# MAPRG IETF 115   {#maprg-ietf-115}

\_notes: Brian Trammell (Thanks!)

## Overview & Status   {#overview--status}

Dave (remote) & Mirja (onsite) (5 min)  
IRTF Note-well: https://irtf.org/policies/irtf-note-well-2019-11.pdf

*no discussion*

## Heads-up talk: Kirin: Hitting the Internet with Millions of Distributed IPv6 Announcements   {#heads-up-talk-kirin-hitting-the-internet-with-millions-of-distributed-ipv6-announcements}

**Paweł Foremski (5 mins)**

*no discussion*

## Waiting for QUIC: On the Opportunities of Passive Measurements to Understand QUIC Deployments   {#waiting-for-quic-on-the-opportunities-of-passive-measurements-to-understand-quic-deployments}

**Jonas Mücke (15 mins)**

**Lorenzo Colitti:** Why is it intersting that these measurements are
passive? You could also do these actively.

**Jonas:** It's non-intrusive.

**Ben Schwartz:** Any understanding of why someone is spoofing telescope
source IPs?

**Jonas:** Spoofing is random.

**Ben:** Ah, source-spoofed DoS, not reflection. Would you recommend the
use of cipher approaches to CID connections.

**Jonas:** That's in the paper. You still need information in the CID.

**Marwan Fayed:** Instead of what is the structure, the intersting
question is how do you get lack of structure.

## DNS Privacy with Speed? Evaluating DNS over QUIC and its Impact on Web Performance   {#dns-privacy-with-speed-evaluating-dns-over-quic-and-its-impact-on-web-performance}

**Robin Marx (15 mins)**

**Lorenzo Colitti**: These are just random resolvers you found?

**Robin**: Yep.

**Lorenzo Colitti**: I'd expect no change for subsequent queries and 2x
penalty for the first query. Please do measure DoH3 vs DoQ;
implementations are listening to you.

**Tommy Pauly**: Concerning that we see badly-configured DoQ servers.
Session resumption without 0-RTT is bad too. Makes you trackable for no
performance benefit.

**Robin**: See the paper for more bugs. That's why we think they're
preproduction.

**Tommy**: +1, please compare DoH3 versus DoQ; DoH has better
properties.

**Shivan Sahib**: Definition of complexity of webpage?

**Robin**: Domain count.

**Chris Box**: "Encrypted DNS doesn't have to be a compromise" -- but
there is one, and it can get smaller, yes? If you're a network that's
being benchmarked, that compromise looks much better. H3 measurements?

**Robin**: Actively ongoing work.

## A First Look at Starlink Performance   {#a-first-look-at-starlink-performance}

**François Michel (15 mins)**

**Geoff Huston**: did a similar geo/starlink measuerement in March.
Satellites at 550km up, but 2704km at horizon. Raw RTT should change
between 7ms and 36ms, 1 arcsecond per second. Something is somehow
compensating for spacecraft and switching delay. Did you look at BBR.

**François**: Nope. Quiche didn't have it when we did this.

**Geoff**: BBR has vastly different performance characteristics. Got
much more bandwidth. These protocols make the tied RTT a more
interesting matric.

**Matt Joras**: Loss: accounted for spurious loss, QUIC stack reporting,
or pcaps?

**François**: Packets never ACKed. So not spurious. Also saw weird
first-few packets being lost nearly systematically. Weird traffic
patterns.

**Gorry Fairhurst, long-time lover of satellites**: Would have liked to
have more specificity on where and when these measurement were.
Constellation is changing. Starlink is fixing RTT but not losses. We
have satellite access and can collaborate. Will take this offline and
tell the list what we think.

## Illuminating Large-Scale IPv6 Scanning in the Internet   {#illuminating-large-scale-ipv6-scanning-in-the-internet}

**Philipp Richter (15 mins)**

**Bob Hindon**: You've seen that there's not very much scanning,
compared to v4, but it's very easy to generate a bunch of source
addresses.

**Eliot Lear**: How did the aggregated traffic for those top sources
compare to the rest of the traffic that *might* have been scan traffic?

**Philipp**: Lots of prefiltering before we do scan detection. Lots of
variance: *all* of the traffic from the cybersecurity traffic was
scanning.

**Eliot**: So, not many botnets.

**Philipp**: None. v6's address architecture may help here. Don't know
how to move forward if we ever get them though.

## IoT Security by the Numbers   {#iot-security-by-the-numbers}

**Leslie Daigle (10 mins)**

*no discussion*

## Quo vadis IETF: is the IETF ossified?   {#quo-vadis-ietf-is-the-ietf-ossified}

**Ignacio Castro (10 mins)**

*no discussion*

## Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure   {#where-ru-assessing-the-impact-of-conflict-on-russian-domain-infrastructure}

**Gautam Akiwate (15 mins)**

**Brian Trammell**: Do we have any comparisons for the pre-conflict
"fully Russian" number; i.e., some way to differentiate "the government
wants internet sovereignty" from "people who speak the same language and
use the same currency tend to do business with each other"?

**Gautam**: We have not really looked into this. If it is possible
that'll be very interesting, even as a one-off. Happy to chat after.