What's up at IETF99?
By Monika Ermert, eLance Journalist - The Internet Engineering Task Force (IETF) travels to Prague again for its summer meeting. With another meeting scheduled for 2019 (IETF104), the Czech capital nearly looks like a hub for the IETF and it has considerable DNS content in its agenda this time.
A first proposal for DNS over the new “hip” transport protocol Quic should help privacy in the domain name system. Automated domain validation procedure for PKIX (in ACME) is supposed to get to last call and the debate about alternative names looks as it’s coming to at least a temporary close with the passage of the document on special names by the IETF.
DNS over Quic
It was only a matter of time before the use of Quic, brought to the IETF by Google developers as a transport protocol for DNS, was put on the agenda. The proposal now presented in the DPRIVE Working Group is co-authored by Christian Huitema, Allison Mankin, Sarah Dickinson and others. The promise the authors make is that “the encryption provided by QUIC has similar properties to that provided by TLS, while Quic transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient error corrections than UDP”. As Quic itself (see the ambitious Prague agenda, held in part jointly with the HTTP WG), DNS over Quic has moved quickly over three versions since last April.
Ondřej Surý, one of the DNS masterminds at the IETF99 host, cz.nic, believes that “this might be the right technology for the job. We need encryption in the DNS to stop leaking as much information as possible, and TLS in Quic and IETF standards are the right path to follow.” It would certainly take time to deploy, but as people were more aware of their privacy, he hoped for a more agile deployment cycle. The extension of TLS encryption to the way from recursive to authoritative server and also between authoritative servers is on the agenda of DPRIVE. “That will be no walk in the park”, the Internet Area AD Terry Manderson wrote to the group just recently. The DPRIVE WG in Prague will also ask who is currently measuring DNS over TLS implementations. Those who missed the DNS privacy tutorial last time will get another chance on Sunday. See the Quic agenda
More DNS-related topics and a home for home at last
A great number of proposals is once more on the agenda of the DNS Operations WG in Prague, spread over a two-slot session. The Extensions for Scalable DNS Service Discovery WG (DNSSD), ACME WG and Homenet WG will also discuss DNS-related drafts. After much debate about special names and the IETF-ICANN relationship, the new home for special names under “home.arpa” is in Last Call.
Oh and by the way, if you did not see it yet, the new DNSSEC key signing key is out: $ dig . DNSKEY +dnssec @a.root-servers.net.
On DNSSEC, one proposal to look at is the one on key-rolling, which some like to have more ambitious in addressing not only possible timing attacks, but also other threat models for the roll of the DNSSEC Key Singing key. Just a few days ago, a new draft on DNSSEC algorithm negotiation has been proposed, but it might come just a little late to make it to the agenda.
Crypto nevertheless remains an ever more important topic at the IETF meetings. The Cryptoforum gathers again in Prague and will talk about verifiable random functions, collective edwards-curve digital signature algorithms, hash-based signatures and more. For all those not so familiar, Cryptoforum Co-Chair Kenny Patterson presents an overview in the Security Area meeting on Post-Quantum crypto developments.
5G and the IETF
The Tuesday lunch meeting between the IETF and the 3GPP WG, which is not on the usual WG agenda, is of interest to anybody working on 5G. As former IETF Chair Jari Arkko explains in a blog post on the IETF page, “IETF work has been and will be affected by 5G”. For example, “IETF routing-related work such as traffic engineering, service chaining and source routing are likely tools in managing traffic flows in 5G networks”, Arkko describes. He says “we could consider network – application collaboration as an opportunity and ask what useful things networks can do for applications”.
Politics and Standardization
When talking about cooperation between standardization bodies, there is a whole lot of politics involved. And politics and standardization could also become topics in an interesting debate triggered by a draft of the Chair of the Human Rights Protocol Considerations Research Group (IRTF Group), Nils Ten-Oever and former IAB Chair Andrew Sullivan. Are protocols political?, the authors ask; let's have some fireworks at the IETF. During their meeting, they will also hear a talk by Milton Mueller from Georgia Tech: “Requiem for a Dream: on advancing human rights through internet architecture”.
More fun stuff from the IRTF could come from the talks of the Applied Networking Research Prize winners: Stephen Checkoway, assistant professor in the department of computer science at the University of Illinois, Chicago, will talk about a systematic analysis of the Juniper dual elliptic curve (EC) incident. Philipp Richter, doctoral student in the INET group at the Technical University of Berlin, will present a multi-perspective analysis of carrier-grade network address translator (NAT) deployment.