonstration and dashboard, https://netblocks.org/dashboard/.

]]> 2441 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/a-new-security-mechanism-for-the-network-time-protocol/ Tue, 31 Oct 2017 06:30:42 +0000 https://www.ietfjournal.org/?p=2443 https://www.rfc-editor.org/info/rfc0958) in 1985. The current version, RFC 5905 (https://www.rfc-editor.org/info/rfc5905),  was published as a standards track in 2010. These versions of NTP provided a basic preshared key scheme for authentication of time servers by clients. However, the preshared key approach does not scale sufficiently for large-scale network deployments or the global Internet. As a result, the Autokey Authentication Protocol, RFC 5906 (https://www.rfc-editor.org/info/rfc5906) was published as an Informational RFC in 2010 to address the scaling issue. With Autokey, clients authenticate time servers using Public Key Infrastructure (PKI) mechanisms. Security analysis, however, has demonstrated a number of security issues with Autokey. Because of the shortcomings of preshared key and Autokey mechanisms, there has been an ongoing effort in the IETF to provide updated security mechanisms for NTP.

Deployment Examples

Security for time synchronization is increasingly important, as several applications in the critical infrastructure domain depend on timing information. Possible examples for domain specific applications include:

• Synchronization of Phasor Measurement Units in the energy transmission and/or distribution network. These devices provide information about voltage, current, and phase angle used to derive the current state of the electricity network. Security for the synchronization between these units is a cornerstone in the reliable operation of the transmission/distribution networks.
• Synchronization in substation automation networks to ensure the correct operation of protection devices (in conjunction with protocols like GOOSE (Generic Object Oriented Substation Event) or SV (Sampled Values).
• Synchronization of machine parts in motion control in the process industry, for instance in a rolling mill or for printing presses.
• Synchronization of logging information in distributed systems to enable error tracking and thereby contribute to system stability and system integrity.
• New regulations of the finance sector raise high demands on the time synchronization of business clocks in trading systems. This is especially true in high-frequency trading, where a new EU legislation called Markets in Financial Instruments Directive (MiFID II) requires a timestamping granularity of 1 ms and a maximal divergence to UTC from 100  m Similar requirements are formulated by the US Securities and Exchange Commission (SEC Rule 613).
• Many national metrology institutes in Europe and in the US apply NTP for the dissemination of UTC.
• Security management, specifically the increasing usage of X.509 certificates, relies on time for validity checks. As this builds the base for many applications, security is a necessary prerequisite.

Requirements Analysis

In advance of the IETF NTP security efforts, the IETF TICTOC Working Group assessed the security requirements for network time synchronization protocols. RFC 7384 (http://www.rfc-editor.org/info/rfc7384) documents the results of that analysis. It distinguishes the threat model in terms of an internal versus an external attacker, and in terms of man-in-the-midde (MITM) versus packet injection types of attacks. RFC 7384 then identifies several potential threats to network time synchronization protocols including:

• Manipulation of time synchronization packets,
• Masquerading as a legitimate participant in the time synchronization protocol,
• Replay of legitimate packets,
• Tricking nodes into believing time from the wrong master,
• Intercepting and removing valid synchronization packets,
• Delaying legitimate time synchronization packets on the network,
• Denial of service attacks on the network at layer 2 and layer 3,
• Denial of service by overloading the cryptographic processing components,
• Denial of service by overloading the time synchronization protocol,
• Corruption of the time source used by the grand master,
• Protocol design and implementation vulnerabilities, and
• Using the time synchronization protocol for broader network surveillance and fingerprinting types of activities.

RFC 7384 analyzes these threats in the context of the threat model above to determine the likelihood of occurrence and the potential impact. Based on this analysis, a set of requirements were identified for time synchronization protocols and mapped to the threats that they address. These requirements include:

• Authentication and authorization of a clock’s identity,
• Integrity of the time synchronization protocol messages,
• Prevention of various spoofing techniques,
• Protection against Denial of Service (availability),
• Protection against packet replay,
• Timely refreshing of cryptographic keys,
• Support for both unicast and multicast security associations,
• Minimal impact on synchronization performance,
• Confidentiality of the data in the time synchronization messages,
• Protection against packet delay and interception, and
• Operation in a mixed secure and non-secure environment.

The requirements are analyzed in terms of being required and being recommended/optional depending on the needs of the application. This analysis informed the objectives of the NTP Working Group effort on Network Time Security (NTS).

NTP Security

The IETF NTP Working Group is focused on the development of a set of security mechanisms for NTP that are specified in the Internet Draft “Network Time Security for the Network Time Protocol” (https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp). The main objectives of the NTS measures are to enable NTP entities to cryptographically identify their communication partner, to ensure authenticity and integrity of exchanged time synchronization packets, and to provide replay protection. A relatively new goal of NTS is to provide unlinkability, which ensures that NTS does not leak any data that would allow an attacker to track mobile NTP clients, when they move between different networks. Although NTS can provide confidentiality for specific NTP extension fields, the NTP header itself will not be encrypted. NTP provides different modes of operation. Besides the most utilized client-server mode, it also provides a mode for synchronization of symmetric peers, a mode for exchanging control messages, and a broadcast mode. These modes have different security and performance requirements. The symmetric and control modes have more-rigorous security requirements when compared to the client-server mode. However, the client-server mode requires more attention to resource utilization, since NTP servers may be contacted by a high number of clients and may not able to maintain state information for each client. NTS provides different mechanisms to meet these different requirements.

Symmetric and Control Mode

NTP’s symmetric and control modes are protected by encapsulating the corresponding packets as DTLS Applications Data, respectively. This provides mutual authentication and replay protection. It also provides confidentiality, which is required by certain NTP control messages. This solution is somewhat controversial and is being considered for publication as an Experimental RFC.

Client-Server Mode

There are two security related phases for client-server mode. In the first phase, an NTP client verifies the authenticity of its time server and performs the key exchange. In the second phase, the client and server exchange NTP messages. The first phase is performed once during the establishment of an NTP association. The second phase is repeated for as long as the NTP association is active.

First Phase: Authentication and Key Exchange

The current draft defines an NTS key exchange protocol that uses the TLS protocol to provide a secure and robust means for the initial authentication of the server and the subsequent exchange of the keying material. Since TLS requires a TCP connection between client and server, an NTS enabled NTP server must not only listen to port 123/UDP, but also to a TCP port that will be assigned by IANA. Note that earlier versions of this draft (up to version 6) defined a custom key exchange protocol in which the authentication and key exchange messages were encapsulated into NTP extension fields that were piggy-backed onto NTP packets. This key exchange protocol has been discarded because of potential security issues related to IP fragmentation.

Second Phase: Protection of the Time Synchronization

During the second phase, NTS introduces four new Extension Fields (EF) to satisfy the security objectives. The latencies introduced by cryptographic algorithms may impede the time synchronization performance. It is therefore imperative that the applied cryptographic primitives be fast to calculate. This requirement is met by applying only symmetric cryptography. The four new extension fields are:

1. The NTS Unique-Identifier extension. This EF contains a 32-octet random value that serves as nonce and protects the client against replay attacks.
2. The NTS Cookie extension. This EF contains information that enables the server to recalculate keys upon receipt. The server does not have to keep per-client state. This EF is opaque to the client.
3. The NTS Cookie Placeholder extension. This EF is sent whenever the client wishes to receive a new cookie. The server sends an NTS Cookie extension for each received NTS Cookie Placeholder extension. This EF enables NTS to fulfill the unlinkability requirement.
4. The NTS Authenticator and Encrypted Extensions extension. This EF contains the ICV, which is computed over the NTP header and any preceding EF. It is calculated by applying the Authenticated Encryption with Associated Data approach.

Broadcast Mode

The current draft does not provide any cryptographic security measures to protect NTP’s broadcast mode. This is due to the difficulty of specifying an appropriate mechanism that is resistant to packet-delay attacks. A TESLA-like mechanism is being considered, but because NTP does not provide periodical two-way packet delay measurements, it is especially vulnerable against tailored delay attacks. Further countermeasures have been discussed, but additional study is required in order to specify additional security measures for NTP’s broadcast mode.

Best Current Practice

Beyond the specification of NTS, the NTP community is addressing security concerns via corrections to the specification, improvements to the implementation, and the issuance of an NTP BCP (https://datatracker.ietf.org/doc/draft-ietf-ntp-bcp).

Related Activity

In addition to the NTP security work, there is work on time synchronization security for the Precision Time Protocol (PTP, IEEE 1588). PTP was originally published in 2002 with a focus on precision synchronization for instrumentation, industrial automation, and military applications. The second version was finalized in 2008, and includes more application use cases, such as telecom and enterprise environments. While the first version of PTP contained no security mechanisms, the second version was published with an Experimental Annex (Annex K). Annex K specified a security solution that provided group source authentication, message integrity, and replay attack protection. However, Annex K was not well adopted and implemented, and a number of studies were published regarding its weaknesses. Therefore, the ongoing effort to revise IEEE 1588 includes a plan to provide updated security mechanisms for PTP. These efforts are being coordinated.

Next Steps

As of the completion of this article, the work in the IETF NTP Working Group has not been finalized. However, while it is true that the efforts are still evolving, they do appear to be converging towards some consensus. As of this date, it appears that the NTS mechanism for client/server described here is progressing towards a standards track RFC, and the DTLS mapping suggested for symmetric and control modes may be published as an Experimental RFC. It is hoped that there will be new stable, published security mechanisms for NTP in 2018. A preliminary implementation of NTS is underway, and additional implementations have been indicated. Interoperability testing, vulnerability research and analysis, and operational testing will be needed to ensure that the proposed solutions are robust and secure. While there is still much work to do, significant progress has been made.

Acknowledgement

K. O’Donoghue, D. Sibold, S. Fries, “New Security Mechanisms for Network Time Synchronization Protocols”, presented at International IEEE Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS 2017), IEEE, Monterey, California, USA, 2017, https://www.internetsociety.org/wp-content/uploads/2017/10/ispcs-2017-time-security-final-copyright.pdf.]]> 2443 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/celebrating-100-meetings/ Tue, 31 Oct 2017 06:33:18 +0000 https://www.ietfjournal.org/?p=2445 From the proceedings from the first IETF, https://www.ietf.org/proceedings/01.pdf.]]> 2445 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/running-code-is-king-at-ietf-99-in-prague/ Tue, 31 Oct 2017 06:35:12 +0000 https://www.ietfjournal.org/?p=2449 Originally posted by Charles Eckel in the DevNet Open Source Community on 23 July 2017. Where are the new kingmakers¹? They are at the IETF Hackathon—at least they were 15-16 July, when the best and brightest Internet technologists from around the planet gathered in Prague for IETF 99. And their first order of business was the IETF Hackathon, aimed at invigorating the standards process, enhancing the speed and relevance of emerging standards, and growing the community of people working with and contributing to the IETF. Prague is a beautiful city with fantastic architecture, picturesque bridges and canals, and terrific food and beer at very affordable prices. Despite these enticements, a record 199 Hackathon participants opted to spend the weekend in a crowded room collaborating with fellow subject-matter experts and developers working on the latest algorithms and ideas around Internet protocols, transports, and security. For nearly half of the participants, this was their first IETF Hackathon; for 45 participants, it was their first time at any IETF event. The Hackathon’s collaborative and constructive atmosphere is a great way to get started with the IETF, its community, and its work items. With more than 25 different projects from which to choose, newcomers and seasoned IETF veterans alike found areas of common interest and expertise on which to contribute.

Not Your Typical Hackathon

The IETF Hackathon is not a typical competition. Participants are motivated by a desire to improve the Internet, rather than prize money. The spirit is collaborative, rather than competitive. Participation is free, and attending the IETF meeting that follows is not required. Individuals volunteer to champion projects related to IETF work, and teams form around these champions. For descriptions of this Hackathon’s projects, see the Hackathon wiki.² One of the ways the Hackathon increases the pace and relevance of IETF work is via running code. Implementing evolving standards and producing running code validates the standards and highlights things that may be missing, wrong, or ambiguous in the draft versions of these standards. Better still is if the code is open source, in which case viewing and sharing the source code aids in understanding the standards, makes them easier to use, and promotes adoption. The doors to the Hackathon opened at 8am Saturday so project champions could set up their tables and development environments. By 9am, the room was nearly full with eager participants exploring options and opportunities with champions. At 9:30am, we had an official kickoff to welcome everyone, review logistics, and answer questions. Then the real work began. Teams dug in and worked past the official closing time of 9pm. We had fun throughout, took time to get to know each other, and in many cases, helped or were helped by people from other teams. Having people from various standards organizations, open source communities, and universities exchange contact info and ideas provides benefits that reach far beyond the course of the weekend. By 9:30pm, the last remaining participants grudgingly packed up for the night. Although the doors officially reopened Sunday at 9am, the room was half full by 8:30am. Work continued until early afternoon, when teams prepared and delivered presentations summarizing what they achieved, lessons learned, and what would be introduced into IETF Working Groups (WG). Finally, presentations were delivered to a panel of judges from the IETF community. Winners were selected based on the following:

• Advance pace and relevance of IETF standards

• • Bring speed and collaborative spirit of open source software into the IETF
  • Flush out ideas, feed into WG session
  • Produce sample code/reference implementations, utilities

• Attract developers, young people to IETF

• • Match young, skillful developers with IETF veterans
  • University engagement around Hackathon projects

The award categories and winners from this Hackathon were as follows:

• Best New Work–HTTP error code 451
• Best University Work–Interface to Network Security Functions (I2NSF) Framework
• “NEAT”est Work–NEAT/TAPS
• Best Interop Work–QUIC
• Best Continuing Work–SCHC implementation and test SCTP
• Best Name–Waiting for go-dots
• Best Overall–SDN Apps for management of microwave radio link via IETF YANG Data Model

Other teams had fantastic achievements, as well. All project presentations are available on Github³. This Hackathon, collaboration across standards efforts and open source communities emerged as a theme. A particularly good example of this was the work done by the team working on RIOT. “RIOT^4,5 powers the Internet of Things (IoT) like Linux powers the Internet,” said Cenk Gündoğan, RIOT maintainer. “RIOT is a free, open source operating system developed by a grassroots community gathering companies, academia, and hobbyists, distributed all around the world. It supports most low-power IoT devices and microcontroller architectures (32-bit, 16-bit and 8-bit) and implements all relevant open standards supporting an Internet of Things that is connected, secure, durable, and privacy-friendly.”

Efforts and Benefits Continue

The Hackathon ended Sunday afternoon, when the general IETF meeting began. Fortunately, the kind of collaboration on running code that progresses IETF standards continued during the week. To support this, a portion of the IETF Lounge was designated as Hackathon Corner, where people conveniently met, collaborated, and coded. New to this meeting was the Hacklab, a rack of servers and network gear, including a full DOCSIS network with six simulated home networks accessible via a cable modem and built-in WiFi. Demos to the IETF Community One of the perks of participating in the Hackathon is showing off what you did at the Thursday night social, Bits-N-Bites. This meeting, a record number of teams took advantage of this, and more would have if we’d had the space to accommodate them! Hackathon teams polished and enhanced their projects throughout the week, then put them on display for the largest-ever turn out at an IETF meeting. As usual, great local food and beverages also helped attract crowds. Next Steps The next IETF Hackathon is at IETF 100 in Singapore, 11-12 November. As always, participation is free and open to everyone. It’s an excellent opportunity to experience firsthand the work that the IETF does and the people who make it happen. For more information on past, present, and future Hackathons, including how to register for the IETF 100 Hackathon, visit https://www.ietf.org/hackathon/. You are also encouraged to subscribe to hackathon@ietf.org to receive the latest event news and announcements.

Footnotes

1. From The New Kingmakers: How Developers Conquered the World by

Stephen O’Grady (2013).

2. https://www.ietf.org/registration/MeetingWiki/wiki/99hackathon.
3. https://github.com/IETF-Hackathon/ietf99-project-presentations.
4. https://github.com/RIOT-OS/RIOT.
5. https://riot-os.org/.

]]> 2449 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-prize-winners-announced-november-2017/ Tue, 31 Oct 2017 06:36:43 +0000 https://www.ietfjournal.org/?p=2451

Stephen Checkoway for a systematic analysis of the Juniper Dual EC incident. See the full paper at https://www.cs.uic.edu/~s/papers/juniper2016/juniper2016.pdf.

Philipp Richter for a multiperspective analysis of carrier-grade NAT deployment. See the full paper at https://net.t-labs.tu-berlin.de/~prichter/imc176-richterA.pdf.

Checkoway and Richter presented their findings to the Internet Research Task Force open meeting during IETF 99. Slides are available at https://datatracker.ietf.org/meeting/99/materials/slides-99-irtfopen-anrp-stephen-checkoway-a-systematic-analysis-of-the-juniper-dual-ec-incident/ and https://datatracker.ietf.org/meeting/99/materials/slides-99-irtfopen-anrp-philipp-richter-a-multi-perspective-analysis-of-carrier-grade-nat-deployment/. Thanks to Meetecho, audio and video from the presentations is also available at https://www.youtube.com/watch?v=JRneMj7LX8U&list=PLC86T-6ZTP5jdbiwi5ggLNnwLn1-r0M4h (from 00:11:20). ANRP winners have been selected for all of the IETF meetings in 2017. The following winners will be next to present their work at the IETF 100 meeting in Singapore:

• Paul Emmerich, a research associate at the Technical University of Munich. Emmerich will present his work to develop the high-speed packet generator, MoonGen.
• Roland van Rijswijk-Deij, a researcher at the Centre for Telematics and Information Technology (CTIT) at the University of Twente. Van Rijswijk-Deij will present his analysis of the impact of elliptic curve cryptography on DNSSEC validation performance.

The call for nominations for the 2018 ANRP award cycle is closed. Join the irtf-announce mailing list at  https://www.irtf.org/mailman/listinfo/irtf-announce to receive all ANRP related notifications.]]> 2451 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/irtf-update-november-2017/ Tue, 31 Oct 2017 06:38:10 +0000 https://www.ietfjournal.org/?p=2453

Crypto Forum (CFRG)

Information-Centric Networking (ICNRG)

Network Function Virtualization (NFVRG)

Network Management (NMRG)

Network Coding (NWCRG)

Software Defined Networking (SDNRG)

Thing-to-Thing (T2TRG)

Human Rights Protocol Considerations (HRPCRG)

Measurement and Analysis for Protocols (MAPRG)

Internet Congestion Control (ICCRG)

In addition to the meetings of those already chartered Research Groups, one proposed RG met:

• Path Aware Networking Research Group (PANRG)

There has been a long of history of path-aware approaches at the IETF, and it may be that now is the time for researchers on this topic to make some progress. Since the IETF 99 meeting, PANRG has been chartered. You can read more about their work here at https://datatracker.ietf.org/rg/panrg/about/. The IRTF Open Meeting received presentations from Stephen Checkoway on a systematic analysis of the Juniper Dual EC incident, and Philipp Richter on a multiperspective analysis of carrier-grade NAT deployment. The Applied Networking Research Workshop 2017 took place on Saturday,  15 July, prior to the IETF meeting. The ANRW’17 is an academic workshop that provides a forum for researchers, vendors, network operators, and the Internet standards community to present and discuss emerging results in applied networking research. The workshop is sponsored by ACM SIGCOMM, the Internet Research Task Force, and the Internet Society. You can find the workshop papers and Meetecho recordings at https://irtf.org/anrw/2017/program.html. Finally, please join the IRTF discussion list at https://www.irtf.org/mailman/listinfo/irtf-discuss to stay informed about these and other happenings.]]> 2453 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-ornithology-recent-sightings-november-2017/ Tue, 31 Oct 2017 06:41:32 +0000 https://www.ietfjournal.org/?p=2455 Network Slicing (netslicing) Description: A network slice represents a logical network. It is a union of resources (connectivity, storage, computing), network functions, and service functions that were combined to provide a logical networking infrastructure in support of a variety of services. The purpose of this network slicing discussion was to explore developing a set of protocols and/or protocol extensions that enable slicing within a network environment that assumes an IP and/or MPLS-based underlay. Proceedings: Minutes are available at https://datatracker.ietf.org/meeting/99/materials/minutes-99-netslicing/. Slides, documents, and audio and video recordings are available at https://datatracker.ietf.org/meeting/99/proceedings (search for netslicing). Outcome: This was not intended to be a Working Group-forming meeting. The presentations and discussion helped to clarify where there is scope for input to the 3GPP process and where existing IETF work may be relevant to the network slicing use cases. Further discussion and work is required to better clarify whether additional work is required in existing or new WGs.

BANdwidth Aggregation for interNet Access (banana)

Description: Bandwidth Aggregation consists of splitting local traffic across multiple Internet links on a per-packet basis, including the ability to split a single flow across multiple links when necessary. The goal of this proposed WG is to produce a Bandwidth Aggregation solution that will provide the following benefits:

• Higher per-flow bandwidth. Many of the Internet links available to homes and small offices (e.g., DSL, Cable, LTE, Satellite) have relatively low bandwidth. Commonly used applications, such as streaming video or content up/downloads require or could benefit from more bandwidth for a single traffic flow than is available on any of the local links. A Bandwidth Aggregation solution could supply the needed bandwidth by splitting a single traffic flow across multiple Internet links.
• Reduced cost. Traffic sharing on a per-packet basis allows the full bandwidth of the lowest-cost link to be used first. It only uses a higher-cost link once the lowest-cost link is full.
• Increased reliability. When one Internet link goes down, ongoing application flows can be moved to another link, preventing service disruption.

Proceedings: Minutes are available at https://datatracker.ietf.org/meeting/99/materials/minutes-99-banana/. Slides, documents, and audio and video recordings are available at https://datatracker.ietf.org/meeting/99/proceedings (search for banana). Outcome: This was a WG-forming BoF meeting that spent a lot of time discussing the proposed charter for a WG. A straw poll of the room indicated that there is a small constituency of people interested in working on this topic. Further discussion will take place on the mailing list to refine the proposed WG charter with a view to Working Group formation in future.

IDentity Enabled Networks (ideas)

Description: The goal of this group is to standardize a framework that provides identity-based services usable by any identifier-location separation protocol. The new requirements driving this framework go beyond the traditional discovery service and mapping of identifier-to-location for packet delivery. In addition, an IDEAS Working Group will identify gaps and make recommendations for changes needed for interface interactions between the framework and identifier-enabled protocols. Proceedings: Minutes are available at https://datatracker.ietf.org/meeting/99/materials/minutes-99-ideas/. Slides and audio and video recordings are available at https://datatracker.ietf.org/meeting/99/proceedings (search for ideas). Outcome: The discussion highlighted some confusion about the terminology and permanence of identifiers. More work is needed to clearly define the work to be undertaken by a new IETF WG and to allay some of the concerns about identifier permanence and implications for privacy and online tracking.

IASA 2.0 (iasa20)

Description: The IETF community has identified a need to review and possibly rework the administrative arrangements at the IETF, dubbed the IASA 2.0 project (https://www.ietf.org/blog/2016/11/proposed-project-ietf-administrative-support-2-0/). A series of virtual workshops were arranged related to this effort. This BoF provided an opportunity to talk about the feedback received from the workshops and to solicit further feedback. Proceedings: Minutes are available at https://datatracker.ietf.org/meeting/99/materials/minutes-99-iasa20/. Slides, documents, and audio and video recordings are available at https://datatracker.ietf.org/meeting/99/proceedings (search for iasa20). Outcome: A robust discussion about the challenges facing the current administrative structure and arrangements, and an opportunity for those present to express their views and concerns about some of the alternative approaches to reform. Discussion will continue on the mailing list (https://www.ietf.org/mailman/listinfo/iasa20).]]> 2455 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-99-at-a-glance/ Tue, 31 Oct 2017 06:42:26 +0000 https://www.ietfjournal.org/?p=2457 IETF Activity since IETF 98 (26 March–16 July 2017) New WGs

• DKIM Crypto Update (dcrup)

WGs closed

• Domain Boundaries (dbound)
• Geographic JSON (geojson)
• ART Area General Applications Working Group (appsawg)

WG currently chartered: 136 New and revised Internet-Drafts (I-Ds): 1388 IESG Protocol and Document Actions: 57 IESG Last Calls issued to the IETF: 70 RFCs published: 76

• 44 Standards Track, 5 BCP, 6 Experimental, 18 Informational

Notable process updates

• Published update to BCP 26, Guidelines for Writing an IANA Considerations Section in RFCs. https://tools.ietf.org/html/bcp26
• Published update to BCP 79, Intellectual Property Rights in IETF Technology. https://tools.ietf.org/html/bcp79
• Published update to RFC 2119, Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. https://tools.ietf.org/html/rfc8174
• Beta website at https://beta.ietf.org. Send feedback via GitHub or webmaster@ietf.org.

RFC Editor Activity since IETF 98 (April–June 2017) Published RFCs: 64 (1720 pages) Stable and pretty URLs for errata

• http://www.rfc-editor.org/errata/rfc7991
• http://www.rfc-editor.org/errata/eid4906

Format-related updates

• Testing existing toolset with non-ASCII chars
• Testing id2xml (converts .txt to .xml v2)
• Reviewing required database and script updates related to non-ASCII chars and multiple file formats

Current and ongoing activities

• Publishing RFCs: keep the docs moving
• Continue testing and sending feedback to tools team regarding XMLv3-related tools
• Update tools to handle UTF-8 and multiple file formats
• Draft internal procedures for v3 era as tools become more stable

Work with RSE on rfc7322bis (RFC Style Guide)]]> 2457 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/big-changes-ahead-for-core-internet-protocols/ Mon, 22 Jan 2018 09:07:38 +0000 https://www.ietfjournal.org/?p=2592 Why we need to change the Internet There are a number of factors driving these changes. First, the limits of the core Internet protocols have become apparent, especially regarding performance. Because of structural problems in the application and transport protocols, the network was not being used as efficiently as it could be, leading to end-user perceived performance (in particular, latency). This translates into a strong motivation to evolve or replace those protocols because there is a large body of experience showing the impact of even small performance gains. Second, the ability to evolve Internet protocols — at any layer — has become more difficult over time, largely thanks to the unintended uses by networks discussed above. For example, HTTP proxies that tried to compress responses made it more difficult to deploy new compression techniques; TCP optimization in middleboxes made it more difficult to deploy improvements to TCP. Finally, we are in the midst of a shift towards more use of encryption on the Internet, first spurred by Edward Snowden’s revelations in 2013. That’s really a separate discussion, but it is relevant here in that encryption is one of best tools we have to ensure that protocols can evolve. Let’s have a look at what’s happened, what’s coming next, how it might impact networks, and how networks impact protocol design.

HTTP/2

HTTP/2 (based on Google’s SPDY) was the first notable change — standardized in 2015, it multiplexes multiple requests onto one TCP connection, thereby avoiding the need to queue requests on the client without blocking each other. It is now widely deployed, and supported by all major browsers and web servers. From a network’s viewpoint, HTTP/2 made a few notable changes. First, it’s a binary protocol, so any device that assumes it’s HTTP/1.1 is going to break. That breakage was one of the primary reasons for another big change in HTTP/2; it effectively requires encryption. This gives it a better chance of avoiding interference from intermediaries that assume it’s HTTP/1.1, or do more subtle things like strip headers or block new protocol extensions — both things that had been seen by some of the engineers working on the protocol, causing significant support problems for them. HTTP/2 also requires TLS/1.2 to be used when it is encrypted, and blacklists cipher suites that were judged to be insecure — with the effect of only allowing ephemeral keys. See the TLS 1.3 section for potential impacts here. Finally, HTTP/2 allows more than one host’s requests to be coalesced onto a connection, to improve performance by reducing the number of connections (and thereby, congestion control contexts) used for a page load. For example, you could have a connection for www.example.com, but also use it for requests for images.example.com. Future protocol extensions might also allow additional hosts to be added to the connection, even if they weren’t listed in the original TLS certificate used for it. As a result, assuming that the traffic on a connection is limited to the purpose it was initiated for isn’t going to apply. Despite these changes, it’s worth noting that HTTP/2 doesn’t appear to suffer from significant interoperability problems or interference from networks.

TLS 1.3

TLS 1.3 is just going through the final processes of standardization and is already supported by some implementations. Don’t be fooled by its incremental name; this is effectively a new version of TLS, with a much-revamped handshake that allows application data to flow from the start (often called ‘0RTT’). The new design relies upon ephemeral key exchange, thereby ruling out static keys. This has caused concern from some network operators and vendors — in particular those who need visibility into what’s happening inside those connections. For example, consider the datacentre for a bank that has regulatory requirements for visibility. By sniffing traffic in the network and decrypting it with the static keys of their servers, they can log legitimate traffic and identify harmful traffic, whether it be attackers from the outside or employees trying to leak data from the inside. TLS 1.3 doesn’t support that particular technique for intercepting traffic, since it’s also a form of attack that ephemeral keys protect against. However, since they have regulatory requirements to both use modern encryption protocols and to monitor their networks, this puts those network operators in an awkward spot. There’s been much debate about whether regulations require static keys, whether alternative approaches could be just as effective, and whether weakening security for the entire Internet for the benefit of relatively few networks is the right solution. Indeed, it’s still possible to decrypt traffic in TLS 1.3, but you need access to the ephemeral keys to do so, and by design, they aren’t long-lived. At this point it doesn’t look like TLS 1.3 will change to accommodate these networks, but there are rumblings about creating another protocol that allows a third party to observe what’s going on— and perhaps more — for these use cases. Whether that gets traction remains to be seen.

QUIC

During work on HTTP/2, it became evident that TCP has similar inefficiencies. Because TCP is an in-order delivery protocol, the loss of one packet can prevent those in the buffers behind it from being delivered to the application. For a multiplexed protocol, this can make a big difference in performance. QUIC is an attempt to address that by effectively rebuilding TCP semantics (along with some of HTTP/2’s stream model) on top of UDP. Like HTTP/2, it started as a Google effort and is now in the IETF, with an initial use case of HTTP-over-UDP and a goal of becoming a standard in late 2018. However, since Google has already deployed QUIC in the Chrome browser and on its sites, it already accounts for more than 7% of Internet traffic. Read Your questions answered about QUIC Besides the shift from TCP to UDP for such a sizable amount of traffic (and all of the adjustments in networks that might imply), both Google QUIC (gQUIC) and IETF QUIC (iQUIC) require encryption to operate at all; there is no unencrypted QUIC. iQUIC uses TLS 1.3 to establish keys for a session and then uses them to encrypt each packet. However, since it’s UDP-based, a lot of the session information and metadata that’s exposed in TCP gets encrypted in QUIC. In fact, iQUIC’s current ‘short header’ — used for all packets except the handshake — only exposes a packet number, an optional connection identifier, and a byte of state for things like the encryption key rotation schedule and the packet type (which might end up encrypted as well). Everything else is encrypted — including ACKs, to raise the bar for traffic analysis attacks. However, this means that passively estimating RTT and packet loss by observing connections is no longer possible; there isn’t enough information. This lack of observability has caused a significant amount of concern by some in the operator community, who say that passive measurements like this are critical for debugging and understanding their networks. One proposal to meet this need is the ‘Spin Bit‘ — a bit in the header that flips once a round trip, so that observers can estimate RTT. Since it’s decoupled from the application’s state, it doesn’t appear to leak any information about the endpoints, beyond a rough estimate of location on the network.

DOH

The newest change on the horizon is DOH — DNS over HTTP. A significant amount of research has shown that networks commonly use DNS as a means of imposing policy (whether on behalf of the network operator or a greater authority). Circumventing this kind of control with encryption has been discussed for a while, but it has a disadvantage (at least from some standpoints) — it is possible to discriminate it from other traffic; for example, by using its port number to block access. DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators. A network that wishes to block access to that DNS resolver can only do so by blocking access to the website as well. For example, if Google was to deploy its public DNS service over DOH on www.google.com and a user configures their browser to use it, a network that wants (or is required) to stop it would have to effectively block all of Google (thanks to how they host their services). DOH has just started its work, but there’s already a fair amount of interest in it, and some rumblings of deployment. How the networks (and governments) that use DNS to impose policy will react remains to be seen. Read IETF 100, Singapore: DNS over HTTP (DOH!)

Ossification and grease

To return to motivations, one theme throughout this work is how protocol designers are increasingly encountering problems where networks make assumptions about traffic. For example, TLS 1.3 has had a number of last-minute issues with middleboxes that assume it’s an older version of the protocol. gQUIC blacklists several networks that throttle UDP traffic, because they think that it’s harmful or low-priority traffic. When a protocol can’t evolve because deployments ‘freeze’ its extensibility points, we say it has ossified. TCP itself is a severe example of ossification; so many middleboxes do so many things to TCP — whether it’s blocking packets with TCP options that aren’t recognized, or ‘optimizing’ congestion control. It’s necessary to prevent ossification, to ensure that protocols can evolve to meet the needs of the Internet in the future; otherwise, it would be a ‘tragedy of the commons’ where the actions of some individual networks — although well-intended — would affect the health of the Internet overall. There are many ways to prevent ossification; if the data in question is encrypted, it cannot be accessed by any party but those that hold the keys, preventing interference. If an extension point is unencrypted but commonly used in a way that would break applications visibly (for example, HTTP headers), it’s less likely to be interfered with. Where protocol designers can’t use encryption and an extension point isn’t used often, artificially exercising the extension point can help; we call this greasing it. For example, QUIC encourages endpoints to use a range of decoy values in its version negotiation, to avoid implementations assuming that it will never change (as was often encountered in TLS implementations, leading to significant problems).

The network and the user

Beyond the desire to avoid ossification, these changes also reflect the evolving relationship between networks and their users. While for a long time people assumed that networks were always benevolent — or at least disinterested — parties, this is no longer the case, thanks not only to pervasive monitoring but also attacks like Firesheep. As a result, there is growing tension between the needs of Internet users overall and those of the networks who want to have access to some amount of the data flowing over them. Particularly affected will be networks that want to impose policy upon those users; for example, enterprise networks. In some cases, they might be able to meet their goals by installing software (or a CA certificate, or a browser extension) on their users’ machines. However, this isn’t as easy in cases where the network doesn’t own or have access to the computer; for example, BYOD has become common, and IoT devices seldom have the appropriate control interfaces. As a result, a lot of discussion surrounding protocol development in the IETF is touching on the sometimes competing needs of enterprises and other ‘leaf’ networks and the good of the Internet overall.

Get involved

For the Internet to work well in the long run, it needs to provide value to end users, avoid ossification, and allow networks to operate. The changes taking place now need to meet all three goals, but we need more input from network operators. If these changes affect your network — or won’t— please leave comments below, or better yet, get involved in the IETF by attending a meeting, joining a mailing list, or providing feedback on a draft. Thanks to Martin Thomson and Brian Trammell for their review. This article originally appeared on the APNIC Blog.]]> 2592 0 0 0 6684 0 0 6730 6684 112 6768 0 0 6798 0 0 8521 https://www.ivpcapital.com 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/quic-bringing-flexibility-to-the-internet/ Fri, 23 Feb 2018 14:46:25 +0000 https://www.ietfjournal.org/?p=2637 has become nearly impossible tends to reinforce that situation. That is not stopping people from trying, though. At linux.conf.au 2018, Jana Iyengar, a developer at Google, discussed the current state of the QUIC protocol which, he said, is now used for about 7% of the traffic on the Internet as a whole. QUIC ("quick UDP Internet connection") is, for now, intended for situations where the HTTP transport protocol is used over TCP. It has been under development for several years (LWN first looked at it in 2013), and was first deployed at Google in 2014. The main use for QUIC now is to move data between Google services and either the Chrome browser or various mobile apps. Using QUIC causes a 15-18% drop in rebuffering in YouTube and a 3.6-8% drop in Google search latency, Iyengar said. Getting that kind of improvement out of applications that have already been aggressively optimized is "somewhat absurd". Use of QUIC increased slowly during 2015 before suddenly dropping to zero in December. It seems that somebody found a bug that could result in some requests being transmitted unencrypted, so QUIC was shut down until the issue could be fixed. In August 2016, usage abruptly doubled when QUIC was enabled in the YouTube app on phones. If anybody ever doubted that mobile is the future of computing, he said, this should convince them otherwise. Summed up, 35% of Google's outbound traffic is carried over QUIC now. The standard network stack, as used for the world-wide web, employs HTTP on top of the TLS cryptographic layer which, in turn, sits on top of TCP. QUIC replaces those components with a new protocol based on the UDP datagram protocol. From that base, QUIC builds a reliable connection-oriented protocol, complete with TCP-like congestion-control features. There is support for both encryption and HTTP within QUIC; it can combine the cryptographic and HTTP handshakes into a single packet. Thus far, both development and deployment of QUIC have been done primarily by Google. An IETF working group was formed to standardize the protocol in 2016, though. Among other things, standardization will replace the current QUIC cryptographic layer with one based on TLS 1.3 which, Iyengar said, took a number of its ideas from the current QUIC implementation.

Accelerating HTTP

A typical web page has a long list of objects (HTML, CSS, images, etc.) that must be loaded from the server. The HTTP/1.x protocol only allows for a single object to be transmitted at a time; that can be a problem when a large object, which takes a long time to transmit, blocks the transmission of many other objects. This problem, referred to as [Jana Iyengar] "head-of-line blocking", increases the time it takes to present a usable web page to the reader. Implementations using HTTP/1.x tend to work around head-of-line blocking by establishing multiple connections in parallel, which has its own problems. Those connections are relatively expensive, compete with each other, and cannot be managed together by congestion-control algorithms and the like. HTTP/2 was designed to address this problem using multiple "streams" built into a single connection. Multiple objects can be sent over a stream in parallel by multiplexing them into the connection. That helps, but it creates a new problem: the loss of a single packet will stall transmission of all of the streams at once, creating new latency issues. This variant on the head-of-line-blocking problem is built into TCP itself and cannot be fixed with more tweaks at the HTTP level. TCP suffers other problems as well. Its connection setup latency, involving a three-way handshake, is relatively high. Latency is a critical part of a user's experience with a web service, and the setup latency in TCP can be a significant part of that latency. Middleboxes (routers between the endpoints of a connection) interfere with traffic and make it difficult to improve the protocol. They aren't supposed to be looking at TCP headers, but they do so anyway and make decisions based on what they see, often blocking traffic that looks in any way out of the norm. This "ossification" of the protocol makes it nearly impossible to make changes to TCP itself. For example, TCP fast open has been available in the Linux kernel (and others) for years, but still is not really deployed because middleboxes will not allow it. QUIC tries to resolve a number of these issues. The first time two machines talk over QUIC, a single round-trip is enough to establish the connection. For subsequent connections, cached information can be used to reduce that number to zero; the connection packet can be followed immediately by the request itself. HTTP streams map directly onto streams implemented in QUIC; a packet loss in one stream will not impact the others. The end result is the elimination of many sources of latency in typical interactions over the net.

Requirements, metrics, and implementations

The QUIC developers set out to create a protocol that was both deployable and evolvable. That dictated the use of UDP, which is able to get through middleboxes with a minimum of interference. UDP also facilitates the creation of a user-space implementation, which was also desired. (Iyengar didn't say this, but one reason to want such an implementation is to get the protocol deployed and updated quickly; many systems out there rarely receive kernel updates.) Low-latency connection establishment was a requirement, as was stream multiplexing. Beyond that, there was a desire for more flexible congestion control. This sort of work can (and has been) done in the Linux kernel, but the bar for inclusion there is high. The QUIC developers wanted to be able to experiment with various algorithms and see how they worked. One other important requirement was resilience to "NAT rebinding". Most connections onto the Internet go through a network-address translation (NAT) box that hides the original request and port information. For TCP connections, the NAT box can see the SYN and FIN packets and know when a particular binding can be taken down. UDP itself has no "connection" concept, so NAT boxes carrying UDP traffic cannot associate it with a connection created by a higher-level protocol like QUIC. They thus have no indication of when a connection is no longer in use and instead have to rely on timers to decide when to tear down a specific port binding. As a result, UDP port bindings can be taken down while the QUIC connection using them is still active. The next UDP packet associated with that connection will cause a new binding to be established; that will cause the traffic to suddenly appear to be coming from a different port. QUIC packets must thus include the information needed to detect and handle such rebindings. A member of the audience asked why QUIC was implemented over UDP rather than directly on top of IP. Iyengar pointed to the SCTP protocol as an example of the problem with new IP-based protocols: it comes down to the middleboxes again. SCTP has been around for years, but middleboxes still do not recognize it and tend to block it. As a result, SCTP cannot be reliably used on the net. Actually deploying a new IP-based protocol, he said, is simply impossible on today's Internet. Additionally, working on top of UDP makes a user-space implementation easier. As noted above, deployment of QUIC has led to significant improvements in performance for Google services. The significant drop in search latency is mainly a result of eliminating round trips during connection setup. As a result, it tends to show the biggest improvement for users on slow networks. A search done in South Korea is likely to show a 1.3% improvement in latency, but in India that improvement is over 13%. Iyengar said that people measurably spent more time watching more videos when they are doing so over QUIC; that was presented as a good thing. One key feature of QUIC is that the transport headers — buried inside the UDP packets — are encrypted. Beyond the obvious privacy benefits, encryption prevents ossification of the protocol by middleboxes, which can't make routing decisions based on information they can't understand. A few things have to be transmitted in clear text, though; a connection ID is required, for example, to find the key needed to decrypt the rest. The first byte of the clear data was a flags field which, he said, was promptly ossified by a middlebox vendor, leading to packets being dropped when a new flag was set. That was a classic example of why changing network protocols is hard and what needs to be done to improve the situation. Middleboxes are the control points for the Internet as we know it now. The only defense against ossification of network protocols by middleboxes, he said at the conclusion of the talk, is encryption. There were some questions from the audience regarding implementations. Most of them are still a work in progress, he said. The quic-go implementation is coming along. There are implementations being done by Apple and Microsoft, and a certain amount of interoperability testing has been done on those. When asked about an open-source reference implementation in particular, Iyengar pointed to the chromium browser, which is open-source. Other implementations exist, but everybody is waiting for the IETF process to finish. The video of this talk is available. Originally published as "QUIC as a solution to protocol ossification" by LWN.net. Copyright © 2018, Eklektix, Inc. This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license. Linux is a registered trademark of Linus Torvalds.]]> 2637 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/three-years-on-open-standards-open-source-open-loop/ Wed, 07 Mar 2018 11:52:37 +0000 https://www.ietfjournal.org/?p=2648 th meeting (in Singapore).  Because the IETF is a standards development organization (SDO) with which I have both a deep history and interest, I wanted to provoke, catalyze and hopefully accelerate discussion and thinking about the role of that organization in what can only be called a rapidly changing standards and open source landscape.  Though I was specifically speaking to the IETF community and IESG, and in that context; I believe those thoughts apply broadly throughout our industry whether in reference to any other standards body or open source community or foundation. About three years ago, at IETF 91, I gave a presentation on the state of SDOs like the IETF and Open Source networking communities and the industry trend of innovators (vendors, operators, entrepreneurs, developers) regardless of affiliation coming together to form developer communities in the open [documented in the IETF Journal at the time - Ed].   At that time, I reflected on whether an SDO like the IETF would remain relevant in a rapidly expanding environment of Open Source Software (OSS) projects.  I made outrageous claims that were proven only with emphatic assertion about the relationship between Open Standards and Open Source. Summarized; developers in the open communities are setting the pace and trajectory of the industry and not the publication of paper standards.  Honestly, it was at the beginning of the era. Networking related open source communities had just formed and established themselves. The early days of software defined networking (SDN) and network function virtualization (NFV) had finally moved to post-hype phase and protocol and product work were well underway. As a way to carry forward the decisions from IETF 91, Jari Arkko (previous IETF chair) and Cisco started some experiments and serious work that we hoped would accelerate necessary change.  These were funded by Cisco and supported by the IESG and Secretariat at the IETF. Cisco then spread these experiments to other other SDOs: MEF, BBF, ITU, etc. Basically, we supported hackathons or in IETF speak “running code” that represented what was being developed as new standards. We focused on forwarding plane, telemetry, SDN controllers, orchestration platforms, YANG models and tooling (more later) which really catalyzed the model-driven-networking industry tsunami.  The IETF partially adopted the cultural shift, while the MEF  made the transformation to fully include standards and open source as a mission. Three years on, the “turn” toward OSS partnership and development that was instigated then has had enough time for us to reflect and assess the impact.  We need to review any progress that has been made, evaluate successes and failures and chart the path forward.  Also, it’s always good to test one’s hypotheses that Open Standards and Open Source should close the loop of their dependencies. I had set some personal goals in the interim that I hoped could inform this assessment. I wanted to try and answer “(How) can we move industry through infrastructure phase faster by producing developer communities, code and standards more efficiently?”, because the networking and infrastructure industry and operators were stalling both adoption of new technology and deployment.  Plus as we all know, all the cool stuff comes after the necessary, but not sufficient infrastructure phase. To do this, I felt we had to run a number of different structures, funding models, and community development projects. Many of these communities were formed at the Linux Foundation. (ODL, SNAS, PNDA, FD.IO and many, many meetups and hackathons at the SDOs. My own assessment from these experiences (some of which I will detail later) is that there is still a high potential for an SDO like the IETF to engage w/ OSS communities, particularly OSS communities formed around networking and standardize many items to guarantee interoperability and correctness.  On the flip side, as an SDO, the IETF needs to do more to keep up and  change its open door policy to one that seeks out developer communities to standardize and document industry de facto technologies. My real bottom line here is that innovators can’t go faster than their customers and customers can’t go faster than their own understanding of the technology and integration, deployment and operational considerations. And, we need to reduce the fracturing of the industry because, in this interim period, a technology landscape has evolved that is littered with “Stacks”, “Controllers”, and “Virtual Fubars”. On the “foundation” side it has turned into a situation where every new community forming felt they needed their own foundation, misunderstanding the function of a board and application of money raised. Many new communities we formed were cost-free, no (mega) boards and some had 503c’s (foundations) some focused not only on code, but on code guarantees of performance and scale (spending foundation dues on infrastructure and test platforms). Back in 2012 when I started in OpenSource developer community building and focusing on contribution of code; I was completely and utterly green. Several years later, I can claim a lot of scars and experience, met and learned from a lot of very smart people; and that code is the answer and that a healthy community is built and not launched. The exercise reified the earlier understanding from many years as a developer and standards person, the best standards come from running code. I certainly expect some community aggregation (e.g. Linux Foundation Networking Umbrella) and larger groups of industry players (vendors, operators, entrepreneurs, etc) forming aggregate projects from the start. And, I see old and new SDOs now working towards trajectories that include OSS and direct contributions. Industries have moved as well to positions where: OSS == SDO, stacks have new DIY cycle, and career paths forged in OSS are now part of job satisfaction. In looking at our current state, I am convinced that APIs, platforms and frameworks WILL be the future standards front for software driven network architectures.  The same standardization reasoning applies to these higher-level concepts as did to our original protocol specification efforts – consistent system design, interoperability, and choice.  And, the “Collaborative Loop” I described at IETF 91 (Figure 1) requires (minimally) tooling built to have standards and dependencies in a RCS that is open and accepts contributions.

Figure 1 The Collaborative Loop proposal from IETF91

But these convictions come with some caveats: we still need to discuss and agree IF and WHICH SDO could or should take on different pieces of our industry landscape and attempt to standardize technology while not being involved in the production of the code or, if standardization processes and open source development are unfortunately mutually exclusive.   Further, the standards consensus model and OSS consensus may not be mutually exclusive, but we haven’t found a way to make them even tangential (yet). Thankfully the discussion is beginning, although slow going. Let’s catch up on what happened that leads me to these new and potentially outrageous claims. In the interim between the Open Loop talks, new trajectories for standards production and open source communities have formed primarily on the Open Source (OSS) side of the coin. The Linux Foundation published “Harmonizing Open Source and Standards in a Telecom World,” including a number of high level recommendations on communications, cooperation and joint activities driven in large part by a Software Defined operator concept.   Nothing too detailed was in the document just quite a bit on communication which is of course necessary, but not sufficient. More importantly, the LF evolved and recently began to consolidate the many developer communities contained within the larger Foundation; to reduce the time, effort, number of summits and costs associated with multiple project-level foundation as they pertain to networking.   This movement underscores one of the potential problems in further partnering between SDOs and OSS projects – projects were and are still “begetting” biblically. Communities and projects are also aggregating, changing, morphing, fading way and everything in-between. In fact, OSS foundational structure is proving itself to be self-organizing, optimizing, replicating; IT’S ALIVE! In the same timeframe, the IETF made some changes, generating both a “living standards process” through Benoit Claise’s YANGCATALOG project and discussion around referencing OSS in its drafts and RFCs. The “normative reference” discussion (in sum, a standard needs to be able to refer to an open source development effort) remains unresolved at this point, primarily because of fundamental differences in orientation of the parties around documentation.  For an OSS community, code is quite often the documentation.  The quality and type of what an SDO may consider documentation is community dependent.  It is also unclear how projects will be picked as being viable for a reference in a standard, how to measure health and longevity of prospective communities and what aspects of the projects are to be referenced (entire project, subproject, schemas, specific implementations, code versions, libraries, …, ???). A continued speed mismatch between organizations persists. Code moves as fast as a developer community can produce, and the mainline of a project frequently led by the project’s committers. The IETF works as fast as someone writes text and that text is debated at three meetings a year or on email lists. In the end, only a document is produced. Often after the specification is published do implementations (potentially) follow, products created, deployed and operationalized. Then the cycle goes to the top of updating the spec. This can be a very, very long feedback cycle. Rarely can a Standards Body set the trajectory for industry uptake of a technology by publishing a spec and then hoping the industry will follow. The SDO (the IETF in this case) runs the risk of either becoming “scribe” for existing code or missing an industry shift if they cannot answer these questions and move closer in operation/process to OSS.

Figure 2 YANGCATALOG.org cross SDO/OSS/Vendor dependency map

The YANGCATALOG (Figure 2) project has to be considered one of the IETF’s most successful experiments with a live, open organization and OSS tooling.  What has been accomplished is the creation of a live tree of dependent modules that together (though being worked on independently) create the new way to operate a software driven network.   Notably, a new “customer” focus has developed that includes other SDOs (e.g. MEF, IEEE, BBF) and OSS projects (e.g. OpenConfig) use tooling that simplifies both the education and development process. The dependency map can be used to not only show the relationship of the SDOs and developer communities, but also the use of technology in different architectural stacks (Figure 3). This takes the LF Network Umbrella view of the architecture and then I superimposed the red outlines on projects that use YANG data modeling.

Figure 3 Dependency map across SDOs applied to an architecture stack

At this point, I’ve gotten completely drunk on my own Kool-Aid and believe that the way to understand the impact of a technology (specific to the IETF) is not on the RFC ID but on the product of the RFC.  And, the product of that RFC is represented by a multi-SDO, multi-open source community dependency graph. But the success of YANGCATALOG and the potential contribution it might make to the path forward in bridging SDO to OSS makes me wonder how we carry the experiment forward.  Is the IETF able to maintain the tools or is this the catalyst to build an open source community and/or non-profit foundation?  Will the potential process changes YANGCATALOG represents toward live models across communities change the funding model? Beyond YANGCATALOG, the IETF can look to its Hackathons as yet another successful experiment for different reasons.  These events, organized by Charles Eckel, have been driving renewed interest in the organization.  As I pointed out in my talk, while the attendance trend line for IETF meetings is generally slightly decreasing, Hackathon attendance is noticeably “up and to the right” and the component of hack attendees that are attending only for the Hackathon (and not the workgroup meetings or plenary) is also noticeably increasing.  For many Hackathon attendees, this is their first IETF (Figure 4).

Figure 4 IETF General Attendance (left) and Hackathon Attendance (right)

As with the YANGCATALOG experiment, IETF Hackathon success is tempered with questions about funding moving forward as they transition from an unsustainable privately funded experiment to an organizational norm. Can the Hackathon or more importantly Open Source communities (e.g. FD.IO, SNAS, PNDA, ODL, ONAP, OpNFV, K8s) become the experimentation and development “running codebases” of the next generation of standards? Do other standards professionals remember or realize that the best standards are produced in conjunction with code? It’s important to look at changes in expectation in the IETF’s customer base as well.  There we see a growing movement toward operational simplification and a willingness for experimentation.  Operators are attracted to OSS because of a desire to learn, become more directly involved in the processes affecting their businesses and the attractive fast iterative model of consensus it provides. They can also develop desired functionality, fix bugs, in the end; produce and deploy products. Most importantly, they can modify the code as necessary to fit into their operational environments, integrate multiple technologies together for their own Intellectual Property. Thankfully Alissa Cooper (Chair of the IETF) appears to fully understand the new context of SDOs and of course running code and is attempting to make several cultural, organizational and process changes at the IETF. Outside of the IETF, other SDO organizations have struggled with accommodating the desires of their target customers and making their own turn toward new models of SDO/OSS partnership.  This has led to a noticeable fracturing of the industry as SDOs fight for relevancy and (in some cases) “defend their territory”.  In general, there have been more failures than successes with numerous lessons we can apply to the IETF as it considers IASA 2.0. Notably, the MEF has successfully reinvented itself over the last few years, moving up the stack from its Carrier Ethernet service definitions to L3-L7 services above via the LSO architecture and APIs that are delivered via their own OSS projects (OpenLSO and OpenCS). Also, by formalizing lateral partnerships with the ONF, TMForum and IETF (via the YANGCATALOG and live data model mechanism).  They have partnerships with the external ONAP OSS project.  This movement is leadership driven through the MEF Office of the CTO.  Like the IETF, they have run successful Hackathons (with Charles’ help), most often using tools from the same set of complimentary OSS projects that we see at the IETF hacks. They have also invested in the infrastructure to support these activities (MEFnet). This latter piece is critical to create “live standards” not only providing for the computers, networking infra and storage for the projects, but that tools and repos of funded code and developer communities can be homed which are critical to the MEF. There is some potential for specification/certification partnerships between an SDO and OSS communities, but the recipe is complex.  What makes the 3GPP/GCF certification partnership work may not apply to other pairings and may not extend to the world of 5G. Is relegating an SDO to being a testing and certification body “enough” for the body to survive? In an organization like the IETF without membership or dues, can the body afford the infrastructure necessary? The trend toward reference design driven open hardware projects may offer yet another potential model that moves beyond that of loosely coupled certification and test.  The success here is coupled to the reference designs that spark the growth of ecosystems and promote interoperability.  These fast-moving projects can be either consolidated (e.g. TIP) or scattered and independent (e.g. OpenROADM).  Outside of the model itself, these groups form another layer of dependency and interrelationship that need to be tracked. Other potentially positive models can be seen evolving from the OSS side, perhaps embodied best by the Open Connectivity Foundation, who combine focus with a variety of techniques and processes that address some of the questions we’ve tripped over in our IETF experiments and echo some of the successes: they have clear standards partnerships, they publish reference designs, they offer certification, they have an OSS community, they sponsor a repository of live data models with dependency tracking (like YANGCATALOG) and are membership funded for these activities. Perhaps the “pulling out all the stops” approach may or may not work, but the point is that these are the recognizable activities that are a part of some of the most successful communities. As an industry, it’s a good thing to see the experimentation. Failure scenarios in the SDO/OSS partnership model are numerous. Many of the pitfalls that the IETF and others need to avoid in order to survive relate back to my earlier observation that API specification without being involved in code generation (what I would label as “blind” specification) is the road to irrelevance.  The outcomes here are generally that either an OSS partner becomes the recognized authority on the standard or the resulting APIs are untestable, non-certifiable and unusable.  A potentially worse outcome awaits SDOs claiming standardization responsibility for technology that has already been “defacto” standardized by an OSS community. This makes the SDO (in the best case) a scribe. I cited two variants in my talk:

• The historic example of JPC and Apache where the reputation for JCP specs became so bad that the community would ignore them until Apache (open-source implementations of JCP specifications) had fixed the problems.
• A current example in the ETSI/OPNFV relationship where “blind” specification led to the inability to certify or test (OPNFV doesn’t certify against the ETSI NFV framework per se as the specification is too weak and have opted largely for their own set of tests).

The OSS world has progressed not only in volume but also in purpose.  While the original ethos of “open source” is embodied by the numerous communities of at least eight major foundations (relevant to the work of SDOs like the IETF), and thousands of unaffiliated projects under Github, massive organizations have begun using open source as a market moving force and strategic tool.  Successful integration into this new environment requires SDOs to develop competencies, cultures and communities and outreach suitable for interacting with the entire spectrum of the OSS environment.  Outreach is one of the most important roles in OSS and any SDO trying to make the transition into an OSS-relevant role (like partnership) will need to re-evaluate their liaison mechanisms, which are generally inadequate for this task. Overhanging all of these scenarios are IPR considerations.  In most OSS projects, the only IPR terms are the OSS license.  For some major projects, IP is governed with additional terms like a Contributor License Agreement (CLA) or formal IP Policy. These are foreign to the RAND (Reasonable And Non-Discriminatory) policies currently used in SDOs. These RAND policies, when combined with the SDO concentration on producing the best technical solutions may ultimately produce the worst business solutions.  This is particularly true when the SDO effort(s) become disjoint in addressing a rapidly changing legal and business environment, as witnessed in the MPEG standard evolution and replacement by AOM and Open Source solutions. The OSS community expects that “open source” means software will be usable by anyone for free without additional license.  The standards world is beginning to see value in OSS methods. Some projects are now pushing for copyright-only “open source” projects that will require RAND patent royalty to use. This is highly controversial within the OSS community and most SDOs, fundamentally redefines open source and induces users to incur liability. Recent problems surrounding Facebook’s React.js patent rider highlight why alignment is key.  While this is a scene for later in our movie, undoubtedly populated with lawyers, coming to terms with these divergent IPR models CAN be a major stumbling block to progress.

Figure 5 Potential outcome of inaction – SDO aggregation

While all of this is a lot to consider, to not move forward is the worst possible choice.  To NOT make might not lead to irrelevance, but it can relegate SDOs to niche roles or lead to an SDO aggregation similar to the one we saw in the early 2000s of many X-Forums coming together (Figure 5).  Aggregation addresses the same problems that plague the “begetting” of OSS projects in our earlier example, leading to the same sort of consolidation within the Linux Foundation networking project umbrella – small communities of folks have to come together in a bigger meeting because their own individual effort can’t be afforded. The industry got high on building a foundation around every Open Source effort and it was learned that weight wasn’t necessary or helpful.

Figure 6 Moving Forward

I’m convinced that an individual who is an industry leader of the future is one that understands there are multiple communities that need to be influenced, that we have interdependencies between these pieces, and is able to work at the code level as well as understand the structure and need to standardize pieces. That leader understands that the output of the work they are doing in technology is setting the trajectory of the industry and sees the picture of how the relationships between all of these organizations work. We are now at a very critical turn in our navigation forward.  In the IETF (and in some other SDOs) we have evolved the SDO role past “paper pusher” to “tinkerer/builder” but we haven’t fully figured out how to get to new roles; community based coder, industry and ad hoc standard creator, industry catalyst and multi-community influencer (Figure 6). Benoit has shown what one individual can do with a clear goal of unifying the industry (SDOs and dev communities) on YANG schemas. The next chapter of that effort will be around the schemas for telemetry. To get there we first have to choose “vigorous relevance” which will entail changing our processes and thinking.   We need to identify emerging problems and start open source projects and work with other related SDOs and applicable communities to write code to solve and standardize solutions.  The SPIFFE/SPIRE project is a very recent example of the industry (yet again) missing the opportunity to lead in an area that an SDO like the IETF arguably has some expertise, but the development community doesn’t want to be slowed down. At the same time, we need to remain balanced and accept our roles as technologists – that what we are creating has a very specific role in a larger ecosystem.  What gets me excited as an engineer is getting my technology out there and being used in multiple new and different ways. Yangcatalog and M2M are models for how we may organize the fracturing of the industry, and stop the Brownian motion between multiple SDOs and OSS.  We need metadata to enrich those models. If there is going to be a relationship between SDO and OSS, understanding what makes a good standard and what makes a good OSS project need to be understood … perhaps independently. Eventing, Telemetry, APIs and protocols (in working code) need to be our products.  The IETF (and every SDO) need to change the process to be centered around these products of the specifications (RFCs) and NOT the specification itself (RFC IDs). As someone who has championed the privately funded phase of our evolution (these tools and other contributions and organizational and cost structures) I’m personally looking for a way to partner with the IETF, ISOC and OSS communities to bring this tooling forward. An experiment isn’t a sustainable strategy; it’s just someone sticking their neck out willing to see if something might succeed/be of value. Hopefully, it catalyzes many more.   Editorial note: This article was originally published on the Cisco blog: https://blogs.cisco.com/sp/three-years-on-open-standards-open-source-open-loop]]> 2648 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-internet-infrastructure-resilience/ Mon, 12 Mar 2018 09:00:12 +0000 https://www.ietfjournal.org/?p=2654 Internet Society Rough Guide to IETF 101, I’ll focus on important work the IETF is doing that helps improve security and resilience of the Internet infrastructure.

BGP

What happens if an IXP operator begins maintenance work on the switches without ensuring that BGP sessions between the peers have been shut down? A network disruption and outage. A draft now in the RFC editor queue, “Mitigating Negative Impact of Maintenance through BGP Session Culling”, provides guidance to IXP operators on how to avoid such situations by forcefully tearing down the BGP sessions (session culling) affected by the maintenance before the maintenance activities commence. This approach allows BGP speakers to pre-emptively converge onto alternative paths while the lower layer network's forwarding plane remains fully operational. Another draft also in the RFC editor queue, “Graceful BGP session shutdown”, addresses issues related to planned maintenance. The procedures described in this document can be applied to reduce or avoid packet loss for outbound and inbound traffic flows initially forwarded along the peering link to be shut down. These procedures trigger, in both Autonomous Systems (AS), rerouting to alternate paths if they exist within the AS, while allowing the use of the old path until alternate ones are learned. This ensures that routers always have a valid route available during the convergence process. Both recommendations have been developed in the GROW WG. They represent simple measures that can have a significant positive impact on overall stability.

RPKI and BGPSEC

The SIDR Operations Working Group (SIDROPS) has taken over the technology developed in SIDR WG and is focused on developing guidelines for the operation of SIDR-aware networks, and providing operational guidance on how to deploy and operate SIDR technologies in existing and new networks. If you follow the work of SIDR and now SIDROPS WGs you may recall that for more than three years the participants have been discussing an issue of potential operational fragility in the management of certificates in the RPKI in response to the movement of resources across registries. Finally, the IESG has approved it and the draft is in the RFC editor queue. Here is the summary of the proposal: “Where the procedure specified in RFC 6487 requires that Resource Certificates are rejecting entirely if they are found to over-claim any resources not contained on the issuing certificate, the validation process defined here allows an issuing Certificate Authority to choose to communicate that such Resource Certificates should be accepted for the intersection of their resources and the issuing certificate. This choice is signaled by form of a set of alternative Object Identifiers (OIDs) of RFC 3779 X.509 Extensions for IP Addresses and AS Identifiers, and certificate policy for the Resource Public Key Infrastructure (RFC 6484)”. A possible sign of RPKI adoption is the fact that IXPs are considering or even performing RPKI checks by the route server. Route server is a common IXP component enabling multilateral peerings at the exchange point. To clarify how such validation can be performed and signalled, if necessary, to the peers, a draft “Signaling Prefix Origin Validation Results from an RPKI Origin Validating BGP Speaker to BGP Peers” is now under discussion. The main argument is whether it is productive to signal validation results instead of simply discarding “invalid” routes and maybe tagging “valid” and “unknown”. This discussion will likely surface at the meeting, too.

DDoS

DDoS attacks are a persistent and growing threat on the Internet. And as DDoS attacks evolve rapidly in the aspect of volume and sophistication, more efficient cooperation between the victims and parties that can help in mitigating such attacks is required. The ability to quickly and precisely respond to a beginning attack, communicating the exact information to the mitigation service providers is crucial. Addressing this challenge is what keeps the DDoS Open Threat Signaling (DOTS, http://datatracker.ietf.org/wg/dots/) WG busy. In the DOTS architecture, clients and servers communicate using DOTS signalling. As a result of signals from a DOTS client, the DOTS server may modify the forwarding path of traffic destined for the attack target(s), for example by diverting traffic to a mitigator or pool of mitigators, where policy may be applied to distinguish and discard attack traffic. The main work is now concentrated on defining the signal channel (https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/ ) that allows a client to ask a DOTS server for help in mitigating an attack, and for the DOTS server to inform the DOTS client about the status of such mitigation. They also work on the optional data channel (https://datatracker.ietf.org/doc/draft-ietf-dots-data-channel/) that provides additional capabilities, such as configuration and policy information exchange. To summarize – there is important work underway at the IETF that will hopefully lead to a more resilient and secure Internet infrastructure.

Related Working Groups at IETF 101

SIDROPS (SIDR Operations) WG Thursday, 22 March, 15:50-17:50, Park Suite Agenda: https://datatracker.ietf.org/meeting/101/agenda/sidrops/ Charter: https://datatracker.ietf.org/wg/sidrops/charter/ GROW (Global Routing Operations) WG Monday, 19 March, 17:40-18:40, Blenheim Agenda: https://datatracker.ietf.org/meeting/101/agenda/grow/ Charter: https://datatracker.ietf.org/wg/grow/charter/ IDR (Inter-Domain Routing) WG Monday, 19 March, 15:50-17:20, Buckingham Agenda: https://datatracker.ietf.org/meeting/101/agenda/idr/ Charter: https://datatracker.ietf.org/wg/idr/charter/ DOTS (DDoS Open Threat Signaling) WG Tuesday, 20 March, 15:50-18:20, Viscount Agenda: https://datatracker.ietf.org/meeting/101/agenda/dots/ Charter: https://datatracker.ietf.org/wg/dots/charter/

Follow Us

It will be a busy week in London, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 101 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF101 to keep up with the latest news.]]> 2654 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-back-to-london/ Sun, 11 Mar 2018 11:00:28 +0000 https://www.ietfjournal.org/?p=2656 Internet Engineering Task Force will be in London for IETF 101, where about 1000 engineers will discuss open internet standards and protocols. The week begins on Saturday, 17 March, with a Hackathon and Code Sprint. The IETF meeting itself begins on Sunday and goes through Friday. As usual, we’ll write our ‘Rough Guide to the IETF’ blog posts on topics of mutual interest to both the IETF and the Internet Society:

• Overview of ISOC @ IETF
• Routing Infrastructure Security Resilience
• Internet of Things
• IPv6
• DNSSEC, DANE and DNS Security
• Identity, Privacy, and Encryption

More information about IETF 101:

• IETF 101 main page
• Remote participation & live stream information

Here are some of the activities that the Internet Society is involved in during the week.

IETF Journal

The November issue marked the final printed version; now, as I hope you've seen, we share longer-form articles online and via our Twitter and Facebook channels. Our three most recent articles are "Three Years On: Open Standards, Open Source, Open Loop" by David Ward, “Big Changes Ahead for Core Internet Protocols” by Mark Nottingham, and “QUIC: Bringing flexibility to the Internet” by Jonathan Corbet. The IETF Journal is also now the home to this Rough Guide to IETF. The IETF Blog provides many of the day-to-day updates and reports previously covered in the printed versions of the Journal. (While you’re at it, I encourage you to read the IAB post on consolidation. It is quite a good question.) Want to write for the Journal? Email us at ietfjournal@isoc.org.

IRTF and ANRP

Through the Applied Networking Research Prize (ANRP), supported by the Internet Society, the Internet Research Task Force (IRTF) recognizes the best new ideas in networking, and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. Out of 55 submissions in 2018, six submissions will be awarded prizes in 2018. Two winners will present their work at the IRTF Open Meeting on Wednesday, 21 March at 9:30AM.

• Mojgan Ghasemi for a detailed analysis of the performance of a commercial video streaming service:
  • Mojgan Ghasemi, Partha Kanuparthy, Ahmed Mansy, Theophilus Benson, Jennifer Rexford. Performance Characterization of a Commercial Video Streaming Service. Internet Measurement Conference (IMC) 2016, Santa Monica, California, USA, Nov. 2016.
• Vaspol Ruamviboonsuk for improving web client and server interactions to enhance webpage load times:
  • Ruamviboonsuk, R. Netravali, M. Uluyol, H. Madhyastha. Vroom: Accelerating the Mobile Web with Server-Aided Dependency Resolution. Proc. Conference of the ACM Special Interest Group on Data Communication (SIGCOMM ‘17). ACM, New York, NY, USA.

Hackathon

Right before IETF 101, the IETF is holding another Hackathon to encourage developers to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards. The Hackathon is free to attend but has limited seats available. Technologies from past Hackathons include DNS, HTTP 2.0, NETVC, OpenDaylight, ONOS, VPP/FD.io, RiOT, SFC, TLS 1.3, WebRTC, YANG/NETCONF/RESTCONF. Details on all planned technologies will be listed on the IETF 101 Meeting Wiki.

Technical Plenary

One of the week’s highlights is always the technical plenary. It will take place on Wednesday, 21 March, from 17:10-19:40. The event is live streamed at www.ietf.org/live.

Birds of a Feather (BoF) Sessions

Another major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. There are four BoFs happening in London:

• Identifier Locator Addressing (ILA) Thursday, 22 March, 18:10-19:10 A protocol to implement transparent network overlays without encapsulation. ILA is motivated by the need for network overlays in datacenter, virtualization and mobility scenarios that can scale to billions of nodes and be interoperable with existing infrastructure.

• IASA 2.0 (iasa20) Tuesday, 20 March, 13:30-15:30 Reviews and possibly reworks administrative arrangements at the IETF.
• Messaging Layer Security (MLS) Thursday, 22 March, 15:50-17:50 Standardizing a security protocol for encryption key establishment for use in group messaging applications, which have proliferated in recent years. While several widely-deployed applications have developed their own protocols to meet these needs, no two are close enough to interoperate.
• Common Operations and Management on Network Slices (COMS) Thursday, 22 March, 09:30-12:00 Provides an architecture and information model for the delivery of "network slices," a 5G concept that describes a set of infrastructure resources and service functions that has attributes specifically designed to meet the needs of an industry vertical or a specific service offering.

Follow Us

It will be a busy week in London, and whether you plan to be there or join remotely, there’s much to monitor. Follow us on the Internet Society blog, Twitter, or Facebook using #IETF101 to keep up with the latest news.]]> 2656 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-internet-of-things/ Tue, 13 Mar 2018 08:00:04 +0000 https://www.ietfjournal.org/?p=2659 Rough Guide to IETF 101 post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 101 meeting in London. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics. See also this recent article in the IETF Journal: Internet of Things: Standards and Guidance from the IETF. The IETF Hackathon, held the weekend preceding the main IETF meeting (17-18 March), will include at least four projects directly related to IoT, with the possibility of more being added. More information is on the Hackathon wiki.

• Firmware Updates for Internet of Things
• Semantic Interoperability (WISHI - Workshop on IoT Semantic/Hypermedia Interoperability) Test Event
• 6LoRITT: 6LoWPAN Interoperability Testing Sessions (plugtest) with the F-Interop Testing Platform
• Measuring leakage from IoT with a MITM (“man in the middle”) proxy

The Thing-to-Thing Research Group (T2TRG) investigates open research issues towards turning the IoT into reality. The research group will be meeting on Thursday afternoon in London to report out on their recent activities. Their summary meeting agenda is here. As in the past, full details and latest info can be found in GitHub. Of particular note is a recent update of a key ID: State-of-the-Art and Challenges for the Internet of Things Security. Following IETF 101, there will be a joint meeting with the T2TRG, the Open Connectivity Foundation (OCF), and W3C Web of Things (WoT) Working Group on March 23 in Prague.

New Work

There are two newly chartered IoT-related working groups meeting for the first time in London, which are tackling very serious problems. I am pleased to see these moving forward:

• Trusted Execution Environment Provisioning (TEEP), working on standardizing protocols for provisioning applications into secure areas of computer processors. They will be meeting on Tuesday afternoon in London. A key ID up for discussion:
  • The Open Trust Protocol (OTrP)
• Software Updates for Internet of Things (SUIT), which is working on mechanisms for securely updating the firmware in IoT devices. Of note is a recent Liaison Statement from the ITU’s Telecommunication Standardization Sector (ITU-T) Study Group (SG) 17 (Security). 2 key IDs were recently revised - the manifest and the architecture documents:
  • Firmware Manifest Format
  • A Firmware Update Architecture for Internet of Things Devices

Ongoing Work

The Constrained RESTful Environments (core) WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups and they will be meeting twice in London, on Monday afternoon and Tuesday morning. They will be considering several Internet Drafts (IDs) including: CoAP Simple Congestion Control/Advanced, CoAP Management Interface, Uniform Resource Names for Device Identifiers, and Publish-Subscribe Broker for the Constrained Application Protocol (CoAP). The IPv6 over Networks of Resource-constrained Nodes (6lo) WGfocuses on the work that facilitates IPv6 connectivity over constrained node networks with the characteristics of:

• limited power, memory and processing resources
• hard upper bounds on state, code space and processing cycles
• optimization of energy and network bandwidth usage
• lack of some layer 2 services like complete device connectivity and broadcast/multicast

They have some interesting work queued up, including discussion of a revision to RFC 6775 (Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)). They will be meeting on Thursday afternoon in London. The IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) WGwas chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. The 6top Protocol (6P) ID was recently revised and is in IESG last call on its way to adoption - it enables distributed scheduling in 6TiSCH networks. Among the interesting things on their agenda is planning for the next F-Interop 6TiSCH Interoperability event. They are meeting on Wednesday afternoon in London. The Home Networking (homenet) WG focuses on the evolving networking technology within and among relatively small "residential home" networks. For example, an obvious trend in home networking is the proliferation of networking technology in an increasingly broad range and number of devices. They will be meeting in London on Friday morning and discussing several interesting IDs. The IPv6 over Low Power Wide-Area Networks (lpwan) WG will be meeting in London on Wednesday morning. Typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands. There is a recently-published LPWAN Overview. They have a very useful overview draft, recently revised. The IP Wireless Access in Vehicular Environments (ipwave) WG has as its primary deliverable a specification for mechanisms to transmit IPv6 datagrams over IEEE 802.11-OCB mode. For more about this very timely topic, there is a recently updated ID: IP-based Vehicular Networking: Use Cases, Survey and Problem Statement. ipwave will meet on Monday morning in London. The Authentication and Authorization for Constrained Environments (ace) WG,as its name suggests, is concerned with authentication and authorization mechanisms in constrained environments, where network nodes are limited in CPU, memory and power. This is a critical issue for IoT, for obvious reasons. The proposed standard is the subject of a recently-revised ID. ace will meet on Monday morning. Routing for IoT is tackled by theRouting Over Low power and Lossy networks (roll) WG which focuses on routing protocols for constrained-node networks. They have 2 meetings in London: Thursday morning and Friday morning. Finally, in addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WGis developing such documents and they will meet in London on Wednesday afternoon. The IDs CoAP Implementation Guidance and Building Power-Efficient CoAP Devices for Cellular Networks are useful resources. lwig will be meeting in London on Wednesday afternoon. I also want to (again) draw your attention to a very interesting (Standards Track) Internet Draft being discussed in the Operations and Management Area Working Group (opsawg) which seems to hold significant promise, and which appears to be gaining some serious traction: “Manufacturer Usage Description Specification“ (MUD). From the abstract: This memo specifies a component-based architecture for manufacturer usage descriptions (MUD). The goal of MUD is to provide a means for Things to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects. The opsawg meeting will be held on Monday afternoon. MUD also plays a significant role in the project – Mitigating IoT-Based Automated Distributed Threats – being developed by the US National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). If you have an interest in how the IoT is developing and being standardized in the IETF, I hope to see you in person or online at some of these meetings during IETF 101. (Note that If you know you will be unable to travel to the meeting and would like to participate remotely, you must register as a remote participant. There is no fee to be a remote participant at an IETF meeting but registration is required. If you do not want to register, you may opt to listen to the live audio stream of the sessions instead.

Related Working Groups at IETF 101

Schedule and locations subject to change. Please refer to the online agenda to confirm. ** All times London Time: GMT ** 6lo (IPv6 over Networks of Resource-constrained Nodes) WG Thursday, 22 March 2018, 13:30-15:30 Buckingham meeting room Agenda/Materials Documents Charter 6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG Wednesday, 21 March 2018, 13:30-15:00 Viscount meeting room Agenda/Materials Documents Charter ace (Authentication and Authorization for Constrained Environments) WG Monday, 19 March 2018, 09:30-12:00 Balmoral Meeting Room Agenda/Materials Documents Charter core (Constrained RESTful Environments) WG Monday, 19 March 2018, 13:30-15:30 Richmond/Chelsea/Tower Meeting Room Tuesday, 20 March 2018, 09:30-12:00 Viscount meeting room Agenda/Materials Documents Charter homenet (Home Networking) WG Friday, 23 March 2018, 09:30-11:30 Sandringham Meeting Room Agenda/Materials Documents Charter ipwave (IP Wireless Access in Vehicular Environments) WG Monday, 19 March 2018, 09:30-12:00 Sandringham Meeting Room Agenda/Materials Documents Charter lpwan (IPv6 over Low Power Wide-Area Networks) WG Wednesday, 21 March 2018, 09:30-12:00 Viscount meeting room Agenda/Materials Documents Charter lwig (Light-Weight Implementation Guidance) WG Wednesday, 21 March 2018, 15:20-16:50 Park Suite Meeting Room Agenda/Materials Documents Charter opsawg (Operations and Management Area) WG Monday, 19 March 2018, 13:30-15:30 Blenheim meeting room Agenda/Materials Documents Charter roll (Routing Over Low power and Lossy networks) WG Thursday, 22 March 2018, 09:30-12:00 Park Suite Meeting Room Friday, 23 March 2018, 09:30-12:00 Viscount meeting room Agenda/Materials Documents Charter suit (Software Updates for Internet of Things) WG Monday, 19 March 2018, 13:30-15:30 Buckingham meeting room Agenda/Materials Documents Charter t2trg (Thing-to-Thing) RG Thursday, 22 March 2018, 15:50-17:50 Blenheim meeting room Agenda/Materials Documents Charter teep (Trusted Execution Environment Provisioning) WG Tuesday, 20 March 2018, 13:30-15:30 Balmoral Meeting Room Agenda/Materials Documents Charter

Follow Us

It will be a busy week in London, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 101 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF101 to keep up with the latest news.]]> 2659 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-ipv6/ Wed, 14 Mar 2018 10:00:56 +0000 https://www.ietfjournal.org/?p=2662 Internet Society Rough Guide to IETF 101, I’m reviewing what’ll be happening at the IETF in London next week. IPv6 global adoption rates continue to rise (to approximately 22% according to Google), although at a slightly slower overall rate since the last IETF. Nevertheless, there's still substantial growth in IPv6 capability in large markets such as the United States, India and Germany, with Belgium still leading the world. There has also been significant progress in Greece, Brazil, Malaysia, Finland, Switzerland and Uruguay recently, whilst Japan, the UK and France continue to show consistent growth. The amounts of native IPv6 traffic seen on the Internet still does not entirely reflect global IPv6 capabilities, but with most major content and cloud providers now supporting IPv6, and mobile networks increasingly preferring IPv6, this gap will continue to close. IPv6 is an important focus for the IETF, particularly with respect to the standardisation work related to the Internet-of-Things. And it’s straight into the IPv6 work on Monday, with both the IPv6 Operations (v6ops) and IPv6 Maintenance (6man) Working Groups being held that day, along with three other IoT-related Working Groups. The IPv6 Operations (v6ops) Working Group is one of the key groups, but has a relatively light agenda this time as since the last meeting it’s published two RFCs. RFC 8273 (https://tools.ietf.org/html/rfc8273) outlines the assignment of unique IPv6 prefixes to hosts instead of from a shared IPv6, which allows unique service provider addresses to be used to improve host isolation and enhance subscriber management on shared networks. RFC 8305 (https://tools.ietf.org/html/rfc8305) provides an update to the Happy Eyeballs algorithm to reduce delays to users whilst preferring IPv6 on dual-stack networks. The meeting kicks off first thing Monday morning with a discussion on implementing IPv6-preferred data centres. There’s then a couple of new drafts that include Requirements for IPv6 Routers (https://tools.ietf.org/html/draft-ietf-v6ops-ipv6rtr-reqs-02) that defines a set of recommendations for routers, switches, and middleboxes deployed in IPv6 networks; plus Using Conditional Router Advertisements for Enterprise Multihoming (https://tools.ietf.org/html/draft-ietf-v6ops-conditional-ras-01) that proposes a solution to the problem of enterprise multihoming without address translation by using Router Advertisements to influence the host source address. There’s also five other existing drafts for which comment is still being requested. NAT64 Deployment Guidelines in Operator and Enterprise Networks (https://tools.ietf.org/html/draft-palet-v6ops-nat64-deployment-00) describes how NAT64 can be deployed in an IPv6 operator or enterprise network when there is only an IPv6 access link; IPv6 Point-to-Point Links (https://tools.ietf.org/html/draft-palet-v6ops-p2p-links-00) describes different alternatives for configuring IPv6 point-to-point links, considering the prefix size, numbering choices and prefix pool to be used; whilst Transition Requirements for IPv6 Customer Edge Routers to support IPv4 (https://tools.ietf.org/html/draft-palet-v6ops-transition-ipv4aas-00) extends RFC 7084 in order to allow the provisioning of IPv6 transition services for the support of IPv4 as a Service (IPv4aaS) by means of new mechanisms that were not available when RFC 7084 was published. IPv6 Performance Measurement with Alternate Marking Method (https://tools.ietf.org/html/draft-fioccola-v6ops-ipv6-alt-mark-00) describes a passive performance measurement method in an IPv6 domain, with IP Fragmentation Considered Fragile (https://tools.ietf.org/html/draft-bonica-intarea-frag-fragile-01) discusses how IP fragmentation reduces the reliability of Internet communication and provides recommendations for application developers and network operators. The IP Wireless Access in Vehicular Environments (ipwave) Working Group is running in parallel with v6ops. It is currently focused on a couple of working group-sponsored drafts including a specification for transmitting IPv6 Packets over IEEE 802.11 Networks in Vehicle-to-Internet and Vehicle-to-Infrastructure communications (https://tools.ietf.org/html/draft-ietf-ipwave-ipv6-over-80211ocb-21); and defining the use cases for IP-based vehicular networks (https://tools.ietf.org/html/draft-ietf-ipwave-vehicular-networking-02). The group will also be discussing re-chartering, with a problem statement and associated security and privacy considerations due to the IESG in May 2018. The IPv6 Maintenance (6man) Working Group is another key group, and since the last meeting has published RFC 8319 (https://tools.ietf.org/html/rfc8319) that updates the IPv6 Neighbor Discovery Protocol (RFC 4861) to increase the maximum time allowed between sending unsolicited multicast RAs from a router interface as well as to increase the maximum router lifetime. The meeting is being held on Monday afternoon and has a busy agenda with 2 working group-sponsored drafts, 2 existing drafts, and 3 new drafts, as well as an update on multi-vendor interoperability testing results. IPv6 Node Requirements (https://tools.ietf.org/html/draft-ietf-6man-rfc6434-bis) specifies the minimum requirements for enabling effective IPv6 functionality and interoperability on nodes; whilst IPv6 Segment Routing Header (https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header) specifies how a node can steer a packet through a controlled set of instructions (segments) by prepending an SR header to the packet. ICMPv6 errors for discarding packets due to processing limits (https://tools.ietf.org/html/draft-herbert-6man-icmp-limits-03) defines how nodes can signal the discard of packets if they are unable to process the protocol headers; and IPv6 Router Advertisement IPv4 Unavailable Flag (https://tools.ietf.org/html/draft-hinden-ipv4flag-03) specifies a flag to indicate to hosts there's no IPv4 service on the advertising default IPv6 router, updating RFC 5175 (https://tools.ietf.org/html/rfc5175). The new drafts up for discussion include Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (https://tools.ietf.org/html/draft-gont-6man-rfc4941bis) that describes an extension that causes nodes to generate global scope addresses from interface identifiers that change over time; Recommendation on Temporary IPv6 Interface Identifiers (https://tools.ietf.org/html/draft-gont-6man-non-stable-iids-02) specifies a set of requirements for generating temporary addresses and clarifies the stability requirements for IPv6 addresses; with Unified Identifier in IPv6 Segment Routing Networks (https://tools.ietf.org/html/draft-mirsky-6man-unified-id-sr) extending the use of IPv6 Segment Routing Headers to segment identifiers encoded as MPLS labels and IPv4 addresses. If you fancy staying later, the Dynamic Host Configuration (dhc) Working Group is meeting on Monday evening and has three IPv6-related drafts on the agenda. DHCPv4 over DHCPv6 Source Address Option (https://tools.ietf.org/html/draft-ietf-dhc-dhcp4o6-saddr-opt-01) defines a DHCPv6 option to convey parameters for communicating a source tunnel IPv6 address between an DHCP 4o6 client and server, in conjunction with the IPv4 address allocation process. YANG Data Model for DHCPv6 Configuration (https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-yang-06) aims to support the configuration and management of DHCPv6 servers, relays, and clients; whereas Link Layer Addresses Assignment Mechanism for DHCPv6 (https://tools.ietf.org/html/draft-bvtm-dhc-mac-assign-00) proposes an extension to DHCPv6 that allows a scalable approach to link-layer address assignments. There doesn’t seem to be lot happening IPv6-wise on Tuesday, but if you’re feeling IPv6 withdrawal symptoms, then the Measurement and Analysis for Protocols Research Group (maprg) on Tuesday morning has three IPv6-specific agenda items. These are a discussion on measuring IPv6 performance, visualising IPv6 space, and an update on IPv6 client adoption. The Low Power Wide-Area Networks (lpwan) Working Group meets on Wednesday morning. This is working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres, and whilst the agenda has yet to be published, there are three current working group-sponsored drafts. The overview of the set of LPWAN technologies under consideration by the IETF has now been sent to the IESG for publication (https://tools.ietf.org/html/draft-ietf-lpwan-overview), whilst the other relevant draft deals with LPWAN header compression and fragmentation for IPv6 (https://tools.ietf.org/html/draft-ietf-lpwan-ipv6-static-context-hc/). The IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group then meets on Wednesday afternoon. TSCH is the emerging standard for automation and control over low-power and lossy wireless networks, and this group is working on how to utilise IPv6 in industrial standards. There’s a very full agenda, with the 6top protocol that enables distributed scheduling (https://tools.ietf.org/html/draft-ietf-6tisch-6top-protocol-10) now being targeted for an IESG Last Call, and the security functionality (https://tools.ietf.org/html/draft-ietf-6tisch-minimal-security-05 and https://tools.ietf.org/html/draft-ietf-6tisch-6top-sfx-01) being prepared for Working Group Last Calls. Thursday is another quiet day with just the IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group meeting on Thursday afternoon. It nonetheless has a fairly busy agenda with Registration Extensions for 6LoWPAN Neighbor Discovery (https://tools.ietf.org/html/draft-ietf-6lo-rfc6775-update-14) and Address Protected Neighbor Discovery for Low-power and Lossy Networks (https://tools.ietf.org/html/draft-ietf-6lo-ap-nd-06) having received feedback from the IESG. The drafts related to IPv6 Backbone Router (https://tools.ietf.org/html/draft-ietf-6lo-backbone-router-06) that proposes proxy operations for IPv6 Neighbor Discovery on behalf of devices located on broadcast-inefficient wireless networks; and Packet Delivery Deadline time in 6LoWPAN Routing Header (https://tools.ietf.org/html/draft-ietf-6lo-deadline-time-01) are being prepared for Working Group Last Calls. There will also be updates on the 6LO applicability and use cases (https://tools.ietf.org/html/draft-ietf-6lo-use-cases-04), and from the fragmentation design team (https://tools.ietf.org/html/draft-watteyne-6lo-minimal-fragment-00 and https://tools.ietf.org/html/draft-thubert-6lo-forwarding-fragments-04). Finally, there’s a proposed update to RFCs 6550 and 6775 where 6LoWPAN ND nodes in a RPL domain do not participate in the routing protocol. The week concludes with the Homenet Working Group (homenet) on Friday morning. This develops protocols for residential networks based on IPv6 and currently has Special Use Domain 'home.arpa.’ awaiting publication as an RFC, with the Homenet profile of the Babel routing protocol (https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-05) currently in IETF Last Call. The Simple Homenet Naming and Service Discovery Architecture (https://tools.ietf.org/html/draft-ietf-homenet-simple-naming-01) describes how names are published and resolved homenets, and how hosts are configured to use these names to discover services on homenets. The remainder of the agenda will be a discussion about Homenet security in relation to the home perimeter, HNCP and Babel, as well as appropriate trust models and how to establish trust. At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe. You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

• http://www.internetsociety.org/deploy360/start/
• http://www.internetsociety.org/deploy360/ipv6/

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 101 posts.

IPv6-related Working Groups at IETF 101:

V6OPS (IPv6 Operations) Working Group Monday, 18 March 2018 09.30-12.00 UTC, Viscount Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-v6ops/ Documents: https://datatracker.ietf.org/wg/v6ops/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/ IPWAVE (IP Wireless Access in Vehicular Environments) Monday, 18 March 2018 09.30-12.00 UTC, Sandingham Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-ipwave/ Documents: https://datatracker.ietf.org/wg/ipwave/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-ipwave/ 6MAN (IPv6 Maintenance) WG Monday, 18 March 2018 13.30-15.30 UTC, Viscount Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-6man/ Documents: https://datatracker.ietf.org/wg/6man/documents/ Charter: https://datatracker.ietf.org/wg/6man/charter/ DHC (Dynamic Host Configuation) WG Monday, 18 March 2018 17.30-18.40 UTC, Viscount Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-dhc/ Documents: https://datatracker.ietf.org/wg/dhc/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-dhc/ LPWAN (IPv6 over Low Power Wide-Area Networks) Wednesday, 20 March 2018 09.30-12.00 UTC, Viscount Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-lpwan/ Documents: https://datatracker.ietf.org/wg/lpwan/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/< 6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) Wednesday, 20 March 2018 13.30-15.00 UTC, Viscount Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-6tisch/ Documents: https://datatracker.ietf.org/wg/6tisch/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/ 6LO (IPv6 over Networks of Resource Constrained Nodes) WG Thursday, 21 March 2018 13.30-15.30 UTC, Buckingham Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-6lo/ Documents: https://datatracker.ietf.org/wg/6lo/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/ Homenet (Home Networking) WG Friday, 22 March 2018 09.30-11.00 UTC, Sandringham< Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-homenet/ Documents: https://datatracker.ietf.org/wg/homenet/documents/ Charter: https://datatracker.ietf.org/wg/homenet/charter/

Follow Us

It will be a busy week in London, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 101 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF101 to keep up with the latest news.]]> 2662 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/applied-networking-research-workshop-submissions-due-april-20/ Tue, 13 Mar 2018 12:46:27 +0000 https://www.ietfjournal.org/?p=2666 Applied Networking Research Workshop (ANRW2018) that will be held during IETF 102 on July 16 2018. The goal is to create a top academic venue for wide-area networking and security research and a path to transition research back into IETF standards, while inspiring academics to work on topics and open problems addressed at the IETF. We have several high-quality invited talks lined up (see below!), and are now soliciting submitted talks and papers. Submitted talks can be not-for-publication re-submissions of works that have been published elsewhere during the last 12 months; for these, we simply require a 2-page abstract. We are also seeking 6-page short papers for publication. The paper submission deadline is April 20, 2018. If you think your work can have an impact on the design and operation of the Internet, please consider submitting to ANRW2018! Call for papers: https://irtf.org/anrw/2018/cfp.html Invited talks:

• Why (and How) Networks Should Run Themselves Speaker: Nick Feamster (Princeton University)
• ARTEMIS: Neutralizing BGP Hijacking within a Minute Speaker: Alberto Dainotti (CAIDA)
• Run, Walk, Crawl: Towards Dynamic Link Capacities Speaker: Monia Ghobadi (Microsoft Research)
• TCP Congestion Signatures Speaker: Srikanth Sundaresan (UC Berkeley) or Amogh Dhamdhere (CAIDA)
• Measuring Adoption of Security Additions to the HTTPS Ecosystem Speaker: Quirin Scheitle (Technical University of Munich)

Hope to see you in Montreal! Sharon Goldberg & David Choffnes ANRW2018 Program Committee Chairs]]> 2666 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-identity-privacy-and-encryption/ Fri, 16 Mar 2018 15:53:54 +0000 https://www.ietfjournal.org/?p=2693 Rough Guide to IETF 101, I’ll take a quick look at some of the identity, privacy, and encryption related activities at IETF this coming week. Below a few of the many relevant activities are highlighted, but there is much more going on so be sure to check out the full agenda online.

Encryption

Encryption continues to be a priority of the IETF as well as the security community at large. Related to encryption, there is the TLS working group developing the core specifications, several working groups addressing how to apply the work of the TLS working group to various applications, and the Crypto-Forum Research Group focusing on the details of the underlying cryptographic algorithms. The Transport Layer Security (TLS) Working Group is a key IETF effort developing core security protocols for the Internet. The big news out of this working group is the IESG approval of the TLS 1.3 specification. There is still some way to go before final publication, but the end is in sight. There will be two TLS sessions this week. The Monday session will focus primarily on the ongoing discussion of data center operator concerns for the use of DTLS in their environments. There is an updated proposal on a “TLS 1.3 Option for Negotiation of Visibility In the Datacenter”. This is sure to continue to be a contentious topic in the TLS working group as it struggles with whether or not to adopt this work. The Wednesday session will address a number of ongoing drafts including:

• Datagram Transport Layer Security
• Connection ID
• Exported authenticators
• DNSSEC Chain Extension
• Certificate compression
• Encrypted SNI
• Semi-static DH in TLS1.3

The TLS working group is very active and, as with all things that are really important, there are many diverse opinions to fill the room. The Using TLS in Applications (UTA) Working Group was chartered to look at updating the definitions for using TLS with various application protocols. It has finished a number of documents already including recommendations for the secure use of TLS and DTLS, use of TLS for XMPP, and the use of TLS server identity check procedures for email. The main portion of the meeting will discuss issues raised on a draft related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents. Also on the agenda is a draft on an option to require TLS for SMTP. There is a new draft on TLS/DTLS 1.3 profiles for IoT that may get some discussion time, but isn’t currently listed on the agenda. The next activity of potential interest to the encryption community is the Crypto Forum Research Group (cfrg). A key work item of this research group that is nearing completion is hash based signatures. I also see updated drafts on Verifiable Random Functions, Hashing to Elliptic Curves, and Verifiable Oblivious Pseudorandom Functions. The agenda isn’t posted yet so I’m not sure what else might appear, but I am sure it will be an interesting and engaging discussion. There are two other sessions that will be of interest to folks generally interested in encryption in protocols. The first is a BoF on Message Layer Security (mls). Many internet applications need group key-establishment and a message protection protocol with features like asynchronicity, forward secrecy, membership authentication and message authentication. The goal of this proposed working group is to develop a standard security protocol so that applications can share code and so that there can be shared validation of the protocol (as there has been with TLS 1.3), not the interoperability of messaging protocols. The Messaging Layer Security BoF is a working group-forming session exploring whether there is sufficient interest and scope to form a working group on the topic. The agenda includes a problem statement, architecture, draft protocol, a report on formal analysis, and a discussion of charter. Some key drafts include https://datatracker.ietf.org/doc/draft-omara-mls-architecture and https://datatracker.ietf.org/doc/draft-barnes-mls-protocol. Finally, the QUIC Working Group is striving to provide a standards-track specification for a UDP-based, stream-multiplexing, encrypted transport protocol. This has been a very active working group in the IETF. While this is a Transport Area effort, the fact that encryption is a key aspect and being designed in from the beginning is of interest to encryption enthusiasts.

Certificates

Moving on from cryptography and encryption, the next set of IETF working groups are related to the certificate infrastructure for the Internet, acme and lamps. The Automated Certificate Management Environment (acme) Working Group is specifying ways to automate certificate issuance, validation, revocation and renewal. The main order of business at this week’s meeting is to discuss the core specification Automatic Certificate Management Environment. This document has been submitted to the IESG for publication, and this meeting will focus on addressing the feedback received to date. The meeting will also discuss the TLS ALPN challenge, and some STIR topics. The Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group is engaged in some maintenance activities around PKIX and SMIME. A number of working group documents have been submitted to the IESG, and this week’s agenda will discuss DNS Certification Authority Authorization (CAA) Resource Record, additional SHAKE algorithms and identifiers, and use of the SHAKE one-way has function in CMS.

Authentication and Authorization

From the certificate infrastructure, we move next to authentication and authorization and the set of related working groups tackling those issues for the IETF. Anyone with an interest in the Internet of Things (IoT), will be interested in the Authentication and Authorization for Constrained Environments (ace) Working Group. This group is working to develop standardized solutions for authentication and authorization in constrained environments. They published a use cases document last year, and this week’s agenda includes discussion of existing working group documents on authentication and authorization for constrained environments. The Web Authorization Protocol (oauth) Working Group has been working for years on mechanisms that allow users to grant access to web resources without necessarily compromising long term credentials or even identity. It has been a very prolific working group with around 15 RFCs published to date. IETF 101 will be another busy week for those interested in this area including sessions on both Tuesday and Wednesday. Agenda items for these two sessions include:

• Mutual TLS profile
• Token binding
• JWT best practices
• Device flow
• Discovery
• OAuth security topics
• Incremental authorization

Additionally, the working group will discuss a potential new OAuth client assertion flow and distributed OAuth. For those new to OAuth, there is an OAuth 2.0 tutorial planned for Sunday afternoon in the first tutorial slot. This is an excellent opportunity to get a detailed introduction to OAuth 2.0 from a key contributor to the work. There are two additional working groups meeting this coming week that are related to the OAUTH work. The first is the Token Binding (TOKBIND) Working Group that is tasked with specifying a token binding protocol and specifying the use of that protocol with HTTPS. The second is Security Events (SECEVENT) Working Group working on an Event Token specification that includes a JWT extension for expressing security events and a syntax for communicating the event-specific data. Both of these have a strong relationship to the OAuth work.

General Security

The Network Time Protocol (NTP) Working Group addresses protocols for the accurate synchronization of clocks on a network. This may seem like a bit of a stretch for a blog post on identity, privacy, and encryption. However, accurate and secure time synchronization turns out to be vitally important for the proper operation of security protocols. The NTP WG has been working on Network Time Security (NTS) which is a significant update for NTP server authentication. This week the NTP NTS effort will focus on getting some implementation work done in the Hackathon in advance of the NTP meeting on Thursday. For the security crowd, no IETF week is complete without the Security Area Advisory Group (SAAG) meeting. This meeting features a quick run through all the working groups doing security-related work in the IETF across all areas, a set of short talks, and an open session to bring issues and topics forward from the community. The agenda isn’t available yet, but it generally is an excellent session on security in general. The experiment from IETF 100 on a session to quickly review and decide what to do with specific new work proposals that are being brought forward has resulted in a new working group specifically for this purpose, Security Dispatch (secdispatch). The new working group will meet for the first time this week, and it will address a method for web security policies, considerations For Using Short Term Certificates, use of the Hash-based Merkle Tree Signature (MTS) Algorithm in the Cryptographic Message Syntax (CMS), and pretty Easy privacy. Also, don’t forget the IETF Hackathon is held this weekend, before the IETF. This IETF Hackathon has several projects of interest including work on Messaging Layer Security, TLS 1.3 testing and interoperability, EAP TLS with large certificates and long certificate chains, distributed denial of service threat signaling, and Network time security. All the potential projects of this rendition of the IETF Hackathon as listed on the IETF 101 Hackathon wiki site. Finally, just a quick note to point out that DNS Privacy (DNSPRIV) and the Decentralized IoT Security and Standards (DISS) workshops were successfully held in conjunction with NDSS 2018. The agendas and some materials are online now, and the proceedings will be published in the coming months. Join us for another full week for identity, and privacy, and encryption related topics here at IETF 101!

Relevant Working Groups at IETF 100:

ace (Authentication and Authorization for Constrained Environments) WG Monday, 19 March, 09:30-12:00, Balmoral Agenda: https://datatracker.ietf.org/doc/agenda-101-ace/ Charter: https://datatracker.ietf.org/wg/ace/about/ acme (Automated Certificate Management Environment) WG Wednesday, 21 March, 15:20-16:50, Buckingham Agenda: https://datatracker.ietf.org/doc/agenda-101-acme/ Charter: https://datatracker.ietf.org/wg/acme/about/ cfrg - Crypto Forum Research Group Monday, 19 March, 15:50-17:20, Balmoral Agenda: https://datatracker.ietf.org/meeting/101/agenda/cfrg/ Charter: https://irtf.org/cfrg ntp (Network Time Protocol )WG Thursday, 22 March, 15:50-17:50, Palace C Agenda: https://datatracker.ietf.org/doc/agenda-101-ntp/ Charter: https://datatracker.ietf.org/wg/ntp/about/ oauth (Web Authorization Protocol) WG Monday, 19 March, 15:50-17:20, Viscount Agenda: https://datatracker.ietf.org/doc/agenda-101-oauth/ Charter: https://datatracker.ietf.org/wg/oauth/about/ quic (QUIC) Thursday, 22 March, 09:30-12:00, Sandringham Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-quic.html Charter: https://datatracker.ietf.org/group/quic/about/ saag (Security Area open meeting) Thursday, 22 March, 13:30-15:30, Sandringham Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-saag/ (coming soon) secdispatch (Security Dispatch) Tuesday, 20 March, 09:30-12:00, Blenheim Agenda: https://datatracker.ietf.org/doc/agenda-101-secdispatch/ Charter: https://datatracker.ietf.org/wg/secdispatch/about/ secevent (Security Events) WG Friday, 23 March, 09:30-11:30, Park Suite Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-secevent/ Charter: https://datatracker.ietf.org/wg/secevent/about/ tls – Transport Layer Security Monday, 19 March, 17:40-18:40, Balmoral Agenda: https://datatracker.ietf.org/doc/agenda-101-tls-sessa/, https://datatracker.ietf.org/doc/agenda-101-tls-sessb/ Charter: https://datatracker.ietf.org/wg/tls/about/ tokbind (Token Binding) WG Wednesday, 21 March, 15:20-16:50, Viscount Agenda:  https://datatracker.ietf.org/meeting/101/materials/agenda-101-tokbind/ Charter: https://datatracker.ietf.org/wg/tokbind/about/ uta - Using TLS in Applications Thursday, 22 March, 18:10-19:10, Blenheim Agenda: https://datatracker.ietf.org/meeting/101/materials/agenda-101-uta/ Charter: https://datatracker.ietf.org/wg/uta/about/

Follow Us

It will be a busy week in London, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 101 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF101 to keep up with the latest news.]]> 2693 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-101-dnssec-dane-dns-security-and-privacy/ Fri, 16 Mar 2018 23:03:47 +0000 https://www.ietfjournal.org/?p=2698 Rough Guide to IETF 101, here's a quick view on what's happening in the world of DNS. (See the full agenda online for everything else.)

IETF 101 Hackathon

As usual, there will be a good-sized “DNS team” at the IETF 101 Hackathon starting tomorrow. The IETF 101 Hackathon wiki outlines the work (scroll down to see it). Major security/privacy projects include:

• Implementing some of the initial ideas for DNS privacy communication between DNS resolvers and authoritative servers.
• Implementation and testing of the drafts related to DNS-over-HTTPS (from the new DOH working group).
• Work on DANE authentication within systems using the DNS Privacy (DPRIVE) mechanisms.

Anyone is welcome to join us for part or all of that event.

Thursday Sponsor Lunch about DNSSEC Root Key Rollover

On Thursday, March 22, at 12:30 UTC, ICANN CTO David Conrad will speak on "Rolling the DNS Root Key Based on Input from Many ICANN Communities". As the abstract notes, he'll be talking about how ICANN got to where it is today with the Root KSK Rollover - and about the open comment period on the plan to roll the KSK in October 2018. David's session will be streamed live for anyone wishing to view remotely.

DNS Operations (DNSOP)

The DNS sessions at IETF 101 really begin on Tuesday, March 20, with the DNS Operations (DNSOP) Working Group from 15:50 - 18:20 UTC. Several of the drafts under discussion will relate to the Root KSK Rollover and how to better automate and monitor key rollovers. DNSOP also meets on Thursday, March 22, from 18:10-19:10, where one draft of great interest will be draft-huque-dnsop-multi-provider-dnssec. This document explores how to deploy DNSSEC in environments where multiple DNS providers are in use. As per usual, given the critical role DNS plays, the DNSOP agenda has many other drafts up for discussion and action.

DNS PRIVate Exchange (DPRIVE)

The DPRIVE working group meets Wednesday afternoon from 13:30-15:00 UTC. As shown on the agenda, there will be two major blocks of discussion. First, Sara Dickinson will offer recommendations for best current practices for people operating DNS privacy servers. This builds off of the excellent work she and others have been doing within the DNS Privacy Project. The second major discussion area will involve Stephane Bortzmeyer discussing how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain. When the DPRIVE working group was first chartered, the discussion was whether to focus on the privacy/confidentiality between a stub resolver and the local recursive resolver; or between the recursive resolver and authoritative server; or both. The discussion was to focus on the stub-to-recursive-resolver connection - and that is now basically done from a standards perspective. So Stephane is looking to move the group on into the next phase of privacy. As a result, the session will also include a discussion around re-chartering the DPRIVE Working Group to work on this next stage of work.

Extensions for Scalable DNS Service Discovery (DNSSD)

On a similar privacy theme, the DNSSD Working Group will meet Thursday morning from 9:30-12:00 UTC and include a significant block of time discussing privacy and confidentiality. DNSSD focuses on how to make device discovery easier across multiple networks. For instance, helping you find available printers on not just your own network, but also on other networks to which your network is connected. However in doing so the current mechanisms expose a great deal of information. draft-ietf-dnssd-privacy-03 and several related drafts explore how to add privacy protection to this mechanism. The DNSSD agenda shows more information.

DNS-Over-HTTPS (DOH)

IETF 101 will also feature the second meeting of one of the working groups with the most fun names - DNS Over HTTPS or... "DOH!" This group is working on standardizing how to use DNS within the context of HTTPS. It meets on Thursday from 13:30-15:30. As the agenda indicates, the focus is on some of the practical implementation experience and the work on the group's single Internet-draft: draft-ietf-doh-dns-over-https. DOH is an interesting working group in that it was formed for the express purpose of creating a single RFC. With that draft moving to completion, this might be the final meeting of DOH - unless it is rechartered to do some additional work.

DNSSEC Coordination informal breakfast meeting

Finally, on Friday morning before the sessions start we are planning an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. True to the “informal” nature, we’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

DANE and DNSSEC will also appear in the TLS Working Group's Wednesday meeting. The draft-ietf-tls-dnssec-chain-extension will be presented as a potential way to make DANE work faster by allowing both DANE and DNSSEC records to be transmitted in a single exchange, thus reducing the time involved with DANE transactions. Given the key role DNS plays in the Internet in general, you can also expect DNS to appear in other groups throughout the week. P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

• http://www.internetsociety.org/deploy360/dnssec/
• http://www.internetsociety.org/deploy360/resources/dane/

Relevant Working Groups at IETF 101:

DNSOP (DNS Operations) WG Tuesday, 20 March 2018, 15:50-18:30 UTC, Sandringham Thursday, 22 March 2018, 18:10-19:10 UTC, Sandringham Agenda: https://datatracker.ietf.org/meeting/101/agenda/dnsop/ Documents: https://datatracker.ietf.org/wg/dnsop/ Charter: http://tools.ietf.org/wg/dnsop/charters/ DPRIVE (DNS PRIVate Exchange) WG Wednesday, 21 March 2018, 13:30-15:00 UTC, Balmoral Agenda: https://datatracker.ietf.org/meeting/101/agenda/dprive/ Documents: https://datatracker.ietf.org/wg/dprive/ Charter: http://tools.ietf.org/wg/dprive/charters/ DNSSD (Extensions for Scalable DNS Service Discovery) WG Thursday, 22 March 2018, 9:30-12:00 UTC, Buckingham Agenda: https://datatracker.ietf.org/meeting/101/agenda/dnssd/ Documents: https://datatracker.ietf.org/wg/dnssd/ Charter: http://tools.ietf.org/wg/dnssd/charters/ DOH (DNS over HTTPS) WG Thursday, 22 March 2018, 13:30-15:30 UTC, Blenheim Agenda: https://datatracker.ietf.org/meeting/101/agenda/doh/ Documents: https://datatracker.ietf.org/wg/doh/ Charter: http://tools.ietf.org/wg/doh/charters/

Follow Us

It will be a busy week in London, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 101 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF101 to keep up with the latest news.]]> 2698 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/an-overview-of-bit-index-explicit-replication-bier/ Wed, 21 Mar 2018 13:38:59 +0000 https://www.ietfjournal.org/?p=2668 Introduction IP Multicast (IPMC) efficiently forwards one-to-many traffic and is leveraged for services like IPTV or multicast VPN (mVPN) [1]. In this article we explain the basic concept of traditional IPMC, describe its shortcomings, and present Bit Index Explicit Replication (BIER) as a solution. An IPMC group may correspond to one specific IPTV channel. Packets destined to an IPMC group address are forwarded to all its members. Receivers leverage IGMP/MLD (Internet Group Management Protocol, RFC 3376/Multicast Listener Discovery, RFC 3810) to join an IPMC group. Within an IPMC domain, typical IPMC protocols use in-network traffic replication to ensure that at most a single copy of a packet traverses each link to reach multiple receivers. To that end, they establish per IPMC group one IPMC tree, possibly for each source, along which the traffic of that group is forwarded. The concept is shown in Figure 1. Examples for such protocols are PIM (Protocol Independent Multicast, RFC 7761), mLDP (Multicast Label Distribution Protocol), or RSVP-TE/P2MP (Resource Reservation Protocol – Traffic Engineering, RFC 3209, Point-to-Multipoint RFC 4875). The IPMC trees requires forwarding information in intermediate hops that we denote as 'state' in the following. [caption id="attachment_2675" align="aligncenter" width="640"] Figure 1: Two multicast trees.[/caption] Certain IPMC solutions for special use cases with static distribution trees – especially implementations of PIM – have proven to be useful and manageable. Nevertheless, traditional IPMC solutions suffer from limited scalability [1] [2]. Technologies to address these issues have been proposed but they cause further complexity and create new disadvantages. BIER has been proposed by the IETF and is described in RFC 8279 [3]. The basic idea is to remove the IPMC-group-dependent state and the need for explicit-tree building from devices in the middle of the network to improve the scalability of the IPMC domain. This is achieved by adding a BIER header to IPMC packets. Within such a BIER domain, the packets are forwarded only according to this header.

Shortcomings of Traditional Multicast

Traditional IPMC solutions like PIM, mLDP, or RSVP-TE/P2MP rely on per-group IPMC tree state. This tree state limits scalability in three ways.

P0. Devices have to store state per IPMC group.

P1. The IPMC protocol has to actively create, change, and tear-down the IPMC trees whenever IPMC groups start, change, or stop.

P2. In case of a topology change, the forwarding structure may need to change. Thus, the states of all IPMC groups possibly require adaptation. The time needed for that process scales with the number of IPMC groups.

Several additional technologies have been introduced to address these issues but they come with new disadvantages. Ingress replication is a tunnel-based approach that avoids additional state by utilizing unicast tunnels for building an IPMC tree at the expense of reduced forwarding efficiency. PMSI (Provider Multicast Service Interfaces, RFC 6513) leverages aggregated trees to carry the traffic of multiple IPMC applications, which causes significant signaling overhead. RSVP-TE/P2MP is a heavyweight approach to reduce convergence time issues for IPMC with pre-established backup tunnels. All those approaches have to be managed by operators making traditional IPMC more complex, expensive, less reliable, and overall challenging to deploy.

Bit Index Explicit Replication (BIER)

BIER proposes a replicating fabric technology which allows an operator to forward IPMC traffic efficiently without the need for explicit IPMC tree state in intermediate devices. In this section, we describe the concept of BIER, explain BIER’s forwarding procedure in detail, and outline how it addresses the previously mentioned shortcomings of traditional IPMC. [caption id="attachment_2674" align="aligncenter" width="640"] Figure 2: Packets enter the BIER domain via Bit-Forwarding Ingress Routers (BFIRs). They construct and push a BIER header onto the packet which holds information for BIER's forwarding procedure. At the Bit-Forwarding Egress Routers (BFERs), the BIER header is removed.[/caption]

BIER Concept

The concept of BIER is illustrated in Figure 2. Traffic enters a BIER domain through a Bit-Forwarding Ingress Router (BFIR) and is replicated efficiently to potentially many Bit-Forwarding Egress Routers (BFERs). The BFIR adds a BIER header to the packets. This header contains information about the set of BFERs to which a copy of the packet is to be delivered. The BFERs remove the BIER header from the packets before they leave the BIER domain. The BIER header is leveraged by all Bit-Forwarding Routers (BFRs) within the BIER domain to efficiently forward the traffic along a tree structure or even any acyclic graph that is determined from the underlay information, normally carried by the IGP (Interior Gateway Protocol). More specifically, the BIER header contains a bit string where each bit corresponds to a specific BFER. The BFIR sets that bit if the corresponding BFER should receive the packet. A BFR relays and replicates BIER traffic based on that header information and its so-called Bit Index Forwarding Table (BIFT). The BIFT holds the next-hop information for every possible destination (BFER). Therefore, the size of the BIFT is independent of the number of IPMC groups. Real deployments may group the forwarding information for destinations that are reached via the same next-hop. This reduces the number of forwarding entries even further so that it scales with the number of a BFR’s next-hops. The forwarding procedure ensures that a next-hop receives only a single copy of a packet even though the packet’s BIER header indicates multiple destinations with that next-hop. To forward BIER traffic consistently, the BIFTs are commonly configured with shortest path entries towards the BFERs. BIER acquires this information from the IGP topology database of the underlying routing protocol, e.g. ISIS (Intermediate System to Intermediate System) or OSPF (Open Shortest Path First).

BIER Forwarding

In the following, we explain how traffic is forwarded with BIER along a shortest-path tree and illustrate it with an example. Figure 3 shows a network topology together with the shortest-path tree from Node 1 towards all destinations. [caption id="attachment_2676" align="aligncenter" width="300"] Figure 3: Example topology with the shortest-path forwarding tree for Node 1.[/caption] The BFERs are numbered and assigned to the bit positions in the bitstring of a BIER header. Thereby, counting starts with the least-significant bit of the bitstring. That means, the bitstring ‘000001’ corresponds to Node 1 and ‘100000’ corresponds to Node 6. The BFR needs to ensure that all destinations receive a copy of the packet. To that end, the BFR forwards a copy to each next-hop that is on the path to at least one destination indicated in the BIER header. In our example, we assume that Node 1 receives a packet with a bitstring ‘100100’ in the BIER header, i.e., the bits for Node 3 and Node 6 are activated. Therefore, Node 1 sends a copy of the packet to Node 3 and Node 2. To prevent duplicates, a BFR clears all bits in the bitstring of a packet’s BIER header that are not reached via the next-hop the packet is forwarded to. This ensures that there is only a single packet on the way towards each desired destination in spite of packet replication. In our example, Node 1 unsets the bit for Node 6 when forwarding the packet to Node 3 (‘000100’) and it unsets the bit for Node3 when forwarding the packet to Node 2 (‘100000’). We explain how a BFR achieves the explained forwarding behavior in an efficient way using the bitstring of a packet’s BIER header and its BIFT. The BIFT contains for every destination a so-called Forwarding Bit Mask (F-BM) and a next-hop. The F-BM is a bitmask whose bit positions correspond to the same BFERs as the bit positions in the bitstring of a BIER header. Activated bits in the F-BM indicate the BFERs that are reached via the specific next-hop. Therefore, all destinations reached via the same next-hop share the same F-BM. As an example, the BIFT of Node 1 is given in Table 1. For destination Node 3, the next-hop is Node 3 and the corresponding F-BM indicates that only Node 3 is reached via Node 3. For the destinations Node 2, Node 4, Node 5, and Node 6, the next-hop is Node 2 and the F-BM indicates that all these nodes share the next-hop Node 2. [caption id="attachment_2722" align="aligncenter" width="418"] Table 1: BIFT of Node 1[/caption] To efficiently process a packet, the BFR creates an internal copy of the bitstring and performs the following algorithm until all bits of the internal copy of the bitstring are zero. The BFR finds a destination indicated in the bitstring of the internal copy of the bitstring. It looks up the F-BM for that destination in the BIFT and constructs a new BIER header using the bitstring of the packet ANDed with the F-BM. Then it sends a copy of the packet with the modified bitstring to the next-hop also indicated in the BIFT. Afterwards, the internal copy of the bitstring is modified by bitwise ANDing it with the complement of the F-BM. This action removes all destinations from the packet header that have been served by the last transmission of the packet.

BIER – A Scalable Multicast Approach

BIER overcomes the previously outlined problems of IPMC. It solves the problem of IPMC-group-dependent state within forwarding devices (P0) by moving this state to the BIER header. In case of changing IPMC-groups (P1), only BFIRs require an update as they construct the BIER header that indicates the destinations of the packet. At last, the BIFT of every BFR holds forwarding entries for all BFERs in the network in a compact form. In case of a topology change (P2), only that information has to be updated instead of the tree state of potentially many IPMC groups, which takes a long time. As a result, the reconvergence time of BIER can be compared to IP unicast rather than to one of the traditional IPMC protocols. By transferring the state from the forwarding devices to the header, the size of the header becomes a scalability issue as one bit is required for every BFER. With current router technology, 256 bits will be the most commonly used bitstring length because this is equivalent to the two IPv6 addresses in every IPv6 header. Longer bitstrings may be supported by future hardware. If there are more than 256 BFERs within the network, BIER supports the possibility of separating BFERs into subsets. The BIER header contains a field that identifies the subset that is addressed by a BIER packet. Thus, if an IPMC packet targets BFERs from different subsets, for each of these subsets, one copy of a packet has to be forwarded.

Use Cases

At the beginning of the BIER standardization journey, ten use cases were envisioned as technology drivers [1]. In this section we briefly describe the most prominent use cases, namely various multicast Layer 2/3 VPNs (L2/3VPNs), IPTV media streaming, data center virtualization services, and financial services. We outline problems that occur when these use cases are supported with traditional IPMC approaches and point out how BIER may be used to solve these problems.

Multicast VPN Services

Multicast within VPNs is used for news ticker, broadcast-TV applications or in general, content delivery networks (CDNs). For signaling in traditional multicast VPN (mVPN) services, PIM, mLDP, RSVP-TE/P2MP, or ingress replication is used. Each implementation offers a trade-off between state and flooding. The Multidirectional Inclusive PMSI (MI-PMSI) relies on flooding frames to all provider edge (PE) routers of the VPN, regardless of whether an IPMC receiver joined behind the PE routers. This results in a rather steady IPMC tree at the expense of flooding. In Selective PMSI (S-PMSI) only PE routers with joined receivers are part of the IPMC tree. S-PMSI reduces flooding with a more dynamic tree, requiring more state on the provider’s core routers (P routers). Ingress replication causes the ingress PE router to send multiple copies of the same frame and forward it via unicast tunnels to the destinations. This poses a high replication burden on ingress routers and high bandwidth burden on paths. Requiring IPMC-group-dependent state is a typical problem network operators are faced with (P0). With the introduction of BIER, this problem no longer exists.

IPTV Media Streaming

IPMC is leveraged for IPTV, or Internet video distribution in CDNs. Typical implementations like PIM, mLDP, or RSVP-TE/P2MP generate IPMC-group-dependent state as described in the previous use case. Additionally, such media streaming services may experience extensive subscription changes as every time a user switches a channel, the IPMC groups may have to be adapted. This may cause a high update frequency of IPMC state. BIER solves the problem of requiring IPMC-group-dependent state (P0). In particular changes of subscriptions can be managed by reconfiguring BFIRs instead of potentially many devices (P1) so that core routers are not affected.

Data Center Virtualization Services

Virtual eXtensible LAN (VXLAN, RFC 7348) interconnects L2 networks over an L3 infrastructure. It encapsulates L2 frames in UDP and adds a 24-bit ID so that 16 million virtual network instances (VNIs) can be differentiated. Each VNI is an isolated virtual network similar to a VLAN. That technology is used to isolate VLANs of multiple tenants in modern multi-tenant datacenters. Typically, a tenant interconnects its virtual machines (VMs) over an L3 infrastructure using one or multiple VNIs to logically separate its own traffic and to isolate it from other tenants’ traffic. If a VM is moved from one physical machine to another or even to another datacenter, there is no need to change its IP address as long as the VM remains in the same VNI. IPMC can be leveraged to distribute broadcast, unknown, and multicast (BUM) traffic over the L3 infrastructure within a single VNI. One or even multiple IPMC groups are needed per tenant and, therefore, the number of IPMC groups may be very large. Thus, this use case faces again the IPMC state problem (P0), causing significant challenges for datacenter switches, data and forwarding planes, as well as for network operation and management. That problem may be solved by leveraging BIER instead of traditional IPMC protocols in the L3 underlay network.

Financial Services

IPMC is used to deliver real-time stock market data to subscribers. Such highly time-dependent data requires fast recalculation of paths in case of a topology change to satisfy latency requirements. For traditional IPMC, a topology change requires a significant amount of time since potentially many IPMC trees have to be recomputed to restore connectivity and establish new shortest paths. As BIER relies only on one IPMC-group-independent forwarding structure, its recomputation is significantly faster (P2).

Recent Working Group Achievements

The BIER working group developed BIER and provided several extensions, increasing its applicability and facilitating its deployment. We recap the results of the BIER working group below. RFC 8279 [3] specifies the BIER architecture. Among others, it contains information about the BIER domain and its components, how the forwarding procedure works, and briefly explains the advantages of BIER compared to traditional IPMC solutions. RFC 8296 [4] defines the implementation of BIER encapsulation in MPLS and non-MPLS networks. Signaling via PIM through the BIER domain, e.g. for subscriptions of receivers at a sender, is described in [9]. For operation in a real network, BIER devices need to share BIER-related information with each other. For example BFRs have to advertise their IDs, or bitstring lengths. BIER leverages link state routing protocols to perform this distribution. [5], [6] and [7] contain OSPF, ISIS and BGP extensions for this purpose. The latter is supported by a document for a BGP link state extension for BIER [8].

Outlook

With the standardization of BIER, a new charter for the BIER working group [10] has been proposed. The main goal is to generate new experimental RFCs and to move existing experimental RFCs to the Standards Track. The BIER working group has to define a transition mechanism for BIER. It should describe how BIER could be introduced in existing IPMC networks. This will facilitate the deployment of BIER. The charter proposes documenting the applicability of BIER and its use cases. A draft for the application of BIER to multicast L3VPN and EVPN is required. Mechanisms for the signaling between ingress and egress routers and improving scalability are also mentioned. Furthermore, a document that clearly discusses the benefits of BIER for specific use cases is desired. Operation, administration, and management of the BIER domain have to be described. The simplification of IPMC traffic management with BIER is a particular focus and for this purpose management APIs are required. The BIER working group will continue the work on BIER-TE, an extension to BIER to support traffic engineering (TE). In software-defined networks (SDN), BIER may profit from a controller-based architecture. A controller may calculate the entries of the BIFTs and configure them in the BFRs. It may also instruct the BIFRs with appropriate BIER headers for encapsulation of traffic from specific IPMC groups.

Summary

BIER is a new, innovative mechanism for efficient forwarding and replication of IPMC traffic. It addresses scalability, operational, and performance issues of traditional IPMC solutions. While the latter require per-IPMC-group state and explicit-tree building in the forwarding devices, BIER encodes the destinations of an IPMC group within the packet’s BIER header. The header is created by Bit-Forwarding Ingress Routers (BFIRs) when an IPMC packet enters the BIER domain. BIER scales very well as no IPMC-group-dependent information is required by forwarding nodes in the network core. The collaboration in the BIER working group excels through participation of a large group of different vendors, operators, and researchers. Many companies have invested efforts in the standardization of BIER, which underlines its importance for future IPMC solutions. The spirit of the BIER working group is special even within the IETF. New ideas and use cases are always appreciated and discussed, and the community welcomes new members. [1] Nagendra Kumar, Rajiv Asati, Mach Chen, Xiaohu Xu, Andrew Dolganow, Tony Przygienda, Arkadiy Gulko, Dom Robinson, Vishal Arya, and Caitlin Bestler. BIER Use Cases, January 2018. [2] G. Shepherd, A. Dolganow, and A. Gulko. Bit Indexed Explicit Replication (BIER) Problem Statement. http://tools.ietf.org/html/draft-ietf-bier-problem-statement, April 2016. [3] IJsbrand Wijnands, Eric C. Rosen, Andrew Dolganow, Tony Przygienda, and Sam Aldrin. Multicast Using Bit Index Explicit Replication (BIER). RFC 8279, November 2017. [4] IJsbrand Wijnands, Eric C. Rosen, Andrew Dolganow, Jeff Tantsura, Sam Aldrin, and Israel Meilik. Encapsulation for Bit Index Explicit Replication (BIER) in MPLS and Non-MPLS Networks. RFC 8296, January 2018. [5] P. Psenak, N. Kumar, I. Wijnands, A. Dolganow, T. Przygienda, J. Zhang, and S. Aldrin. OSPF Extensions For BIER. https://datatracker.ietf.org/doc/draft-ietf-bier-ospf-bier-extensions/, October 2015. [6] L. Ginsberg, A. Przygienda, S. Aldrin, and J. Zhang. BIER support via ISIS. https://datatracker.ietf.org/doc/draft-ietf-bier-isis-extensions/, October 2015. [7] Xiaohu Xu, Mach Chen, Keyur Patel, IJsbrand Wijnands, and Tony Przygienda. BGP Extensions for BIER. Technical report, January 2018. [8] Ran Chen, Zheng Zhang, Vengada Prasad Govindan, and IJsbrand Wijnands. BGP Link-State extensions for BIER. Technical report, February 2018. [9] Hooman Bidgoli, Andrew Dolganow, Jayant Kotalwar, Fengman Xu, IJsbrand Wijnands, and mankamana prasad mishra. PIM Signaling Through BIER Core. Technical report, February 2018. [10] Alia Atlas, Tony Przygienda, and Greg Shepherd. Charter for the BIER WG. https://datatracker.ietf.org/doc/charter-ietf-bier/, February 2018.]]> 2668 0 0 0 8221 0 0 8222 8221 0 8245 8221 0 8247 8245 0 8248 8245 0 8259 0 0 8260 0 0 8523 8260 0 8525 8260 0 8602 8525 0 8609 8602 0 8610 8609 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/network-self-determination-when-building-the-internet-becomes-a-right/ Wed, 28 Mar 2018 09:10:56 +0000 https://www.ietfjournal.org/?p=2708 [1] This article briefly explores how groups of unconnected and scarcely connected individuals can regain control over their digital futures, building their own community networks and enjoying what I define as “network self-determination.”[2] I argue that network self-determination leads to several positive externalities for the affected communities while preserving the Internet as a distributed, interoperable and generative network of networks. In this perspective, concrete examples of communities enjoying network self-determination seem to prove that “the design and development of the Internet infrastructure have a growing impact on society”[3] and foster a digital environment that enables human rights.

Mainstream networks are not so mainstream

In almost every country in the world, Internet connectivity predominantly relies on the existence of network infrastructure built and managed by for-profit operators. Such infrastructure is primarily composed of “mainstream networks,” which are those networks that RFC 7962[4] characterises as controlled in a top-down fashion by the operators; spanning large areas; requiring a substantial investment to be built and maintained; and not foreseeing the possibility for users to participate in the network’s governance. Not surprisingly, mainstream networks are mainly deployed and operationalized in densely populated areas, where return on investments can be quite fast and straightforward, due to the high demand for connectivity by thousands – or millions – of city dwellers. The situation, however, is not the same in rural areas or in the peripheries of major metropolises, where the scarce density and lower standards of living cannot guarantee immediate and sufficient return on investment for operators. In rural and peripheral areas, which are home to the 48% of the world population that is currently unconnected,[5] the sole reliance on mainstream networks does not prove to be an effective strategy to expand connectivity. Indeed, the lack of return on investment discourages development of infrastructure, leading to lack of coverage or to such high prices and low quality of service that potential or existing users might be discouraged from subscribing to available Internet access offerings. In this context, several studies have pointed out that limited coverage and lack of competition can make Internet access offerings so prohibitively expensive that locals need to sacrifice food to afford communications.[6] Most importantly, individuals living in unconnected or scarcely connected areas may rightfully fail to see the appeal of Internet access because any services or content that would improve their welfare – such as local government services, information and educational material in local languages and platforms making available local products and services – are not available online.

Do-It-Yourself Internet

Despite the above scenario, many individuals living in unconnected or scarcely connected communities have realized that Internet connectivity is a vector for the economic, social and cultural development to which they have a fundamental right.[7] For this reason, they have taken action to stop being digitally marginalized, due to market failures and inefficient public policies, and start building their own community networks, to become the protagonists of their digital futures. Concretely, such reasoning has become possible thanks to the steady reduction in infrastructure costs – particularly, regarding bandwidth and network equipment – that, over the past decade, has facilitated the deployment of community networks with reasonably low investments. Community networks are crowdsourced initiatives. Described by RFC 7962 as “alternative networks,” they are “networks that do not share the characteristics of mainstream network deployments.” On the contrary, community networks are better characterized by the fact that they are developed in a bottom-up fashion, in order to be utilized and managed by the local community as a commons. As stressed by the Declaration on Community Connectivity[8] these networks are “structured to be open, free, and to respect network neutrality. Such networks rely on the active participation of local communities in the design, development, deployment, and management of shared infrastructure as a common resource, owned by the community, and operated in a democratic fashion.” Besides representing a viable solution to the limits of mainstream networks, community networks also ensure that Internet traffic is managed with no commercially motivated discrimination, thus respecting net neutrality[9] by default. Indeed, all network users are partners in the provision of connectivity and in the development of services for the local community, thus making it much less likely that the provider – which is the community itself – will discriminate against content, applications or services based on commercial considerations. These initiatives demonstrate that connectivity, openness, free choice and full enjoyment of fundamental rights are not amenities reserved to opulent city-dwellers but basic needs to which everyone is entitled and that everyone can and must enjoy. Moreover, they prove that “connectivity increases the capacity for individuals to exercise their rights.”[10]

When the last mile becomes the first mile

Community networking shows that in many circumstances the unconnected can connect themselves as long as they have information on how to build[11] their network infrastructure and the freedom to choose this option. It is precisely in these circumstances that a wide range of community networks have emerged in countries as diverse as the UK, Argentina, Brazil and Spain. Broadband for the Rural North or B4RN (pronounced “barn”) was initiated in 2011 by a group of farmers and a hairdresser in Lancashire, U.K., who decided to overcome the lack of connectivity by starting to self-install fibre. Today the B4RN network connects 3270 properties where thousands of individuals enjoy speeds as high as 1 gigabit per second. The non-governmental organisation (NGO) AlterMundi[12] is behind QuintanaLibre, a community network in the Argentinian province of Córdoba. It prides itself on having successfully developed a “geek-free” model to overcome the main challenges posed by rural environments, the scarcity of engineers and reduced incomes, by developing an easy to implement and cost-efficient network technology. Importantly, the connectivity brought by QuintanaLibre has stimulated the development of several applications by the locals for the locals, including an information portal, a chat service, a Voice-over-IP (VoIP) server, community radio streaming, a file sharing system and gaming applications. The AlterMundi-affiliated networks also provide Internet access to three schools, giving students the opportunity to access online resources. Similarly, the Brazilian NGO Coolab[13] provides connectivity and training to dozens of children through the Casa dos Meninos project while connecting an entire village via the Fumaça community network in Rio de Janeiro state. The most successful example is Guifi.net that, besides being the biggest community network in the world with over 85,000 users, is particularly outstanding for its common-pool-resource philosophy that favours the establishment of “a disruptive economic model based on the commons model and the collaborative economy,”[14] encouraging small, local entrants to develop new applications and to extend the network themselves.[15] Indeed, Guifi.net members have generated a variety of services[16], amongst which are VoIP servers, chat servers, videoconference and mail servers, and broadcast radio. Importantly, besides expanding the Internet and promoting innovation in a decentralized fashion, community networks like Guifi.net have created dozens of new jobs related to network maintenance and entirely new digital ecosystems. Indeed community networking generally features capacity building programs for locals to acquire the skills they need to be developers, creators and online entrepreneurs. In this light, community networks built by the people for the people [17] should not be considered as the last mile of the Internet but rather as the first mile, for they have a vital role in maximising the generative nature of the Internet, decentralising innovation at the edges and empowering the unconnected.

Network self-determination

These examples of community networks show that these initiatives nurture the development of community-tailored services, stimulating new opportunities for learning, trading and employment for local people. These initiatives provide a sound evidence base on which a right to network self-determination can be constructed. I propose the concept of network self-determination as the right to freely associate to define, in a democratic fashion, the design, development and management of network infrastructure as a common good, in order to freely seek, impart and receive information and innovation.[18] While community networking proves that network self-determination already exists de facto even without being explicitly consecrated de jure, it is important to stress that this concept is also solidly grounded in international human rights law. The first article of both the charter of the United Nations and the two International Covenants of Human Rights decisively affirm that, by virtue of the fundamental right to self-determination, all peoples are free to pursue their economic, social and cultural development as well as self-organisation. According to both Articles 1(3) of both Covenants, all states have an obligation “to promote the realisation of the right to self-determination,” which is considered the collective right of a given community to determine its own destiny. Community networks foster network self-determination, for they allow individuals to decide independently how to pursue their economic, social and cultural development, choosing which kind of technology, applications and content are best suited to meet the needs of the local community and using and developing them at the local level, in a quintessentially distributed fashion. The goal of community networking is indeed to empower individuals who will become new, active participants in the Internet, thus enjoying the benefits of connectivity while contributing to the evolution the network of networks as “a large, varied and evolving space of technology.”[19] Crucially, network self-determination empowers individuals rather than creating additional burdens on them. This means that every individual must be free to create new Internet infrastructure, as well as new applications and new content, but it does not mean that governments should be relieved from their universal service obligations nor that operators willing to provide access service should be impeded from doing so. Indeed, we must consider network self-determination as a right rather than an obligation.

Rights, as technologies, are the product of history

The enjoyment of network self-determination through the development of community networks can prompt several positive externalities, thus fostering a decentralised Internet and allowing previously unconnected or scarcely connected individuals to access knowledge and education, create new applications and find occupations, having access to the entire spectrum of opportunities to which any individual should be entitled. Enthusiasm and optimism regarding community networking should be tempered with a good dose of pragmatism, though. Indeed, alternative networks should be seen as a valuable complement to existing approaches rather than a silver bullet that can solve all connectivity problems. Community networks require sound planning and good governance to be successful and face many technical and policy obstacles over their path. In this perspective, open Internet standards are vital to allow the establishment, interoperability and, potentially, the federation of community networks. There is no doubt that network self-determination reinforces the distributed nature of the Internet and there is no reason why individuals should not have the possibility to build the Internet themselves, improving their standards of living while bridging digital divides. Communities around the globe are discovering they have the potential to create alternative networks and many of them are already doing so. As the Italian philosopher Norberto Bobbio famously argued, human rights are the product of historical evolutions.[20] In this spirit, everyone should be free to enjoy network self-determination, associating and building new pieces of the Internet. Acknowledgement: the author would like to thank Niels Ten Over and Mallory Knodel for their very useful comments on an early draft. [1] See e.g. http://www.worldbank.org/en/publication/wdr2016 [2] See Belli L. (2017). Network Self-Determination and the Positive Externalities of Community Networks. http://bibliotecadigital.fgv.br/dspace/handle/10438/19924 [3] See RFC 8280 https://trac.tools.ietf.org/html/rfc8280#page-40 [4] See RFC 7962 https://www.rfc-editor.org/rfc/rfc7962.txt [5] See e.g. https://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2017.pdf [6] See e.g. Rey-Moreno, C., Blignaut, R., May, J., & Tucker, W. D. (2016). An in-depth study of the ICT ecosystem in a South African rural community: unveiling expenditure and communication patterns.  Information Technology for Development http://doi.org/10.1080/02681102.2016.1155145 [7] See art. 1 Universal Declaration of Human Rights, art 1.3 of both the International Covenant on Civil and Political Rights and art 1.3 of the International Covenant on Economic, Social and Cultural Rights. [8] See Declaration on Community Connectivity http://communityconnectivity.xyz/ [9] See http://www.networkneutrality.info/ [10] See RFC 8280 https://trac.tools.ietf.org/html/rfc8280#page-40 [11] See https://commotionwireless.net/docs/cck/ [12] See http://altermundi.net/ [13] See http://www.coolab.org/quem-somos/ [14] See https://guifi.net/en/what_is_guifinet [15] See Baig, R., Roca, R., Freitag, F., Navarro L. (2015). Guifi.net, a Crowdsourced Network Infrastructure Held in Common. In Computer Networks. N° 90. http://dx.doi.org/10.1016/j.comnet.2015.07.009 [16] A complete list of services developed by the Guifi.net community can be found at https://guifi.net/en/node/3671/view/services [17] See Belli L. (Ed.) (2017). Community networks: the Internet by the people, for the people. Official Outcome of the UN IGF Dynamic Coalition on Community Connectivity. FGV Direito Rio. http://bibliotecadigital.fgv.br/dspace/handle/10438/19401 [18] See note 2 above. [19] See RFC 1958 https://tools.ietf.org/html/rfc1958 [20] See Bobbio N. (1990). The Age of Rights.]]> 2708 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/hacking-from-paradise/ Thu, 29 Mar 2018 13:10:10 +0000 https://www.ietfjournal.org/?p=2717 IETF 101 hackathon had a record number of participants. We reached around 250 participants in total! The spread of the Internet around the world has made it possible for almost anybody with the required skills to get involved. We believe that many people underestimate the benefits of remote participation in events such as this and I'd like to share our experience. Before IETF 101 took place, we had exchanges with the Transport Layer Security (TLS) working group regarding TLS 1.3. We decided to try to lead a TLS 1.3 hackathon remotely. After speaking to the organiser of the IETF hackathon, we made a request for the creation of a jabber channel and fleshed out the objectives on the wiki. Additionally, we made a call for participants on the hackathon mailing list, as well as the AFNOG and IETF-Africa mailing list. One of the mistakes we made was making the call late. This did not allow much time for potential participants to get ready - we will do our best to co-ordinate better next time! We were able to gather 8 participants from Mauritius for our TLS 1.3 project: Pirabarlen Cheenaramen, Nitin J Mutkawoa, Codarren Velvindron, Muzzafar Auhammud, Yasir Auleear, Rahul Golam, Nigel Yong Sao Young, Yash Paupiah and myself. Many of us are from a Mauritian group known as hackers.mu. One participant from Mauritius – Akhil Maulloo – worked on an http451 module for Drupal, and I dedicated half of my time to the DNS Private Exchange (DPRIVE) project. The work accomplished during the IETF 101 hackathon spanned across development libraries such as Eclipse Paho (an IoT library for secure machine-to-machine communication), development tools such as git and mercurial, and popular https implementations such as aria2 and wget. Additionally, we worked on TLS proxies such as Hitch, and enterprise tools that lacked TLS 1.3 support such as the nagios plugins collection. We updated benchmarking tools such as httperf to ship with TLS 1.3 support. Several commits have been reviewed and merged by upstream projects, while others are currently pending reviews. I spent some of my time working on EDNS(0) padding support for pydig. Akhil Maulloo worked on an initial http451 module for Drupal, which still needs more work to reach feature parity with the Wordpress http451 module. We faced some interesting challenges with the TLS 1.3 handshake with code that would at times change cipher configuration in ways that would cause handshakes to fail. Thanks to Wireshark, we were able to nail down some of those issues, and come up with appropriate patches. While the onsite participants were working under snowy conditions, we had great weather in Mauritius! We were worried about the possibility of poor quality audio during our presentation to the group. Despite some issues at the beginning, we were able to present remotely. With the possibility of rising IETF participation fees, remote participation will continue to grow in importance for engineers, students, and geeks from emerging countries wishing to participate in the IETF. This is a testament to how the growth of the Internet allows engineers from emerging countries to get involved in the IETF at very low cost and with productive results.]]> 2717 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/roll-on-a-roll/ Tue, 24 Apr 2018 10:51:35 +0000 https://www.ietfjournal.org/?p=2726 Why do we need a new routing protocol for these networks? Because LLN have specific characteristics such as high rates of packet loss, relatively low throughput and highly asymmetric links. In general, these networks are also composed of constrained devices, meaning devices with restricted memory, energy and processing power.

Why don't we use a pre-existing routing protocol?

One of the first ROLL WG activities was a study [2] that analyzed some of the existing IETF routing protocols such as OSPF, IS-IS, OLSRv2, AODV and RIP, and considered how they could be adapted to the following criteria: routing state, loss response, control cost, and link and node cost.

Why these criteria?

These criteria are shaped by the high-level requirements of the main use cases for ROLL such as home automation, urban LLNs and industrial routing. The conclusion of the analysis was that no existing protocol met all the criteria and thus a new protocol design was embarked upon. Consequently, the ROLL working group developed a distance-vector and source-routing protocol called IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL)[3]. RPL organizes the nodes in a topology with the form of a Directed Acyclic Graph (DAG) oriented to a root, thus we have a Destination Oriented DAG (DODAG). RPL has mechanisms for loop detection and DODAG Repair. The traffic flows between nodes that RPL supports are point to multipoint, multipoint to point and point to point.

What types of nodes can belong to a DODAG?

A DODAG is composed of three type of nodes:

1. DODAG root: can be described as the 'brain' of the topology, is responsible for initializing the topology, keeping state on the whole topology, and managing the DODAG. A DODAG Root, in general, acts as the border router for the DODAG. We can observe a DODAG root in Figure 2 as node “A”.
2. RPL Router Node: a device that has the capability to forward and generate RPL traffic. Intermediate RPL Router Nodes are located between the DODAG root and the leaf nodes. In Figure 2, the nodes “B” and “C” are RPL Routers.
3. RPL Leaf Node: a device that is located at the edge of the topology. An RPL Leaf can be a router or a host, a host is a device that does not have the capability to forward RPL traffic. In Figure 2, the nodes “D”, “E” and “F” are RPL Leaves.

How is a DODAG formed?

An Objective Function (OF) defines how a DODAG is formed (e.g. specifies how a node should select its parent set) with the main goal of getting the best path to the DODAG root. The topology is built following routing metrics and/or constraints based on node or link characteristics [4]. For example, select a parent node based on a specific node residual energy level (node characteristics as constraint) or select the parent that belongs to a path with shortest end-to-end delay (link characteristics as metric). The DODAG is built by control messages sent through Internet Control Message Protocol (ICMPv6) packets. In Figure 1 we can observe the RPL stack. [caption id="attachment_2728" align="aligncenter" width="179"] Figure 1: The RPL Stack[/caption]

What is 6LoWPAN (mentioned as part of the RPL Stack)?

IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) is a protocol that defines a way to compress IPv6 datagrams [5] to accomodate networks with a maximum data frame smaller than the IPv6 Maximum Transmission Unit (MTU). For example, IEEE 802.15.4 networks have a data frame of 127 octets and that is smaller than the IPv6 MTU of 1280 octets. Thus, 6LoWPAN provides a mechanism (header compression) to adapt IPv6 datagrams to constrained networks such as IEEE 802.15.4.

Which are the main control messages used to form a DODAG?

The main RPL Control Messages are:

1. DODAG Information Solicitation (DIS) which a node sends to its neighbours to require routing information (DODAG Information Object (DIO)). DIS is similar to the Router Solicitation messages of the IPv6 Neighbour Discovery protocol;
2. DODAG Information Object (DIO) which contains information that a node uses to discover an RPL Instance, determine its configuration parameters, a DODAG parent set and maintain the DODAG; and
3. Destination Advertisement Object (DAO) which allows for propagation of destination information upward through the DODAG. A Destination Advertisement Object Acknowledgement (DAO-ACK) message is sent in response to a DAO.

Figure 2: Elements that identify and maintain a topology in RPL

Once you have formed a DODAG, how do you identify the whole topology?

RPL uses the following to identify and maintain a topology:

1. An RPLInstanceID: an RPL Instance is a set of one or more DODAGs. An RPL node can belong to several RPL Instances, but in each one, the node can only belong to one DODAG. The RPLInstanceID is the identifier of the RPL Instance.
2. The DODAGID, which, in general, is the global IPv6 address of the DODAG root.
3. The version of the topology is identified through the DODAGVersionNumber, and;
4. The rank, which we can think of as an indicator of the distance of the RPL node to the DODAG root. The rank decreases when the node is close to the DODAG root and increases when the node is far from the DODAG root. This is shown in Figure 2.

ROLL uses control messages to form the topology, then keeps track of a DODAG topology through the 4 elements listed above.

How does RPL transmit information through the DODAG?

RPL has two modes of operation: storing (fully stateful) or non-storing (fully source-routed) mode. In the non-storing case, a packet will go to the DODAG root, and then be sent to the destination. In storing mode, a packet can be sent directly to the destination by a common parent (ancestor) between the source and the destination. RPL disseminates information through the DODAG in the way that requires the least configuration in the nodes, thus the nodes operate mostly autonomously. The mechanism is based on the Trickle algorithm [6], where basically a node transmits when the node’s information is not aligned with its neighbours to resolve inconsistencies quickly. When the node's information is aligned with its neighbours, the node slows the communication rate exponentially (e.g. two packets per hour).

Which other protocols have been defined by the ROLL working group?

ROLL also developed a Multicast Protocol for Low-Power and Lossy Networks (MPL) which transmits information using the Trickle algorithm or through flooding operation. Current proposals describe multicast using Bloom Filters [7] or Bit Index Explicit Replication (BIER) [8]. ROLL also defined a way to comprise RPL routing information through IPv6 over a Low-Power Wireless Personal Area Network Routing Header (6LoRH) [9].

Which other proposals is the working group considering currently?

The working group is also working on a reactive P2P route discovery mechanism for asymmetric links, which is based on the Ad Hoc On-demand Distance Vector Routing (AODV) protocol for RPL [10]. Another working group topic is a proposal that tries to set some kind of storing routes into a non-storing mode network [11]. ROLL also has a document that describes optimal ways to get an efficient route invalidation mechanism [12]. YANG models are part of the chartered work items, and currently ROLL has a proposal on YANG for MPL [13]. Additionally, the working group has a document that describes the use cases for carrying routing information in data-plane packets, source routing header and IPv6-in-IPv6 encapsulation [14].

Do we have open source code for RPL?

The main open source operating systems for IoT include RPL implementations, such as ContikiRPL [15] (Contiki-OS), RPL lite [16] (Contiki-NG), TinyRPL [17] (Tiny-OS) and RIOT-RPL [18] (RIOT-OS). These operating systems offer tutorials to help anyone interested to start evaluating the protocol. We want to highlight that the IETF offers the right environment to make the Internet work better in the context of IoT routing. One of the reasons for this is that participation is open to everyone. Thus, everyone can propose an improvement to the protocol. Additionally it is pretty straightforward to work in coordination with another working groups to improve the proposals, since the expertise of different areas is shared.

Which IETF working groups interact most closely with ROLL?

ROLL interacts with the BIER working group on a proposal for BIER multicast. ROLL also works closely with other IoT-related working groups. For example, RPL has been adopted by the IPv6 Time Slot Channel Hopping mode of IEEE 802.15.4 (6tisch) protocol stack (6tisch working group), thus ROLL works on RPL mechanisms that are needed in the 6tisch working group. ROLL is also aligned with the IPv6 Maintenance (6man) working group.

References

[1] https://datatracker.ietf.org/wg/roll/about/, last accessed 01.04.2018. [2] Levis, P. et al. "Overview of existing routing protocols for low power and lossy networks." Internet Engineering Task Force, Internet-Draft draft-ietf-roll-protocols-survey-07 (2009). [3] Thubert, P., et al. & Alexander, R.(2012). RPL: IPv6 routing protocol for low power and lossy networks. RFC 6550. [4] Vasseur, JP, et al. Routing metrics used for path calculation in low-power and lossy networks. No. RFC 6551. 2012. [5] Thubert, P. et al. "Compression format for IPv6 datagrams over IEEE 802.15. 4-based networks." (2011). [6] Levis, P., et al. J. Ko," The Trickle Algorithm. RFC 6206, March, 2011. [7] Bergmann, O. et al. “Constrained-Cast: Source-Routed Multicast for RPL” draft-ietf-roll-ccast-01 (2018) [8]Thubert, P., “RPL-BIER” draft-thubert-roll-bier-01 (2018) [9] Toutain, Laurent, et al. "IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Routing Header." (2017). [10] Perkins, C. et al. “Asymmetric AODV-P2P-RPL in Low-Power and Lossy Networks (LLNs)” draft-ietf-roll-aodv-rpl-03 (2018) [11] Thubert, P. et al. “Root initiated routing state in RPL” draft-ietf-roll-dao-projection-03 (2018) [12] Jadhav, R. et al. “Efficient Route Invalidation” draft-ietf-roll-efficient-npdao-03 (2018) [13] Van der Stok, P. et al. “A YANG model for Multicast Protocol for Low power and lossy Networks (MPL) draft-ietf-roll-mpl-yang-01 (2018)” [14] Robles, M. et al. “When to use RFC 6553, 6554 and IPv6-in-IPv6”, draft-ietf-roll-useofrplinfo-22 (2018) [15] https://github.com/contiki-os/contiki/blob/master/core/net/rpl/rpl.c, last accessed 09.04.2018 [16] https://github.com/contiki-ng/contiki-ng/tree/develop/os/services/rpl-border-router, last accessed 09.04.2018 [17] http://tinyos.stanford.edu/tinyos-wiki/index.php/TinyRPL, last accessed 09.04.2018 [18] https://github.com/RIOT-OS/RIOT/tree/master/sys/include/net/gnrc/rpl, last accessed 09.04.2018.]]> 2726 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/enabling-internet-measurement-with-the-quic-spin-bit/ Tue, 15 May 2018 13:50:17 +0000 https://www.ietfjournal.org/?p=2797 discussion of the Latency Spin Bit in the QUIC Working Group (watch the session below). The greater philosophical questions raised there have already been addressed on the APNIC blog. This article, in contrast, sets aside those questions and partial answers, and digs into the technical details, and what they might mean for the future of the transport protocol stack in the Internet. [iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/TQq6Z4_HBaY?rel=0" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen] The spin bit was proposed at the June 2017 interim meeting of the working group in Paris, because QUIC radiates far less information about its operation to devices on path than TCP does, as an explicit design goal. None of the information in TCP that can be used to measure round-trip-time (RTT) passively — sequence and acknowledgement numbers, as well as timestamps — is available to on-path devices with QUIC traffic. Unlike all previous transport protocols, QUIC splits the information it uses for its own operation from its wire image. So, if passive measurability of RTT equivalent to TCP is a requirement for QUIC, then it’s necessary to add the spin bit, or a signal like it, back into this wire image. But what is the spin bit, exactly? How does it work, how can it be used, and what is the potential for abuse? The research we’ve been doing recently at ETH — in collaboration with a group of interested network operators, device vendors, and QUIC implementors — has looked at the details of this signal and how it works in different network conditions, and led to enhancements.

---

Key points:

• The spin bit is a simple enhancement to QUIC that causes one bit in the header to ‘spin’, generating one edge (a transition from 0 to 1 or from 1 to 0) once per end-to-end RTT.
• Coupled with an additional two-bit signal, the Valid Edge Counter, it can provide a higher resolution of latency trouble spots in a network.
• This work represents the first step in a new way of thinking about network measurement and manageability.

---

The spin bit

The spin bit, as originally proposed, is a simple enhancement to QUIC that causes one bit in the header to ‘spin’, generating one edge (a transition from 0 to 1 or from 1 to 0) once per end-to-end RTT. Any device on path can then measure the time (on its local clock) between these edges to generate one RTT sample per RTT for each flow in the general case. These RTT samples can then be aggregated by link or peer and analyzed to pinpoint latency trouble spots in a network.

Figure 1 — How the spin bit works.

The algorithm generating this signal is quite simple:

• When a server sends a packet, it sets the spin bit to the spin bit on the last packet it received from the client.
• When a client sends a packet, it sets the spin bit to the inverse of the spin bit on the last packet it received from the server.

Figure 2 — The spin bit, unimpaired.

Like all simple algorithms, this one has some important limitations when it meets network conditions in the real world:

• Packet loss will tend to cause overestimates of RTT if a spin edge is lost.
• Reordering of a spin edge will cause drastic underestimates of RTT since it will cause multiple edges to be observed per RTT.
• Observation of the spin bit measures the fundamental frequency of a transport protocol, which is usually but not always, the RTT. For example, when traffic is periodic with a period longer than RTT, the spin bit tends to measure this period instead.

Figure 3 — Reordering causes false RTT samples.

The Valid Edge Counter

To address these concerns, we developed an additional signal alongside the spin bit called the Valid Edge Counter (VEC). The VEC operates on the principle that each RTT sample is taken by subtracting the observation time of a right edge from the left edge preceding it. Only right edges that are definitely in response to a given left edge can be used to generate valid RTT samples.

Figure 4 — The VEC.

The VEC is a two-bit counter, taking values from 0 to 3. When an impairment such as loss, reordering, or delay would cause the spin bit signal to generate an invalid RTT sample, it resets to a lower value, then counts back up to a higher value as valid edges are generated, hence the name. The algorithm for generating the VEC is the same on both client and server, and works as follows:

• The VEC is set to 0 by default.
• When an endpoint sends a packet containing a spin edge, it sets the VEC to the VEC of the last received edge plus 1, clamped to 3, except;
• When an endpoint sends a packet containing a delayed spin edge, that is, a spin edge sent for more than a specified timeout (for example, 1ms) since the receipt of the corresponding spin edge from its peer, it sets the VEC to 1.

Passive observers then use the following algorithm to generate RTT samples from the spin bit and the VEC:

• Apparent spin edges with a VEC of 0 are invalid and were caused by loss or reordering of a valid edge.
• Apparent spin edges with a VEC of 1 or 2 can be used as left edges, but not right edges.
• Apparent spin edges with a VEC of 3 can be used as left edges and right edges.

Our experimentation with the VEC in a variety of emulated network conditions shows that it handles loss, reordering, and delay as designed, even in network conditions so poor that they lead to effective connectivity failure. Details are given in Piet De Vaere’s recently published Master’s thesis. Our current work is focused on scaling this experimentation out, working with implementers of QUIC and network measurement devices to gain experience with spin bit and VEC on real networks and production workloads.

The risk-utility tradeoff

The spin bit and VEC were designed to be a minimal-risk, maximum-utility signal fit for a single purpose: on-path measurement of end-to-end RTT, to generate RTT samples for a variety of passive latency measurement tasks. As such, we believe it to be a nearly ideal explicit path signal, meeting each of the principles for measurability in protocol design [PDF 148 KB] recently proposed by Allman et al. In other words, if it is at all possible to safely design passive measurability of any metric explicitly into a protocol, this signal represents how to do it. In addition, each endpoint is in control of how much it participates in the generation of the signal. The signal requires the cooperation of both endpoints to appear: an endpoint can simply choose to always set the spin bit to zero in order to disable it. The VEC gives even finer-grained control, allowing an endpoint to probabilistically set the VEC to 0 or 1 in order to reduce the RTT sampling rate available from its flows. Nevertheless, most of the spirited discussion of the spin bit has focused on the risk side of this equation. These can be divided into risks inherent in passive RTT measurement, and risks of unintentional information radiation from the spin and VEC itself.

Privacy and operational risk in Internet latency data

In response to the first question posed to the QUIC RTT design team at the IETF 99 meeting in Prague, we looked into geoprivacy risks posed by increasing the availability of RTT data and concluded (in an expanded study just published at PAM 2018) that these were indeed negligible. The various sources of random noise in Internet RTT overwhelm propagation delay relatively rapidly, so only relatively rare, very short RTT samples are at all useful for narrowing location beyond what is available even in low-resolution freely-available GeoIP databases. In any case, RTT between any two points in the network is not at all secret: someone controlling an endpoint near one of the endpoints of interest can merely use one of a wide and growing variety of active measurement techniques. Discussion about all of the sorts of nefarious things that network operators can get up to with your RTT data tends to miss (or ignore) this fact.

Unintentional radiation

There’s a more interesting question here: what can the spin bit and VEC be used for, and abused for, beyond RTT information? It has been pointed out that the spin bit works like an alternate marking signal, and can be used by measurement infrastructure deployed at two points along a path to measure one-way delay and loss. The VEC, by encoding information about loss and reordering experienced by spin bit edges, might also be useful for inferring loss and reordering rates for the whole flow — this is an area that we’re actively looking into at the moment. But both of these are examples of additional information made available about the network path by the signal, not additional information about the endpoints themselves. Digging further into this question led us to reframe it: what is the difference in unintentional radiation from this explicit signal as compared to the state of the art? As it turns out, TCP timestamps, the current best source of passive RTT information, are pretty noisy themselves. They can be used to fingerprint hosts based on the fact that they expose clock drift, a node-linked physical property. Discontinuities in the timestamp sequence can also be used to detect host or infrastructure reboots [PDF 186 KB]. Simply by virtue of not exposing information derived from an internal interrupt counter, the spin bit doesn’t present these risks of unintentional radiation. In this aspect, at least, moving to a smaller explicit signal like the spin bit would appear to be a net positive for reducing unintentional radiation of endpoint information.

Conclusions

Though we’ve defined a purpose-built, minimal-risk signal that can provide accurate latency information to passive measurement for QUIC, we’re not done yet. Our experience to date is limited to emulated network impairments, and while spin bit code exists for a number of QUIC implementations, wider adoption is necessary to support the kinds of large-scale experimentation that will provide us with enough information to make a risk-utility decision as a community. This work also represents the first step in a new way of thinking about network measurement and manageability. QUIC may well replace TCP for a significant portion of Internet traffic, bringing with it the privacy, security, and flexibility benefits of a fully encrypted transport, and the opportunity to replace inference based on implicit signals (as we currently have with TCP timestamps) with explicit measurability. More usable, less abusable signals for passive measurement have the potential to improve both Internet research and day-to-day network operations. Acknowledgements: Thanks to Piet De Vaere for the graphics used in this article. This article originally appeared on the APNIC Blog.]]> 2797 0 0 0 ]]> https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/measurement-challenges-in-the-gigabit-era/ Thu, 21 Jun 2018 11:59:01 +0000 https://www.ietfjournal.org/?p=2843 SamKnows system, are widely used to validate ISP speed claims. Such systems prompted a shift in some economies from ISPs loosely advertising ‘up to’ speeds, based on the highest theoretical speed obtainable, to one where ISPs measured and presented their delivery as ‘percent of advertised’ speeds at both peak and off-peak times. The impact of effective measurement cannot be overstated. It is not uncommon for network operators to make operational and design decisions based on their understanding of: 1) How speeds are measured; and 2) The limitations and flaws of those measurement methodologies. And of course, consumers also use web-based measurement tools to see for themselves how their service is performing. As Internet speeds get faster, and certain customers use their home connections to support an ever-widening range of simultaneous connections, evolving the technical community’s approach to measurement may become a key component in helping to ensure that ISPs are delivering the best possible Internet experience.

Key points

• Many of today’s popular measurement systems were developed in the era of single-digit megabit per second access technologies and designed to measure at the lowest capacity link.
• To be truly valuable to users, future testing should also reflect end-user behaviour.
• An example of a next-generation speed test might be a set of roughly simultaneous tests to multiple, disparate destinations.

The future of measurement: not just what, but where

Many of the widely deployed measurement systems we have today were developed in the era of single-digit megabit per second (Mbps) access technologies, and they’ve been evolved to adapt to now double and triple-digit Mbps technologies through the use of larger file sizes, multiple TCP connections, expanded test server capacity and performance, and so on. Traditionally, these systems tended to be designed based on an assumption that the lowest capacity link in any network environment was always the last-mile access network link, which in turn, was the primary focus of many measurement systems. Systems were designed to measure at that lowest capacity link — where speeds were most likely to be closest to what customers would experience — in order to deliver the most accurate result. But as access capacity rises to several hundred Mbps to 1 Gbps, that assumption makes less sense. Now, the lowest capacity link between the measurement servers and the end-users’ system can easily shift to some combination of interconnection points, the measurement servers themselves (see footnote 27 of 2016 FCC Measuring Broadband America Fixed Broadband Report and footnote 18 of 2015 FCC Measuring Broadband America Fixed Broadband Report), and associated data centre infrastructure, as well as in-home and end-user systems. The last point may seem obvious — that in-home and user systems can be limiters. However, it is sometimes overlooked that these systems may only come with, at best, a 1 Gbps Ethernet interface and therefore that actual throughput will be somewhat below 1 Gbps in the real world, while some older systems may only be capable of a theoretical 100 Mbps. In other cases, such systems may be limited by storage read/write performance, memory or storage capacity, CPU performance, or other factors. This is exacerbated with Wi-Fi, where devices often lack sufficient radio performance to operate at higher speeds or the device is far from the access point, among other factors. All of these factors can significantly impact the speed measurements that the systems report on. Looking to relatively lower capacity links outside of the home and ISP network, few measurement systems maintain sufficient infrastructure to enable accurate gigabit speed measurements. And, while a few measurement system operators may have resources to dedicate sufficient global server and data centre capacity to handle hundreds or more simultaneous 1 Gbps tests, the interconnection link between the measurement servers and the ISP network can also be a critical factor. Such links can be a factor because a given measurement system operator rarely is a transit or backbone operator; it relies on a third party for transit. That third party has a normal economic incentive to maximize the use of their interconnection capacity, based on statistical multiplexing, and so has little incentive to maintain substantial excess capacity for just one of its many customers — in this case, the measurement system operator — to use several 1 Gbps test connections (absent some guaranteed/dedicated transit capacity agreement that would likely be uneconomical for a measurement system operator). This isn’t to say that the interconnects are particularly overburdened, just that the interconnection capacity requirement for hundreds or more 1 Gbps tests is significant and that if such excess capacity existed on an interconnection link, it would likely be consumed by traffic from one of the many other users of that transit link. So, we can see that the lowest capacity link can shift from the last-mile access network to interconnections, measurement servers, and measurement server data centres. If a key objective of a measurement system remains to gauge an ISP’s ability to deliver advertised speeds, then measurement systems will need to evolve in order to continue to measure aspects of the network over which the ISP has direct or indirect control.

Measuring based on end-user behaviour can improve network design

Modernizing measurement technologies also has the potential to deliver more relevant, useful information to end users, in a world where peak speed may no longer be the most important statistic. To the extent that we can make network measurements reflect actual end-user behaviour, measurement technologies will be imminently more useful. It is easy to see how a test to determine if 5 Mbps or 25 Mbps is reliably delivered by an ISP is applicable to end users, as this reflects the speed of HD and 4K video streaming, for example. But as of today, the real-world value of a 1 Gbps connection lies less in the ability to deliver 1 Gbps speed to a single application (since there are no current applications outside of speed tests themselves that use a full gig) and more in the ability to distribute that capacity over numerous connected devices and applications for those customers who actually use 1 Gbps. So, while there is certainly value for a user in being able to confirm that they are receiving the 1 Gbps service they pay for, knowing the speed of a 1 Gbps connection from one single point to another has limited functional value.

When your car mechanic checks to see how your car performs, in comparison, they test drive it on the street rather than on a race track or drag strip; measurements such as speed tests ought to reflect real-world uses.

To be truly valuable to users, testing of 1 Gbps should also reflect end-user behaviour, particularly if we want to arm consumers with performance statistics to which they can relate and upon which they can make purchasing and other decisions. This is especially important because networks, devices, and other systems will naturally be optimized to perform such measurement tests as well as possible due to the strong disincentives to poor performance. If measurements do not truly reflect end-user behaviour, and networks and related systems are optimized to perform well in that framework, then the result may be a network that performs in ways that may not actually benefit users to the extent that it otherwise might. If, in addition to point-to-point tests, which will always have value, we are also able to develop tests that reflect how people might actually use the Internet with a multitude of devices and applications, then everyone in the ecosystem, from ISPs to end users, will reap the benefits. This is because the measurement system’s test results will focus on the things that directly correlate to a better end-user quality of experience for everyday usage of the Internet.

What might a next-generation speed test look like?

One approach might be a set of roughly simultaneous tests to multiple, disparate destinations. This might take the form of a supplemental test to the existing single destination testing that prevails today. For example, a 25 Mbps test to 40 different destinations or a 10 Mbps test to 100 destinations. In addition, tests from each end user location can be randomly distributed over time so as not to have them place undue load on servers at any given moment in time. This approach has several key benefits:

1. The multitude of competing connections is a better reflection of how some users actually use the Internet today. Those users have many devices, from PCs to gaming consoles and IoT devices, that are simultaneously using the network; the era of one PC placing all the demand on a connection over Ethernet is long past, and tests should reflect that.
2. The size of each test more accurately reflects the typical demands placed on the network by applications, ranging from game and web page downloads to HD and 4K video streams, at 10 Mbps to 25 Mbps.
3. There is no need for elaborate engineering and operation of super high capacity test server clusters that can handle hundreds of simultaneous 1 Gbps tests since the tests are distributed at more common workload levels that cloud services and other platforms can readily and routinely handle. This likely also helps to significantly reduce the cost of operating a measurement platform, as well as reduces operational and monitoring work.
4. The need to maintain significant and unrealistic excess capacity at specific interconnection points goes away since the tests are distributed across many points of exchange.
5. By spreading the test load across multiple destinations, which have varying Round Trip Times, ISPs that have subscribers far from key Internet exchanges (such as rural ISPs and ISPs with subscribers far from the coasts) get more equal footing compared to more centrally located ISPs.

Where to from here?

It seems the first step for the technical and research communities that focus on Internet performance measurement is to consider these points and think ahead a few years about how measurement platforms might evolve to remain a meaningful tool in the gigabit era. In particular, operators of measurement platforms used by national regulators, and the ISPs that are the subjects of such tests, should evaluate the design of their throughput tests and the expectations created for end users resulting from the design of those tests. They’ve collectively done a good job to date, and they now have the opportunity to devise effective measurements for 1 Gbps speed tiers. Now is the time to ask questions about the measurement of gigabit connections, while there is ample time to evolve the design of measurement platforms and systems so that next-generation tests become available as more users around the world subscribe to gigabit access network speeds. Let me know what you think in the comments below. The above is a summary of a lightning talk presentation I gave at the Internet Research Task Force (IRTF) meeting, which coincided with IETF 101. This article originally appeared on the APNIC Blog.]]> 2843 0 0 0 9929 0 112 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/managing-the-internet-of-things-its-all-about-scaling/ Tue, 26 Jun 2018 11:22:29 +0000 https://www.ietfjournal.org/?p=2854 [i]  From recognition of the possibility to its realization: thanks to the marvels of Moore’s Law and many other technical innovations, nearly every type of Thing can now be connected to the Internet. All of these devices represent numerous challenges to network administrators.  Through all of our innovations we have not been able to perfect the human being.  Our flaws are reflected in the vulnerabilities that these devices have.  Meanwhile our competence securing computers has been bound by the way that we have used them and enhanced through the painful impact of numerous mistakes.  We learn through practical experience. Now, however, the learning curve of security is running up against the practical needs of those who these Things are supposed to help, and a scaling problem like no other.  While estimates of the number of connected things range from 25 billion today to as much as 100 billion by 2025, we do not even have a methodology to count the number of types of things.  For instance, is version 1 of a particular brand of toaster expected to behave exactly like version 2?  And which one of those versions of toaster is likely to attack the refrigerator or the home security system or the climate control system?  And why would the toaster talk to the refrigerator in the first place? It is possible with today’s technology to block the toaster from doing so, but until now it simply  has not been practicable to implement those blocks.  IP address and port-based access lists have existed since the first days of the Internet.  By limiting access to devices to just that access they need, we are able to reduce attacks, both laterally within a network and more broadly across the Internet. To do so requires that network owners know how the toaster is designed, and which communication patterns are nominal.   In some cases, developers haven’t even made available the authorized hosts and ports a toaster needs to speak to.  The best that can happen in those cases is observation and hoping that all designed behaviors have been understood, a task that could take qualified network administrators and researchers anywhere from days to months to complete – per device.  Now multiply that task by the myriad of devices that can be found on a network, and the problem becomes intractable.  Worse, in the home, the administrator is… my mom, the retired teacher (she was an award-winning teacher, but doesn’t know much about network administration).

“Everyone complains about the weather, but nobody does anything about it.” –Charles Dudley Warner

Let us make a simplifying assumption: each device we are attempting to protect has a single or small number of purposes, and that it has a correspondingly small number of communication patterns.  Let us also assume that the one who built the Thing is in the best position to describe what sort of access it needs.  Thus, the architecture we describe is inappropriate for the laptop or tablet you are using to read this article, but hopefully more applicable to a thermostat or light bulb.  However, once we make these assumptions, one can enumerate what access a device needs, and we know who is in the best position to provide that information. A broad group of people have worked at the IETF to develop a means to automate learning what access a device needs. The architecture known as Manufacturer Usage Descriptions (MUD) is an evolution on much of the technology we have already developed.  The just-approved draft contains 29 normative references, and contributions from leaders in the Internet, Operations, and Applications & Real Time areas of the IETF, as well as many others, an excellent example of collaboration. Rather than an application of guesswork, MUD is a declarative approach.  The following components are in the architecture:

• The thing connecting to the network;
• A network access device of some form, like a wireless access point that will limit access to the Thing;
• The MUD manager, that will retrieve and translate abstract policy recommendations from the manufacturer;
• The MUD file server, that is operated on behalf on the Thing manufacturer; and finally
• The MUD file that contains the policy recommendation.

Figure 1 - Components of the MUD architecture

This process begins when the device connects to a network.  It will announce what type it is by emitting a URL that the manufacturer or developer configured.  It can do this via DHCP[ii] or LLDP[iii] or via an IEEE 802.1X[iv] transaction with an X.509[v] certificate.  Depending on how the device communicates the URL, the MUD manager receives this URL along with some relevant specifics about the device via a DHCP server, a AAA server or directly from the switch, access point or router.  It then resolves the URL to retrieve a YANG-based JSON file that contains not much more than an access list or two that have abstracted local deployment information into classes that manufacturers can use.  Indeed MUD augments the nascent access-control-list YANG model[vi], also developed at the IETF.   The MUD manager then replaces those classes with specific IP addresses of endpoints with which a particular Thing should communicate. MUD defines a handful of classes such as my-controller, controller, my-manufacturer, manufacturer, and local, the intent being that over time network management systems will automate their population.

Figure 2 – MUD files are translated into specific access-control lists

Figure 2 shows one possible translation of abstract policy into local ACLs.  Other means are possible.  One could even envision MAC-based ACLs, VLANs, and other approaches to impose access controls. There are differing levels of trust associated with MUD.  At its simplest level, when the MUD URL is conveyed without encryption, MUD is best used when it restricts access to a device, rather than adds access.  This matches most deployments today.  Over time, the stronger model where certificates and an associated trust model are used is more appropriate.  When this method is used, the manufacturer certificate links the MUD URL and the name of the signer of the MUD file, thus binding the two.  This requires that the MUD manager and the administrator make decisions about which signers are trustworthy, work that is ongoing in the industry.

Figure 3 - Securing the MUD File

One design goal behind MUD is to make it easy for manufacturers to implement.  Adding a DHCP option or an LLDP TLV requires almost no additional space on the Thing, a device that may be quite cost sensitive.  If a more advanced device has implemented certificate-based authentication, MUD specifies two extensions to be included.  On the other side of this process, the manufacturer need only host a file and a signature for a device.  The result is that the manufacturer’s role in the process of connecting a device is limited to the device emitting the URL and a web server transmitting a file. The result of all of this that Things receive just the access they were designed to have in the first place, but no more.  The toaster manufacturer might state a policy permits only HTTP local access on its port 80.  The thermostat might only communicate with devices of particular manufacturers or with a locally defined controller.  The more the access is circumscribed, the less likely a device will be able to be infected or be able to transmit malware.

Figure 4 - Things and their controllers

In the example in Figure 4, the air conditioner would want the thermostat listed as my-controller whereas luminaires would need the lighting switch as my-controller. Communications between the two subsystems are restricted, based on recommendations from both manufacturers. This brings us to a few things MUD does not do.  MUD does not repair end point vulnerabilities.  Only the manufacturer can do that.  If a device does get authorized to communicate with another device, it can be attacked and it can attack that other device.  MUD is also not an authentication technology, although it works best in conjunction with those other mechanisms.  For instance, IP-based access lists rely on the authenticity of the IP address. Because MUD is a component architecture, the building blocks may be used in ways that are useful beyond the description in this article or the purposes of the standard.  MUD doesn’t mandate use of specific protocols, but rather provides guidance on how to use a few of them to protect devices.  For example, if devices are already registered in some form with a service provider, it may make more sense for them to not communicate a MUD URL, but instead have that information provided as part of that service provider registration. Administrators can take advantage of MUD in three ways:

• Simply having devices output a MUD URL states what they are, and just knowing that gives some idea as to how to protect them.
• Have a look at the policies that manufacturers lay out. These give some idea as to what communications the devices are designed to have.
• Enable MUD protection in your infrastructure as the tools become available.

There are four actions manufacturers can take so that their customers can take advantage of MUD:

• Read the standard;
• Choose the right approach for your devices to output the MUD URL;
• Understand what network access each device needs (the standard gives you NTP and DNS access by default);
• Create and sign a MUD file and host it somewhere.

For more information about MUD, check out draft-ietf-opsawg-mud-25.txt[vii].  To create a MUD file, see www.mudmaker.org. [i] Romkey, J. “Toast of the IoT: The 1990 Interop Internet Toaster”, IEEE Consumer Electronics Magazine,Volume 1, Issue 6,  January 2017. [ii] Droms., R., “Dynamic Host Configuration Protocol”, RFC 2131 et al., March 1997. [iii] “IEEE Standard for Local and Metropolitan Area Networks: Station and Media Access Control Connectivity Discovery” IEEE 802.1AB, April 2005. [iv] “IEEE Standard for Local and metropolitan area networks--Port-Based Network Access Control”, IEEE 802.1X-2010, 2010. [v] Cooper, D., et al,” Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, RFC 5280, May 2008. [vi] Jethanandani, M., et al, “Network Access Control List (ACL) YANG Data Model”, draft-ietf-netmod-acl-model-19.txt, April, 2018. [vii] Lear, E., Droms, R., Romascanu D., “Manufacturer Usage Description Specification”, draft-ietf-opsawg-mud-25.txt, June 2018.]]> 2854 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/got-a-hot-topic-for-the-ietf-hotrfc-is-for-you/ Wed, 27 Jun 2018 11:42:36 +0000 https://www.ietfjournal.org/?p=2864 "Request for Conversation", or HotRFC, is a new lightning talk forum for IETF attendees to bring new ideas forward for consideration and discussion. Participants get a few (currently four) minutes to pitch their concept and propose a way of carrying the conversation forward. The goal of the event is to get attention for BarBoFs (IETF's term for informal topic-focussed meetups), hackathon projects, cross-area topics coming up in a regular IETF meeting, relevant work from outside the IETF, or really any IETF-related topic. The only requirement is that the idea be directly related to the IETF in some form. The session is held on Sunday night (6-8pm) to allow the conversations to continue for the remainder of the week.

HotRFC debuted at IETF 101 in London. (Slides here.) A total of 17 talks covered topics from "QUIC over Satellite" to "A role for Machine Learning and AI in networking" to "Opportunistic DNS". Presenters were very enthusiastic about the attention their talks received and recommended the event continue.

Proposals for HotRFC at IETF 102 in Montreal can be uploaded to this page, which also has suggestions for an effective lightning talk. Questions about the event can be directed to Aaron Falk.

]]> 2864 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102/ Mon, 09 Jul 2018 10:40:16 +0000 https://www.ietfjournal.org/?p=2868 Internet Engineering Task Force will be in Montreal for IETF 102, where over 1,000 engineers will discuss open Internet standards and protocols. The week begins on Saturday, 14 July, with a Hackathon and Code Sprint. The IETF meeting itself begins on Sunday and goes through Friday. We'll be providing our rough guides on topics of mutual interest to both the IETF and the Internet Society as follows:

• Overview of ISOC @ IETF (this post)
• Internet Infrastructure Resilience
• Internet of Things
• IPv6
• DNSSEC, DANE and DNS Security
• Identity, Privacy, and Encryption

For more general information about IETF 102 see:

• IETF 102 main page
• Remote participation & live stream information

Immediately prior to the IETF meeting, ICANN are hosting a DNS Symposium on the theme "Attention, Domain Name System: Your 30-year scheduled maintenance is overdue." The ICANN DNS Symposium will take place in the same venue as the IETF 102 meeting on Friday 13th July. Here are some of the activities that the Internet Society is involved in during the week.

Applied Networking Research Workshop (ANRW 2018)

The ACM, IRTF and ISOC Applied Networking Research Workshop will take place on the Monday of IETF week, as part of the Internet Research Task Force (IRTF) mission to foster greater collaboration between researchers and the IETF community. Registration is free for IETF attendees.  The ANRW program is full of great presentations including invited talks and features sessions on TLS, routing, Internet infrastructure, congestion control, traffic engineering, and anonymous communications. The workshop will also feature an extensive poster session. The workshop will be livestreamed for those not able to attend in person: 9:30-12:00 Monday July 16 Morning session I http://www.meetecho.com/ietf102/anrw/ 13:30-17:50 Monday July 16 Afternoon sessions I and II http://www.meetecho.com/ietf102/anrw_II/

Applied Networking Research Prize (ANRP)

Through the Applied Networking Research Prize (ANRP), supported by the Internet Society, the Internet Research Task Force (IRTF) recognizes the best new ideas in networking and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. Out of 55 submissions in 2018, six submissions will be awarded prizes. Two winners will present their work at the IRTF Open Meeting on Tuesday, 17 July at 9:30AM.

• Maria Apostolaki for a detailed analysis of the impact that Internet routing attacks (such as BGP hijacks) and malicious Internet Service Providers (ISP) can have on the Bitcoin cryptocurrency: Maria Apostolaki, Aviv Zohar, Laurent Vanbever. Hijacking Bitcoin: Routing Attacks on Cryptocurrencies. Proc. IEEE Symposium on Security and Privacy 2017. San Jose, CA , USA (May 2017).
• Panos Papadimitratos for improving our understanding of vehicular public key infrastructure in terms of security, privacy protection, and efficiency: M. Khodaei, H. Jin, and P. Papadimitratos. SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication. IEEE Transactions on Intelligent Transportation Systems (IEEE ITS), April 2018.

GCSC Panel

On Tuesday, 17 July, during IETF 102 in Montreal, the Global Commission on the Stability of Cyberspace (GCSC) will host a lunch panel on “Cyber Diplomacy Meets InfoSec and Technology.” During this session, the Commission wants to inform and engage with the IETF community on its work so far and the work that is in the pipeline. The Global Commission on the Stability of Cyberspace sets out to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace. During this lunch panel GCSC want to engage with the IETF community to discuss the norms they have proposed so far:

• The norm to Protect the public Core of the Internet; and
• The norm for Protecting Electoral Infrastructure.

In addition, the Commission want to talk about the work that they are currently undertaking on vulnerabilities, their exploitation and disclosure. The panelists are:

• Irina Rizmal, Research Fellow at the DiploFoundation specialized in policy analysis in matters pertaining to national security and defense.
• Bill Woodcock, Commissioner and Executive Director at Packet Clearing House, the non-profit agency that supports critical Internet infrastructure.
• Jeff Moss, Commissioner, founder of Black Hat and Defcon, member of the DHS security council, and former ICANN CSO.

The panel will be moderated by Olaf Kolkman, GCSC Commissioner and Chief Internet Technology Officer of the Internet Society.

IETF Journal

The IETF Journal provides an easily understandable overview of what’s happening in the world of Internet standards, with a particular focus on the activities of the IETF Working Groups. Articles highlight some of the hot issues being discussed in IETF meetings and on the IETF mailing lists. You can follow IETF Journal via our Twitter and Facebook channels. If you would like to write for the Journal about your work at IETF 102, please email us at ietfjournal@isoc.org. Other highlights of the IETF 102 meeting include:

Hackathon

Right before IETF 102, the IETF is holding another Hackathon to encourage developers to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards. The Hackathon is free to attend but has limited seats available. Technologies from past Hackathons include DNS, HTTP 2.0, NETVC, OpenDaylight, ONOS, VPP/FD.io, RiOT, SFC, TLS 1.3, WebRTC, YANG/NETCONF/RESTCONF. Details on all planned technologies will be listed on the IETF 102 Meeting Wiki.

Technical Plenary

One of the week’s highlights is the plenary meeting. It will take place on Wednesday, 18 July, from 17:10-19:40. The event is live streamed.

Birds of a Feather (BoF) Sessions

Another major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. There are three BoFs happening in Montreal:

• DNS Resolver Identification and Use (driu)Thursday, 19 July, 15:50-17:50 The IETF has added additional methods for DNS stub resolvers to get to recursive resolvers (notably DNS-over-TLS, RFC 7858), and is about to add another (DNS-over-HTTPS, from the DOH Working Group). As these have been developed, questions have been raised about how to identify these resolvers from protocols such as DHCP and DHCPv6, what the security properties these transports have in various configurations (such as between strict security and opportunistic security), and what it means for a user who has multiple resolvers configured when the elements of the configured set have different transports and security properties.This BoF is not intended to form a Working Group. Instead, it is meant to bring together authors of various WG and individual drafts to prevent overlap and to garner interest in particular topics.
• Internationalization Review Procedures (i18nrp) Monday, 16 July, 13:30 - 15:30 This BOF is to examine procedural and structural options for moving forward with work on internationalization topics in the IETF, or deciding not to work on that topic.
• The Label "RFC" (rfcplusplus) Wednesday, 18 July, 18:10 - 19:40 This BoF is intended to discuss a proposed experiment to tackle the "regrettably well-spread misconception" that all RFCs are standards.

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.]]> 2868 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/inviting-applications-for-fellowship-to-ietf-103/ Wed, 04 Jul 2018 11:47:59 +0000 https://www.ietfjournal.org/?p=2881 online. Before applying for the Internet Society Fellowship to the IETF 103 meeting in Bangkok, please read the self-assessment guide and ensure that you are able to satisfy all the requirements.

Important Dates

• 2 July, 2018               Open Call for Applications
• 22 July, 2018             Close Call for Applications
• 3 August, 2018          Notify Successful Candidates

We encourage you to apply for this opportunity or pass this information about the programme to individuals in your network that have a keen interest in the open standards development activities of the IETF. If you have questions, please do not hesitate to contact Niel Harper.]]> 2881 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102-internet-infrastructure-resilience/ Tue, 10 Jul 2018 13:16:41 +0000 https://www.ietfjournal.org/?p=2887 BGP, the routing protocol that connects the Internet.

Route leaks

There has been slow progress in the work on mitigating route leaks in the IDR Working Group (WG). One of the reasons for the slowness was that the group was considering two proposals addressing the route leak problem and both are IDR WG documents:  “Methods for Detection and Mitigation of BGP Route Leaks”, and “Route Leak Prevention using Roles in Update and Open Messages”. Plus, there is a third submission “Route Leak Detection and Filtering using Roles in Update and Open Messages” that also provides a solution in this area. Fortunately, it seems that the relationship between all three is clearer now. Preventing route leaks locally by the potential culprit is described in draft-ietf-idr-bgp-open-policy. It also defines roles that can be useful in other solutions. draft-ietf-idr-route-leak-detection-mitigation now incorporates some ideas from draft-ymbk-idr-bgp-eotr-policy and is focused on detection and mitigation of the leaks upstream, more than one hop away from the culprit. In other words, the group is now working on two complementary and not conflicting solutions. Hopefully that will help with finalizing them soon.

Leveraging RPKI for proven operational practices

A common best practice to ensure that one's customers only announce their own networks and the networks of their customers, is to build prefix filters. In fact, this should become a norm for every network, as defined in Action 1 of MANRS. In the case where there are only direct customer relationships (i.e. the network's customers are all "stub networks"), the task is relatively easy - one needs to collect the list of prefixes legitimately originated by these customer networks. This is most commonly done by using an IRR and collecting corresponding "route" objects, but with the proliferation of RPKI this can become a more robust process using cryptographically verifiable ROA objects that serve a similar purpose. If you are a bigger network and some of your customers also provide transit services for smaller networks, the task is more difficult. How does one determine who are the customers of one's customers and so on? To help with this task, there is a special IRR object - "as-set". This object is a list of ASNs or other "as-sets" that defines a customer cone of a particular AS. However, when it comes to RPKI, there is no way for an operator to assert the routes for its customer networks, making it difficult to use the information carried by RPKI to create meaningful prefix filters without relying on RPSL "as-sets". The Internet Draft "RPKI Autonomous Systems Cones: A Profile To Define Sets of Autonomous Systems Numbers To Facilitate BGP Filtering" tries to fix that problem by introducing a new attestation object, called an AS-Cone.  An AS-Cone is a digitally signed object with the goal of enabling operators to define a set of customers that can be considered transit customer networks, thereby facilitating the construction of prefix filters for a given ASN and making routing more secure. By leveraging RPKI, AS-Cone also addresses two fundamental problems with the RPSL "as-set":

• the same AS-SET name can exist in multiple IRRs,
• a relying party does not know which "as-set" belongs to which ASN, and which as-set to use.

Validating AS-PATH without BGPsec

The Border Gateway Protocol (BGP) was designed with no mechanisms to validate BGP attributes. The ability to manipulate one of them - AS_PATH - creates one of the more serious vulnerabilities of the Internet routing system. BGPsec was designed to solve the problem of AS_PATH correctness. But according to the authors of a new Internet Draft, "Verification of AS_PATH Using the Resource Certificate Public Key Infrastructure and Autonomous System Provider Authorization", even leaving aside its complexity, its backward compatibility with 'insecure' BGP allows an attacker to mount a downgrade attack to nullify all the work of AS_PATH signing. The authors suggest a more pragmatic approach that can help leveraging the benefits of RPKI without the need for the ubiquitous deployment of BGPsec. The idea is that any AS can declare its upstream providers and peers - the networks that can propagate its prefix announcements. The more networks do that - the more chances to detect misconfigurations (malicious or not). The draft defines the semantics of Autonomous System Provider Authorization (ASPA) objects that should become part of RPKI. ASPAs are digitally signed objects that bind a in a selected AFI Provider AS number to a Customer AS number (in terms of BGP announcements, not business), and are signed by the holder of the Customer AS.  An ASPA attests that a Customer AS holder (CAS) has authorized a particular Provider AS (PAS) to propagate the Customer's IPv4/IPv6 announcements, e.g. to the Provider's upstream providers or peers.

Using blockchain to secure IP addresses allocation, delegation and bindings

While RPKI technology offers the significant benefits of cryptographically secured authentication and authorisation of ownership of Internet number resources (IP address blocks and AS numbers), aligned with the distribution hierarchy of Internet number resources, it has also raised some concerns. The concerns are mostly related to centralization of routing authority and creating single points of failure, or even kill switches, represented by the  RIRs and IANA. A technology that can facilitate building cryptographically strong and credible ledgers, without relying on a hierarchical system, is blockchain. Can it be applied in this case? The Internet Draft, "An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings", looks at how blockchain technology can be used to secure the allocation, delegation, and binding to topological information of the IP address space.  The main outcomes of the analysis are that blockchain is suitable in environments with multiple distrusting parties and that Proof of Stake is a potential candidate for a consensus algorithm. However, several questions remain open, such as the balance of power between providers and customers, enforcement of RIR policies, incentives for adoption or deployment cost. As you can see, the meeting in Montreal is certainly going to be full of interesting discussions in the area of Internet infrastructure resilience, and will hopefully lead to some important work, specifications and improvements to the fabric of the network that we all depend on for so much.

Related Working Groups at IETF 102

SIDROPS (SIDR Operations) WG Agenda: https://datatracker.ietf.org/meeting/102/agenda/sidrops/ Charter: https://datatracker.ietf.org/wg/sidrops/charter/ GROW (Global Routing Operations) WG Agenda: https://datatracker.ietf.org/meeting/102/agenda/grow/ Charter: https://datatracker.ietf.org/wg/grow/charter/ IDR (Inter-Domain Routing) WG Agenda: https://datatracker.ietf.org/meeting/102/agenda/idr/ Charter: https://datatracker.ietf.org/wg/idr/charter/ DOTS (DDoS Open Threat Signaling) WG Agenda: https://datatracker.ietf.org/meeting/102/agenda/dots/ Charter: https://datatracker.ietf.org/wg/dots/charter/

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.]]> 2887 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102-internet-of-things/ Wed, 11 Jul 2018 10:37:42 +0000 https://www.ietfjournal.org/?p=2895 IETF 102 meeting in Montreal. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance (OTA, which became an Internet Society Initiative in April 2017) IoT page for more details about many of these topics. The IETF Hackathon, held on the weekend preceding the main IETF meeting (July 14-15), includes projects directly related to IoT, with the possibility of more being added. More information is on the Hackathon wiki. Projects of interest include those relating to:

• Software Updates for Internet of Things (suit)
• Authentication and Authorization for Constrained Environments (ace)
• IPv6 over Low Power Wide-Area Networks (lpwan)
• Work on IoT Semantic / Hypermedia Interoperability (WISHI)

The Thing-to-Thing Research Group (T2TRG) investigates open research issues towards turning the IoT into reality. The research group will be meeting on Thursday afternoon in Montreal to report out on their recent activities. Their summary meeting agenda can be found here. As in the past, full details and latest info on their activities can be found in GitHub. Of particular note is the recent update of a key draft document: State-of-the-Art and Challenges for the Internet of Things Security. Two recently chartered IoT-related working groups met for the first time as working groups at the last IETF meeting in March, and are tackling very serious problems. I am very pleased to see these moving forward:

• Trusted Execution Environment Provisioning (TEEP) is working on standardizing protocols for provisioning applications into secure areas of computer processors.
• Software Updates for Internet of Things (SUIT) is working on mechanisms for securely updating the firmware in IoT devices.

I would like to draw your attention to two recently initiated activities:

• Application Transport LAyer Security (ATLAS) - relating to the re-use of TLS handshaking protocols at the application layer for establishing keying material to protect application data. At the time of this writing, this is the latest version of the proposed charter. Although there will not be a BoF at this IETF meeting, there may be a side meeting convened. If you are interested, keep an eye on the mailing list by either subscribing or reviewing the archive.
• Entity Attestation Token (EAT) – working on an attestation token to prove provenance and characteristics about an end client device, node or entity to a server or service. See this draft outlining the initial proposal. As with ATLAS, there is no BoF scheduled, but there may be a side meeting. If you are interested, keep an eye on the mailing list by either subscribing or reviewing the archive.

In this edition of the Rough Guide I would like to highlight some recent work in SUIT, addressing hash-based signatures. (Description courtesy Russ Housley) Today, RSA is often used to digitally sign software updates. In preparation for a day when RSA, DSA, and ECDSA cannot be depended upon, a digital signature algorithm is needed that will remain secure even if there are significant cryptoanalytic advances or a large-scale quantum computer is invented. The hash-based digital signature algorithm specified in [HASHSIG] is one such algorithm. The use of hash-based signatures to protect software update distribution will allow the deployment of software that implements new cryptosystems even if such advances break current digital signature mechanisms. [HASHSIG] specifies the conventions for using the Leighton-Micali Signature (LMS) algorithm, and it is in the final stages of approval in the IRTF CFRG. [HASHSIG-COSE] specifies the conventions for these digital signatures with the CBOR Object Signing and Encryption (COSE) [RFC8152] syntax. The LMS algorithm is one form of hash-based digital signature; it can only be used for a fixed number of signatures. The LMS algorithm uses small private and public keys, and it has low computational cost; however, the signatures are quite large. The mechanism has broader applicability than SUIT, so a home that supports the broader perspective is desirable.

Ongoing work includes:

• The Constrained RESTful Environments (core) WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups.
• The IPv6 over Networks of Resource-constrained Nodes (6lo) WG will be meeting on Tuesday afternoon, and focuses on the work that facilitates IPv6 connectivity over constrained node networks.
• The IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) WG was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks.
• The Home Networking (homenet) WG focuses on the evolving networking technology within and among relatively small "residential home" networks. For example, an obvious trend in home networking is the proliferation of networking technology in an increasingly broad range and number of devices.
• The IPv6 over Low Power Wide-Area Networks (lpwan) WG - typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands.
• The IP Wireless Access in Vehicular Environments (ipwave) WG has as its primary deliverable a specification for mechanisms to transmit IPv6 datagrams over IEEE 802.11-OCB mode.
• The Authentication and Authorization for Constrained Environments (ace) WG, as its name suggests, is concerned with authentication and authorization mechanisms in constrained environments, where network nodes are limited in CPU, memory and power. This is a critical issue for IoT.
• Routing for IoT is tackled by the Routing Over Low power and Lossy networks (roll) WG which focuses on routing protocols for constrained-node networks.
• In addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WG is developing such documents.

MUD

I also want to (again) point you to "Manufacturer Usage Description Specification" (MUD) which was developed in the Operations and Management Area Working Group (opsawg). MUD holds significant promise, and I am pleased to see that it is gaining some serious traction: The Internet Engineering Steering Group (IESG) recently approved it as a proposed standard. From the abstract: This memo specifies a component-based architecture for manufacturer usage descriptions (MUD). The goal of MUD is to provide a means for Things to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects. Eliot Lear, one of the MUD authors, has written a great article about it for the IETF Journal: Managing the Internet of Things – It’s All About Scaling. As I have noted in previous IoT Rough Guides, MUD also plays a significant role in the project – Mitigating IoT-Based Automated Distributed Threats – being developed by the US National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). If you have an interest in how the IoT is developing and being standardized in the IETF, I hope to see you in person or online at some of these meetings during IETF 102. (Note that If you know you will be unable to travel to the meeting and would like to participate remotely, you must register as a remote participant. There is currently no fee to be a remote participant at an IETF meeting but registration is required. If you do not want to register, you may opt to listen to the live audio stream of the sessions instead.) Schedule and locations subject to change. Please refer to the online agenda to confirm. All times Montreal Time: EDT (UTC-4) 6LO (IPv6 over Networks of Resource-constrained Nodes) WG Tuesday, 17-July 2018, 13:30-15:30, Duluth Meeting Room Agenda/Materials Documents Charter 6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG Wednesday, 18-July 2018, 13:30-15:00, Duluth Meeting Room Agenda/Materials Documents Charter ACE (Authentication and Authorization for Constrained Environments) WG Monday, 16 July 2018, 09:30-12:00, Viger Meeting Room Agenda/Materials Documents Charter CORE (Constrained RESTful Environments) WG Monday, 16 July 2018, 15:50-17:50, Duluth Meeting Room Thursday, 19 July 2018, 18:10-19:10, Van Horne meeting room Agenda/Materials Documents Charter HOMENET (Home Networking) WG Wednesday, 18-July 2018, 15:20-16:50, Centre Ville Meeting Room Agenda/Materials Documents Charter IPWAVE (IP Wireless Access in Vehicular Environments) WG Monday, 16 July 2018, 13:30-15:30, Laurier Meeting Room Agenda/Materials Documents Charter LPWAN (IPv6 over Low Power Wide-Area Networks) WG Thursday, 19 July 2018, 09:30-12:00, Centre Ville Meeting Room Agenda/Materials Documents Charter LWIG (Light-Weight Implementation Guidance) WG Friday, 20 July 2018, 11:50-13:20, Duluth Meeting Room Agenda/Materials Documents Charter OPSAWG (Operations and Management Area) WG Tuesday, 17 July 2018, 15:50-18:20, Blenheim meeting room Agenda/Materials Documents Charter ROLL (Routing Over Low power and Lossy networks) WG Tuesday, 17 July 2018, 09:30-12:00, Duluth Meeting Room Agenda/Materials Documents Charter SUIT (Software Updates for Internet of Things) WG Wednesday, 18 July 2018, 09:30-12:00, Duluth Meeting Room Agenda/Materials Documents Charter T2TRG (Thing-to-Thing) RG Thursday, 19 July 2018, 15:50-17:50, Laurier meeting room Agenda/Materials Documents Charter TEEP (Trusted Execution Environment Provisioning) WG Monday, 16 July 2018, 13:30-15:30, Viger Meeting Room Agenda/Materials Documents Charter

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.]]> 2895 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102-ipv6/ Thu, 12 Jul 2018 11:10:53 +0000 https://www.ietfjournal.org/?p=2902 Internet-of-Things. The IPv6 Maintenance (6man) Working Group is a key group and it will be meeting on Monday morning. It hasn’t published any RFCs since the last meeting, but has six new drafts up for discussion covering IPv6 Neighbor Discovery Extensions for Prefix Delegation, IPv6 VPNs, ICMPv6, OAM in Segment Routing Networks with an IPv6 Data plane, allowing low or zero valid lifetimes to be accepted in Router Advertisement Prefix Information Options where it’s known that there can only be one router on the link; as well as introducing a new IPv6 ‘unrecognised’ option for ICMPv6 that conveys whether an underlying network can transmit IPv6 packets. There are also three working group sponsored drafts, adopted from the last meeting. Privacy Extensions for Stateless Address Autoconfiguration in IPv6 describes an extension that causes nodes to generate global scope addresses from interface identifiers that change over time; IPv6 Segment Routing Header specifies how a node can steer a packet through a controlled set of instructions (segments) by prepending an SR header to the packet; whilst IPv6 Router Advertisement IPv6-Only Flag is an update to RFC 5175 that indicates to hosts that a link is IPv6-only. On Monday afternoon, the IP Wireless Access in Vehicular Environments (ipwave) Working Group will also be meeting. This group has yet to publish its agenda, but has recently updated the specification for transmitting IPv6 Packets over IEEE 802.11 Networks in Vehiclar communications; and has been defining the use cases for IP-based vehicular networks. Two new drafts have also been published since the last meeting relating to DNS Name Autoconfiguration for Internet of Things Devices and IPv6 Neighbor Discovery for Prefix and Service Discovery in Vehicular Networks. There are two IPv6-related working groups on Tuesday. The Routing Over Low Power and Lossy Networks (roll) Working Group focuses on IPv6 routing issues for these networks and has published three RFCs since its last meeting. This includes an applicability statement for battery-powered remote metering devices and two others relating to routing headers and multicast parameters. There’s also a new draft on route discovery for symmetric and asymmetric Point-to-Point traffic flows. The IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group has a busy agenda with the IPv6 Backbone Router draft being prepared for a Working Group Last Call. There will also be an update regarding IESG review of the proposed revisions of RFCs 6550 and 6775 where 6LoWPAN Neighbor Discovery nodes in an RPL domain do not participate in the routing protocol, and a review of security considerations for Address Protected Neighbor Discovery that protects the owner of an address against address theft and impersonation inside a low-power and lossy network. Other drafts up for discussion include Design Considerations for Low-Power Networks to provide guidelines for improving interoperability, IPv6 over Power-Line Communication Networks, and on enabling IPv6 mesh networks over Bluetooth. Moving ahead to Wednesday afternoon, the IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group has an extremely busy agenda. The 6top protocol that enables distributed scheduling is now aiming for IETF Last Call, whilst the IESG feedback on the security functionality will be discussed. Two other drafts are also aiming for Working Group adoption including a description of a scheduling function that defines the behavior of a node when joining a network and a mechanism for carrying important information in infrequent network broadcasts. Another new draft defines a secure joining mechanism for enrolling devices into an 802.15.4 TSG network using 6TiSCH signalling methods. The Homenet (homenet) Working Group is being held during late Wednesday afternoon. It recently published RFC 8375 which relates to the special use domain ‘home.arpa’, and the group will continue to discuss the Homenet profile of the Babel routing protocol. There are two updated drafts on the agenda, relating to third party provisioning of naming services for home networks and defining DHCPv6 options so that naming services can be outsourced. Thursday morning sees the meeting of the Low Power Wide-Area Networks (lpwan) Working Group. This group recently published RFC 8376 which provides an informational overview of LPWAN technologies in order to perform a gap analysis. There will be a discussion relating to the Working Group Last Call on the Static Context Header Compression (SCHC) framework, which provides both header compression and fragmentation functionalities; and on how to advance the LPWAN Static Context Header Compression (SCHC) for CoAP specification. Two other drafts are being presented for adoption by the Working Group relating to SCHC specifications (see https://tools.ietf.org/html/draft-petrov-lpwan-ipv6-schc-over-lorawan-02 and https://tools.ietf.org/html/draft-zuniga-lpwan-schc-over-sigfox-03). Last, but very much not least, the IPv6 Operations (v6ops) Working Group will be meeting on both the Thursday afternoon and Friday morning. It’ll kick-off with a presentation on World IPv6 Trends from APNIC Labs who are one of the organisations tracking IPv6 deployment. There’s then one new draft up for discussion on NAT64/464XLAT Deployment Guidelines in Operator and Enterprise Networks which describes considerations with respect to applications or devices using literal IPv4 addresses or non-IPv6 compliant APIs, as well as IPv4-only hosts on an IPv6-only network. There are also four existing drafts to be discussed. Requirements for IPv6 Routers defines a set of recommendations for routers, switches, and middleboxes deployed in IPv6 networks; Requirements for IPv6 Customer Edge Routers to Support IPv4 Connectivity as-a-Service extends RFC 7084 in order to allow the provisioning of IPv6 transition services for the support of IPv4 as a Service (IPv4aaS) by means of new mechanisms that were not available when RFC 7084 was published; Multi-Addressing Considerations for IPv6 Prefix Delegation considers prefix delegation considerations for both classic routing and various multi-addressing use cases; whilst IP over Ethernet (IPoE) Session Health Checking describes a mechanism for IP over Ethernet clients to achieve connectivity validation using PPP-style keepalives such as BFD Echo, or ARP and Neighbor Discovery functions. At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe. You can also check out the Deploy360 online resources for getting started with IPv6 deployment. And you can read more about other topics of interest to the technology programmes of the Internet Society in the rest of our Rough Guide to IETF 102 posts.

IPv6-related Working Groups at IETF 102:

6MAN (IPv6 Maintenance) WG Monday, 16 July 2018 @ 09.30-12.00 UTC-4, Laurier Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-6man/ Documents: https://datatracker.ietf.org/wg/6man/documents/ Charter: https://datatracker.ietf.org/wg/6man/charter/ IPWAVE (IP Wireless Access in Vehicular Environments) WG Monday, 16 July 2018 13.30-15.30 UTC-4, Laurier Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-ipwave/ Documents: https://datatracker.ietf.org/wg/ipwave/documents/ Charter: https://datatracker.ietf.org/wg/ipwave/documents/ ROLL (Routing Over Low power and Lossy networks) WG Tuesday, 17 July 2018  09.30-12.00 UTC-4, Duluth Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-roll/ Documents: https://datatracker.ietf.org/wg/roll/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-roll/ 6LO (IPv6 over Networks of Resource Constrained Nodes) WG Tuesday, 17 July 2018  13.30-15.30 UTC-4, Duluth Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-6lo/ Documents: https://datatracker.ietf.org/wg/6lo/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/ 6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG Wednesday, 18 July 2018 13.30-15.00 UTC-4, Duluth Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-6tisch/ Documents: https://datatracker.ietf.org/wg/6tisch/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/ Homenet (Home Networking) WG Wednesday, 18 July 2018 15.20-16.50 UTC-4, Centre Ville Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-homenet/ Documents: https://datatracker.ietf.org/wg/homenet/documents/ Charter: https://datatracker.ietf.org/wg/homenet/charter/ LPWAN (IPv6 over Low Power Wide-Area Networks) WG Thursday, 19 July 2018 09.30-12.00 UTC-4, Centre Ville Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-lpwan/ Documents: https://datatracker.ietf.org/wg/lpwan/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/ V6OPS (IPv6 Operations) Working Group Thursday 19 July 2018 13.30-15.30 UTC-4, Laurier & Friday, 20 July 2018 09.30-11.30 UTC-4, Place du Canada Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-v6ops/ Documents: https://datatracker.ietf.org/wg/v6ops/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.]]> 2902 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-102-dnssec-dns-security-and-privacy/ Fri, 13 Jul 2018 19:20:45 +0000 https://www.ietfjournal.org/?p=2926 Rough Guide to IETF 102, here’s a quick view on what’s happening in the world of DNS. Given that IETF 102 is in Montreal, Canada, all times below are Eastern Daylight Time (EDT), which is UTC-4.

IETF 102 Hackathon

The “DNS team” has become a regular feature of the IETF Hackathons and the Montreal meeting is no different. The IETF 102 Hackathon wiki outlines the work that will start tomorrow (scroll down to see it). Major security/privacy projects include:

• Implementing a part of draft-bortzmeyer-dprive-resolver-to-auth
• Setting up and measuring leakage avoidance using root loopback at privacy server
• Oblivious DNS
• Proof of concept of the Multi-Provider DNSSEC draft.

Anyone is welcome to join the DNS team for part or all of that event.

DNS Operations (DNSOP)

The DNS sessions at IETF 102 start on Wednesday morning from 9:30am - 12noon with the DNS Operations (DNSOP) Working Group. Paul Wouters and Ondrej Sury will be speaking about "Algorithm Implementation Requirements and Usage Guidance for DNSSEC", where they will be offering updated guidance around what cryptographic algorithms should be used for different aspects of DNSSEC.  Shumon Huque will be bringing the latest updates to draft-huque-dnsop-multi-provider-dnssec, exploring how to deploy DNSSEC in environments where multiple DNS providers are in use. Paul Wouters will also bring a new draft, draft-pwouters-powerbind, which introduces a new flag for DNSSEC keys that can address a potential attack. Given the critical role DNS plays, the DNSOP agenda has many other drafts up for discussion and action. The DNSOP working group also has a second meeting block on Thursday from 18:10-19:10.

DNS PRIVate Exchange (DPRIVE)

The DPRIVE working group meets Wednesday afternoon from 13:30-15:00 EDT.  As shown on the agenda, there will be three major blocks of discussion. After some initial discussion of current work on existing DNS privacy policies, there will be a larger discussion about some new work called "Oblivious DNS" that aims to make DNS privacy protection even stronger. This work originated in a paper at Princeton University - https://odns.cs.princeton.edu/ - and now is captured in draft-annee-dprive-oblivious-dns. It should be quite an interesting discussion! The third major area will continue discussion about how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain.  This is work outside the current  DPRIVE Working Group charter and so the group will be discussing whether to ask to expand their mandate to cover this new work.

Extensions for Scalable DNS Service Discovery (DNSSD)

Privacy will also get attention at the DNSSD Working Group on Thursday morning from 9:30-12:00 EDT.  DNSSD focuses on how to make device discovery easier across multiple networks. For instance, helping you find available printers on not just your own network, but also on other networks to which your network is connected. However in doing so the current mechanisms expose a great deal of information. The agenda allocates 65 minutes to Christian Huitema to guide a discussion around the way forward. Drafts under discussion include:

• draft-ietf-dnssd-privacy (Privacy Extensions)
• draft-huitema-dnssd-prireq (Privacy and Security Requirements)
• draft-huitema-dnssd-privacyscaling (Privacy Scaling Tradeoffs)
• draft-ietf-dnssd-pairing (Short Authentication Strings)
• draft-ietf-dnssd-pairing-info (Pairing Design Issues)

There are other drafts under discussion at DNSSD, but these are the ones probably most of interest to readers of this article.

DNS Resolver Identification and Use (DRIU)

IETF 102 will feature a number of Birds-of-a-Feather (BOF) sessions, and one in particular relates to DNS security. The quick description is: The IETF has added additional methods for DNS stub resolvers to get to recursive resolvers (notably DNS-over-TLS, RFC 7858), and is about to add another (DNS-over-HTTPS, from the DOH Working Group). As these have been developed, questions have been raised about how to identify these resolvers from protocols such as DHCP and DHCPv6, what the security properties these transports have in various configurations (such as between strict security and opportunistic security), and what it means for a user who has multiple resolvers configured when the elements of the configured set have different transports and security properties. The DRIU session will be on Thursday from 15:50-17:50, right before the second DNSOP session (although in a different room).

Operational Security Capabilities for IP Network Infrastructure

In the very last slot on Friday afternoon from 11:50-13:20, the OPSEC working group will feature Benno Overeinder speaking about "Recommendations for DNS Privacy Service Operators". This document outlines things DNS operators should thing about when considering offering "DNS privacy" services. It builds on the work coming out of the DPRIVE working group and the experience gained from the IETF Hackathon and the real-world deployment of these new protocols.

DNSSEC Coordination informal breakfast meeting

As a final note, on Friday morning before the sessions start we are planning an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. True to the “informal” nature, we’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

DANE and DNSSEC will also appear in the TLS Working Group’s Monday meeting. The draft-ietf-tls-dnssec-chain-extension will be presented as a potential way to make DANE work faster by allowing both DANE and DNSSEC records to be transmitted in a single exchange, thus reducing the time involved with DANE transactions. Given the key role DNS plays in the Internet in general, you can also expect DNS to appear in other groups throughout the week. P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

• http://www.internetsociety.org/deploy360/dnssec/
• http://www.internetsociety.org/deploy360/resources/dane/

Relevant Working Groups at IETF 102:

DNSOP (DNS Operations) WG Wednesday, 18 July 2018, 9:30-12:00 EDT, Laurier Thursday, 19 July 2018, 18:10-19:10 EDT, Place du Canada Agenda: https://datatracker.ietf.org/meeting/102/agenda/dnsop/ Documents: https://datatracker.ietf.org/wg/dnsop/ Charter: http://tools.ietf.org/wg/dnsop/charters/ DPRIVE (DNS PRIVate Exchange) WG Wednesday, 18 July 2018, 13:30-15:00 EDT, Place du Canada Agenda: https://datatracker.ietf.org/meeting/102/agenda/dprive/ Documents: https://datatracker.ietf.org/wg/dprive/ Charter: http://tools.ietf.org/wg/dprive/charters/ DNSSD (Extensions for Scalable DNS Service Discovery) WG Thursday, 19 July 2018, 9:30-12:00 EDT, Duluth Agenda: https://datatracker.ietf.org/meeting/102/agenda/dnssd/ Documents: https://datatracker.ietf.org/wg/dnssd/ Charter: http://tools.ietf.org/wg/dnssd/charters/ DRIU (DNS Resolver Identification and Use) BOF Thursday, 19 July 2018, 15:50-17:50 EDT, Viger Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-driu OPSEC (Operational Security Capabilities for IP Network Infrastructure) WG Friday, 20 July 2018, 11:50-13:20 EDT, Viger Agenda: https://datatracker.ietf.org/meeting/102/agenda/opsec/ Documents: https://datatracker.ietf.org/wg/opsec/ Charter: http://tools.ietf.org/wg/doh/charters/

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.]]> 2926 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/running-code-for-the-win-at-ietf-hackathon-in-montreal/ Tue, 21 Aug 2018 12:54:12 +0000 https://www.ietfjournal.org/?p=2935 All three events featured incredible dedication, inspired performances, and fantastic results. However, at the IETF Hackathon, competition is pushed to the sidelines as participants collaborate on shared goals: • Advance pace and relevance of IETF standards – Bring speed and collaborative spirit of open source software into the IETF – Flush out ideas, feed findings into working groups sessions – Produce sample code/implementations and utilities • Attract developers, and new people in general to IETF – Match young, talented developers with IETF veterans – Engage universities The IETF Hackathon, which ran over the July 14-15 weekend, kicked off a full week of activities to make the internet better, faster, and more secure. A record number of participants, 227 on site and 41 remote, worked tirelessly on 25 projects. More important is the positive impact on existing and evolving internet standards. Lessons learned from implementing draft proposals were fed back into their corresponding working group sessions held later in the week, validating approaches in some cases and guiding course corrections in others. Newcomers to the IETF made new friends and became valued contributors to the standards process. Heated arguments and strong differences of opinion that often occur when debating exact wording of technical specifications gave way to teamwork and cooperation as competitors in the market worked side by side to iron out bugs and interoperability issues. Running code has a way of bringing clarity and common understanding to complex subjects that is often elusive when described merely in words. IETF Hackathons are free and open to everyone. Work revolves around a set of projects. Each project is proposed and led by one of more volunteers, also known as “champions.” willing to lead work related to newly proposed, evolving, or existing IETF standards. It is these champions that truly define the IETF Hackathon. They deserve much of the credit for its success. Anyone can be a champion, and any project is welcome provided it has ties to existing or future IETF work. The projects for IETF 102 were:  QUIC  LPWAN CoAP/UDP/IPv6 SCHC compression and fragmentation  DNSSD extensions for multi-link networks  DNS/DNSSEC/DNS Privacy  YANG/NETCONF/RESTCONF  MEF EVC Service YANG Models in Unimgr Project of OpenDaylight  RIFT LIEs  Network Time Security (NTS) JSON Meta Application Protocol (JMAP)  Security Automation and Continuous Monitoring (SACM)  Control Plane and User Plane Separation BNG control channel Protocol (CUSP)  Authentication and Authorization for Constrained Environments (ACE)  WISHI (Work on IoT Semantic / Hypermedia Interoperability)  Limited Usage of Remote Keys (LURK)  TLS 1.3  Software Update for IoT (SUIT)  HTTP error code 451  Human Rights Review Team  MLS implementations  DOTS Interop  Interface to Network Security Functions (I2NSF) Framework  Scalable, Privacy-preserving In-Network (SPIN Bit) Measurement  YANG/CoMI  NETVC  PERC Following a brief kickoff presentation Saturday morning, participants formed into teams and got to work. It is not uncommon for participants to work on multiple projects and for teams to work together on newly discovered areas of common interest. This level of cooperation and knowledge transfer is an important benefit of the hackathon. The increased awareness and the personal relationships established over the course of the weekend are as valuable as the code that gets written. These newly established connections are not limited to people in different IETF working groups. In many cases, they involve people from open source communities, other standards organizations, and local universities. The NetDev community held Netdev 0x12 in the days leading up to the hackathon, and members of the NetDev and IETF communities benefited from getting to know each other and working together. These two communities are already planning to come together again in March 2019 at IETF 104 in Prague. DevNet Sandboxes and dCloud labs were available to provide network resources for use in various projects. Also, DevNet learning labs on model driven network programmability were access by a number of hackathon participants. The IETF Hackathon is not an all-night affair. The doors close at 10pm Saturday to encourage participants to take a break and get some sleep. They return at 8:30am Sunday as soon as the doors open and the coffee arrives. Teams worked hard, but it is important to have fun too. Running code and internet standards are not the only things of interest this day. When not needed for hackathon purposes, the large screen in the room was repurposed to show the end of the Tour de France stage followed by the World Cup final. The sound was muted so as to not be too distracting. Following the conclusion of the game, all attention went back to the tasks at hand. This continued until 2pm, when coding stopped and sharing of results began. Each team delivered a brief presentation, 3 minutes or less, sharing what they achieved, lessons learned, and feedback they would bring back to relevant working groups to guide and accelerate corresponding standardization efforts. Following the presentations, participants voted for the project they thought best met the spirit and goals of the hackathon. The winning teams were:

• DNS/DNSSEC/DNS Privacy, with projects tackling real operational issues and improving DNS privacy (see presentation).
• Privacy Enhanced Video Conferencing (PERC), which created a Go module implementing a minimal subset of the PERC architecture for secure conferencing (see presentation).
• Software Update for IoT (SUIT), which implemented manifest parsing on different microcontrollers (see presentation).

The close of the Hackathon did not mark the end of efforts involving running code. Throughout the week, software development and experimentation continued in the Code Lounge, a portion of the IETF Lounge designated for ongoing work on hackathon and other projects. Monday night featured a happy hour in which hackathon teams had the opportunity to demo their projects to the rest of the IETF community. The following teams took advantage of this opportunity:

• Interface to Network Security Functions (I2NSF) Framework
• MEF EVC Service YANG Models in Unimgr Project of OpenDaylight

Both projects featured standards combined with open source projects for mutual benefit of their respective communities. The IETF Hackathon has become an indispensable part of the IETF meeting week. Special thanks to the IETF and all its financial supporters for directing the necessary funds to secure the space and cover expenses associated with running an event of this size. Thank you as well to Cisco DevNet, NBC Universal, and Juniper for providing additional support to the Hackathon. Sponsors for future hackathons are actively being sought. If interested, please contact Ken Boyden. The next IETF Hackathon will be in at IETF 103 in Bangkok, November 3-4. Information on all IETF Hackathons, including photos, recordings, and project presentations can be found at the IETF 102 Hackathon wiki. Subscribe to the hackathon mailing list to keep up on the latest announcements and discussions. We hope you will join us in Bangkok as we continue our work to improve the Internet. Cisco DevNet sponsors and/or contributes technical speakers for technical workshops, hackathons, and events worldwide. You can find a schedule of past and upcoming events here. This article was originally published on the Cisco Developer Blog. All images are ©Stonehouse Photographic/ Internet Society. ]]> 2935 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/ietf-102-an-update-on-securing-bgp/ Wed, 29 Aug 2018 12:37:06 +0000 https://www.ietfjournal.org/?p=2940 Excerpt from a Fred Baker and Dave Meyer presentation on “Global Routing Issues”, Cisco, 1999. Some twenty years later we are still working on securing the routing system. In this post, I’d like to look through some items that have come up during the 102nd meeting of the Internet Engineering Task Force (IETF) and try to place these items into some bigger context of routing security.

A potted history of securing BGP

Before we start, it might help to give at least a rapid-fire summary of what has happened along this path to a secure routing system for the Internet. A very early step along this path was the whois registry that was operated by the network registry of that time, InterNIC. You may not have understood why something odd was happening in the routing system, but if the network was still working you could use a really simple query protocol and get the identity of the operator of a domain name, an IP address or Autonomous System Number (ASN), and maybe even a telephone number! It may not have stopped various forms of fat finger slip-ups or various deliberate efforts to subvert the routing system but at least you could call someone who was listed in the whois database as being associated with the IP address. The next major development was that of the use of Route Registries and the associated Routing Policy Specification Language (RPSL). This was an outcome of the routing arbiter projects of the early ’90s. This allows a query agent to look up an IP address prefix and retrieve the routing policy intent of the address owner. RPSL is a formal language that is intended to be machine parsed, and one objective was that network operators could use this route registry information to construct filters that admitted only what the address-originating network operator had said they intended and deny all else. This model allows a network operator to define their routing practices in advance and then allow others to link to these registries and automatically filter what is actually advertised to ensure that it remains consistent with their stated intentions. Route Registries are still around today, and have been very useful in many ways, but they are by no means a panacea. These days there are many, probably too many, routing registries and the sum of all information contained in them can be mutually inconsistent, which leads to considerable confusion. There is no clear authority model that would allow a registry client to determine what data can be trusted, and little in the way of active curation of the routing data to ensure that it is current, consistent, and useful. It appears that routing registries look like a very sensible approach in theory, and they have worked effectively within certain communities. However, these are isolated successes, and it appears that our more general experience has been relatively uninspiring so far. There have been a number of efforts concentrated on securing the BGP routing protocol. BGP used unencrypted TCP sessions and was vulnerable to man-in-the-middle attacks. Securing these sessions prevents efforts to tamper with the BGP information in flight. Of course, part of the issue here is that within the 62,000 networks that collectively comprise the Internet, it would be unreasonable to claim that all of these networks are eminently trustworthy. If a hostile actor can control a BGP speaker then it is possible to inject falsified information into the routing system despite channel protection. So, it appears that while protecting the channel is a good move, it’s just not enough, and we need to look at measures that can protect the routing content as well. One of the ways we can protect the integrity of the routing content is to use cryptographically signed attestations in routing. Protecting BGP updates with digital signatures allows a BGP speaker to make a judgement as to whether a received advertisement represents the original intent of the owner of the advertised address block and that there has been no untoward tampering of the routing information while it has propagated over the inter-AS routing space. The underlying approach binds cryptographic keys to address blocks in a robust manner (using X.509 public key certificates in a simple hierarchy) and uses these keys to sign a digital contract to permit the advertisement of the prefix. A Resource Public Key Infrastructure (RPKI) allows these digital signatures to be validated, and the RPKI itself binds a holder of a key to the role of controller of an allocated IP address. Origination information can be digitally signed by the address holder as a proof of authority, and this can be coupled with a means of signing over the AS Path attribute of a BGP update, so that a receiver of the update can derive some confidence that this part of the update has not been tampered with in any untoward manner. There have been a number of proposals that use systems other than X.509 certificates to bind the holder of a public key to the role of the controller of a block of IP addresses. Most recently we’ve seen some thoughts about applying blockchain technology to this space. A blockchain provides a means of associating a cryptographic key with an IP address block and wrapping it with a digital contract. The digital contract can be used to express a routing permission, and presumably, could also be used in some manner to carry information relating to an inter-AS routing relationship. Which just about brings us to the present with securing BGP.

What did we hear at IETF 102?

RPKI validation reconsidered

The first item is a rather obscure discussion about the way we could implement a change to the validation procedure for these RPKI certificates. Some years ago, it was proposed to make a change in the procedure used to check if an RPKI certificate was indeed valid. The change was intended to remove some of the brittleness of coordination of certificates between various parties and allow certificates to stray slightly from a strict encompassing relationship. I just can’t bring myself to spend too long in the details here, as they are less of an issue than the consequences. The way the change was adopted in the IETF standards was a change in the certificate identifying code — the object identifier (OID), such that these certificates that specify that they may be validated with the new validation algorithm are not backward compatible with the older certificates. With me so far? If we can’t mix and match these OIDs in a validation path, then we have a problem. Either every certificate gets published twice, once with the old OID and once with the new OID, which seems to be just crazy, or we have a ‘flag day’ and on that day the old OIDs are withdrawn and the certificates with the new OID are published. These days the concept of a flag day is about as popular as the plague. The Internet is just too big for a flag day for most things (think IPv4 to IPv6 transition) and while some are of the view that the RPKI user community is still small enough to contemplate a coordinated flag day, others were arguing that even this moment has passed, and a flag day will cause an unacceptable level of disruption. This seems a lot like getting stuck between a rock and a hard place. Doing nothing has its own drawbacks, as there are concerns that the existing framework is overly brittle. This is cited as a reason why some network operators are just not interested in deploying the solution. But if we cannot propagate changes to the RPKI that appear to improve its operational robustness, then the chances of widespread, indeed universal, deployment look slim. And why is this important? Because like many security systems, this system can only sign what is ‘good’. There is no ‘this is bad’ signature. In the absence of an explicit evil bit we rely on a more basic observation: if all the ‘good’ objects are validly signed then all else is therefore bad. Personally, I believe that it’s still very early days for the RPKI and arguing that we cannot make these changes to the system in these early days because of the existing deployed base is too large to change only strengthens the case that the RPKI’s ultimate fate is to be one more tombstone along a long and winding BGP security path. Cryptographic systems require operational care and precision and are harshly intolerant of any level of aberration. They require accurate time, proper key management, due attention to robust availability of published material and a readiness to react quickly and intelligently to the slings and arrows of the inevitable operational mishaps. Many operators see this entire exercise as one more area of operational fragility and are justifiably cautious of such systems. There is value in attempting to increase the robustness of these systems if we want the RPKI to have some chance of success.

ROA maxLength vulnerabilities

The entire package of BGP security had four components: a PKI of binding public keys to IP address blocks, a structure of the publication of these public key certificates in a distributed repository and the associated collection of this distributed data into a local complete corpus, signed attestations that authorize a network to advertise reachability for an IP address block and finally a method that allows routers to sign across the AS Path attribute of BGP update messages to protect the AS Path from tampering. This last component, namely the BGPSEC protocol, is the one that looks the most unlikely to be universally deployed at this point in time, yet the inability of the protocol to ‘bridge’ between islands of deployment does infer that it is only really useful if it is universally deployed! If the realistic prospect for this BGP security ‘package’ is partial deployment, then what can be salvaged from this that still has benefit even when only deployed on a piecemeal basis? One presentation in the Secure Inter-Domain Routing (SIDR) Operations Working Group looked at the use of Route Origin Authorizations (ROAs) and proposed a simple measure that would reduce vulnerability to some particular form of address hijack. In the early days of the development of the ROA, the ROA simply listed a collection of IP address prefixes and a collection of ASes that were authorized to originate routes for those addresses. In an envisaged world of universal deployment, any advertisement not described by a ROA was immediately suspect. However, the ROA semantics were altered to specify a single address prefix and add a ‘maxLength’ attribute. The semantics of this maxLength field were somewhat widespread, and best explained by example.

If an ROA contained ‘10.1.0.0/16, maxLength=24, AS 3’ then AS 3 was authorized to advertise 10.1.0.0/16 as an originated route. But as well, it could advertise any more specific address prefix up to a /24, so 10.1.1.0/24 was also valid, as was 10.1.2.0/20. But an ROA also has an implicit claim of what is invalid. Any advertisement of length more than maxLength was invalid, and any other AS originating these routes was invalid, unless of course another valid ROA described these advertisements.

All this looks quite reasonable until you think about a world there are only ROAs and there is no BGPSEC AS Path protection. How do you hijack a prefix? The easiest way is to advertise a more specific route.

Let’s now take the case where an address holder has minted a ‘10.1.0.0/16 maxLength=24, AS 3’ ROA but only advertises the /16. A BGP hijacker could advertise both 10.1.0.0/17, origin AS 3 and 10.1.128.0/17 with a faked origin AS 3 and the ROA would make these fake route advertisements look legitimate. The two covering more specifics span the aggregate, so all addresses are hijacked with this approach.

Obviously AS Path protection could prevent the faked insertion of the origin AS, but without AS  Path protection all that’s left is to warn ROA publishers not to be overly permissive with the maxLength field of ROAs. This will not stop a potential hijack of an address, but the attacker is then unable to claim the entire address by using more specific prefixes. Instead, the best an attacker can do is to perform a partial hijack based on route propagation and AS Path length preferences when the genuine and the hijack advertisements specify the same address prefix. Perhaps the ROA maxLength was, in retrospect, a very poor idea.

AS adjacency attestations

It seems uncomfortable to just give up on AS Path protection completely, and we are left wondering if we can salvage something from this. Back around 2000 there was a second proposal to secure BGP, namely secure origin BGP (soBGP). It was devised before the RPKI matured, so many aspects of its derivation of trust look somewhat weak in retrospect, but one aspect in particular still looks attractive today, namely the AS adjacency attestation. What if each network operator generated a set of AS adjacency attentions that enumerated all the ASes that their network had a routing relationship with? If all ASes did this, then a BGP speaker could test the AS Path of a received update against the collection of pairwise AS adjacencies and reject the update on the basis of a faked AS Path if there was an AS pair not described by an AS adjacency attestation. This implies that a potential BGP hijacker could only create a faked AS Path using existing attested AS adjacencies. In other words, the faked AS Path would be a plausible AS Path in the first place, and the freedom of a hijacker to invent synthetic shorter AS Paths that attract traffic through some man-in-the-middle is severely curtailed. This approach does not require BGP speakers to sign BGP update messages or validate them at the other end. Like ROA processing, the cryptographic component can be offloaded, and a set of AS Path constraints passed to BGP speakers as either a filter or a BGP black hole feed. However, universal deployment of such a mechanism is unlikely, so what is the benefit of partial deployment of AS adjacency attestations? If the condition is placed on AS holders that if they mint an AS adjacency attestation about one AS adjacency then they mint an attestation for all adjacent ASes, then this can be useful even in a partial adoption scenario. If a route hijack uses a forged AS Path then if the hijacker includes an attestation-publishing AS in its forged path, even as an originating AS, then it must also include one of the adjacent ASes as listed in the adjacency attestation. The higher the level of adoption of adjacency attestations the more challenging it is for an attacker to forge a plausible AS Path. This AS adjacency model was revived in an Internet draft back in 2010 but the work was abandoned at the time due to lack of interest. The SIDR Ops session at IETF 102 saw a further reprise of this work. This latest approach to AS pair adjacency attestation refines the earlier approach by defining only a single AS adjacency pair and removes the constraint of explicit enumeration of all an ASes’ adjacencies. The draft adds a policy component by defining the adjacencies described in this manner in a customer/provider relationship. It remains an open issue how much publication of routing policy information in BGP is sufficient and how much is too much, to the extent that it deters ASes from publishing any information at all. Whether or not policy is included, if the constraint of complete enumeration is retained then there is some value for an AS in publishing these adjacency attentions even in a partial deployment scenario. For those prefixes the AS originates, a potential hijacker has to not only use the same origin AS to satisfy the ROA constraints, it also has to include the first hop AS in the synthetic AS Path. If this first hop AS also publishes its attestations the attacker also has to include the second hop AS, and so on. An attacker cannot lie about the adjacencies of an AS if the AS has published these adjacencies.

soBGP

It has been an interesting exercise to compare the current state of SIDR with soBGP from about a decade ago. While SIDR Ops is ostensibly an operations working group it has been completely unable to resist the temptation to delve back into the architecture and protocols of secure routing systems and in so doing the work appears to be reproducing quite accurately all of the salient elements of soBGP. Parenthetically, it is somewhat disappointing to see this reuse of the earlier work without any due credit, as this seems entirely foreign to the IETF’s usual practices of careful attribution. But as we turn to soBGP as the way to salvage some viable means of securing the operation of BGP, I suppose the real question is why did we abandon soBGP before? If we are rediscovering its positive attributes can we also try and remember its negatives? As I recall, the argument at the time was one of the distinction between AS Path plausibility and AS Path provability. The soBGP protocol does not attempt to validate that the update actually traversed the path that is described by the AS Path attribute. It may be a synthetic path and soBGP cannot detect that. But what soBGP can reveal is whether the path, or elements of the path in partial deployment scenarios, is a plausible path. BGPSEC imposes a far stricter condition, namely that the update traversed the AS Path exactly as described in the AS Path attribute of the update. But this stricter provability condition is only available when every BGP speaker operates BGPSEC, when every eBGP router is provisioned with keys and every eBGP speaker signs announced routes and validates received updates. Perhaps we were seduced by the prospect of a highly automated secure system and it was only later that it became obvious that BGPSEC has too many deployment impediments and universal deployment (a prerequsite for BGPSEC) is simply unachievable. A revival of soBGP can make use of the RPKI and ROA infrastructure, and can provide a workable outcome by simply adding the component of AS adjacencies to the mix. Critically, partial deployment of AS adjacency attestations provides additional levels of assurance to the networks that publish these instruments, in that attempts to hijack prefixes originated by these ASes or use them in a forged AS Path attribute require the inclusion of adjacent ASes, further lengthening the AS Path length of the forged path and reducing the effectiveness of the attempted hijack.

Blockchain

These days blockchain has certainly achieved mania status and it seems that any researcher seeking funding is now obliged to add the magic word blockchain into the proposal, irrespective of the subject matter of the research itself! It comes as absolutely no surprise to see what we might call ‘BGPcoin’ appearing in this space as a potential response as to how to secure BGP. The essential characteristic of this approach is a distributed ledger that operates without a governing authority to manage the ledger. It is based on the formation of a consensus that is recorded in a public tamper-proof transaction log. Demonstration of control or ownership of a resource is based on the association of a description of the resource and the public key of the owner, placed into a block that is inside a Merkle chain. In the Decentralized Internet Infrastructure Research Group  (DINRG), a research group presented their take on this approach. One element they are using is a so-called ‘smart contract’, which represents a unilateral assertion that a public key holder owns an IP address block for the period of the contract. The contractual process engine draws an address prefix from the available address pool and enters it into the ledger. The entry is incorporated in a block of transactions, and the Merkle chain binds the contents of the block against the previous block in an immutable manner. The other element is the mapping of the BGPSEC ROA object, where a transaction is the association of an IP address prefix with an ASN. This particular blockchain approach replaces the address registry operators, the secure credential system of the RPKI and the attestations of the ROAs in the blockchain. Before we all head off in a wild mania of excitement that bitcoin technology solves everything, there are some downsides here that are unclear. If a party loses access to its private key or does not renew the address ownership contract it has no further access to this address, and if the address is being used in a network, then the network has to be renumbered. It is unclear to what extent the conventional registry contents of the description of the identity of the holding entity is incorporated into the ledger entry. Validation of individual ledger entries requires access to the entire blockchain, and bloating of this data set is a risk. The process of consensus is also fragile, and in other research work presentations at this meeting we heard of attack vectors that cause consensus to split and the blockchain to bifurcate. Without a central authority to rectify this situation it is unclear how the ledger is returned to a single collection. There is also the risk of takeover, in that if an attacker can control more than one half of the entities that actively form consensus of the block chain then it appears to be possible to subvert the ledger. As the Internet continues to grow, and as it assumes a central role in a global society driven by data and digital content, we naturally treat the network in a more conservative manner. Experimentation with some of these critical elements of the Internet, including the role of name and address registries, and experiments with novel approaches to secure these elements no longer excite a reaction of “let’s just try it out and see how it works”. These days we are far more critical of potential changes and we are far more conservative in our assessment of risk when we consider such experiments. With that in mind, these decentralized distributed systems have to demonstrate a greater level of robustness and acceptance prior to any form of adoption in the Internet.

The state of securing BGP

My intuition is that we are still quite comfortable with the existing human-operated central name and address registries, and it would take some crisis of confidence to adopt a completely different model. Given that consideration, it is likely that the RPKI will also persist for some time, and it looks likely that it may pick up greater levels of adoption across the Internet. However, prognostications about universal adoption remains far more challenging to phrase. It is also likely that ROAs are sufficiently useful to remain a part of the picture, but the prospects for BGPSEC are looking pretty poor. Of course, without some form of protection of the AS Path route hijacks are relatively easy to mount by simply including the ROA-specific origin in the attack. And with liberal use of maxLength in the ROA, more specific attacks will be effective. We are back to a question that was considered at length and without any conclusion by the earlier Routing Protocol Security Requirements (RPSEC) Working Group in the IETF some years ago. How can we protect the AS Path in BGP? Having tried and evidently failed with a relatively comprehensive approach in BGPSEC, it appears that we are back to the more pragmatic approach of soBGP and AS Path plausibility checks. The current proposal for AS adjacency that attempts to unite elements of routing policy with inter-AS topology may well be attempting to do too much. One area of consideration at this point in time is whether it would be better to maintain a clear distinction between the role of securing the topology part of BGP that maintains a view of the connected Internet at an AS level, and the role of securing the policy framework of routing that imposes a selective filter on routing information to determine how data paths are maintained within this topology. There is one thing we do know about the effort intended to secure the Internet’s distributed routing system. It’s taken some thirty years of study and experimentation without arriving at a clear and obvious solution because it is a very challenging problem. It would be nice to think that we are coalescing to a practical set of measures that create a pragmatic response to route hijacking. But if you think I’m being unduly optimistic in such a call, then I can understand that many commentators hold a more sceptical view of this effort. Irrespective of whether the work is coalescing or not, it’s obvious that interest in this topic is not waning, and we’ll see a lot more discussion of this topic at IETF 103. This article was originally published on the APNIC Blog.]]> 2940 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-103-internet-of-things/ Tue, 30 Oct 2018 08:13:15 +0000 https://www.ietfjournal.org/?p=2957 IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics. The IETF Hackathon, held on the weekend preceding the main IETF meeting (November 3-4, 2018), includes several projects directly related to IoT, with the possibility of more being added. Remote participation is available. More information is on the Hackathon wiki. Projects of interest (at the time of this writing) include those relating to:

• LPWAN CoAP/UDP/IPv6 SCHC compression and fragmentation
• ST-COAPS (ACE WG) + ANIMA BRSK
• WISHI (Work on IoT Semantic / Hypermedia Interoperability
• Trusted Execution Environment Provisioning (TEEP)

The Thing-to-Thing Research Group (T2TRG), under the Internet Research Task Force (IRTF), investigates open research issues towards turning the promise of IoT into reality. The research group will be meeting on Tuesday afternoon 6 Nov 2018 16:10-18:10 (GMT+7) in Bangkok to report out on their recent activities. In addition, they will hold a working meeting on Friday 9-November from 09:00 to 13:20 (GMT+7). The agenda for the Friday work meeting can be found here. As in the past, full details and latest info on their activities can be found in GitHub. Two recently chartered IoT-related working groups are working on very serious problems, and are making good progress:

• Trusted Execution Environment Provisioning (TEEP), working on standardizing protocols for provisioning applications into secure areas of computer processors. They have recently uploaded a new draft version of the TEEP architecture document. There are, however, a few more open issues, and the chairs are actively seeking feedback on the direction the document is heading.
• Software Updates for Internet of Things (SUIT), working on mechanisms for securely updating the firmware in IoT devices. The latest versions of the draft architecture and information model are on the agenda for the WG meeting, as is the manifest format.

I would like to draw your attention to some recently started activities of note:

• Application Transport LAyer Security (ATLAS) - relating to the re-use of TLS handshaking protocols at the application layer for establishing keying material to protect application data. Although there will not be a BoF at this IETF meeting, there may be an informal side meeting convened. If you are interested, keep an eye on the mailing list either by subscribing to it or by reviewing the archive. This message from the mailing list provides a good overview of current ATLAS-related drafts.
• Remote ATtestation ProcedureS (RATS) and Entity Attestation Token (EAT) are two related activities which address a similar problem space but are using different mechanisms, and which appear to be converging into one workstream – likely as This recent blogpost includes a good update. There is a RATS (aka simply Attestation) BoF scheduled for Tuesday 6 Nov 2018 13:50-15:50 (GMT+7) in Chitlada 2 Meeting Room (2^nd Floor), and the RATS draft charter is in GitHub. If you are interested, keep an eye on the EAT and RATS mailing lists.

In other contributed updates of interest: The Lightweight Implementation Guidance (LWIG) working group is providing useful implementation guidance to IoT developers. At IETF 103, the group will have discussions to finalize the draft on lightweight TCP implementations and Efficient Neighbor Management policies for 6LoWPAN networks. The group will also discuss a draft which defines how various standard elliptic curves such as NIST P-256, Curve25519 and Ed25519 can efficiently re-use the same underlying implementation. The session is Tuesday 7 Nov 2018 11:20-12:20 (GMT+7). Another interesting draft titled Enabling Network Access for IoT devices from the Cloud in the Thing-to-Thing Research Group (T2TRG) investigates how to overcome the perennial problem of secure bootstrapping of IoT devices. Rather than inventing another protocol, the draft describes how IoT devices can securely join a network with existing standard protocols such as EAP (RFC 3748) and RADIUS (RFC 2865). The draft received significant positive media coverage by The Register. In the latest update, the draft presents how to deal with the tricky problem of manufacturer obsolescence. It also defines new deployment modes for devices which have no identities or keys using existing EAP methods such as EAP-PSK (RFC 4764) and new EAP methods such as EAP-NOOB (Nimble out-of-band authentication for EAP). Thanks to Mohit Sethi, Ericsson (Co-Chairing EAP Method Update (EMU) and Lightweight Implementation Guidance (LWIG))

IoT Onboarding

A lot of work is going on to figure out how to help a device with no user interface onboard to the correct network in a secure way. The basis for some of this work is the Bootstrapping Remote Secure Key Infrastructure draft (BRSKI). This work is built atop HTTP. Several other activities are now looking at how to provide the voucher that is used in BRSKI and defined in RFC 8366 for other circumstances, like 802.11 networks and for further constrained devices. There are at LEAST three drafts on this subject, that will be mentioned in the OPS Area WG (OPSAWG) meeting, as well as at the EAP Method Update (EMU) WG session. There will also be a side meeting on Tuesday night at 18:00 local time for those who are interested in Apartment 3 on the 9th floor. Thanks to Eliot Lear, Cisco ANIMA's Bootstrapping Remote Secure Key Infrastructure draft (BRSKI) protocol has passed WGLC, and by IETF103 may be through IESG review and into the RFC-EDITOR queue. Since IETF101, ANIMA has adopted a constrained version of RFC8366 + BRSKI, and ACE has adopted a constrained version of RFC7030 (Enrollment over Secure Transport - EST). Expect serious activity on these protocols at IETF103, as these variations are approaching WGLC. A variety of interoperability events are being planned around these protocols, and there may be reports on those that have get done. Interest is growing on how to do device secure device enrolment over WiFi. The draft BRSKI over IEEE 802.11 gives a review of many different ideas, and the Wifi Alliance has recently released the Device Provisioning Protocol (DPP) Specification (requires registration). Thanks to Michael Richardson, Sandelman Software Works The IETF motto about running code is being applied to the opsawg's MUD internet draft. CIRALabs has been working over the summer to bring to life a MUD-driven IoT firewall called the "SecureHomeGateway." The system uses a smartphone, an off-the-shelf OpenWRT home gateway, and a QR code to apply the MUD internet draft to common devices. The team is taking the work up to ISPs at RIPE, to ccTLD operators at ICANN and has been keeping the HOMENET and ANIMA WGs appraised of developments. The CIRAlabs team expects to make some extensions (MUD processing and extensions for Secure Home Gateway Project) to MUD to better support some operational requirements that might come out of the SUIT and ANIMA The team also has some ideas on how to bootstrap the initial trust between mobile phone and home gateway (BRSKI enrollment for Smart Pledges).The MUD authors are now also looking at ways to expand the use of MUD to bandwidth profiling, so that administrators can provision based on the devices’ needs and observe when a device is behaving outside that profile. The initial draft can be found at https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-bw-profile/. Thanks to Michael Richardson, Sandelman Software Works, and Eliot Lear, Cisco

MUD

While we are on the subject of “Manufacturer Usage Description Specification“ (MUD), I am pleased to see that it is gaining some serious traction. Last June, the Internet Engineering Steering Group (IESG) approved it as a proposed standard. From the abstract: This memo specifies a component-based architecture for manufacturer usage descriptions (MUD). The goal of MUD is to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects. For more on MUD, Eliot Lear, one of the MUD authors, wrote a great article about it for the IETF Journal: Managing the Internet of Things – It’s All About Scaling. As I have noted in previous IoT Rough Guides, MUD also plays a significant role in the project – Mitigating IoT-Based Automated Distributed Threats – being developed by the US National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). NCCoE has also taken on a proof of concept project. You can find out more about that at https://www.nccoe.nist.gov/projects/building-blocks/mitigating-iot-based-ddos. Ongoing work includes:

• The Constrained RESTful Environments (core) WG aims to extend the Web architecture to most constrained networks and embedded devices. This is one of the most active IoT working groups.
• The IPv6 over Networks of Resource-constrained Nodes (6lo)WG will be meeting on Tuesday afternoon, and focuses on the work that facilitates IPv6 connectivity over constrained node networks.
• The IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) WGwas chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks.
• The Home Networking (homenet) WG focuses on the evolving networking technology within and among relatively small "residential home" networks. For example, an obvious trend in home networking is the proliferation of networking technology in an increasingly broad range and number of devices.
• The IPv6 over Low Power Wide-Area Networks (lpwan) WG - typical LPWANs provide low-rate connectivity to vast numbers of battery-powered devices over distances that may span tens of miles, using license-exempt bands.
• The IP Wireless Access in Vehicular Environments (ipwave) WG has as its primary deliverable a specification for mechanisms to transmit IPv6 datagrams over IEEE 802.11-OCB mode.
• The Authentication and Authorization for Constrained Environments (ace) WG,as its name suggests, is concerned with authentication and authorization mechanisms in constrained environments, where network nodes are limited in CPU, memory and power. This is a critical issue for IoT, for obvious reasons.
• Routing for IoT is tackled by theRouting Over Low power and Lossy networks (roll) WG which focuses on routing protocols for constrained-node networks.
• In addition to the new protocols and other mechanisms developed by IETF working groups, IoT developers often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (lwig) WGis developing such documents.

Schedule and locations subject to change. Please refer to the online agenda to confirm. If you have an interest in how the IoT is developing and being standardized in the IETF, I hope to see you in person or online at some of these meetings during IETF 103. (Note that If you know you will be unable to travel to the meeting and would like to participate remotely, you must register as a remote participant. There is currently no fee to be a remote participant at an IETF meeting but registration is required. If you do not want to register, you may opt to listen to the live audio stream of the sessions instead. The links for each session are posted in each session description in the agenda. ** All times ICT — Indochina Time (GMT+7)  6lo (IPv6 over Networks of Resource-constrained Nodes) WG Monday, 5 Nov 2018, 16:10-18:10 Meeting 2 Room (7th Floor) Agenda/Materials Documents Charter 6tisch (IPv6 over the TSCH mode of IEEE 802.15.4e) WG Thursday, 8 Nov 2018, 16:10-18:10 Boromphimarn 3 Meeting Room (3^rd Floor) Agenda/Materials Documents Charter ace (Authentication and Authorization for Constrained Environments) WG Thursday, 8 Nov 2018, 16:10-18:10 Chitlada 1 Meeting Room (2^nd Floor) Agenda/Materials Documents Charter core (Constrained RESTful Environments) WG Monday, 5 Nov 2018, 13:50-15:50 Boromphimarn 1/2 Meeting Room (3^rd Floor) Thursday, 8 Nov 2018, 11:20-12:20 Chitlada 1 Meeting Room (2^nd Floor) Agenda/Materials Documents Charter homenet (Home Networking) WG Wednesday, 7 Nov 2018, 13:50-15:20 Chitlada 3 Meeting Room (2^nd Floor) Agenda/Materials Documents Charter ipwave (IP Wireless Access in Vehicular Environments) WG Tuesday, 6 Nov 2018, 11:30-12:20 Chitlada 3 Meeting Room (2^nd Floor) Agenda/Materials Documents Charter lpwan (IPv6 over Low Power Wide-Area Networks) WG Tuesday, 6 Nov 2018, 09:00-11:00 Meeting 1 Room (7^th Floor) Agenda/Materials Documents Charter lwig (Light-Weight Implementation Guidance) WG Wednesday, 7 Nov 2018, 11:20-12:20 Meeting 2 Room (7^th Floor) Agenda/Materials Documents Charter opsawg (Operations and Management Area) WG Tuesday, 6 Nov 2018, 16:10-18:10 Chitlada 2 Meeting Room (2^nd Floor) Agenda/Materials Documents Charter rats (Remote ATtestation ProcedureS - aka simply Attestation) BoF Tuesday 6 Nov 2018, 13:50-15:50 Chitlada 2 Meeting Room (2^nd Floor) RATS draft charter roll (Routing Over Low power and Lossy networks) WG Monday, 5 Nov 2018, 09:00-11:00 Boromphimarn 1/2 Meeting Room (3^rd Floor) Agenda/Materials Documents Charter suit (Software Updates for Internet of Things) WG Thursday, 8 Nov 2018, 09:00-11:00 Chitlada 2 Meeting Room (2^nd Floor) Agenda/Materials Documents Charter t2trg (Thing-to-Thing) RG Tuesday 6 Nov 2018, 16:10-18:10 Meeting 1 Room (7^th Floor) Agenda/Materials Documents Charter teep (Trusted Execution Environment Provisioning) WG Wednesday, 7 Nov 2018, 09:00-11:00 Meeting 2 Room (7^th Floor) Agenda/Materials Documents Charter It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 103 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF103 to keep up with the latest news.]]> 2957 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-103/ Mon, 29 Oct 2018 12:38:16 +0000 https://www.ietfjournal.org/?p=2961 Internet Engineering Task Force will be in Bangkok for IETF 103, where around 1,000 engineers will discuss open Internet standards and protocols. The week begins on Saturday, 3 November, with a Hackathon and Code Sprint. The IETF meeting itself begins on Sunday and goes through Friday. We’ll be providing our rough guides on topics of mutual interest to both the IETF and the Internet Society as follows:

• Overview of ISOC @ IETF (this post)
• Internet of Things
• IPv6
• DNS Security and Privacy

For more general information about IETF 103 see:

• IETF 103 main page
• Remote participation & live stream information

Here are some of the activities that the Internet Society is involved in during the week.

Applied Networking Research Prize (ANRP)

Through the Applied Networking Research Prize (ANRP), supported by the Internet Society, the Internet Research Task Force (IRTF) recognizes the best new ideas in networking and brings them to the IETF, especially in cases where the ideas are relevant for transitioning into shipping Internet products and related standardization efforts. Out of 55 submissions in 2018, six submissions will be awarded prizes. Two winners will present their work at the IRTF Open Meeting on Monday, 5 November at 4:10PM.

• Johanna Amannfor the first large scale investigation of recently deployed web security features including their combined impact: J. Amman, O. Gasser, Q. Scheitle, L. Brent, G. Carle, R. Holz. Mission Accomplished? HTTPS Security after DigiNotar.  17th Internet Measurement Conference (IMC’17), November 2017.
• Arash Molavi Kakhkifor a detailed analysis of multiple versions of a rapidly evolving, new transport protocol in a large number of environments: Arash Molavi Kakhki, Samuel Jero, David Choffnes, Alan Mislove, Cristina Nita-Rotaru.Taking a Long Look at QUIC: An Approach for Rigorous Evaluation of Rapidly Evolving Transport Protocols.  17th Internet Measurement Conference (IMC’17), November 2017.

IETF Journal

The IETF Journal provides an easily understandable overview of what’s happening in the world of Internet standards, with a particular focus on the activities of the IETF Working Groups. Articles highlight some of the hot issues being discussed in IETF meetings and on the IETF mailing lists. You can follow IETF Journal via our Twitter and Facebook channels. If you would like to write for the Journal about your work at IETF 103, please email us at ietfjournal@isoc.org. Other highlights of the IETF 103 meeting include:

Hackathon

Right before IETF 103, the IETF is holding another Hackathon to encourage developers to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards. The Hackathon is free to attend but has limited seats available. Technologies from past Hackathons include DNS, HTTP 2.0, NETVC, OpenDaylight, ONOS, VPP/FD.io, RiOT, SFC, TLS 1.3, WebRTC, YANG/NETCONF/RESTCONF. Details on all planned technologies will be listed on the IETF 103 Meeting Wiki.

Birds of a Feather (BoF) Sessions

Another major highlight of every IETF is the new work that gets started in birds-of-a-feather (BoF) sessions. Getting new work started in the IETF usually requires a BoF to discuss goals for the work, the suitability of the IETF as a venue for pursuing the work, and the level of interest in and support for the work. There are two BoFs happening in Bangkok:

• Remote Attestation Procedures (rats) Tuesday, 6 November, 13:50 – 15:50. The RATS effort strives to provide evidence about a system's health and trustworthiness via the Internet. Instead of having a separate set of protocols for each set of mechanisms, the RATS effort will define a common set of protocols that can be used inter-operably over the Internet.
• WGs Using GitHub (wugh) Wendesday, 7 November, 13:50 – 15:20. A venue to continue discussion about ways that IETF Working Groups are using GitHub. The goal of the meeting is to determine whether there is enough support in the community to warrant more detailed discussions with the IETF Tools Team and the IETF Secretariat about functional requirements and process details to support integrating GitHub use into WG work.

Follow Us

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Follow us on the Internet Society blog, Twitter, or Facebook using #IETF103 to keep up with the latest news.]]> 2961 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-103-ipv6/ Wed, 31 Oct 2018 10:27:43 +0000 https://www.ietfjournal.org/?p=2976 IPv6 Operations (v6ops) Working Group is a key group and will be meeting on Monday morning. It’s published four RFCs since its last meeting, including Happy Eyeballs v2, and this time will kick-off with a presentation on the CERNET2 network which is an IPv6-only research and education in China. There’s also four drafts to be discussed, including three new ones. IPv6-Ready DNS/DNSSSEC Infrastructure recommends how DNS64 should be deployed as it modifies DNS records which in some circumstances can break DNSSEC. IPv6 Address Assignment to End-Sites obsoletes RFC 6177 with best current operational practice from RIPE-690 that makes recommendations on IPv6 prefix assignments, and reiterates that assignment policy and guidelines belong to the RIR community. Pros and Cons of IPv6 Transition Technologies for IPv4aaS discusses different use case scenarios for the five most prominent IPv4-as-a-service (IPv4aaS) transitional technologies, whilst NAT64/464XLAT Deployment Guidelines in Operator and Enterprise Networks is an updated draft that describes considerations with respect to applications or devices using literal IPv4 addresses or non-IPv6 compliant APIs, as well as IPv4-only hosts on an IPv6-only network. The other key group is the IPv6 Maintenance (6man) Working Group that will be meeting on Tuesday afternoon. Since the last meeting this has published just the one RFC on creating an IANA registry for updating the IPv6 Neighbor Discovery Prefix Information Option Flags, but has no less than nine drafts up for discussion. The couple of working group sponsored drafts relate to specifying a IPv6 Segment Routing Header (SRH) and how this can be used by Segment Routing capable nodes, and specifying a Router Advertisement flag to indicate to hosts that a link is IPv6-only. There are also a couple of new drafts that specify how IOAM (In-situ Operations, Administration and Maintenance) records are encapsulated in IPv6, and defining the building blocks that can be used for OAM in Segment Routing with IPv6. That leaves five existing drafts to be discussed, covering communicating NAT64 prefixes to clients with Router Advertisements, Updates to Requirements for IPv6 Options, Path MTU Discovery solutions, a new Path MTU Hop-by-Hop Option to record minimum Path MTU from source to destination, and IPv6 Packet Truncation procedures. On Tuesday morning, the IP Wireless Access in Vehicular Environments (ipwave) Working Group will be meeting. Most of the agenda is focusing on updates to the specification for transmitting IPv6 Packets over IEEE 802.11 Networks in Vehiclar communications, and the use cases for IP-based vehicular networks, but there’s recently been a couple of updates to DNS Name Autoconfiguration for Internet of Things Devices and IPv6 Neighbor Discovery for Prefix and Service Discovery in Vehicular Networks, so these may also be discussed. The Homenet (homenet) Working Group has previously been quite active, but appears to be focusing on the Homenet Naming and Service Discovery Architecture during its meeting on Wednesday afternoon. There’s also an agenda item for general security questions, and a demonstration of SecureHomeGateway, before moving into discussions on re-chartering the group. There’s also two IPv6-related working groups on Monday. The Routing Over Low Power and Lossy Networks (roll) Working Group focuses on IPv6 routing issues for these networks. This has a very busy agenda commencing with an update on the ROLL-BIER design that extends RPL to support routing based on Bit Index Explicit Replication (BIER) in environments with limited and lossy updates. There are seven other drafts up for discussion on Efficient Route Invalidation, RPL protocol design issues, route discovery for symmetric and asymmetric point-to-point traffic flows, a packet transmission rate metric for parent node selection, implementing the forwarding of copies of packets over different paths to different RPL parents, a proposal to extend the RPL protocol to install centrally-computed routes, and an update to the unicast routing services in an RPL domain. The IPv6 over Networks of Resource Constrained Nodes (6lo) Working Group also has a busy agenda. This includes a discussion on the proposed draft that updates RFC 6775 to support registration extensions for simplifying these operations in 6LoWPAN routers, an update on Address Protected Neighbor Discovery for Low-power and Lossy Networks, an update to RFC 4944 with a simple protocol to recover packet fragments over a mesh network, and the IPv6 Backbone Router draft being prepared for a Working Group Last Call. Other drafts up for review include transmitting IPv6 packets over Near Field Communication (NFC), a new type of 6LoWPAN routing header containing delivery deadlines for data packets, and IPv6 over Power-Line Communication Networks. The session will be rounded-off with a performance report on fragment forwarding and recovery. Tuesday morning sees the meeting of the Low Power Wide-Area Networks (lpwan) Working Group. There will be another discussion around whether to move to a Working Group Last Call on the Static Context Header Compression (SCHC) framework for IPv6 and UDP, that provides both header compression and fragmentation functionalities. Three other drafts describe similar schemes for SigFox,LoRaWAN and IEEE 802.15.4 type networks. Rounding off the IPv6-related sessions on Thursday afternoon, the IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) Working Group, will focus on the specification for a combining a high speed powered backbone and subnetworks using IEEE 802.15.4 time-slotted channel hopping (TSCH). The 6top protocol that enables distributed scheduling is now heading for publication as an RFC, and there are also updates to the description of a scheduling function that defines the behavior of a node when joining a network and to define a security framework for joining a 6TiSCH network. If there’s time, a method to protect network nodes against a selective jamming attack will be discussed. At the Internet Society, we continue to promote IPv6 deployment. You can check out the World IPv6 Launch measurements for our latest measurements of IPv6 around the globe: http://www.worldipv6launch.org/measurements You can also check out the Deploy360 online resources for getting started with IPv6 deployment:

• http://www.internetsociety.org/deploy360/start/
• http://www.internetsociety.org/deploy360/ipv6/

And you can read more about other topics of interest to the technology programs of the Internet Society in the rest of our Rough Guide to IETF 103 posts. IPv6-related Working Groups at IETF 103: V6OPS (IPv6 Operations) Working Group Monday, 5 November 2018 09.00-11.00 UTC+7, Meeting 1 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-v6ops/ Documents: https://datatracker.ietf.org/wg/v6ops/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-v6ops/ ROLL (Routing Over Low power and Lossy networks) WG Monday, 5 November 2018 09.00-11.00 UTC+7, Boromphimarn 1/2 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-roll/ Documents: https://datatracker.ietf.org/wg/roll/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-roll/ 6LO (IPv6 over Networks of Resource Constrained Nodes) WG Monday, 5 November 2018 16.10-18.10 UTC+7, Meeting 2 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-6lo/ Documents: https://datatracker.ietf.org/wg/6lo/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-6lo/ IPWAVE (IP Wireless Access in Vehicular Environments) WG Tuesday, 6 November 2018 09.00-11.00 UTC+7, Meeting 2 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-ipwave/ Documents: https://datatracker.ietf.org/wg/ipwave/documents/ Charter: https://datatracker.ietf.org/wg/ipwave/documents/ LPWAN (IPv6 over Low Power Wide-Area Networks) WG Tuesday, 6 November 2018 09.00-11.00 UTC+7, Meeting 1 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-lpwan/ Documents: https://datatracker.ietf.org/wg/lpwan/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-lpwan/ 6MAN (IPv6 Maintenance) WG Monday, 16 July 2018 @ 09.30-12.00 UTC-4, Laurier Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-6man/ Documents: https://datatracker.ietf.org/wg/6man/documents/ Charter: https://datatracker.ietf.org/wg/6man/charter/ Homenet (Home Networking) WG Wednesday, 7 November 2018 13.50-15.20 UTC+8, Chitlada 3 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-homenet/ Documents: https://datatracker.ietf.org/wg/homenet/documents/ Charter: https://datatracker.ietf.org/wg/homenet/charter/ 6TISCH (IPv6 over the TSCH mode of IEEE 802.15.4e) WG Thursday, 8 November 2018 16.10-18.10 UTC+7, Boromphimarn 1/2 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-6tisch/ Documents: https://datatracker.ietf.org/wg/6tisch/documents/ Charter: https://datatracker.ietf.org/doc/charter-ietf-6tisch/ It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 103 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF103 to keep up with the latest news.]]> 2976 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/rough-guide-to-ietf-103-dnssec-dns-security-and-dns-privacy/ Fri, 02 Nov 2018 17:29:11 +0000 https://www.ietfjournal.org/?p=2981 DPRIVE and DNSSD working groups. As part of our Rough Guide to IETF 103, here’s a quick view on what’s happening in the world of DNS. Note - all times below are Indochina Time (ICT), which is UTC+7.

DNS Operations (DNSOP)

The DNS sessions at IETF 103 start on Monday afternoon from 13:50-15:50 with the DNS Operations (DNSOP) Working Group.  As per usual, DNSOP has a packed agenda. The major security/privacy-related drafts include:

• DNS query minimisation - draft-ietf-dnsop-rfc7816bis - Back in 2016, RFC 7816 defined an experimental way to increase DNS privacy and limiting the exposure of DNS query information by simply not sending the entire query all the way up the DNS resolver chain.  This new work is to move that RFC 7816 document from being an experiment to being an actual Internet standard.
• Running a DNS root server locally - draft-ietf-dnsop-7706bis - Another way to increase DNS privacy is to not send queries up the DNS resolver chain to the root by running your own local copy of the root DNS servers. Back in 2015, the informational RFC 7706 defined how to do this and specified running it on the "loopback" interface of your local computer. This new work broadens that to allow the local copy to run more generally on local systems. At the recent ICANN 63 meeting in Barcelona, this was discussed as "hyperlocal" copies of the root zone of DNS. Wes Hardaker at ISI also has a site about this effort: https://localroot.isi.edu/ Not only could this increase privacy, but also resiliency of the DNS system. However, it is not without its critics and so there could be a good discussion in Bangkok.
• Serving stale data to increase DNS resiliency - draft-ietf-dnsop-serve-stale - This project is setting up the criteria for when DNS resolvers could continue to use DNS data even after the Time To Live (TTL) expires. Basically, if you can't reach an authoritative server for some reason, under what conditions could you continue to serve the records you previously retrieved from that server?

If there is time in the session, Paul Hoffman's draft-hoffman-resolver-associated-doh may come up for discussion. This relates to the somewhat controversial DNS Over HTTPS (DOH), now defined in RFC 8484, that lets an app such as a web browser send DNS queries over HTTPS to a DOH server where the DNS resolution can occur.  The controversy with DOH is primarily two points: 1) it lets an application  bypass local DNS servers and thereby bypass local DNS filtering or restrictions; and 2) the first announced use of DOH was by Mozilla Firefox with a DOH server from Cloudflare. This second point brought concerns about centralization and potential choke points.  As more entities have stood up DOH servers, there has been a need to help DOH clients understand which DOH server to use. Paul's draft provides one such mechanism. If by some miracle there happens to still be time in the session and there is an open mic, I may see if I can briefly ask the group if there is interest in moving forward the draft that several of us worked on about DNSSEC cryptographic algorithm agility - draft-york-dnsop-deploying-dnssec-crypto-algs .  However, given the agenda, I highly doubt there will be an opportunity - it will need to be mailing list activity.

DNS PRIVate Exchange (DPRIVE)

[UPDATE, 4 November 2018: The DPRIVE session at IETF 103 was cancelled after the working group chairs determined they did not have enough presenters to have the discussion they were seeking to have. They plan to take the conversation back to the DPRIVE mailing list and perhaps hold a virtual interim meeting in December 2018.] The DPRIVE working group meets Wednesday morning from 09:00-11:00 ICT.  This meeting at IETF 103 is primarily focused on the discussion about how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain.  Specifically they will spend about 30 minutes on the "user perspective" of DNS privacy and a full hour on the "authoritative and recursive perspective" as the working group looks at whether to expand its work to increase the privacy of even more elements of the DNS infrastructure

Extensions for Scalable DNS Service Discovery (DNSSD)

Privacy will also get attention at the DNSSD Working Group on Thursday afternoon from 13:50-15:50 ICT.  DNSSD focuses on how to make device discovery easier across multiple networks. For instance, helping you find available printers on not just your own network, but also on other networks to which your network is connected. However in doing so the current mechanisms expose a great deal of information. The working group had a lengthy discussion at IETF 102 in Montreal about DNS privacy - and are planning for a significant 50 minute discussion block here at IETF 103 in Bangkok.

DNSSEC Coordination informal breakfast meeting

As a final note, on Friday morning we may try an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. This time we are not sure yet because with the formal meetings ending on Thursday, many people may be traveling home on Firday. We’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

DANE and DNSSEC will also appear in the TLS Working Group's meeting on Wednesday. The draft-ietf-tls-dnssec-chain-extension will be presented as a potential way to make DANE work faster by allowing both DANE and DNSSEC records to be transmitted in a single exchange, thus reducing the time involved with DANE transactions. There has been a lengthy discussion on the TLS list and the chairs are scheduling 55 minutes for this discussion. Given the key role DNS plays in the Internet in general, you can also expect DNS to appear in other groups throughout the week. P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

• http://www.internetsociety.org/deploy360/dnssec/
• http://www.internetsociety.org/deploy360/resources/dane/

Relevant Working Groups at IETF 103:

DNSOP (DNS Operations) WG Monday, 5 November 2018, 13:50-15:50 ICT, Chitlada 1 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-dnsop Documents: https://datatracker.ietf.org/wg/dnsop/ Charter: http://tools.ietf.org/wg/dnsop/charters/ DPRIVE (DNS PRIVate Exchange) WG Wednesday, 7 November 2018, 09:00-11:00 ICT, Meeting 1 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-dprive Documents: https://datatracker.ietf.org/wg/dprive/ Charter: http://tools.ietf.org/wg/dprive/charters/ DNSSD (Extensions for Scalable DNS Service Discovery) WG Thursday, 8 November 2018, 13:50-15:50 ICT, Meeting 2 Agenda: https://datatracker.ietf.org/meeting/103/materials/agenda-103-dnssd Documents: https://datatracker.ietf.org/wg/dnssd/ Charter: http://tools.ietf.org/wg/dnssd/charters/

Follow Us

It will be a busy week in Bangkok, and whether you plan to be there or join remotely, there’s much to monitor. Follow us on the Internet Society blog, Twitter, or Facebook using #IETF103 to keep up with the latest news.]]> 2981 0 0 0 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/sunsetting-the-ietf-journal/ Mon, 01 Jul 2019 20:47:22 +0000 https://46a5b63a-970c-11e7-8dfd-8a9d3f51e998.app.getshifter.io:52542/?p=3024

The IETF Journal began in 2005 as a collaboration between the Internet Engineering Task Force (IETF) and the Internet Society to help publicise the work of the IETF and Internet Research Task Force (IRTF) to a broader audience. In the years since IETF Journal began publishing there have been a lot of changes in the IETF, and the Journal itself recently moved to an online-only format. The IETF website has evolved to communicate with a broader audience, and the IETF blog is now functioning as a source of information about the work of the IETF and the proceedings of IETF meetings. 

In light of these changes we will no longer be posting new content on the IETF Journal website. The domain ietfjournal.org and the site will remain online in the medium term as the content is still a useful resource about the past activity of the IETF. Internet Society staff will continue to write about and encourage writing about the significance of IETF work to help reach that broader audience and to support the IETF - but we will now do so primarily through our own channels.

]]> 3024 0 0 0