Skip to main content

Agenda IETF103: hotrfc
agenda-103-hotrfc-09

Meeting Agenda Hot RFC Lightning Talks (hotrfc) Team
Date and time 2018-11-04 11:00
Title Agenda IETF103: hotrfc
State Active
Other versions plain text
Last updated 2018-11-04

agenda-103-hotrfc-09
===========================================================================
        Paper #1: Stopping Malware and Researching Threats (SMART)
---------------------------------------------------------------------------
     Authors: Kirsty Paine (NCSC)
              Kathleen Moriarty (Dell)
---------------------------------------------------------------------------

Stopping Malware and Researching Threats [SMART] is a proposed new
IRTF research group, and will be having a planning meeting at IETF
103. The group aims to investigate and publish research on a range of
cyber attacks (including malware, botnets, phishing and DDoS) and how
they can be detected and defended against in a world of encrypted
data. In this short talk, I'll explain what the group is about and
encourage people from a variety of backgrounds to attend the meeting
and plan our first steps. We have a mailing list for discussion now,
and for follow-up after the meeting; we welcome and encourage
brainstorming contributions from new and regular IETF participants,
academics and industry representatives.

===========================================================================
    Paper #2: Collaborative Automated Course of Action Operations (CACAO)
              for Cyber Security
---------------------------------------------------------------------------
     Authors: Bret Jordan
---------------------------------------------------------------------------

Threat Actors and Intrusion Sets are constantly advancing at an
increasing rate relative to cyber defense.  Further, cyber defenders
typically have to manually identify and process prevention,
mitigation, and remediation steps in order to protect their systems
and networks and address and contain problems identified during and
after an incident response.

This talk will highlight the need and possible requirements and
solutions to enable cyber defenders to use a standardized language for
mitigating and remediating cyber threats in machine relevant time.

===========================================================================
      Paper #3: It is time to re-consider "computing in the networks"
---------------------------------------------------------------------------
     Authors: Jianfei(Jeffrey) HE (Mr)
              Marie-José Montpetit (Dr.)
              Lijuan(Rachel) CHEN (Ms)
---------------------------------------------------------------------------

20 years have elapsed since the debate between Active Networking and
End-To-End Arguments in 1998.

Now, programmable data planes are rising, for examples, the
programmable switch with P4 language in DCN area and the virtual
network devices in context of NFV in both DCN and carrier’s network.

Recent research has shown that in-network caching/computing can
greatly improve the performance of distributed systems in various
applications inside DC: DNN(Deep Neural Network) training, frontend
K-V(Key-Value) caching for skewed and dynamic workload, and high
performance consensus systems(such as PaxOS).  In the wider scope of
networks outside DCs, edge/pervasive computing may also benefit from
the holistic optimization of network and compute, for example, to
address the dynamic service placement or load balancing among a large
number of edge-computing nodes.

In-network caching and computing and their potential impact on network
and application performance have already generated a large amount of
research and development.Will these new technologies and their
potential "gains" justify in-network caching/computing? If yes, what
are the impacts to the network architecture and protocol designs? We
believe that the IRTF should address this emerging field that is
important for the future of the Internet.

We are proposing a new RG called COIN, computing in the network, and
will hold a side meeting during IETF 103 at 10am on Friday November 9.

===========================================================================
                    Paper #4: Multicast Ingest Platform
---------------------------------------------------------------------------
     Authors: Jake Holland (Akamai)
              Kyle Rose (Akamai)
---------------------------------------------------------------------------

We're putting together a reference image that can respond to local
source-specific multicast signaling by discovering source info from
remote networks with DNS and pulling the right traffic in, using AMT
for transport and AMBI for data integrity.

The goal is to securely ingest multicast traffic from a remote source
network with no peering required, and no new config needed in the
source network to send traffic into the new receiving network, even
when no multicast-enabled backbone connects them.

===========================================================================
                             Paper #5: FlexIP
---------------------------------------------------------------------------
     Authors: Robert Moskowitz (HTT Consulting)
              Liguangpeng (Huawei)
---------------------------------------------------------------------------

Flexible Internet addressing and Flexible routing.

The Flexible Address Space is divided between an unbounded little
endian Global Address Part and an unbounded big endian Local Address
Part.  This allows the public network to grow and route as needed and
for the local or private networks to use addressing and that makes the
most sense within each network.  Privacy can be included in both parts
by use of a MapID.  Routing is managed in a Multi-Entrance-Trie.

Sound like PIPv2?  It is much more.  Use cases will be presented;
don't blink.

===========================================================================
      Paper #6: Nimble out-of-band authentication for EAP (EAP-NOOB)
---------------------------------------------------------------------------
     Authors: Tuomas Aura (Aalto University)
---------------------------------------------------------------------------

EAP-NOOB is an EAP method where the authentication is based on a
user-assisted out-of-band (OOB) channel between the server and
peer. It is intended as a generic bootstrapping solution for
Internet-of-Things devices which have no pre-configured authentication
credentials and which are not yet registered on the authentication
server.

===========================================================================
             Paper #7: DNS protocol police / DNS flag day 2019
---------------------------------------------------------------------------
     Authors: Petr Špaček (CZ.NIC)
---------------------------------------------------------------------------

As all IETF participants know, IETF itself is not a protocol police
... But protocol police might emerge from elsewhere!

Major open-source DNS vendors are going to execute an experiment
called "DNS flag day 2019" and to implement
http://tools.ietf.org/html/draft-spacek-edns-camel-diet and push it to
production right away. In this talk we very briefly introduce DNS flag
day 2019 and its implications.

Interested listeners will be encouraged to talk to dnsop and/or DNS
vendors involved with the project.

===========================================================================
       Paper #9: Loss-latency trade-off (LLT) and the mobile network
---------------------------------------------------------------------------
     Authors: Thomas Fossati (Nokia / MAMI project)
              Mirja Kühlewind (ETH / MAMI project)
              Pedro Andres Aranda Gutierrez (UC3M / MAMI project)
              Diego Lopez (Telefonica R&D / MAMI project)
---------------------------------------------------------------------------

The loss-latency signal proposed in [1] has several interesting
properties:

- An extremely simple semantics;
- Incrementally deployability;
- Participants have no incentive to lie, and therefore there is no
  need for the network to trust the signalling endpoints.

One facet that has not yet been explored (to the best of our
knowledge) is its impact on the mobile-network.  At least on paper,
the scheme looks like a perfect fit with the QoS model defined by 3GPP
LTE [2] where the Lo and La markings have a straight mapping into the
set of QoS class identifiers (QCI).  On ingress in the mobile network,
a trivial Traffic Flow Template (TFT) could route packets according to
their DSCP marking into an appropriate (dedicated or default) EPS
bearer.  Eventually, the radio resource manager in the eNodeB would
use this information to inform its scheduling decisions.  This makes
it particularly attractive for use on the mobile access network where
today Internet-bound flows are typically bundled together into one
"default bearer" whose QCI (typically, 9) has latency and loss rate
targets (i.e., 300 ms and 10-6, respectively) that are incompatible
with real-time traffic requirements.  An additional application of LLT
to the mobile network is its use on selecting the optimal strategy
(lossless v seamless) on cell handover.

We want to present a few preliminary results which we'll be working on
before and during the hackathon to validate the core ideas and (time
permitting) look at richer, realistic traffic mixes.

[1] J. You et al., "Latency Loss Tradeoff PHB Group," Internet 
    Engineering Task Force, 2016

[2] 3rd Generation Partnership Project, "Technical Specification Group 
    Services and System Aspects; Policy and charging control
    architecture (Release 14)," 3rd Generation Partnership Project,
    Sophia Antipolis, 2017.

===========================================================================
   Paper #10: Internet Content Tagging and Distribution Protocol (ICTDP)
---------------------------------------------------------------------------
     Authors: Nalini Elkins (Inside Products)
              vittorio bertola (Open Exchange)
              Barry Shein (TheWorld.com)
---------------------------------------------------------------------------

The recent years have seen content filtering by content providers as
well as government for cultural acceptance, human rights and law
compliance, but also for security (botnets, malware etc.) and for
user-defined policies (parental control, corporate blocking of social
networks during work time, etc.).  Some governments, in particular,
the European Union, are enacting legislation.  Some large content
providers, such as Facebook, Twitter, and Google (YouTube), are
self-censoring.

There are widely diverging opinions on whether, and under which
conditions, this kind of filtering is appropriate and good for the
Internet – this belongs to the realm of policy discussions. However,
such filtering practices are a widespread fact that will not go away,
and the document authors expect them to further increase in the coming
years; governments and the public opinion expect that the Internet's
technical and business community provides workable ways to keep
unacceptable content out of the network, possibly for definitions of
unacceptable content that vary by country and by context.

We propose one idea of a potential solution: content tagging via a new
protocol called the Internet Content Tag Distribution Protocol
(ICTDP).  The protocol would provide a standard methodology for those
who may wish to distribute and filter on tags for content

===========================================================================
        Paper #11: Routing storm. A problem for aviation and IETF?
---------------------------------------------------------------------------
     Authors: Saulo da Silva (International Civil Aviation Organization)
---------------------------------------------------------------------------

Aviation is staring to use the Internet for exchange of safety
critical messages between ground systems, ground-air and air-air
systems. The speed flown by an aircraft connected to the Internet may
disrupt the Internet infrastructure through routing storm. Is this a
problem that the aviation community and the Internet community should
be worried?

===========================================================================
   Paper #12: Localized Optimizations On Path Segment (LOOPS) Discussion
---------------------------------------------------------------------------
     Authors: Carsten Bormann (Universitaet Bremen TZI)
              Yizhou Li (Huawei)
---------------------------------------------------------------------------

Various overlays are used in networks including WAN, enterprise campus
and others. End to end path are divided into multiple segments some of
which are overlay encapsulated to achieve better path selection, lower
latency and so on. Traditional end-to-end transport layer is not very
responding to microburst and non-congestive packet loss especially
over the long haul. With the multi-segment overlayed path used over
WAN, it gives us an oppotunity to locally optimize a path segment to
achieve better throughput. We want to illustrate the problems in some
use cases and present a few preliminary solution ideas.

Interested listeners are encouraged to join the side meeting for it
(Tuesday 18:30-19:30).

===========================================================================
                       Paper #17: Concise Identities
---------------------------------------------------------------------------
     Authors: Henk Birkholz (Fraunhofer SIT)
              Carsten Bormann (Universitaet Bremen TZI)
              Max Pritikin (Cisco)
              Robert Moskowitz (HTT Consult)
---------------------------------------------------------------------------

The objective of using CWT as a basis for Identity Documents (signed
claim sets) is to gain more flexibility and at the same time more
rigorously defined semantics. In addition, the benefits of using CBOR,
COSE, and the corresponding CWT structure accrue, including more
compact encoding and a simpler implementation in contrast to classical
ASN.1 (DER/BER/PEM) structures and the X.509 complexity and
uncertainty that has accreted since X.509 was released 29 years
ago. Areas where both the compactness and the definiteness are highly
desirable is in Constrained-Node Networks [RFC7228] or scalable
security automation between platforms, in general.


===========================================================================
              Paper #13: Configuring DNS using YANG+RESTCONF
---------------------------------------------------------------------------
     Authors: Petr Špaček (CZ.NIC)
---------------------------------------------------------------------------

DNS is a well established protocol... but each implementation has
totally different configuration. Is it feasible to invent a
standardized configuration interface based on YANG+RESTCONF?

In this talk we will report experimental results from IETF 103
hackaton: Were we able to hack up common interface for two independent
DNS implementations?

Interested people are encouraged to join dnsop WG for discussion about
draft-lhotka-dnsop-iana-class-type-yang and further steps.

===========================================================================
          Paper #14: Structured Specifications in IETF Documents
---------------------------------------------------------------------------
     Authors: Stephen McQuistin (University of Glasgow)
              Colin Perkins (University of Glasgow)
---------------------------------------------------------------------------

Standards documents have been slow to adopt structured specifications
that go beyond the limited syntax that can be captured in ASCII art
diagrams and prose descriptions. Before developing a new structured
specification format, we must explore both the technical limitations
of existing approaches, and the social and cultural barriers to their
adoption. We will encourage interested listeners to discuss their
experiences with us, and to share their feedback and ideas on our
proposed approach.

===========================================================================
   Paper #15: Control Plane Telemetry: Network-wide Protocol Monitoring
              Framework
---------------------------------------------------------------------------
     Authors: Huamo Chen (Huawei)
              Yunan Gu (Huawei)
              Zhenbin Li (Huawei)
---------------------------------------------------------------------------

The requirement for better network OAM approaches has been greatly
driven by the network evolvement.  The concept of network Telemetry
has been proposed to meet the current and future OAM demands w.r.t.,
massive and real-time data storage, collection, process, exportion,
and analysis, and an architectural framework of existing Telemetry
approaches is introduced in [I-D.song-ntf].  Network Telemetry
provides visibility to the network health conditions, and is
beneficial for faster network troubleshooting, network OpEx (operating
expenditure) reduction, and network optimization. Telemetry can be
applied to the data plane, control plane and management plane.  There
have been various methods proposed for each plane:

   o Management plane: For example, SNMP (Simple Network Management
     Protocol) [RFC1157], NETCONF (Network Configuration Protocol)
     [RFC6241] and gNMI (gRPC Network Management Interface)
     [I-D.openconfig-rtgwg-gnmi-spec] are three typical widely adopted
     management plane Telemetry approaches.  Various YANG modules are
     defined for network operational state retrieval and configuration
     management.  Subscription to specific YANG datastore can be
     realized in combination with gRPC/NETCONF.

   o Data plane: For example, In-situ OAM (iOAM)
     [I-D.brockners-inband-oam-requirements] embeds an instruction
     header to the user data packets, and collects the requested data
     and adds it to the use packet at each network node along the
     forwarding path.  Applications such as path verification, SLA
     (service-level agreement) assurance can be enabled with iOAM.

   o Control Plane: BGP monitoring protocol (BMP) [RFC7854] is
     proposed to monitor BGP sessions and intended to provide a
     convenient interface for obtaining BGP route views.  Date
     collected using BMP can be further analyzed with big data
     platforms for network health condition visualization, diagnose
     and prediction applications.

The general idea of most Telemetry approaches is to collect various
information from devices and export to the centralized server for
further analysis, and thus providing more network insight. This
document identifies the problems that the current control plane
telemetry is facing, and then illustrate and conduct the requirements
and necessity of the Protocol Monitoring Protocol (PMP) framework
through the discussion of specific use cases.

===========================================================================
   Paper #16: An Architecture for Collaborative Security and Proactive
              Defense against Internet of Things Botnets
---------------------------------------------------------------------------
     Authors: SYED MUHAMMAD SAJJAD (RISE RIPHAH PAKISTAN)
              MUHAMMAD YOUSAF (RISE RIPHAH PAKISTAN)
---------------------------------------------------------------------------

This document proposes an architecture for collaborative security and
proactive defence against Internet of Things botnets. The proposed
architecture is based on the violation of the Manufacturer Usage
Description policy. This architecture provides a means of sharing the
attacker informations with the peers in order to not only achieve
proactive defense against Internet of Things botnets but also mitigate
them at its source end.