IABOPEN @ IETF 124

Chairs: Jana Iyengar & Tommy Pauly
When: Thursday 6 November 2025, 11:30-13:00 UTC-5
Where: Place du Canada

Summary

The IABOPEN session provided updates on various IAB initiatives,
including new work assistance, ongoing technical programs, and reports
from recent workshops. A significant portion of the session was
dedicated to an invited talk on ETSI's activities, exploring potential
collaboration with the IETF, and a report on the joint IAB/W3C TAG
workshop on age-based online content restrictions. The session concluded
with an invited talk detailing the technical impact and collateral
damage of Italy's "Piracy Shield" content blocking platform. Discussions
highlighted the IETF's role in providing technical guidance in
policy-driven areas, the complexities of inter-SDO collaboration, and
the critical importance of architectural considerations in internet
governance.

IAB Update

Slides: Chair Slides

IAB Documents

• draft-iab-ai-control-report: IAB AI-CONTROL Workshop Report —
  Approved!
• draft-iab-nemops-workshop-report: Report from the IAB Workshop
  on the Next Era of Network Management Operations (NEMOPS) —
  Approved!
• draft-iab-rfc4052bis: IAB Processes forManagement of IETF
  Liaison Relationships
• draft-iab-rfc4053bis: Procedures for Handling Liaison
  Statements to and from the IETF

Technical Programs

• E-IMPACT e-impact@ietf.org

  • Program concluding soon. Thanks for all of the great input here
    that made this program a success!

• EDM edm@iab.org

  • Meeting Thursday lunch slot
  • Continuing discussion of greasing and deployability

IAB Workshop on IP Address Geolocation

• https://datatracker.ietf.org/group/ipgeows/about/
• Week of 1 December 2025
• 32 submissions accepted!
• Virtual workshop over three days
  • Today's Use Cases
  • Gaps and Problems
  • Future Opportunities

WSIS+20 Update

The IAB has submitted input to the WSIS+20 process in two statements:

• Input to the Elements Paper
• Input to the Zero Draft

ETSI Discussion (Diego Lopez)

Slides: Getting to Know ETSI: What It Does and How

• Diego Lopez, speaking as an individual with involvement in both
  organizations, provided an introduction to ETSI. He described ETSI
  as a standards organization, originally focused on European
  telecommunications but now globally engaged in ICT standardization,
  cybersecurity, and IoT, with over 900 members.
• ETSI publishes all standards free of charge and offers open access
  to drafts. It is officially recognized by the European Union and
  provides technical guidance.
• ETSI's technical activities include Technical Committees
  (member-only, EU-linked), Industry Specification Groups (open to
  non-members), Software Development Groups (open source communities),
  and Specialist Task Forces (expert-hired work). It also hosts global
  partnerships like 3GPP and OneM2M.
• Deliverables range from normative specifications and informative
  reports to reference implementations and "demonstrative
  deliverables" (experimental results like Plugtests and Proof of
  Concepts).
• Areas of relevance to IETF include networking, cloud computing, IoT,
  network virtualization, automation, and security (including lawful
  interception).
• Diego Lopez highlighted ETSI's request for a formal liaison
  relationship with the IETF, emphasizing that the IETF LLC addresses
  previous legal status concerns. He suggested that stronger
  collaboration could involve formal MOUs and mutual awareness, or
  less formal engagement to apply IETF work to specific industry needs
  (e.g., railroad, telcos) that may not be "internet at large"
  concerns.
• Discussion on ETSI's status as a global vs. European-centered
  organization ensued, with some individuals emphasizing its global
  reach (e.g., chairs from Japan/China) and others noting its unique
  relationship with EU mandates, which can lead to divergent
  standardization efforts. The sense of those present indicated that a
  formal liaison could help avoid duplication and facilitate mutual
  referencing of standards.

Age Restriction Workshop Summary (Mark Nottingham)

Slides: Age-Based Restrictions on Content Access

• The 2.5-day workshop included diverse participants from IETF, W3C,
  tech vendors, civil society, and government, operating under a
  modified Chatham House rule.
• Report is being produced
• IAB and/or W3C (TAG) may consider additional work (e.g., statements)
• Some discussion of specific technical work already (see eg DISPATCH)
• Coordination function still uncertain

Key observations and takeaways:

• Effective collaboration across technical, policy, and vendor
  communities is crucial but currently lacking.
• Technical solutions alone are insufficient; a "whole of society"
  approach is needed.
• Clear definitions of roles and a common vocabulary are important.
• There is no single "silver bullet" technical solution; a blended
  approach is necessary to address diverse situations and edge cases
  (e.g., age estimation vs. government ID).

• The IAB and W3C TAG plan to produce a report by the end of the year.

• Information sharing and privacy concerns related to age verification
  services were highlighted, with a suggestion to investigate ongoing
  research in this area and integrate measurement aspects into
  architectural designs.

• The need for continuous engagement mechanisms for coordination
  across stakeholders (policymakers, technical community, civil
  society) was emphasized, as the issue is larger than any single SDO
  can address.

Invited Talk (Raffaele Sommese, University of Twente)

Slides: Disrupting the Internet in the name of copyright: An Italian
Story

• Raffaele Sommese presented a study on Italy's "Piracy Shield"
  platform, designed to block illegal streaming content, noting
  similar initiatives are being considered globally.
• The original 2023 law mandated blocking of IPs and domains for
  sole illegal football streaming activity within 30 minutes, with
  no unblocking. This led to significant collateral damage, including
  the blocking of Cloudflare, Imperva, and Google Drive (for over a
  day).
• A 2024 law update softened criteria to predominantly illegal
  activity, introduced a 5-day unblocking request window (but the
  block list remains private), and mandated global DNS provider
  compliance and ISP reporting of suspicious user activity.
• The study found that Piracy Shield grants private entities embedded
  blocking powers, lacks transparency, and causes widespread
  collateral damage. AGCOM's defense, based on the sheer number of
  blocked resources, was critiqued as an ineffective metric.
• By reconstructing the block list (from a leaked GitHub repo and
  AGCOM's verification portal), the study identified over 10,000 IPv4
  addresses and 400,000 FQDNs blocked from Feb 2024 to June 2025, with
  98% of IPs and 44% of FQDNs remaining blocked.