HOTRFC

Summary

The HotRFC session at IETF 125 featured 16 lightning talks covering a wide array of emerging technical topics. A significant portion of the session focused on the intersection of Artificial Intelligence (AI) and networking, specifically regarding AI agent communication, discovery, authentication, and auditability. Other major themes included enhancements to network management via Knowledge Graphs, improvements to BGP FlowSpec visibility, encrypted container formats for large files, and formal security analyses of TLS attestation.

Key Discussion Points

AI and Agentic Networking

Enhancing Multi-Agent Collaboration Context and AuthZ
- Jingyang Li and Shaoyi Yang discussed context fragmentation and authorization friction in multi-agent systems.
- Proposed a structured semantic schema to track task states and dependencies to reduce token overhead.
- Suggested up-front metadata for security requirements to aggregate OAuth scopes and prevent consent fatigue.
Agentic Network Knowledge Graph
- Mingjie Xing presented a framework for using Knowledge Graphs to assist network management, addressing data overload and vendor silos.
- Proposed an intelligent interface to translate natural language or DSL into graph query languages (e.g., Cypher).
Agent Communication Gateway for Semantic Routing and Working Memory
- Wang Zan introduced "OpenGateway," an open-source project for cross-domain agent collaboration.
- Key features include protocol translation for heterogeneous agents, task orchestration with feedback, and zoned short-term memory (working memory).
AI Agent Discovery and Invocation Protocol
- Yihan proposed the AI Agent Discovery and Invocation Protocol (AIDIP) to address platform silos.
- The protocol includes a standard JSON metadata spec and a semantic resolution mechanism to determine the best agent for a specific task.
Verifiable Agent Conversations Records
- Henk Birkholz highlighted the need for authentic, tamper-evident logs for AI agent communications.
- Proposed a CDDL schema using COSE Sign-1, integrated with transparency logs (SCITT) for auditability and live analysis.
AI Agent Authentication and Authorization
- Yaroslav and Brian argued that AI agents should be treated as "workloads" rather than inventing new protocols.
- Recommended using existing IETF standards like WIMSE and OAuth for agent identification, attestation, and delegation.

Security and Attestation

SAFE Sealed, Algorithm-Flexible Envelope
- Nick Sullivan presented SAFE, an encrypted container format for large files.
- Introduced Random Access Authenticated Encryption (RAAE), allowing for seeking and updating blocks without full file decryption.
- Features a "lock" abstraction supporting multi-factor and post-quantum combinations.
Long-Term Persistence of Attacker Infrastructure Across DNS Intelligence and Honeypot Observations
- Yuanyuan Zhou shared research on attacker infrastructure. While most infrastructure is short-lived, a small fraction persists for over 10 years and evolves in functional diversity.
Formal Proof of Insecurity of Intra-handshake Attestation
- Usama presented a formal analysis showing that "intra-handshake" attestation in TLS is vulnerable to relay and diversion attacks.
- Proposed using post-handshake attestation as defined in draft-saati-suit-exp-atttls, leveraging RFC 9261 (Exported Authenticators).
Bridging the Transparency Gap: Distributed Remote Attestation
- Yuning discussed scaling remote attestation across domains.
- Proposed using a Distributed Ledger to publish reference values and endorsements to solve the transparency gap between different administrative domains.

Network Operations and Architecture

Alternate marking usage for loss location in per-packet load balancing networks
- Kepeng Li addressed loss location in packet-spraying networks (e.g., NVIDIA Adaptive Routing).
- Proposed alternate marking as an efficient way for switches to detect silent packet loss in real-time.
Does the End-to-End Argument still matter?
- Carlos questioned the validity of the classical end-to-end principle in the era of IoT and edge processing.
- Argued for a redefined "end-to-end" that accounts for the continuum of processing stages.
High Performance transmission over public and shared networks (HP-WAN)
- Dengyue Huang proposed the HP-WAN framework to improve wide-area data transfers.
- Discussed host-network collaboration for rate negotiation (max/min rates) to eliminate the "seesaw effect" in traditional congestion control.
Open Cloud Mesh – Recent Developments
- Mickel Grönvall provided updates on the Open Cloud Mesh (OCM) federation protocol.
- Recent updates in the working group draft (v3) include SSH/SFTP access methods, token exchange alignment with OAuth, and HTTP message signatures (RFC 9421).
Feedback Optimization Framework for BGP FlowSpec
- Yujia discussed the lack of visibility regarding FlowSpec rule enforcement.
- Proposed a telemetry-based feedback loop to report installation status and hit statistics to the control plane.
Access Line Chaos
- Christian Giese addressed the fragmentation of access line attributes (PPPoE, DHCP, RADIUS) across IETF and Broadband Forum documents.
- Announced plans for a consolidated draft to ensure all attributes in production are properly reserved in IANA.

Decisions and Action Items

Access Line Attributes: Christian Giese will work on a consolidated draft for access line attributes to resolve number space conflicts between IETF and the Broadband Forum.
BGP FlowSpec: Yujia will present detailed feedback action extensions at the IDR working group meeting.
AI Agent Identity: Yaroslav and Brian invited participants to the Dispatch session to discuss the framework for agentic AI identity.

Next Steps

Participants are encouraged to review the draft draft-saati-suit-exp-atttls regarding post-handshake attestation.
Collaborators are sought for the "Does the End-to-End Argument still matter?" research and the OpenGateway project.
The next HotRFC session will be held at IETF 126 in Vienna.

Automatic IETF Minutes