Talk:Challenges and uptake of modern Internet standards (including, but not limited to IPv6, DNSSEC, HTTPS, RPKI) – WS 11 2020

From EuroDIG Wiki
Revision as of 17:46, 12 June 2020 by AndreM (talk | contribs) (Added Chat log from the session)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Welcome to the information page for WS 11 2020 preparation.

This page includes:

  • Raw chat log from the session
  • Dates for virtual meetings or coordination calls;
  • Short summary of calls or email exchange;
  • Other relevant preparation or temporary information.

Org Team meetings

Meeting 1

Date/time: 2020-04-23 13:00 CEST (UTC+02)
Location: Virtual
Summary:

  • Org Team kick off meeting;
  • Focus on existing internet standards that have been around for some time; generally considered uncontroversial;
  • Possible structure of the session:
    1. Explore the reasons why these standards are not as widely accepted and deployed as they should be, considering their non-controversial nature;
    2. Propose possible solutions for these challenges;
    3. Look into the success-cases (e.g. HTTPS).
  • Consider challenges within the ecosystem and beyond internet infrastructure: e.g. "last mile";
  • Possible angle for the challenges discussion: Business cases v end-users' demand;
  • Gather concrete data and statistics on deployment of standards (IPv6, DNSSEC) for an evidence-based discussion.

Meeting 2

Date/time: 2020-05-20 13:00 CEST (UTC+02)
Location: Virtual
Summary:

  • Approval of final title;
  • Approval of final teaser;
  • Discussion on detailed description;
  • Discussion on Key Participants;
  • Other issues.

Meeting 3

Date/time: 2020-06-05 13:00 CEST (UTC+02)
Location: Virtual
Summary:

  • Final meeting before the event;
  • This session is the first to include Key Participants;
  • Decisions on format and moderator;
  • Discussion on standards, case studies, tools, slides, live polling, session description, etc. Further improvements will be done via the mailing list;
  • Presented technical information on the session software and event specifics (same as the prep calls organised by the secretariat);
  • Consensus: In-person event, thought not viable, would be best, both for discussion and for the very missed food :)
  • Other issues.


Additional information

  • Mails
    • APNIC - This mail has been merged in the "Further Reading" section but the explanation here is more detailed:
      • IPv6 - large scale measurements of IPv6 uptake starting in late 2011 up to today - stats on a global basis (https://stats.labs.apnic.net/ipv6/XA, per region (https://stats.labs.apnic.net/ipv6/XE), per country (https://stats.labs.apnic.net/ipv6/GB) or per provider (https://stats.labs.apnic.net/ipv6/AS5607?c=GB&p=1&v=1&w=1&x=1)
      • Also a set of stats on the relative performance of IPv6 compared to IPv4 (https://stats.labs.apnic.net/v6perf/XE, again with regional / country / ISP splits. I look at connection loss rates (the Ukraine has a problem!) as well as relative RTTs.
      • DNSSEC is reported in a similar way - I report on both validating (ALL the resolvers you use perform DNSSEC validation and refuse to answer if the DNS result has a bad signature) and “mixed” where some of the resolvers you use perform validation, but some do not - the end result is that you are lead to a badly signed name anyway! (https://stats.labs.apnic.net/DNSSEC/XE, again with region, country, ISP splits - data since 2013). Sweden - big on DNSSEC, lousy on Ipv6!
      • We looked at support for ECDSA in DNSSEC, but stopped when it was clear that support for this crypto protocol was as widespread as RSA (https://www.potaroo.net/ispcol/2018-08/ecdsafin.html_
      • HTTTPS - we tried to measure the number of end points that refused to connect on HTTPS and it turned out that it was basically impossible to find anyone! Now I suspect a certain amount of measurement bias, in that the ad is a browser-based service and a browser without HTTPS is probably defunct, but the bottom line is the same - every browser we see these days is capable of TLS and can (and does) do HTTPS
      • RPKI - work in progress - we have set up the rig and started an ad based on ROV measurement - reports are still in progress
      • IPv6 - large scale measurements of IPv6 uptake starting in late 2011 up to today - stats on a global basis (https://stats.labs.apnic.net/ipv6/XA, per region (https://stats.labs.apnic.net/ipv6/XE), per country (https://stats.labs.apnic.net/ipv6/GB) or per provider (https://stats.labs.apnic.net/ipv6/AS5607?c=GB&p=1&v=1&w=1&x=1)
      • Also a set of stats on the relative performance of IPv6 compared to IPv4 (https://stats.labs.apnic.net/v6perf/XE, again with regional / country / ISP splits. I look at connection loss rates (the Ukraine has a problem!) as well as relative RTTs.
      • DNSSEC is reported in a similar way - I report on both validating (ALL the resolvers you use perform DNSSEC validation and refuse to answer if the DNS result has a bad signature) and “mixed” where some of the resolvers you use perform validation, but some do not - the end result is that you are lead to a badly signed name anyway! (https://stats.labs.apnic.net/DNSSEC/XE, again with region, country, ISP splits - data since 2013). Sweden - big on DNSSEC, lousy on Ipv6!
      • We looked at support for ECDSA in DNSSEC, but stopped when it was clear that support for this crypto protocol was as widespread as RSA (https://www.potaroo.net/ispcol/2018-08/ecdsafin.html_

Chat log from the session

(beginning of chat)
From Carsten Schiefner to Everyone: 11:13 CEST (UTC+02)

  • You guys are live already.
  • Fault or Feature?

From Studio Host: Elisabeth Schauermann to Everyone: 11:13 CEST (UTC+02)

  • Feature!

From Carsten Schiefner to Everyone: 11:14 CEST (UTC+02)

  • Then: hi there! And a good morning!

From Denesh Bhabuta to Everyone: 11:18 CEST (UTC+02)

  • Hi all
  • Can’t unmute

From Remote Moderator: Lilian Weiche to Everyone: 11:19 CEST (UTC+02)

  • Welcome to WS11 everyone! A quick reminder to please identify with your full name as your Zoom name in line with the code of conduct. Thanks everyone and have a great session!

From Carsten Schiefner to Everyone: 11:22 CEST (UTC+02)

  • hmm...
  • 24 in the room already.

From Carsten Schiefner to Everyone: 11:25 CEST (UTC+02)

  • the turn up quite low actually.
  • compared with e.g. RIPE 80
  • which saw a going through the Roof attendance of 2,000+ People.

From Andrew.Campling@419.Consulting to Everyone: 11:28 CEST (UTC+02)

  • Good morning everyone

From André Melancia [Moderator] to Everyone: 11:35 CEST (UTC+02)

From José Calé to Everyone: 11:39 CEST (UTC+02)

From André Melancia [Moderator] to Everyone: 11:44 CEST (UTC+02)

  • @José Thank you :)

From Andrew.Campling@419.Consulting to Everyone: 11:48 CEST (UTC+02)

  • IPv6: slow take-up due to the lack of any meaningful ROI for ISPs and others investing in new infrastructure until IPv4 addresses are exhausted?
  • DNSSEC: some browser companies are very reluctant to adopt it, possibly due to the perceived performance hit? Trading better performance against user security.

From Wido Potters (BIT) to Everyone: 11:50 CEST (UTC+02)

  • 'Browser companies'? DNSSEC is not validated in the browser.

From Carsten Schiefner to Everyone: 11:51 CEST (UTC+02)

  • if the browser uses DoH, what other Chance would it have?

From João Damas to Everyone: 11:51 CEST (UTC+02)

  • No, Wido, validation is typically carried out by the ISP resolver not the end user browser or app (which in itself is an issue, but a different one)

From Martin Vliem to Everyone: 11:51 CEST (UTC+02)

  • Availability may also be a concern (perspective vendors). There are several published lists that provide Insight into all the downtime because of DNSSEC problems. Think key-rotation etc. for example as causes...

From Andrew.Campling@419.Consulting to Everyone: 11:51 CEST (UTC+02)

  • @Wido It is where the browser is doing DNS, eg with DoH

From Chris Box to Everyone: 11:51 CEST (UTC+02)

  • @Andrew IPv6 takeup often doesn't require new infrastructure but does require human effort to get it right, so yes in that sense it costs money and needs a business driver to get going.

From João Damas to Everyone: 11:51 CEST (UTC+02)

  • DoH still talks to a resolver, e.g. the Cloudflare resolver

From Wido Potters (BIT) to Everyone: 11:52 CEST (UTC+02)

  • Exactly

From Carsten Schiefner to Everyone: 11:53 CEST (UTC+02)

  • @Joao&Wido: thanks. I have been under assumption so far that also the Validation would then be done by the browser.

From Vittorio Bertola to Everyone: 11:53 CEST (UTC+02)

  • Sometimes it’s just laziness. Such as my domain registrar (OVH) that only supports entering DNS glue records in IPv4, but not in IPv6. What’s the saving in that? Perhaps half a day of a programmer to check the UI and code.

From Wido Potters (BIT) to Everyone: 11:55 CEST (UTC+02)

  • @Vittoro, I believe numbers look very different (higher) for the content side of the internet. I expect adoption to be higher there for most standards.

From Andrew.Campling@419.Consulting to Everyone: 11:56 CEST (UTC+02)

  • Q: Geoff: if IPv6 I snot today's answer, what is? Is NewIP a better solution to today's problems?
  • *is not

From Jan Žorž - 6Connect to Everyone: 11:57 CEST (UTC+02)

  • “New IP” is not new, neither is IP :)

From Denesh Bhabuta to Everyone: 11:57 CEST (UTC+02)

  • @Andrew: IPv4+ is the answer ;-)

From Wido Potters (BIT) to Everyone: 11:57 CEST (UTC+02)

  • Ghehe

From Patrick Tarpey to Everyone: 11:57 CEST (UTC+02)

  • Routable NetBIOS

From Jan Žorž - 6Connect to Everyone: 11:58 CEST (UTC+02)

  • Banyan vines ;)

From Eduardo Duarte to Everyone: 11:58 CEST (UTC+02)

  • @Denesh :D :D :D

From Patrick Tarpey to Everyone: 11:58 CEST (UTC+02)

  • IPX/SPX...

From André Melancia [Moderator] to Everyone: 11:58 CEST (UTC+02)

  • @Denesh IPoAC with IPoBats

From Denesh Bhabuta to Everyone: 11:58 CEST (UTC+02)

  • LOL

From Jan Žorž - 6Connect to Everyone: 11:59 CEST (UTC+02)

  • Don’t mention IPoAC, as it may start another pandemic :)

From Andrew.Campling@419.Consulting to Everyone: 11:59 CEST (UTC+02)

  • I'm not sure that these "answers" are helpful! :-)

From João Damas to Everyone: 11:59 CEST (UTC+02)

  • I guess a better question would be “what is IPv4 preventing you from doing?” Because if the answer is “nothing” then clearly there is no need for a solution

From Jan Žorž - 6Connect to Everyone: 11:59 CEST (UTC+02)

  • Avian carriers are considered not funny anymore :D :D :D

From Denesh Bhabuta to Everyone: 11:59 CEST (UTC+02)

  • For some reason I now want to go back to using PAD and Kermit..

From Merike Kaeo to Everyone: 11:59 CEST (UTC+02)

  • Would love to see the data on performance measurements around DANE. Wondering where the actual issues are with performance. CPU? With end-to-end encryption that would be slower than validations. So why would folks think end-to-end encryption would work?

From Denesh Bhabuta to Everyone: 11:59 CEST (UTC+02)

  • Memories..

From John Grant - Nine Tiles / ETSI ISG NIN to Everyone: 11:59 CEST (UTC+02)

From Adeel Sadiq to Everyone: 12:00 CEST (UTC+02)

  • so all of these technologies that are being mentioned as alternate to IPv6 (I do not know abt most of them) will suffice IoT and 5G and any other future techs as well?

From Geoff Huston to Everyone: 12:00 CEST (UTC+02)

  • The problem with DANE was that validation requires MANY dns queries

From Denesh Bhabuta to Everyone: 12:00 CEST (UTC+02)

  • @Joao - good point

From Geoff Huston to Everyone: 12:00 CEST (UTC+02)

  • there was an effort with Chain extensions to reduce the DNS query load

From Andrew.Campling@419.Consulting to Everyone: 12:00 CEST (UTC+02)

  • @Jaoa - What about address exhaustion with IPv4?

From Geoff Huston to Everyone: 12:00 CEST (UTC+02)

  • but by then it was all too late and the browser vendors had dropped DANE and its never coming back

From Jan Žorž - 6Connect to Everyone: 12:01 CEST (UTC+02)

  • IPv6 is not perfect, but that’s the best answer that we have today.

From Geoff Huston to Everyone: 12:01 CEST (UTC+02)

  • NATs give us around 52 useful addressing bits

From John Grant - Nine Tiles / ETSI ISG NIN to Everyone: 12:01 CEST (UTC+02)

  • @Andrew with NAT it's more about port number exhaustion

From Merike Kaeo to Everyone: 12:01 CEST (UTC+02)

  • Ahh.. thanks Geoff….I did follow that work when it started as ‘key assure’ but forgot what happened.

From André Melancia [Moderator] to Everyone: 12:01 CEST (UTC+02)

From João Damas to Everyone: 12:01 CEST (UTC+02)

  • Well, what is IPV4 address exhaustion preventing people from doing? The consumer internet seems to work just fine

From Wido Potters (BIT) to Everyone: 12:01 CEST (UTC+02)

  • But DANE for email is having quite an uptake. Performance hit is less an issue there I guess.

From Geoff Huston to Everyone: 12:02 CEST (UTC+02)

  • IPv6 has been wasteful segmented into 64 bit interface identifiers, site prefixes, etc, and the end result is that there are around 52 user; bits
  • timing in email is not the same

From Remote Moderator: Lilian Weiche to Everyone: 12:02 CEST (UTC+02)

  • Hello everyone! A quick reminder that if you do have a question that shall be included in the discussion later on, please preface it with #question. Thank you very much!

From Geoff Huston to Everyone: 12:02 CEST (UTC+02)

  • the eyes all is not waiting for the screen to refresh

From Bart K to Everyone: 12:03 CEST (UTC+02)

From Vittorio Bertola to Everyone: 12:03 CEST (UTC+02)

  • In the end, the industry solved the problem of IPv4 address exhaustion 20 years ago by making NAT ubiquitous (notwithstanding the IETF rejecting the idea). So IPv6 now is, in many regards, a solution calling for a problem.

From Andrew.Campling@419.Consulting to Everyone: 12:04 CEST (UTC+02)

  • There's a sense that some of the current standards setting and adoption is driven by Web performance rather than Internet requirements.

From Patrick Tarpey to Everyone: 12:04 CEST (UTC+02)

  • Q: What "incentive" mechanisms are available to encourage the deployment of RPKI? It seems like another layer of complexity that if fully implemented creates further technical & policy challenges.

From Andrew.Campling@419.Consulting to Everyone: 12:05 CEST (UTC+02)

  • @Pat and to Geoff's point, arguably doesn't improve much anyway

From Adeel Sadiq to Everyone: 12:05 CEST (UTC+02)

  • Q: @Geoff in one of your slides of IPv6 adoption (I think), there was a peak of 80%! I was wondering if you can comment on that. Maybe a simulation mistake or something?

From Jan Žorž - 6Connect to Everyone: 12:05 CEST (UTC+02)

  • Vittorio: did you deploy and use IPv6 in production?

From Geoff Huston to Everyone: 12:06 CEST (UTC+02)

  • Patrick - the good news is that RPKI ROV filtering does not need to be universally deployed to be reasonably effective - as long as tyransit providers filter then stubs are “protected” without doing anything themselves
  • @adeel - the noise peaks are measurement artefacts - some days we encounter failures of various forms

From Eduardo Duarte to Everyone: 12:07 CEST (UTC+02)

  • #Question: Regarding Quarrier Grade NAT, what do you think? Is the solution for IPv4 exhaustion?
  • *Carrier Grade

From Patrick Tarpey to Everyone: 12:08 CEST (UTC+02)

  • Q: If everyone deployed RPKI (100% coverage of ASNs), would the removal of a ROA effectively mean "sink holing" all traffic and if so is it not susceptible to government intervention(s) ?

From John Grant - Nine Tiles / ETSI ISG NIN to Everyone: 12:08 CEST (UTC+02)

  • #question: I'd like to know about the spikes in the IPv6 etc graphs too.

From Vittorio Bertola to Everyone: 12:09 CEST (UTC+02)

  • @Jan - I only run a couple of personal servers, where I try to be fully IPv6-compatible. I recently had to switch my backup VPS provider as it would not provide me with an IPv6 address or connectivity. Then I tried to get OVH to make my domain names fully accessible via IPv6 only, and I got stuck. And I do it only because I care about this, because in practice no one ever came to me and said “I could not get to your personal website because I only have IPv6 connectivity”.

From Thomas de Haan European Commission to Everyone: 12:09 CEST (UTC+02)

  • question; it is said Carrier Grade Nat is not endlessly scalable, leading to complexity and costs and in a certain point IPv6 is cheaper, any thoughts from Geoff on this?

From Mark Carvell to Everyone: 12:10 CEST (UTC+02)

  • The IGF MAG Open online consultation starts on 15 June - as Wout says, this is opportunity for stakeholders to express support for the policy track proposal and raise this with MAG members who set the IGF programme of intersessional work.

From Geoff Huston to Everyone: 12:11 CEST (UTC+02)

  • @Thomas - Ipv4 with CGNs can squeeze out the addressable space to around 52 bits
  • @Thomas - the problem is that ther way we’ve hacked up IPv6 we have managed to cut down 128 bits to about …. 52 bits. SO by the time you have completely run out of CGN c capacity it is not clear that IOpv6 gives you any further headroom

From Chris Box to Everyone: 12:11 CEST (UTC+02)

  • @Eduardo @Thomas Carrier Grade NAT implies stateful firewalling which means artificial limits are applied to communications. Typically idle timeouts, the ability to only set up a new communication flow in one direction, and a limit to the maximum number of flows that can be active at one time.

From Geoff Huston to Everyone: 12:11 CEST (UTC+02)

  • (sorry for the typos - I’m not the best typist!)

From Jan Žorž - 6Connect to Everyone: 12:12 CEST (UTC+02)

  • CGN doesn’t come cheap and the bigger your network is - more network states you have to store in that box and with growing the network your CGN doesn’t become any smaller. Heaven for vendors locking you in their small walled garden and make you pay more and more for keeping up with your growing traffic.

From Wout de Natris to Everyone: 12:13 CEST (UTC+02)

  • Following up on Mark. How do you see options to cooperate on internet and ICT standards and best practices deployment within the IGF and beyond? I'm really interested in hearing your views.

From Jan Žorž - 6Connect to Everyone: 12:14 CEST (UTC+02)

  • With IPv6 - more and more traffic goes over IPV6 as more and more popular services like google and Facebook are enabling IPv6 - offloading traffic away from your CGN/IPv4 infrastructure part, making network maintenance cheaper and cheaper.

From Adeel Sadiq to Everyone: 12:14 CEST (UTC+02)

  • @Geoff but you are the best in so many other things :-) your presentations have been my fav8 for years!

From Thomas de Haan European Commission to Everyone: 12:15 CEST (UTC+02)

  • thanks to all for CGN answers!

From Denesh Bhabuta to Everyone: 12:15 CEST (UTC+02)

  • @Adeel: +1 re Geoff

From Geoff Huston to Everyone: 12:15 CEST (UTC+02)

  • @Adeel - the measurement system is extremely complex, and there are many moving parts to it. Some days we encounter failures in many ways. What you are seeing in our numbers are what we see - the results from the lab!

From Arnold van Rhijn to Everyone: 12:16 CEST (UTC+02)

  • Agree with Wout's and Mark's call to stakeholders to raise this important issue with IGF/MAG members on their upcoming online consultation on 15 June.

From Geoff Huston to Everyone: 12:18 CEST (UTC+02)

  • I fear that the dual stack transition is not well understood - the entire process is driven by the laggards, not the early adopters - i.e. noone can drop IPv4 until literally everyone has picked up Ipv6. And while we continue to engineer apps to cope brilliantly with NATs (such as QUIC) then the drivers for the “laggards” are not convincing enough to impel rapid adoption

From Eduardo Duarte to Everyone: 12:18 CEST (UTC+02)

  • #Question: Don’t you think that other protocols like DANE, DKIM, DMARC are pushing for DNSSEC adoption?

From Geoff Huston to Everyone: 12:19 CEST (UTC+02)

  • Browser vendors are the issue with DANE in the web

From Andrew.Campling@419.Consulting to Everyone: 12:19 CEST (UTC+02)

  • If anyone is interested in an explanation of the APNiC methodology and stats, Geoff kindly gave a presentation for me which I recorded. You can find it in my YouTube channel at https://youtu.be/oJxIcQ2YoEs

From Geoff Huston to Everyone: 12:20 CEST (UTC+02)

  • we outsourced DNSSEC validation to recursive resolvers and the time penalty for validation is largely hidden from the end user. Dane brings it back to the user, and the time penalty becomes unbearable for many/most userts

From Wout de Natris to Everyone: 12:21 CEST (UTC+02)

  • Question. Discussion of the topic of deployment with the technical community, IETF and ISOC (contrary to IP and domain name organisations), is extremely difficult. Does any one know why this is and what could be suggestions to improve their interaction with other stakeholders? That would be most helpful.

From Bart Knubben to Everyone: 12:21 CEST (UTC+02)

  • @Joao: DNSSEC and other modern internet standards are indeed not visible for the end user, but "under the hood". We found that making it more visible by providing a public test tool (Internet.nl) helps.

From Wout de Natris to Everyone: 12:22 CEST (UTC+02)

  • There also is the deploy or explain (voluntary) list of the Dutch government of 42 open standards used in procurement.

From João Damas to Everyone: 12:23 CEST (UTC+02)

  • Hi Bart, yes that does help. Problem with them is when the user asks what can s/he do when they get a bad result. The “what now?” followup,
  • Campaigns are useful so that people have some idea of where things are, for sure

From Andrew.Campling@419.Consulting to Everyone: 12:23 CEST (UTC+02)

  • @Wout: possibly because take-up is not sexy vs development of new stuff? Also, thinking of the IETF, a recent discussion on its own mailing lists bemoaned the lack of support for IPv6 by some of the tools that it uses itself (eg GitHub).

From Martin Vliem to Everyone: 12:23 CEST (UTC+02)

  • And that is where you may have to reach out to vendors for their buy-in...

From Nigel Hickson to Everyone: 12:24 CEST (UTC+02)

  • Agree with Mark / Wout that it would be excellent to have a Policy track in IGF to work on these important issues. The whole area of Internet Standards needs to be better understood by us all.

From Geoff Huston to Everyone: 12:24 CEST (UTC+02)

  • The problems with fines and regulations is that are not necessarily inducements to private capital investment - regulators tread a careful line in trying to encourage investment in national infrastructure and services and trying to ensure that the results are safe and secure to use

From João Damas to Everyone: 12:24 CEST (UTC+02)

  • Sony are particularly good at filling everything they sell with large quantities of stickers with features so that people will compare with other devices, even if they don’t know what that particular feature is good for

From Wout de Natris to Everyone: 12:25 CEST (UTC+02)

  • @Geoff, this is exactly what I have been discussing with NL regulators and hope to extend internationally soon. Nudging, pressuring, not fining. that always is a last resort. (Speaking from experience.)

From Caroline Greer (Cloudflare) to Everyone: 12:27 CEST (UTC+02)

  • Guidelines can help - ENISA has been doing good work on BGP security / RPKI for example and talking to telco regulators. These best practices could be taken up in telco security frameworks, and more broadly, NIS implementation
  • But in the face of inaction, pressure should increase..

From Peter Koch to Everyone: 12:27 CEST (UTC+02)

  • Innovation at the infrastructure level (DNSSEC, v6) usually involves multiple parties that need to move forward together; Joao already touched upon the ‘first mover disadvantage’; regulation is not a panacea - you end up with a compliance culture, not with innovation or a security culture; the NASA.GOV example, old as it is, should provide some guidance (in the DNSSEC case)

From Bart Knubben to Everyone: 12:27 CEST (UTC+02)

  • @Joao: true, we provide guidance in the test reports and published a couple of technical how-to's. A user can send the report to his/het provider. We have quite a good experience with that.

From Denesh Bhabuta to Everyone: 12:29 CEST (UTC+02)

  • Seems to me that despite their simplicity, the way forward is “trust mark” type stuff.
  • .. as Joao said earlier in Sony’s instance.. lots of stickers on their equipment

From Wido Potters (BIT) to Everyone: 12:30 CEST (UTC+02)

  • Have a look at the wiki for the test URL and toolbox internet.nl offers

From Denesh Bhabuta to Everyone: 12:30 CEST (UTC+02)

  • .. but like “Intel Inside”

From Andrew.Campling@419.Consulting to Everyone: 12:30 CEST (UTC+02)

  • @Denesh I agree, either that or a traffic light system?

From Denesh Bhabuta to Everyone: 12:31 CEST (UTC+02)

  • ICANN Accredited Registrar / Nominet Member registrar - those banners give some sort of sense of trust..

From Geoff Huston to Everyone: 12:32 CEST (UTC+02)

  • what protects most users from routing “mistakes” is HTTPS

From João Damas to Everyone: 12:32 CEST (UTC+02)

  • @Wido, agree, I was trying to point out it is a safety, not a security mechanism, at least with the current standard

From Geoff Huston to Everyone: 12:32 CEST (UTC+02)

  • to perform theft in terms of services you need to bend both routing and TLS to pull it off, and its the TLS that’s really raised the bar

From Simon Hicks to Everyone: 12:32 CEST (UTC+02)

  • @Wout - the Dutch list sits alongside lists from many other European countries and those from outside Europe too. I’ve been in lots of discussions on agreeing a common list from these lists, and we couldn’t agree…..

From Carsten Schiefner to Everyone: 12:32 CEST (UTC+02)

  • @Denesh: ha! but how is the average user meant to distiniguish Buttons "made up" by vendors and "real" Buttons?

From Simon Hicks to Everyone: 12:32 CEST (UTC+02)

  • tender

From André Melancia [Moderator] to Everyone: 12:33 CEST (UTC+02)

  • ●●● Please use the "raise hand" function if you'd like to intervene using audio/video, opening the floor after this speaker (if function not available please use private chat to me)

From Wout de Natris to Everyone: 12:33 CEST (UTC+02)

  • @Simon, So all have their own list or no list at all?

From Wido Potters (BIT) to Everyone: 12:35 CEST (UTC+02)

  • @Simon, tender indeed, thnx :)

From Denesh Bhabuta to Everyone: 12:37 CEST (UTC+02)

  • @Carsten: in various ways.. including industry itself doing the media pushes.. but also through similar things like in the video shown by Andre… education, education, education. Simple messages. IN general, people just want the tech they use to work.. but if you make it clear that xyz is a good thing to have for whatever reason - keeping the explanation simple - then you get buy in from the end user… which then means the vendors and service providers have no excuse.. they will want to compete on extra / advanced features, rather than suggesting there is no demand.

From Geoff Huston to Everyone: 12:37 CEST (UTC+02)

  • Many / most security systems have problems with partial adoption - security can confirm whats good, but unless “bad” traffic self-identifies itself as “bad” then “bad” can only be inferred from the absence ve of good
  • so without universal adoption the absence of “good” is not a strong indicator of “bad"

From Eduardo Duarte to Everyone: 12:38 CEST (UTC+02)

  • #question: Some country’s in Europe have a good IPv6 adoption rate, but some CDN’s don’t fully support it. So, Telcos are doing a better job than Content providres???

From Geoff Huston to Everyone: 12:38 CEST (UTC+02)

  • which means that the rewards for early adopters are slight and it only gather momentum with large scale use

From Simon Hicks to Everyone: 12:38 CEST (UTC+02)

  • There is a UK list, a French list, NL, German, Danish etc. Lot of overlap, but not a common list

From Bart Knubben to Everyone: 12:39 CEST (UTC+02)

  • Hi Martin, yes, I'm here :-)

From Robin Gelhard to Everyone: 12:40 CEST (UTC+02)

From John Grant - Nine Tiles / ETSI ISG NIN to Everyone: 12:40 CEST (UTC+02)

  • "Making IPv6 addresses static" (on screen): mobile operators regard that as a security problem (I'm not sure of the detail) so they're doing NAT on IPv6 too.

From Wido Potters (BIT) to Everyone: 12:41 CEST (UTC+02)

  • dig github.com AAAA +short
  • ...

From Martin Vliem to Everyone: 12:42 CEST (UTC+02)

  • @Bart Knubben: great :-)

From Caroline Greer (Cloudflare) to Everyone: 12:43 CEST (UTC+02)

  • Cloudflare - as a CDN - fully supports it

From Chris Box to Everyone: 12:43 CEST (UTC+02)

  • @John EE in the UK does not NAT a mobile client with an IPv6 address when it is talking to an IPv6 address on the internet.

From Carsten Schiefner to Everyone: 12:47 CEST (UTC+02)

  • @denesh: we certainly can wholeheartely agree on education.
  • ;-)

From Geoff Huston to Everyone: 12:53 CEST (UTC+02)

  • I am old enough to remember GOSIP - a standard purchasing profile for OSI networks in the 1980’s. We’ve tried this many times in our industry and it has never been effective so far. What would be different this time around? I still say its a market and markets have their own dynamics.

From Andrew.Campling@419.Consulting to Everyone: 12:56 CEST (UTC+02)

  • On commonality of lists, did the EU try to agree and mandate a common list? Was there an issue with the member states not wishing to cede control of such matters, hence we still have multiple similar but different lists from the various member states instead?
  • If this is the case, perhaps the member states could agree something amongst themselves directly?

From Thomas de Haan European Commission to Everyone: 12:58 CEST (UTC+02)

  • thanks Andrew, certainly good suggestion!

From Bart Knubben to Everyone: 12:59 CEST (UTC+02)

From Peter Koch to Everyone: 12:59 CEST (UTC+02)

  • Given that the operational and regulatory landscape does differ. across the EU, a “common list” might look attractive, but the devil is in the detail

From Wout de Natris to Everyone: 13:00 PM

  • There should be a consensus on at least some standards I would hope. that would be a start.

From Bart Knubben to Everyone: 13:00 PM

From Carsten Schiefner to Everyone: 13:01 PM

  • @Ilona: make it "(..., https amongst them)"

From Peter Koch to Everyone: 13:01 PM

  • I have difficulties to understand the term “consensual standards”

From Carsten Schiefner to Everyone: 13:02 PM

  • as it reads right now ist just hppts, dnssec rpki.

From Wout de Natris to Everyone: 13:02 PM

  • Legislation is the last resort

From Simon Hicks to Everyone: 13:02 PM

  • all standards are in theory consensual, see WTO principles

From Caroline Greer (Cloudflare) to Everyone: 13:03 PM

  • End user perspective is an interesting one - re. BGP route leaks / hijacking for example, a service just goes dark and they don’t know who to ‘blame’ (and often it is the wrong service). RPKI adoption may be a technically challenging concept for users to get on board with.

From Wido Potters (BIT) to Everyone: 13:03 PM

  • I agree with Wout

From Polina Malaja - CENTR to Everyone: 13:03 PM

  • I agree with Ilona here

From Mark Carvell to Everyone: 13:03 PM

  • Quick reminder about the IGF opportunity to take these critical issue forward in an intersessional IGF "policy track" - if you support speak up at the MAG open consultation starting on Monday.

From Peter Koch to Everyone: 13:03 PM

  • “last resort” is a very poisoned term thes days

From Wout de Natris to Everyone: 13:04 PM

  • +1 to Mark and thank you if you do so.

From Simon Hicks to Everyone: 13:04 PM

  • Theory and practice are not always the same…

From Wout de Natris to Everyone: 13:04 PM

  • What would you suggest, Peter?

From Nigel Hickson to Everyone: 13:04 PM

  • Thank you for Session.

From Peter Koch to Everyone: 13:04 PM

  • keep out “legislation”

From Jan Žorž - 6Connect to Everyone: 13:04 PM

  • “Last resort” went viral :) :) :)

From Denesh Bhabuta to Everyone: 13:04 PM

  • *applause*

From Caroline Greer (Cloudflare) to Everyone: 13:05 PM

  • Thanks all!

From Wido Potters (BIT) to Everyone: 13:05 PM

  • Thank you all

From Carsten Schiefner to Everyone: 13:05 PM

  • thank you, all - another lovely session!

From João Damas to Everyone: 13:05 PM

  • Thank you!

From Bart Knubben to Everyone: 13:05 PM

  • Thanks!

From Polina Malaja - CENTR to Everyone: 13:05 PM

  • Thank you Andre, and everybody!!

From Wout de Natris to Everyone: 13:05 PM

  • great session all. Thank you!

From Hans Peter Dittler to Everyone: 13:05 PM

  • Thanks and bye

From Vittorio Bertola to Everyone: 13:05 PM

  • Thanks!

From Mark Carvell to Everyone: 13:05 PM

  • Thank you all for a very informative session.

From Arnold van Rhijn to Everyone: 13:06 PM

  • Thanks André + speakers. Excellent session!

From André Melancia [Moderator] to Everyone: 13:07 PM

  • Thank you all :)

From Studio Host: Elisabeth Schauermann to Everyone: 13:11 PM

  • Hi all, as announced, this is an informal space. You can use the chat, you now also have the opportunity to unmute yourselves and talk if you like. Feel free to let us know how you are via the menti.
  • We are playing some music in the meantime. Just let me know if you want to engage in conversation instead.

(end of chat)

Retrieved from "https://eurodigwiki.org/mw/index.php?title=Talk:Challenges_and_uptake_of_modern_Internet_standards_(including,_but_not_limited_to_IPv6,_DNSSEC,_HTTPS,_RPKI)_–_WS_11_2020&oldid=15756"