IRTF MAPRG agenda for IETF-109 - online

• Date: Monday, November 16, 14:30-15:30 Bangkok time
• Recording: https://www.youtube.com/watch?v=ALQlllILX-g
• Note taker: Brian Trammell

Overview & Status - Mirja (5 min)

• Packed agenda today; so... keep things short. We have two longer talks, then three shorter talks. These were published in IMC and slides/video of longer IMC version are available.

Network Fingerprinting: Routers under Attack - Emeline Marechal (20 mins)

• Slides

• discussion

  • Brian Trammell: could this be used as a tool by a network to quantify its own impact of multi-vendor deployment?
  • Emeline: Yes, we made some recommendations, in the paper, but there are overhead/complexity costs on the management side in multivendor networks.

ODoH Measurements - Sudheesh Singanamalla (20 min)

• Slides

• discussion

  • Mike English: supporting ECS? The other side, Auth may need this, to do Geo based LB for content delivery performance enhancement. So, balance of outcome if this is obscured. Sudheesh, the proxy is the "client" seen so the ECS optimisations will continue to be applied. Client chooses proxy with different ECS outcome, but we didn't measure this.
  • Brian: Didn't look at the ability/impact of actively choosing a proxy. Either to max confusion, or minimise latency. What seen in graphs, looks like related to each other. You can do one, or the other. The min latency path points kind-of (where you are?) want to see follow up work, actual latency cost, bits of confusion about you. Takes DoH problem, encrypted to giant DNS aggregator, but you can still guess geography because everyone implements for low-latency. 20% impact is massive. Please dig further. (You need a mass behind a proxy to also be anonymous against other load; if it's only 3 clients they know who you are)
  • Sudheesh: As Jonathan pointed out in the chat, it's not either/or. There are ways to scale. Needs close collaboration, and operators to put proxies on the path. Lot of people using dnscrypt. ODoH performs better.

Clouding up the Internet: how centralized is DNS traffic becoming? (IMC2020) - Sebastian Castro (5 min)

• [Slides] (https://datatracker.ietf.org/meeting/109/materials/slides-109-maprg-clouding-up-the-internet-how-centralized-is-dns-traffic-becoming-sebastian-castro-00)
• Paper: [https://dl.acm.org/doi/pdf/10.1145/3419394.3423625]
• Video: [https://dl.acm.org/action/downloadSupplement?doi=10.1145%2F3419394.3423625&file=imc2020-paper80-long_01.mp4]
• Discussion
  • GGM: Possible qname minimisation benefit in volume.
  • Sebastian: Aso DNSSEC, e.g .NL has high quantity of validation happening. CF doing DNSSEC, adoption of new protocol features is very rapid in centrally/concentrated DNS services.
  • Sebastina: Backup slide observation of high TCP rate from FaceBook, small UDP buffersize causing truncation overflow to TCP.

The Lockdown Effect (IMC paper) - Oliver Gasser (5 min)

• Slides
• Paper: [https://dl.acm.org/doi/pdf/10.1145/3419394.3423658]
• Video: [https://dl.acm.org/action/downloadSupplement?doi=10.1145%2F3419394.3423658&file=imc2020-410-long.mp4]
• Discussion
  • Jonathan Hoyland: Did you look at weekend traffic changes, too? Are they more flat?
  • Oliver: Weekend Traffic looks the same. Changes mainly in workday traffic.
  • Spencer Dawkins: Editing MOPS doc on media streaming; this will be a great resource for us, thanks!

Internet-wide OPC UA security configuration analysis (IMC paper) - Markus Dahlmanns (5 min)

• Slides
• Paper: [https://dl.acm.org/doi/pdf/10.1145/3419394.3423666]
• Video: [https://dl.acm.org/action/downloadSupplement?doi=10.1145%2F3419394.3423666&file=imc2020-612-long.mp4]
• Discussion
  • Mirja: Takeaway is that more than 90% of deployed systems in OPC UA have some security flaw. Simply defining a secure protocol is not enough, must also specify secure-by-default.