IETF 69, Chicago, Thursday, 26. July 2007
Technical plenary.
1. Welcome and introduction
2. IRTF Report (Aaron Falk)
3. IAB update (Olaf Kolkman)
4. IAB open Mic
1. Welcome and introduction by Olaf Kolkman, IAB chair
2. IRTF Report (Aaron Falk)
(see slides)
3. IAB update (Olaf Kolkman)
(see slides)
4. IAB open Mic
???: Why was there no technical presentation this time?
Olaf: We are always looking for a topic and speaker of good content
and quality to present in front of the IETF plenary. This is a
challenge sometimes. Any input is welcome.
Aaron Falck: What dou think about the suggestion to get more
researchers into the IETF? The technical presentations would be a
good starting point for that.
Eric Rescorla: if you talk in front of 1000 IETF people, you better
have something interesting to say.
???: related to technical presentations: IETF participants could be a
good resource. Why not sent mail to the list before the meeting asking
for submissions?
Harald Alvestrand: related to our the relations to the ITU: there was
a letter explaining who we are. A day was spent to talk to them prior
to IETF 69. What should IETF participants attitude be towards the ITU?
Olaf: It is important to describe who we are, how we operate and what
we are responsible for. We like to work with others, but we want to
take responsibilty for our turf.
Leslie Daigle: it is difficult to define THE relationship. She would
like to encourage more discussion and informal mettings amongst people
in both organisations.
Olaf: part of the goal of the meeting was to develop a more personal
relationship.
Alain Durand: referring to an IPv6 document that is pretty much
recommending to use NAT in IPv6. What does the IAB think about that?
Olaf: on the IESG and on the IAB there are many opinions about
that topic. No clear consensus.
Kurtis Lindqvist: anything you can do as a vendor to protect users is
a good thing. There is a distinction between the IETF and the vendors
view.
Lixia Zhang: This is an important architectural issue. We all need to
work on this, it is not just the IAB's problem.
Phil Hallam-Baker: there are big challenges for the Internet, e.g. the
end of IPv4 address space and cybercrime. He would like to see talks
that coherently address that and do not just highlight the technical
aspects. Home users are much more worried about issues like
someone stealing my credit card number. We have to think about
benefits that individual users care about and not we as engineers.
Leslie: interesting prespective. This is what should be dicussed in
the technical plenary and not just 'have clever people talk on cool
topics'. It would also be good to have a purpose to talk about a topic
(for instance either the IETF needs to do something about an issue, or
topics that are imminent and the IETF should consider etc.). We tended
to shy away from that in the last few years.
Eldwyn Davies: regarding how to engage the wider community: For
instance about the Unwanted Traffic Workshop, we are working with ISOC
on a communication strategy to get the conclusions of the workshop out
to the wider community.
Tony Hain: is disappointed about the reaction of the IAB about Alain
Durand's point. A firewall is a firewall and not a NAT.
Iljitsch van Beijnum: wants to expand on Alain's point: The IAB isn't
getting the point and is not treating it seriously. If you have a
stateful firewall on a device, that means you are cut off from many
applications (voip etc.) You are mandating a world where everything
will have to go through a server. We can avoid this by making clear
statements what is works and what doesn't work well.
Eric: this is a false statement: you can do voip through stateful
firewall, i.e. with ICE.
Dave Thaler: The v6ops WG is in Operations and Management
area. Protocol designers don't tend to participate in that area. This
is one case where the actual protocol work is done in other areas.
Russ Mundy: did research and security. To answer Aaron's question:
Yes, he would love to have more research related
presentations. Especially those that show surprising results.
Greg: used ICE and it is awful. It is inside the application. You
really don't want to do that with all IPv6 applications. This is not
the correct answer. End-to-end is the right answer in IPv6. If we want
to use middle boxes we have to be smarter. End user appliactions never
get updated, we have to be aware of that.
Joel Jaeggli: has been in this org about 10 years. In 1997 it was
communicated to me that the architectural principles were a shared
vision. Today he doesn't see a lot of work that coherently reaches
accross areas, for instance Applications and Routing. Instead he sees
narrow pieces of standards work, driven by market and business. He
doesnt' hear the IAB defining what the standards work is intended to
do, e.g. where is the end-to-end principle in current applications?
The success of the Internet is build on the assumption that we can
communicate that way. If that is not a shared vision anymore, we need
to know.
Olaf shows the slide that shows RFCs that describe architectural
principles.
Dave Thaler: firewall tend to protect bandwidth. Attacks tend to hit
those nodes that don't have a sufficient firewall.
Lixia: do we need to introduce architectural principles for firewalls?
???: it seems that if someone sets a policy saying "you cannot reach
me" this is not our business. Also if the policy says: "you can't
reach me on this port" it is not our business. ICE has a bit more
momentum right now, but there are other tools out there.
Eric: ICE was desigend for NAT traversal. It is about getting your
packets through.
???: ICE is bypassing policy. That is the problem.
Dave Crocker: has a suggestion for technical presentations: we have
Research Groups and Working Groups that are ongoing of for long
time. Some are very narrow in scope and consequently not so
interesting for a greater public. Others are more controversial and
interesting, because they cut accross areas and protocols. Firewalls
and NATs might be a good topic (if religion stays out). Suggests that
some RGs or WGs could report during the plenary.
Phil Hallam-Baker: we should be looking at features, not benefits and
conslusions, not principles. The end-to-end principle was a
conclusion. Dave Clark wrote a document that discussed where in the
network is the best point to put complexibility. When it was written
in the 80s he came to a certain conclusion. Circumstances have
changed. Putting the management at the edges is not good (because
there are too many of them), putting it in the core is not good
either. A good point to put complexity would be at the connection
between the (internal) networks and the Internet. Are we prepared to
get rid of old principls if they don't apply anymore?
Lixia: The E in IETF stands for engineering. What do we do with
engineering? She agrees that we have to evaluate the network and the
circumstances continuously. The most important thing is the robustness
of the Internet.
Leslie: spent some time looking at what the actual principles are as
opposed to the conclusions. If you look at the driving principle: to
build and maintain a robust and reliable network, what are the other
design goals. Not just that there are many devices, but what kinds of
devices etc. Do we maybe have to update the host requirements RFC? Do
we have a shared vision? Not sure.
Thomas Narten: regarding firewalls: The IETF does not like firewalls,
therefore no recommendations on what an acceptable firewall would be
where made. This created a gap. The industry filled that gap, in an
inconsistent way. Consequently they don't work so well. If we want the
IETF to help make the Interent work better, we have to admit that we
missed an opportunity with respect to firewalls. Now there is IPv6. We
have the opportunity to influence firewall behaviour in IPv6 and to
make the right recomemndations. The same applies to NATs. The industry
filled a gap. This means there is no predictability how applications
work. We created the 'behave' WG, but a little was accomplished. Now
we are having the same discussion with IPv6: do we need NAT-PT? No, we
don't. But the reality is that people will create NATs in IPv6. The
point is that with NAT-PT, we maybe making a big mistake by leaving a
vacuum out there.
Dave Thaler: agrees and IETF is trying to do something about it.
Eldwyn: we are thinking about things that need to be done
interconnecting IPv4 and IPv6. We might have failed, because we don't
seemed to have defined that very well. We all need to think about how
we can do that better - and needs to happen soon.
Bob Hinden: regarding firewalls: we don't have to assume that things
are always the way we do them here at the IETF. This is often not the
case. It is reasonable to assume that things are not so onerous as
they once were. There is a difference between a firewall and a NAT
(policy decision vs. things just happen to get through). What we are
missing is for the end hosts to tell the firewall what kind of traffic
it wants to receive. We have not developed any of that.
Dave Oran: there is some work being done about that (nsys WG?) The
IRTF end-to-middle-to-end (EMEA) RG is also working on that. It is not true
that there is no activity, but yes, we might have to be more
succesfful in turning those activities into reality and deployment.
Aaron: The EMEA RG might possibly be a good topic for a technical talk.
Brian Carpenter: referring to a paper called 'Why the Internet Only
Just Works' by Mark Handley
Summary: The Internet is going to suffer growing pains as it
progresses from providing 80% of the functionality to providing 90+%
of the functionality, as called for by the new requirements. The track
record is not at all good - the history of major changes that have
been successful is one of changes implemented at the last minute. This
should not be a surprise - there are always too many immediate issues
to be concerned with to invest time and money on those that are not
currently critical. And consensus for architectural change is very
hard to reach unless faced with a specific and pressing problem.
Brian has seen a number of research and funding proposals. Some suggest
that the only way to keep the Internet working is to make a new
one. There seems to be a disconnect.
Aaron: is familiar with someof these programs: intended to come up
with something new, not constrained by the present. The idea is to
then take the solutions and apply them on the current network. That is
clearly a valid research path.
Leslie: rather than considering if these projects will be successful
in replacing the Internet, one should participate and see if we can
learn soemthing for the current system.
Melinda Shawn: on NAT traversal: this work is tended to be done in the
voice community. We could use review from other expertise. That is been
lacking.
Richard Lamb: maybe have a summary what all the other orgs like the
ITU are doing.
Thomas Narten: There are 1 billion users on the Internet. If IPv6
would be used by 1 million, this would be insignificant. And yes, we
are running out of IPv4 really soon now. We have a short window of 1 -
3 years before people really need to look at IPv6. Only in that short
window we can fix things. The IETF tends to work best when things really
hit (are really serious) and yes - things start to hit now.
|
