For my final IETF day I'm going to include a photo that someone else took of the meeting hotel and the road in front of it on Sunday, when the road was flooded (click it to see it full-sized). You can see the depth of the water from the car that's attempting to drive through. Happily, as I said the other day, the water was gone on Monday morning and the weather the rest of the week was fine, if chilly.
TechSpec — Requirements for IETF Technical Specification Publication BOF
TechSpec is a review of the requirements for the process and structure of technical specification publication that is critical to the IETF's work. Initial input comes from draft-mankin-pub-req. TechSpec's scope includes documents that currently go through the IESG, IAB, and IRSG development process — but not individual submissions — and looks at the tasks and performance requirements on the technical publisher.
There was a great deal of discussion on the tasks, the timeframes, how changes are effected, the document formats, identification and access to documents (so that other documents may refer to them), and other topics. I'm not going to attempt to summarise the extensive, and sometimes heated, discussion. Wait a bit for the minutes to be posted, then find them here (search for "techspec").
Security Area Directorate Open Meeting
We had status reports from each of the Security Area working groups, and from the one BOF that the area had this meeting (Handover and Application Keying). That was followed by presentations from four projects that are interested in input from the Security Area:
- CAPWAP, the Control and Provisioning of Wireless Access Points working group in the Operations and Management Area. They introduced their work, and requested a Security Area advisor. They are defining a protocol to control and provision wireless access points, and the protocol includes things like access point configuration and control, network access-control decisions, cryptographic session keys, and user data.
- Authentication for TCP-based Routing and Management Protocols. The draft specification, draft-bonica-tcp-auth, proposes an enhanced TCP authentication option, a system for key rollover, and stronger cryptography than the MD5-hash-based one currently in use. The presentation covered some options that were considered and rejected, and explained how they came to the decisions they did. There was some discussion in the room about the mechanism used for key rollover, and the reasons for using it.
- Mutual OATH HOTP Variants. OATH is a group of companies working together to help drive the adoption of open strong authentication technology across all networks. They aim to get rid of static passwords, replacing them with strong, 2-factor authentication, using open and royalty-free specifications. Mutual OATH is pased on HOTP (RFC 4226), and the presentation described the algorithm.
- Cryptographic Token Key Initialization Protocol (CT-KIP). CT-KIP is a client-server protocol for initialization and configuration of cryptographic tokens with shared keys, and was developed by RSA Security. The presentation described the protocol, the status of the work, and future plans. The protocol is described in detail in the draft specification, draft-nystrom-ct-kip.