Minutes IETF106: maprg
minutes-106-maprg-00

===============================
MAPRG Session
IETF 106 - Singapore
Monday, November 18, 2019
18:10-19:10 (UTC+08:00)
Meeting Minutes
===============================

RG chairs: Mirja Kühlewind, Dave Plonka (remote)
Meeting minutes: Tal Mizrahi
Video: https://youtu.be/FnScP8r9JLg

Chair slides:
-------------
Presenter: Mirja Kühlewind
Slides:
https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-chairs-slides-02

Summary:
- Note well was presented.
- Call for alternate/additional MAPRG chair - interested participants to
contact the co-chairs. - The agenda for the current session was presented.

QUIC deployment Update
----------------------
Presenter: Mirja Kühlewind
Slides:
https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-quic-deployment-update-00
Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=5m26s

Summary / discussion:
- The QUIC deployment statistics in the slides are based on numbers gathered
from some of the IETF meeting participants from Google, Facebook, Akamai and
DT. - Igor Lubashev (Akamai): I am happy to answer questions.

Losses in SATCOM systems : identification and impact
----------------------------------------------------
Presenter: Nicolas Kuhn
Slides:
https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-losses-in-satcom-systems-identification-and-impact-00
Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=10m50s

Summary:
- Analysis of packet losses in satellite communication.
- Specifically in the context of QUIC: identifying where packet losses occur.
- No questions or comments.

TLS Beyond the Browser
----------------------
Presenter: Blake Anderson
Slides:
https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-tls-beyond-the-browser-00
Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=18m05s

Summary:
- TLS fingerprinting as a means of analyzing the application.
- Specifically, can be used for detecting malware.

Discussion:
George Michaelson: The slide describing TLS 1.3 adoption describes the
percentage of each TLS version? Blake: right. Tiru Reddy: how is your
prediction when malwares are lying about the SNI? Blake: the actual TLS
fingerprint string strips the connection-specific information. If the
fingerprint is a good indicator for malware, then you can use that. Tiru: by
using TLS 1.3, where the SNI is encrypted, all you see is the client Hello -
would that be sufficient to identify the applications? Blake: potentially. TLS
1.3 has many paramters, and different applications use them differently. Tiru:
but all the other parameters except the client Hello are encrypted, right?
Blake: all this work relies strictly on the client Hello. Emmanuel Lochin: your
work builds a fingerprint database. Is this tool available publicly? Blake: not
at this point. Emmanuel: and the data set? Blake: yes, the data set is publicly
available.

A Look at the ECS Behavior of DNS Resolvers
-------------------------------------------
Presenter: Kyle Schomp
Slides:
https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-a-look-at-the-ecs-behavior-of-dns-resolvers-kyle-schomp-01
Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=37m58s

Summary:
- This work analyzes the ECS behavior and impact in EDNS.
- No comments or questions.

Characterizing JSON Traffic Patterns on a CDN
---------------------------------------------
Presenter: Santiago Vargas
Slides:
https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-characterizing-json-traffic-patterns-on-a-cdn-santiago-vargas-00
Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=52m55s

Summary:
- This work analyzes the wide usage of JSON from a CDN provider's perspective.
- No comments or questions.

Adjourned at 19:10.