Deploy360 17 July 2017

Deploy360@IETF99, Day 2: IoT, IPv6, DNSSEC, DPRIV & TLS

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

Tuesday is another hectic day at IETF 99 in Prague with a lot of relevant sessions for us. Each day we’re bringing you blog posts pointing out what Deploy360 will be focusing on.

The morning starts at 09.30 CEST/UTC+2 with a very full V6OPS meeting (which continues on Thursday afternoon). There’s a couple of deployment case studies up first – on turning IPv4 off in the Microsoft enterprise network, followed by some experiences of using dual-stacked websites with Happy Eyeballs – before a presentation on the current status of IPv6 deployment.

There are ten drafts being discussed, including requirements for IPv6 routers that aims to document a set of IPv6 requirements for routers, switches and middle boxes based on design and architectural experiences; specifying requirements for zero-configuration IPv6 CPEs; and using conditional router advertisements for connecting an enterprise network to multiple ISPs using address space assigned by an ISP. Version 2 of Happy Eyeballs is also being proposed, tweaking the algorithm whereby a dual-stack host tries to establish connections with both IPv4 and IPv6; and there’s an interesting draft proposing deployment of IPv6-only Wi-Fi at IETF meetings.


NOTE: If you are unable to attend IETF 99 in person, there are multiple ways to participate remotely.


Running in parallel is DPRIVE, which will be discussing the DNS over the QUIC protocol, measuring the usage of DNS-over-TLS, as well as next steps. At the same time, PERC will be discussing a draft related to DTLS tunnelling.

First up in the afternoon at 13.30 CEST/UTC+2 is T2TRG which is reviewing the outcome of the Workshop on IoT Semantic/Hypermedia Interoperability (WISHI), and will discuss what its future activities and deliverables should be.

In the late afternoon session starting at 15.50 CEST/UTC+2, there’s DNSOP (which continues on Thursday afternoon). There doesn’t look to be much DNSSEC-wise on the agenda today, although there is a draft to enhance the automatic updating of DNSSEC trust anchor process (as specified in RFC 5011).

Also running in parallel is CFRG, which discusses and reviews cryptographic mechanisms for network security. There are five drafts being discussed, including on the transition from classical to post-quantum cryptography. In addition, there are two proposals for new cryptographic techniques.

If you’re interested in the Internet-of-Things, then you can also check-out 6LO. This group focuses on facilitating IPv6 connectivity over node networks with limited power, memory and processing resources, and will be discussing drafts on Neighbour Discovery, IPv6 over low-power Bluetooth mesh networks, and transmission of IPv6 over electrical power lines.

For more background, please read the Rough Guide to IETF 99 from Olaf, Dan, Andrei, Mat, Karen and myself.

Relevant Working Groups

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...