Connection 2018 - Speaker Series: Michael Richardson
It's quite a news now that IIESOC is hosting "Connections 2018" - a Pre-IETF 103 forum in bangalore on October 31st - Novemeber 1st 2018, in order to bring together protocol developers, academicians and network operators on a common platform and share the hurdles in the way to free and open Internet by mutual collaboration. This event is primarily focused on India and Indian contributions to the Internet.
Bio:Michael Richardson is an open source and open standards consultant. An autodidact, he wrote mail transfer agents as a teenager, and in the 1990s, found his calling designing and building embedded networking products, in the security sector. Michael has built multiple IPsec systems, joining the FreeS/WAN team in 2001, and founding Xelerance in 2003. Since 2008 Michael has worked in and chaired the IETF ROLL working group, doing routing protocols for IoT mesh systems. Michael has authored a number of IoT related RFCs including RFC8366 and RFC7416. Michael currently works on IoT security systems in the 6tisch, ANIMA and ACE WG, specializing in the problem of initial bootstrap trust.
Talk in IoT Track: Designing IoT system to be secure from day one
Building secure systems is difficult. Additional restrictions of battery power, slow networks and very short time-to-market make it even more difficult. A decade after the “IoT” revolution has started there are very few real IoT deployments, and the Things that out there have a deserved reputation as being poorly secured and potentially a scourge to society. This talk is a technical talk about the state of “IoT” today, and how that is going to change when the Internet part of the IoT revolution comes to bear. This talk is about how to code to today’s demands while preparing your products and systems for tomorrow’s revolution. The talk is about turning security issues from a burden to an opportunity.
Checkout other talks at - https://www.connections.iiesoc.in/abstract
We also asked Michael a few questions regarding his IETF contributions and involvement.
1. How did you get involved in the IETF? Was there a particular issue that led to your involvement? I knew of the IETF from very early in my career. As a student I implemented RFC822 mail system for the Amiga, gatewaying to/from Fidonet. I did some very early web stuff for a biologist who was creating an open access journal.
In 1994, I joined a company building firewalls, and my first task was to create a VPN in less than a week. It was a total hack, but it let us put a checkmark on the RFP. I knew we needed to do better, and I got involved in the beginnings of the IPsec WG. I did this on my own initiative (during company time), and informed my boss of meetings at RSA Data Systems relating to VPNs, and he realized how important this was, and sent me to the meeting. Customer obligations kept me from attending the fall IETF meeting in 1995, but I attended my first meeting in March 1996.
I met many people, and continued to work on IPsec for over a decade for a variety of different companies. Often, when I joined the company, I would let them know that I would be going to IETF (on my own dime, as I had drafts that needed discussion), and that I was not asking for support, just time off. Usually the company clued in and fully supported me after the first trip. (If the company didn't pay, then don't put their name on your badge) 2. What is your opinion on the importance of the IETF in the Internet eco-system?
If the Internet eco-system was a carbon atom, with the various organizations connected to it electrons in orbit, then the IETF would always occupy the 1s orbitals. The 5-regional RIRs occupying the other 1s orbital, and the nucleaus (the protons and neutrons) made up of the various core ISPs, and now perhaps one might include google, facebook and amazon in that nucleus. Outer orbitals (2p, 3d, etc.) would include OASIS, W3C, etc. 3. What technical changes do you see coming in the next few years?
People keep saying "SDN". I'm not convinced it's important in of itself. In the 1990s, they said, "ATM", and in the 2000s it was MPLS. To the extent that SDN is just a way to orchestrate MPLS, ATM, and 802.1q layer-2s, it's just a new way of doing old things. SDN is really about de-verticalizing the lock that switch fabric hardware companies have had on control plane systems. SDN democratizes access to high-end switch fabric such that even the smallest organizations can (if they have the expertise) do what facebook and google already do in their data centers. I'm not convinced very many entities need to do this. Applied to L3 routing, SDN eliminates the need for much IGP routing protocols, centralizing all control. This model fits the political structure of many countries, and thus L3-SDN will be popular there, and the catastrophic failures for it will also occur there.
The biggest change we have seen in the past decade has been the move From PC(Windows) focus to smartphone focus. From one-page web sites "Best viewed in IE" (and screw everyone else), to APIs accessed by a variety of apps from a variety of authors. It is not possible to understate the importance of this change. This change will continue and more and more APIs will stabilize, be standardized, and become essentially unchangeable as the number of third party apps continues to grow. The recent Open Banking API in the UK is an example of this trend. Signed objects created by APIs are cacheable by third parties, so large ecosystems of open data with open APIs will continue to evolve. Bitcon will decline, to be replaced by something else, but online micro-transactions will continue to be a difficulty for some years to come. 4. What are some of the most interesting changes you have seen at the IETF? A willingness by the IETF to change, to evolve. To embrace github, to return to running code as the focus rather than powerpoint presentations. 5. What would be your advice for a new commer from the sub-continent, on how to get involved?
just do it.
you can't just post a draft and expect it to be read. You have to be answering a need. To get your draft read, you need to read other drafts and comment on them.
9 times out of 10, email@example.com is someone who works at a Cisco,etc. outsourced company asking for help implementing a specification. Don't me that person. If you work for XYZ company, then say so.
Consider your own domain if for some reason your company doesn't want you asking questions.
Turn off HTML in your outgoing emails, don't use Outlook (it can't quote properly anymore), and read http://www.catb.org/esr/faqs/smart-questions.html
computers (even having many of them) are cheap. Virtual machines are free. Web sites and email addresses are cheap. Avoid excuses like, "my employer only lets me use Windows blah-blah-blah. You can't expect to learn IPv6 or IPsec or SDN from a book, you have actually hook up the wires and experiment. Probably on your own time, because this is your career, not just a job.
Dont miss this oppurtunity to join us for the event. The tickets for the event are availaible at - https://www.connections.iiesoc.in/tickets