IETF 101, Day 3: TLS & DPRIVE is no Diet Coke Thumbnail
Deploy360 20 March 2018

IETF 101, Day 3: TLS & DPRIVE is no Diet Coke

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

This week is IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. There’s plenty of variety on Wednesday, following the themes of Trust and Identity, IPv6 and the Internet-of-Things.

TLS has its second session of the week starting at 09.30 GMT/UTC, and will be focused on the big development of the TLS 1.3 specification being approved by the IESG. Some further work is required, but there are a number of TLS 1.3 related drafts up for discussion.

These include Datagram Transport Layer SecurityDTLS Connection Identifer,  Exported authenticators in TLSDANE Record and DNSSEC Authentication Chain Extension for TLS, TLS Certificate compression, SNI Encryption in Tunnelling via TLS, and Semi-static DH Key Establishment in TLS 1.3.

NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.

Running in parallel is LPWAN which is working on enabling IPv6 connectivity with very low wireless transmission rates between battery-powered devices spread across multiple kilometres. There’s a draft providing an overview of the set of LPWAN technologies under consideration by the IETF, two other working group sponsored drafts on LPWAN Static Context Header Compression (SCHC) and fragmentation for IPv6 and UDP, as well as five individual drafts related to SCHC.

After lunch there’s a choice of DPRIVE or 6TiSCH starting at 13.30 GMT/UTC.

DPRIVE will have two major topics of discussion, starting with recommendations for best current practices for those operating DNS privacy servers, building on the work of the DNS Privacy Project. There will also be a discussion on how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain.

Finally, given that original focus of the Working Group was on stub-to-recursive-resolver connections which is now basically done from a standards perspective, there is interest in moving to next phase of privacy. A discussion on how to re-charter the group has therefore been scheduled.

6TiSCH has a full agenda, with the 6top protocol that enables distributed scheduling now being targeted for an IESG Last Call, and the security functionality ( and being prepared for Working Group Last Calls.

ACME rounds off the day from 15.30 GMT/UTC, where the main order of business is the core specification of the Automatic Certificate Management Environments that has been submitted to the IESG for publication. The meeting will also discuss the TLS ALPN challenge that allows for domain control validation using TLS, as well as using STIR with ACME to provide cryptographic authentication for telephone calls.

For more background, please read the Rough Guide to IETF 101 from Olaf, Dan, Andrei, Steve, Karen and myself.

Relevant Working Groups

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...