=============================== MAPRG Session IETF 106 - Singapore Monday, November 18, 2019 18:10-19:10 (UTC+08:00) Meeting Minutes =============================== RG chairs: Mirja Kühlewind, Dave Plonka (remote) Meeting minutes: Tal Mizrahi Video: https://youtu.be/FnScP8r9JLg Chair slides: ------------- Presenter: Mirja Kühlewind Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-chairs-slides-02 Summary: - Note well was presented. - Call for alternate/additional MAPRG chair - interested participants to contact the co-chairs. - The agenda for the current session was presented. QUIC deployment Update ---------------------- Presenter: Mirja Kühlewind Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-quic-deployment-update-00 Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=5m26s Summary / discussion: - The QUIC deployment statistics in the slides are based on numbers gathered from some of the IETF meeting participants from Google, Facebook, Akamai and DT. - Igor Lubashev (Akamai): I am happy to answer questions. Losses in SATCOM systems : identification and impact ---------------------------------------------------- Presenter: Nicolas Kuhn Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-losses-in-satcom-systems-identification-and-impact-00 Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=10m50s Summary: - Analysis of packet losses in satellite communication. - Specifically in the context of QUIC: identifying where packet losses occur. - No questions or comments. TLS Beyond the Browser ---------------------- Presenter: Blake Anderson Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-tls-beyond-the-browser-00 Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=18m05s Summary: - TLS fingerprinting as a means of analyzing the application. - Specifically, can be used for detecting malware. Discussion: George Michaelson: The slide describing TLS 1.3 adoption describes the percentage of each TLS version? Blake: right. Tiru Reddy: how is your prediction when malwares are lying about the SNI? Blake: the actual TLS fingerprint string strips the connection-specific information. If the fingerprint is a good indicator for malware, then you can use that. Tiru: by using TLS 1.3, where the SNI is encrypted, all you see is the client Hello - would that be sufficient to identify the applications? Blake: potentially. TLS 1.3 has many paramters, and different applications use them differently. Tiru: but all the other parameters except the client Hello are encrypted, right? Blake: all this work relies strictly on the client Hello. Emmanuel Lochin: your work builds a fingerprint database. Is this tool available publicly? Blake: not at this point. Emmanuel: and the data set? Blake: yes, the data set is publicly available. A Look at the ECS Behavior of DNS Resolvers ------------------------------------------- Presenter: Kyle Schomp Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-a-look-at-the-ecs-behavior-of-dns-resolvers-kyle-schomp-01 Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=37m58s Summary: - This work analyzes the ECS behavior and impact in EDNS. - No comments or questions. Characterizing JSON Traffic Patterns on a CDN --------------------------------------------- Presenter: Santiago Vargas Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-maprg-characterizing-json-traffic-patterns-on-a-cdn-santiago-vargas-00 Video: https://www.youtube.com/watch?v=FnScP8r9JLg#t=52m55s Summary: - This work analyzes the wide usage of JSON from a CDN provider's perspective. - No comments or questions. Adjourned at 19:10.