Filter by topic and date
IETF 118 Highlights
- Christopher A. WoodIAB Member
28 Nov 2023
The IETF 118 meeting was held in Prague in early November. In general, the meeting was productive and full of lively discussions fueled by 1067 onsite participants, and 1806 participants altogether.
Disclaimer: With parallel tracks, it is not possible to cover everything that happened during the IETF week. The IETF 118 proceedings have further details for all the meeting sessions.
One theme of work that emerged at IETF 118 was around identity and credentials, and this surfaced amongst several meetings. The first of which was the SPICE (Secure Patterns for Internet CrEdentials) Birds of a Feather (BoF) session, which aims to address interoperability challenges in using credentials across a variety of use cases. More specifically, SPICE aims to address fragmentation from underlying technologies developed across the IETF (OAUTH, COSE, PRIVACYPASS) and W3C (Verifiable Credentials, Decentralized IDentifiers) with a common mechanism for issuing and presenting credentials in a domain and credential agnostic way. There was a lot of energy and enthusiasm in the room, and with a crisper problem statement and properly scoped charter we should expect progress in this area.
The second BoF in this space was WIMSE (Workload Identity in Multi System Environments), which generally centers around identity management and related access control problems for workloads executed across diverse service platforms, including public and private cloud systems. There already exist solutions in this space, such as SPIFFE, and the BoF seeks to understand the role and limits of this existing technology, with the ultimate goal of providing best practices for this technology or addressing some of the identified gaps. There was clear interest in doing this work in the IETF, although the charter needs some further refinement before a proper WG-forming BoF session can be held.
Finally, Detecting Unwanted Location Trackers (DULT) held another BoF meeting, this time as a Working Group (WG)-forming meeting, following on from a hugely popular and contentious meeting in IETF 117. The purpose of this meeting was to refine the proposed charter into something that the IETF can adequately and appropriately specify. After a productive discussion, there appeared to be strong consensus to form a WG to address the problem (with some charter tweaks).
Alongside these BoFs, several new WGs met for the first time in Prague, including Key Transparency (KEYTRANS) and Structured Email (SML). KEYTRANS was chartered to build a standard that provides “verifiability for identity-to-public-key bindings in an authentication service for an end-to-end encrypted communication service.” This is the first transparency-related effort taken on by the IETF since the TRANS working group concluded, which helped bring about standards related to Certificate Transparency. Key transparency is a widely studied problem in the academic literature with a number of practical systems shipping in practice right now. The expectation is that this work will help unify some of these systems around a common standard for maximal reuse and interoperability.
SML met and presented initial documents for consideration of the WG, ranging from a use case oriented document, protocol bits to indicate automatic email processing, to trust and security considerations for the overall space. Time was tight and discussion was limited, though adoption calls for these core documents should commence soon so the WG can begin its work in earnest. (Separately, to those interested in learning how to chair an IETF WG, SML is looking for co-chairs! You can learn more about the role by reaching out to Alexey or Murray, or by checking out the IETF resources for new chairs.)
Outside of these meetings, other work in the IETF pressed on. Some noteworthy meetings are below.
- Messaging Layer Security (MLS) met to discuss rechartering. The group recently published RFC 9420, the MLS protocol document, and is working to finish the complementary architecture document. The recharter will determine what’s next for the group. Related to MLS was More Instant Messaging Interoperability (MIMI), which met to provide updates on proposed standards for message system interoperability. With KEYTRANS now in formation, the IETF is well underway to provide a strong technical basis for future messaging systems that benefit all users.
- Multiplexed Application Substrate over QUIC Encryption (MASQUE) spent a great deal of time discussing an extension for proxying QUIC traffic, including the output from a design team formed to identify and analyze the security and privacy properties of the protocol’s design. There was also a lively discussion about possible routing loops that could be induced by this extension.
- Transport Layer Security (TLS) saw presentations on possible future extensions, primarily those oriented around a future transition to post-quantum PKI.
- Transfer dIGital cREdentialS Securely (TIGRESS) spent a great deal of time discussing the core requirements for the deliverable, focusing primarily on the basic assumptions made about the environment in which the proposed protocol would be deployed. As was clear in the room, the design space (and protocol complexity) can vary quite significantly based on these constraints. Thankfully, there appeared to be consensus to address a simplified and more tractable problem to start.
- GENAREA had a number of interesting talks, with perhaps the most interesting one focused on IESG ballot criteria and the rules (or lack thereof) that govern them. Folks interested in the ways in which IESG members ballot on all documents should take a look at the recording for a taste of the nuance involved.
- Web Authorization Protocol (OAUTH) met and presented ongoing work related to selective disclosure of credentials. This is similar in concept to the work moving through PRIVACYPASS, albeit with different use cases in mind. Perhaps these technologies will converge.
In the Internet Research Task Force (IRTF), where research is presented to the IETF, some other interesting presentations were given.
- Measurement and Analysis for Protocols (MAPRG) had a number of interesting talks, and one in particular on the (mis)behavior of open DNS resolvers regarding DNSSEC queries.
- Human Rights Protocol Consideration (HRPC) hosted a talk on Internet connectivity in Gaza, amongst the ongoing conflict in the Middle East.
- The IRTF Open meeting hosted talks from the Applied Networking Research Prize (ANRP), including one on locating and identifying censorship devices in the network.
- Usable Formal Methods Research Group (UFMRG) presented talks on applications of formal methods in practice, including on talk on how Google applies formal methods, as well as an exploration into how the HTTP/2 rapid reset attack works to better understand if formal methods might proactively help address these problems. In addition to the meeting in the week, the UFMRG also hosted a weekend tutorial to help the community better understand Tamarin, a widely popular formal methods tool.
The Internet Architecture Board (IAB) held several meetings during the week, with the primary meeting being the general IAB Open Meeting that included an invited talk on the state of threat landscape from cyber attacks originating from state actors, with two additional IAB program meetings for the EDM and eimpact programs. The EDM program discussed its ongoing work on generalized technical advice for applying grease to protocols, whereas the eimpact meeting hosted a series of talks on topics related to the environmental impact of Internet technology.
As usual, the IETF plenary broke up the week on Wednesday evening. Outside of some friendly banter of the coffee quality in Australia, there was lengthy discussion about the fairness of rates for IETF registrations. Folks interested in equitable access to IETF meetings—a hallmark of the community—may want to revisit this section for more context.
Lastly, this week was particularly noteworthy as the Nominating Committee (NomCom) interviews were conducted all week. A total of 60 candidates stood for leadership positions in the IETF, including 29 for the IAB. A total of ten community members volunteered their time and energy to ensure that the open positions were filled with the best qualified candidates. You may find out more about this year’s NomCom process in the slide updates.
Overall, the IETF 118 week was much like other IETF meeting weeks. There was progress and productivity driven by high bandwidth meeting discussions, social connections in the hallway track, and some fun sprinkled in throughout the week as well. (The recurring Pecha Kucha session on Thursday night was full of laughs for the room.) It’s my hope that this IETF meeting brought something memorable for all IETF contributors — including new and longtime participants. See you all in Brisbane for IETF 119!