# IRTF Open Meeting Wednesday, 9 November 2022, at 09:30 - 11:30 Europe/London Room: Kensington 2 Chair: Colin Perkins Minutes: Mat Ford The main focus of the Internet Research Task Force (IRTF) Open Meeting will be the Applied Networking Research Prize (ANRP) award talks given by Gautam Akiwate, Corinne Cath,and Daniel Wagner. The ANRP is awarded to recognise the best recent results in applied networking, interesting new research ideas of potential relevance to the Internet standards community, and upcoming people that are likely to have an impact on Internet standards and technologies, with a particular focus on cases where these people or ideas would not otherwise get much exposure or be able to participate in the discussion. ## Introduction and Status Update Speaker: Colin Perkins, IRTF Chair [Slides](https://datatracker.ietf.org/meeting/115/materials/slides-115-irtfopen-irtf-open-meeting-agenda-for-ietf-115) ## Risky BIZness: Risks Derived from Registrar Name Management Speaker: Gautam Akiwate [Paper](https://dl.acm.org/doi/10.1145/3487552.3487816) [Slides](https://datatracker.ietf.org/meeting/115/materials/slides-115-irtfopen-risky-bizness-risks-derived-from-registrar-name-management-00.pdf) **Q&A** Duane Wessels: Push back on altTLD idea, designed for non-DNS use cases, this is very much a DNS use case which would generate lots of traffic we wouldn't want to see. GA: My understanding of .alt - recursive resolvers would drop, this would be like a graveyard where you would send domains that you don't want to be resolved. In a way you don't want these domains to be resolved. DW: I think that's the ideal, but the draft currently doesn't say that resolvers have to drop. At this point it's not a good fit. GA: Excited that people are interested in making these upgrades - happy to talk more about what solutions would be more appropriate. Great to come to IETF and understand the practical considerations. Happy to chat further. Richard Wilhelm (PIR): Great talk, thank you. I agree with Duane on .alt. Idea in the paper about .invalid is better. In your slide about multiple providers - at a single registry service provider often platforms aren't often connected. So, 'yes, and' to your point about platforms not having communication. It may be a solution to just drop the name server. EPP originally had a requirement for 2 name servers for DNS reliability - written before days of widespread anycast adoption so maybe outdated - but corner cases could result in domain going dark. Idea of communicating all domain deletions is very challenging - notion of 'deletion' is very fuzzy at registry platforms. The integrity of registrant's registrar account is so key to the underlying infrastructure so if you control registrations you need multi-factor authentication - if you don't have MFA you're asking for trouble. You really need to work on locking down those domains. GA: Thanks for the feedback. MFA needs to be adopted to mitigate registrant account compromise. Also the issue of registrars themselves being compromised - in a lot of cases we see EPP tokens being exfiltrated by attackers, nation-state actors. Eliot Lear: We're seeing the ageing of the Internet - that raises a question about the externalities that are being introduced within the system at a fundamental level between ICANN and the registries - is it just an externality that we're addressing in terms of when a name goes away. If there's no reputational damage to domain, but harm may accrue to others if someone reuses that domain. Two sides to this - you mentioned use of a domain name server - probably some best practises to be adopted here - like the idea of dropping the name. I'd rather the damage occurred more quickly and transparently than it being hidden. Further research for ICANNites to think about. GA: Rick also made the point about dropping the name server, prohibited by original EPP spec - in this case one could argue that the second name server is serving no purpose, it is a lame delegation - would be better to make clear that the delegation is dead. Ralf Weber: .alt is not the solution you're looking for. Resolvers would never get asked for name server's name, they internally resolve it so it's a different code path. I think GoDaddy did the right thing - they used as112.arpa which is the sinkhole we use for all things DNS. GA: When we spoke to people about AS112.arpa the hijackability of as112.arpa domains was not immediately obvious to us. There is a sinkhole server that is localised they expose domains. Ralf Weber: Tf you have as112 on your network, DNS is still unencrypted most of the time so you can do that anyway. ## The Technology We Choose to Create: Human Rights Advocacy in the Internet Engineering Task Force Speaker: Corinne Cath [Paper](https://doi.org/10.1016/j.telpol.2021.102144) [Slides](https://datatracker.ietf.org/meeting/115/materials/slides-115-irtfopen-the-technology-we-choose-to-create-human-rights-advocacy-in-the-internet-engineering-task-force) > An updated version of this work is available in open access form as [Chapter 7 of Corinne’s PhD thesis](https://tinyurl.com/2km5vvku) **Q&A** Rick Hall: Does being a part of the IETF community impact your independence as an anthropologist? CC: Great and beautiful question. Anthropologists don't claim to be independent. Anthropology as a field is inherently aware that research is political. My worldview and who I am will influence my focus in the research. I don't pretend to be independent or politically neutral. Instead what anthropologists do is that we're explicit about our positionality. In my research you'll find a positionality statement. I identify as a woman so I'm a minority in the IETF in some ways. I'm also white, I'm from Europe. All of these things influence how I look at the world and that's something that I'm really explicit about in my research. Eliot Lear: Thanks for your paper and your work. I think you chose a group at a moment in time that this community struggled with, greatly frankly, for many reasons. Responsibilities that we in this room have no just to the individual you mentioned but also to the day-to-day person that gets ripped off through fraud. Are you able to reflect that in your paper? CC: Paper is one part out of 8 or 9 chapters of my PhD. I focussed very specifically on a certain subset - human-rights activists in particular - in this community people representing that kind of end-user are in the minority. Broader concerns are real but I also feel they are well represented, and I only have limited capacity. Michaela: Coming from a human rights background - I'm very interested in what you're talking about in terms of differences in language - ways in which you can push for something as a human-rights activist and that will not be interpreted always very well - do you have recommendations for bridging the gap for human rights activists to be able to work in a collaborative and cooperative way with the IETF. CC: Have more of a policy paper coming out next year that focuses on some of the cultural hurdles that the IETF poses in terms of its sometimes rough working practises and for whom those are easier to navigate. Another thing that I've seen as very effective, everyone who represents different interests at the IETF collaborates in ways to support each other - there are groups that do the same thing for HR activists. Let's talk - I'm happy to make some introductions. Abdussalam Baryun: Have a question regarding April 1st RFCs. I understand this is a tradition at the IETF - my understanding is that at least the document should indicate it's purpose beyond just the date indicating something important about the content of the document. CC: Hard to hear remote questions from the stage? ?: Question was about April 1st RFCs and why they are not marked as distinct from normal RFCs CC: Think that's a question for Lars and not for me! CP: Maybe a question for Eliot. Lars Eggert: Thanks, great talk. In the tradition of the IETF I didn't read your paper before getting up to comment on it... Maybe it's in your paper, multi-stakeholderism - many of us believe diversity of opinions makes consensus stronger. I was in Colin's chair when HRPC was started - my motivation was to challenge that belief a little bit, it can't just be lip-service. I was excited when those participants showed up. Would you say that we really believe in multi-stakeholderism or do we just pay lip-service to it? CC: Interested that you choose the term multi-stakeholderism. Other Internet governance orgs e.g. ICANN are much more explicit in making MSism a key governance tradition. IETF talks about community-driven, bottom-up, consensus - MSism is not used in the same way. Lars: It's my believe that IETF was original multi-stakeholder organisation before we had that word. I think that's why it's not so widely used - other organisations have jumped on the bandwagon and are trying to portray themselves as very open. I think there's an argument to be had about whether they really are quite as open as they claim to be because it's politically expedient to be that. IETF has always had openness that's now maybe called MSism - I'm hoping it's really a foundation of the work. CC: There is a conflation in IETF between being culturally welcoming and procedural openness. I've had a lot of people tell me - any person with an email can sign-up to a mailing list. That is procedural openness. But we have woman, non-binary, people of colour say that's not openness when I experience sexism, micro-aggressions, people make fun of my accent. So openness is a really thorny issue and one of the things that I think the IETF still has a lot of ground to gain. Yes we are open, but on an average meeting 10% of participants identify as women and the rest are men. How open are you if in practice there are all sorts of difficulties in getting and maintaining a diverse set of participants. So there is some openness along certain axes but not others and there's real work to be done there. Eliot Lear: If you have questions about April 1st RFCs please contact me (Independent Submissions Editor) directly and I'll be happy to help. Simone Ferlin: You've been navigating IETF and trying to discover your findings, is there any activity to keep this work alive inside the IETF? CC: Three quick answers - Human Rights Protocol Considerations group is ongoing work, there is a side meeting tomorrow of a group of folks that want to do research on standardisation, we run a public-interest technology group that work on standards at IETF and elsewhere from a public interest perspective, and as Rich mentioned I am running for the IAB - so please send feedback to the NomCom. ?: You mentioned ICANN and ITU. Can you tell more about similar initiatives to yours in other standardisation bodies. CC: ICANN has a long history of people from non-profit and public interest perspective participating, NCUC stakeholder constituency. ITU is trickier - you have to be on a national delegation to participate. Some national delegations, e.g. UK and NL, allow participation from civil society actors and active participation in negotiations. But civil society is very underfunded compared to other participants. ?: I loved how you said when the IETF chooses to be political and when not. Another cultural practice is that people sometimes represent themselves as individuals and hide their affiliation. Did you find that people had a different position when speaking to you in private when they didn't have to represent their company or have an affiliation that everyone knows about. CC: Yes, this is why having anthropologists in spaces like this is so important. If you only look at working group mailing lists or even recordings you don't get the entire picture. David Lawrence: I completely support your candidacy in the IAB. I have believed in multi-stakeholderism in the IETF for decades now. Technology shares this duality both by being neutral and greasing the skids for particular political agendas. How do we get additional input from other stakeholder groups? Do we need an outreach organisation, are they already aware and trying to make inroads? CC: IETF does that already pretty well. There are people here, e.g. Mallory Knodel who is on the IAB and works for CDT who makes information and resources available. Scaling is a challenge. What we do here takes a lot of technical capacity that isn't necessarily present in the same way in civil society. There are many different challenges when it comes to technology - for many people most visible parts of the Internet are the most obvious ones - so a lot of civil society organisations will focus on AI, social media - that being said there are developments here that will impact our ability to use the Internet in ways that are important to HR activists that we have a role to play in and by we I mean both me as an academic bringing that work out but also the human rights activists who are present here. ## United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale Speaker: Daniel Wagner [Paper](https://dl.acm.org/doi/10.1145/3460120.3485385) [Slides](https://datatracker.ietf.org/meeting/115/materials/slides-115-irtfopen-united-we-stand-collaborative-detection-and-mitigation-of-amplification-ddos-attacks-at-scale) **Q&A** Robert Story: Have you talked to IXPs about interest in deploying this? DW: All IXPs we used were all DECIX so we talked to ourselves basically. Corinne Cath: What's the follow-up research? DW: Looking at telescope usability combining and uniting IXPs. 13 IXPs - combined dataset of IXP flow data in order to get early detection of scanning activity - we might know some telescope IP address ranges - measure to what extent it also makes sense to exchange telescope information - this is sensitive data, needs careful governance arrangements. Overall endeavour is to mitigate or be prepared for DDoS attacks before thay arise derived from scanning activity we can see at the IXP. ?: Seems you're looking at volumetric attacks. Any thoughts on application layer attacks? DW: We are looking at amplification DDoS attacks because the type of data we can get at IXP reveals these, other attack vectors are either invisible or given sampling methods don't allow us to see them. Volumetric amplification attacks are low-hanging fruit. For us L4 information is hard to get, L7 no chance. ?: In the context of increasing use of encryption, QUIC adoption, where do you see DDoS attack detection going? DW: I'm not sure. Regarding extending visibilty - not something I can influence, also can't do this with our members due to legal restrictions - we will make the best of what we have. Regarding other layers I don't think we will ever look into that due to privacy concerns. ## Close Recordings of the talks will be made available [here](https://irtf.org/anrp/).