The meeting was supported by our host Huawei and co-hosts CNNIC and KISA (Korean Internet & Security Agency), and a long list of sponsors. Thank you for your support!
The topic of the meeting was of course Internet tech and its
evolution. The two most active discussion topics were the increasingly
serious Denial-of-Service attacks that we are seeing, and the
development of a new transport protocol, QUIC, as an alternative to TCP
and TLS, especially being more optimized for HTTP/2 usage.
The most recent Denial-of-Service attacks involved a number of
compromised Internet of Things devices attacking DNS infrastructure. The
IAB had organised a discussion of these attacks as an example of a more
general concern: the addition of millions of new hosts has the
capability to overwhelm the Internet infrastructure when those hosts
misbehave. There are ways to mitigate the attacks, but not without
impacts in other ways — such as finding it necessary to deploy your
services on large providers.
At the very least, I think it would be beneficial for the IETF
community to continue to call attention to folks that the minimum bar
when introducing a large number of devices (or any device) to the
Internet includes things like automatic software updates and avoiding
default passwords. I used to think this was so obvious and it needn’t be
said, but I’m not so sure anymore. Nevertheless, the area for us to
have an impact is improving on defence and mitigation mechanisms.
You can watch the video from the IAB plenary discussion here: