Plenary Queue

From IAB Wiki
Jump to navigation Jump to search

Scheduled Topics

Ideas Queue

Challenges to HTTPS Adoption in Media Websites - added 2016-08-03

Corey Gilmore, Chief Architect, Penske Media Corporation. [Brands] they support include [Variety], [WWD], and [India.com]

An overview of the barriers and hurdles that effectively prevent the transition from HTTP to HTTPS 
for most mid-to-large media companies. We'll discuss how browsers, advertisers, CDNs, and content
producers fail to support modern security and privacy needs, and the challenges of forcing HTTPS in 
an industry supported by advertising, dependent on third-party content, and built on consumer data.

(via Joe) Martin may have another person to add to this topic.

Future of Remote Conferencing - added 2016-07-25

We've talked about increasing remote participation, and at least some people 
want to work toward virtual-only meetings.
Concerns are reading non-verbal communication (always tricky), queueing 
and queue management, facilitating real discussing, and simulating the 
"hallway track."

Let's explore whether there are strategic thinkers working on globally
dispersed large meetings. Might be people at Cisco Telepresence, MIT 
Media Lab, MeetEcho, other vendors who have strategic ideas. Might be
people in WebRTC already thinking like this.


Lee 

IOT and Augmented Reality - added 2016-08-03

  • See Tech Chat with Valentin Heun, 20160622Minutes
  • Attempting to schedule tech chat with Ari Keranen for September (as of 2016-08-31)
  • One possibility is a talk from Steve Checkoway, who makes a living breaking things. He also lives in Chicago, which might be convenient. mt (talk) 06:30, 15 December 2016 (UTC)

Overview of IETF IOT Topics - added 2016-05-17

IFTTT- added 2016-05-17

GAIA- added 2016-05-17

Snowden +3y: IETF progress (for IETF 96 Berlin) - added 2015-11-05

To Brian's suggestion of us thinking about tech plenary topics much 
earlier, I'd like to start fleshing out something for Berlin.  The topic 
is "Snowden +3y: IETF progress".  This would include at least:

- IAB Statement on Internet Confidentiality, RFC 7258
- ACME (this could be the core talking point, with a LetsEncrypt rep 
  showing implementation stats)

- HTTP/2
- TLS 1.3
- DPRIVE
- DART (or whatever we call it, assuming it gets chartered)
- the 10 other things I can't think of at the end of the week

-- 
Joe Hildebrand
pretty good start.

MaRNEW?
Should we have
- some « measurement » data about for example, https trafic increase, 
- impacts of running https by default by content server providers, ISP 
(DPI), …
- i.e. the ops part of this…

Marc.

Current Hostname Practice Considered Harmful - added 2015-09-02

  • Action for Suzanne and Dave to collaborate on potential future plenary topic from INIP+PrivSec around the "Current Hostname Practice Considered Harmful" (draft-ietf-intarea-hostname-practice) draft.

Pervasive Monitoring Followup - added 2014-10-22

From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: October 20, 2014 12:09:55 PM PDT
To: Internet Architecture Board <iab@iab.org>
Subject: [IAB] Plenary speaker suggestion

Hello,

Shafi Goldwasser was one of the keynotes at the Grace Hopper Celebration 
and I think she would make an excellent plenary speaker as a follow on 
to the pervasive monitoring talks from last year.  She can give a deep 
technical talk or bubble it to a higher level for an audience like that 
of the Grace Hopper Celebration, which included Computer Science 
students, industry professionals, and recruiters.  Her talk was the one 
that had the most buzz at the conference itself.

She's a cryptographer with recent talks on fully homomorphic encryption.  
As we walk down a path of ubiquitous encryption on the Internet, we are 
going to change how many things work today, impacting on operations, 
incident response, increasing privacy protections, and hopefully 
reducing pervasive monitoring (but new ways to break encrypted sessions 
continue to emerge).  IMO, unless we get to solutions that provide both 
privacy and the ability to detect patterns/find criminals, etc., we will 
continue to see a struggle between these goals.

Although fully homomorphic encryption is not yet practical (it's getting 
closer, but performance is still a major issue), I think it would be 
good to get the IETF to think about this balance.   What do we change to 
head down this path of fully homomorphic encryption, functional 
encryption and filterable decryption?

Here is a link to background on Shafi, which includes a recording of her 
Grace Hopper keynote.
https://www.csail.mit.edu/node/2354 

I also watched this talk she gave at Stanford before the GHC talk was 
posted (so you see her range, this is more technical):
The Cryptographic Lens: Vision of Our Past and Future:
https://www.youtube.com/watch?v=ZQBIs0BUVh4 

2014-10-22: IAB discussed this as a possible topic, possibly with Stefan Savage as an additional speaker.


Naming, Privacy, and Security (Brian, for Andrew and Ted) - added 2014-05-09

As suggested at the IAB retreat, I'd propose that the next two plenaries should address:

1. the architectural implications of naming on the Internet, with a focus on the intersection of names and trust/security

2. the privacy and security program, focusing on (1) perpass one year later and (2) progress within the program to date.

I'd hope we can pull together speakers for naming (including IAB members if need be) for IETF 90, because it would be really nice to do "perpass one year later" _really_ one year later. (I forget whose idea this was, but I recall seeing it on the list.)

Andrew's message of 27 April 2014 "another go at names plenary thing":

---%<---cut here---

Names on the network are fundamental building blocks for security.
This is true in a couple different ways.

First, we assert security properties by name. Traditionally, this
happened via X.509 certificates and the associated PKI system.  The
advent of DNSSEC and the development of DANE technologies allows this
assertion to happen within the name tree itself, which may change the
kind of attack that can be successful.  But it makes the security
properties of the system completely dependent on the security of
DNSSEC signatures.  If DANE-type security mechanisms take off, does
the value of compromising DNSSEC keys go up?

Second, systems do not exist in isolation, but instead are
interrelated. This means that they share data with one another. It is
difficult to know whether two named systems should be able to share
data, however: apart from the labels that make up the names, a user
has no way to tell whether www.example.com and www.example.net are
related (and is unlikely to be able to tell that delegated.example.com
is not related).  This wouldn't matter, except that both
certificate-issuance mechanisms and http cookie-sharing decisions are
based on names and how they relate to each other in the tree.
Moreover, domain names (including those actually in the global DNS,
and those that are not) are a part of user interfaces, because they
are embedded in URIs, email addresses, SIP and XMPP identifiers, and
other such user-facing components.  This means that users treat such
identifiers according to natural language semantics, and possibly not
in ways that the protocol expects.

This plenary discussion hopes to explore these ways in which names are
used as part of these security decisions. We'll first undertake an
overview of DANE [Olafur] and note the potential costs and benefits
from the dependence on DNSSEC.  We will draw attention to the issue of
the DNS and the ways that domain names are used outside the DNS
[Suzanne Woolf?].  Finally, we will explore the issues related to
security policies dependent on names [John Levine?].

and revision 3 (sent 14 May 2014):

Names on the network are fundamental building blocks for security.  In
order to use them this way, the end user has to trust the name somehow.

Traditionally, trust binding happened partly using X.509 certificates
and the associated PKI system.  The advent of DNSSEC and the
development of DANE technologies allows similar assertions to happen
within the name tree itself, either as replacements for the X.509 PKI
or else as an adjunct.  This may change the kind of attack that can be
successful.  But it makes the security properties of the system
completely dependent on the security of DNSSEC signatures.  If
DANE-type security mechanisms take off, does the value of compromising
DNSSEC keys go up?

The trust that comes from the PKI is not, however, the only trust
binding at work.  Systems do not exist in isolation, but instead are
interrelated. This means that they share data with one another. It is
difficult to know whether two named systems should be able to share
data, however: apart from the labels that make up the names, a user
has no way to tell whether www.example.com and www.example.net are
related (and is unlikely to be able to tell that delegated.example.com
is not related).  This wouldn't matter, except that both
certificate-issuance mechanisms and http cookie-sharing decisions are
based on names and how they relate to each other in the tree.
Moreover, domain names (including those actually in the global DNS,
and those that are not) are a part of user interfaces, because they
are embedded in URIs, email addresses, SIP and XMPP identifiers, and
other such user-facing components.  This means that users treat such
identifiers according to natural language semantics, and possibly not
in ways that the protocol expects.  Because some domain names do not
appear in the DNS itself, there isn't even a single authoritative
source from which one can get the truth about any given name.

This plenary discussion hopes to explore these ways in which names get
bound to trust.  The goal is to expose the gaps in the architecture so
that participants leave with an understanding of what work remains to
be done [or, possibly, a feeling that everything is ruined --ed].  We
will discuss DANE and its relation to DNSSEC and X.509; naming
identities for certificate issuance, same-origin policy, anti-spam
measures, and the like; and how protocols that are avoiding using the
global DNS are still using domain names, and what that means for the
trust model.

[potted bio of speakers goes here]


Networking in Developing Countries (Jari) - added 2014-03-07

Jari: As a side note, some people approached me at the Scotch BOF to 
  suggest that we should hold a technical plenary on networking in the 
  developing countries. (To be presented by people who actually do the 
  networking in there.)

  I thought it was a good idea.

Lars: Talk to Arjuna, who set up the GAIA meeting. He had a bunch of 
  GREAT speakers!

Marc: I like it too. One early comment: "if you(developing countries) 
  have issues, how can we help you?" would be good to hear.

Xing: From APNIC/APRICOT, there are also very good topics and speakers. 
  http://www.apnic.net/
  http://www.apricot.net/

We also had a | tech chat on June 11, 2014 on "Everybody's Internet? Mobile-only and mobile-centric internet use in the developing world" from Jonathan Donner.

DANE (Olafur Gudmunsson) - added 2014-03-06

From: Olafur Gudmundsson <ogud@ogud.com>
Date: March 6, 2014 7:45:20 AM PST
To: iab@iab.org
Cc: Olafur Gudmundsson <ogud@ogud.com>
Subject: [IAB] Technical plenary idea: DANE

As DANE is getting lots of interest from number of protocols and we have 
running code in number of cases, this might be a good time to have a 
plenary talk on why do DANE and what you need in order to start using 
DANE (i.e. DNSSEC). 

	If there is interest I would be willing to develop a more 
detailed proposal for either next IETF or the one after that. 

	Olafur
Andrew: Another one (and perhaps one we could put together quite 
  quickly) is a generalization of Olafur's suggestion.  I don't think 
  DANE as such is a good plenary topic, because it's well-defined work 
  and the IETF already has a lot of consensus on it.  But names, 
  namespaces, and security probably _is_ a good IETF-wide topic and DANE 
  is a part of that.  It strikes me as something we could arrange in 
  time for Toronto and we could easily have a tech chat about it in 
  advance.

  Here's a starting proposal:

Names on the network are fundamental building blocks for security.
This is true in a couple different ways.

First, we assert security properties by name. Traditionally, this
happened via X.509 certificates and the associated PKI system.  The
advent of DNSSEC and the development of DANE technologies allows this
assertion to happen within the name tree itself, which may change the
kind of attack that can be successful.  But it makes the security
properties of the system completely dependent on the security of
DNSSEC signatures.  Is that too many eggs in one basket?

Second, systems do not exist in isolation, but instead are
interrelated. This means that they share data with one another. It is
difficult to know whether two named systems should be able to share
data, however: apart from the labels that make up the names, a user
has no way to tell whether www.example.com and www.example.net are
related (and is unlikely to be able to tell that delegated.example.com
is not related).  This wouldn't matter, except that both
certificate-issuance mechanisms and http cookie-sharing decisions are
based on names and how they relate to each other in the tree.

This plenary discussion hopes to explore these ways in which names are
used as part of these security decisions. We'll first undertake an
overview of DANE [Olafur] and note the potential costs and benefits
from the dependence on DNSSEC.  Then we will explore the issues
related to security policies dependent on names [John Levine?].
Finally, we'll discuss whether names need to become even more
fundamental to how we interact with Internet resources (not
necessarily using the DNS). [Allison Mankin?  Lixia Zhang?]

Eliot: Indeed my direct feedback to Olafur was that we would probably 
  want to broaden out the topic.  There are different dimensions to do 
  that.  One would be around the comment you made along the lines of 
  whether DNS needs substantial evolution.  Another would be along the 
  lines you mention above; and the two actually overlap.

Network coding (Lars)

Technology & Regulation (Hannes)

Architectural Transition (Brian)

There has been an enormous amount of energy put into building and elaborating "future Internet architectures" (FIA) in academia since the beginnings of the Internet. Since the emergence of the current Internet architecture, most of these have been relegated to the realm of interesting toys, because (1) "clean slate" approaches provide the most freedom to think explore the development of alternate Internet technologies and (2) there is little academic incentive to take these clean slate technologies and integrate them with the less clean reality of the Internet, or to think much about incentives for deployment.

There are a couple of cases of longer-term FIA efforts which have done some thought about the stages of transition between the current Internet architecture and the "new" architecture: Information-Centric Networking (in its two dominant guises) and the SCION architecture (https://www.scion-architecture.net) are a couple of examples. The proposed plenary talk would have proponents of / experts in the various architectures give a focused talk on the transition stories for each, as a basis for a discussion about how (and whether) architectures can be evolved on purpose.

(This is *clearly* an interesting tech talk or two, and I would like to do them anyway, even if the outcome is "a bit too abstract for the IETF plenary audience". Full disclosure: I work 20% for the group developing SCION.)

Grab bag

From: "GT RAMIREZ, Medel G." <medel@globetel.com.ph>
Date: May 3, 2013 4:15:38 AM EDT
To: "IAB Chair" <iab-chair@iab.org>
Subject: RE: Call for Technical Plenary Topics

Sir,
Pardon for the ignorance.
May I suggest the top of mind list that may be discussed in the coming
IETF Meeting/s:
1) What's  life after IPv6?
2) What's up from IETF in the LTE (standardization- upcoming and
on-going or from the UE to Apps?
3)  What are other Green Initiatives that IETF stored or on the roadmap?

Regards
Medel G. Ramirez
Manila, Phils.
++++++++++++++++++++++++++++++++++++++

Data-Driven Security (IETF 91 or IETF 92)

Note, I've contacted Stefan and will follow-up with him early 2014 to see if he can present at IETF 91 or 92). Mary.

Begin forwarded message [this was from 2012 but might be workable for Nov 2013]:

From: Dave CROCKER <dcrocker@bbiw.net>
To: Alissa Cooper <acooper@cdt.org>, Spencer Dawkins <spencer@wonderhamster.org>, 
Joel Halpern <jmh@joelhalpern.com>, Dave Thaler <dthaler@microsoft.com>
Subject: Speaker for Vancouver technical plenary

Howdy.

I'd like to propose a speaker for the Vancouver technical plenary:

    Stefan Savage

    <http://cseweb.ucsd.edu/~savage/>

He gave a talk at Stanford that presented a detailed view of the abuse ecosystem, and he 
presents it in terms that are somewhat unusual, even for those who talk in terms of an ecosystem:

  <http://www.stanford.edu/class/ee380/Abstracts/120111.html>

Average IETF discussions about Internet abuse either are about specific vulnerabilities 
-- classic security threats perspective -- or a very basic and mechanics perspective.

What is generally lacking from discussions in the IETF is a sense of how integrated 
and extensive the abuse /economy/ is.

I think Stefan's talk could help to change that.

He is at UC San Diego and prefers to minimize travel.  I think that makes Vancouver perfect.

Thoughts?

d/
-- 

 Dave Crocker
 Brandenburg InternetWorking
 bbiw.net