Markdown Version | Session Recording

Session Date/Time: 16 Mar 2025 11:00

Hot RFC Lightning Talks

Summary

This session featured a series of lightning talks on various hot topics of interest to the IETF community, including DNS for identity, confidential computing, AI network security, LLM-assisted network management, source buffer management, object-based media, zero-trust network access, confidential computing limitations, diagramming RFCs, and trust contexts in attested TLS environments. The speakers presented their work, identified challenges, and sought collaboration with other experts.

Key Discussion Points

• DNS for Identity (Philip Hallam-Baker):
  • Proposed using DNS service discovery and OAuth 2 for identity management.
  • Suggested that DNS can scale for identity purposes, despite previous concerns.
  • Mentioned a draft "Helen Baker any" and a prototype website mplace2.social using this technology.
• Leaky Computing and Confidential Computing (Manu Fontaine):
  • Discussed the problem of information leakage with non-cryptographic identifiers.
  • Proposed STEM identifiers (random 256-bit identifiers/symmetric keys) for process-level information isolation.
  • Presented a side meeting on Tuesday to discuss the universal name system and Universal Certificate Authority (UCA).
• Enabling Data Security Processing for AI (Lonely):
  • Highlighted the need for data processing security in AI-driven telecom networks.
  • Introduced homomorphic encryption as a potential solution for privacy-preserving AI inference and training.
  • Announced a side meeting on Tuesday to discuss trust and privacy issues in data usage and processing for AI.
• LLM Assisted Network Management with Human Loop (Ming Zheing):
  • Presented a draft on using Large Language Models (LLMs) for network management while keeping a human operator in the loop.
  • Described a framework with components including telemetry models and large decision models, including configuration validation and access control modules.
  • Sought collaborators for developing this framework.
• Source Buffer Management (Dan):
  • Explained the problem of excessive source buffering causing latency issues.
  • Proposed a TCP "not sent low watermark" socket option to minimize excess buffering.
  • Highlighted the importance of fixing source buffer bloat to achieve low latency and responsive performance.
  • Reference to a draft and mailing list (spm@ietf.org).
• Object-Based Media (Dan):
  • Discussed moving away from linear distribution of television to object-based media.
  • Identified scaling challenges for serving object-based media to hundreds of thousands of users.
  • Exploring Computer-Aware Traffic Steering (CAPS) and application content above it, as well as video media distribution protocols such as Quick.
  • Sought collaboration with operators working on similar projects.
• Zero Trust Network Access for Network Clouds (Wadashih):
  • Presented a draft on zero-trust network access for interfaces between cloud and network in telecom clouds.
  • Proposed integrating zero-trust principles with a YANG data model.
  • Mentioned a side meeting on Wednesday morning to discuss use cases and applications.
• Confidential Computing Limitations (Osama):
  • Critiqued confidential computing, claiming attestation key exfiltration breaks the entire security model.
  • Questioned how the identity and long-term key get into the VM.
  • Sought collaborators in TLS, remote attestation, formal methods, and confidential computing.
  • Several side meetings were proposed to discuss the identified attacks and formalization of the results.
• Diagramming RFCs (name unclear):
  • Raised the issue of understanding RFCs and their impact across different layers.
  • Proposed a framework for diagramming documents to better understand their relationships to the overall infrastructure stack.
  • Sought collaborators to discuss the concept and potential solutions.
• Exploring Trust Contexts in Attested TLS Environments (Pavel Nikonorov):
  • Discussed trust models and assessment of trustworthiness in confidential workloads.
  • Proposed a trust anchor specification or a registry for audited software and configuration files.
  • Seeks collaborators that have knowledge in formal security analysis, trust models and relevant specification.

Decisions and Action Items

• Action Item: Attendees interested in specific topics (DNS for identity, confidential computing, AI network security, LLM-assisted network management, source buffer management, object-based media, zero-trust network access, diagramming RFCs, and trust contexts in attested TLS environments) should contact the speakers directly to collaborate.
• Action Item: Attendees were encouraged to review the slides available on the Datatracker.

Next Steps

• Attendees should attend the side meetings mentioned by the speakers to further discuss the topics.
• Follow-up discussions may occur on the mailing lists provided (e.g., spm@ietf.org for source buffer management).
• Independent submissions and working group adoption may be considered based on community interest.