Schu0201_IETF

Download Report

Transcript Schu0201_IETF

IETF 52 – Salt Lake City
December 2001
Henning Schulzrinne
Columbia University
Siemens, Jan. 2002
Overview



General remarks about IETF 52
WG-oriented, but talk about technology
directions
Areas:









User services
Applications
Transport
Operations and Management
Security
Routing
Internet
Sub-IP
IAB and IESG plenary
General remarks


1804 attendees (San Diego: 2801,
Minneapolis: 2080)
no major issues, but some are coming
up on the horizon:





IDNS getting close (to failure?)
new routing architecture
content and copyright protection
resource reservation (for mobile?)
replacement for IKE (IPsec key exchange)
User Services


RUN (responsible Internet use)
USWG (user services)
Applications Area













ACAP
APEX
BEEP
CALSCH
DELTAV
EDIINT
FAX
FTPEXT
GEOPRIV
IMAPEXT
IMPP
IPP
LDAPBIS















LDAPEXT
LDUP
MSGTRK
NNTPext
PRIM
PROVREG
RESCAP
SIMPLE
TN3270E
TRADE
URN
USEFOR (news article format)
VPIM
WEBDAV
WEBI
Geopriv





User location and location privacy
Privacy by hiding and fuzziness
Mainly geographic (long/lat) location,
but civil (street) also important
Model not clear – who controls, who
provides locations
Other bodies (Location Interop Forum)
active
CNRSS BoF





DNS being overloaded as a search service
Particularly bad for non-roman languages –
many ways to describe same service
Return URIs of services, not domain names of
hosts
Facets (Properties)
Related to name retrieval services like CNRP,
Real Names
Transport












AVT
DIFFSERV
ENUM
IPPM (performance metrics)
IPS (IP storage)
IPTEL (IP telephony)
ISSLL (intserv)
MALLOC (mcast addr. alloc.)
MEGACO (H.248)
MIDCOM (NATs & FWs)
NAT
NSFv4











NSIS (next steps in signaling)
PILC (TCP for special links)
PWE3 (pseudo-wire)
RMT (reliable multicast)
ROHC (robust header compr.)
RSERPOOL (server pools)
SEAMOBY (context, handoff, alerting)
SIGTRAN (sign. transport)
SIP, SIPPING
SPIRITS (Internet call waiting)
TSVWG
AVT (Audio-Video Transport)







Around since 1992…
RTP to Draft Standard
MPEG4 over RTP
New RTCP scalable feedback mechanism
Retransmission requests
Secure RTP
AMR, AC-3, EFR, MIDI and other codecs over
RTP
IPtel (IP telephony)



TRIP (interdomain routing) finished
TRIP MIB
Intradomain gateways




liveness
current capacity
capabilities (carriers, routes)
Two proposals:


TRIPlite
SLP
MMUSIC




SDP and RTSP to Draft Standard
Key management for SDP
Offer-answer model for unicast
SDPng


XML-based
improved negotiation
MIDCOM

“Middleboxes”




firewalls
NATs
Control protocol to open up ports and
set up paths
Pre-MIDCOM: Shipworm, STUN, TURN


find out global address
open up path by sending outbound packets
SIP

SIP revision (“RFC2543bis”) almost done:

semantically-oriented rewrite








layers: message, transport, transaction, transaction user
SDP extracted into separate draft
UA and proxy have the same state machinery
better Route/Record-Route spec for loose routing
no more Basic authentication
few optional headers (In-Reply-To, Call-Info,
Alert-Info, …)
Integration of reliable provisional responses and
server features
DNS SRV modifications
SIP

SIP revision backwards compatible





“new” messages work with RFC 2543
implementations
some odd allowed RFC 2543 behavior no
longer allowed
CPL almost finished – merger with iCal
sip-cgi published
IM & presence mostly done, except for
IM sessions (over TCP) – IMTP, BEEP
SIP, SIPPING

Work continues on staples:







early media (announcements)
resource reservation (COMET)
SIP security
SIP events
User identification
Call transfer and call control
Now three SIP working groups:



SIP for protocol definition and extensions
SIPPING for applications and “vetting”
SIMPLE for IM & presence
IEPS (Internet Emergency Preparedness)
BoF

Emergency communication for civil authorities





resource scarcity due to overload
network under attack
PSTN has multi-layer priority (MLPP, GETS)
Conclusion: not much new needed; document
existing tools (DiffServ, admission control)
SIP Resource-Priority header
NSIS: Next Steps in Signaling

Early WG to look at resource
reservation (requirements) again


particularly with mobility?
Options:



RSVP enhancements or profile
new light-weight protocol
MobileIP enhancements
DCP: Datagram Control
Protocol


Proposal for modular protocol
Like TCP or SCTP:


anti-DOS (require echo)
congestion control – but negotiable type



rate-based?
TCP-like
Unlike TCP/SCTP:



unreliable
non necessarily in-order
datagrams, not byte stream
Operations and Management











AAA
ADSLMIB
AGENTX
BMWG (SNMP agent ext.)
BRIDGE
DISMAN
DNSOP
ENTMIB
EOS (Evol. of SNMP)
HUBMIB
IPFIX











MBONED (mcast. deploy.)
MULTI6 (IPv6 multihoming)
NASreq (NAS req.)
NGTRANS (IPv6 trans.)
POLICY
PTOMAINE (BGP meas.)
RAP (COPS resource alloc.)
RMONMIB
SMING
SNMPCONF
SNMPv3
Security










AFT (auth. firewall trav.)
CAT (common auth.)
IDWG (intrusion detection)
IPsec
IPSP (security policy)
IPSRA (remote access)
KINK (Kerberos interdomain)
KRB-WG (Kerberos)
MSEC (multicast)
OPENPGP









OTP (one-time pw.)
PKIX (public key infrastruct.)
SACRED (secure cred.)
SECSH (ssh)
SMIME
STIME (secure time)
SYSLOG (logging)
TLS
XMLDSIG (XML sigs)
IPsec


IPsec stable – but just packet format,
not key exchange
IKE considered to have problems:




hard to implement (badly written spec)
subtle crypto problems
too many options
New proposals, e.g., JFK (just fast
keying)
Routing








BGMP (BG mcast)
FORCES (forward./control)
IDMR (interdomain mcast)
IDR (interdomain rtg.)
ISIS
MANET
OSPF
PIM




RIP
SSM
UDLR (unidir. link routing)
VRRP (virt. router redund.)
Internet Area








ATOMMIB (ATM MIB)
DHC (DHCP)
DNSext
IDN (int. DNS)
IFMIB
IPCDN (IP o. cable data)
IPFC (IP over fibre channel)
IPOIB (InfiniBand)







IPV6
ITRACE
L2TPext
MAGMA (mcast)
MOBILEIP
PANA (NA auth.)
PPPEXT
PANA: Protocol for carrying
Authentication for Network Access




Currently, use PPP for authentication,
even where not needed (PPPoE)
Or use L2-specific protocols, such as for
802.11 (e.g., EAP for 802)
Goal: design common IP-layer protocol
that talks to AAA device (PAA)
Particularly for IPv6 mobile devices
IDN: Internationalized domain
names


Keep DNS content to A-Z, 0-9, —
Transformation of input characters







map: lowercase, hyphens
normalize (Unicode)
look for prohibited input
transform to ASCII subset (e.g., Punycode)
add prefix (jk--) and use normal DNS
Applications may still have difficulties with
host names
May not work with CJK characters – equality
may be language-dependent
Mobile IP

IPv6 security





securing MIPv6 binding updates
home address option vs. tunnelling
piggybacking of binding updates
Low-latency (v4) and fast (v6) handoffs
Localized mobility management
Sub-IP







CCAMP (common control and measurement)
GSMP (general switch management)
IPO (IP over optical)
IPORPR (IP over resilient packet rings)
MPLS
PPVPN (provider-provisioned VPNs)
TEWG (traffic engineering)
IETF BoFs
CDI
DCP
content distribution (web caching)
interworking
datagram control protocol
IEPREP
Internet emergency preparedness
INCH
exchange of security incident information
INTLOC
Internationalization of Internet protocols
(other than DNS and similar)
IP path tracing via sampling (DOS attacks)
IPPT
IRNSS
 Internet resource name search
(directory system for lookups)
IETF BoFs
MPLSOAM
OAM for MPLS (“ping”, “traceroute”, …)
NDMP
tape backup and recovery
NMSEC
security requirements for SNMP and
COPS
content-delivery modification services
(“callout” protocols)
Operator requirements for network
management (incl. configuration)
remote direct memory access
OPES
OPS-NM
ROI
IAB and IESG


Efficiency and openness of IESG
processes
IAB:


Does DCMA affect IETF security work?
I18N?