IRTF Open Meeting

Wednesday, 9 November 2022, at 09:30 - 11:30 Europe/London
Room: Kensington 2

Chair: Colin Perkins
Minutes: Mat Ford

The main focus of the Internet Research Task Force (IRTF) Open Meeting will
be the Applied Networking Research Prize (ANRP) award talks given by Gautam
Akiwate, Corinne Cath,and Daniel Wagner. The ANRP is awarded to recognise
the best recent results in applied networking, interesting new research
ideas of potential relevance to the Internet standards community, and
upcoming people that are likely to have an impact on Internet standards and
technologies, with a particular focus on cases where these people or ideas
would not otherwise get much exposure or be able to participate in the
discussion.

Introduction and Status Update

Speaker: Colin Perkins, IRTF Chair

Slides

Risky BIZness: Risks Derived from Registrar Name Management

Speaker: Gautam Akiwate

Paper
Slides

Q&A

Duane Wessels: Push back on altTLD idea, designed for non-DNS use cases,
this is very much a DNS use case which would generate lots of traffic we
wouldn't want to see.

GA: My understanding of .alt - recursive resolvers would drop, this would
be like a graveyard where you would send domains that you don't want to
be resolved. In a way you don't want these domains to be resolved.

DW: I think that's the ideal, but the draft currently doesn't say that
resolvers have to drop. At this point it's not a good fit.

GA: Excited that people are interested in making these upgrades - happy
to talk more about what solutions would be more appropriate. Great to
come to IETF and understand the practical considerations. Happy to chat
further.

Richard Wilhelm (PIR): Great talk, thank you. I agree with Duane on .alt.
Idea in the paper about .invalid is better. In your slide about multiple
providers - at a single registry service provider often platforms aren't
often connected. So, 'yes, and' to your point about platforms not having
communication. It may be a solution to just drop the name server. EPP
originally had a requirement for 2 name servers for DNS reliability -
written before days of widespread anycast adoption so maybe outdated -
but corner cases could result in domain going dark. Idea of communicating
all domain deletions is very challenging - notion of 'deletion' is very
fuzzy at registry platforms. The integrity of registrant's registrar
account is so key to the underlying infrastructure so if you control
registrations you need multi-factor authentication - if you don't have
MFA you're asking for trouble. You really need to work on locking down
those domains.

GA: Thanks for the feedback. MFA needs to be adopted to mitigate
registrant account compromise. Also the issue of registrars themselves
being compromised - in a lot of cases we see EPP tokens being exfiltrated
by attackers, nation-state actors.

Eliot Lear: We're seeing the ageing of the Internet - that raises a
question about the externalities that are being introduced within the
system at a fundamental level between ICANN and the registries - is it
just an externality that we're addressing in terms of when a name goes
away. If there's no reputational damage to domain, but harm may accrue to
others if someone reuses that domain. Two sides to this - you mentioned
use of a domain name server - probably some best practises to be adopted
here - like the idea of dropping the name. I'd rather the damage occurred
more quickly and transparently than it being hidden. Further research for
ICANNites to think about.

GA: Rick also made the point about dropping the name server, prohibited by
original EPP spec - in this case one could argue that the second
name server is serving no purpose, it is a lame delegation - would be
better to make clear that the delegation is dead.

Ralf Weber: .alt is not the solution you're looking for. Resolvers would
never get asked for name server's name, they internally resolve it so it's
a different code path. I think GoDaddy did the right thing - they used
as112.arpa which is the sinkhole we use for all things DNS.

GA: When we spoke to people about AS112.arpa the hijackability of
as112.arpa domains was not immediately obvious to us. There is a sinkhole
server that is localised they expose domains.

Ralf Weber: Tf you have as112 on your network, DNS is still unencrypted
most of the time so you can do that anyway.

The Technology We Choose to Create: Human Rights Advocacy in the Internet Engineering Task Force

Speaker: Corinne Cath

Paper

Slides

An updated version of this work is available in open access form as Chapter 7 of Corinne’s PhD thesis

Q&A

Rick Hall: Does being a part of the IETF community impact your
independence as an anthropologist?

CC: Great and beautiful question. Anthropologists don't claim to be
independent. Anthropology as a field is inherently aware that research is
political. My worldview and who I am will influence my focus in the
research. I don't pretend to be independent or politically neutral.
Instead what anthropologists do is that we're explicit about our
positionality. In my research you'll find a positionality statement. I
identify as a woman so I'm a minority in the IETF in some ways. I'm also
white, I'm from Europe. All of these things influence how I look at the
world and that's something that I'm really explicit about in my research.

Eliot Lear: Thanks for your paper and your work. I think you chose a
group at a moment in time that this community struggled with, greatly
frankly, for many reasons. Responsibilities that we in this room have no
just to the individual you mentioned but also to the day-to-day person
that gets ripped off through fraud. Are you able to reflect that in your
paper?

CC: Paper is one part out of 8 or 9 chapters of my PhD. I focussed very
specifically on a certain subset - human-rights activists in particular -
in this community people representing that kind of end-user are in the
minority. Broader concerns are real but I also feel they are well
represented, and I only have limited capacity.

Michaela: Coming from a human rights background - I'm very interested in
what you're talking about in terms of differences in language - ways in
which you can push for something as a human-rights activist and that will
not be interpreted always very well - do you have recommendations for
bridging the gap for human rights activists to be able to work in a
collaborative and cooperative way with the IETF.

CC: Have more of a policy paper coming out next year that focuses on some
of the cultural hurdles that the IETF poses in terms of its sometimes
rough working practises and for whom those are easier to navigate.
Another thing that I've seen as very effective, everyone who represents
different interests at the IETF collaborates in ways to support each
other - there are groups that do the same thing for HR activists. Let's
talk - I'm happy to make some introductions.

Abdussalam Baryun: Have a question regarding April 1st RFCs. I understand
this is a tradition at the IETF - my understanding is that at least the
document should indicate it's purpose beyond just the date indicating
something important about the content of the document.

CC: Hard to hear remote questions from the stage?

?: Question was about April 1st RFCs and why they are not marked as
distinct from normal RFCs

CC: Think that's a question for Lars and not for me!

CP: Maybe a question for Eliot.

Lars Eggert: Thanks, great talk. In the tradition of the IETF I didn't
read your paper before getting up to comment on it... Maybe it's in your
paper, multi-stakeholderism - many of us believe diversity of opinions
makes consensus stronger. I was in Colin's chair when HRPC was started -
my motivation was to challenge that belief a little bit, it can't just be
lip-service. I was excited when those participants showed up. Would you
say that we really believe in multi-stakeholderism or do we just pay
lip-service to it?

CC: Interested that you choose the term multi-stakeholderism. Other
Internet governance orgs e.g. ICANN are much more explicit in making
MSism a key governance tradition. IETF talks about community-driven,
bottom-up, consensus - MSism is not used in the same way.

Lars: It's my believe that IETF was original multi-stakeholder
organisation before we had that word. I think that's why it's not so
widely used - other organisations have jumped on the bandwagon and are
trying to portray themselves as very open. I think there's an argument to
be had about whether they really are quite as open as they claim to be
because it's politically expedient to be that. IETF has always had
openness that's now maybe called MSism - I'm hoping it's really a
foundation of the work.

CC: There is a conflation in IETF between being culturally welcoming and
procedural openness. I've had a lot of people tell me - any person with
an email can sign-up to a mailing list. That is procedural openness. But
we have woman, non-binary, people of colour say that's not openness when
I experience sexism, micro-aggressions, people make fun of my accent. So
openness is a really thorny issue and one of the things that I think the
IETF still has a lot of ground to gain. Yes we are open, but on an
average meeting 10% of participants identify as women and the rest are
men. How open are you if in practice there are all sorts of difficulties
in getting and maintaining a diverse set of participants. So there is
some openness along certain axes but not others and there's real work to
be done there.

Eliot Lear: If you have questions about April 1st RFCs please contact me
(Independent Submissions Editor) directly and I'll be happy to help.

Simone Ferlin: You've been navigating IETF and trying to discover your
findings, is there any activity to keep this work alive inside the IETF?

CC: Three quick answers - Human Rights Protocol Considerations group is
ongoing work, there is a side meeting tomorrow of a group of folks that
want to do research on standardisation, we run a public-interest
technology group that work on standards at IETF and elsewhere from a
public interest perspective, and as Rich mentioned I am running for the
IAB - so please send feedback to the NomCom.

?: You mentioned ICANN and ITU. Can you tell more about similar
initiatives to yours in other standardisation bodies.

CC: ICANN has a long history of people from non-profit and public
interest perspective participating, NCUC stakeholder constituency. ITU is
trickier - you have to be on a national delegation to participate. Some
national delegations, e.g. UK and NL, allow participation from civil
society actors and active participation in negotiations. But civil
society is very underfunded compared to other participants.

?: I loved how you said when the IETF chooses to be political and when
not. Another cultural practice is that people sometimes represent
themselves as individuals and hide their affiliation. Did you find that
people had a different position when speaking to you in private when they
didn't have to represent their company or have an affiliation that
everyone knows about.

CC: Yes, this is why having anthropologists in spaces like this is so
important. If you only look at working group mailing lists or even
recordings you don't get the entire picture.

David Lawrence: I completely support your candidacy in the IAB. I have
believed in multi-stakeholderism in the IETF for decades now. Technology
shares this duality both by being neutral and greasing the skids for
particular political agendas. How do we get additional input from other
stakeholder groups? Do we need an outreach organisation, are they already
aware and trying to make inroads?

CC: IETF does that already pretty well. There are people here, e.g.
Mallory Knodel who is on the IAB and works for CDT who makes information
and resources available. Scaling is a challenge. What we do here takes a
lot of technical capacity that isn't necessarily present in the same way
in civil society. There are many different challenges when it comes to
technology - for many people most visible parts of the Internet are the
most obvious ones - so a lot of civil society organisations will focus on
AI, social media - that being said there are developments here that will
impact our ability to use the Internet in ways that are important to HR
activists that we have a role to play in and by we I mean both me as an
academic bringing that work out but also the human rights activists who
are present here.

United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale

Speaker: Daniel Wagner

Paper

Slides

Q&A

Robert Story: Have you talked to IXPs about interest in deploying this?

DW: All IXPs we used were all DECIX so we talked to ourselves basically.

Corinne Cath: What's the follow-up research?

DW: Looking at telescope usability combining and uniting IXPs. 13 IXPs -
combined dataset of IXP flow data in order to get early detection of
scanning activity - we might know some telescope IP address ranges -
measure to what extent it also makes sense to exchange telescope
information - this is sensitive data, needs careful governance
arrangements. Overall endeavour is to mitigate or be prepared for DDoS
attacks before thay arise derived from scanning activity we can see at the
IXP.

?: Seems you're looking at volumetric attacks. Any thoughts on
application layer attacks?

DW: We are looking at amplification DDoS attacks because the type of data
we can get at IXP reveals these, other attack vectors are either
invisible or given sampling methods don't allow us to see them.
Volumetric amplification attacks are low-hanging fruit. For us L4
information is hard to get, L7 no chance.

?: In the context of increasing use of encryption, QUIC adoption, where
do you see DDoS attack detection going?

DW: I'm not sure. Regarding extending visibilty - not something I can
influence, also can't do this with our members due to legal restrictions
- we will make the best of what we have. Regarding other layers I don't
think we will ever look into that due to privacy concerns.

Close

Recordings of the talks will be made available here.