IETF 69, Chicago, Thursday, 26. July 2007 Technical plenary. 1. Welcome and introduction 2. IRTF Report (Aaron Falk) 3. IAB update (Olaf Kolkman) 4. IAB open Mic 1. Welcome and introduction by Olaf Kolkman, IAB chair 2. IRTF Report (Aaron Falk) (see slides) 3. IAB update (Olaf Kolkman) (see slides) 4. IAB open Mic ???: Why was there no technical presentation this time? Olaf: We are always looking for a topic and speaker of good content and quality to present in front of the IETF plenary. This is a challenge sometimes. Any input is welcome. Aaron Falck: What dou think about the suggestion to get more researchers into the IETF? The technical presentations would be a good starting point for that. Eric Rescorla: if you talk in front of 1000 IETF people, you better have something interesting to say. ???: related to technical presentations: IETF participants could be a good resource. Why not sent mail to the list before the meeting asking for submissions? Harald Alvestrand: related to our the relations to the ITU: there was a letter explaining who we are. A day was spent to talk to them prior to IETF 69. What should IETF participants attitude be towards the ITU? Olaf: It is important to describe who we are, how we operate and what we are responsible for. We like to work with others, but we want to take responsibilty for our turf. Leslie Daigle: it is difficult to define THE relationship. She would like to encourage more discussion and informal mettings amongst people in both organisations. Olaf: part of the goal of the meeting was to develop a more personal relationship. Alain Durand: referring to an IPv6 document that is pretty much recommending to use NAT in IPv6. What does the IAB think about that? Olaf: on the IESG and on the IAB there are many opinions about that topic. No clear consensus. Kurtis Lindqvist: anything you can do as a vendor to protect users is a good thing. There is a distinction between the IETF and the vendors view. Lixia Zhang: This is an important architectural issue. We all need to work on this, it is not just the IAB's problem. Phil Hallam-Baker: there are big challenges for the Internet, e.g. the end of IPv4 address space and cybercrime. He would like to see talks that coherently address that and do not just highlight the technical aspects. Home users are much more worried about issues like someone stealing my credit card number. We have to think about benefits that individual users care about and not we as engineers. Leslie: interesting prespective. This is what should be dicussed in the technical plenary and not just 'have clever people talk on cool topics'. It would also be good to have a purpose to talk about a topic (for instance either the IETF needs to do something about an issue, or topics that are imminent and the IETF should consider etc.). We tended to shy away from that in the last few years. Eldwyn Davies: regarding how to engage the wider community: For instance about the Unwanted Traffic Workshop, we are working with ISOC on a communication strategy to get the conclusions of the workshop out to the wider community. Tony Hain: is disappointed about the reaction of the IAB about Alain Durand's point. A firewall is a firewall and not a NAT. Iljitsch van Beijnum: wants to expand on Alain's point: The IAB isn't getting the point and is not treating it seriously. If you have a stateful firewall on a device, that means you are cut off from many applications (voip etc.) You are mandating a world where everything will have to go through a server. We can avoid this by making clear statements what is works and what doesn't work well. Eric: this is a false statement: you can do voip through stateful firewall, i.e. with ICE. Dave Thaler: The v6ops WG is in Operations and Management area. Protocol designers don't tend to participate in that area. This is one case where the actual protocol work is done in other areas. Russ Mundy: did research and security. To answer Aaron's question: Yes, he would love to have more research related presentations. Especially those that show surprising results. Greg: used ICE and it is awful. It is inside the application. You really don't want to do that with all IPv6 applications. This is not the correct answer. End-to-end is the right answer in IPv6. If we want to use middle boxes we have to be smarter. End user appliactions never get updated, we have to be aware of that. Joel Jaeggli: has been in this org about 10 years. In 1997 it was communicated to me that the architectural principles were a shared vision. Today he doesn't see a lot of work that coherently reaches accross areas, for instance Applications and Routing. Instead he sees narrow pieces of standards work, driven by market and business. He doesnt' hear the IAB defining what the standards work is intended to do, e.g. where is the end-to-end principle in current applications? The success of the Internet is build on the assumption that we can communicate that way. If that is not a shared vision anymore, we need to know. Olaf shows the slide that shows RFCs that describe architectural principles. Dave Thaler: firewall tend to protect bandwidth. Attacks tend to hit those nodes that don't have a sufficient firewall. Lixia: do we need to introduce architectural principles for firewalls? ???: it seems that if someone sets a policy saying "you cannot reach me" this is not our business. Also if the policy says: "you can't reach me on this port" it is not our business. ICE has a bit more momentum right now, but there are other tools out there. Eric: ICE was desigend for NAT traversal. It is about getting your packets through. ???: ICE is bypassing policy. That is the problem. Dave Crocker: has a suggestion for technical presentations: we have Research Groups and Working Groups that are ongoing of for long time. Some are very narrow in scope and consequently not so interesting for a greater public. Others are more controversial and interesting, because they cut accross areas and protocols. Firewalls and NATs might be a good topic (if religion stays out). Suggests that some RGs or WGs could report during the plenary. Phil Hallam-Baker: we should be looking at features, not benefits and conslusions, not principles. The end-to-end principle was a conclusion. Dave Clark wrote a document that discussed where in the network is the best point to put complexibility. When it was written in the 80s he came to a certain conclusion. Circumstances have changed. Putting the management at the edges is not good (because there are too many of them), putting it in the core is not good either. A good point to put complexity would be at the connection between the (internal) networks and the Internet. Are we prepared to get rid of old principls if they don't apply anymore? Lixia: The E in IETF stands for engineering. What do we do with engineering? She agrees that we have to evaluate the network and the circumstances continuously. The most important thing is the robustness of the Internet. Leslie: spent some time looking at what the actual principles are as opposed to the conclusions. If you look at the driving principle: to build and maintain a robust and reliable network, what are the other design goals. Not just that there are many devices, but what kinds of devices etc. Do we maybe have to update the host requirements RFC? Do we have a shared vision? Not sure. Thomas Narten: regarding firewalls: The IETF does not like firewalls, therefore no recommendations on what an acceptable firewall would be where made. This created a gap. The industry filled that gap, in an inconsistent way. Consequently they don't work so well. If we want the IETF to help make the Interent work better, we have to admit that we missed an opportunity with respect to firewalls. Now there is IPv6. We have the opportunity to influence firewall behaviour in IPv6 and to make the right recomemndations. The same applies to NATs. The industry filled a gap. This means there is no predictability how applications work. We created the 'behave' WG, but a little was accomplished. Now we are having the same discussion with IPv6: do we need NAT-PT? No, we don't. But the reality is that people will create NATs in IPv6. The point is that with NAT-PT, we maybe making a big mistake by leaving a vacuum out there. Dave Thaler: agrees and IETF is trying to do something about it. Eldwyn: we are thinking about things that need to be done interconnecting IPv4 and IPv6. We might have failed, because we don't seemed to have defined that very well. We all need to think about how we can do that better - and needs to happen soon. Bob Hinden: regarding firewalls: we don't have to assume that things are always the way we do them here at the IETF. This is often not the case. It is reasonable to assume that things are not so onerous as they once were. There is a difference between a firewall and a NAT (policy decision vs. things just happen to get through). What we are missing is for the end hosts to tell the firewall what kind of traffic it wants to receive. We have not developed any of that. Dave Oran: there is some work being done about that (nsys WG?) The IRTF end-to-middle-to-end (EMEA) RG is also working on that. It is not true that there is no activity, but yes, we might have to be more succesfful in turning those activities into reality and deployment. Aaron: The EMEA RG might possibly be a good topic for a technical talk. Brian Carpenter: referring to a paper called 'Why the Internet Only Just Works' by Mark Handley Summary: The Internet is going to suffer growing pains as it progresses from providing 80% of the functionality to providing 90+% of the functionality, as called for by the new requirements. The track record is not at all good - the history of major changes that have been successful is one of changes implemented at the last minute. This should not be a surprise - there are always too many immediate issues to be concerned with to invest time and money on those that are not currently critical. And consensus for architectural change is very hard to reach unless faced with a specific and pressing problem. Brian has seen a number of research and funding proposals. Some suggest that the only way to keep the Internet working is to make a new one. There seems to be a disconnect. Aaron: is familiar with someof these programs: intended to come up with something new, not constrained by the present. The idea is to then take the solutions and apply them on the current network. That is clearly a valid research path. Leslie: rather than considering if these projects will be successful in replacing the Internet, one should participate and see if we can learn soemthing for the current system. Melinda Shawn: on NAT traversal: this work is tended to be done in the voice community. We could use review from other expertise. That is been lacking. Richard Lamb: maybe have a summary what all the other orgs like the ITU are doing. Thomas Narten: There are 1 billion users on the Internet. If IPv6 would be used by 1 million, this would be insignificant. And yes, we are running out of IPv4 really soon now. We have a short window of 1 - 3 years before people really need to look at IPv6. Only in that short window we can fix things. The IETF tends to work best when things really hit (are really serious) and yes - things start to hit now.