Deploy360 27 March 2017

Deploy360@IETF98, Day 2: IoT, IPv6, TLS & SIDR

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

Tuesday is another busy day at IETF 98 in Chicago with sessions related to pretty much the whole Deploy360 portfolio. Each day we’re bringing you blog posts pointing out what Deploy360 will be focusing on.

The morning session sees TLS busy with a significant update to the TLS protocol which is now in Last Call. There’s a companion update to DTLS, and also on the agenda are drafts on a DANE Record and DNSSEC Authentication Change Extension for TLS, certificate compression, and delegated credentials. So it looks to be a very significant meeting.

Running at the same time is 6TiSCH. There will be further discussions on the draft that describes the architecture for running IPv6 over TSCH networks, two drafts related to the 6top protocol that enables distributed scheduling, as well as four drafts related to security functionality. There will also be an update on IEEE 802.15.4e developments, and introduction of a draft describing a joint scheduling architecture for deterministic industrial field and backhaul networks.

NOTE: If you are unable to attend IETF 98 in person, there are multiple ways to participate remotely.

It’s perhaps worth calling into the Internet Area Working Group after lunch. This acts as a forum for cross-area issues, and there’s one IPv6 related draft on the agenda concerning DHCPv6 Options for Discovery NAT64 Prefixes.

The second afternoon session sees the first meeting of the recently chartered SIDROPS. This has taken over the technology developed by SIDR and is developing guidelines for the operation of SIDR-aware networks, as well as providing operational guidance on how to deploy and operate SIDR technologies in existing and new networks.

On the agenda are two drafts outlining mitigating mechanisms for route leaks. One suggests an enhancement to BGP that would extend the route-leak detection and mitigation capability of BGPSEC, whilst the other proposes to enhance the BGP Open message to establish a relationship agreement between two BGP neighbouring speakers in order to enforce appropriate configuration on both sides.

Also running at the same time is UTA which has finished a number of pieces of work and will therefore focus on several drafts related to Strict Transport Security (STS) for mail transfer and user agents.

If all this isn’t enough, OPSEC is being held during the evening session where a draft on operational security considerations for IPv6 networks will be discussed. IPv6 presents some new security challenges, but this draft analyses the operational security issues for enterprises, service providers and residential users and proposes practical mitigation techniques.

For more background, please read the Rough Guide to IETF 98 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...