Here is a short summary of my Monday at IETF 98 in Chicago. Highlights were DNS operations and an effort to standardise address management systems.
Please also see my IETF 98 updates from Sunday, Wednesday and Friday.
View from the 40th floor of the hotel
DNS operations - active as ever
The DNS Operations working group falls under the Operations and Management area. At IETF 98, we acquired a new area director (AD): Warren Kumari has taken Joel Jaeggli's place who had been the AD for three years. The DNS operators community is a very active one and the WG had a packed agenda with many, many work items. There were many engaged discussions, for instance about NSEC3 vs. NSEC5: while NSEC5 provides some good protection against zone enumeration with a better rate of online key signing, some people were concerend that this will be another hurdle for to deploy DNSSEC. Sara Dickinson presented on CBOR which is demonstrating a huge advantage for DNS packet capture and logging over PCAP+gzip. I noticed that along with Sara the number of active women in this working group seems to higher than average! Sharon Goldberg did the remote presentation on NSEC5 for instance.
Important sister of the IETF: the IRTF
Unfortunately we had to cancel the Internet Research Task Force (IRTF) overview tutorial on Sunday, because the speaker was ill. But the IRTF Open Meeting, also gave a good insight into the current activities of the IRTF. Seven of the ten research groups are meeting this week during the IETF meeting. After Lars Eggert was the chair for six years, Allison Mankin has been appointed new IRTF chair. It is very exciting to see a woman as IRTF chair and a woman as IETF chair.
Address space management
The Coordinated Address Space Management (CASM) BoF has been set up to create a standardised interfaces for the management of IP addresses. The current IP address management (IPAM) systems lack such a standard. Working for a Regional Internet Registry (RIR), I was interested to see where this is going. The solutions proposed during the BoF were unfortunately only looking at the address management inside a network, pointing 'down' to the Broadband Network Gateway (BNG) and device specific configuration. The link 'up' to the RIRs is missing. But only once we look at the entire tree, protocols such as RPKI or the current RIPE NCC reverse DNS management system will work. There were also concerns that the proposed solutions will not work for IPv6. And "if it only does IPv4, it is broken", as George Michaelson put it. This work will be continued on the mailing list. At this stage it is even a little unsure if the problem is well specified, but there is strong potential that this will become an IETF working group. Some attendees have expressed interest in coming to the next RIPE meeting to discuss the address management issues with the community there.
Please also see this article by George Michaelson on the role of RIRs in the IPAM discussion.
In most sessions I attended some presentations were done remotely. This actually worked pretty well in most cases (depending on the connectivity of the speaker). The IETF has been working hard over the last few years to improve remote participation.
See below another fascinating hotel carpet design. :-)
Comments are disabled on articles published more than a year ago. If you'd like to inform us of any issues, please reach out to us via the contact form here.
Stéphane Bortzmeyer •
Regarding the women participation in dnsop, there is also the co-chair, Suzanne Woolf. Regarding NSEC5, it provides indeed "good protection against zone enumeration" but not with "a better rate of online key signing", but with a cute cryptographic hack, the VRF (Verifiable Random Functions). Unlike NSEC3, VRF requires on-line signing (but it provides a better protection). (And there is also NSEC3 with white lies, but I stop here.)