IETF Technical Plenary Minutes 3 March 2014 London, England Minutes by Cindy Morgan, IETF Secretariat 1. Welcome Russ Housley welcomed the community to the IETF 89 Technical Plenary, noting that the session was being streamed at: https://www.youtube.com/watch?v=RUaAcf4gLto 2. Reporting 2.1. IAB Chair Russ Housley delivered the IAB Chair report: http://www.ietf.org/proceedings/89/slides/slides-89-iab-techplenary-1.pdf The IAB thanked outgoing members Bernard Aboba, Ross Callon, Alissa Cooper, and Hannes Tschofenig. Russ Housley noted that since IETF 88, the IAB has: - issued an IAB Statement on draft-farrell-perpass-attack - issued an IAB Statement from the I* Leaders Coordination Meeting in Santa Monica - published two RFCS: + RFC 7101: List of Internet Official Protocol Standards has been replaced by a Web Page + RFC 7094: Architectural Considerations of IP Anycast - appointed Warren Kumari (two-year term) and Daniel Migault (one- year term) to the ICANN Technical Liaison Group - held two workshops: + ITAT – IAB Workshop on Internet Technology Adoption and Transition + STRINT – W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring Russ Housley reported that the IAB has approved starting the assignment of Digital Object Identifiers (DOIs) for RFCs, and that the process is being documented in draft-iab-doi. In January 2014, the IAB received an appeal on the decision by the IRTF chair to not remove one of the CFRG chairs. The IAB reviewed and responded, but chose to take no action. Russ Housley noted that the IAB is currently in the process of making an appointment to the ISOC Board of Trustees, and asked the community to provide feedback on the candidates. 2.2. IRTF Chair Lars Eggert delivered the IRTF Chair report: http://www.ietf.org/proceedings/89/slides/slides-89-iab-techplenary-2.pdf Lars Eggert reported that seven of the nine Research Groups currently chartered will be meeting at IETF 89, in addition to the IRTF Open Meeting and the Global Access to the Internet for All (GAIA) Proposed Research Group. Lars Eggert reported that the IRTF has published one RFC since IETF 88: RFC 7046 on A Common API for Transparent Hybrid Multicast. In December 2013, the IRTF Chair received a request to remove Kevin Igoe as co-chair of the Crypto Forum Research Group (CFRG). After reviewing, Lars Eggert responded to the appeal and rejected the request. The Applied Network Research Prize is awarded jointly by the IRTF and ISOC. The committee received 46 nominations; six prizes were awarded for 2014. The first two prize winners will present their papers during the IRTF Open Meeting at IETF 89. 2.3. RSE and RSOC Chair Heather Flanagan and Alexey Melnikov delivered the RSE and RSOC Chair report: http://www.ietf.org/proceedings/89/slides/slides-89-iab-techplenary-3.pdf Heather Flanagan noted that the RSOC has completed the annual review of the RPC and Publisher, and that the report is available on the RFC Editor website. The RSOC is working on two documents, which were recently adopted in the IAB Stream: - draft-iab-doi - draft-iab-styleguide The RFC Editor has made progress on the RFC format change since IETF 88, with the design team working to capture the current discussions. A session to discuss the RFC format evolution will be held on Wednesday, 5 March 2014 during IETF 89. Next steps include incorporating feedback received to date into the relevant internet- drafts, starting the formal publication process of those drafts, and creating Statements of Work to write the specifications for the tools needed. The current goal is to start development of the new tools by IETF 91. 3. ITAT Workshop Report Eliot Lear delivered the report from the ITAT workshop, held in Cambridge in December 2013: http://www.ietf.org/proceedings/89/slides/slides-89-iab-techplenary-4.pdf The goal of the workshop was to investigate ways to increase deployment of the technologies developed in the IETF. The papers presented at the workshop are available at: http://www.iab.org/activities/workshops/itat/ Discussions at the workshop opened with questions surrounding the following areas: - DNSSEC deployment - How to make new transport protocols (e.g., for WebRTC) more palatable - Whether the next generation of HTTP can succeed with only TLS as an option - Implementation of Route Origin Attestations (ROAs) and what is needed to declare success - The impact of "mandatory to implement" features on the marketplace. Presentations included an analysis of Bitcoin, how to avoid the tragedy of the commons, bundling of independent capabilities within protocols, and comparison of the hour glass to systems biology. Eliot Lear reported that coming out of the workshop, potential next steps include: - Formation of GAIA research group on issues facing environments with limited capabilities - Facilitating of bundling research (Weber, et. al) through a possible new research group - The IESG and IAB should keep in mind the parameters of RFC 5218 when considering BOFs - Possible discussion about how we can facilitate interoperability - Tracking successes, wild successes, failures, and what we think happened in each case A draft of the workshop report is available as draft-iab-itat-report. 4. Technical Topic: Payment Systems Dave Thaler introduced the the evening's technical topic, payment systems. Malcolm Pearson is the Director of Development at Microsoft China for eCommerce protocols and mechanisms. He delivered a presentation titled "Internet-Scale Payment Systems: Ecosystems & Challenges." The slides are available here: http://www.ietf.org/proceedings/89/slides/slides-89-iab-techplenary-5.pdf Steve Kirsch is the founder and CEO of OneID, working on issues of digital identity and password proliferation. He delivered a presentation titled "Identity, Payments, and Bitcoin: Big Changes Ahead." The slides are available here: http://www.ietf.org/proceedings/89/slides/slides-89-iab-techplenary-6.pdf At the end of the presentations, the microphones were opened for questions from the audience. Phill Hallam-Baker noted that he has been doing Internet payments for nearly 20 years. He predicted that Bitcoin will crash, and that the currency's deflation will make people less likely to cash out, hindering its use in commerce. He asked, what is the point of a digital currency if people are not spending it. Steve Kirsch replied that Bitcoin is currently deflationary, and that is why some people are hoarding it. Whether one will spend or hoard depends on what the individual believes will happen with the currency in the future; it is a gamble. * Rigo Wenning announced that the W3C is having a workshop on web payments at the end of March 2014 that hopes to address many of the questions that have been raised. Information on the workshop can be found here: http://www.w3.org/2013/10/payments/ * Kathleen Moriarty asked how a physical RSA token would not be considered a form of two-factor authentication. Steve Kirsch replied that it is two-factor authentication, but is not "out-of-band" two-factor authentication, and suggested that they discuss further offline. * Dan Bogdanovich noted that during Steve Kirsch's presentation, he mentioned doing a local calculation and then sending a response back, which is what is used today in mobile telephony and SIM cards. Steve Kirsch replied that SIM cards are like using a shared secret, and that what he was talking about was signing with a private key, and not a secret key--an asymmetric key rather than a symmetric one. He added that there are well-known problems with symmetric cryptography. * Matthew Kaufman observed that the proposals in Steve Kirsch's presentation rely upon the machine in question not being compromised, and noted that while mobile devices are theoretically independent, they are routinely plugged into other devices for updates and synching, which makes them vulnerable. Steve Kirsch replied that some mobile phone systems are more easily compromised than others. He noted that people choose to make compromises, but that they could choose to use their mobile device for secure authentication and nothing else. Certain devices don't have new software loaded on them very often, if ever, which makes them much more difficult to compromise. But he agreed that there is no perfect system, only better ways to do things. * Dave Thaler thanked both speakers, and noted that both had left contact information in their slides if anyone wishes to discuss the topic further offline. 5. IAB Open Mic The incoming, continuing, and outgoing IAB members took the stage for the open mic session: - Bernard Aboba (outgoing) - Jari Arkko (IETF Chair) - Mary Barnes (incoming) - Marc Blanchet (continuing) - Ross Callon (outgoing) - Alissa Cooper (outgoing) - Lars Eggert (IRTF Chair, ex officio) - Joel Halpern (continuing) - Ted Hardie (incoming) - Joe Hildebrand (incoming) - Russ Housley (continuing) - Eliot Lear (continuing) - Xing Li (continuing) - Erik Nordmark (continuing) - Andrew Sullivan (continuing) - Dave Thaler (continuing) - Brian Trammell (incoming) - Hannes Tschofenig (outgoing) Sean Turner noted that when the NomCom asks for feedback, it is difficult to know what sort of feedback to give on the IAB candidates because much of what the IAB does is not visible to the community. He asked the IAB members to think about what they would like to accomplish in the next one or two years and let the community know, so that there can be accountability when the NomCom is doing their assessment. Joe Hildebrand replied that the suggestion was a good one, and that he would sign up to do that in the coming months. Brian Trammell agreed to do the same. Hannes Tschofenig stated that during his tenure on the IAB, he has particularly enjoyed working on the various IAB workshops, and using them to interact with different parts of the Internet community as a way of bringing new work into the IETF. Alissa Cooper added that parts of the IAB job are not predictable in advance; much of what the IAB does is reactive, such as liaising with other organizations and responding the events in the Internet community as a whole. She noted that people will state their goals in terms of the affirmative architectural things they would like to achieve, but that there are other important functions of the IAB that happen behind the scenes that should be taken into consideration as well. Eliot Lear said that as a recently-reappointed IAB member, his goal on the IAB for the next year is to help the Internet community get through the ongoing Internet governance debates unscathed, working with the other interested players to make that happen. Marc Blanchet added that the IAB does the dirty work so that the IETF does not have to. * Russ Mundy went up to the microphone and introduced himself as the IETF's liaison to the ICANN NomCom, as appointed by the IAB. He noted that if that members of the IETF community are interested in getting more technology expertise into ICANN, the should consider volunteering for the ICANN NomCom or speaking to him later in the week about ICANN. Russ Housley thanked Russ Mundy for his service to the community. * Michael Richardson said that he had recently learned that the IAB has always had a role in the formation of BOFs and new Working Groups, and noted that the IAB has been taking a more active role in this more recently. He complimented the IAB, saying that the IAB presence in BOFs has been much more visible over the last two years, and that has been very helpful. Russ Housley thanked Michael Richardson for his comment. Alissa Cooper added that much credit should be given to former IAB member Spencer Dawkins, who initiated the work to formalize how the IAB engages in the BOF formation process. Spencer Dawkins (currently on the IESG) noted that this was all part of his master plan to make sure the IAB was helping him. * Wes George asked what process the IAB uses to vet speakers and review presentations for the Technical Plenaries. Dave Thaler replied that the IAB first tries to find speakers on topics they think are relevant to the IETF. He noted that one of the guidelines the IAB tries to follow is that the plenary should be informative or entertaining, and preferably both. For IETF 89, the IAB noted that Bitcoin and payment systems in general were making a lot of news. From there, the IAB began looking for speakers, trying to find knowledgeable people to talk on the topic who weren't going to be at the Bitcoin meeting conflicting with IETF. As for the presentations themselves, the slides are sent to the IAB in advance, and are updated based on comments received. Russ Housley noted that the post-meeting survey includes questions about plenary topics, and that the IAB receives that feedback. Dave Thaler added that the IAB also tries to ensure that the topic will have multi-area and multi-regional appeal, and will ask the question what there is for the IETF to do in that space. Mary Barnes noted that the IAB does occasionally request guidance from the community on future plenary topics (e.g., before IETF 87), and does keep a queue of potential future topics. She encouraged the community to let the IAB know what sorts of topics they would like to see discussed at future technical plenaries. * Keith Moore observed that the IAB spends a lot of time doing political work, adding that he is grateful that there are people paying attention to those topics. He noted, however, that the overall architectural direction of the Internet has taken a back seat to those political issues in recent years, and wondered if there is something that could be done structurally to help anticipate and manage tussles. Russ Housley replied that the IAB has been publishing more guidance RFCs in the past couple of years than they have in the past. Jari Arkko added that much of the architectural work is done in activities sponsored by the IAB, such as the recent STRINT workshop. He noted that the IAB's responsibility for architectural oversight also refers to the IAB driving work in other venues, in addition to writing documents themselves. * Daniel Migault suggested the Recursive InterNetwork Architecture (RINA) as a future technical plenary topic. * Phill Hallam-Baker observed that recent months have seen an increased interest in the issues surrounding pervasive surveillance, but cautioned that the IETF should keep sight of other fragilities in the Internet ecosystem as well, citing the cyber attacks during the South Ossetia war as an example of an instance where Internet security needs to be more robust. Ted Hardie replied that one of the reasons he was interested in being on the IAB was to help ramp up the IAB Security and Privacy Programs. He added that in order for the IAB to do more than they have in the past, they will need to recruit from within the IETF community and the larger Internet community as a whole to help develop systems engineering approaches to the problem. He noted that much of the IAB's past work on the topic has been to describe particular parts of the issue or the roles of particular elements in the overall network. However, the IAB should go beyond that, and describe how to put all of the pieces the IETF builds together in order to create an Internet that is both confidential and robust against attacks. Ted Hardie noted that the Internet has become such an important tool for communication that disrupting it is potentially harmful at the scale of humanity itself. He likened the situation to a water quality engineer discovering that anyone had the capability to divert the public water supply through their own property; no matter how pure the intentions of the diversion may be, the system must be re-architected to protect the people from those who would cause such diversions for malicious reasons. The issue affects every area of the IETF and beyond, into territories like user experience; the IAB recognizes the task ahead of it and will be reaching out to the IETF community for help.