Markdown Version | Session Recording

Session Date/Time: 02 Nov 2025 23:00

HOTRFC

Summary

The HOTRFC session featured a series of lightning talks, each presenting a novel idea, problem statement, or call for collaboration within the IETF/IRTF community. The session aimed to inspire hallway conversations and gauge interest in potential new work. Presenters were limited to four minutes, concluding their talks upon applause without Q&A.

Key Discussion Points

• Gaps in Confidential Computing (Muhammad):
  • Problem: Existing IETF working groups (RATS, WIMSEY, TLS) do not fully cover critical aspects of confidential computing, particularly hardware details, transport layer abstractions, and the inherent conflict with platform trust assumptions in WIMSEY. Widely exploited attacks (e.g., Bettering Cram, T-Fail, Wiretap) are not adequately addressed.
  • Proposal: Propose an IRTF Research Group (RG) to tackle these challenges.
• Efficiency for Classic Flows with Alternative Backoff with ECN and L4S (Mohit):
  • Problem: Classic TCP senders using L4S treat ECN marks and packet drops identically, leading to fixed congestion window (CWND) reduction and a lack of incentive to enable ECN.
  • Proposal: Apply Alternative Backoff with ECN (ABE) (RFC 8511) to classic TCP flows within the L4S architecture. ABE allows less aggressive CWND reduction for ECN-marked packets, providing an incentive for classic senders to utilize ECN. Preliminary results show improved fairness and sending rates for Cubic flows when ABE is enabled with Prague flows in L4S.
• Secure Enrollment to Time-Based One-Time Passwords (Brian Kuntari):
  • Problem: Current TOTP QR codes expose unencrypted, non-expiring secret keys, usernames, and application names, posing significant security risks when distributed via insecure channels or found in data dumps.
  • Proposal: Replace the secret key in the QR code with a single-use HTTP URL. The authenticator app would fetch the secret key from the server via this URL, ensuring confidentiality and a fail-safe one-time redemption.
• Problem Statements and Regard for Real Virtual Agent Protocol (RVP) (Yunfel Zang):
  • Problem: Existing protocols like M2A and A2A are insufficient for embodied intelligence networks in physical-digital continuums. They fail to address diverse agent forms (physical and digital), complex non-peer-to-peer physical/social/production relationships, and cross-domain heterogeneous communication, leading to identity fragmentation and real-time data integration issues.
  • Proposal: Introduce RVP to unify communication between physical and digital agents, supporting hierarchical, heterogeneous, and partially centralized coordination for real-time physical data loops and embodied intelligence.
• AI-Native Network Operations (Guan Ming):
  • Problem: Traditional network protocols like NetConf are inadequate for AI-driven, multi-agent, and agile operations in AI-native network scenarios. Even newer AI-related protocols (MCP, A2A) have gaps when applied to specific network use cases.
  • Proposal: Analyze the limitations of NetConf and propose extensions to MCP and A2A to better support AI-native network operations, including use cases for measurement and troubleshooting.
• Open Cloud Mesh (OCM) (Mick Norton):
  • Overview: OCM is a recently chartered working group focused on secure, federated file sharing. A demonstration illustrated the end-user experience, including sending/accepting invitations (via email/Matrix) and sharing files between different OCM providers (e.g., Nextcloud, CERNbox, EU EOSC).
  • Technical Details: The protocol is transport-agnostic, using bearer tokens and WebDAV for authentication, and various metadata exchanges for discovery.
• A New Theory on PQ Migration (Hybrid Signatures) (Gulin Wang):
  • Problem: The uncertain timeline for the availability of quantum computers complicates post-quantum (PQ) migration strategies. A simple switch from traditional to PQ algorithms carries risks depending on the timing.
  • Proposal: A cognitive analysis suggests that hybrid signatures significantly reduce total risk during the uncertain transition period. Quantitative analysis, assuming specific risks for traditional (1/1000) and PQ (1%) signatures and an 18% chance of quantum computer availability, showed that hybrid signatures reduce overall risk by approximately five times compared to using only PQ signatures.
• Proof of Presence using Wi-Fi CSI (Lorenzo):
  • Problem: There is a lack of interoperable physical proximity evidence for attestation in IETF specifications (e.g., for financial transactions or device authentication), and existing standards like 802.11bf do not provide mechanisms to attest the presence of a person or device.
  • Proposal: Utilize Wi-Fi Channel State Information (CSI) for "Proof of Presence" systems (e.g., "Handpas" for palm hand authentication). The goal is to bridge E3POLI sensing with IETF attestation and identity frameworks, developing minimal, interoperable, and sensor-agnostic indicators of presence.
• Ethical ISP Infrastructure (Julia):
  • Problem: Small, non-profit ISPs face numerous legal obligations (e.g., connection logging, traffic interception, DNS/IP blocking, rapid Piracy Shield blocking without oversight) that conflict with user privacy and security. Traditional ISP architectures make implementing technical defenses challenging.
  • Proposal: Leverage the flexibility of a small, non-profit ISP (rented infrastructure, control over edge routers and CPE, use of general-purpose machines) to experiment with technical defenses and attestation against legal mandates, aiming to improve user security and privacy.
• KIRA: Scalable Zero-Touch Routing (Roland):
  • Problem: Control plane connectivity is an overlooked but critical issue, as evidenced by major network outages (e.g., Facebook 2021, Google's finding of >50% outages from control plane issues). Networks are growing in complexity.
  • Proposal: KIRA (K-Identifier Routing Architecture) offers a solution for resilient, autonomous, and scalable control plane connectivity. It's designed for zero-touch configuration (preventing misconfiguration), supports diverse topologies and mobility, and provides add-on services like efficient topology discovery and a distributed key-value store.
• PARCEP: Parental Controls Protocol (Andrew):
  • Problem: Existing parental control systems across different ecosystems (device, app, network) lack interoperability, creating complexity and inconsistency for parents. External pressures (regulations, legislation, UN concerns) necessitate a better, community-driven solution to protect children.
  • Proposal: Develop PARCEP (Parental Control Protocol) to enable interworking between various parental control systems, allowing communication and consistent application of settings across different environments (analogous to MIMI for instant messaging).

Calls for Engagement and Follow-up

Presenters invited community involvement through various channels:

• Muhammad (Confidential Computing): Seeks collaborators knowledgeable in TLS, remote attestation, formal methods, confidential computing, and guidance on bringing work to IRTF. A side meeting is planned for further discussion.
• Mohit (ABE for Classic Flows with L4S): Seeks collaborators to test ABE in L4S in real deployments, particularly concerning fairness (Linux and NS3 implementations are available).
• Brian Kuntari (Secure TOTP Enrollment): Encourages comments, code, and collaboration via the Security Area Advisory Group mailing list or direct chat.
• Yunfel Zang (RVP): Slides are available online; encourages interested parties to reach out with thoughts.
• Michael (UK NCSC): Announced a side meeting on Tuesday at 11:45 to discuss real-world cybersecurity risks and defenses, inviting broad participation and collaborative knowledge sharing.
• Guan Ming (AI-Native Network Operations): Refers interested parties to IETF drafts available online for detailed information on proposed extensions to MCP and A2A.
• Mick Norton (OCM): Invites attendees to talk to him directly and join the OCM working group mailing list.
• Gulin Wang (PQ Migration): Seeks more discussion and thoughts on the policy and reasoning behind hybrid signatures.
• Amrith Kumar (ARMoR Research Group): Encourages interested individuals to join the new mailing list [email protected]. Announced a side meeting on Tuesday at 7 PM in Duluth for presentations and discussion on future directions.
• Lorenzo (Proof of Presence): Invites discussion on the possibility of creating new IETF work items (e.g., a NET, token, informational RFC, or BoF) to define interoperable indicators of physical presence.
• Julia (Ethical ISP Infrastructure): Seeks community help and collaboration for experimenting with their ISP infrastructure to develop technical defenses and improve the status quo regarding privacy and security.
• Roland (KIRA): Seeks IETF standardization (Internet Draft available, suggesting the routing WG list), operators, and early implementers. Announced a public side meeting on Thursday at 2:45 PM in McGill.
• Andrew (PARCEP): Invites interested parties to work on designing the PARCEP protocol. Announced a side meeting on Tuesday at 7 PM in Duluth to discuss the proposal and next steps.

Note: The chair's opening remarks also included a reminder about the revised "Note Well" and general IETF 124 meeting resources (Meetecho, tech assistance, IAB New Work Help Desk).