Status updates

SEC Security Area

As of 2018-7-19:

SecEvent will be meeting on Friday.

The baseline SET (security event token) specification, our first document, was published since London as RFC 8417.
The group is working on two documents about delivery of SETs, and those will be discussed Friday.
As of IETF 102:
ACME met Tuesday afternoon.  It was a very productive meeting.  This status also serves as a reminder that we need 90 minutes next time. :)  Or the chair(s) need to be more ruthless about enforcing the unreasonable time limits.
The agenda was augmented by two last-minute presentations, from the ANRW/hotRFC and SECDISPATCH. The first was on scope and some mitigation for IP address use-after-free, and the second was on using ACME for STAR.  Both had good discussion, and are likely to be taken up by the WG soon.  So this is a point in favor of those forums.
In other work, the WG accepted a PR that addresses the last AD comments, and is redoing WGLC in parallel with IESG review.  The ALPN and IP documents will be moved to WGLC. The email docs need another draft and then hopefully move to WGLC.  Everyone should read the Authority Token documents.
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS, and now the AD comments should be resolved. Implicit IV is past WGLC, and should be ready for publication really soon now (waiting for writeup). Quantum resistance is currently in WGLC. Rechartering is now in the IESG and should be finished soon.

We have already started working on the some of the new items in new charter, i.e., ESP compression, Post-quantum key exchanges (including making IKE_AUX exchange to allow transporting large objects before IKE_AUTH exchange) etc.
The ACE working group met on Monday in the first session.

The CWT document has gone to the RFC Editor since the last meeting and the associated POP CWT draft is expected to progress to the IESG before Montreal.

The WG adopted the EST over CoAP draft after some heavy modifications with some of the work going to the ANIMA group.

During the week there has been a start at getting some interop testing done with the OAuth framework using the DTLS profile which has started to show some promise.  We are going to try to have a couple of virtual interop events over the next couple of months with the goal of having enough by Montreal to be able to be comfortable with going to WGLC then.  As part of this work we will need to look at getting the OSCORE profile tested as well.

There were some non-working (future work) presented dealing with group messaging authorization scenarios that was presented where some re-factorization work had been done to combine pieces that are common between the two drafts.

The WG then has some discussions on a key establishment protocol EDHOC with comparison of message sizes and numbers between that proposal and using TLS to do key establishment transporting the TLS messages inside of CoAP.  While the two protocols have similar results under the UDP scenario, they have different results when looking at the 6TiSH world where packets are restricted in size.

The lamps WG met on Monday of IETF 100. The current status of the WG
documents was covered. The Internationalization updates for RFC5280 has
been approved for publication. The other three original drafts are in the
process of going from the WG to the IESG.

We had a presentation on the CAA Discovery algorithm and what the current
problems are. The group indicated that it would like to get a document for
what the current algorithm is with the errata applied, and would then
entertain a new document to deal with problems found using that algorithm.

The final presentations dealt with getting SHAKE added as a hash algorithm
to the various signature algorithms being used in PKIX and CMS applications
today. Discussion on the current state of DSA indicated that the WG was not
interested in adding SHAKE to DSA.
trans met Monday afternoon.  Our three deliverables are nearing
completion, with two having successfully completed wglc and one
requiring a revision before restarting wglc.  During the session
we talked about label redaction in CT logs (still contentious)
and problems around logging short-lived certificates.  Over the
coming months we'll be deciding whether to take on new work or
to shut down.
The Software Updates for Internet of Things (SUIT) BoF was held on Monday during the afternoon II session [1]. This proposed WG intends to focus on defining a firmware update solution that will be usable on Class 1 devices (as defined in RFC 7228), which may also apply to more capable devices as well. 

The BoF was well attended both in-person and remotely. The discussion focused on review of the charter, with a series of hums leading to some changes to the charter text. The revised charter has been posted [2]. Comments to the SUIT list supporting the charter or focused on charter text changes are appreciated. 


Updates since Prague: draft-ietf-kitten-rfc5653bis went through IETF LC and is waiting for AD writeup.
The WG-related work draft-ietf-curdle-des-des-des-die-die-die also went through IETF LC and is waiting for
a decision from the IESG on the right way to update/obsolete/move-to-historic an Informational document
such as RFC 4757 (the RC4 kerberos enctypes).

Our main active work items are draft-ietf-kitten-krb-spake-preauth and draft-ietf-kitten-channel-bound-flag,
both of which hit some stumbling blocks as we gained implementation experience.  Some coordination is needed
between draft-ietf-kitten-krb-spake-preauth and draft-irtf-cfrg-spake2, which is underway.

Lower priority ongoing work is to move more GSSAPI and Kerberos registries to IANA control, and publish
draft-ietf-kitten-pkinit-alg-agility and draft-ietf-kitten-krb-service-discovery (which have deployed implementations).

We received proposals for some potential new work items: a "hashed token" (i.e., resumption) SASL mechanism,
and a generic way to communicate password quality/attribute requirements, and are assessing whether there
is sufficient interest to merit WG adoption.
SACM met on Tuesday (2016-11-15) at 9:30 for 2.5 hours, and we discussed our architectural approach, how to get software identifiers collected from endpoints, and open issues with our information model.  We also started considering how we can keep our information model minimized but extendable based on some real-world state collection data.  

Next steps include enumerating the functions/interfaces and data that we need flowing through the SACM environment to support our vulnerability assessment scenario. 
MILE met at IETF 96 at 10:00 on Thursday.
There were about 45 - 50 attendees in the room and Jabber.

[working group drafts]

1. RFC5070-bis will be published as an RFC soon.

Update after the WGLC was shared during the session, and the attendee seems to very happy to publish the draft as an RFC.

2. implement draft will be published as an RFC soon.

Though no presentation was done this time, we see no problem to proceed.

3. ROLIE draft was refined so that we can pursue submission to IESG by November.

The original ROLIE draft will be divided into two documents.
One is for general information exchange purpose, while the other is for incident-response specific purposes.

4. Review was requested for xmpp-grid and guidance drafts.

The content of the drafts seem to be good, but we need more review. We have seen quite many candidate reviewers for the drafts.

[individual draft]

1. the draft on JSON binding of IODEF is considered to be an WG draft.

The attendee today seem to be happy to make it as a WG draft, but we will ask consensus on this on the mailing list.
The TLS working group met on Tuesday morning. We are continuing progress on TLS 1.3. Main discussion points included a change in the cipher suite model from a monolithic ID approach to a menu based approach. During the Hackathon on Saturday we had 7 different TLS 1.3 implementations achieve interoperability to various degrees. We expect to have a draft (probably -16) that "freezes" the wire format at the end of next month available for broad review by the cryptographic and security modeling communities. We plan on holding working group last call before the next IETF.  
CURDLE did not meet at IETF-96. A discussion about OID assignments for curves will be held as part of the LAMPS session.

TSV Transport Area

As of IETF 102, RMCAT has completed its initial deliverables (SBD has been published as RFC8382; coupled congestion control is with the RFC Editor; and NADA has completed WG last call). The evaluation and video traffic model drafts are in WG last call, but blocked due to lack of review. The authors of the Google congestion control draft have stated that they do not intended to progress that draft further at this time. The RTCP feedback format is under development in AVTCORE, and has received good feedback.
In Singapore, the IPPM WG:

- discussed maintenance of its framework for IPv6 (WGLC is done and requires a writeup from the shepherd), 
- continued discussion of the WG IOAM data model and registry drafts
- moved to adopt Advanced Unidirectional Route Assessment and the Simple Two-way Active Measurement Protocol (STAMP), i.e. TWAMP without TWAMP-Control.

IPPM continues maintenance of OWAMP/TWAMP,  is moving toward publication of the registry, and continues work on IOAM.
Four TSVWG drafts have been published as RFCs:  Circuit Breakers, UDP Guidelines GRE in UDP and Diffserv Interconnection. There are two TSVWG drafts at the RFC Editor in MISSREF state (waiting for referenced RFCs to arrive):WebRTC Diffserv usage and DTLS encapsulation of SCTP.

Working Group Last Calls (WGLC) have been completed for three drafts: Tunnel Congestion Feedback (follow-up with the authors), 802.11 (WiFi) Diffserv (reviews received, a revised ID is needed) and SCTP stream scheduling/interleaving (a revised ID is needed).  

The ECN experimentation enablement draft and the Diffserv LE (Lower Effort) PHB drafts were recently adopted, but are close to done.   

The following drafts require feedback and work by the working group:
* RFC 4960 Errata
* SCTP NAT Support
* ECN Encaps Guidelines (recently discussed in external liaisons).
* RFC 6040 Update

The L4S drafts are likely to be an active area of WG activity in 2017.

The AQM (Active Queue Management and Packet Scheduling) WG is nearing the end of its life - future AQM-related work is likely to be done in TSVWG.
The WG drafts on the encryption negotiation option (TCP-ENO) and unauthenticated encryption mechanism (tcpcrypt) have completed WG Last Call - the RFC publication requests for both drafts are expected to be submitted by the end of the Chicago meeting week or earlier.  The TLS-based work for tcpinc has been postponed because finishing TLS 1.3 is higher priority for the TLS experts.

A draft on (sockets) API extensions, primarily for TCP-ENO, has been adopted by the WG - the chairs are looking for additional interest in working on that draft, as well as interest in additional implementation(s) of TCP-ENO and tcpcrypt.
Editors are working on -01 drafts in preparation for Chicago; we continue to work through a healthy issues list.
TCPM works on some standards-track documents as well as several experimental and informational documents, which are all comprehensively reviewed prior to publication.

Currently the working group finishes the documents that describe the CUBIC congestion control and Datacenter TCP (DCTCP). The working group will met during IETF 98 in Chicago.
Since IETF95 meeting, draft-ietf-taps-transports (addressing the first deliverable) is in the IESG evaluation state and after addressing reviews it is now scheduled for telechat. The UDP transport usage draft has been updated and there was discussions on merger of this to draft-fairhurst-taps-transports-usage draft or keeping this as a separate draft. There was at least no opposition on keeping it separate. In the IETF95 meeting, it was said that if they are separate they should be moved together. 

The group is picking up on the third milestone. There has been discussion on the "northbound" information in IETF96 meeting, draft-grinnemo-taps-he discusses the happy-eye ball approach for transport protocol selection, recently a draft (draft-trammell-post-sockets) has been posted addressing the possibilities of post socket era, industry player like Apple - talking about the considerations transport protocol for real-world API, real-time applications are in the discussions too (draft-mcquistin-taps-low-latency-services). This give an indication that TAPS could nurse number of interesting ideas which can be very useful for transport protocol evolution and could be good input to the newly formed working group like QUIC.     
A productive meeting was held on July 18th at IETF96 Berlin, with presentations on the status of BPBis, TCP-CL, BPSec, and numeric node ids.  There were also two presentations on potential approaches to solve the charter item of static routing in DTNs.  The BPbis presentation covered changes to the latest draft, particularly around the use of CBOR encoding and clarification of Customdy Transfer, with general consensus that the CBOR encoding should be specified as the standard bundle representation, and that convergence layer requirements should be stated in the draft, but specific details left to transport-specific drafts, for example TCP-CL. The TCP-CL presentation covered changes to the existing TCP-CLv3 experimental draft to align it with the latest BPbis work, and meeting consensus suggested it as a working group document, as it is a charter item.  The rest of the meeting involved several presentations concerning addressing and forwarding of bundles through a heterogenous DTN, and although the discussion was productive, no consensus on a way forward was noted.

A well attended interim meeting was held on September 28th, via WebEx, with presentations and discussion on the progress of BPbis and TCPCL.  Scott Burleigh reported that good progress was being made with the CBOR encoding.  Brian Sipos reported on the work on TCP-CL, and valuable discussion was had around backwards compatibility and hop-by-hop encryption using TLS.  Consensus from the meeting was that TCP-CL should be accepted as a WG document, if there was consensus on the mailing list, which there was after the meeting.

Minutes of both meetings are available on the DTN datatracker.
Both TURN bis and STUN bis are really close to being ready for WGLC. Most of the other working group items are either ready for WGLC or past-WGLC. So, we TRAM WG will likely be able to complete its chartered work, declare victory, and close down in the near future.

IRTF Internet Research Task Force