Kevin Meynell

Author Archives: Kevin Meynell

IETF 101, Day 2: A bit of Rosie Lee (Mobility)

This week is IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. After a hectic Monday there’s less dashing around needed today, although there’s a few things to highlight, even if you’ll have to choose between them as they’re unfortunately all scheduled at the same time.

NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.

DNSOP starts its first of two sessions at 15.50 GMT/UTC (it continues on Thursday. Several of the drafts under discussion relate to the Root KSK Rollover and how to better automate and monitor key rollovers.

At the same time, DOTS is also meeting and has a bit of a mixed agenda with four drafts up for discussion, implementation reports, and feedback on the Hackathon.

There are two drafts covering the Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel and Data Channel specifications, one that establishes an architecture for establishing and maintaining signalling within and between domains, with the last one presenting use cases describing the interactions expected between DOTS components and messaging exchanges.

Alternatively, DMM has a very busy agenda with no Continue reading

IETF 101, Day 1: Would you IPv6 it?

It’s another packed week at IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Monday is a very full day with two important IPv6 working groups, one on IoT, a couple on routing, and another couple related to crypto.

The week begins bright and early at 09.00 GMT/UTC with V6OPS, although it has a relatively light agenda with a discussion on implementing IPv6-preferred data centres to start the meeting, and 7 drafts on which comments are being requested.
The couple of new drafts are Requirements for IPv6 Routers that defines a set of recommendations for routers, switches, and middleboxes deployed in IPv6 networks; and Using Conditional Router Advertisements for Enterprise Multihoming that proposes a solution to the problem of enterprise multihoming without address translation by using Router Advertisements to influence the host source address.

NOTE: If you are unable Continue reading

ISOC’s Hot Topics at IETF 101

Tomorrow begins IETF 101 in London, United Kingdom, and it’s the third time that an IETF has been held in the country. Following on the heels of our Rough Guide to IETF 101 where we go in-depth about specific topics of interest, the ISOC Internet Technology Team is again highlighting the latest IPv6, DNSSEC, Securing BGP, TLS and IoT related developments as the week progresses.

Below are the sessions that we’ll be following in the coming week. Note this post was written in advance so please check the official IETF 101 agenda for any updates, room changes, or final details.

Monday, 18 March 2018

Tuesday, 19 March 2018

Rough Guide to IETF 101: IPv6

In this post for the Internet Society Rough Guide to IETF 101, I’m reviewing what’ll be happening at the IETF in London next week.
IPv6 global adoption rates continue to rise (to approximately 22% according to Google), although at a slightly slower overall rate since the last IETF. Nevertheless, there’s still substantial growth in IPv6 capability in large markets such as the United States, India and Germany, with Belgium still leading the world. There has also been significant progress in Greece, Brazil, Malaysia, Finland, Switzerland and Uruguay recently, whilst Japan, the UK and France continue to show consistent growth. The amounts of native IPv6 traffic seen on the Internet still does not entirely reflect global IPv6 capabilities, but with most major content and cloud providers now supporting IPv6, and mobile networks increasingly preferring IPv6, this gap will continue to close.
IPv6 is an important focus for the IETF, particularly with respect to the standardisation work related to the Internet-of-Things. And it’s straight into the IPv6 work on Monday, with both the IPv6 Operations (v6ops) and IPv6 Maintenance (6man) Working Groups being held that day, along with three other IoT-related Working Groups.
The IPv6 Operations (v6ops) Working Group is Continue reading

Promoting RIPE-690 @ Netnod

Our colleague Jan Žorž will be promoting RIPE-690 “Best Current Operational Practice: IPv6 prefix assignment for end-users – persistent vs non-persistent, and what size to choose” as the opening keynote at the forthcoming Netnod Meeting on 14-15 March 2018 in the Sheraton Hotel, Stockholm, Sweden.

RIPE-690 outlines best current operational practices for the assignment of IPv6 prefixes (i.e. a block of IPv6 addresses) for end-users, as making wrong choices when designing an IPv6 network will eventually have negative implications for deployment and require further effort such as renumbering when the network is already in operation. This was published in late 2017 after a year of intensive work by IPv6 experts around the world, supported by the Internet Society’s Deploy360 programme.

Netnod is a neutral, not-for-profit Internet infrastructure organisation based in Sweden that operates six Internet exchange points (IXPs) in five different cities where network operators can connect and exchange traffic.

There’s also several other interesting talks on the agenda, including trends in Internet-of-Things Distributed-Denial-of-Service botnets, prudent TLS, how to practically deploy IPv6 in the mass-market, how clouds are making new demands for connectivity and hyperconnected datacentres, and establishing research networks in Arctic environments, plus a panel session on the future of peering Continue reading

ICANN seeking public comment on Root KSK rollover process for DNSSEC

On 11 October 2018, should ICANN roll the Root Key Signing Key (KSK) that is at the heart of DNSSEC? ICANN is planning to restart the rollover process for the Root KSK and is therefore seeking public review of their new plan.  It includes more publicity about the need to be prepared for the rollover, and analysis of data indicating the level of preparedness.

The Plan for Continuing the Root KSK Rollover describes how ICANN intends to roll the root key signing key (KSK), and is based on input from the technical community following their decision to postpone the rollover last year.

Further input is requested by 2 April 2018. This will be used to prepare a final plan that will be presented to the ICANN Board for approval. ICANN is seeking public comments and we encourage you to read the plan and submit your views.

Learn how to submit your comments to ICANN

The Root KSK was originally planned to be rolled over on 11 October 2017, but ICANN postponed the rollover due to collected data that showed that a significant number of resolvers used by network operators were not ready for this. This meant that significant sections of the Internet could experience Continue reading

FIRST/TF-CSIRT: The Changing Face of Cybersecurity

The Internet Society was recently approved as a Liaison Member of TF-CSIRT, the European Forum for Computer Security Incident Response Teams, and therefore took the opportunity to participate in the FIRST/TF-CSIRT Symposium that was held 5-7 February 2018 in Hamburg, Germany.

The Internet Society continues to support organisations and activities concerned with maintaining the safety, stability and security of the Internet, and our colleague Kevin Meynell is already known within the TF-CSIRT community having run the forum between 2008 and 2012 and overseen its transition from a grouping of primarily academic CSIRTs to a wider industry body encompassing more than 160 National, Government, Military and Commercial CSIRTs, as well as those in academia.

TF-CSIRT meets three times per year, but starting in 2008 the first meeting of the year has always been held jointly with FIRST, the global Forum of Incident Response and Security Teams. This provides an opportunity for the European CSIRTs to meet with their counterparts around the world to exchange information, and develop the networks of trust that are critical to effective cooperation in handling cyber incidents when they occur, but also in development of early warning and prevention techniques.

And a number of the presentations had particular Continue reading

Promoting routing security in Middle East R&E

The Internet Society continues to deepen its engagement with the Middle East by participating in the e-AGE 2017 Conference. This was held on 2-4 December 2017 at the Arab League in Cairo, Egypt, and was organised by the Arab States Research and Education Network (ASREN) and co-sponsored by the Internet Society and ICANN.

ASREN is a non-profit association of National Research and Education Networks in the Middle East that aims to connect institutes to enable access to services, applications and computing resources within the region and around the world, and to boost scientific research and cooperation amongst its members. Its mandate covers 22 countries, and it has partnered with the major regional R&E networking initiatives elsewhere in the world, including GÉANT (Europe), Internet2 (United States), CANARIE (Canada), WACREN (West Africa) and RedCLARA (Latin America). International connectivity is supported by the EU-funded EUMEDConnect3 and EUMEDGrid projects.

There were two main themes to the conference – that NRENs were access pathways to global knowledge, and that NRENs needed to distinguish themselves by doing things that were not or could not be provided by commercial ISPs. Michael Foley (World Bank) highlighted how the NRENs had played a key role in the evolution of Continue reading

ION Belgrade: So long, farewell, auf Wiedersehen, do tada!

Deploy360 organised its fifth ION Conference of the year on 23 November 2017 at the Hyatt Regency Hotel in Belgrade, Serbia. This was co-located with RSNOG 3, the Republic of Serbia Network Operators Group meeting, and attracted over 85 participants.

This was also the occasion of our 25th and last ION Conference, as after a run of seven years, we plan to focus more on targeted events with regions. The Internet ON (ION) series of conferences started in San Francisco back in 2010, subsequently taking in 22 countries in five continents to raise awareness and encourage deployment of IPv6, DNSSEC, DANE, TLS and routing security. More than 2,000 participants from network operators, governments, academia and commercial enterprises have attended the conferences, and during this time global IPv6 deployment has increased from barely registering in 2010 to well over 20% today.

We would like to take this opportunity to thank our series sponsor Afilias for making all this possible.

Turning to the event though, Megan Kruse opened the proceedings with an overview of the Deploy360 programme, followed by ISOC Board Member Desiree Miloshevic providing an update on the activities of our ISOC Serbia Belgrade Chapter.

This Continue reading

Deploy360 at IETF 100, Day 5: Zaìjiàn from the Lion City

There’s a couple of sessions of interest on the last day of IETF 100 before we wrap up for the week. Friday is only a half-day, but still manages to fit in sessions on human rights considerations and encryption. Human rights is not a topic that Deploy360 typically covers, but we have been increasingly asked to discuss the IRTF initiative on Human Rights Protocols Considerations. (There’s also a recent IETF Journal article on Human Rights Protocol Considerations.)

HRPC is researching the human rights threats on the Internet, whether standards and protocols can enable or threaten these, and is developing recommendations on developing Internet protocols around this. It recently published RFC 8080 outlining human rights threats on the Internet, and will be meeting at 09.30 SGT/UTC+8 to discuss three other drafts relating to Freedom of Association on the Internet, the Politics of Standards, and Unrequested Communications. There will also be a presentation on Chainiac: end-to-end software supply chain security and transparency, plus the next steps forward will be discussed.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

PERC is also meeting at the same time, and has three drafts up for discussion. Continue reading

Deploy360 at IETF 100, Day 4: Woohoo for DOH!

This week is IETF 100 in Singapore, and we’re bringing you daily blog posts highlighting some of the topics that Deploy360 is interested in. Thursday is another busy day, with the second sessions of the V6OPS and DNSOPS Working Groups, along with the first meeting of the DOH Working Group and other encryption-related activities.

V6OPS continues at 09.30 SGT/UTC+8 from where it left off. On the agenda are drafts relating to 464XLAT Deployment Guidelines for Operator Networks, transition requirements for IPv6 customer edge routers, and IPv6 prefix delegation for hosts. There’s other drafts on DHCPv6 Prefix Delegation and Neighbour Discovery on a cellular connected IoT router, and on using a /64 from a customer prefix for numbering an IPv6 point-to-point link. Finally, there’s an initiative to clarify about what functionalities should determine whether a network is ‘IPv6-only’.

Running at the same time is TLS, which will be primarily focusing on the two big issues of TLS 1.3 and DTLS 1.3. However, it will also be discussing drafts on connection ID, exported authenticators, protecting against denial of service attacks, and application layer TLS.

NOTE: If you are unable to attend IETF 100 Continue reading

Deploy360 at IETF 100, Day 3: SIDR, TLS & Crypto

This week is IETF 100 in Singapore, and we’re bringing you daily blog posts highlighting some of the topics that Deploy360 is interested in. After the focus on IPv6 & IoT during the first couple of days, we’re switching tack today with a focus on routing and crypto matters.

We’re having to wait until after lunch, but then there’s a choice of UTA, SIDROPS or ROLL at 13.30 SGT/UTC+8.

UTA will be focusing on resolving the final IESG comments on the use of TLS for email submission and access which outlines current recommendations for using TLS to provide confidentiality of email traffic between a mail user agent and a mail access server. Next up for discussion are the open issues on a draft related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents, before consideration of  a draft on an option to require TLS for SMTP.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

Over in SIDROPS, there will be a review of the status of BGP Origin Validation deployment in RENATA: the Columbia National Research and Education Network. This represents the first wide-scale deployment Continue reading

Deploy360 at IETF 100, Day 2: More IPv6 & IoT

This week is IETF 100 in Singapore, and we’re bringing you daily blog posts highlighting some of the topics that Deploy360 is interested in. ‘Things’ are less hectic today, although there’s still plenty to follow in the areas of IPv6, the Internet of Things and encryption.

There’s a couple of choices for starting the day at 09.30 SGT/UTC+8. ACE is defining a framework for authentication and authorization in IoT environments based on OAuth 2.0 and CoAP, and there are 8 drafts up for discussion. Alternatively, DMM will be meeting to discuss issues related to Mobile IPv6.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

After lunch is 6MAN at 13.30 SGT/UTC+8 which is one of the key IPv6-related Working Groups. There’s one working group sponsored draft on IPv6 Node Requirements that specifies the minimum requirements for enabling effective IPv6 functionality and interoperability on nodes. There are also three recommendations on the security and privacy implications of IPv6, temporary IPv6 interface identifiers, and on the filtering of IPv6 packets containing extension headers, a further draft requesting the creation of an IANA registry for the Prefix Information Option in the IPv6 Neighbour Continue reading

Deploy360 at IETF 100, Day 1: IPv6 and IoT

This week is the one hundredth meeting of the IETF in Singapore, and to celebrate the occasion we’re bringing you daily blog posts highlighting some of the topics that Deploy360 is interested in. And once again, Monday is our busiest day with no fewer than 7 working groups covering the areas of IPv6 and the Internet-of-Things.

The day kicks off at 09.30 SGT/UTC+8 with DNSOP (which continues on Thursday) and has a full agenda with 11 drafts up for discussion. An important draft discussing the RFC5011 rollover strategy has failed to reach consensus, with another draft defining and clarifying DNS terminology requiring further review.

The Working Group has picked up a draft on extending error messages to better report the cause of DNS and DNSSEC failures, whilst the draft updating RFC6761 to ensure “localhost” can be safely relied upon as a name for the local host’s loopback interface should now be close to WGLC. There’s also Deploy360 involvement in a new draft on the requirements for a validator to be able to perform accurate validation, with Dan York being one of the co-authors.

NOTE: If you are unable to attend IETF 100 in person, there are multiple ways to participate remotely.

Continue reading

Deploy360’s Hot Topics at IETF 100

Next week is IETF 100 in Singapore which will be the first time the IETF has been held in the country. The Deploy360 team will be represented by Megan Kruse and Dan York, along with ISOC’s Chief Internet Technology Officer Olaf Kolkman. We’re again highlighting the latest IPv6, DNSSEC, Securing BGP, TLS and IoT related developments.

Below are the sessions that we’ll be following. Note this post was written in advance so please check the official IETF 100 agenda for any updates, room changes, or final details.

Monday, 13 November 2017

Tuesday, 14 November 2017

Rough Guide to IETF 100 – IPv6

In this post for the Internet Society Rough Guide to IETF 100, I’m reviewing what’ll be happening at IETF 100 in Singapore next week.

IPv6 global adoption rates passed 20% shortly after IETF 99, with a number of countries making substantial strides in IPv6 deployment in the past few months. Belgium still leads the way at over 60%, but India has shot up to over 50% which is extremely encouraging in such a large market. Adoption rates also exceed 40% in the United States and Germany, and with most major content and cloud providers now supporting IPv6, there’s a substantial amount of IPv6-related work happening in Singapore. In fact, there’s no less than five IPv6-related working groups on the first day alone.

The IPv6 Operations (v6ops) Working Group is always one of the key groups, and since the last meeting has published two RFCs on Host Address Availability Recommendations (https://tools.ietf.org/html/rfc7934) and Local-Use IPv4/IPv6 Translation Prefix (https://tools.ietf.org/html/rfc8215). The meeting kicks off on Monday afternoon and continues on Thursday morning, starting with a case study on IPv6-only deployment at Cisco.

There are also seven drafts being discussed including 464XLAT Deployment Guidelines for Operator Continue reading

RIPE 75: IoT & Routing Security

RIPE 75 was held on 22-26 October 2017 in Dubai, United Arab Emirates, and was the second time the meeting has come to the Middle East. 483 participants from 54 countries including 175 newcomers came together to discuss operational issues and share expertise about the Internet, with a particular focus on the RIPE region that covers Europe, the Middle East and Central Asia.

Jan Žorž and Kevin Meynell from the Deploy360 team, along with Salam Yamout from the Middle East Bureau were also actively involved in the launch of a new Internet-of-Things Working Group, hosting a Routing Security BoF, and raising awareness of IRTF work on Human Rights Protocol Considerations.

The BoF session on ‘Internet Routing Health’ was organised by the Internet Society, and chaired by Jan and Benno Overreinder (NLnet Labs). The BoF attracted 20 participants variously drawn from commercial network operators and cloud providers, Regional Internet Registries (RIRs), and academia, with the aim of discussing ideas for measuring the health of the Internet routing system in order to obtain empirical data to strengthen the case for collaborative routing security.

The IoT session aimed to build on the RIPE IoT Roundtable meeting that was held on 21 September 2017 in Leeds, UK, and Continue reading

RIPE 75 starts in Dubai next week

The RIPE 75 meeting is happening next week in Dubai, United Arab Emirates, and it’s going to be a busy week for the Deploy360 team who are chairing and presenting in several sessions. Both Jan Žorž and Kevin Meynell will be there, along with our colleague Andrei Robachevsky, and we’ll also be reporting on relevant developments as usual.

Just to point out that the MANRS initiative is planning an informal BoF sometime during the week to discuss ideas for measuring the health of the Internet routing system. The aim is to develop some empirical data to strengthen the case for collaborative routing security, although the date and time of the BoF is still to be determined.

The RIPE meeting kicks off on Sunday this time, as that’s the start of the working week in Dubai. Proceedings commence with tutorials on IPv6 Deployment in Cellular networks, an Introduction to DDoS attacks, and one on Decoding the IoT ecosystem. These are followed by a Newcomers’ Introduction if you’re a first timer.

The opening plenary commences at 14.00 GST/UTC+4, and after the introductory pleasantries, one presentation not to miss is from Lee Howard (Retevia) on the State of IPv6-only. There’s also an Continue reading

ENOG 14 in Minsk

The 14th Eurasia Network Operator’s Group (ENOG 14) that was held on 9-10 October 2017 in Minsk, Belarus featured 234 participants from the host country, the Commonwealth of Independent States and Eastern Europe who came together to discuss operational issues and share expertise about evolving the Internet in the region. This was the second event of the year and was supported by the Internet Society, the RIPE NCC and hoster.by, with participation from our Deploy360 colleague Jan Žorž.

The first morning featured a couple of useful tutorials – one in Russian on DNSSEC operations that was led by Philipp Kulin and Dremuchij Les, and the other on Best Practices in IPv6 BGP led by Nathalie Trenaman and Massimiliano Stucchi (RIPE NCC).

The opening trio of talks focused on network security, starting with a general overview of how to operate a secure network from Ignas Bagdonas (Equinix). Kirill Malevanov (Selectel) then offered up his experiences of IPv4 prefix hijacking whereby network traffic is erroneously routed due to incorrect BGP announcements that are advertised either accidentally or deliberately. Alexander Azimov (Qrator Labs) followed-up with an overview of BGPsec that has recently been published as a RFC standard, and which aims to provide cryptographic verification Continue reading

IPv6 prefix assignment BCOP published as RIPE-690

We’re pleased to announce that after a year of intensive work by IPv6 experts around the world, supported by the Deploy360 team, the RIPE community has reached consensus on the Best Current Operational Practices (BCOP) for IPv6 prefix assignment for end-users – persistent vs non persistent and what size to choose. These were officially published as RIPE-690 this week.

RIPE-690 outlines best current operational practices for the assignment of IPv6 prefixes (i.e. a block of IPv6 addresses) for end-users, as making wrong choices when designing an IPv6 network will eventually have negative implications for deployment and require further effort such as renumbering when the network is already in operation. In particular, assigning IPv6 prefixes longer than /56 to residential customers is strong discouraged, with /48 recommended for business customers. This will allow plenty of space for future expansion and sub-netting without the need for renumbering, whilst persistent prefixes (i.e. static) should be highly preferred for simplicity, stability and cost reasons.

The target audience of RIPE-690 is technical staff working in ISPs and other network operators who currently provide or intend to provide IPv6 services to residential or business end-users. Up until now, there have been no clear Continue reading

1 2 3 4