IETF Technical Plenary Session Monday, 10 November 2014 Honolulu, Hawaii, USA Minutes by Cindy Morgan, IETF Secretariat 1. Welcome Russ Housley welcomed the community to the IETF 91 Technical Plenary, noting that there would be no technical topic this evening. The IAB is hoping to have a technical topic during the plenary at IETF 92, and welcomes ideas from the community. 2. Reporting 2.1. IAB Chair Russ Housley delivered the IAB Chair report: https://www.ietf.org/proceedings/91/slides/slides-91-iab-techplenary-2.pdf Russ Housley noted that since IETF 90, the IAB has: - reappointed Lars Eggert as IRTF Chair - reappointed Nevil Brownlee as the Independent Submissions Editor (ISE) - published RFC 7322: RFC Style Guide - appointed John Levine to the 2015 ICANN NomCom. Russ Housley reported that the IAB is currently planning a workshop on Stack Evolution in a Middlebox Internet (SEMI), to be held in January 2015. The IAB is currently in the process of appointing an IAOC member to serve from March 2015-March 2017, and will be asking the community for feedback on candidates in the next few weeks. 2.2. IRTF Chair Lars Eggert delivered the IRTF Chair report: https://www.ietf.org/proceedings/91/slides/slides-91-iab-techplenary-3.pdf Lars Eggert reported that the IRTF Chair term he was recently reappointed for (ending March 2017) will be his last, and asked anyone interested in being IRTF Chair in the future to talk to him. Lars Eggert reported that four Research Groups will meet at IETF 90, as well as two proposed Research Groups. The IRTF Open Meeting will include 3 Applied Networking Research Prize (ANRP) talks: - Sharon Goldberg, on threats when BGP RPKI authorities are faulty, misconfigured, compromised, or compelled to misbehave. - Tobias Flach, on the design of novel loss recovery mechanisms for TCP that minimize timeout-driven recovery - Misbah Uddin, on developing matching and ranking for network search queries to make operational data available in real-time to management applications. The ANRP selection committee is currently reviewing papers for 2016, and expects to have their decision by the end of December. Lars Eggert reported that Comcast has signed on as a corporate sponsor for the ANRP, but that corporate sponsorship will have no bearing on the selections, and any additional sponsors are also welcome. 2.3. RSE and RSOC Chair Heather Flanagan delivered the RSE report: https://www.ietf.org/proceedings/91/slides/slides-91-iab-techplenary-4.pdf Heather Flanagan reported that the RFC Production Center contract is required to go out to bid, and that a vendor selection committee has been chosen and will be meeting this week. The vendor selection committee is reviewing how SLAs are measured to better reflect how the RPC handles surges. Heather Flanagan reported the RFC Editor is holding an experimental writing lab at IETF 91 in order to help authors improve their documents; Heather expects to report on the outcome of this experiment at IETF 92. Heather Flanagan reported on the progress of the RFC format work since IETF 90, notably, that draft-flanagan-rfc-framework has been submitted and includes a good summary of the current state, as well as transition planning guidance. The design team drafts are also reaching stability, although they will not be published until there is running code against them. The SOWs are currently under discussion, and are expected to be sent for community review before IETF 92. Other current projects include: - documenting what should be done for digital preservation of RFCs - RFP for Digital Object Identifiers programming work - RFP for RFC Editor website revamp - RFP for automation of RFC Editor stats and reports 3. ITU Plenipotentiary High-Level Summary Sally Wentworth delivered a report on the recent ITU Plenipotentiary Conference: https://www.ietf.org/proceedings/91/slides/slides-91-iab-techplenary-5.pdf Sally Wentworth briefed the community on the outcomes of the recent ITU Plenipotentiary Conference. Discussions focused on the ITU's scope with regards to things like privacy, surveillance, human rights, policy, affordability, and sovereignty. There was no voting; all outcomes were reached by consensus. The treaty and ITU official definitions did not change, nor did the ITU expand its scope with respect to Internet operational issues. Sally Wentworth noted that the bridges built between the Internet technical community and the policy community since WCIT at the end of 2012 do matter; the work done in home countries to bring greater knowledge about the technical work do have a bearing on how these policy discussions play out. 4. Highlight Two IAB Programs 4.1. IP Stack Evolution Joe Hildebrand reported on the current activities of the IP Stack Evolution Program: https://www.ietf.org/proceedings/91/slides/slides-91-iab-techplenary-6.pdf The starting point for the work in the IP Stack Evolution Program is the notion that the hourglass has two stems: one for IPv4, and one for IPv6. However, that notion is not what is happening in the real world today. More is being built with HTTP and TLS, and the waist of the hourglass is getting tighter. The work is being driven by endpoints such as browsers. As a consequence, some of our ability to innovate in the transport space has been limited. There are problems on the local box; there is not great control over IP headers or how much multipath TLS one can do. Some things envisioned by protocol developers are not as accessible to application programmers as is desired. This means that there are not as many opportunities to add new security. Even if one fixes the interface, there is the matter of middleboxes; they are there for a reason. As a starting point for new work in this space, there is a proposal for a new layer on top of UDP. This would allow a partial defense against middleboxes. The IP Stack Evolution Program was formed to provide guidance and coordinate efforts towards breaking the current logjam. It relates to current IETF work in the TAPS, TCPINC, and AQM Working Groups. It is looking for more use cases in the RAI and APP Areas. The IAB is a holding workshop on Stack Evolution in a Middlebox Internet (SEMI) in Zürich in January. A report from the workshop will follow in the Dallas IETF timeframe. The Program has several documents in progress: - draft-iab-filtering-considerations: inherited from IP Evolution Program, comments under review - draft-blanchet-iab-internetoverport443: to evolve into statement on architectural considerations for HTTPS as a transport - draft-eggert-tsvwg-rfc5405bis: to evolve into statement on architectural considerations for UDP transport encapsulation 4.2. Privacy and Security Ted Hardie reported on the current activities of the Privacy and Security Program: https://www.ietf.org/proceedings/91/slides/slides-91-iab-techplenary-7.pdf Ted Hardie noted that the work in the Privacy and Security Program focuses on three challenges: 1. Internet protocols are developed as building blocks and thus security and privacy protections are piecemeal 2. security approaches presume that attackers have resources on par with those available to those secure the system. 3. many systems breach confidentiality to simplify the delivery of services or meet other requirements. The Program work is being split into three streams: Internet scale resilience, Confidentiality, and Trust. The Internet scale resilience stream is doing work on route hijacking and DDOS and related attacks. Documents are planned that will describe the available mitigations and work with related IETF programs to limit the development of protocols which offer amplification opportunities to the attackers. The confidentiality stream is working on threat models related to surveillance; an IAB statement on the applicability of cleartext protocols is currently in progress. The trust stream is working on PKI infrastructure, trying to understand how to work with multiple sources of truth within a system. Planned work includes a threat model document, as well as an IAB statement on designing protocols with multiple sources of truth. 5. IAB Open Mic The IAB took the stage for the open microphone session: - Jari Arkko, IETF Chair - Mary Barnes - Marc Blanchet - Joel Halpern - Ted Hardie - Joe Hildebrand - Russ Housley, IAB Chair - Eliot Lear - Erik Nordmark - Andrew Sullivan - Dave Thaler Lars Eggert (IRTF Chair), Heather Flanagan (RFC Series Editor), and Sally Wentworth joined the IAB on stage. Russ Housley noted that IAB members Xing Li and Brian Trammell were not able to attend IETF 91. * Stewart Bryant asked the RFC Series Editor whether any progress was being made on modernizing the authoring system so that drafts can be written in English and not in code. Heather Flanagan replied that there has been a discussion about this on the RFC-interest mailing list, and that the first step would be to document the requirements. Heather is looking for a volunteer from the community to work on documenting those requirements. * Bob Hinden noted that he was pleased to see the IAB work on IP stack evolution, and asked whether the IAB thinks the success of that work would mean that the web would not be the only place to do applications. Joe Hildebrand replied that several recent BOFs have done work on having paths to talk to applications. If that energy can be harnessed, and if the incentives of the middlebox vendors can be aligned with those who write applications, then there may be room for progress. Joe added that he is not quite yet hopeful, but he believes that the right people are now having the conversation. * Charlie Perkins observed that he was pleased to see SVG included with the upcoming RFC format changes, and asked how many lines of SVG would be needed to render Heather's picture of a cat. Heather Flanagan replied that the format draft of SVG is online for people to look at, and that the team has been prototyping ways to tighten up the SVG coding. Charlie Perkins thanked Heather Flanagan for her response, and reiterated Stewart Bryant's earlier request for a WYSIWYG tool so that authors don't have to use XML. * Stewart Bryant noted that Ted Hardie talked about trust during his presentation on the Privacy and Security Program work. He noted that during the Autonomic Networking Integrated Model and Approach (ANIMA) WG session earlier in the day, the question of compromised nodes was raised. Stewart asked if the Privacy and Security Program intends to include Byzantine behavior in their trust analysis. Ted Hardie replied that there would probably not be a deep analysis; the Program might point to it, but would likely not do much original work on that. He added that if one does see applicability there, then it would be useful to send email to the Program noting it so that the Program can figure out how best to incorporate that. Stewart Bryant added that in the domain of systems outside of a secure facility, there is a need in the routing layer to make sure that no one is lying about the paths. Ted Hardie thanked Stewart for raising that point. * Phillip Hallam-Baker said that he was excited to see the architecture work the IAB is doing, but observed that on the privacy side, the IETF is not only the protector of the end user, but also part of the threat. He asked if the IETF has a research policy on using human subjects, noting that in the United States, there is a risk of a federal crime with regards to human subject testing. Phillip added that it would be good if people were reminded that if one is doing research on the users of the Internet, that one should consider the data being collected, and how that data can be used and abused. * There were no further questions from the community, and the IETF 91 Technical Plenary was adjourned.