Notes from IETF 103 Bangkok
This is my attempt at a sharable summary of the recent Bangkok IETF - the 103rd IETF meeting.
This was the first time IETF met in Bangkok.
Anywhere in Bangkok is hard to get to - the traffic in this metropolis is a nightmare, at all times of the day. But once we got there, the venue functioned very well - adequate size (we were 800ish rather than the usual 1000ish people, so it was a little roomy), lots of nearby restaurants, and by a very wide margin the best break snacks of any IETF ever!
Anywhere in Bangkok is hard to get to - the traffic in this metropolis is a nightmare, at all times of the day. But once we got there, the venue functioned very well - adequate size (we were 800ish rather than the usual 1000ish people, so it was a little roomy), lots of nearby restaurants, and by a very wide margin the best break snacks of any IETF ever!
QUIC
The star of the show (at least at the stack layers I usually frequent) was QUIC, as has been true for a couple of years. This group has been “doing final things” for the last year, with the occasional redesign thrown in - the hope is that this time, we’ve got a stable spec.
The long running battle for the “spin bit” (basically: a connection can volunteer to reveal some information about its performance to third party monitors in the network) was finally settled with a consensus call - happiness erupted at this being settled.
DOH
The Domain Name System has been fairly stable for the last few decades, with the slow rollout of DNSSEC and the “presentation layer” of IDN being the biggest changes being contemplated. This changed a bit recently, with two new technologies - DNS over TLS and DNS over HTTP - being defined and actively pushed. DOH in particular, while seeming to be a simple thing by itself, with laudable goals (don’t tell everyone who can sniff your network what sites you’re looking up), the deployment patterns that seem likely (most people seem to think that Internet giants already dominating the Web will be the ones to offer service to “most people”, and that browsers will push users towards making use of those services) - this would replace the “little big brother” of your ISP with the “big big brother” of the Internet giants - not necessarily perceived as a boon to privacy.
Crypto everywhere
One interesting observation was that crypto is now part and parcel of just about everything happening in the IETF.
QUIC, in addition to being a transport protocol, is a crypto delivery veichle that changes the balance of what’s revealed to the network vs what’s private between the participants.
MLS, despite being called “message layer security”, is really trying to design an efficient key sharing protocol for large groups, taking lessons from examples such as Telegram and Signal. And DINRG (the IRTF Decentralized Internet Infrastructure Research Group) was almost solely devoted to ways in which people could use crypto functions - one example was a protocol that claimed to ensure everyone could agree that a group decision has been made, even if (within certain constraints) they didn’t agree on who should be part of making the decisions. More traditional “esoteric” crypto functions, like being able to show proof that someone is a member of a group without knowing the identity of the member, were also in abundance, of course.
The important point may not be the individual proposals - the point may be that crypto is now such a fundamental part of the Internet that whenever you try to do something or deploy something, the question is not whehter you use cryptography - the question is what you hide, what you reveal, what you agree upon and what you can prove to each other - and in all cases, relying on the answers requires serious, competent use of cryptography.
Hacking as part of the IETF process
My two first days at the IETF were largely devoted to the “hackathon” - a gathering of 200ish people (most, but not all, IETFers) devoted to writing code that helps the net move forward.
My particular table’s interest was in test suites for webRTC protocols - others were doing protocol implementations, testing, or even redesigns - the largest table being (of course) devoted to QUIC interoperation testing.
This get-together is felt by the participants to be important - it lets people argue on the basis of “this works, this does not” rather than “this is not elegant” or “I feel this is not implementable” - and thus serves to connect the whole community back to its “make it work” roots.
This get-together is felt by the participants to be important - it lets people argue on the basis of “this works, this does not” rather than “this is not elegant” or “I feel this is not implementable” - and thus serves to connect the whole community back to its “make it work” roots.
It’s also a great place for interacting with people whose primary interest is open-source, not specifications.
Prediction: It will grow.
Reorganizations
The IETF decided a year ago that it would reorganize its structure - having done that ten years back, we knew very well that there were some issues with the system. A new strucure is now in place (the “IETF LLC, a disregarded entity of the Internet Society” has been formally incorporated and is in the process of getting its first permanent board), and people are busy at work updating documents to reflect the new structure.
This effort has proved uncontroversial - at the plenary, people were much more interested in worrying about whether we were polite to each other, and whether our disagreements were couched in such a way that we scare away people - it seemed strange to see a technical organization spend so much time worrying about interpersonal relationships and so little time worrying about technological megatrends and their impact on the organization.