Date: Friday July 26, 10:00-12:00 (Morning session I)
Room: Place du Canada
Dave Plonka & Mirja Kühlewind
10 min
Dave Plonka
10 min
Tommy Pauly
10 min
Gorry Fairhurst
10 mins
Ian Swett
10 mins
Igor Lubashev
20 min
Roland Van Rijswijk
20 min
Aniket Mahanti (remote)
20 min
TLS 1.3 Client Measurements (Tommy Pauly)
A look at how much TLS 1.3 support is being rolled out from a client perspective on Apple devices, and some
insights into the relative performance of different versions and correlation with other factors like IPv6.
Measuring QUIC Dynamics over a High Delay Path (Tom Jones, Ana Custura and Gorry Fairhurst, University of Aberdeen)
This will present a set of transport performance measurements from using IETF QUIC over a path with high delay.
This will seek to understand if the dynamics of a recent QUIC implementation.
Our data is drawn from measuring Quicly over an operational geostationary satellite service.
We compare performance of a satellite QUIC stream and the same tests over emulated links with small path delays,
geostationary orbit delays and consideration of the impact of delay added from radio resource management.
Trials and tribulations of migrating to IETF QUIC (Ian Swett)
Though Google QUIC and IETF QUIC have the same goals and a very similar featureset, they share 0 bits on the wire,
and there were many changes, both small and large. This talk will discuss some of the more challenging changes from
a deployment perspective.
Packet Loss Signaling for Encrypted Protocols (Alexandre Ferrieux (Orange), Isabelle Hamchaoui (Orange), Igor Lubashev (Akamai))
Encrypted protocols present network operators with numerous challenges described in draft-ietf-tsvwg-transport-encrypt.
Research on exposing connection round trip latency information that uses a single unencrypted “latency spin bit” in the
protocol header (draft-trammell-quic-spin) led to its incorporation in QUIC protocol. In this work, we examine
using two unencrypted bits to expose the amount of loss on a path and allow on-path devices to localize the source of the loss.
Unlike the “latency spin bit”, the proposed mechanism allows each endpoint to provide loss information for packets
it sends independently. The data collected by Orange and Akamai indicates that the proposed mechanism may be superior
to the traditional tcp sequence number analysis from a tap device. The proposed mechanism is more reliable in
identifying upstream loss and telling it apart from the loss in the tap path itself.
The RPKI Wayback Machine (Roland Van Rijswijk)
We recently analysed a unique dataset, collected by the good folks at RIPE NCC, that covers the entire history of RPKI
repositories. The dataset runs from when the first RIRs started with an experimental RPKI service in 2011 until the present day.
We analysed this dataset, with custom scripting we dubbed Ziggy (after the eponymous computer that took Sam back in time
in good ole' 1980s Quantum Leap). Ziggy takes care of recreating the relevant RPKI repository structure from the archived data,
reconstructs TALs, and then uses NLnet Labs' Routinator RPKI Relying Party software to validate the RPKI data.
In the talk, we show how this data can give insight into the development of RPKI as an ecosystem,
from humble beginnings to accelerating deployment in the present day. We touch on some of the challenges of analysing
historic data, and - if time permits - will provide insight into deeper details of how RPKI use has changed over time.
Understanding Evolution and Adoption of Top Level Domains and DNSSEC
(Yo-Der Song, Aniket Mahanti and Soorya Ravichandran (University of Auckland, New Zealand))
The Domain Name System (DNS) is a hierarchical
distributed database that serves as the directory of the Internet
by mapping fully qualified domain names to IP addresses. The
top level domain (TLD) is the highest level in the DNS hierarchy
and until 2012, there had only been 22 of these domains for
generic uses (gTLD). ICANN’s New gTLD Program has since
opened up the domain names to public registration, leading to
the creation of thousands of new gTLDs over the last six years.
The rapid increase in the number of gTLDs give registrants a
wider choice of domain names but it also offers malicious actors
more opportunities of attacks. By mirroring the DNS hierarchy,
DNSSEC authenticates DNS responses and prevents modified
or forged DNS records. We present a longitudinal analysis on
the adoption of the new gTLDs and deployment of DNSSEC
using data from a large campus network and a national-level
authoritative name server. Although the popularity of new gTLDs
is rapidly growing across a large number of domains, we find
the proportion of queries to new gTLDs overall to remain very
low. None of the top-10 queried TLDs were new gTLDs. We
find DNSSEC deployment at the national level to be improving
but still weaker than global averages. Efforts need to be made
to ensure correct DS records are uploaded to the registry to
complete the DNSSEC chain of trust.
Paper: To appear in proceedings of IEEE M&N 2019 (https://edas.info/p25303)