Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 16 Mar 2025 07:00

# Hackathon Results Presentations

## Summary

This session covered presentations from various hackathon projects. The projects spanned diverse areas including network management, security, DNS, routing protocols, and in-network computing. Presenters discussed their objectives, implementations, challenges, and future directions.

## Key Discussion Points

*   **CMAP & External References (Vivek):** Explored two approaches for adding external references to CMAP: (1) adding a container directly under the base model and (2) doing it externally. Also, work was started on modeling SRv6 over ISIS.
*   **BGP-LS Extensions for SRv6 SFC (Anonymous):** Implemented BGP-LS extensions for SRv6 service function chaining (SFC) using the controller. Key goals involved implementing TLVs for GoBGP and EXA-BGP, implementing Wireshark dissectors, and performing interoperability testing.
*   **Traffic Steering using BGP Flowspec with SR Policy (Anonymous):** Implemented BGP flowspec with SR policy to manage SR policies comprehensively, including SFC chains from a path computation element (PCE).
*   **Verifiable Routing Origins (VRO) (Sun Lin-Jang):** Designed a cooperative system among autonomous systems (ASes) to enhance the trustworthiness of routing, incorporating allow lists, block lists, and fusion of multi-party sources.
*   **Enhancing Interdomain Routing Security with FCBGP (Anonymous):** Focused on implementing forwarding commitment based BGP (FCBGP) with FRRouting.
*   **Post-Quantum DNSSEC Metrics with MTL Mode (Joe):**  Conducted experiments using MTL mode with DNSSEC, observing performance differences between TCP and UDP, and noting benefits of condensed signatures over UDP.
*   **Interface to In-Network Computing (I2ICA) (Yosef Ann):**  Demonstrated the feasibility of intent translation in the I2ICA framework for mobile objects, translating high-level J-C intents into YAML intents for the ICF controller.
*   **ICMP Error Message Authentication (Anonymous):** Designed and implemented a challenge-confirm mechanism to mitigate attacks leveraging ICMP error messages, using dataplane hooks.
*   **Validate Configured Subscription & Push Publisher (Anonymous):**  Focused on capabilities discovery and notification envelopes for configured subscription, including OLTs and exploring seabor encoding.
*   **Post-Quantum Crypto Open Source Implementation (Logan):** Implemented post-quantum key exchanges in open-source network analysis tools (Nmap, ZMap, Wireshark, SSH audit) and implemented ML-KEM 1024 and P384 in hybrid mode for GNU TLS.
*   **Performance of Different DNS Server Implementations (Anonymous):** Benchmarked different DNS server implementations (PowerDNS and Bind) using the IPv6 PDM protocol in India.
*   **Use of YANG Provenance (Anonymous):** Developed a reference implementation for YANG data provenance, ensuring the origin and integrity of YANG datasets, using COSE signatures.
*   **Extending Key Updates in TLS 1.3 (Anonymous):** Implemented forward secrecy for post-handshake key updates in TLS 1.3 to mitigate static key exfiltration attacks.
*   **Python Proof-of-Concept Implementation of ECDHBI-PSI (Yuchuan Wang):** Implemented a proof-of-concept private set intersection (PSI) protocol using ECDHBI, highlighting the lack of standard implementations of RFC primitives in Python.
*   **Integration of DNS over CoAP (Martin):** Integrated DNS over CoAP into Unbound and provided a distribution code for the DigDoc client.
*   **Identifier-Locator Network Protocol (ILNP) (Rod/Alistair):** Improved the deployability of the ILNP implementation in FreeBSD 14, tested basic connectivity (ping, SSH, rsync), and worked on dynamic multipath support.
*   **VCon - Conversational Data Standard (Dan Petri):** Addressed upward compatibility issues and ambiguities in the VCon draft, focusing on appended data and multiple recordings in conferences.
*   **Ultra Low Latency Cryptography (Arayan) (Yumi Sakami):** Applied the Arayan secure and low-latency cryptographic permutation to IPsec using DPDK Crypt Library.
*   **Lake Project (Giovanni Fideschewski):** Integrated Lakers (Rust implementation of LAKE) into Blink (custom link layer protocol) for robot authentication. Discussions on remote attestation with ad-hoc networks and cryptographic abstraction layer.
*   **RPP Revision to (Anonymous):** Developed a restful provision protocol (RPP) as an alternative to EPP, validating functional parity with EPP by putting RPP in front of EPP.
*   **Secure Hybrid Network (Yiddark):** Developing a technology to monitor characteristics of communication paths resulting from routing in hybrid cloud environments.
*   **Post-Quantum X.509 Certificate (John):** Conducted interoperability testing of post-quantum algorithms in X.509 certificates, focusing on private key formats.
*   **SKIT (Anonymous):** Simplified the SKIT model, reduced complexity in the backend, and developed a Python SDK for interacting with the protocol. Identified issues and triggered them, organizing the key point for saving them. The group is also working on Young modeling for sketch.
*   **Post Quantum Cryptography for DNSSEC (Henri):** Implemented new post-quantum cryptography algorithms for DNSSEC.
*   **Transforming Network Data to RDF (Remote Presenter):** Mapped YANG configuration data to RDF using RML, queried using SPARQL. The approach may be redesigned for in-memory stream-based usage.
*   **Identity Crisis for Attested TLS (Sama):** Discussed the problem of redirection attacks in confidential computing, where a compromised CSP redirects connections to a malicious machine.  No solution found to the tech.
*   **Testing Congestion Control and Q Management (Mahati):** Tested congestion control and queue management mechanisms using ns3 and CCPIRF, focusing on FQ Codel and FQ Pi.
*   **HTTP-based Transport for YANG Notifications (HPS Notify Draft) (Anonymous):** Added seabor support to the HPS Notify draft, performing bandwidth analysis for different encodings, and integrated Kafka for relaying notifications.

## Decisions and Action Items

*   **SKIT:** The group decided to address the identified issues at the Madrid Hackathon.
*   **ILNP:** Will continue to refine the freeBSD implementation and look at deployability improvements.

## Next Steps

*   **CMAP:** Continue exploring external reference approaches and modeling SRv6.
*   **PQDNSSEC:** Further investigations of MTL and LDN. Join the PQDNSSEC meeting on Tuesday.
*   **I2ICA:** Develop an advanced intent calculator using AI on Kubernetes and design a YANG data model for the I2ICA interface.
*   **Extended Key Update:** Work on the PQC part of the implementation.
*   **DNS over CoAP:** Martin will attempt to open a PR at the end of the week with the improvements.
*   **Arayan:** Verification of Alleyon operation by performance testing of implemented DPDK.
*   **SKIT:** The remaining issues will be addressed in the Madrid Hexon.
*   **Transforming Network Data to RDF:** Redesign the approach for in-memory, stream-based usage.
*   **Testing Congestion Control and Q Management:** Testing the growth of of construction window with and without rate limited increase, this is yet to be done.
*   **HPS Notify Draft:** Debug C-BAR implementation to improve throughput.