# Welcome and introduction (5 minutes) Scribe, Note takers Agenda Review Research Group status hrpc.io https://datatracker.ietf.org/meeting/106/materials/slides-106-hrpc-hrpc-welcome # Talk: Jed Crandall, Arizona State University (30 minutes) Borders and Gateways: Measuring and Analyzing National AS Chokepoints: https://forrest.biodesign.asu.edu/data/publications/2019-compass-chokepoints.pdf Avri: Iran shutdown, only 5% of traffic getting out. How does that relate to your research? Jed: Looked at OONI, etc. Nalini: country that I'm familiar with, the govt called ISPs and asked them to shutdown specific regions. So within the country, not externally. Jed: we looked at national choke points. But interesting to look at countries within e.g. India, Brazil, Germany. Two separate questions - not the one we looked at though John Brewer: IX service proliferation. ASN inside of a restrictive country peering with adjacent country. Jed: Hard to get data, data over time of the actual physical infra cutoffs Stephen F: in an increasingly encrypted world, for e.g. with ESNI, how would your stats evolve? Jed: it's hard. as long as a govt can tell that you're using a VPN they can shut you off. Sometimes VPNs only work because the VPN shares data. Joe Hall: so many other things that powerful censors do, have you considered increase scope beyond chokepoints? Jed: saw another paper: who controls all the paths for DNS? complementary work, check out everything by Roya Ensafi (former student) # Talk: John Mattsson, Ericsson (30 minutes) 5G Security, false base stations and IMSI catchers, and the great SIM heist and the need for PFS Bernie: SUPI shared with roaming network. Is that a good idea? If hacked? John: nothing is perfect! The change from 4G to 5G is that the phone needs to be physically there Mohit: Using TLS 1.3 instead of DIAMETER is a big upgrade. Cert distribution? John: cert dist is out of scope. On going study of how to make it more deterministic. Eliot Lear: How will this interact with what govts need to do to get around false base station John: different actors here. (name?): legal interception in different countries? John: should be authorized, should be logged. won't change much. Gurshabad Grover: encryption of perm identifier, is that left to the operator? John: GSMA has said that it is highly recommended to turn it on, not turned on in the very first deployments GG: is this detectable by the client? John: no, not to end-user. GG: encryption of perm id between transit networks? John: transit network cannot see handshake, but not sure about afterwards Nalini: if I'm a restrictive govt, if I don't have visibility through this, then I'll go through other means. Hack into base stations? John: v hard to get into base stations. Probably possible tho. Mohit: if I'm roaming in Singapore, will there be hops in between? John: probably will be yes # Updates: Research group drafts (15 minutes each) draft-irtf-hrpc-association, Joe Hall and Stéphane Couture Jeffrey Yasskin: would appreciate discussion about parental and enterprise filtering with association Melinda: guidance is good to get in the document. Disagree with Eliot, IETF protocols are used to sometimes disconnect people Eliot: difference between platforms and protocols would be a good discussion to have Stephane: meeting for mid-december could be with ex-author draft-irtf-hrpc-political, Niels ten Oever Eliot: Niels: For me, the author/editor of the document, it would be great to have guidance from the shepherd what we have agreement on, either approaches and/or arguments, and what needs improvement. Because sometimes it feels like we're going back and forth. Could we perhaps make a shepherd issue list (maybe taken from this presentation?) and seek to address the issues one by one? Else I am afraid we will continue having great discussions, but maybe not end up with a great final document... Colin: doesn't have to be consensus, just have to be clear whose view it is draft-irtf-hrpc-guidelines, Gurshabad Grover Mallory: tease out conflicts in the draft Gurshabad: the doc is stated in terms of questions, which makes it hard to talk about conflict Mallory: because it is guidelines, you can help people make difficult decisions. Different section on sticky issues? Gurshabad: thinking about different draft Avri: why do we do like the IETF does? Let us know if you want to publish an article.