IETF 84 in Vancouver is rapidly approaching (29 July-3 August 2012). Newcomers' training and technical tutorials take place on Sunday (29 July), with the working group (WG), Birds of a Feather (BoF), and plenary sessions happening during the week.
Once again, the Internet Society is pleased to bring you a Rough Guide to the IETF 84 sessions most relevant to our current work.
At this IETF meeting, we are turning our attention to the following broad categories:
- Trust technologies
(All times are local, UTC -7 hours)
In addition to the WG and BOF sessions listed below, these sessions are of general interest:
IAB Technical Plenary
'Software Defined Networking'
A number of activities both within and outside of the IETF involve the decoupling of the control plane of routers from the data plane. In recent years, a great deal of energy in this space has focused on Software Defined Networking (SDN), which we can broadly understand as networks in which APIs allow certain software applications to modify the forwarding policy of routers, switches, firewalls and related network elements. These proposals have immediate applicability to highly-determined environments like data centers, where applications can easily understand topology. Some academics further envision a world where applications will run on top of a "network operating system," provisioning policy in groups of routers to enable flow-based controls. Ultimately, these industry efforts may lead to deployments where traditional IETF protocols that inform the control plane (like routing or management protocols) cooperate or in some cases compete with non-standard API interfaces. This plenary proposes to explore current events in the SDN space, including the status of implementation and deployment, and the implications this work has for standards development at the IETF.
(20 July 2012, 1730-1930)
ISOC@IETF 84 Briefing Panel: World IPv6 - Launched!
On 6 June 2012, more than 50 access providers and thousands of websites around the globe joined together in establishing IPv6 as the "new normal" for the Internet. Participating content providers turned on IPv6 on their main sites -- for good. Participating access providers are offering IPv6 by default to their customers, and have at least 1% of their traffic to major websites over IPv6.
At a high level, it is clear that this represents a significant, concrete step forward in the deployment of operational IPv6 in the Internet. Uptake of IPv6 is not evenly distributed across all access networks for a variety of reasons and there is clearly still much work to do. This panel will share more specific numbers and perspectives outlining the impact of World IPv6 Launch.
Additional information and live audiocastsa on the briefing panel is available at:
(31 July 2012, 1145-1245)
The IETF Journal v8.1 provides a summary of many sessions from IETF 83:
Learn about developments around IETF by subscribing to the IETF Journal at:
irtfopen (IRTF Open Meeting)
The IRTF Open Meeting will include a presentation from Alberto Dainotti who won the Applied Networking Research Prize for IETF 84. Alberto Dainotti was recognised for his research into Internet communication disruptions due to filtering: Alberto Dainotti, Claudio Squarcella, Emile Aben, kc claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé. Analysis of Country-wide Internet Outages Caused by Censorship. Proc. ACM Internet Measurement Conference (IMC), November 2011, Berlin, Germany.
(31 July 2012, 1300-1500)
Trust technologies are those that enable trust in the Internet infrastructure and user or application space. This includes encryption technologies and mechanisms for communicating trust in various forms.
With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services such as encryption, digital signatures, and message authentication codes (MACs) for data that is being carried in JSON format. This group is chartered to work on four documents all of which have seen recent revisions. This work is closely related to the Oauth effort.
(1 August 2012, 0900-1130)
websec (Web Security) WG
Additionally, the WG will standardize a small number of selected specifications that have proven to improve security of Internet Web applications. Initial work will be focused on the following topics: HTTP Strict transport security (draft-ietf-websec-strict-transport-sec), HTTP Header X-Frame-Options (draft-ietf-websec-x-frame-options), and Same origin policy (RFC 6454, draft-nir-websec-extended-origin).
(31 July 2012, 0900-1020)
AuthN and AuthZ are key components of any managed identity exchange (above or below the Web) and the work called out here will be used in conjunction with efforts in the W3C, OASIS, and other specifications groups to create solutions for both end users and intermediaries.
scim (System for Cross-domain Identity Management) WG
This newly chartered working group will standardize methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications.
In this case, "standardize" does not necessarily mean that the working group will develop new technologies. The existing specifications for "SCIM 1.0" provide RESTful interfaces on top of HTTP rather than defining a new application protocol. That will be the basis for the new work.
(3 August 2012, 1120-1220 and 1230-1330)
oauth (Web Authorization Protocol) WG
The Open Authentication Protocol is a mechanism that allows a user to give third-party web sites or applications access to protected resources without providing them access to their long term credentials or resources. The oauth WG was chartered to update and improve the security mechanisms in the original oauth protocol. The ongoing standardization effort within the OAuth working group will focus on enhancing interoperability of OAuth deployments. A standard for a token revocation service, which can be separated from the existing web tokens to the token repertoire will enable wider deployment of OAuth. Extended documentation of OAuth use cases will enhance the understanding of the OAuth framework and provide assistance to implementors. And dynamic client registration will make it easier to broadly deploy OAuth clients (performing services to users). Current discussions include token formats, security issues, and finalizing the core documents.
(2 August 2012, 0900-1130)
abfab (Application Bridging for Federated Access Beyond web) WG
This working group will specify a federated identity mechanism for use by other Internet protocols not based on HTML/HTTP, such as for instance IMAP, XMPP, SSH and NFS. The design will combine existing protocols, specifically the Extensible Authentication Protocol (EAP - RFC 3748), Authentication, Authorization and Account Protocols (RADIUS - RFC 2865 and Diameter - RFC 3588), and the Security Assertion Markup Language (SAML). Several key documents (use cases, architecture, etc.) are up for discussion as the initial work package moves toward last call.
(30 July 2012, 1540-1710)
Internet infrastructure -- from managed resources to collaborative efforts such as routing -- continues to evolve to meet current needs. Of particular interest this time around are ongoing efforts to secure the routing infrastructure (SIDR) and develop an internationalized successor to whois for accessing information associated with resources.
dane (DNS-based Authentication of Named Entities) WG
The dane working group was chartered to look at the use of DNSSEC to facilitate the establishment of cryptographically secure communications for Internet applications. This was accomplished by using information distributed through DNSSEC for discovering and authenticating public keys associating a service located at a domain name. Building upon the implementation and deployment of DNSSEC, this work seeks to use the chain of trust established in the DNS to enable on-demand establishment of secure channels for a multiplicity of applications. The dane working group has successfully completed the use case document (published as RFC 6394) and the protocol document (currently in the RFC Editor's queue). This meeting will focus on rechartering in general and discussion of various drafts related to the use of dane within a specific application in particular.
(30 July 2012, 1300-1530)
karp (Keying and Authentication for Routing Protocols) WG
The karp WG is focused on improving the state of authentication in all the Internet routing protocols. Many routing protocol deployments, if they use authentication at all, are using older (possibly deprecated) cryptographic algorithms and are missing some modern security mechanisms, like replay protection, algorithm agility, or key rollover. In addition, the issue of key management is a major stumbling block to deployment. The karp WG is working to address these requirements in a number of IETF routing protocols. The design guide has been published as RFC 6518, and the threat requirements document is currently under review by the IESG. Work is expected to continue at this meeting on an operations model, several analysis drafts, and a discussion of a database of long-lived symmetric cryptographic keys.
(31 July 2012, 1300-1500)
sidr (Secure Inter-Domain Routing) WG
The SIDR WG is focused on securing inter-domain routing. The overall architecture is based on a Resource PKI (RPKI) which adds an authentication framework to BGP requiring a certificate management infrastructure. This is a key technology for improving trust in the routing infrastructure.
Most of the work regarding the basic RPKI infrastructure is already standardized and the work is focused on the development of BGPSEC - extensions to BGP that allow path validation.
The group has several interim meetings focusing on operational issues in incremental deployment (repository freshness, performance, key management).
(1 August 2012, 0900-1130)
weirds (Web Extensible Internet Registration Data Service) WG
Internet registries for both number resources and names have historically maintained a lookup service to permit public access to some portion of the registry database. Most registries offer the service via WHOIS (RFC 3912), with additional services being offered via World Wide Web pages, bulk downloads, and other services, such as RPSL (RFC 2622).
The existing standards and related service miss some important features: internationalization, standard data model, differential service.
The weirds WG aims at determining the general needs of such a service, and standardize a single data framework. The framework shall be for data to be delivered via a RESTful data service using HTTP (optionally using TLS), and may use standard features of HTTP to support differential service levels to different classes of user.
The work of the group focuses on two classes of registries: numbers and names, aiming at one protocol to serve both. The main topic is the data model: what objects need representations, how to fit them in the framework, encoding, Internationalization, etc.
(1 August 2012, 0900-1130)
opsec (Operational Security Capabilities for IP Network Infrastructure) WG
The goal of OPSEC WG is to document best current practices with regard to network security. In particular an effort will be made to clarify the rationale supporting current operational practice, address gaps in currently understood best practices for forwarding, control plane, and management plane security and make clear the liabilities inherent in security practices where they exist.
Many of the work items of the group are "work in progress", such as cataloging security efforts at other SDOs (draft-ietf-opsec-efforts), filtering practices (e.g. draft-ietf-opsec-icmp-filtering) and BGP security practices (draft-jdurand-bgp-security).
(1 August 2012, 1300-1500)
dsii (Data Set Identifier Interoperability) BoF
The discussion will focus on how to achieve interoperability among persistent identifiers for data sets made available on the Internet. The initial use case of interest is scientific data sets produced by different research teams; other use cases might include media developed by different sources and combined into a common collection. Access policies based on identifiers, discovery, association of meta-data, and data integrity are expected to be later topics, but these will likely be covered in follow-on mailing list discussion. The BoF will review existing methods such as DOI, URN, PURL, and then discuss core requirements.
Charter: This BoF is not intended to form a working group at this session.
(31 July 2012, 1520-1650)
The Internet relies on a single addressing framework in order to have global reach and integrity. IPv4 address space is insufficient for today's Internet, and IPv6 has been developed as its successor. While the standard for IPv6 has long-since been finished, there are ongoing discussions of IPv6 operational issues and management, as well as possible uses in home networks and very large scale networks (of small scale devices).
v6ops (IPv6 Operations) WG
The v6ops WG continues to be active in describing operational considerations of IPv6 deployment. There are quite a number of operational drafts, with 8 drafts are on the agenda for discussion. One of them, a new draft is quite interesting - operational design guidelines for v6 networks: http://www.ietf.org/internet-drafts/draft-matthews-v6ops-design-guidelin.... It is a -00 draft (which means it is an initial submission).
(2 August 2012, 0900-1130; 3 August 2012, 0900-1100)
6renum (IPv6 Site Renumbering) WG
The 6renum WG is chartered to perform an analysis of IPv6 site renumbering. If the analysis leads to conclusions that are also applicable to IPv4 that will be an advantage, but it is not an objective of the WG to make its outputs more widely available than IPv6. Similarly the WG is targeting enterprise networks, but the analysis may also be applicable to SOHO or other (e.g. ad-hoc) scenarios.
(31 July 2012, 1030-1130)
6man (IPv6 Maintenance) WG
The 6man Working Group is charged with the maintenance, upkeep and advancement of the IPv6 protocol specifications and addressing architecture, which is especially relevant as IPv6 begins to be deployed around the world at scale this year. Reflective of that, the 6man working group has 14 working group documents currently being considered. These are likely to be discussed in Vancouver, as well as some cross items with the 6lowmpan (v6 for low power networks) WG, which is not meeting at IETF 84.
(1 August 2012, 0900-1130)
sunset4 (Sunsetting IPv4) WG
sunset4 is a new working group in the Internet Area. The charter is here: http://datatracker.ietf.org/wg/sunset4/charter/. In short the formation of the working group is an acknowledgement that the Internet is still largely IPv4, but in the presence of address exhaustion it cannot continue to be the Internet that we know today. The Internet will transition to IPv6 but there will be an interval where the Internet's performance degrades as more coping mechanisms are adopted and before a complete transition to IPv6. This working group hopes to develop techniques to mitigate some of that pain. The immediate activity is to evaluate various CGN (carrier-grade NAT proposals) and determine whether there is a work item around CGN that functions as a suitable IPv4 sunsetting mechanism.
(30 July 2012, 1300-1500)
The public policy world is full of discussions of appropriate (and inappropriate) management of bandwidth in the face of growing network usage. The IETF and IRTF have a number of efforts underway to explore and address more sophisticated ways to make use of available bandwidth, and otherwise get content to where it needs to be, efficiently.
icnrg (Information-Centric Networking Research Group)
Meeting for the first time as a chartered research group of the IRTF, the ICN RG will address the latest research results relating to initiatives to evolve the Internet infrastructure by introducing uniquely named data as a core Internet principle.
(1 August 2012, 0900-1130)
rmcat (RTP Media Congestion Avoidance Techniques) BoF
In today's current Internet, part of the traffic is delivery of interactive real time media, often in the form of sets of media flows using RTP over UDP. There is no generally accepted congestion control mechanism for this kind of data flow. With the deployment of applications using the RTCWEB protocol suite, the number of such flows is likely to increase, especially non-fixed-rate flows such as video or adaptive audio. There is therefore some urgency in specifying one or more congestion control mechanisms that can find general acceptance.
(2 August 2012, 1300-1500)