Monthly Archives: October 2016

Attacks Against the Architecture

erschrecklichewasserfluth

The scale, complexity, and potential harm of Denial-of-Service attacks involving the use of compromised or misconfigured nodes or “things” is increasing. Across multiple services and activities, the network seems to be unable to defend itself effectively against large-scale bad behavior. Why is this? Can something be done about it? Who should act?

In many cases the attacks are facilitated by very poor security practices on the devices, and improvements in that area are sorely needed. However, even with such improvement it seems important to improve the ability to defend the network against such attacks.

Enormous effort is being brought to bear on this issue, which has aspects ranging from the characteristics of specific internet protocols and services, through operations, public policy, and economics. But there are also some basic technical questions that are worth discussing: is the Internet architecture enabling compromised end nodes to wreak havoc on the network? Does it suggest anything about how to defend the network better? Is there a particular role for the IETF?

The topic of the technical plenary in the 97th IETF meeting will be “Attacks Against the Architecture”, a discussion about large-scale attacks, how they leverage the internet architecture, and possible ways to think about solutions.

Join us for the discussion in the IETF technical plenary on Wednesday, November 16, 16:40-19:10. The meeting will be held in Seoul, South Korea, but there are also remote participation tools available. To register for the meeting, click here.

Andrew Sullivan, IAB Chair
Suzanne Woolf, IAB Member
Jari Arkko, IETF Chair

Graphic: A flood that hit Germany and Denmark in 1634, source: wikipedia.

New Work in Seoul

seoul_at_night

A month before the meeting our steering group collects proposals for new working groups. We decide which ones are ready enough for the community to discuss the proposals in the meeting. We did this last week, and I wanted to report what new meetings will be held.

There are also a number of new working groups that have had their community consideration earlier, and are being considered to be created, or were recently created. I will also mention some of these working groups.

Here are the new meetings:

  • The QUIC working group has just been chartered, and will meet for the first time in Seoul. This working group is taking Google’s pre-standardization QUIC protocol that has been deployed in production for several years, and will use it as a starting point to develop a UDP-based, stream-multiplexing, encrypted transport protocol with standardized congestion control, TLS 1.3 by default, a mapping for HTTP/2 semantics over QUIC, and multipath extensions. This is the IETF’s first standardized always-encrypted transport protocol, so careful consideration of applicability and operational capabilities will be key for success.
  • DNSBUNDLED will be having a non-WG forming BOF in Seoul. The responsible AD is Terry Manderson, with Andrew Sullivan as the IAB Shepherd. DNSBUNDLED is concerned with a problem statement of mapping and maintaining one DNS domain and all of its underlying name structure into another domain. The following related use cases have been proposed: 1) map across TLDs such as example.com to example.net; 2) map different label within a TLD, i.e example1.com to example2.com; 3) map different labels across different TLDs, for instance example1.com to eaxmple2.net, and lastly 4) where multiple domains map to one domain such as example.com, example.net, example.org all map to example.gTLD. The mailing list for this BOF is here and one of the Internet Drafts on this topic is here.
  • BANdwidth Aggregation for interNet Access (BANANA) will be having a non-WG forming BOF in Seoul. BANANA is concerned with providing coordinated Internet Access to a device over multiple links of different types to allow for increased bandwidth utilization, load-balancing and/or higher reliability. The goal of this BoF is to come up with a shared understanding of the problems that the IETF would like to solve in this space, complementing on and in collaboration with work ongoing in the MPTCP working group and the Broadband Forum. The group’s mailing list is here.
  • IPWAVE is a new working group, focusing on communications in vehicular networks. Vehicles are increasingly connected to the Internet. Comfort-enhancing entertainment applications, road safety applications using bidirectional data flows, and connected automated driving are some of the few new features expected in this area. This group will work on use-cases where IP is well-suited as a networking technology and will develop an IPv6 based solution to establish direct and secure connectivity between a vehicle and other vehicles or stationary systems.
  • LPWAN is a new working group that is focused on running internet protocols on a Low Power Wide Area Networks. There are several very diverse LPWA lower layer technologies such as NB-IoT, SIGFOX, LoRa, and WI-SUN. and The goal of this working group is to converge these radio technologies towards a common hour glass model, with a highly compressed form of IPv6 and CoAP between the end-device and the network gateway. This will enable the creation of common mechanisms for management of the gateway and for providing secure, Internet-based services to the applications.
  • L2SM is a proposed working group, currently under consideration. It is intended as a short-lived WG, tasked to create a YANG data model that describes a L2VPN service (a L2VPN service model) that can be used for communication between customers and network operators, and to provide input to automated control and configuration applications. The working group will attempt to derive a single data model that includes support for point-to-point Virtual Private Wire Services (VPWS) and multipoint Virtual Private LAN services (VPLS) that use Pseudowires signaled using the Label Distribution Protocol (LDP) and the Border Gateway Protocol (BGP) as described in RFC4761 and RFC6624.
  • SECEVENT is a new working group. The group works on a mechanism to convey messages between systems in order to prevent or mitigate security risks, or to provide out-of-band information as necessary.
  • SIDROPS is another new working group currently under consideration to be created. This group discusses operational experiences around the global deployment of RPKI, Origin Validation of BGP announcements and BGPSEC, collectively called SIDR. This technology helps protect the Internet routing infrastructure against various kinds of attacks.

Join our meeting to discuss these and many other interesting topics! If you haven’t registered yet, you can do so on the IETF-97 web page.

Jari Arkko, IETF Chair

Photo credits: By travel oriented – Flickr, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=41839161

IANA Stewardship Transition Goes Ahead

wordle14

Today marks the execution of the contracts and arrangements relating to the IANA stewardship transition. The US government has ended their role in this matter. I am happy about the transition, and happy that it is happening as specified by the IETF and other communities. For me, the key issue is that the communities are in charge.

A large number of people have worked hard in the communities to make this day possible. Thank you for your efforts!

This is a good day — but also in many ways just like previous days. It is what we are already doing. The Internet will continue to work as it has before. The communities continue to work with the IANA system to make sure it responds to the needs of the users, as we have. Networks and people co-operate, voluntarily, so that they can connect over the Internet. Just like what the world has been doing since the dawn of the Internet.

chairs600

green600

I asked Andrew Sullivan, IAB Chair, what he thinks. He said: “Like many things on the Internet, this is the result of many incremental steps by many people. It is incremental change that brings us the stability of the Internet.”

And I also asked Alissa Cooper, Chair of the IANA stewardship transition Coordination Group (ICG). She said: “We rarely get the opportunity to witness a global consensus as broad and diverse as the one in favor of this transition. Hundreds of people and organizations from across sectors and across the world had the courage and endurance to see this process through, and as a result the Internet is running as smoothly today as it did yesterday.”

I agree with them. This is business as usual: we will continue to be a part of the IANA system, and feel responsible for ensuring that it stays healthy and responds to community needs.

Jari Arkko, IETF Chair

Photo and graphics credits: www.wordle.net and Alain Durand