We kicked off the week with our largest IETF Hackathon yet: 370 on-site participants collaborated on 44 projects over the course of two days. It was especially nice to see attendees from the co-located Netdev conference join for the weekend of collaborative coding. With the possibility of increased participation to continue, we’ll do our best to have coffee more available the next time around!
The working group meetings, Birds of a Feather sessions (BOFs), and side meetings made substantial progress on a number of new topic areas. Further discussions based on the new, shared understandings are expected in the coming months. Among the key exchanges were:
The Collaborative Automated Course of Action Operations for Cyber Security (CACAO) BOF explored the concept of exchanging standardized, machine-readable “playbooks” used by security and network operations centers to respond to attacks. The BOF discussion helped to narrow the problem space and elucidate how the work might be phased if it proceeds in the IETF. Discussion about next steps and a potential second BOF will continue on the mailing list.
Work on JSON canonicalization, aiming to make data exchanged in the JSON format more usable for secure cryptographic operations, was discussed in Security Dispatch (Security Dispatch) and Dispatch working groups, and a side meeting. The discussions piqued the interest of those who previously worked on the JOSE standards, and future collaboration seems possible. Further discussion and preparation of a BOF proposal will continue on the mailing list.
Similarly, after a productive side meeting and conversation in DISPATCH, work on Web Packaging—which would provide the ability for signed bundles of information to be served by web servers other than the origin that owns them—is likely to be proposed for a BOF at IETF 105. Follow the mailing list for updates.
As the march towards completing the first version of the QUIC protocol chugs along, the Transport Area Open Meeting (TSVAREA) session hosted several talks about QUIC logging for debugging and troubleshooting. More implementation experience is required to determine if standardization is needed here, but expect to see this discussion continue over the next several meeting cycles.