Monthly Archives: April 2016

IETF-95 Summary

cranes

We had a great IETF 95 meeting in Buenos Aires a few weeks ago, with a lot of topics and many participants.

(Para ver un resumen de la reunión de Alvaro Retana haga clic aquí: video)

remote-ad The rapid rise of the number of remote participants is interesting. While it is somewhat difficult to measure, we had maybe 500 people following the event remotely, and over 50 presentations were done remotely. We even had one of our steering group members participate remotely. This is as it should be: while the meetings are very important for networking, people should also be able to attend over the Internet. Duh, it is the Internet Engineering task force.

The second remarkable thing is of course that this was the first meeting in South America, and I was very happy to see the strong local participation — and an active one. It was good to see for instance groups of long-term Internet technologists and local students working together in the IETF Hackathon.

Altogether we had about 140 people from the region.

We had a bit over 1000 participants on site, perhaps slightly less than on more traditional IETF meeting grounds. Most of IETF meetings are held where the majority of participants come from. That was initially North America and Europe, but in the last decade or so the networking industry has grown tremendously in Asia, so we rotate there too. But there is a lot of activity, and many remaining problems in other areas of the world as well, so sometimes we’ll go out of our regular pattern.

The meeting was co-hosted by LACNIC and ISOC — thank you for stepping up to support this meeting! I was also very happy to see many local sponsors, such as IPLAN, CABASE, .AR, and NIC.BR. Thanks for the other sponsors as well: Neustar, Level 3, Comcast – NBC Universal, Huawei, A10 Networks, and ICANN.

A short version of the meeting summary in video form, made just after the meeting itself can be viewed here: video.

Technical Topics

Dealing with growth of encrypted traffic: This is one of the topics that I am personally interested in. We had two good meetings: lurk LURK, on building a distributed system that allows Content Data Networks (CDNs) to employ HTTPS/TLS while not releasing a copy of the private keys to the CDNs. This improves security and enables a larger set of operators to provide caching services. Another meeting related to this topic was ACCORD, which was about whether either better queuing algorithms or more information about traffic flow priority would be useful for better scheduling of radio resources in mobile networks.

I’m looking forward to the continuation of these topics.

Internet of Things: This is also a very active and interesting area. One of the completely new topics this time was low-power wide area networks. Early steps in this area were discussed in the LPWAN BOF. Also, some IOT-related working groups have completed their initial batches of work and are now looking at new work. For instance, the CORE working group has rechartered. The WG is looking at data formats associated with COAP communications, new communication paradigms, and management aspects. The ROLL is also discussing its new charter and work.

This meeting also saw the first time the new Thing-to-Thing Research Group (T2TRG) meets officially at the IETF. This active research group is focusing on device-to-device communications, and has already met twice outside the IETF in the last few months. Finally, at the plenary we got a report from the recent IAB workshop on semantic interoperability problems. Read up here on what the issue is.

Security: There is plenty of work on various aspects of Internet security. One of the most interesting topics this time was the work on TLS 1.3, and the discussion on its super efficient 0-roundtrip initialisation mode, and under what conditions can replay attacks be avoided in that mode. See here for an explanation of the issue, and join the TLS working group for further discussion.

IETF Hackathon

This was a wonderful experience, both in terms of what got worked on and the people who participated. There were 30+ new people, including 10+ new to the IETF. And people worked on new exciting projects as well as important ongoing ones.

hton For instance, read Nick Sullivan’s story of implementing TLS 1.3 and making it live on Cloudfare network during the hackathon, Charles Eckel’s observations of the new style of working at the Hackathon, or Agustin Formoso’s experiences as a newcomer.

big1 I also liked a lot Ole Troan’s project on adding source address routing to Vector Packet Processing (VPP). Another exciting new effort! There was also plenty of work on DNS privacy, big data, and many other things. We also have a new sponsor for this year’s IETF Hackathon events, Huawei! Thank you.

Admin Stuff

globalhosts I was very happy to see Ericsson (my employer, for the sake of transparency) announce a long-term sponsorship agreement with the IETF. Ericsson joins Cisco, Juniper Networks, and Comcast – NBC Universal as one of the Global Hosts. Each commitment is very significant (roughly 1M USD) and will support the IETF for three meetings over the course of the next ten years. You are making the IETF’s work possible!

During the meeting, we announced that the IETF is putting up a team to help should there be any concerns of harassment. Feel free to contact this friendly team if needed.

Alia Atlas gave a talk at the plenary on challenges and opportunities associated with the IETF’s changing environment. For instance, our participation and funding models are changing as it becomes possible to attend remotely. Alias’s presentation is here and the draft on future trends is here.

We are also planning ahead our next meetings. During the administrative plenary we heard a concern about the future site for IETF 100. Our administrative committee, the IAOC, has taken that concern very seriously. It has promised to do two things. First, it will determine the situation and options regarding IETF 100. Second, it will provide more information to the community as planning for future meetings proceeds. Those tasks are still in progress, but as an example of the latter, we’ve announced a set of potential future meeting sites.

Next Up

¡IETF 95 se concluyo! ¡Gracias a LACNIC, Internet Society, Buenos Aires y a todos participantes!

berlin The work continues, obviously, online. Our next meeting is coming up in July in Berlin, hosted by Juniper Networks. I want to draw particular attention to the IETF Hackathon, which is Saturday-Sunday July 16-17. Please join and make this event our largest open source and running code event so far!

Jari Arkko, IETF Chair

IETF Hackathon: Getting TLS 1.3 working in the browser

The IETF Hackathon focuses on the “running code” aspect of the IETF process — specifications and software are best developed together. I wanted to share Nick Sullivan’s story of how his team built an implementation of TLS 1.3, as it is a good illustration of this principle.

Jari Arkko, IETF Chair

————

EstudioRomano-4711

Over the last few years, the IETF community has been focused on improving and expanding the use of the technical foundations for Internet security. Part of that work has been updating and deploying protocols such as Transport Layer Security (TLS), with the first draft of the latest version of TLS, TLS 1.3, published a bit more than two years ago on 17 April 2014. Since then, work on TLS 1.3 has continued with expert review and initial implementations aimed at providing a solid base for broad deployment of improved security on the global Internet.

In February of this year, the Internet Society hosted the TRON (TLS 1.3 Ready Or Not) workshop. The main goal of TRON was to gather feedback from developers and academics about the security of TLS 1.3. The conclusion of the workshop was that TLS 1.3 was, unfortunately, not ready yet.

One of the reasons it was deemed not yet ready was that there needed to be more real-world testing of independently written implementations. There were some implementations of the core protocol, but nobody had put together a full browser-to-server test. And some of the more exciting new features like PSK-based resumption (which brings improved forward secrecy to session tickets) and 0-RTT (which reduces latency for resumed connections) were still unimplemented.

The latest IETF Hackathon held two days before IETF 95 provided the kind of focused and collaborative environment that is conducive for working through implementation and interoperability without distraction. In Buenos Aires, I was joined by key members of the Mozilla team (Eric Rescorla, Richard Barnes and Martin Thompson) as well as some other great people who joined the team on the dates of the Hackathon. We had two main stacks to work with: NSS, the cryptography library that powers Firefox; and Mint, a Golang based implementation created by Richard Barnes that I had set up on tls13.cloudflare.com.

The goals were:

  • Finish integration with Firefox so we can do an HTTPS request
  • Demonstrate Firefox->CloudFlare interoperability (with tls13.cloudflare.com)
  • Resumption-PSK between NSS and Mint
  • 0-RTT between NSS and Mint
  • 0-RTT in Firefox

We also had a stretch goal of getting 0-RTT working between Firefox and CloudFlare’s test site.

Getting TLS 1.3 integrated in Firefox took until late Saturday night (we continued in the hotel bar after the Hackathon room closed), but after fighting through segmentation faults, C++11 lambda issues, and obtaining a trusted certificate through Let’s Encrypt, we were able to see a glorious “Hi there!” with a lock icon in Firefox. By the end of the Hackathon on Sunday, we were able to browse the TLS 1.3 specification on tls13.cloudflare.com with PSK-based session resumption in Firefox.

Although we were not able to get 0-RTT working between Firefox and CloudFlare in time for the demo (we were so very close), the Hackathon was deemed a success and we were given the “Best Achievement” award. It was great experience and proved invaluable for understanding how TLS 1.3 will work in practice. I’d like to thank the IETF for hosting this event and Huawei for sponsoring it.

The work at this Hackathon and the subsequent meetings at IETF 95 have helped solidify the core features of TLS 1.3. In the coming months, the remaining issues will be discussed on the TLS Working Group mailing list with the hope that a final draft can be completed soon after IETF 96 in Berlin.

Nick Sullivan, CloudFlare

Ericsson Commits to Support the IETF in the Long Term

I am pleased to announce that Ericsson has just signed a MoU with the ISOC (Internet Society) in which Ericsson commits to support the IETF in a ongoing fashion. In particular, Ericsson will host a number of IETF meetings during the next few years. Ericsson, which is the largest mobile network infrastructure vendor in the world, already hosted the summer IETF meeting in Toronto (Canada) in 2014. Now we are sending a message to the Internet community that we are serious about supporting the IETF in the longer term as well.

We want to support the IETF because of the technical specifications it produces and also because of its importance as a forum to achieve industry alignment. The IETF is a great venue to discuss with the relevant players in the Internet community and align views on important topics.

On the technical front, Ericsson’s vision of the Networked Society is that everything that can benefit from being connected will be connected. Consequently, we are interested in technologies supporting the IoT (Internet of Things). We need protocols that are designed for devices with different types of constraints and connectivity patterns. We are also interested in technologies that are flexible enough to be deployed in heavily virtualized environments, including data centers. In these extremely flexible environments, management and orchestration systems need to evolve as well in order to support zero-touch operations in many network scenarios.

When it comes to applications involving humans, real-time communications and media delivery are high in our agenda. We need technologies that enable enhanced interactions beyond what current video and voice over IP systems currently provide. Technologies that increase the security and efficiency of networked services and the privacy of their users are of extreme importance now that more and more mission-critical operations depend on them.

Many of the technologies above, which are needed to fulfil our vision, are developed at the IETF. We are happy to see that the IETF keeps working on relevant technologies over time. Additionally, we also welcome the ongoing work on improving IETF internal processes and on integrating open source efforts into them. Any efforts that decrease the time to market of new applications and services are obviously important.

We are also glad about ISOC’s efforts aimed at making it easier for companies to support the IETF. Nowadays both large and small companies can support the IETF in many different ways, from long-term support deals involving the hosting of several IETF meetings to sponsoring a particular beverage break at an IETF meeting. Even single individuals can support the IETF through the ISOC.

In summary, the IETF brings together a diverse set of Internet players to develop technologies that are directly relevant to the fulfilment of our strategic vision. Our support, together with the support of
many other players, will ensure the economic viability of the IETF also in the future.

Gonzalo Camarillo
Head of Data/IT Standardization at Ericsson

Team to help regarding harassment concerns

In 2013, the IESG set the IETF anti-harassment policy. The IETF strives to create and maintain an environment in which people of many different backgrounds are treated with dignity, decency, and respect. Those who participate in the IETF are expected to behave according to professional standards and demonstrate appropriate workplace behaviour. IETF participants must not engage in harassment.

Last year, we concluded the process to write a BCP that defines the anti-harassment procedures, should any concerns arise. That BCP has now been published as RFC 7776. The RFC specifies that there shall be a specialist team that can be reached for help, advice, and possible actions regarding harassment concerns.

I’m happy to announce that Allison Mankin, Pete Resnick, and Linda Klieforth have accepted to become the initial members in this team. They are preparing for this role, working on their operating practices as defined by the RFC, and we are setting up additional training for them. I am though happy to have them serving in this role, given that they have a lot of experience. Allison and Pete of course have a long experience about the IETF culture, topics, and leadership roles. In addition, Pete has volunteer experience from violence and discrimination related tasks. Linda Klieforth has been the acting ombudsperson for the IETF since 2013, and is the head of HR at ISOC. And Allison has a lot of experience about the way IETF selects leadership.

Please welcome Linda, Allison, and Pete to this role. Feel free to contact them if you have any concerns, they are a very easy set of people to talk to, they will be here in Buenos Aires, and obviously everything you tell them will be kept in confidence as requested, as defined in the RFC.

More information and contacts for the team can be found on the team page at https://www.ietf.org/ombudsteam.

Also, while this isn’t strictly about harassment, this post seems like a good opportunity to remind everyone about behaving nicely. Please pay attention to how you interact with other people in the meeting and elsewhere. Think how you present criticism, for instance, and behave otherwise in a professional manner. I know you will, but sometimes spending a few seconds to think about how you go about a situation can make the experience so much better for everyone.

Jari Arkko, IETF Chair