**Session Date/Time:** 24 Jul 2022 22:00

# Hot RFC Lightning Talks

## Summary

This session featured a series of lightning talks on a diverse range of current and emerging technical topics relevant to the IETF community. Speakers presented on green networking and sustainability, post-quantum cryptography challenges, the Internet of Secure Elements, attestation in TLS, LEO satellite networking, secure WebRTC, operations and control networks, enterprise security implications of ECH, data-driven network optimization, Multicast QUIC, and network latency. Each presentation highlighted technical problems, proposed solutions, existing work, and called for community engagement and collaboration.

## Key Discussion Points

*   **What Has the IETF Ever Done for Energy? (Torsten)**
    *   Presented a document surveying IETF's contributions to energy saving, both incidental (e.g., efficiency from digitized solutions, internet scale) and specific (e.g., low-power networks, smart grids, E-MAN working group).
    *   Aimed to educate the community, foster interest in new work, and broaden technology adoption.
    *   Invited community feedback and contributions to the document.
*   **Challenges and Opportunities in Green Networking (Alexander)**
    *   Built on the previous talk, emphasizing sustainability as a grand challenge and the network's role.
    *   Identified opportunities and challenges at four levels:
        *   **Device/Equipment**: Need for proper instrumentation and visibility into energy metrics.
        *   **Protocol**: Traffic adaptation, energy-friendly traffic characteristics, fast discovery for dynamic resource management, efficient network addressing.
        *   **Network**: Energy-aware routing, control protocol extensions for sustainable path configuration.
        *   **Architecture**: Energy-conscious placement of content and computation.
    *   Introduced two drafts: a problem statement and a specific draft on metrics and instrumentation.
*   **Challenges and Opportunities of Post-Quantum Cryptography (Sophia)**
    *   Highlighted NIST's selection of post-quantum algorithms for key exchange and digital signatures, marking a critical milestone.
    *   Noted that PQ algorithms often have larger parameter sizes and/or higher computational times, impacting network latency and protocols.
    *   Discussed the lack of traditional Diffie-Hellman properties in many PQ algorithms and the challenges for protocols like TLS, WireGuard, and Signal.
    *   Mentioned the IETF PPQM (Post-Quantum Messaging) group and the need for generic designs and potential protocol changes.
*   **Internet of Security Elements (IoSE) (Pascal)**
    *   Focused on connecting secure elements (e.g., smart cards, SIMs, e-passports) to the internet as online cryptographic resources identifiable by URIs.
    *   Identified challenges including the lack of a TCP/IP stack in secure elements, requiring additional processors.
    *   Outlined the need for defined protocols to access secure element resources, naming conventions, and attestation procedures.
    *   Presented three IETF drafts: ROX (Global Platform over TLS), TLS-SC (TLS PSK in secure element), and IoSE (attestation procedures).
    *   Mentioned open-source software implementations available for these concepts.
*   **Attestation within TLS (Hannes)**
    *   Addressed the need for device attestation (e.g., genuineness, configuration, running software) in IoT device enrollment with cloud services, as explored by the RATS (Remote ATtestation procedures) working group.
    *   Proposed integrating attestation with TLS by augmenting the TLS exchange with attestation information and providing proof of possession.
    *   Described a software solution combining embedTLS (TLS 1.3), a platform-agnostic security hardware library (BASIC), and a cloud verification service (Veriza).
*   **LEO Satellite Networking: Flying Infrastructure for Future Internet (Lynn Hahn)**
    *   Emphasized LEO satellites as key components of Non-Terrestrial Networks (NTN) due to low latency, high bandwidth, and global coverage.
    *   Detailed unique challenges: high-speed satellite movement causing interleaved mesh networks, rapid link flipping with ground stations, and dynamic inter-satellite distances.
    *   Argued for IP networking in LEO for scalability, internet interworking, and alignment with 3GPP expectations, despite existing non-IP solutions.
    *   Highlighted current IP technology limitations in addressing, routing, traffic engineering, multipath, and mobility for LEO.
*   **Secure Open Standards for WebRTC (Phil)**
    *   Critiqued the current state of WebRTC where open standards are often hidden behind proprietary "walled gardens."
    *   Advocated for user control over communication (provider choice, address portability, not using phone numbers for messaging).
    *   Stressed the need for security beyond basic end-to-end packet encryption, addressing vulnerabilities in contacts directories and single-vendor applications that can be exploited by hostile entities.
    *   Proposed completing the messaging stack by integrating a Threshold Key Infrastructure (TKI) with WebRTC, allowing users to control contacts and choose application providers.
*   **Challenges and Opportunities in Operations and Control Networks (OCN) (Lee Jindong)**
    *   Presented the rising need for sophisticated, flexible, and interoperable controllers in automated factories and remote driving scenarios, often involving cloud-based virtualization.
    *   Defined OCN as the interconnection of devices and controllers for data exchange, monitoring, and causing changes to end equipment, requiring guaranteed end-to-end latency and urgent packet prioritization.
    *   Identified key issues: using IP for controller-to-field device interconnection, high-precision communication, granular QoS, media diversity (5G, Ethernet), field bus protocol conversion, addressing (auto-configuration, header compression), message types, and security.
*   **ECH for Enterprises: Operational Security Concerns (Arnaud)**
    *   Discussed the impact of Encrypted Client Hello (ECH) on enterprise operational security, particularly the removal of SNI access, which pushes security to the endpoint.
    *   Raised concerns about the trustworthiness of client devices and browsers for security controls (e.g., data loss prevention, attack detection), as they cannot be both "judge and party."
    *   Questioned whether ECH shifts the security model to cloud-facing servers, potentially reintroducing a "middlebox" problem.
    *   Called for clarification on client-facing server protocols and methods for integrating third-party security components.
*   **Data-Driven Approach to Tackle Network Diversity with Heterogeneous Protocol Configurations (Gusama)**
    *   Highlighted that Content Delivery Networks (CDNs) typically use homogeneous protocol configurations (e.g., TCP, HTTP) for all users, despite significant user and network diversity.
    *   Presented measurements showing up to 70% improvement in page load times by using optimal, connection-specific configurations.
    *   Proposed a system with two components: a data path (modified networking stack at the server for flexible, per-connection reconfiguration) and a global control path (using algorithms and machine learning to predict optimal configurations).
    *   Advocated for investing in flexible networking stack architectures that dynamically adapt to user conditions.
*   **Multicast QUIC (Jake)**
    *   Addressed the problem of unicast for certain applications and proposed using IP multicast with QUIC.
    *   Described the basic idea: a single unicast connection, server tells client to join multicast channels, client sends ACKs, and multicast is server-to-client only, aligning with SECDISPATCH 112 security considerations.
    *   Seeking to develop a prototype and gather feedback on the draft.
*   **Network Latency: Why it Matters, How to Measure it, What to Do About it (Stuart)**
    *   Argued that latency, not just throughput, is crucial for most user experiences (e.g., apps, gaming, video seeking).
    *   Introduced new measurement tools: Apple's in-app diagnostics showing "round trips per minute," Waveform's bufferbloat test, and Ookla Speedtest's new "working latency" metric (how the network performs under load, not just idle).
    *   Proposed L4S (Low Latency Low Loss Scalable Throughput) as a solution, a congestion control method that keeps queues short at bottleneck links using ECN marks to reduce round-trip delay.
    *   Referenced hackathon work and resources like the IETF BITAG report on latency.

## Decisions and Action Items

*   **Torsten (Energy document)**: Feedback requested, contact authors for contributions.
*   **Alexander (Green Networking)**: Feedback requested on drafts, seeking collaborators. Informal side meeting planned for Tuesday from 1 PM to 2 PM in Salon 9.
*   **Sophia (Post-Quantum Cryptography)**: Participation invited for a workshop collocated with NIST in November. Join the IETF SPQC (Secure Protocol for Quantum Cryptography) group for continued discussion.
*   **Pascal (IoSE)**: Call for research and collaboration on IoSE drafts and implementations.
*   **Hannes (Attestation in TLS)**: Seeking collaborators for those with similar attestation systems.
*   **Lynn Hahn (LEO Satellite Networking)**: Contact Lynn for interest in contributing or presenting at a planned side meeting at the *next* IETF.
*   **Phil (Secure WebRTC)**: Seeking help on choosing the best path through WebRTC and identifying best-of-breed components for a prototype. Contact Phil for interest.
*   **Lee Jindong (OCN)**: Participation requested for an OCN side meeting on Tuesday lunchtime at the rooftop level.
*   **Arnaud (ECH for Enterprises)**: Join an informal side meeting on Tuesday at 12:30 PM (noon 30) if interested in finding a way forward for enterprise security with ECH.
*   **Gusama (Data-Driven Networking)**: Seeking interest and collaboration on flexible networking stack architectures. Gusama will be available in Philadelphia for discussions.
*   **Jake (Multicast QUIC)**: Feedback requested on the draft, seeking reviewers. Contributions to the W3C Multicast Community Group implementation are welcome. Discussion in the QUIC WG on Thursday.
*   **Stuart (Network Latency)**: Attend L4S side meeting on Monday and a measurement discussion on Friday.

## Next Steps

*   **Green Networking**: Informal side meeting on Tuesday (1-2 PM, Salon 9) to discuss challenges, opportunities, and drafts.
*   **Post-Quantum Cryptography**: Workshop in November (collocated with NIST) and ongoing discussions within the IETF SPQC group.
*   **LEO Satellite Networking**: Side meeting planned for the *next* IETF to discuss challenges and potential IP solutions.
*   **Operations and Control Networks**: Side meeting on Tuesday lunchtime (rooftop level) to explore issues and opportunities in OCN.
*   **ECH for Enterprises**: Informal side meeting on Tuesday (12:30 PM) to discuss forward paths for operational security.
*   **Multicast QUIC**: Further discussion planned in the QUIC working group on Thursday; continued work on prototype implementation with the W3C Multicast Community Group.
*   **Network Latency (L4S)**: L4S side meeting on Monday; measurement discussion on Friday.