Minutes by Greg Wood and Cindy Morgan
Jari Arkko welcomed the community to the IETF 97 Plenary.
Yi Zhao from Huawei welcomed the IETF to Seoul and gave a brief presentation on "Building a Better Connected World." Jari Arkko recognized Huawei with a plaque.
Jari Arkko briefed the community on IETF-wide issues:
Jari Arkko reminded the community that the IETF expects professional behavior:
Jari Arkko updated the community on the IANA Stewardship Transition:
Jari Arkko suggested an IASA 2.0 project to the community
Jari Arkko noted that there has been a lot of discussion on the IETF mailing list about DMARC:
Jari Arkko noted that there are several test networks at IETF 97, e.g. ietf-nat64. These are there for the community to use and report bugs on when they find things that don't work.
Ray Pelletier reported that the paid attendance at IETF 97 was about 200 below expectations. The IETF did not meet the sponsorship projections for this meeting. The IETF had to pay for connectivity; thank you to NTT and ISOC Korea Chapter for help.
The Thursday Tech Talk from host Huawei will be on Service Experience Assured Networks (SEAN), presented by Andrew Malis.
Ray Pelletier thanked the host, sponsors, and volunteers who helped put the meeting together.
Leslie Daigle reported on additions to various IAOC committees:
Leslie Daigle reported that a lawsuit in which the Internet Society was listed as a defendant relating to IETF activities has been dismissed with prejudice. The lawsuit was Todd Glassey and Michael McNeil vs Microsemi, Corporation, et al. For more details, see https://iaoc.ietf.org/subpoenas.html.
Leslie Daigle updated the community on the IETF's 2016 budget. Revenue is below projections because of reduced meeting attendance and sponsorship contributions, as well as legal fees related to the lawsuit mentioned above. Overall expenses are down, but there is still a shortfall; Internet Society will make a contribution to match that shortfall.
The IAOC is revising their sponsorship offering for 2017 in order to align offerings with benefits. For more details, see https://iaoc.ietf.org/host-and-sponsorship.html.
Tobias Gondrom reported that the IETF Trust has executed the following agreements with ICANN:
IETF Trust has received approval from the IRS as a separate 501(c)3 entity, and now has its own bank account.
Lucy Lynch reported that the NomCom has interviewed about 2/3 of the candidates so far, and expects to complete 34 interviews before the end of the week. She noted that the NomCom needs more nominees in the Internet, Transport, and Operations Areas.
Community feedback to NomCom is due on November 24, 2016.
Lars Eggert reported that 10 Research Groups are meeting at IETF 97. Some RG highlights include:
The Applied Networking Research Workshop (ANRW) was held for the first time this year in Berlin; another workshop is planned next July in Prague around IETF 99.
The call for papers for the 2017 Applied Networking Research Prize (ANRP) is now open; two of the 2016 winners presented their papers at the IRTFOPEN meeting at IETF 97.
Lars Eggert reported that Allison Mankin has been selected as the next IRTF Chair; her term will begin at IETF 98 in March.
On behalf of the Internet Society, Gonzalo Camarillo presented the Jonathan B. Postel Award to Kanchana Kanchanasut for her pioneering work, three decades of devotion in Thailand and for enabling countless others to spread the Internet across Southeast Asia and beyond.
Gonzalo Camarillo announced that Ericsson will host IETF 98 in Chicago next March.
Suzanne Woolf noted that there was an attack on the Internet infrastructure on October 21, 2016 that compromised access to some well-known resources and caused an explosion of attention on DNS, IoT, mass compromises of internet-connected devices, and the business and operational models underlying the provisioning of content at internet-scale. The IAB had originally been planning a different technical topic for this plenary, but there was an immediate sense that there are some ideas to pull out of this experience. The designated speaker for that talk agreed very graciously to step aside until Chicago so we could address some of the potential insights under the surface of a headline-making incident.
Nick Sullivan from CloudFlare delivered a presentation titled "How to stay online: Harsh realities of operating in a hostile network."
Andrew Sullivan delivered a presentation titled "The Internet's Architecture is Under Attack (Ironically)."
The presentations were followed by a Q&A session with the audience, moderated by Suzanne Woolf.
Olaf Kolkman observed that in the passage from Ralph Nader's Unsafe at Any Speed referred to in Andrew Sullivan's presentation, that Nader was pointing to existing solutions that were not being used in the market. In the case of the Internet, the solutions do not exist yet. Andrew Sullivan replied that the other complaint in that situation was that there was no investment by auto industry.
Kathleen Moriarty said that she hopes this a turning point. Experts say that security will come later, e.g. the work in the SACM WG is progressing slowly. Andrew Sullivan replied that either the Internet technical community will figure out a solution, or someone else will figure it out for us. The technical community has self-interest in our industry and will need to figure out how to convince people to put money into this now. We may want to redefine how we tackle these things. We could do this by thinking about how we describe this in documents. If we can think of a way to distribute security throughout documents, maybe that would help.
*Eliot Lear said that he enjoyed the presentations. He is one of the authors of draft-ietf-opsawg-mud. He thinks there is room for everyone to be part of the solution. He noted that the IETF needs to document what the different parts of the ecosystem (users, manufacturers, etc.) need to do. Eliot Lear said that he thinks the IAB is in a good position to write out some advice along those lines.
Juan Carlos Zuniga suggested that we can learn from the IANA stewardship transition, as perhaps a multi stakeholder approach is needed. The technical community is in the best position to address the problem, but fixing it is in everyone's interest.
Hannes Tschofenig said that it is a good idea to start the dialog, but that we should resist the usual approach to solutions. We need to reach out and be inclusive and get people on board. There are few chip manufacturers to contribute in the IETF. It is not so easy to come up with recommendations that are enforceable via recommendation. Hannes Tschofenig encouraged the IAB to reach out to the other stakeholders and not just the usual suspects.
Andrew Sullivan agreed; the problem will need to be addressed at multiple levels.
Henning Schulzrinne observed that we had similar problems on PCs and mobile devices, and that these are dumb implementation problems, not political problems. The wisdom (or lack thereof) of hard coding passwords does not need writing up in a BCP. Henning Schulzrinne encouraged people to talk to their government agencies about the problem.
Dave Crocker thanked the speakers for raising some basic questions about how to talk about this. Dave Crocker said that his sense is that we are not where we need to be. The low-hanging fruit is standards with teeth. The Internet has been under attack many times at the architectural leve, and it is not always malicious. The IETF needs to move past that to discuss solutions.
Bob Hinden agreed that this is just the beginning; regulation could happen, but it is not yet clear what regulation is actually needed. In addition to protocols, we need BCPs about ‘secure devices’ to give a baseline.
An unidentified IETFer said that the open source community trying to address the problem, for example, the express data path as a solution for packet-drop.
James Woodyatt asked what architectural features make the Internet a playground for asymmetric warfare. He noted that the simple security characteristics of home gateways distribute data around the edges of the network, but he is not sure that is the way to solve the problem. He suggested that perhaps the policy people need to tell us how they want the network regulated, and then we build to that.
Andrew Sullivan replied that we pretend all the intelligence is out at the edges, but there are different classes of networks with different problems. If we want to build protocols that distribute data in a secure way, the deployment is not separate from the architecture.
Erik Nordmark said that he thinks it is clear from an operational standpoint that we need to figure out how to get better at coping with these attacks. It's asymmetric. We don't build the devices at the edge, but we have the expertise in the IETF about the things in the middle and how to look at the whole end-to-end puzzle. We will still have attacks, but we can move the whole front forward.
Lorenzo Colitti said that security has to be at the edge of an end-to-end model. He does not think our protocols are broken. That is not the attack vector; the attack vector is code that no one bothers to update because there is no incentive to do so. For an IOT device, there is no incentive to put any security in the initial build because it means you'll be behind someone else.
Andrew Sullivan replied that we have designed a system that has this vulnerability as a function. We have to assume people are going to do bad stuff. The network doesn't have any other protections against this. Nick Sullivan added that the more security we have, the better.
Gerogios Karagiannis said that there are other challenges related to privacy and personal data. The European parliament is working on this.
Eliot Lear asked where this topic can be discussed further. Andrew Sullivan replied to use email@example.com.
Before the IAB Open Mic Session, Andrew Sullivan noted that he sent out the IAB report to the community before IETF 97 via email.
Erik Kline asked if there will be a draft out about the DMARC situation. Jari Arkko replied that there will be an email, not an Internet-Draft. Barry Leiba clarified that there is a document that outlines the issues, as well as a number of suggestions about ways to mitigate this, but there is no consensus yet. There is an alternative to the DMARC spec called ARC that may work in the short-terms, but there is no consensus on how to mitigate the problem long-term without causing more problems.
John Brzozowski referred to the IAB statement on IPv6, and suggested making the primary IETF SSID v6-only, perhaps with NAT64. One thing Comcast is working on is v6-only for end-user devices, supporting NAT64 and other implementations. They are seeing an increase in IPv6 traffic and a decrease in IPv4 traffic. John Brzozowski said that it makes sense for the IETF community's primary SSID to outline a path forward for IPv6-only.
Jari Arkko said that he would like to see some of this, and thinks that an incremental approach is what we need. Lee Howard asked how he would like the IAB to write tht plan. Jari Arkko replied that an Internet-Draft would work.
Mark Townsley noted that the IETF turned off IPv4 for an hour at IETF 71 in Philadelphia back in 2008. There are other technical conferences of size that are going this already. Mark Townsley suggest that we move to IPv6-only, and turn off NAT64 during the plenary as an experiment.
Spencer Dawkins thanked the IAB for sending Brian Trammell to talk to TSVAREA about protocol transitions; that discussion was really helpful.
David Schinazi expressed support John Brzozowski's initiative towards IPv6-only.
Erik Kline asked if there is a GoFundMe for the IETF, and if not, is one needed? Leslie Daigle replied that there is an IETF endowment looking to collect money. There are also sponsorship opportunities. If anyone thinks of opportunities for sponsorship that the IAOC has not considered, please let them know.
Dave Crocker observed that historically, there has been one pot of money to spend. With the Trust now having its own PNO line, where is that money coming from? Tobias Gondrom replied that this year, it came from ISOC. The Trust is looking into how to handle this in the future, but there is no clear strategy yet.
Lorenzo Colitti suggested that people can increase funding for the IETF by registering for the meeting early, but paying for the registration late (rather than at the early-bird rate).
Pete Resnick said that he had been unable to make it to Working Group Chairs Forum, but he heard there was talk about alternate meeting room arrangements. He likes that idea, as the current setup puts chairs and document authors at the front of the room, where they might be viewed as an authority.
Spencer Dawkins replied that he has asked the chairs to talk to each other about what they are doing in different WGs. Alia Atlas added that the IESG needs to continue trying new things, and referred to the NVO3 experiment with several flip charts during IETF 97.
Margaret Cullen asked that BOF proponents be allowed to join the BOF coordination calls and contribute to the discussions. Jari Arkko replied that the IESG does not want to run the BOFs during that call, and that the minutes of that meeting are made public. Suresh Krishnan added that the earlier BOF proponents put their requests in the BOF wiki, the more time there will be for discussion before that call. Joel Jaeggli agreed, noting that the call itself is a coordination activity; the discussions about the proposed BOFs themselves need to happen earlier than that.
Jen Linkova asked how the NVO3 experiment with flip charts worked for remote participants. Alia Atlas replied that it was good in the room, but that she does not think that the small group discussions will be right for all Working Groups all the time. The key is to keep trying new things.
Stewart Bryant asked the IESG to invite document authors to speak at IESG telechats when there is a complicated document on the agenda. Alissa Cooper replied that the IESG has already been doing this for a couple of years now with authors and document shepherds. Jari Arkko added the the IESG encourages substantive discussion of documents to happen on the WG mailing lists.
Jari Arkko reiterated the IETF's commitment to working towards IPv6-only with NAT64, and asked the interested people to get together and start working on a plan.