SlideShare a Scribd company logo
©!Men!&!Mice!!http://menandmice,com!
IETF!89!Review
12.!March!2014
1Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
IETF
•The!Internet!Engineering!Task!Force!(IETF)!is!a!large!
open!international!community!of!network!designers,!
operators,!vendors,!and!researchers!concerned!with!
the!evolution!of!the!Internet!architecture!and!the!
smooth!operation!of!the!Internet.!It!is!open!to!any!
interested!individual.!The!IETF!Mission!Statement!is!
documented!in!RFC!3935.
• http://www.ietf.org/about/
2Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Agenda
• IETF!89!in!London!
• DNS
• DNSSEC!/!DANE
• DHCP
• IPv6
• the!following!information!is!an!excerpt!of!the!IETF!working!group!
activities
• for!a!full!overview!of!all!activities!at!IETF!89,!see!
https://datatracker.ietf.org/meeting/89/materials.html
3Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS
4Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
published!new!RFCs!since!last!IETF
RFC Title Category
6950
Architectural Considerations on Application Features in the
DNS
Informational
7043
Resource Records for EUI-48 and EUI-64 Addresses in the
DNS
Informational
7050
Discovery of the IPv6 Prefix Used for IPv6 Address
Synthesis
Standards Track
7129 Authenticated Denial of Existence in the DNS Informational
5Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNSE!BoF
•Confidentiality!and!Privacy!in!DNS
•DNS!traffic!reveals!a!lot!of!information!about!a!user
•IETF!has!a!plan!to!harden!all!Internet!protocols!agains!
pervasive!monitoring
•DNS!is!no!exception
6Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNSE!BoF
• the!problem!statement!has!been!presented!and!discussed
• some!proposed!solutions!have!been!presented
• DTLS!(TLS!for!UDP,!RFC!6347)
• DNScrypt/DNScurve
• CGA-TSIG
• Confidential!DNS
• t-DNS!(StartTLS!for!TCP!DNS)
• discussion!continues!on!the!mailing!lists!(DNSOP)!about!possible!solutions!and!
their!operational!impact
7Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNSOP
•Revived!documents:
•Initializing!a!DNS!Resolver!with!Priming!Queries!
(draft-ietf-dnsop-resolver-priming)
•the!initial!queries!a!DNS!resolver!is!supposed!to!emit!to!
initialize!its!cache!with!a!current!NS!RRSet!for!the!root!zone!as!
well!as!the!necessary!address!information.
• the!“root-hints”!file!and!how!DNS!caching!server!use!it
• how!long-running!DNS!servers!update!the!root-hint!information
8Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNSOP
•Revived!documents:
• DNSSEC!Key!Timing!Considerations!
(draft-ietf-dnsop-dnssec-key-timing)
• Explains!the!relationships!between!the!parameters!used!in!a!
DNSSEC!key!rollover
• important!for!implementers!of!DNSSEC!key-rollover!automation!
software
• and!DNS!administrators!that!plan!manual!DNSSEC!key!rollover
9Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Special!Names
•RFC!6761!“Special-Use!Domain!Names”!defines!a!
registry!of!domain!names!that!are!“special-use”!
domain!names
•“.local”!for!multicast-DNS!and!local!service!discovery!
10Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Special!Names
•“Special-Use!Domain!Names!of!Peer-to-Peer!Systems”!
(draft-grothoff-iesg-special-use-p2p-names)
• proposes!to!add!new!names!to!the!special-names!registry:!".gnu",!
".zkey",!".onion",!".exit",!".i2p",!and!!!".bit"
• TOR
• GNUnet
• i2p
• Namecoin
11Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Special!Names
•“The!ALT!Special!Use!Top!Level!Domain”!
(draft-wkumari-dnsop-alt-tld-00)
•proposes!a!single!“.ALT”!(alternate)!TLD!for!special!names
•this!TLD!can!be!“blacklisted”!in!DNS!caching!server!
software!to!prevent!leakage!of!these!names!into!the!
“normal”!Internet!DNS!(Root-Name!Server!System)
12Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
•Domain!Name!System!(DNS)!Cookies!
(draft-eastlake-dnsext-cookies)
•DNS!cookies!are!intended!to!provide!significant!but!limited!
protection!against!certain!attacks!by!off-path!attackers.!
•These!attacks!include!denial-of-service,!cache!poisoning!and!
answer!forgery.
•cookies!are!some!random!data!identifying!a!DNS!server,!
send!inside!the!EDNS0!“OPT”!record
13Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
www.example.com IN A?
Authoritative DNS
Caching/Resolving DNS
Attacker
14Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
www.example.com IN A?
www.example.com IN A?
+ Resolver cookie in OPT
Auth DNS server stores
resolver cookie
15Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
www.example.com IN A?
www.example.com IN A?
+ Resolver cookie in OPT
Auth DNS server stores
resolver cookie
www.example.com IN A 192.0.2.1
+ server cookie in OPT
Cache DNS server stores
auth-server cookie
16Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
www.example.com IN A?
www.example.com IN A?
+ Resolver cookie in OPT
Auth DNS server stores
resolver cookie
www.example.com IN A 192.0.2.1
+ server cookie in OPT
Cache DNS server stores
server cookie
www.example.com IN A 192.0.2.1
17Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
www.example.com IN AAAA?
+ Resolver cookie in OPT
Auth DNS server has
resolver cookie
www.example.com IN AAAA 2001:db8::1
Cache DNS server has
server cookie
Attacker sends
forged DNS data
18Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
www.example.com IN AAAA?
+ Resolver cookie in OPT
Auth DNS server has
resolver cookie
www.example.com IN AAAA 2001:db8::1
Cache DNS server has
server cookie
Attacker sends
forged DNS data
18Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DNS!cookies
•a!prototype!of!DNS!cookies!(Source!Identity!Token)!
has!been!implemented!in!BIND!9.10
• not!the!same,!but!similar!to!the!IETF-draft
•Beta!1!of!BIND!9.10!is!now!available
•as!there!is!no!RFC!standard,!it!uses!an!experimental!private!
EDNS0!OPT!option!code!(65001)
19Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
getdnsapi
•NLnetLabs,!Verisign!and!No!Mountain!Software!released!a!
new!client!DNS!resolver!library!under!an!open!source!BSD!
license
•based!on!an!original!specification!from!Paul!Hoffman!
(vpnc.org)
•Download!and!information:!https://getdnsapi.net
•Support!for!DNSSEC,!DANE!(TLSA),!new!record!types,!SRV!
record!handling
20Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
getdnsapi
• Platforms!as!of!IETF!89!!
• RHEL/CentOS
• MacOS
• Soon!to!by!available:
• FreeBSD!
• iOS!(now!rough!but!usable)!!
• In!view:
• Windows,!Android
21Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
getdnsapi
•Language!bindings
•Python
•Objective-C
•Java
•JavaScript!(NodeJS)
22Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DANE
23Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
published!new!RFCs!since!last!IETF
No!DANE!related!RFC!documents!have!been
published!since!the!last!IETF
24Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DANE
•DANE!utilizes!DNSSEC!to!provide!opportunistic!
(without!manual!configuration)!encryption!with!our!
without!Certification!Authorities!(CAs)
•there!is!much!interest!in!the!DANE!work!from!other!IETF!
working!groups!and!application!developers
25Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DANE!in!Web-Browser
• RFC!6698!-!The!DNS-Based!
Authentication!of!Named!Entities!
(DANE)!Transport!Layer!Security!
(TLS)!Protocol:!TLSA
• Plugin!for!Firefox,!Opera,!Chrome!
and!Internet!Exporer!available!
https://www.dnssec-validator.cz/
• Internet!sites!start!using!TLSA,!for!
example
https://packages.debian.org
26Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
SMTP!TLSA!in!Postfix
•using!TLS!(Transport!Layer!Security,!formerly!known!as!
SSL)!with!SMTP!(E-Mail!delivery)!has!many!issues
•certificate!validation!is!not!mandatory!(and!often!not!
possible)
•Plaintext!is!the!default,!TLS!is!optional
• “Men!in!the!Middle”!attacker!can!force!plain-text!connections!
through!a!downgrade!attack!(remove!“STARTTLS”!command!
from!conversation)
27Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
SMTP!TLSA
•DANE!specifies!the!use!of!the!TLSA!resource!record!for!
SMTP
•can!make!TLS!connections!mandatory!between!servers!that!
support!TLS
•TLSA!resource!record!holds!a!hash!of!the!server!certificate
shell> dig mx tidelock.de +short
10 ns3.tidelock.de.
shell> dig _25._tcp.ns3.tidelock.de. tlsa +short
3 0 1 76AD75E4F300C2BACBDC9363A337A533F3B3C15CAAFED4E0010D5DD3 52B83935
28Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
TLSA!in!Postfix
•the!Postfix!Mail-Server!2.11!implements!DANE!TLSA!for!SMTP
• Viktor!Dukhovni!from!the!Postfix!team!presented!on!the!
challenges!of!implementing!TLSA!checking!in!applications
• DANE!implementation!in!software!can!be!very!complicated!(easy!to!get!
wrong)
• should!be!handled!by!a!toolkit!(OpenSSL,!GnuTLS,!NSS!...)
•Postfix!author!Wietse!Venema!presented!the!Postfix!TLSA!
implementation!during!FOSDEM!2014!(1!February!2014)
29Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
more!DANE!work
•DANE!for!SIP!(VoIP)
•DANE!for!SRV!records!
(for!Jabber/XMPP!and!other!protocols!using!SRV-
Records)
•as!of!March!2014,!58!Jabber!Server!already!use!DANE!and!
DNSSEC!(!https://xmpp.net/reports.php#dnssecdane )
30Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
more!DANE!work
•OpenPGP!keys!in!DNS
• today,!OpenPGP!key!are!stored!in!central!“key-server”,!such!as!
hks://pgp.mit.edu
• “Using!DANE!to!Associate!OpenPGP!public!keys!with!email!
addresses”!(draft-wouters-dane-openpgp)!proposes!to!store!
OpenPGP!keys!in!DNS!(DNSSEC!secured)
31Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
more!DANE!work
•OpenPGP!keys!in!DNS
• the!owner-name!of!the!OPENPGPKEY!Record!is!the!SHA224!hash!
of!the!user!portion!of!an!E-Mail!address
• the!user!part!of!an!E-Mail!address!can!contain!characters!illegal!
in!DNS!names!
• Example!(for!paul@nohats.ca)
shell> echo -n "paul" | openssl dgst -sha224
ab16de0656382d91838914109ab89a0a4e04321550a1a20ace7a8b66
SHA224!
hash!of!the!
username
32Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
more!DANE!work
• OpenPGP!keys!in!DNS
• Example!(for!paul@nohats.ca)
shell> dig -t TYPE65280 ab16de0656382d91838914109ab89a0a4e04321550a1a20ace7a8b66._openpgpkey.nohats.ca +m
; <<>> DiG 9.9.4-P2 <<>> -t TYPE65280 ab16de0656382d91838914109ab89a0a4e04321550a1a20ace7a8b66._openpgpkey.nohats.ca +m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24851
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ab16de0656382d91838914109ab89a0a4e04321550a1a20ace7a8b66._openpgpkey.nohats.ca. IN TYPE65280
;; ANSWER SECTION:
ab16de0656382d91838914109ab89a0a4e04321550a1a20ace7a8b66._openpgpkey.nohats.ca. 2822 IN TYPE65280 # 2527 (
99010D033F7B0C3D00000107FF686BB69E18ACD31C38
0005F186CCF2BC9697CB87FDD4C5CD5DA994CB7E0958
7B57910637B89C9BC9FE697509798FA9BDFB638978F4
92F10999C3A595F6EF1BEE01BACE1C9F636D33B632D2
[...]
4356D7E7E6DF1AAF09075505380D20C3164276 )
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 11 17:22:21 CET 2014
;; MSG SIZE rcvd: 2646
OpenPGP!
Key
(Base64)
DNSSEC!
secured!
private!record!type!
for!experimental!
new!protocols
33Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
more!DANE!work
•OpenPGP!keys!in!DNS
• “milter”!plugin!for!postfix!and!sendmail:
https://github.com/letoams/openpgpkey-milter/
• “hash-slinger”!tool!to!create!and!verify!“openpgpkey”!records:
https://github.com/letoams/hash-slinger
• also!available!in!Fedora!Linux
shell> yum install hash-slinger
34Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
IPSEC!in!DNS
• opportunistic!(automatic!and!authenticated)!IPSec!VPN!tunnel!between!client!
and!server
• client!looks!up!the!server!public!key!in!DNS
shell> dig ipseckey nohats.ca +m
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31467
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;nohats.ca. IN IPSECKEY
;; ANSWER SECTION:
nohats.ca. 3591 IN IPSECKEY ( 10 0 2 .
AQPl2UGDJvDff4BiJWFZoSuYrerisFXZdD6M+QPDtpuH
i4rNmW+jqNGzF7k4orsggHyaglXSN2llTb0dTCwBamX8
[...]
dVbEHKz2sWdESIA2YNVqtPirkdYA0MeyO8SwYgMvlmg3
E8JcNBbcndEZidrlfINzFs2GmugvNHHHX6a7CPACNU0o
E2mzXeDY3FUW2F2XvERTnQPpU9zl )
;; AUTHORITY SECTION:
[....]
;; ADDITIONAL SECTION:
[....]
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 11 17:41:17 CET 2014
;; MSG SIZE rcvd: 590
35Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
IPSEC!Keys!in!DNS
•implemented!in!“libreswan”!(Linux)
https://github.com/libreswan
•IPSECKEY!record!type!is!specified!in!RFC!4025!
“A!Method!for!Storing!IPsec!Keying!Material!in!DNS”
•IPSECKEYs!for!IP-Address!initiated!connections!can!be!
stored!in!reverse!(in-addr.arpa!and!ip6.arpa)!
zones.
36Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
dbounds!BoF
•dbounds!=!Domain!Boundaries
•Browsers!and!other!software!(e.g.!DMARC)!relies!on!
knowledge!of!administrative!delegation!boundaries!in!
DNS
•the!public-suffix!list!provides!this!information
http://www.publicsuffix.org/
37Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
dbounds!BoF
• Example!from!the!public!suffix!list
*.uk
*.sch.uk
!bl.uk
!british-library.uk
!mod.uk
!national-library-scotland.uk
!nic.uk
!parliament.uk
...
• Discussion!in!the!BoF:!is!DNS!better!suited!to!hold!this!information!than!a!plain!
list?
• the!plain!list!needs!to!“guess”!administrative!boundaries,!whereas!domain!owner!can!
specify!these!boundaries!in!their!DNS!zone
• no!decisions!so!far,!discussion!will!continue!on!the!mailing-list(s)
38Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DHCP
39Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
published!new!RFCs!since!last!IETF
RFC Title Category
7031 DHCPv6 Failover Requirements Informal
7037 RADIUS Option for the DHCPv6 Relay Agent
Standards
Track
7078 Distributing Address Selection Policy Using DHCPv6
Standards
Track
7083
Modification to Default Values of SOL_MAX_RT and
INF_MAX_RT
Standards
Track
40Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Customizing!DHCP!Configuration!on!
the!Basis!of!Network!Topology
•BCP-Document!“draft-ietf-dhc-topo-conf“
•documents!how!DHCP!clients,!DHCP!relay-agents!and!
DHCP!server!interact
• DHCP!server!can!select!options!to!send!to!the!client!based!on!
the!network!location!of!the!client
• covers!both!IPv4!and!IPv6
41Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
RFC!3315bis
•the!original!DHCPv6!RFC!3315!is!now!over!10!years!
old
•more!operational!experience!exists!in!the!IETF!since!the!
time!the!RFC!was!written
•some!parts!of!the!RFC!need!clarification
•merge!in!references!and!updates!from!other!RFCs!since!
3315
42Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
dhcpv6bis
•Bug!tracker!and!mailing!list
http://wiki.tools.ietf.org/group/dhcpv6bis/
•github!repository!with!the!new!document
https://github.com/dhcwg/rfc3315bis
•if!you!have!feedback!or!questions!on!DHCPv6bis,!
please!contribute
43Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DHCPv6!failover!design
•The!DHCPv6!failover!design!document!has!been!
submitted!to!the!IESG!after!last!IETF!meeting
•came!back!and!will!now!be!split!into!two!documents
• failover!design
• failover!protocol!specification
44Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DHC!Load!Balancing!Algorithm!for!
DHCPv6
•“draft-ietf-dhc-dhcpv6-load-balancing”!describes!a!
load-balancing!algorithm!for!DHCPv6!server,!where!
the!servers!do!not!need!to!exchange!information
•!This!algorithm!is!an!extension!of!an!already!defined!and!
proven!algorithm!used!for!DHCPv4,!as!described!in!RFC!
3074.!
45Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Registering!self-generated!IPv6!
Addresses!in!DNS!using!DHCPv6
•Document!“draft-ietf-dhc-addr-registration”
•clients!that!use!self-generated!IPv6!addresses!(SLAAC,!
CGA,!privacy!addresses)!send!a!request!to!the!DHCP!
server!to!add!their!AAAA!forward!mapping!and!PTR!reverse!
mapping!into!DNS
•only!the!DHCPv6!server!require!to!have!update!
permissions!on!the!DNS!server,!not!all!clients
46Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DHCPv4!over!DHCPv6!Transport
•running!two!network!protocols!site-by-site!(IPv4!and!
IPv6)!is!expensive!(double!work)
•network!operators!try!to!remove!IPv4!as!much!as!possible!
(access!networks,!backbone!networks,!datacenter!networks)
•client!machines!often!still!require!IPv4
•draft-ietf-dhc-dhcpv4-over-dhcpv6!defines!options!so!
that!DHCPv4!requests!can!be!send!inside!DHCPv6!
messages
47Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
DHCPv4!over!DHCPv6!Transport
•Tsinghua!University!has!implemented!DHCPv4!over!
DHCPv6!on!top!of!BIND!10!1.1.0!DHCP
• https://github.com/gnocuil/DHCPv4oDHCPv6
• Site!note:!BIND!10!1.2.0!beta!1!has!been!released!last!week:!
http://ftp.isc.org/isc/bind10/1.2.0beta1/
•“Provisioning!IPv4!Configuration!Over!IPv6!Only!
Networks”!(draft-ietf-dhc-v4configuration)!discussed!the!
various!options!available!to!send!IPv4!configuration!over!
IPv6!only!networks
48Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Secure!DHCPv6!with!Public!Key
•DHCPv6!is!more!powerful!than!DHCPv4
•for!some!functions,!authentication!and!integrity!checks!are!
requested!(like!server-reconfigure!message!to!clients)
•‘draft-jiang-dhc-sedhcpv6’!specifies!an!protocol!extension!
to!secure!the!DHCPv6!communication!between!client,!
relay-agent!and!server!via!public/private!key!pairs.
•The!authority!of!the!sender!may!depend!on!either!pre-
configuration!mechanism!or!a!Public!Key!Infrastructure.
49Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
IPv6
50Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
published!new!RFCs!since!last!IETF
RFC Title Category
7045 Transmission and Processing of IPv6 Extension Headers Standards Track
7048 Neighbor Unreachability Detection Is Too Impatient Standards Track
7050 Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis Standards Track
7059 A Comparison of IPv6-over-IPv4 Tunnel Mechanisms Informational
7094 Architectural Considerations of IP Anycast Informational
7136 Significance of IPv6 Interface Identifiers Standards Track
7112 Implications of Oversized IPv6 Header Chains Standards Track
7123 Security Implications of IPv6 on IPv4 Networks Informational
51Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Stable!IPv6!Interface!Identifiers
•the!current!IPv6!standards!mandate!that!Interface-ID!of!
Statless-Address-Auto-Configuration!(SLAAC)!
addresses!are!generated!from!the!hardware-address!
(MAC-Address)!of!the!Interface
2001:db8:100:0:28c:f5ff:fe05:4235
Prefix Interface-ID
52Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Stable!IPv6!Interface!Identifiers
• the!draft!“Privacy!Considerations!for!IPv6!Address!Generation!
Mechanisms”
(draft-ietf-6man-ipv6-address-generation-privacy)!discusses!privacy!
and!security!considerations!for!several!IPv6!address!generation!
mechanisms
• correlation!of!activities!over!time
• location!tracking
• address!scanning
• device-specific!vulnerability!exploitation
53Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Stable!IPv6!Interface!Identifiers
•The!IETF!draft!“A!Method!for!Generating!Semantically!
Opaque!Interface!Identifiers!with!IPv6!Stateless!
Address!Auto-Configuration!(SLAAC)”
(draft-ietf-6man-stable-privacy-addresses)!describes!a!
way!to!generate!Interface!IDs!for!IPv6!addresses!that!
are
•unique!and!stable!for!each!network
•but!change!for!every!network!the!host!visits
54Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Why!“/64”?
• IPv6!subnets!are,!with!the!exception!of!loopback!and!point-to-point!
connections,!of!size!/64
• RFC!7136!states!that!"For!all!unicast!addresses,!except!those!that!start!with!the!
binary!value!000,!Interface!IDs!are!required!to!be!64!bits!long."
• “Analysis!of!the!64-bit!Boundary!in!IPv6!Addressing”
(draft-carpenter-6man-why64)!discusses
• why!the!“/64”!size!was!chosen
• why!network!administrators!ask!for!other!subnet!sizes!(prefixes!longer!than!/64)
• what!will!break!if!IPv6!is!configured!with!subnet!sizes!other!than!“/64”
55Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Unknown!IPv6!Extension!header
•“middle-boxes”!(Firewalls,!Intrusion!Detection!Systems,!
specialized!Router)!cannot!parse!the!Extension-Header!
chain,!as!they!cannot!“jump-over”!unknown!extensions
•this!was!on-purpose!in!the!original!IPv6!specifications,!as!
the!core!of!the!network!should!be!“dumb”,!just!forwarding!
packets,!not!inspecting!them
• however!in!reality!today,!IPv6!traffic!often!is!dropped!because!of!
middle-boxes!that!cannot!check!the!header!chain
56Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Unknown!IPv6!Extension!header
IPv6
header
next=43
(routing)
Routing
header
next=123 (??)
TCP payload
Destination
Option header
next=6 (tcp)
Unknown
header
next=60
(dest option)
unknown size
Middle-box!
cannot!find!TCP!
port!
information
57Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Unknown!IPv6!Extension!header
•the!draft!“IPv6!Universal!Extension!Header”
(draft-gont-6man-ipv6-universal-extension-header)
proposes!an!universal!extension!header!containing!just!
one!header-type-identifier!and!an!8bit!sub-type!field,!
which!allows!for!256!extension!header!sub-types
•it!proposes!to!close!the!registry!for!new!IPv6!extension!
headers
•new!header-functions!would!be!implemented!as!sub-types!of!
the!“universal-extension-header”
58Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
SLAAC!and!DHCPv6
• DHCPv6/SLAAC!Address!Configuration!Interaction!Problem!Statement!(
draft-ietf-v6ops-dhcpv6-slaac-problem)
• DHCPv6/SLAAC!Interaction!Operational!Guidance!Considerations!
(draft-liu-v6ops-dhcpv6-slaac-guidance)
• Guidance!for!DHCPv6-only!Deployment
• Guidance!for!SLAAC-only!Deployment
• Guidance!for!DHCPv6/SLAAC!Co-exist!Deployment
• DHCPv6/SLAAC!Interaction!Implementation!Guidance!(draft-liu-6man-
dhcpv6-slaac-implementation-guide)
59Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Unique!Local!Addresses!(ULA)
•“Recommendations!of!Using!Unique!Local!Addresses”
(draft-ietf-v6ops-ula-usage-recommendations)
•lists!use-cases!of!ULA!and!documents!possible!drawbacks
• use!of!ULA!in!isolated!networks
• use!of!ULA!together!with!Globally!Unique!Addresses!(GUA)
60Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Design!Choices!for!IPv6!Networks
•“draft-ietf-v6ops-design-choices”
•Mix!IPv4!and!IPv6!on!the!Same!Link?
•Links!with!Only!Link-Local!Addresses?
•Link-Local!Next-Hop!in!a!Static!Route?
•Choice!of!IGP!(OSPF!vs.!IS-IS)!
61Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Reducing!multicast!in!IPv6
•Multicast!can!be!expensive!in!terms!of!energy!consumption!
on!certain!link-layer!technologies!
(e.g.!W-LAN)
• IPv6!neighborhood!discovery!relies!heavily!on!link-local!multicast
• other!protocols!like!multicast-dns!can!create!equally!or!more!multicast!
traffic
• the!IETF!6ops!and!6man!working-groups!discuss!options!to!
replace!the!use!of!multicast!in!these!networks!with!alternatives!
(unicast)
62Monday 17 March 14
©!Men!&!Mice!!http://menandmice,com!
Q/A
?
Slides,!Links,!Recording!and!errata!will!be!posted!@
https://www.menandmice.com/resources/educational-resources/webinars/
63Monday 17 March 14

More Related Content

Similar to Report from IETF 89 in London - DNS, DHCP and IPv6

RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
Men and Mice
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
Men and Mice
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slides
Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
Men and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
Men and Mice
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit
 
Go Faster, Webmaster
Go Faster, WebmasterGo Faster, Webmaster
Go Faster, Webmaster
Mike Bailey
 
Go Faster, Webmasters
Go Faster, WebmastersGo Faster, Webmasters
Go Faster, Webmasters
Mike Bailey
 
2012 09 caas-ag_infra
2012 09 caas-ag_infra2012 09 caas-ag_infra
2012 09 caas-ag_infra
Johannes Keizer
 
Speech-Enabling Web Apps
Speech-Enabling Web AppsSpeech-Enabling Web Apps
Speech-Enabling Web Apps
Mojo Lingo
 
WebRTC Reborn - Full Stack Toronto
WebRTC Reborn -  Full Stack TorontoWebRTC Reborn -  Full Stack Toronto
WebRTC Reborn - Full Stack Toronto
Dan Jenkins
 
Open source-secret-sauce-rit-2010
Open source-secret-sauce-rit-2010Open source-secret-sauce-rit-2010
Open source-secret-sauce-rit-2010
Ted Husted
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
Men and Mice
 
Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011
Ted Husted
 
agINFRA - Elements for an Information Infrastructure in Agricultural Resear...
agINFRA -  Elements for an Information  Infrastructure in Agricultural Resear...agINFRA -  Elements for an Information  Infrastructure in Agricultural Resear...
agINFRA - Elements for an Information Infrastructure in Agricultural Resear...
AIMS (Agricultural Information Management Standards)
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMF
MapMyFitness
 
Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014
Toni de la Fuente
 
WebRTC Reborn Over The Air
WebRTC Reborn Over The AirWebRTC Reborn Over The Air
WebRTC Reborn Over The Air
Dan Jenkins
 
APIs in production - we built it, can we fix it?
APIs in production - we built it, can we fix it?APIs in production - we built it, can we fix it?
APIs in production - we built it, can we fix it?
Martin Gutenbrunner
 

Similar to Report from IETF 89 in London - DNS, DHCP and IPv6 (20)

RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slides
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
 
Go Faster, Webmaster
Go Faster, WebmasterGo Faster, Webmaster
Go Faster, Webmaster
 
Go Faster, Webmasters
Go Faster, WebmastersGo Faster, Webmasters
Go Faster, Webmasters
 
2012 09 caas-ag_infra
2012 09 caas-ag_infra2012 09 caas-ag_infra
2012 09 caas-ag_infra
 
Speech-Enabling Web Apps
Speech-Enabling Web AppsSpeech-Enabling Web Apps
Speech-Enabling Web Apps
 
WebRTC Reborn - Full Stack Toronto
WebRTC Reborn -  Full Stack TorontoWebRTC Reborn -  Full Stack Toronto
WebRTC Reborn - Full Stack Toronto
 
Open source-secret-sauce-rit-2010
Open source-secret-sauce-rit-2010Open source-secret-sauce-rit-2010
Open source-secret-sauce-rit-2010
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011
 
agINFRA - Elements for an Information Infrastructure in Agricultural Resear...
agINFRA -  Elements for an Information  Infrastructure in Agricultural Resear...agINFRA -  Elements for an Information  Infrastructure in Agricultural Resear...
agINFRA - Elements for an Information Infrastructure in Agricultural Resear...
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMF
 
Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014
 
WebRTC Reborn Over The Air
WebRTC Reborn Over The AirWebRTC Reborn Over The Air
WebRTC Reborn Over The Air
 
APIs in production - we built it, can we fix it?
APIs in production - we built it, can we fix it?APIs in production - we built it, can we fix it?
APIs in production - we built it, can we fix it?
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Men and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Men and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
Men and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
Men and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
Men and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
Men and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
Men and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
Men and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
Men and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
Men and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
Men and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
Men and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
Men and Mice
 

More from Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 

Recently uploaded

Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
KIRAN KV
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and CitiesThe Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
Arpan Buwa
 
Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
Enterprise Knowledge
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
Zilliz
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 

Recently uploaded (20)

Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and CitiesThe Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
 
Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 

Report from IETF 89 in London - DNS, DHCP and IPv6