* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Intarea Status Pages

Internet Area Working Group (Active WG)
Int Area: Suresh Krishnan, Terry Manderson | 2010-Mar-23 —  

IETF-101 intarea minutes

Session 2018-03-19 1550-1720: Sandringham - Audio stream - intarea chatroom


minutes-101-intarea-00 minutes

          IntArea WG Minutes
          IETF 101 - London
          15:50-17:20 Monday January 19, Afternoon Session II, Sandringham
          Juan Carlos Zuniga (JCZ) (SIGFOX)
          Wassim Haddad (WH) (Ericsson)
          Minutes - Ian Farrer (IF)
          1. Agenda Bashing, WG & Document Status Updates (Chairs)
             10 minutes
          Suresh Krishnan (SK) Discussion oin IESG for logging with ports (CGN
          logging). The recommendations on whether it is practical, inventory of
          what's in servers.
          It'll be presented at the end. I'd apprecitate it if you would pay
          attention and see if we should update the BCP.
          2. Discovering Provisioning Domain Names and Data, Eric Vyncke (EV)
             15 minutes
          Volunteers to review the current version of the draft:
          Tim Chown, Ted Lemon, Mikael Abrahamsson, Ian Farrer
          No questions.
          JCZ - We have asked the Security Area directorate to provide a
          review. Hopefully, we'll get something back from them.
          3. IP Tunnels in the Interent Architecture, M. Townsley (MT)
             10 minutes
          Not presented.
          4. Generic UDP Encapsulation and Extensions, Tom Herbert (TH)
             10 minutes
          Gorry Fairhurst (GF) - I'm curious about why you need 3 CRC formats?
          TH - It's s 2-bit field so there's 3 combinations. THe argument is that
          CRC-32 is expensive, so CRC-16. I couldn't find consensus on what is
          preferred in the IETF communiti
          GF - This is creating options for the sake of it. We used
          CRC-32c in the SCTP community. Theres a doc that discusses the
          difference. Computationally it's not that much more expensive.
          TH - They all have a length field, so it's optional. I don't have a
          strong opinion.
          David Black (DB) - if you want ot use more more than one format, let me
          give you another option. I-SCSI CRC-32c are implmented in hsrdware and
          so are cheap. I suggest two stages:
              1, get rid of CRC16
              2, require CRC-32c
          If you stop at step 1, I won't complain
          GF - Why not ask in TSVWG? The transport area can give you some feedback.
          5. Identifier-locator Addressing for IPv6, Tom Herbert (TH)
             10 minutes
          JCZ - People with comments and/or interest are encouraged to attend the
          BoF meeting later this week.
          6. Privacy and Network Address Assignment, Tom Herbert (TH)
             5 minutes
          Tim Chown (TC) - 1, I think this is useful. Compared to privacy of hosts
          as it stands, you might want public and private prefixes.
          TH - We would do a block allocation for priviacy.
          TC - If something was allocated from an ISP, then a rotating prefix and
          a stable prefix would be good. Rather than renumbering.
          TH - I'mn not sure it's rotasting. They could be requested on demand.
          TC - This shares lot of problems that we have with CGNs. Users use VPNs
          for privacy. We're looking for more subltle privacy. I'd like stability
          for services.
          TH - I'd imagine there was a lot of legacy
          TC - I think there's some more pragmatic things that need to be
          Lorenzo Colitti -(LC) - I think stating these goals is misleading. You
          said it's out of scope of what an ISP can do for provicay, but declaring
          it out of scope doesn't make it so.
          The fact of the matter is the ISP has to maintain a log of everything
          you did. If they just give you a prefix that rotates, they don't have
          to keep all of that information. I don't
          think that's a full solution.
          TH - What you do with NAT is the same. ISPs have to keep this
          LC - I don't know that's true.
          TH - It's not clear to me why that is. The NAT logs should be enough to
          for law enforcement.
          LC - The server may not hold the source port information
          I think basically declaring it out of scope is an error. Any solution
          that gives the ISP all of the information. You dont' have to track every
          TH - You don't have to do that here either
          LC - One proposal was a different address, so this would need to be
          TH - If I assign 1 address and it's used for one connection, the you
          have to track that. NAT knows more than that (the port).
          LC - I'm talking about the goal. We have to provide privacy. One solution
          under your scheme is that the ISP logs every 5-tupler
          Kyle Larose (KL) - If I give millions of IPs to every host, can the ISP
          run out of addresss?
          TH - They're blocks of /128s.
          Dave O'Reilly (DO) - The law enforcement perspective from people that
          I've worked with is if there's any illegal activity, the focus of interest
          will be on who was controlling the IP address at the time?
          ISP's are required, almost everywhere, under regulation to identify
          subscribers - so the proposed privacy measures will need to take this
          into account.
          The other point I wanted to make is that connection logging is a terrible
          idea. The risk of the loss of that data is huge. If it gets out you can
          see everything that I was broswing. The volume of logging generated is
          also prohibitive.
          If there was some alternative, then I would like to see it.
          TH - It's a good point. But, this solution is not connection logging. It's
          address allocation tracking. I'm assuming law enforcement had... (missed)
          Nick Doty (ND) - If we have too many rotating identifiers at once we
          may lose the privacy if they aren't rotated in a coordinated way.
          TH - The client has control over this. Please look at the draft. Maybe the
          attackers haven't got to this level yet, but it's going to be a problem.
          ND - I'll follow up.
          7. IP Fragmentation Considered Fragile, Ron Bonica
             15 minutes
          JCZ - How many people have read the draft?
          (10 or so hands)
          DB - I'm here to help! Please make sure that what you do here is aligned
          with the intarea tunnels draft. There's fragmentation text in there so
          make sure they match up.
          8. SOCKS v6, Vladimir Oltenau
             10 minutes
          JCZ who has read any version of the draft
          (c. 10 people)
          I encourage people to read this version and provide comments.
          9. Availability of Information in Criminal
             Investigations Involving Large-Scale
             IP Address Sharing Technologies, David O'Reilly (remote) (DO)
             5 minutes
          Chritian Huitema (CH) - Clarification question. Are you asking for this
          log in the network or in the ANT
          It's the servers that are logging. Most people running a NAT have to
          provide logging in accordance with their national regulations. For CGN,
          if there is no time or source port, the ISP can't query the logs, even
          if they have them. Therefore there's an information gap in some CGN
          If your website got hacked and you don't have the source port and time,
          you've go no chance.
          Alain Durand (AD) -  I was one of the original 6302 authors, I take your
          point. We could have an offline conversation about an updated version
          of the document.
          DO - The scope could be exteded to provide guidance to implementors of
          server software.
          There's cases where peolple writing in house software may use this as
          Michael Abrahamsson (MA) - I've done this and provided lists of 16
          sddresses for PBA. This is enough.
          DO - I believe in Belgium, 16 is mandated somehow.
          SK - I want to gauge if there's Is there interst in updating RFC6302.
          EV - In Belgium, it's a volutary thing

Generated from PyHt script /wg/intarea/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -