IETF 101
Update: There's an article about it on theregister as well, click here to read more.
How it began
As we had posted it in our events section, this year, we went for the IETF 101 hackathon. As a reminder, last year, we even had The Register which wrote about our participation in the IETF 100 event to deliver TLS 1.3 implementations. We also had the IETF blog which covered that as well.
We would have loved to go on site in London to do this but logistically, it would have been difficult, and quite expensive for all our members to go there so preparation to hack from Mauritius began some weeks before the big event. It was quite a rush as we were working on several other projects at the same time. We had to find a spot to get together and to the hackathon in the first place. A note about this, if there is anyone who wishes to sponsor a place where we can hack for a weekend once a while (when and if we have a hackathon planned), please do drop us a mail using the contact page.
Setting up
After all the planning for a space to hack, preparing the funds and logistics for it all, one week before DDay, the meteo announced that there could be a potential cyclone lurking around. Hence we decided to Perform the hackathon remotely, from each other's house. For this, the challenge becomes harder, as now, we obviously had communication issues to cope for as well as how to manage everything. But eventually, we sorted it out pretty well! We had Jabber as well other tools that we are used to for managing our hackathons.
TLS Champions
Being the TLS champions for the first time, we were really worried whether we will be able to lead this hackathon properly, last year, we had others to follow and it was less stressful. But this year, it was up to us to organize our own team and project, so we had some pressure, which is probably why we spent some weeks before hand to just plan and manage.
What we worked on
planned on working on the following:
Projects |
IETF Draft || RFC |
TLS 1.3 | The Transport Layer Security (TLS) Protocol Version 1.3 |
DNS | The EDNS(0) padding option |
http 451 | An HTTP Status Code to Report Legal Obstacles |
- Since OpenSSL pre release candidates were coming out with TLS 1.3 support, we had to work towards adding support for TLS 1.3 in as much software as we could.
- Lvv was interested in DNS security, hence worked on the DNS PRIVate Exchange (DPRIVE) Working Group develops mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.
- While those who wanted to work on http 451 focused on that.
TLS 1.3
For the TLS 1.3 hackathon, we have been able to send some Pull Requests to add TLS 1.3 support to the following projects:
Project
|
Member
|
|
GNU wget, is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. | Lvv | |
nagios-plugins, check_http, tests the HTTP service on the specified host. It can test normal (http) and secure (https) servers, follow redirects, search for strings and regular expressions, check connection times, and report on certificate expiration times. | RG | |
stunnel, stunnel is an open-source multi-platform application used to provide universal TLS/SSL tunneling service. stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems, including most Unix-like operating systems | Njm | |
httpperf, is a tool for measuring web server performance. It provides a flexible facility for generating various HTTP workloads and for measuring server performance. | MA (former member) | |
git, is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
|
Lvv | |
check_ssl_cert, is a Nagios plugin to check an X.509 certificate:
|
Yasir Auleear | |
aria2c, is a lightweight multi-protocol & multi-source command-line download utility. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. aria2 can be manipulated via built-in JSON-RPC and XML-RPC interfaces. | Pirabarlen Cheenaramen | |
Eclipse paho C library, is a set of scalable open-source implementations of open and standard messaging protocols aimed at new, existing, and emerging applications for Machine-to-Machine (M2M) and Internet of Things (IoT) | Njm, Ny (former members) | |
mercurial, is a distributed revision-control tool for software developers. It is supported on Microsoft Windows and Unix-like systems, such as FreeBSD, macOS and Linux. | CV (name removed on request) | |
monit, is a utility for managing and monitoring processes, programs, files, directories and filesystems on a Unix system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. | CV (name removed on request) | |
DNS DPRIVE
Project |
Member |
|
pyDig is a program to perform DNS queries and exercise various existing and emerging features of the DNS protocol. It works mostly similar to the dig program that comes with ISC BIND. | Lvv |
http451
Project |
Member |
|
A Drupal http451 module was written. | Akil Maulloo |
What a team spirit!
It seems that I am not the only one who feels that this hackathon was really addictive. we were hooked the moment we started working out on our tasks. Furthermore, everybody was contributing to almost every aspect of each other's tasks. The team was on fire, we were working like a well oiled engine, everyone knew what they needed to do, and everyone were helping out each other. At some point we even had to to tell people to get some sleep for the next day, yes that kind of fun!
The next day, after wrapping up the maximum tasks that we could, some members gathered at the flying dodo for some food, beer (well except our members who do not consume alcohol) and to get a group picture taken. Others who couldn't make it sent a picture of themselves hacking!
Presentation
Logan did the presentation remotely. We were queued last in line, since we were remote. There was a few audio issues in the beginning, but once all that was fixed, all was good. :) Special thanks for the ietf folks for their patience with that! Here is a video of our presentation at the event. If you go from the beginning of the video, you can view all the other presentation as well, and all of them were really interesting projects.
Challenges that we had this year
While we did have some experience with draft 13 of TLS 1.3, we had quite some challenges this year. We had to keep up with the projects we were working on with and cope for new changes. As well as take into considerations the new changes related to draft 23 of TLS 1.3. Testing was much more fine grained this time, and luckily we had WireShark around to catch any handshake issues, specially with that clienthello that caused some pain! But once we got the gist, it was all good.
What's next
Well there are quite some project out there without TLS 1.3 support, and we hope to work on these during the course of the year. There are other events that are coming along as well. Keep posted on our facebook group, page and the event corner of this website!
Join us
Want to join us for our next IETF hackathon event, drop us a mail either through our contact form or directly to contact (a|t) hackers mu. It would be great if we could get more people to participate in IETF events, this is for the good of the internet and everyone else.
Want more info?
If you want more detailed information about each tasks, please check out the blog of each of our members, you can access their blogs via our member page.
Our presentation can be found here and mirrored here.
Thanks
We have a few people to thank for this event, and they are as follows:
- TLS 1.3 development team (Nick Sullivan and others)
- Charles Eckel & Barry Leiba
- Meetecho Team
- Open Source developers who took time to review and submit comments so that we can improve our patches
- CISCO for sponsoring the hackathon
- Our families, friends and community members for supporting us
- Greetings to other local user groups of the island
- Apologies if we missed anyone here, please do ping us if we missed anyone.
Support
- We go regular tech talks or invite you to do so on Saturdays at the University of Mauritius, please join our facebook group or our meetup or event page to get more information.
- If you wish to join us for some hacking, drop us a mail via the contact form!
and yes... Thank YOU for reading and showing interests!
ps. This article will be updated with more information soon. Do report us any bug in this article!