The Internet Engineering Task Force (IETF) is holding a hackathon to encourage developers and subject matter experts to discuss, collaborate, and develop utilities, ideas, sample code, and solutions that show practical implementations of IETF standards.
When: 14 - 15 March 2026 (Saturday - Sunday)
Where: Futian Shangri-La
Room: Shangri-la Ballroom 1/2
Sign up for the Hackathon
View the list of registered:
Keep up to date by subscribing to the IETF Hackathon email list.
The IETF Hackathon is free to attend and is open to everyone. It is a collaborative event, not a competition. Any competition is friendly and in the spirit of advancing the pace and relevance of new and evolving internet standards.
¶ Agenda
Subject to Change
Hackathon (all times are UTC+8)
¶ Saturday, 14 March
- 09:30 : Room open for setup by project champions
- 10:00 : Room open for all - pastries and coffee provided
- 10:30 : Hackathon kickoff
- 10:45 : Form teams, see Team Schedule
- 12:30 : Lunch provided
- 15:30 : Afternoon break - snacks provided
- 18:30 : Dinner provided
- 20:30 : Room closes
¶ Sunday, 15 March
- 09:30 : Room opens - pastries and coffee provided
- 12:30 : Lunch provided
- 13:30 : Hacking stops, prepare brief presentation of project
- 14:00 : Project results presentations
- 16:00 : Hackathon ends
- 17:00 : Tear down complete
Related activities before and after the Hackathon weekend
¶ Hackdemo Happy Hour
- Share your Hackathon project with the IETF community
- Monday, 16 March, Time: 18:00 - 19:00, Room: Level 2 Foyer
- View the schedule or reserve space for your team/project
- Reservations for space must be made by 13:00, Monday 16 March
¶ Shared Workspace
- Space for groups to gather and collaborate on running code
- Monday - Friday, 16 - 20 March, Room: Chairman
¶ Meetecho
NOTE: You will need an IETF Datatracker account to login to the Hackathon Meetecho sessions.
When you register for the IETF Hackathon, you are sent a separate email to create an IETF Datatracker account if you don't already have one.
If you already have an IETF Datatracker account, please ensure that the email address with which you registered is associated with your Datatracker account.
If you received the email but the link to create an account has expired, please see the instructions below:
- Go to https://datatracker.ietf.org/accounts/create/
- Select "New Account" from the User menu at the top
- Enter the email address that you registered with for the Hackathon
- Follow the instructions in the email you receive
¶ Presentation and Meeting Materials
- You can share the code you're working on through the IETF Hackathon GitHub, or via the links provided in the project descriptions below.
- Request to be added to IETF GitHub organization by sending your GitHub ID to (hackathon-chairs@ietf.org).
- Hackathon project result presentations should be uploaded to Datatracker under the specific session Hackathon Results Presentations at 14:00-16:00.
- To upload your presentation, you must have a Datatracker account and be logged in.
- The Hackathon Results presentations from Sunday, 14:00-16:00, are available on Datatracker:
¶ Participant Preparation and Prerequisites
¶ Project Teams and Champions
- Champions are the leads for individual projects in the Hackathon
- Champions are individuals familiar with a given technology who volunteer to help get others get up and running with that technology
- Before the Hackathon, champions should:
- Add information about your project to the list of Projects included in Hackathon
- Recruit participants from associated working groups, open source projects, etc. Announcing your projects via an email to (hackathon@ietf.org) can be helpful as well.
- Specify when and how the project team will meet on the Team Schedule
- At the Hackathon, champions should:
- Make themselves available to answer questions and help others
- Hack on things themselves in their copious free time
- Additional projects are welcome at any time. For any questions, contact the chairs at (hackathon-chairs@ietf.org)
¶ Choosing a Project
- Champions post and lead projects
- Details on each project and links to additional information for each project are in the list of Projects included in Hackathon
- How and when teams meet during the week is up to them and can be found in the Team Schedule.
- Familiarity with technology area(s) in which you plan to participate will certainly help
- It is perfectly fine, even encouraged, to work on multiple projects
¶ Lost & Found
- Participants looking for a team and champions wanting help on their projects are encouraged to visit the Lost & Found.
¶ Development Environment
- Bring a laptop on which you are comfortable developing software
- Some projects may require installing additional software or make use of VMs or containers
- Installing and becoming familiar with !VirtualBox, Vagrant, Docker or something similar may be helpful
- Specific coding languages are called out by some projects (e.g. Python, Go, Java, C++), but this is heavily dependent on the project(s) you choose
¶ Sharing Code
- Git/GitHub is commonly used for open source projects. Familiarizing yourself with it is recommended.
- An online tutorial is available here: Git Tutorial
- The IETF Hackathon GitHub organisation is used by some of the Hackathon projects to host their repositories.
- If you would like to have your project/code hosted here, send your GitHub ID and the name of your project via email to (hackathon-chairs@ietf.org)
¶ Project Presentations
- All teams have the opportunity to present what they did at the end of the Hackathon.
- Hackathon project result presentations should be uploaded to Datatracker under the specific session Hackathon Results Presentations at 14:00-16:00.
- To upload your presentation, you must have a Datatracker account and be logged in.
- DO NOT WAIT until just before the start of the Hackathon project presentations to upload your presentation, as it may be lost in the chaos.
¶ Network
Access to the IETF network
Requests for networking capabilities beyond wireless access to the IETF network (e.g., wired ports, L2 access, prefix delegation) can be sent to support@ietf.org.
All requests are addressed on a best effort basis. Advance notice is appreciated and improves the odds of your request being fulfilled.
¶ Webex sessions for teams
Champions can request a Webex account they can use to schedule meetings for their team. These are similar to the Webex accounts allocated to working group chairs to be used for virtual interim meetings. An account can be requested by a team champion at any time. Accounts will remain active and available for the duration of the IETF meeting. Request your account HERE. In the request form, you can use your project name where it asks for "Working Group Name" ("Hackathon Project Name").
¶ Ongoing Communication
In addition to registering for the Hackathon and subscribing to the Hackathon list. It is recommended to monitor both the Hackathon wiki and the list as the Hackathon approaches, determine which project(s) are of interest to you, and reach out to the champions of those projects to determine how best to be involved and coordinate with the rest of the team working on each project.
Champions are welcome and encouraged to list times and mechanisms for collaborating with their team in the Team Schedule. Participants can use this page to determine how and when to reach other team members.
The Hackathon kickoff and the project results presentations can be joined via Meetecho. The Hackathon Zulip stream may be used for general and project specific communication.
¶ IPR and Code Contribution Guideline
All Hackathon participants are free to work on any code. The rules regarding that code are what each open source project and each participant's organization says they are. The code itself is not an IETF Contribution. However, discussions, presentations, demos, etc., during the Hackathon are IETF Contributions (similar to Contributions made in working group meetings). Thus, the usual IETF policies apply to these Contributions, including copyright, license, and IPR disclosure rules.
¶ Projects Included in Hackathon
Note, all projects are open to everyone. However, some champions have identified their projects as being particularly good for those who are new to the IETF or new to the Hackathon. These projects are marked with a star, i.e. *. If you are championing a project that is great for newcomers, please add a * at the end of your project name.
For inspiration and examples of previous Hackathon projects see the previous Hackathon page.
¶ Multi-Path Traffic Engineering
-
Champions
Vishnu Pavan Beeram vishnu-pavan-kumar.beeram@hpe.com
Jeffrey Zhang zhaohui.zhang@hpe.com -
Participants
Aaron Zhang (remote) aaronzhang194@gmail.com -
Project Info
Multi-Path Traffic Engineering [https://datatracker.ietf.org/doc/draft-kompella-teas-mpte/] combines the best of multi-path (ECMP or Non-equal MP) and TE. The multipathing proposed here need not be strictly equal-cost, nor the load balancing equally weighted to each next hop. Moreover, the desired destination may be reachable via multiple egresses from multiple ingresses. Different protocols can be used to signal MPTE paths, including RSVP/BGP extensions [https://datatracker.ietf.org/doc/draft-kbr-teas-mptersvp/] [https://datatracker.ietf.org/doc/draft-zzhang-idr-mpte-signaling/]. -
In this project, we will do the following:
- Discuss with anyone interested in this technology
- Hack some POC code for the BGP signaling of MPTE in JUNOS and FRR and see what we can achieve in interop between the two POC implementations
¶ Task Discovery in AI Network
-
Champions
Hesham Moussa hesham.moussa@huawei.com
Arashmid Akhavain arashmid.akhavain@huawei.com -
Project Info
Agents take a more active role in matching themselves to tasks in this alternative yet complementary approach. Instead of focusing on discovering agents, the framework shifts the discovery process toward the tasks themselves—a shift in granularity that we refer to as task discovery. By doing so, it avoids the scalability challenges that arise when the number of agents continually grows. Tasks, unlike agents, are completed and exit the system, making this task‑centric discovery process inherently more manageable. Here is a quick overview of the approach:-
Consider a system in which task owners can post their tasks on some type of a platform (e.g., social media, internet, websites, ebillboards…etc).
-
Also consider that agents are equipped with means and intelligence that enable them to access this platform.
-
Agents can then discover tasks posted to this platform.
-
Agents can select the tasks that suit their skillset and capabilities.
-
Agents can then send necessary information (e.g. agent card, history, make, model, ratings...etc) to task owners and present themselves as potential candidates capable of fulfilling the posted task.
-
¶ High Performance Wide Area Networks (HP-WAN)
-
Champions
Quan Xiong (xiong.quan@zte.com.cn)
Daniel King (d.king@lancaster.ac.uk)
Kehan Yao (yaokehan@chinamobile.com)
Junfeng Zhao (zhaojunfeng@caict.ac.cn) -
Project Info
High-performance WAN (HP-WAN) is designed specifically to meet the high-speed, low-latency, and high-capacity needs of data-intensive applications and enable the host-and-network collaboration for the high-speed and high-throughput data transmission, coupled with fast completion time.
Thanks to Tim Chown for Hackathon input.
-
Hackathon Plan
- Discuss HPWAN deployment on topologies for public networks and service scenarios based on the HP-WAN framework
- Agree common HPWAN service model parameters for scheduled services
- Integration and simulation of the HP-WAN functions, such as the rate negotiation, admission control, traffic scheduling, and resource reservations with distributed signalling (IETF RSVP-TE)
- Perform the CC algorithms optimizations (e.g. DCQCN algorithm) to simulate the traffic transmission with negotiated rates and compare with the HPWAN approach
- Work on HPWAN monitoring requirements and identify which IETF protocols and models could be used for cooperation between HPWAN domains.
-
Related documents
Framework for High Performance Wide Area Network (HP-WAN)
https://datatracker.ietf.org/doc/draft-xhy-hpwan-framework/
Current State of the Art for High Performance Wide Area Networks
https://datatracker.ietf.org/doc/draft-kcrh-hpwan-state-of-art/
¶ Post-Quantum Cryptography (PQC) in X.509, Signatures, KEMs, CMS and protocols
-
Champion(s)
John Gray (john.gray@entrust.com)
Daniel Van Geest (Daniel.vangeest@cryptonext-security.com)
Mike Ounsworth (mike.ounsworth@crypticforest.ca)
Jean-Pierre Fiset (jp@crypto4a.com)
Massimiliano Pala (massimiliano.pala@wellsfargo.com) -
Draft Specifications
https://datatracker.ietf.org/doc/html/rfc9881
https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/11/
https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/
https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem/
https://datatracker.ietf.org/doc/rfc9629/
https://datatracker.ietf.org/doc/rfc9810/
https://www.ietf.org/id/draft-ietf-lamps-certdiscovery/
https://datatracker.ietf.org/doc/rfc9909/
https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-composite-sigs/ -
Project Info
Test interoperability of Post Quantum algorithms in x.509 structures (Certificates, keys, CMS and other drafts). This project started in November 2022 and continues to evolve. We currently have github automated tooling that automatically tests submitted artifacts allowing implementations to get immediate feedback on their compatibility. This allows us to test interoperability between different algorithm implementations, gain experience using these new algorithms, and provide feedback to the standards groups about practical usage.
A good starting place is our Github repository: https://github.com/IETF-Hackathon/pqc-certificates
For information on OIDs used to create interoperable structures, consult: https://github.com/IETF-Hackathon/pqc-certificates/blob/master/docs/oid_mapping.md
At IETF 125, we plan to add more automation and others are invited to test interoperability. Also, the composite signatures recently had IANA OIDs assigned, so a number of people are interested in testing composite signatures interoperability.
¶ Relay Attacks in Intra-handshake Attestation for Confidential Agentic AI Systems
-
Champions
- Muhammad Usama Sardar (muhammad_usama.sardar at tu-dresden.de)
-
Project Info
- 3 main ways to combine attestation in TLS:
- Pre-handshake attestation (Paper)
- Intra-handshake attestation
- Post-handshake attestation (Internet draft and Sec. 4 in this paper)
- Hackathon plan
- Discuss the nits of relay attacks
- Discuss possible solutions
- Discuss open issues
- What is the "long-term identity" of the CC workload? How is "long-term identity" assigned to the CC workload? Which entity supplies this "long-term identity"? How is that Identity Supplier trusted?
- How is CA-certified Long-Term Key (LTK) injected in the Confidential Computing workload in the first place?
- Formal evaluation of new proposals in SEAT
- We aim to seek collaborators (knowledgeable about at least one of the following: TLS, remote attestation, formal methods or confidential computing) who will join us in this project. We also welcome reviewers who can give us feedback on the draft. If you are interested, please contact by email.
- Tool for formal analysis: We currently use ProVerif but other tools are very welcome.
- 3 main ways to combine attestation in TLS:
-
Proposed Readings
Technical Concepts: https://www.researchgate.net/publication/396199290_Perspicuity_of_Attestation_Mechanisms_in_Confidential_Computing_Technical_Concepts
General Approach: https://www.researchgate.net/publication/396593308_Perspicuity_of_Attestation_Mechanisms_in_Confidential_Computing_General_Approach
Validation of TLS 1.3 Key Schedule: https://www.researchgate.net/publication/396245726_Perspicuity_of_Attestation_Mechanisms_in_Confidential_Computing_Validation_of_TLS_13_Key_Schedule
Relay attacks https://mailarchive.ietf.org/arch/msg/seat/8tzc62Xe7sKnyInFHkMAx6z6QjU/ -
Background on Attestation
-
Background on Attested TLS
¶ YANG2API
-
Champions
Chongfeng Xie (xiechf@chinatelecom.cn)
Sicong Ma (masc@chinatelecom.cn)
Wenbin Yu (yuwb6@chinatelecom.cn)
Jibin Sun (sunjb@chinatelecom.cn)
Guozhen Dong (donggz@chinatelecom.cn)
Linda Dunbar (linda.dunbar@futurewei.com)
Bo Wu (lana.wubo@huawei.com) -
Project Info
YANG2API refers to a mechanism that converts YANG data models into APIs. It enables operators to expose YANG-based network and service abstractions to external systems, thereby better supporting dynamic, short-lived operational needs or heterogeneous environments. To improve consistency and reduce integration friction, it is important to explore how to efficiently integrate IETF YANG data models with externally developed frameworks via YANG2API, such as TMF640. Based on the YANG2API tool jointly developed, this project will investigate the effectiveness of transforming existing mainstream network and service abstractions into APIs, discuss and evaluate identified issues in the process with partners. The purpose of this project is to explore mature patterns for exposing YANG-based abstractions to external applications. -
Hackathon Plan
1.Design and implement a lightweight YANG2API environment engine that automatically generates directly callable upper-layer APIs by parsing YANG models defined in IETF standards.
2.Develop a demonstration program to showcase the automated conversion and provisioning of L3VPN and other models, verify the generated APIs by invoking them in Swagger UI, and observe the real-time generation of Netconf messages in the backend. -
Related documents
Onions Problem Statement
https://datatracker.ietf.org/doc/draft-xie-onions-problem-statement/
RFC8299 - YANG Data Model for L3VPN Service Delivery
https://datatracker.ietf.org/doc/rfc8299/
RFC8466 - A YANG Data Model for Layer 2 Virtual Private Network (L2VPN) Service Delivery
https://datatracker.ietf.org/doc/rfc8466/
RFC 9182 - A YANG Network Data Model for Layer 3 VPNs
https://datatracker.ietf.org/doc/rfc9182/
RFC9291 - A YANG Network Data Model for Layer 2 VPNs
https://datatracker.ietf.org/doc/rfc9291/
RFC 9833 - A Common YANG Data Model for Attachment Circuits
https://datatracker.ietf.org/doc/rfc9833/
RFC 9834 - YANG Data Models for Bearers and Attachment Circuits as a Service (ACaaS)
https://datatracker.ietf.org/doc/rfc9834/
RFC 9835 - A Network YANG Data Model for Attachment Circuits
https://datatracker.ietf.org/doc/rfc9835/
¶ YANG Data Model for Network Inventory (IVY)
-
Champions
Yanxia Tan (tanyx11@chinaunicom.cn)
Haomian Zheng (zhenghaomian@huawei.com) -
Project Info
Network inventory management is a fundamental functional block in the overall network management. It is a critical part for ensuring that the network remains healthy, well planned, and maintained appropriately to meet the operational objectives. Also, it allows operators to keep track of all the components deployed in their networks, including relevant embedded software and hardware. The scope of this project is to evaluate the implementation of ivy WG data models. The base model is assumed to be technology-agnostic, and could be augmented with application- and technology-specific details. -
Hackathon Plan
1.Inventory model verification, verifying the usability and interoperability of the model specified in the draft.
2.Learn and discuss other ivy draft and data models related to network inventory management. -
Related documents
A Base YANG Data Model for Network Inventory
https://datatracker.ietf.org/doc/draft-ietf-ivy-network-inventory-yang/
A YANG Data Model for Network Hardware Inventory
https://datatracker.ietf.org/doc/draft-ietf-ccamp-network-inventory-yang/
¶ SRv6 for Inter-Layer Network Programming
-
Champions
Minxue Wang (wangminxue@chinamobile.com )
Junfeng Zhao (zhaojunfeng@caict.ac.cn )
Jie Dong (jie.dong@huawei.com )
Ran Chen (chen.ran@zte.com.cn )
Junfang Wang (wjf@fiberhome.com ) -
Project Info
SRv6 END.IL is a variant of the SRv6 End behavior, an SRv6 END.IL SID steers packets to a remote network node via an underlay network connection. SRv6 END.IL behavior can be used for SRv6 based inter-layer path programming and traffic engineering, so as to provide differentiated and guaranteed performance for different services. -
Hackathon Plan
1.Learn about the background and key protocol mechanism of SRv6 END.IL;
2.Demonstrate multi-vendor interworking networking and perform testing for SRv6 END.IL;
3.Validate service connectivity and performance guarantee in SRv6 END.IL interworking scenarios;
4.Review the current SRv6 END.IL draft, propose necessary updates and future related work in IETF. -
Related documents
SRv6 for Inter-Layer Network Programming
https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-inter-layer-programming/
¶ Validate YANG-Push to Message Broker End-To-End Data Processing Chain
-
Champion(s)
Thomas Graf (thomas.graf @ swisscom.com)
Wanting Du (wanting.du @ swisscom.com)
Ahmed Elhassany (ahmed.elhassany @ swisscom.com)
Leonardo Rodoni (leonardo.rodoni @ swisscom.com)
Rafael Julio (rafael.julio @ swisscom.com)
Benoit Claise (benoit @ everything-ops.net)
Paolo Lucente (paolo @ pmacct.net)
Rob Wilton (rwilton @ cisco.com)
Scott Huang (scohuang @ cisco.com)
Daniel Voyer (davoyer @ cisco.com)
Sivakumar Sundaravadivel (sivakuma @ ciena.com)
Irfan Mohammad (irfan @ arrcus.com) -
Draft Specifications Message Broker
https://datatracker.ietf.org/doc/html/draft-ietf-nmop-yang-message-broker-integration
https://datatracker.ietf.org/doc/html/draft-ietf-nmop-message-broker-telemetry-message
https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-anydata-validation -
Draft Specifications YANG-Push
https://datatracker.ietf.org/doc/html/rfc8639
https://datatracker.ietf.org/doc/html/rfc8641
https://datatracker.ietf.org/doc/html/rfc9196
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-notif-envelope
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-yang-notifications-versioning
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-distributed-notif
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-yp-transport-capabilities -
Project Info
https://www.network-analytics.org/yp/, validate and verify -
5 YANG-Push Publishers
-
2 YANG-Push Receivers
-
2 YANG-Push Network Telemetry Message
-
1 YANG Message Broker Producer and Schema Registry
-
3 YANG Message Broker Consumers
implementation in the area of YANG data integration automation. Subscribe to YANG data on YANG-Publisher, obtain and register all YANG modules necessary to build YANG schema tree, register YANG schemas to Schema Registry and verify YANG notifications against scheme trees and produce and consume from Message Broker.
- Repository
https://github.com/network-analytics/ietf-network-analytics-document-status/tree/main/125/Hackathon
https://github.com/NetGauze/NetGauze/releases/tag/v0.9.1
https://github.com/pmacct/pmacct
https://github.com/CESNET/libyang/releases/tag/v4.2.2
https://github.com/CESNET/libyang/compare/master...devel
¶ YANG Message Keys and YANG-Push Message Broker Topic Naming PoC
-
Champion(s)
Thomas Graf (thomas.graf @ swisscom.com)
Wanting Du (wanting.du @ swisscom.com)
Maxence Younsi (maxence.younsi @ insa-lyon.fr)
Pierre Francois (pierre.francois @ insa-lyon.fr) -
Draft Specifications Message Broker
https://datatracker.ietf.org/doc/html/draft-netana-nmop-yang-message-broker-message-key
https://datatracker.ietf.org/doc/html/draft-netana-nmop-message-broker-bmp-telemetry-msg
https://datatracker.ietf.org/doc/html/draft-ietf-nmop-message-broker-telemetry-message
https://datatracker.ietf.org/doc/html/draft-ietf-nmop-yang-message-broker-integration -
Project Info
https://www.network-analytics.org/yp/, proof of concept code on generating -
YANG Message Keys
-
YANG-Push Message Broker Topic Naming
from YANG-Push example subscriptions. Document what works and what won't and how it could be addressed.
- Repository
https://github.com/network-analytics/ietf-network-analytics-document-status/tree/main/125/Hackathon
¶ DKIM2
- Champions
Bron Gondwana brong@fastmailteam.com - Project Info
Continuing DKIM2 work, following on from the last hackathon. - Repository -
https://github.com/dkim2wg/interop
¶ Agent Communication Framework for Network AIOps
-
Champions
Qiong Sun (sunqiong@chinatelecom.cn)
Xin Song (songx18@chinatelecom.cn)
Yu Fu (fuy44@chinatelecom.cn)
Jiajun Li (lijj124@chinatelecom.cn) -
Project Info
As the development of large model and agent technology, it is a trend for multi-agent collaboration to solve complex problems. This project proposes a multi-agent communication and collaboration framework that facilitates the coordination of heterogeneous multi-agents and supports intelligent automatic network operations and maintenance (AIOps). Its architecture includes an AI gateway and an Agent Name Service, along with capabilities such as monitoring and tracking, as well as security protection. This Agent Communication Framework provides a comprehensive solution for multi-agent communication and collaboration, laying the foundation for future interactive, scalable, secure, and controllable multi-agent network intelligent operations and maintenance. -
Hackathon Plan
1.A multi-agent communication and collaboration framework includes an AI gateway and an Agent Name Service specified in the draft.
2.Use cases for multi-agent communication and collaboration to support intelligent automatic network operation and maintenance. -
Related documents
Agent Communication Framework for Network AIOps
https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/
¶ Agent Gateway for Dynamic Multi-agent Secured Collaboration
-
Champions
Sicong Ma (masc@chinatelecom.cn)
Jibin Sun (sunjb@chinatelecom.cn)
Xing Zhang (hszhang@bupt.edu.cn)
Zhuoran Li (lizr9@chinatelecom.cn)
Wei Wang (wangw36@chinatelecom.cn) -
Project Info
With the rapid development of agent-related technologies, agent communication is evolving toward heterogeneity and multi-agent collaboration, giving rise to requirements such as on-demand access, dynamic networking and elastic collaboration for agents. To meet the requirements, this project proposes an agent gateway based on the dynamic multi-agent secured collaboration framework, which supports capabilities including automatic discovery, registration, capability synchronization, secure communication, and flexible scalability for agents. The core objective of this project is to explore a feasible solution for inter-agent communication, laying a foundation for the advancement of agent communication technologies. -
Hackathon Plan
1.A Dynamic Multi-agent Secured Collaboration Infrastructure Architecture from an infrastructure perspective. For detailed descriptions, please see the draft in related documents.
2.A demo for dynamic multi-agent secured collaboration gateway. -
Related documents
Dynamic Multi-agent Secured Collaboration Infrastructure Architecture
https://datatracker.ietf.org/doc/html/draft-li-dmsc-inf-architecture-03
¶ Optimizing Agent Context Interaction
-
Champions
Zeze Chang (changzeze@huawei.com)
Shuping Peng (pengshuping@huawei.com) -
Project Info
Multi-agent collaboration has been widely studied as an effective approach for addressing complex and multi-turn interactive tasks. However, in current agentic workflows, contextual information is often exchanged in an unstructured and redundant manner, leading to excessive token consumption, increased execution latency, and reduced task completion success rates, especially in multi-step and multi-agent scenarios. The project focuses on designing and experimenting with structured agent context interaction mechanisms, including precise context distribution, context isolation among agents, and fine-grained task and progress management. A master–invoked agent interaction scheme is expected to demonstrate how task-related contexts can be selectively delivered to invoked agents and incrementally updated during task execution. -
Hackathon Plan
- Design and implement a multi-agent context interaction framework based on the structured context schemas defined in the draft.
- Develop a demo to demonstrate the effectiveness of the proposed agent context interaction mechanism.
-
Related documents
https://datatracker.ietf.org/doc/draft-chang-agent-context-interaction/ -
Repository
https://github.com/agent-context-interaction/IETF-Hackathon-125-Optimizing-Agent-Context-Interaction
¶ Agent Communication Gateway for Semantic Routing and Working Memory
-
Champions
Xiaohui Xie (xiexiaohui@tsinghua.edu.cn)
Zian Wang (zianwang@bupt.edu.cn)
Tianshuo Hu (huts22@mails.tsinghua.edu.cn) -
Project Info
As multi-agent systems are increasingly used for complex, multi-step interactive tasks, the way agents exchange context has become a key bottleneck: in many current agentic workflows, context is transmitted in an unstructured, redundant, and broadcast-like manner, which causes excessive token consumption, higher latency, and lower task success rates—especially when multiple agents are orchestrated across multiple steps. This project proposes and prototypes an Agent Communication Gateway that sits between agents and tools/services, providing two core capabilities: Semantic Routing, which intelligently routes messages/contexts to the most relevant agent(s) or tool endpoints based on semantic intent, task state, and routing policies to reduce unnecessary fan-out and duplicated context delivery; and Gateway Memory, which maintains structured, scoped memory (e.g., per-task / per-agent / per-session) to support selective context retrieval, context compression/summarization, and incremental updates, enabling agents to receive only the context they need at each step while preserving long-horizon task continuity. -
Hackathon Plan
- Design and implement a lightweight agent communication gateway with (a) semantic routing policies and (b) structured working memory.
- Integrate the gateway into a simple multi-agent workflow and validate that context delivery becomes more selective and less redundant.
- Develop a demo to showcase improvements such as reduced token usage, reduced latency, and improved task completion stability.
-
Related documents
https://www.ietf.org/archive/id/draft-agent-gw-00.html
¶ IPsec and IKEv2
- Champions
Valery Smyslov (valery@smyslov.net) - Project Info
Interoperability testing of new IKEv2 extensions:
-- Downgrade Prevention for the Internet Key Exchange Protocol Version 2 (IKEv2)
-- Optimized Rekeys in the Internet Key Exchange Protocol Version 2 (IKEv2)
-- Separate Transports for IKE and ESP
-- Post-quantum Hybrid Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2)
-- Post-quantum Hybrid Key Exchange in IKEv2 with FrodoKEM
-- Using IKE Fragmentation for Large Messages
-- IKEv2 Support for Child SA PFS Policy Information
-- A Larger Internet Key Exchange version 2 (IKEv2) Payload
-- Using Classic McEliece in the Internet Key Exchange Protocol Version 2 (IKEv2) - Specifications
-- https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-downgrade-prevention/
-- https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt/
-- https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-reliable-transport/
-- https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/
-- https://datatracker.ietf.org/doc/draft-wang-ipsecme-hybrid-kem-ikev2-frodo/
-- https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-fragm-large-msg/
-- https://datatracker.ietf.org/doc/draft-pwouters-ipsecme-child-pfs-info/
-- https://datatracker.ietf.org/doc/draft-nir-ipsecme-big-payload/
-- https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-mceliece/
¶ Low-Power Wireless IPv6 Networking with Thread *
-
Champion
Stuart Cheshire <cheshire@apple.com> -
Thread Overview
Thread is a specification for how to carry IPv6 datagrams over a self-configuring mesh of low-power IEEE 802.15.4 wireless links. Stuart Cheshire gave a brief presentation about Thread at the IETF 119 IAB Open meeting in Brisbane. The Thread specification is developed and published by the Thread Group. There are several independent implementations of Thread, the main one being the OpenThread open source project. This Hackathon event is open to all — Thread Group membership is not required, though of course Thread Group members are also welcome to participate.
-
Participants and Project Info
- To avoid taking up too much space on the main Hackathon page, Thread participants and projects are listed separately on the Thread Projects page.
¶ Minimal-Exposure AS-Path Verification against BGP Post-ROV Attacks
- Champions
Jiangou Zhan (zjo23@mails.tsinghua.edu.cn)
Ziwei Li (lizw@mail.zgclab.edu.cn) - Project Info
Inter-domain routing underpins global Internet connectivity, yet its control plane still relies on largely unauthenticated AS paths. The deployment of the Resource Public Key Infrastructure (RPKI) has substantially reduced prefix hijacking, but Post-ROV attacks-notably route leaks and path manipulation-remain feasible. Emerging standards such as ASPA mitigate these threats, but require global publication of provider authorizations, creating a tension between security and commercial confidentiality. This mandatory transparency exposes sensitive interconnection policies and can hinder adoption.
This project proposes Minimal-Exposure AS-Path Verification, MEASPV. Unlike approaches that require global visibility of local adjacencies, MEASPV decouples path validation from topology disclosure via a validator-assisted design that confines relationship attestations to authorized verifiers. As a result, anomalous paths can be detected and filtered without broadcasting peering strategies. Evaluation results show that MEASPV achieves security comparable to SOTA against Post-ROV threats while adhering to minimal exposure, providing a more incentive-compatible path to deployment. - Hackathon Plan
- Design and implement MEASPV, which selects a small set of high-tier ASes as validators to perform proxy verification of AS-path claims.
- MEASPV preserves BGP compatibility, supports incremental deployment, and limits information exposure to the theoretical minimum under our threat and observability model, while defending against path manipulation and route leaks.
- Demonstrate that MEASPV effectively mitigates path manipulation and route leaks under partial deployment.
- Related documents
¶ Next-Generation Inter-Domain Routing Architecture and Protocols
-
Champions
Shenglin Jiang (jiangshl@zgclab.edu.cn)
Yangfei Guo (guoyangf19@tsinghua.org.cn) -
Project Info
The Next-Generation Inter-Domain Routing Architecture and Protocols(IDRNG) fosters open technical discussions, knowledge sharing, and collaboration among researchers, operators, and protocol designers focused on the advancement of inter-domain routing architectures and protocols in the AI era. -
Hackathon Plan
- Design and implement a next generation Inter-Domain Routing lab.
- Learn and align with IETF/IRTF automation interfaces for routing control and telemetry (NETCONF/RESTCONF/YANG).
- Develop a large-scale IDR simulation demo based on AS-relationship (as-rel) data, and conduct red/blue experiments (e.g., route hijack/leak injection and detection/mitigation) with measurable outcomes.
- Repository
https://github.com/IDRNG
¶ Agent Protocol Security
- Champions
Song Yurong (songyurong1@huawei.com)
Foo Chuan Ann (foo.chuan.ann1@h-partners.com) - Project Info
In recent years, AI agents have witnessed remarkable progress and are increasingly recognized as a pivotal force in various fields. Regarding agent protocols, they play a crucial role in enabling seamless communication between agents, external tools, and data sources. However, with the development of AI agents and their protocols, security has become a pressing concern.
We continue to work on to implement and test security aspects of AI agent protocol. This hackathon, we test authorisation procedures on Model Context Protocol. - Agent Protocol Background
https://modelcontextprotocol.io/
https://www.a2aprotocol.org/ - Related Document
https://www.ietf.org/archive/id/draft-song-oauth-ai-agent-authorization-00.html
¶ LLM Driven Automated Network Protocol Testing
- Champions
Yong Cui (cuiyong@tsinghua.edu.cn)
Xiaohui Xie (xiexiaohui@tsinghua.edu.cn)
Yunze Wei (wyz23@mails.tsinghua.edu.cn)
Chuyi Wang (wangchuy21@mails.tsinghua.edu.cn) - Project Info
Traditional network protocol testing struggles to adapt to rapidly evolving RFC specifications and diverse deployment scenarios. This project demonstrates an LLM-assisted automated network protocol testing framework.
The framework uses LLMs to (1) assist protocol formalization by transforming unstructured RFC text into structured representations, (2) generate parameterized test case templates instantiated with concrete values for coverage expansion, (3) translate abstract test procedures into coordinated tester scripts and DUT configurations, and (4) automate test execution with execution-time analysis and feedback-driven refinement. - Related Document
https://datatracker.ietf.org/doc/draft-cui-nmrg-auto-test/
¶ Using Github in a IETF Working Group
-
Champions
Greg Wood, ghwood@staff.ietf.org
Dhruv Dhody, dd@dhruvdhody.com
Karen O'Donoghue, kodonog@pobox.com
Mirja Kühlewind, ietf@kuehlewind.net -
Project Info
This project will develop and publish practical information that working group chairs and participants can use as part of the usual IETF work. This will expand on information on the wiki here:https://chairs.ietf.org/github
https://authors.ietf.org/en/collaborative-editing
and could also result in additional wiki pages or other resources.
Starting points include RFC 8874, and RFC 8875, hoping to infuse the lessons learned in the 5 years since those were published.
Contributing to this project does not require dedicated time over the entire IETF Hackathon. Participants (onsite and remote) are encouraged to drop by and contribute to this project as their schedule allows.
Need Help with GitHub?
Use this table to get help with any GitHub-related issues you may be facing for your Internet-Draft repositories, working group organization, templates, issue tracking, or workflows. Drop by with your questions, drafts, or challenges. The goal is to provide practical, hands-on assistance wherever possible.
¶ Agent Networking Framework
-
Champions
Bo Li, libo391@huawei.com
Nan Geng, gengnan@huawei.com
Chong Zheng, zhengchong6@huawei.com
Zhiyuan Wang, wangzhiyuan51@huawei.com
Guanming Zeng, zengguanming@huawei.com
Chengxiang Li, lichengxiang11@huawei.com
Ming Xu, xuming37@huawei.com
Yuan Ni, niyuan1@huawei.com
Li Zhang, zhangli344@huawei.com -
Project Info
This framework aims to promote automated collaboration among multiple agents to accomplish complex tasks, and it is implemented based on agent gateways. The framework includes several core modules, such as agent registration and discovery, inter-gateway routing protocol, and data plane transmission protocol.
Taking the financial industry as a specific use case, this project demonstrates the workflow of the framework through a practical scenario: a specific institutional agent communicates with multiple bank agents to automatically query a user's bank statement information from different banks. This demonstration reflects the feasibility and practical value of the framework in facilitating efficient, automated inter-agent collaboration.
¶ Selectively Synchronizing RPKI Data to Routers
-
Champions
Nan Geng, gengnan@huawei.com
Yu Fu, fuy44@chinatelecom.cn
Shunwan Zhuang, zhuangshunwan@huawei.com
Mingqing(Michael) Huang, huangmq@mail.zgclab.edu.cn
Tom Harrison, tomh@apnic.net -
Project Info
This project (github link) is built on the forked open-source StayRTR project, aiming to implement the function of selectively synchronizing RPKI data to routers. It addresses the need for more flexible and targeted RPKI data distribution, and achieves this through two key extensions as follows:-
Extending the SLURM mechanism: This extension enables filtering of specific types of RPKI data. Supported filter types include IPv4 Prefix, IPv6 Prefix, and Router Key, allowing for precise control over the RPKI data that is processed and forwarded.
-
Extending the RTR protocol: The Client can subscribe to specific types of RPKI data from the server via the Subscribe PDU. After a successful subscription, the server will only synchronize the subscribed types of RPKI data to the corresponding Client, reducing unnecessary data transmission and improving efficiency.
By integrating these two extensions into the project, the solution provides a more refined and efficient RPKI data synchronization mechanism, which is particularly valuable for scenarios where routers require only specific RPKI data types to meet their operational needs.
-
-
Related Document
https://datatracker.ietf.org/doc/draft-fu-sidrops-enhanced-slurm-filter/
https://datatracker.ietf.org/doc/draft-geng-sidrops-rtr-selective-sync/
¶ Exporting Source Address Validation (SAV) information via IPFIX
-
Champions
Qian Cao (caoqian@zgclab.edu.cn)
Mingqing Huang (huangmq@mail.zgclab.edu.cn)
Benoit Claise (benoit@everything-ops.net)
Tianran Zhou (zhoutianran@huawei.com) -
Project Info
While Source Address Validation (SAV) mechanism prevents source address spoofing, enforcing filtering decisions in the data plane, it typically lacks standardized telemetry.
This project (https://github.com/Cq-zgclab/sav-ipfix-validator) addresses the observability gap by defining and prototyping a set of SAV Information Elements (IEs) exported via IPFIX. The goal is to demonstrate that using standard telemetry mechanisms IPFIX to achieve operational visibility of SAV is both feasible and practical valuable. -
Hackathon Plan
Design and implement an end-to-end prototype that exports SAV telemetry data using IPFIX.- Model SAV rules and validation modes across multiple address families.
- Generate spoofed and non-spoofed traffic to simulate different validation mode scenarios.
- Implement flow aggregation logic supporting two templates: operational monitoring and security analysis.
- Encode SAV Information Elements, including structured rule data via 'SubTemplateList', using existing IPFIX libraries.
- Export telemetry records to standard IPFIX tools for decoding and validation.
-
Related information
https://datatracker.ietf.org/doc/draft-cao-opsawg-ipfix-sav/
https://datatracker.ietf.org/doc/draft-ietf-savnet-general-sav-capabilities/
https://datatracker.ietf.org/doc/rfc7011/
https://datatracker.ietf.org/doc/rfc6313/
¶ RPKI-based Validation with Prioritized Resource Data
-
Champions
Jia Zhang (zhangj@zgclab.edu.cn)
Mingwei Xu (xmw@cernet.edu.cn)
Nan Geng (gengnan@huawei.com)
Chongfeng Xie (xiechf@chinatelecom.cn)
Yangyang Wang (wangyy@cernet.edu.cn) -
Project Info
Current RPKI Route Origin Validation (ROV) treats all validation data equally. However, operators often use mixed data sources (e.g., authoritative ROAs, SLURM exceptions, AI-inferred data) with varying levels of credibility. This project implements a multi-priority RPKI framework, allowing routers to apply differentiated BGP policies based on the credibility of the validation data (e.g., discarding routes invalidated by authoritative ROAs, while only alerting on those invalidated by inferred data). -
Hackathon Plan
We will build a Proof of Concept (PoC) to demonstrate the multi-priority RPKI Route Origin Validation (ROV) framework. Our development will focus on two core tasks:- RTR Protocol Extension: Modify the RPKI-to-Router (RTR) protocol to allow Protocol Data Units (PDUs) to explicitly carry priority levels for validated RPKI payloads from the cache server to the router.
- Priority-Aware ROV: Parse RTR priority attributes to support multi-priority validation states and enable differentiated BGP routing policies (e.g., discard vs. lower Local Preference).
-
Related Document
https://datatracker.ietf.org/doc/draft-zhang-sidrops-prioritized-route-validation/
¶ E2E SRv6 for AI service access with quality and security assurance
-
Champions
Feng Yang (yangfeng@chinamobile.com)
Xiaoqiu Zhang (zhangxiaoqiu@chinamobile.com)
Changwang Lin (linchangwang.04414@h3c.com) -
Project Info
AI applications, such as self driving, remote operation, have two fundamental requirements when accessing AI inference services: guaranteed connection quality and secure access. Leveraging current SRv6 technology, this project enables application-aware network coordination to deliver customizable, quality-assured connectivity for users, while ensuring end-to-end secure access from the user to the AI service.-
Regarding quality assurance, an E2E SRv6 network is designed. By ARN techmology, the application traffic can be steered onto differentiated SRv6 services in the underlying backbone network. This ensures deterministic performance for AI inference.
-
Regarding routing security, the design uses SID as the source address in SRv6 packets, not only enabling SRv6 compatibility with existing firewalls, but also mitigating spoofing attacks against VPN SIDs by verification of <src, dst> VPN SID tuple on destination PE.
-
-
Related Document
https://datatracker.ietf.org/doc/draft-yang-rtgwg-arn-framework/
https://datatracker.ietf.org/doc/draft-yang-spring-srv6-verification/
https://datatracker.ietf.org/doc/draft-yang-spring-sid-as-source-address/
¶ Evidence Encoding for HSMs (RATS)
-
Champions
Jean-Pierre Fiset (jp@crypto4a.com)
Mike Ounsworth (mike@ounsworth.ca)
Hannes Tschofenig (Hannes.Tschofenig@gmx.net) -
Project Info
Remote ATtestation procedureS (RATS) define a framework to generate, distribute and appraise evidence between peers. This effort is to provide encoding for evidence tailored to Hardware Security Modules (HSMs) and the environment in which they operate. -
Hackthon Plan
During Hackathon 125, we wish to develop test vectors based on the encoding offered in the specification draft. From the vectors, we wish to develop vendor-agnostic tools such as verifiers. -
Related Documents
https://datatracker.ietf.org/doc/draft-ietf-rats-pkix-key-attestation/ -
Communications
We are using Gather Town (https://app.gather.town/app/L4fNNdm1NJa1sE2v/ietf pw: ietf) Table D
¶ OAuth Delegated Authorization for AI Agents
-
Champions
Li Ruochen (li.ruochen@h-partners.com)
Wang Haiguang (wang.haiguang.shieldlab@huawei.com) -
Project Info
With the rapid development of AI agent technologies, AI agents need to access resources on behalf of users in a secure and controlled manner. This project aims to implement the OAuth 2.0 delegated authorization framework for AI agents as specified in the draft. The framework enables agents to obtain a delegation token for a resource server and generate delegated tokens for sub-agents or resource access on demand. -
Related Document
https://datatracker.ietf.org/doc/html/draft-li-oauth-delegated-authorization
¶ Agent Open Network Protocols and Agent & Tool Gateway Demo
-
Champions
Peng Liu (liupengyjy@chinamobile.com)
Kehan Yao (yaokehan@chinamobile.com)
Zongpeng Du(duzongpeng@chinamobile.com) -
Project Info
Demonstrate AI agent open network protocols and Agent & Tool Gateway. Core capabilities include AI agent registration and skill-based agent resolution, gateway-based Agent routing, gateway-based MCP tool access
and delegated authorization, etc. -
Related Document
TBD.
¶ Agent Operation Authorization(AOA)
-
Champions
Dapeng Liu (max.ldp@alibaba-inc.com)
Suresh Krishnan (suresh.krishnan@gmail.com)
Fan Yang (fudai.yf@alibaba-inc.com) -
Project Info
¶ AOA: Agent Operation Authorization
Draft:Agent Operation Authorization (https://datatracker.ietf.org/doc/html/draft-liu-agent-operation-authorization-01):
In agent-based systems, it is essential to convey not only what actions are permitted but also the original intent behind them and conditions under which an autonomous agent may act on behalf of a principal.This draft specifies the Agent Operation Authorization framework — a mechanism that enables verifiable delegation of actions from human principals to autonomous AI agents with fine-grained agent operation authorization.
¶ Open Source Implementation: Open Agent Auth
Open Agent Auth is an implementation building upon this standard proposal by leveraging industry-standard protocols (OAuth 2.0, OpenID Connect, WIMSE, W3C VC) and featuring Model Context Protocol (MCP) integration to ensure every agent-executed operation is traceable to explicit user consent.
- Hackthon Plan
- Demonstrate end-to-end AOA protocol flow using reference implementations.
- Validate draft clarity: identify spec ambiguities from implementation and demo scenarios.
-
Related Documents
https://datatracker.ietf.org/doc/html/draft-liu-agent-operation-authorization-01 -
Repository
https://github.com/alibaba/open-agent-auth
¶ cc-pipe: Concurrent and Conflict-free Pipeline for RPKI Relying Parties
- Champions
Chenhui Yu (chyu@cnic.cn)
Hui Zou (zouhui@cnic.cn)
Zhuoran Ma (mazhuoran@hnu.edu.cn) - Project Info
Current RPKI Relying Parties (RPs) strictly block new data distribution to routers until the entire global repository is fetched and validated. As the RPKI ecosystem expands, this blocking approach creates a systemic bottleneck and delays critical routing security updates.
This project introduces cc-pipe, a concurrent and conflict-free pipeline that decouples RPKI-to-Router (RTR) distribution from data synchronization and cryptographic validation. This implementation uses a predictive Conflict Graph to track data dependencies, safely streaming Validated ROA Payload (VRP) updates to BGP routers. Additionally, it employs aggregated update pacing and an extended cache retention policy to reduce router CPU overhead and prevent costly reset queries. It reduces latency while strictly preserving the routing stability intended by RFC 8210. - Hackthon Plan
Our Hackathon project will focus on three primary tasks:- Deployment & Benchmarking: Deploy the cc-pipe relying party to demonstrate latency improvements over traditional RPs.
- Interoperability Testing: Establish standard RTR sessions with BGP routers (e.g., FRRouting, BIRD, or commercial implementations) to evaluate real-world performance and uncover potential edge-case issues.
- Community Discussion: Share our findings and discuss the architectural impact of cc-pipe with the community.
- Related Documents
https://www.rfc-editor.org/rfc/rfc8210.html
https://datatracker.ietf.org/doc/draft-ietf-sidrops-8210bis/ - Repository
https://github.com/FIRLab-CNIC/cc-pipe
¶ Knowledge Graph Enhanced Network Management
- Champions
Mingzhe Xing (xingmz@zgclab.edu.cn)
Yujia Gao (gaoyj@zgclab.edu.cn) - Project Info
This project leverages LLMs to automatically construct knowledge graphs from configuration documents, threat intelligence, and other network documents. It supports efficient graph-based retrieval and advanced reasoning, transforming unstructured information into actionable, connected insights. - Related Documents
¶ Extending BGP FlowSpec with Packet Content Matching
- Champions
Yujia Gao (gaoyj@zgclab.edu.cn)
Guangchen Song (songguangchenjc@chinamobile.com)
Mingzhe Xing (xingmz@zgclab.edu.cn) - Project Info
Existing BGP FlowSpec mechanisms mainly match packet header fields, which limits their effectiveness against DDoS attacks characterized by fixed payload patterns. This project implements and demonstrates a packet content filtering extension for BGP FlowSpec, enabling traffic filtering based on payload content at specified offsets. It showcases rule generation and deployment through payload filtering, and validates the functionality on both open-source routing platforms and commercial network devices, demonstrating practical payload-based DDoS mitigation capabilities. - Related Documents
¶ Transaction Token Profiles for A2A Calls
- Champions
Chunchi Peter Liu(liuchunchi@huawei.com)
Yuan Ni(niyuan1@huawei.com)
Yuan Zhou(zhouyuan89@huawei.com) - Project Info
Transaction Tokens securely propagate user identity and authorization context across workloads. We extend this mechanism to A2A scenarios. By mapping the A2A message structure to the Transaction Token payload, call context and identity can be preserved throughout the entire agent call chain. - Related Documents
https://www.ietf.org/archive/id/draft-liu-oauth-a2a-profile-00.html
¶ Automated Certificate Management Environment (ACME) Remote Attestation Identifier and Challenge Type
- Champions
Chunchi Peter Liu(liuchunchi@huawei.com)
Mike Ounsworth(mike@ounsworth.ca)
Michael Richardson(mcr+ietf@sandelman.ca) - Project Info
An ACME extension that leverages the RATS framework to enable flexible, CMW-formatted attestation of hardware evidence and specific claims. - Related Documents
https://datatracker.ietf.org/doc/draft-ietf-acme-rats/01/
¶ Enhancing LLMs for Network Traffic Analysis (TrafficLLM)
- Champions
Tianyu Cui(cuity@zgclab.edu.cn) - Project Info
TrafficLLM is a universal LLM adaptation framework to learn robust traffic representation for all open-sourced LLMs in real-world scenarios and enhance the generalization across diverse traffic analysis tasks. - Repository
https://github.com/ZGC-LLM-Safety/TrafficLLM
¶ Interface to In-Network Computing Functions (I2ICF) Project
-
Champions
Jaehoon Paul Jeong (pauljeong@skku.edu) -
Project Info
The Interface to In-Network Computing Functions (I2ICF) is intended to provide a structured framework and a collection of interfaces that enable cloud-based users to control and observe mobile systems such as robotic AI agents and other moving devices. In this work, we present the I2ICF Intent Translator, which operates as part of the Intent Service Application and converts high-level user intents into actionable instructions for IoT devices, including Software-Defined Vehicles (SDVs). Furthermore, the study demonstrates how In-Network Computing Functions (ICFs) can be deployed for mobile platforms such as Software-Defined Vehicles (SDVs) and Unmanned Aerial Vehicles (UAVs), highlighting the processes involved in configuring, running, and supervising these in-network capabilities within a networked environment. -
Specifications
[draft-jeong-nmrg-i2icf-problem-statement-00]
(https://datatracker.ietf.org/doc/draft-jeong-nmrg-i2icf-problem-statement/)
[draft-jeong-nmrg-i2icf-framework-00]
(https://datatracker.ietf.org/doc/draft-jeong-nmrg-i2icf-framework/)
[draft-an-nmrg-i2icf-cits-01]
(https://datatracker.ietf.org/doc/draft-an-nmrg-i2icf-cits/)
¶ An Integrated Security Service System for 5G Networks using an I2NSF Framework
- Champions
Jaehoon Paul Jeong (pauljeong@skku.edu) - Project Info
This work proposes a comprehensive framework for automated security control in 5G edge environments based on the Interface to Network Security Functions (I2NSF) architecture. The system adopts an Intent-Based Networking (IBN) paradigm that enables administrators or users to specify high-level security objectives, which are subsequently translated into actionable policies for both the network and application layers. Network-oriented policies are propagated to 5G core functions through the Network Exposure Function (NEF), whereas application-specific policies are enforced directly on User Equipment (UE) by distributed IBN Controllers. By combining these mechanisms, the architecture facilitates adaptive, context-aware, and decentralized policy enforcement, allowing the system to react in real time to evolving edge network conditions and mobility events such as handovers. - Specifications
[draft-ahn-nmrg-5g-security-i2nsf-framework-01]
(https://datatracker.ietf.org/doc/draft-ahn-nmrg-5g-security-i2nsf-framework/)
¶ Concise Selector for Endorsements and Reference Values
- Champions
- Shefali Kamal (shefali.kamal@fujitsu.com)
- Paul Howard (paul.howard@arm.com)
- Thomas Fossati (thomas.fossati@linaro.org)
- Henk Birkholz (henk.birkholz@ietf.contact)
-
Project Info
This project demonstrates how to use the CoRIM Verifier (veraison/cover) to verify and evaluate an Arm CCA attestation token using CoSERV as the source of trust anchors and reference values.
This demo uses Arm CCA (evidence and endorsement) formats as an example to show how attestation evidence can be verified and appraised locally, i.e., without using an external verification service.
In terms of the RATS architecture (RFC9334) for remote attestation, this demonstration shows a scenario in which the Verifier role is implemented alongside another role, such as the Attester or the Relying Party. This is an alternative to implementing the Verifier role in a remote service, which would be accessed via a network call. -
Specifications
- draft-ietf-rats-coserv-05
- draft-ietf-rats-corim-10
- draft-ffm-rats-cca-token-03
- draft-ydb-rats-cca-endorsements-03
¶ Testing Privacy-preserving Ciphertext AI inference in Network Functions
- Champions
- Lun Li (lilun20@huawei.com)
- Kun Liu (liukun@iie.ac.cn)
-
Project Info
The academic community has been proposing new privacy technologies, but in existing networks, more pseudonymization is used to protect identifiers. Can these new privacy technologies enhance processing privacy?In this project, we try to let the network perform computing directly on ciphertext through privacy computing. The potential solution is to use homomorphic encryption. AI inference and neural networks are the types of computation we are primarily coped with. The main goal is as follows:
---Test several possible data processing security methods for AI inference.
---Demonstrate and evaluate the time efficiency of homomorphic encryption for ciphertext computation, such as inference, on-site. -
Related I-D
https://datatracker.ietf.org/doc/draft-li-ppm-homomorphic-encryption/ -
Hackthon Plan
Test the performance of homomorphic encryption in AI inference -
Related Side Meeting
Ciphertext computing and protocol design for future network
Tuesday, March 17, 2026 11:15-12:15 ( Asia/Shanghai ) · Jiangsu
¶ IPv6 Network Traffic Monitoring and Analysis Platform
- Champions
Jing Zhao (zhaoj501@chinaunicom.cn)
Tianyi Huang (tyhuang@cnic.cn) - Project Info
This project addresses the core operational challenges in large-scale IPv6 deployment by building an end-to-end IP network traffic monitoring and analysis platform that spans home broadband, mobile networks, bearer networks, and applications, enabling multi-dimensional monitoring of traffic and quality along with intelligent big data analytics to deliver differentiated services. - Related Document
[draft-pang-v6ops-ipv6-monitoring-deployment-05]
¶ Applying YANG Provenance Signatures to CBOR Objects
-
Champions
Diego López, diego.r.lopez@telefonica.com
Ana Méndez, ana.mendezperez@telefonica.com
Lucia Cabanillas, lucia.cabanillasrodriguez@telefonica.com -
Project Info
At the IETF 122 Hackathon we introduced and demonstrated a YANG provenance signature framework, based on the reference specification and implemented as microservices, useful to sign and verify YANG data elements in support of assuring their origin and integrity.
We continued working on the YANG provenance framework, demonstrating its integration with a Kafka bus and its convergence with current approaches to YANG data integration in state-of-the-art data infrastructures.
Following the IETF 123 and IETF 124 Hackathon demonstrations of the framework integration with Kafka and Kafka Schema Registry supporting YANG modules, we continue to evolve the Reference Implementation in alignment with the latest updates to the draft.
In this iteration, we present a complete workflow using byte array serialization and CBOR Object management for data transmission, including procedures for signing, enclosing, and validating. Adapting our procedures to CBOR data formats and binary encoding reduces message size, enables faster processing, and improves extensibility. -
Related Drafts
draft-ietf-opsawg-yang-provenance -
Related Repositories
https://github.com/tefiros/cose-provenance/
https://github.com/tefiros/kafka-provenance/
https://github.com/dr2lopez/yang-provenance/
¶ Model for distributed authorization policy sharing
-
Champions
Lucia Cabanillas, lucia.cabanillasrodriguez@telefonica.com
Diego López, diego.r.lopez@telefonica.com
Ana Méndez, ana.mendezperez@telefonica.com -
Project Info
This project demonstrates a framework for sharing and managing authorization policies using a YANG-based model.
Authorization policies are expressed using declarative Policy-as-Code languages (e.g., Rego) and encapsulated in a YANG artifact that includes metadata such as owner, version, and language.
The prototype implements a policy lifecycle workflow where a Policy Administration Point (PAP) validates and distributes policies to a Policy Decision Point (PDP). In the demo setup, Open Policy Agent (OPA) acts as the PDP, APISIX acts as the Policy Enforcement Point (PEP), and Keycloak provides authentication.
The demonstration shows how a YANG-based policy artifact can be validated, distributed, and enforced in a real system. -
Related Drafts
draft-cabanillas-nmop-authz-policy-sharing-model-01 -
Related Repositories
https://github.com/LuciaCabanillasRodriguez/authz-policy-sharing-model
¶ BMWG - YANG model for management of Network Tester
- Champion(s)
- Vladimir Vassilev (vladimir@lightside-instruments.com)
- Project(s)
- Specifications
- Repositories
- Scripting - YANG/NETCONF benchmark orchestration code
- Software - YANG/NETCONF device side code
- FPGA -HDL
- Hardware - board design
- Getting started - walk-through
¶ ROVBench: A Benchmarking Framework for Route Origin Validation (ROV)
- Champion(s)
- Libin Liu (liulb@zgclab.edu.cn)
- Project Info
- Route Origin Validation (ROV) based on the Resource Public Key Infrastructure (RPKI) is increasingly deployed to improve BGP routing security. However, there is currently limited standardized methodology for evaluating the performance and behavior of routers implementing ROV.
- An ongoing draft in the IETF BMWG defines a benchmarking methodology for routers supporting ROV, including procedures to evaluate VRP update processing, interactions between BGP and RPKI validation, and control-plane scalability.
- This project aims to explore how the proposed benchmarking methodology can be implemented in practice by building a small prototype benchmarking environment.
- Hackathon Plan
- We will build a PoC prototype to explore how ROV benchmarking procedures can be implemented using existing open-source tools. The development will focus on two tasks:
- Prototype Testbed Construction: Build a container-based ROV test environment using tools such as BIRD, FRRouting, GoBGP, ExaBGP, Routinator, and Containerlab.
- Benchmark Scenario Exploration: Implement basic benchmark scenarios defined in the BMWG ROV benchmarking draft, including experiments related to VRP updates and BGP update processing.
- We will build a PoC prototype to explore how ROV benchmarking procedures can be implemented using existing open-source tools. The development will focus on two tasks:
- Related Document
¶ Knowledge Graph based on SIMAP Connected with IVY
-
Champions
Michael Mackey (michael.mackey@huawei.com)
Olga Havel (olga.havel@huawei.com)
Brad Peters (bradpeters@nbnco.com.au) -
Project Info
This project will demonstrate how existing IETF YANG Models and related instance data can be quickly converted into a Knowledge Graph. By using Semnatic Web Technologies, these models and data can easily be intergrated or extened with external ontologies to enhance the information present and allow graph queries across the data to find deep insights.
Specifically it will show how the draft SIMAP YANG model can be represented in RDFS, how we can connect it to inventory information (represented by) and how it can be integrated with an external wider Ontology (represented by NORIA-O).
-
In this project, we will do the following:
- Create a RDFS version of the latest SIMAP model
- Create a RDFS version of the IVY models
- Import SIMAP instance data as RDF
- Import IVY instance data as RDF
- Dynamically create connections between the two and show how information can be queried.
-
Related Document
¶ Lightweight Authenticated Key Exchange (LAKE)
-
Champions
- Onsite:
Malisa Vucinic (malisa.vucinic@inria.fr)
Geovane Fedrecheski (geovane.fedrecheski@inria.fr)
Yuxuan Song (yuxuan.song@inria.fr)
Tengfei Chang (tengfeichang@hkust-gz.edu.cn) - Remote:
William Takeshi (william.a.pereira@inria.fr)
Göran Selander (goran.selander@ericsson.com)
Marco Tiloca (marco.tiloca@ri.se)
Christian Amssues (chrysn@fsfe.org)
- Onsite:
-
Project Info
Ephemeral Diffie-Hellman over COSE (EDHOC, RFC 9528) specifies a lightweight authenticated key exchange protocol between two peers. EDHOC is especially suited for constrained network environments such as NB-IoT, 6TiSCH, LoRaWAN, IEEE 802.15.4 and BLE. -
Hackathon Plan
- Collaborate with onsite and remote co-authors to improve drafts lake-authz and lake-ra
- Hold side meetings to discuss new draft updates
- Improvements on
lakers, an EDHOC implementation in Rust
-
Related Documents
https://datatracker.ietf.org/doc/draft-ietf-lake-authz/
https://datatracker.ietf.org/doc/draft-ietf-lake-ra/ -
Related Links
https://openwsn.atlassian.net/wiki/spaces/LAKE/pages/4032495639/Side+Meeting+Topics+for+Hackathon+IETF+125
https://github.com/lake-rs/lakers
¶ DNS-Native Agent Naming and Resolution
-
Champions
Yong Cui (Tsinghua University) cuiyong@tsinghua.edu.cn
Chenguang Du (Zhongguancun Lab) ducg@zgclab.edu.cn
Siyu Deng (CNNIC) siyudeng1003@gmail.com
Yihan Chao (Zhongguancun Lab) chao_yihan@outlook.com -
Project Info
This project implements DN-ANR, a DNS-native resolution layer for AI agents. DN-ANR uses FQDNs as Agent Identifiers and resolves them to verifiable endpoints via standard DNS records (A, TXT, SVCB). The demo covers agent registration, version/protocol routing, descriptor integrity verification, and end-to-end agent invocation. -
Hackathon Plan
- Demonstrate the Agent name resolution flow using CoreDNS and FastAPI-based agent servers.
- Validate the fallback mechanism and version routing strategies defined in the draft.
- Gather feedback on the draft specification.
-
Specifications
draft-cui-dns-native-agent-naming-resolution -
Repository
https://github.com/nobrowning/DNS4Agent
¶ Secure Hybrid Network Monitoring
-
Champions
- Yutaka Oiwa (AIST, Japan), y.oiwa@aist.go.jp
-
Members
- Satoru Kanno (GMO CONNECT, Inc., Japan), kanno@gmo-connect.jp
- Yumi Sakemi (GMO CONNECT, Inc., Japan), sakemi-yumi@gmo-connect.jp
-
Project Info
- We propose Secure Hybrid Network Monitoring for complex network environments such as hybrid cloud or mixed cloud settings. The Path Characteristics Service (PCS) enables users to verify whether their network path meets specified intents (e.g., data residency, VPN usage, operator constraints) by performing intent matching against actual path characteristics across multiple network domains.
-
Hackathon Plan
- Update the Internet-Draft to reflect the revised PCS concept: from network state retrieval to intent matching with match/unmatch responses.
- Develop a prototype PCS demo.
- Gather feedback on the updated draft specification.
-
Specifications
¶ SCONE Interop
-
Champions
- Marcus Ihlar (marcus.ihlar@ericsson.com)
-
Project Info
- Interop testing of SCONE protocol (https://datatracker.ietf.org/wg/scone/about/)
-
Specifications
¶ CBOR Support in libyang
-
Champions
- Remote :
Siddharth Bhat (sidbhat.211ee151@nitk.edu.in)
Bharadwaja M. Chittapragada (meher.211cs216@nitk.edu.in)
Vartika T. Rao (vartikatrao.211it077@nitk.edu.in)
Hayyan Arshad (hayyanarshad.211cs222@nitk.edu.in)
- Remote :
-
Project Info
Our goal is to extend libyang, the widely used YANG data-modeling library written in C, by implementing full CBOR (Concise Binary Object Representation) support—both serialization and parsing—for YANG-modeled data.
-
Related Issue
https://github.com/CESNET/libyang/issues/2130 – feature request for CBOR support in data serializers
¶ PacketScope: LLM-Powered eBPF for Protocol Stack Defense
-
Champions
- Zhaoxi Li (li-zx24@mails.tsinghua.edu.cn)
- Yuxiang Yang (yangyx22@mails.tsinghua.edu.cn)
-
Project Info
PacketScope is a general-purpose protocol stack analysis and debugging tool based on eBPF. It integrates performance optimization, anomaly diagnosis, and security defense to provide fine-grained tracing and intelligent analysis of network packets at the protocol stack level. The project aims to solve common pain points such as difficult diagnosis of performance bottlenecks, unclear packet transmission paths, and hard-to-detect low-level protocol attacks (e.g., at layers below traditional WAF/IDS).The tool consists of three main microservice modules:
- Analyzer: Provides multidimensional statistics on packet movement (latency, packet loss, etc.) and visualizes cross-layer data flow.
- Tracer: Maps network routes and latency from the host to any global IP, visualizing the data on a global topology.
- Guarder: Filters and controls abnormal packets using customizable rules and leverages an intelligent engine (LLM) to provide context for potential threats.
-
Hackathon Goals
- Deploy PacketScope in the IETF hackathon network testbed to monitor and analyze live traffic.
- Evaluate and enhance the
Guardermodule's rule-based engine for detecting and mitigating low-level protocol attacks and anomalies. - Test the
Analyzermodule's ability to identify performance bottlenecks and trace packet paths within complex network topologies. - Explore potential integrations between PacketScope's eBPF-based telemetry and other network management or security tools.
- Develop and test new eBPF probes for tracing interactions with specific protocols being discussed at the IETF.
- Gather feedback on the tool's usability and visualization for network operators and security engineers.
GitHub Repo: https://github.com/Internet-Architecture-and-Security/PacketScope
Project Docs: https://internet-architecture-and-security.github.io/packetScope-website/
Live Demo: http://82.156.141.213:4173/ -
Specifications
- Problem Statement for Cross-Layer Vulnerabilities due to Forged ICMP Errors (https://datatracker.ietf.org/doc/draft-xu-intarea-vulnerabilities-forged-icmp/)
- Enhancing ICMP Error Message Authentication Using Challenge-Confirm Mechanism (https://datatracker.ietf.org/doc/draft-xu-intarea-challenge-icmpv4/)
- Enhancing ICMPv6 Error Message Authentication Using Challenge-Confirm Mechanism (https://datatracker.ietf.org/doc/draft-xu-intarea-challenge-icmpv6/)
¶ Pegasus: Deep Learning Framework on the Dataplane
-
Champions
- Onsite :
Yinchao Zhang (afireswallow@gmail.com)
- Onsite :
-
Project Info
We propose Pegasus, an Intelligent Dataplane framework that resolves the architectural mismatch between complex Deep Learning models and flow-centric network hardware. By translating DL models into hardware-native primitives using fuzzy matching and primitive fusion, Pegasus enables line-rate, real-time AI inference for next-gen network security. -
Repository
https://github.com/afireswallow/pegasus
¶ OAuth 2.0 Scope Aggregation for Multi-Step AI Agent Workflows
-
Champions
- Onsite:
Yukuan Jia (jiayukuan@huawei.com)
Shuping Peng (shupingpeng@huawei.com)
- Onsite:
-
Project Info
We propose a scope-aggregated OAuth 2.0 authorization pattern for multi-step AI agent workflows. An AI agent aggregates the scopes required across a workflow and only initiates a single authorization procedure for the aggregated scope. This reduces repeated user consents and multiple authorization round-trips, improving authorization efficiency. -
Hackathon Plan
- Develop an application demo based on MCP to demonstrate the effectiveness of the proposed scope aggregation mechanism.
- Gather feedbacks on the demo and the proposed draft.
- Related Documents
https://datatracker.ietf.org/doc/draft-jia-oauth-scope-aggregation
¶ Bridging the Transparency Gap: Distributed Remote Attestation
-
Champions
- Onsite:
Donghui Wang (wangdonghui124@huawei.com)
Yuning Jiang (jiangyuning2@h-partners.com)
- Onsite:
-
Project Info
This project explores a distributed architecture for remote attestation that enables reusable attestation artifacts across multiple verifiers and trust domains. In many real-world deployments, each administrative domain operates its own Remote Attestation Service (RAS) and verifier, making cross-domain attestation verification difficult. Additionally, verifiers often need to obtain reference values, endorser public keys, and endorsements from multiple providers, creating a many-to-many distribution problem that does not scale with point-to-point integrations.
The proposed approach introduces a shared publication channel for selected attestation artifacts—such as endorser public keys, endorsements, reference values, and optionally attestation results—while preserving provenance, integrity, and access control. The current draft explores a distributed-ledger-based realization of this artifact distribution mechanism, enabling verifiers and relying parties to discover and reuse attestation artifacts across domains. -
Hackathon Goal
Build a prototype demonstrating distributed publication and retrieval of remote attestation artifacts across domains. -
Hackathon Plan
Demonstrate the end-to-end RA flow (Attester → RP → Verifier → Fabric) using the forked Go TLS 1.3 stack with the 0xFFA5 evidence extension, verifying that CertificateVerify correctly binds evidence to the session transcript. -
Related Documents
https://datatracker.ietf.org/doc/draft-wang-rats-distributed-remote-attestation/
¶ Applications of homomorphic encryption
-
Champions
- Onsite :
Kun Liu (liukun@iie.ac.cn)
- Onsite :
-
Project Info
Fully homomorphic encryption (FHE) is often hailed as the “Holy Grail” of cryptography. It enables direct computations on encrypted data. By encrypting data on the client side and sending the ciphertext to the server, we can fully leverage the server’s computational power while ensuring data security. With continuous breakthroughs in underlying algorithms and hardware acceleration technologies, research into the practical applications of FHE is flourishing. Utilizing the properties of homomorphic encryption for online artificial intelligence processing has gradually become a hot research topic. Our goal is to explore various application scenarios for homomorphic encryption while improving its transmission and computation speeds to enhance its practicality. -
Related Documents
https://github.com/Lance-Bai/fhe_processor.git