=========================================================================== Paper #1: Stopping Malware and Researching Threats (SMART) --------------------------------------------------------------------------- Authors: Kirsty Paine (NCSC) Kathleen Moriarty (Dell) --------------------------------------------------------------------------- Stopping Malware and Researching Threats [SMART] is a proposed new IRTF research group, and will be having a planning meeting at IETF 103. The group aims to investigate and publish research on a range of cyber attacks (including malware, botnets, phishing and DDoS) and how they can be detected and defended against in a world of encrypted data. In this short talk, I'll explain what the group is about and encourage people from a variety of backgrounds to attend the meeting and plan our first steps. We have a mailing list for discussion now, and for follow-up after the meeting; we welcome and encourage brainstorming contributions from new and regular IETF participants, academics and industry representatives. =========================================================================== Paper #2: Collaborative Automated Course of Action Operations (CACAO) for Cyber Security --------------------------------------------------------------------------- Authors: Bret Jordan --------------------------------------------------------------------------- Threat Actors and Intrusion Sets are constantly advancing at an increasing rate relative to cyber defense. Further, cyber defenders typically have to manually identify and process prevention, mitigation, and remediation steps in order to protect their systems and networks and address and contain problems identified during and after an incident response. This talk will highlight the need and possible requirements and solutions to enable cyber defenders to use a standardized language for mitigating and remediating cyber threats in machine relevant time. =========================================================================== Paper #3: It is time to re-consider "computing in the networks" --------------------------------------------------------------------------- Authors: Jianfei(Jeffrey) HE (Mr) Marie-José Montpetit (Dr.) Lijuan(Rachel) CHEN (Ms) --------------------------------------------------------------------------- 20 years have elapsed since the debate between Active Networking and End-To-End Arguments in 1998. Now, programmable data planes are rising, for examples, the programmable switch with P4 language in DCN area and the virtual network devices in context of NFV in both DCN and carrier’s network. Recent research has shown that in-network caching/computing can greatly improve the performance of distributed systems in various applications inside DC: DNN(Deep Neural Network) training, frontend K-V(Key-Value) caching for skewed and dynamic workload, and high performance consensus systems(such as PaxOS). In the wider scope of networks outside DCs, edge/pervasive computing may also benefit from the holistic optimization of network and compute, for example, to address the dynamic service placement or load balancing among a large number of edge-computing nodes. In-network caching and computing and their potential impact on network and application performance have already generated a large amount of research and development.Will these new technologies and their potential "gains" justify in-network caching/computing? If yes, what are the impacts to the network architecture and protocol designs? We believe that the IRTF should address this emerging field that is important for the future of the Internet. We are proposing a new RG called COIN, computing in the network, and will hold a side meeting during IETF 103 at 10am on Friday November 9. =========================================================================== Paper #4: Multicast Ingest Platform --------------------------------------------------------------------------- Authors: Jake Holland (Akamai) Kyle Rose (Akamai) --------------------------------------------------------------------------- We're putting together a reference image that can respond to local source-specific multicast signaling by discovering source info from remote networks with DNS and pulling the right traffic in, using AMT for transport and AMBI for data integrity. The goal is to securely ingest multicast traffic from a remote source network with no peering required, and no new config needed in the source network to send traffic into the new receiving network, even when no multicast-enabled backbone connects them. =========================================================================== Paper #5: FlexIP --------------------------------------------------------------------------- Authors: Robert Moskowitz (HTT Consulting) Liguangpeng (Huawei) --------------------------------------------------------------------------- Flexible Internet addressing and Flexible routing. The Flexible Address Space is divided between an unbounded little endian Global Address Part and an unbounded big endian Local Address Part. This allows the public network to grow and route as needed and for the local or private networks to use addressing and that makes the most sense within each network. Privacy can be included in both parts by use of a MapID. Routing is managed in a Multi-Entrance-Trie. Sound like PIPv2? It is much more. Use cases will be presented; don't blink. =========================================================================== Paper #6: Nimble out-of-band authentication for EAP (EAP-NOOB) --------------------------------------------------------------------------- Authors: Tuomas Aura (Aalto University) --------------------------------------------------------------------------- EAP-NOOB is an EAP method where the authentication is based on a user-assisted out-of-band (OOB) channel between the server and peer. It is intended as a generic bootstrapping solution for Internet-of-Things devices which have no pre-configured authentication credentials and which are not yet registered on the authentication server. =========================================================================== Paper #7: DNS protocol police / DNS flag day 2019 --------------------------------------------------------------------------- Authors: Petr Špaček (CZ.NIC) --------------------------------------------------------------------------- As all IETF participants know, IETF itself is not a protocol police ... But protocol police might emerge from elsewhere! Major open-source DNS vendors are going to execute an experiment called "DNS flag day 2019" and to implement http://tools.ietf.org/html/draft-spacek-edns-camel-diet and push it to production right away. In this talk we very briefly introduce DNS flag day 2019 and its implications. Interested listeners will be encouraged to talk to dnsop and/or DNS vendors involved with the project. =========================================================================== Paper #9: Loss-latency trade-off (LLT) and the mobile network --------------------------------------------------------------------------- Authors: Thomas Fossati (Nokia / MAMI project) Mirja Kühlewind (ETH / MAMI project) Pedro Andres Aranda Gutierrez (UC3M / MAMI project) Diego Lopez (Telefonica R&D / MAMI project) --------------------------------------------------------------------------- The loss-latency signal proposed in [1] has several interesting properties: - An extremely simple semantics; - Incrementally deployability; - Participants have no incentive to lie, and therefore there is no need for the network to trust the signalling endpoints. One facet that has not yet been explored (to the best of our knowledge) is its impact on the mobile-network. At least on paper, the scheme looks like a perfect fit with the QoS model defined by 3GPP LTE [2] where the Lo and La markings have a straight mapping into the set of QoS class identifiers (QCI). On ingress in the mobile network, a trivial Traffic Flow Template (TFT) could route packets according to their DSCP marking into an appropriate (dedicated or default) EPS bearer. Eventually, the radio resource manager in the eNodeB would use this information to inform its scheduling decisions. This makes it particularly attractive for use on the mobile access network where today Internet-bound flows are typically bundled together into one "default bearer" whose QCI (typically, 9) has latency and loss rate targets (i.e., 300 ms and 10-6, respectively) that are incompatible with real-time traffic requirements. An additional application of LLT to the mobile network is its use on selecting the optimal strategy (lossless v seamless) on cell handover. We want to present a few preliminary results which we'll be working on before and during the hackathon to validate the core ideas and (time permitting) look at richer, realistic traffic mixes. [1] J. You et al., "Latency Loss Tradeoff PHB Group," Internet Engineering Task Force, 2016 [2] 3rd Generation Partnership Project, "Technical Specification Group Services and System Aspects; Policy and charging control architecture (Release 14)," 3rd Generation Partnership Project, Sophia Antipolis, 2017. =========================================================================== Paper #10: Internet Content Tagging and Distribution Protocol (ICTDP) --------------------------------------------------------------------------- Authors: Nalini Elkins (Inside Products) vittorio bertola (Open Exchange) Barry Shein (TheWorld.com) --------------------------------------------------------------------------- The recent years have seen content filtering by content providers as well as government for cultural acceptance, human rights and law compliance, but also for security (botnets, malware etc.) and for user-defined policies (parental control, corporate blocking of social networks during work time, etc.). Some governments, in particular, the European Union, are enacting legislation. Some large content providers, such as Facebook, Twitter, and Google (YouTube), are self-censoring. There are widely diverging opinions on whether, and under which conditions, this kind of filtering is appropriate and good for the Internet – this belongs to the realm of policy discussions. However, such filtering practices are a widespread fact that will not go away, and the document authors expect them to further increase in the coming years; governments and the public opinion expect that the Internet's technical and business community provides workable ways to keep unacceptable content out of the network, possibly for definitions of unacceptable content that vary by country and by context. We propose one idea of a potential solution: content tagging via a new protocol called the Internet Content Tag Distribution Protocol (ICTDP). The protocol would provide a standard methodology for those who may wish to distribute and filter on tags for content