Deploy360 26 March 2015

Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

By Dan YorkDirector, Internet Technology

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:


Relevant Working Groups:


For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

  • Rough Guide to IETF 92: Welcome to Texas, Y’all!
  • Routing Resilience and Security
  • Scalability & Performance
  • IPv6
  • DNSSEC, DANE, and DNS Security
  • Trust, Identity, and Privacy
  • Strengthening the Internet

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...