[01:55:17] --- Bill has left: Computer went to sleep
[11:28:52] --- Bill has joined
[11:58:59] --- cmadson55-ietf has joined
[12:12:34] --- Bill has left
[12:37:14] --- nan_626 has joined
[12:53:44] --- m_ersue has joined
[13:06:39] --- m_ersue has left
[13:45:08] --- nan_626 has left: Disconnected.
[14:12:16] --- nan_626 has joined
[14:26:19] --- cmadson55-ietf has left
[14:27:18] --- nan_626 has left: Lost connection
[15:56:03] --- nan_626 has joined
[15:56:58] --- cmadson55-ietf has joined
[15:59:40] --- cmadson55-ietf has left: Replaced by new connection
[15:59:43] --- cmadson55-ietf has joined
[15:59:44] --- cmadson55-ietf has left
[16:35:35] --- nan_626 has left: Disconnected.
[17:26:39] --- petrescu7 has joined
[17:28:51] --- petrescu7 has left
[17:31:03] --- nan_626 has joined
[17:41:36] --- mrex has joined
[18:00:38] --- nan_626 has left: Disconnected.
[18:18:00] --- nan_626 has joined
[19:08:25] --- isomer has joined
[19:34:55] --- nan_626 has left: Disconnected.
[19:36:09] --- nan_626 has joined
[19:36:14] --- isomer has left
[19:44:27] --- raeburn has joined
[19:47:28] --- dlpartain has joined
[19:52:07] --- nan_626 has left: Disconnected.
[19:54:20] --- tlyu@jis.mit.edu has joined
[19:57:12] --- roland@su.se has joined
[19:57:38] --- iljitsch has joined
[19:58:58] --- dku has joined
[20:04:00] --- Dave Nelson has joined
[20:04:06] --- ggm has joined
[20:04:54] <ggm> http://www3.ietf.org/proceedings/06nov/agenda/plenaryt.txt
[20:04:56] --- fujiwara has joined
[20:05:15] <ggm> http://www3.ietf.org/proceedings/06nov/slides/plenaryt-0.pdf
[20:05:38] <ggm> recent doc highlights
[20:05:46] <iljitsch> audio is a bit too loud
[20:05:49] <ggm> drafts on unwanted traffic, net transparency
[20:05:58] <ggm> tell the NOC. they have a jabber room I believe
[20:06:02] --- mo7sen has joined
[20:06:14] <ggm> doc in RFCed Q on DoS issues
[20:06:18] --- sleinen has joined
[20:06:35] <ggm> Published, IDNs, guidelines to act as Liaison to another org
[20:06:50] <ggm> the 50 cycle hum is brought to you by con-ed and the boys of USSteel
[20:06:57] <ggm> Other IAB activities
[20:07:07] <ggm> Routing & Addressing wkshop
[20:07:15] <ggm> Oct 18/19 in Amsterdam.
[20:07:21] <ggm> (on agenda later)
[20:07:23] <ggm> The appeals.
[20:07:45] <ggm> JFC Morfin, Dean Anderson, JFC Morfin #2 pending "read the web about it all"
[20:07:51] <ggm> Thats is from Leslie.
[20:08:09] <ggm> Aaron Falk, IRTF chair report
[20:08:11] <ggm> http://www3.ietf.org/proceedings/06nov/slides/plenaryt-1.pdf
[20:08:34] <ggm> IRTF status.
[20:08:49] <ggm> new RG. followon from end-middle-end RG. (EME)
[20:08:58] <ggm> sorry followon from <blah> IS EME
[20:09:09] --- fparent@jabber.org has joined
[20:09:10] <ggm> review of lack of activity and progress in RGs
[20:09:23] <ggm> Anti-SPam quiet. maybe DKIM causes
[20:09:29] <ggm> High note. delay tolerant. did interop.
[20:09:38] <ggm> 13 drafts, arch doc, finalizing
[20:10:05] <ggm> interop across langs, O/S, platforms, (inc cellphone) did the matrix. DTN demonstrated
[20:10:27] <ggm> DTN deployment in sweden up north. reindeer got mail
[20:10:33] <ggm> EME chartered
[20:10:47] <ggm> objectives are to foster e2e with middlebox awareness.
[20:10:53] <ggm> relates to behave work
[20:11:07] --- Tsubasa has joined
[20:11:08] <ggm> RG looking beyond NATS to an arch
[20:11:11] <ggm> info on ML.
[20:11:18] <ggm> feb meeting in UK
[20:11:26] <ggm> HIP. not meeting. (all in councelling?)
[20:11:33] <ggm> HIP over NAT in rfc-ed
[20:11:44] <ggm> looking for stuff to do. experiments.
[20:11:50] <ggm> congestion control RG
[20:12:02] <ggm> biblio collecting across the RFC collection
[20:12:09] --- cmadson55-ietf has joined
[20:12:10] <ggm> ECN, UDP DCCP multicast etc etc
[20:12:24] <ggm> meet, F2F, PFLDnet in LA, Feb 6 2007
[20:12:30] <ggm> measurement RG quiet.
[20:12:33] <ggm> dead?
[20:12:41] <ggm> Mobility Opts RG
[20:12:44] <ggm> met here.
[20:12:55] <ggm> doing last call on L3 fast handover.
[20:12:58] <ggm> stuff on mobility
[20:13:02] <ggm> management RG
[20:13:09] <ggm> workshop in oct, 5 year plan
[20:13:20] <ggm> recommending stuff. position statements, slides posted on their web.
[20:13:25] <ggm> draft to summarize
[20:13:28] <ggm> peer to peer RG
[20:13:33] <ggm> 'introspection' on group role
[20:13:42] <ggm> now is the time to discuss on ML
[20:13:46] <ggm> RRG meets tomorrow.
[20:13:57] <ggm> report subgroup working on scaling.
[20:14:06] <ggm> like P2P, looking for a workplan, critical mass
[20:14:23] <ggm> lots of grad students looking for ideas folks, supervisors/ideas needed...
[20:14:29] <ggm> scaleable adaptive multicast WG.
[20:14:41] <ggm> not here, was at last IETF, conf f2f january, drafts of aspects of problem space.
[20:14:45] <ggm> transp. modelling RG.
[20:14:59] <ggm> were quiet. now finishing drafts on matrix eval. of congestion control mechs.
[20:15:11] <ggm> tools doc, scenarios,
[20:15:18] <ggm> "Dats all folks"
[20:15:22] <ggm> Qs?
[20:15:40] --- nm has joined
[20:15:54] <ggm> Highlights from draft-iab-net-transparent (Bernard Aboba)
[20:16:04] <ggm> http://www3.ietf.org/proceedings/06nov/slides/plenaryt-2.pdf
[20:16:18] <ggm> too much to do here. see slides for more info.
[20:16:21] --- geoff has joined
[20:16:25] <ggm> motivations:
[20:16:34] <ggm> how do things look today given pass history,.
[20:16:40] <ggm> what core tenets, what insights.
[20:16:51] <ggm> update thinking. look at transp. issues today, not explored in past docs.
[20:16:59] <ggm> new things, new barriers
[20:17:07] <ggm> slide with docs which relate.
[20:17:38] <ggm> DARPA newarch proj. docs highly recommended.
[20:17:49] --- roland@su.se has left
[20:17:49] <ggm> also dave clark/braden/sollins paper from sigcomm
[20:18:07] <ggm> prev. IAB statements relevant.
[20:18:16] <ggm> (dense slides. read 'em)
[20:18:24] <ggm> re-iterate of e2e
[20:18:26] --- bhoeneis has joined
[20:18:37] <ggm> impact of e2e. consequences. protection of innovation.
[20:18:43] <ggm> net harder to mod than ends.
[20:18:52] <ggm> motivation for deployment of V6
[20:19:05] <ggm> notstraightforward, scenarios without it lead to dead ends.
[20:19:10] <ggm> Observations.
[20:19:18] <ggm> statements hold up mostly today
[20:19:29] <ggm> concept of 'oblivious' transport. non-filter, non-translate.
[20:19:46] <ggm> concept of tussle, process by which parties adapt mech. to goals, or push back.
[20:19:51] <ggm> all familiar with that.
[20:19:57] <ggm> (dense slide)
[20:20:06] <ggm> tussle reducing transparency continues.
[20:20:16] <ggm> no arch fix will restore this, inherent conflict.
[20:20:30] <ggm> transp. is flexible but delivering unwanted traffic. (report to follow in this plenary)
[20:20:35] <ggm> threats to V6 transp. as well as v4.
[20:20:42] --- weshardaker has joined
[20:20:42] --- weshardaker has left: Lost connection
[20:20:42] <ggm> its not pre-ordained. have to work on.
[20:20:44] <ggm> ongoing
[20:20:59] <ggm> DNSSEC deployment, (in many minds) discovered transp. barriers hampering it
[20:21:10] <ggm> deal with the tussle. rules for fair fight. RFC 4084.
[20:21:13] <ggm> helpful
[20:21:17] <ggm> thoughts from 4084.
[20:21:22] --- harald has joined
[20:21:25] <ggm> "full internet connectivity"
[20:21:36] <ggm> filtering are incompatible with this type of service.
[20:21:43] <ggm> only bw limits, prohibits on law basis.
[20:21:52] <ggm> on "disclosure obligations"
[20:21:56] <ggm> identify actions.
[20:22:05] <ggm> Transparency issues.
[20:22:09] <ggm> 6 (dense slide)
[20:22:14] <ggm> looked at ALGs.
[20:22:21] <ggm> discussed in 2775. (briefly)
[20:22:23] --- TJ has joined
[20:22:40] <ggm> are a barrier, distinct from NAT. 2775 its all mixed in. no such thing as a transp. ALG. they are barriers in themselves. eg DNSSEC.
[20:22:50] <ggm> DNS namespace mangles. now important.
[20:23:01] <ggm> recursive forwarders which modify responses are a barrier.
[20:23:05] <ggm> loadbalance, redirect.
[20:23:14] <ggm> looked at anycast, reverse-NAT with traps. issues.
[20:23:19] <ggm> NAT is not dead in V6
[20:23:27] <ggm> address restriction on V6.
[20:23:33] <ggm> something we did not intend in 2775
[20:23:52] <ggm> IKEv2 issues
[20:23:59] <ggm> providers who do not do allocation.
[20:24:08] <ggm> appl filters in the core. blocking without consent from the edge
[20:24:13] <ggm> restricts on deploy of new apps.
[20:24:17] <ggm> Next steps
[20:24:26] <ggm> strawman 01 draft, up on archive soon.
[20:24:32] <ggm> comments solicited to IAB.
[20:24:36] <ggm> barriers? let us know.
[20:24:46] <ggm> Q?
[20:24:48] <ggm> Elliot Lear.
[20:25:20] <ggm> Fred, ralph Droms and I did RFC year ago, substantial barriers from renumber issues. enterprises will hit. not simple tech issues, some are, contribute to problem. think its 4192, not sure
[20:25:33] <ggm> Readout from Unwanted Traffic Workshop (Danny McPherson & Loa Andersson)
[20:25:44] <ggm> http://www3.ietf.org/proceedings/06nov/slides/plenaryt-3.pdf
[20:26:00] <ggm> [dis ok? briefer, but more workable for me]
[20:26:35] <ggm> laughs from fixing 50 cycle hum. con-ed lift game, next is over-voltage spikes maybe
[20:26:45] <ggm> report from unwanted workshop laughs
[20:27:06] <ggm> Loa from IAB, danny expert from area
[20:27:13] <ggm> March 2006, Marina Del Rey
[20:27:21] <iljitsch> who is speaking now?
[20:27:23] <ggm> Loa
[20:27:32] <ggm> Loa Andersson
[20:27:42] <ggm> and con-ed come good with the hum
[20:27:49] <ggm> why do this workshop?
[20:28:00] <ggm> lots of traffic, DDoS, virus, spam, worms etc
[20:28:10] <ggm> getting worse
[20:28:30] <ggm> Danny speaks.
[20:28:34] <ggm> lots of research,
[20:28:46] <ggm> code red, 5 years old, still see .5m unique hosts newly infected
[20:28:51] <ggm> persistence is big deal
[20:29:08] <ggm> Loa
[20:29:17] <ggm> impact, huge economic losses
[20:29:23] <ggm> getting worse.
[20:29:29] <ggm> Slide: evolution of threats
[20:29:39] <ggm> its not just kids hacking around.
[20:29:44] <ggm> its more or less an industry
[20:29:45] <ggm> Danny.
[20:30:37] <ggm> emphasise, maybe obvious, trad worms, slammer wreaking havoc, cong collapse, but now, why not write worm to compromise millions of systems, use them for taking control, find ways to get economic gain. its beyond disruption. refs to code red etc.
[20:30:53] <ggm> malware propagation, toolkit, not one static thing, enable arrays of capabilities.
[20:30:58] <ggm> examples in the doc
[20:31:10] <ggm> "monetization"
[20:31:10] <ggm> Loa
[20:31:32] <ggm> IAB called wkshop to assess, examine counter measures, get input
[20:31:55] <ggm> participants came from ops, vendor, research, enterprise nets. 35 ppl.
[20:32:13] <ggm> 11 from IAB/IESG, rest experts.
[20:32:28] <ggm> draft-iab-iwout-report-00.txt
[20:32:34] <ggm> please read
[20:32:36] <ggm> discuss, comment
[20:32:48] <ggm> Loa here tomorrow, but its late in the week. send mail
[20:33:05] <ggm> workshop findings.
[20:33:16] <ggm> there exists an underground economy, driving unwanted traffic
[20:33:22] <ggm> arms race
[20:33:31] <ggm> getting worse
[20:33:59] <ggm> action plan neede3d
[20:34:07] <ggm> sorry for the l33t speak needed
[20:34:10] <ggm> Danny
[20:34:16] <ggm> may seem a bit cheesy, but we really have examples
[20:35:05] <ggm> the underground shopping mall slide
[20:35:25] <ggm> Root of all evils:
[20:35:44] <ggm> mall run by crims, to sell your assets. using our tools.
[20:36:04] <ggm> creditcards, bank a/c, routers (core), servers, botnets.
[20:36:18] <ggm> Danny
[20:36:33] <ggm> since its been monetized, script kiddy are no longer attacking the guy who beat him on halo, its for $$$
[20:36:46] <ggm> (why an underground economy slide)
[20:37:13] <ggm> why isn't this being filtered, why can people do this Qs
[20:37:20] <ggm> anonymised nature of internet being exploited
[20:37:45] <ggm> ops, service providers, economic ROA is huge. unless some demonstrateable return to invest, plant, whatever
[20:37:51] --- csp has joined
[20:37:58] <ggm> to quarantine, or prosecute, its a challenge
[20:38:22] <ggm> implications across the IETF
[20:38:31] <ggm> Loa
[20:38:53] <ggm> these people want the network to run. getting better at their bad things [laugh]
[20:39:20] <ggm> when take countermeasures, first reaction is not to hit back, move somewhere else. net is huge. can hack anywhere
[20:39:28] <ggm> unless have coord way of hitting back, they move around
[20:39:43] <ggm> The BotNet example (lifecycle)
[20:39:56] <iljitsch> "they can hack any router anywhere", I'd like to see some proof backing this statement up
[20:39:57] <ggm> find vuln. then how funded, motivations
[20:40:07] <ggm> (its hyperbole. we all do it)
[20:40:17] <ggm> then to exploit.
[20:40:31] <ggm> zero-day this and that, most of the time, exploit in the wild, before the vuln. announced to community.
[20:40:40] <ggm> uptake in these, but they are widespread
[20:40:51] <ggm> from exploit to compromise,
[20:41:03] <ggm> self-propagation, the RH column of the slide
[20:41:04] <ggm> control
[20:41:14] <ggm> big change in malware, taking control
[20:41:16] --- kivinen has joined
[20:41:45] <mo7sen> be careful iljitsch, it can be interpreted as a challenging call: hey bad guys out there, if you can hack my router, you will get a big prize ;-)
[20:41:55] <ggm> see botnets connecting to squid proxies, load-balancing the command & control
[20:42:41] <ggm> changing IP addresses, hosting the fishing sites on the compromised machines, keyloggers, id theft.
[20:42:51] <ggm> 20, 30 gigabit files of CC numbers, PINs
[20:43:21] <ggm> rBot varient, streams video if a connected cam, they see what you do.
[20:43:27] --- ogud has joined
[20:43:35] <iljitsch> fortunately the Apples have a "camera on" led. :-)
[20:43:49] <ggm> Current Vuln. & solutions
[20:43:56] <ggm> (dense tabular slid)
[20:44:30] <ggm> "everything over http" model. use a proto which gets through
[20:44:38] --- Tsubasa has left
[20:45:04] <hartmans> Is the camera on led software or hardware?
[20:45:12] --- ShoichiSakane has joined
[20:45:18] <ggm> net auth becomes problemattic, on corp net, on open wireless lan.
[20:45:28] <ggm> tools, but often not used
[20:45:30] <ggm> Danny
[20:45:34] --- iljitsch has left
[20:45:43] <ggm> With all this, the point of the readout is to look at the proceedings of the workshop
[20:45:47] <ggm> more datapoints
[20:45:47] --- kdz has joined
[20:47:20] <ggm> (exploding phone)
[20:47:49] <ggm> netops focussed on ROI. low-hanging fruit are fine. do them
[20:47:54] <ggm> BCPs, documenting them, encourage.
[20:48:15] <ggm> Loa
[20:48:18] <ggm> summarize
[20:48:24] <ggm> tools fail
[20:48:33] <ggm> some inadequate
[20:48:39] <ggm> not properly deployed
[20:48:42] <ggm> competence is low
[20:49:29] <ggm> 20% never fixed. 40% fixed eventually. so problem lives forever
[20:49:53] <ggm> concern about Operators, how they take on business
[20:50:38] <ggm> need to be showing ROI. not sure if completely true, but someone said "soon as one broadband customer calls helpdesk, he ruined the business of the customer with that operator forever"
[20:50:44] <ggm> Danny
[20:50:50] <ggm> -to say it slightly differntly
[20:51:04] --- kdz has left
[20:51:10] <ggm> large worm outbreak, compromise, big problem is, not as easy as quarantiening 1 PC. how to remediate
[20:51:18] <ggm> regardless, first person called is the s-p.
[20:51:55] <ggm> you take calls, amortize cost across users per year, take the BB deployment $20 pm. amortize, one phonecall, fielding it costs $50-$80, the profitability on that monthy is lost forever.
[20:52:03] <ggm> cannot shut of E911 services, etc
[20:52:08] <ggm> infrastructure
[20:52:23] <ggm> most netops, try to re-use equipment, push the big fast box from core to edge, no security
[20:52:35] <ggm> thats reality of the infrastructure. real businesses looking for profit.
[20:53:00] <ggm> Hard Qs
[20:53:17] <ggm> if we really want to stop, how much damage prepared to do to the Internet Arch?
[20:53:29] <ggm> Transparency makes it easier to send good and bad packets
[20:53:47] <ggm> might want to deploy couple of mechs, not sure of impact on openness, arch
[20:53:50] --- nm has left: Replaced by new connection
[20:53:51] --- nm has joined
[20:53:51] --- nm has left
[20:54:14] --- dthaler has joined
[20:54:28] --- kdz has joined
[20:54:29] <ggm> IP reputation services, 'hosts know to spam' -selling services,
[20:54:44] <ggm> denting profit. take bot resources, attack blue security etc
[20:54:53] <ggm> turn resources to take reputation services offline
[20:55:19] <ggm> Medium and Long term
[20:55:40] <ggm> clean up the IRRs
[20:55:57] <ggm> secure, use for routing verification
[20:56:05] <ggm> take down the botnets. no magic wands required
[20:56:14] <ggm> community edu
[20:56:29] --- iljitsch has joined
[20:56:40] <ggm> BCP 38. deployer doesn't get most of the benefits
[20:56:57] <ggm> neighbours do. unless a large deployment
[20:57:13] <ggm> Paul. Everyone benefits.
[20:57:17] <ggm> heckle heckle heckle
[20:57:38] <ggm> Sam Wieler
[20:57:41] <ggm> or is it Hartman?
[20:58:04] --- nm has joined
[20:58:05] <ggm> how you got such a worrying summary
[20:58:07] <iljitsch> ugh, audio is bad
[20:58:19] <ggm> encourage you all, this is important. may be old news, hasn't changed how we do proto design
[20:58:27] <ggm> [so tell the NOC.]
[20:58:45] <ggm> Bob. 2 things
[20:59:24] <ggm> no mention of congest control. treat dos as congest, with an arch (I am working on) obvious when sending into congest. stand out.
[20:59:26] <mo7sen> Sam Hartman
[20:59:49] <ggm> don't need all this routing source spoofing stuff. all those techniques are vuln. to being taken over by attacker. deal as congest, simpler. don't even have to identify
[20:59:52] <ggm> thks.
[21:00:10] <ggm> Many attacks.
[21:00:19] <ggm> some goes under the radar. if you have solns encourage input
[21:00:21] <ggm> (Danny)
[21:00:39] <ggm> 2nd point
[21:00:51] <cmadson55-ietf> that was sam hartman
[21:00:53] <ggm> bunch of us out of UCL, running WG looking at contractual/legal/technical
[21:01:04] <ggm> producing report
[21:01:16] <ggm> analysis for govs researches, will post to IAB. soon
[21:01:24] <ggm> Dave Crocker
[21:01:28] <ggm> glad sam made his statement
[21:01:58] <ggm> channel substantial community
[21:02:02] <ggm> everything you said, well known
[21:02:19] <ggm> to say "might become" wargame.. years old.
[21:02:34] <ggm> to my knowledge, to people hands-on in this, there are no known solns. don't use that word
[21:02:46] <ggm> Sam understated when he said 'really important' its far more important than that.
[21:02:54] --- ryu.inada has joined
[21:03:00] <ggm> only thing saving us is they want it to run too., not sure what real purpose of WKshop was.
[21:03:18] <ggm> Danny. as indiv. in general, security considerations just say "use IPSEC" -
[21:03:21] <ggm> agree with what you saifd
[21:03:25] <ggm> leslie
[21:03:27] <ggm> speak to Q
[21:03:30] <ggm> why hold workshop
[21:03:41] <ggm> are people in room, familiar with aspects, and so were ppl in that meeting.
[21:04:04] <ggm> what may not have been communicated here, but is in the report its 'pieces of the elephant' introduced people to other parts., share the map with audience.
[21:04:12] <ggm> goal was consciousness raising, as is the report goal
[21:04:27] <ggm> think it succeeds if it does that much. may be suprised what you didn't know don't know.
[21:04:34] <ggm> need to keep that elephant in mind
[21:04:37] <ggm> as moving forward
[21:04:44] <ggm> Bob Braden
[21:05:10] <ggm> wonder if you consider the flip side. techniques used to do this, can be used by govs for repression. delicate issue.
[21:05:12] <ggm> considered?
[21:05:17] --- raeburn has left: Lost connection
[21:05:27] <ggm> Danny yes. do have ideas.lockdown ,model, break e2e. wans't key discuss but worth pointing out
[21:05:45] <ggm> Stuart Bryant. how much is in domain of internet, and how much domain of operating sys vendors with vulns?
[21:05:47] <ggm> {applause}
[21:05:58] <ggm> accross board. BCP38, and opsys guys need to do stuff.
[21:06:05] <ggm> wide spectrum
[21:06:09] <ggm> everybodys problem
[21:06:14] --- csp has left
[21:06:22] <ggm> could reduce.
[21:06:39] <ggm> Danny can, persistence, takes long time to upgrade. touching TCP to fix stuff is hard
[21:07:11] <ggm> Loa cut lines.
[21:07:30] <ggm> unknown dude
[21:07:47] --- Stephen Farrell has joined
[21:08:07] <ggm> Microsoft, OpenID, looking to fix auth in IETF, keyprov bof, nea working group. scope for enterprise work contrib to solution. ask IAB to provide opinion on gaps, given work, several years out
[21:08:08] --- Stephen Farrell has left
[21:08:15] <ggm> Mirke
[21:08:22] --- nan_626 has joined
[21:08:23] <ggm> nobody wants to pay for security.
[21:08:46] <ggm> lots of technology, huge part of it is education, the impls. are not deployable. ppl create protos with bolt-on security,. should be inherent consideration.
[21:09:06] <ggm> every OS, at this point, every bug is a DoS attack. never sw without bugs. community needs to come together.
[21:09:07] --- Antoin has joined
[21:09:24] <ggm> survey of ISPs deploy on security. what came out. so many things to do, nothing ubuquitous.
[21:09:27] <ggm> solve at all levels
[21:09:31] <ggm> Bob Hinden
[21:09:34] --- Antoin has left
[21:09:52] <iljitsch> most insecure part of nearly all systems is still the index finger of the user
[21:10:17] <ggm> attended workshop. took away, eye opening for me, conclusion, much of what IETF is doing for security, looking for subtle attacks, are irrelevant to realworld attacks. they are not attacking new protos, using old/existing machines for DoS. should be careful not to spend too much time making it perfect
[21:10:32] <ggm> shouldnt make useablitly harder trying to protect subtle attacks when the real attacks are not subtle.
[21:10:44] <ggm> solns not found inIETF stuff. eye opener for me. imp. message
[21:10:48] <ggm> Eric Burger
[21:11:09] <ggm> wgs I chair, many ppl new to IETF, 00 drafts ask "why care" and this is why
[21:11:20] --- Stephen Farrell has joined
[21:11:21] <harald> 5 years ago, today's blunt attacks were considered subtle, I think.....
[21:11:25] <ggm> don't want to tell grandkids about when anyone could put server on net. if we don't help fix it, gov will fix it
[21:11:30] <ggm> dont want lawyers to design the internet
[21:11:41] <ggm> Loa Quick comment.
[21:11:47] --- tlyu@jis.mit.edu has left: Replaced by new connection
[21:12:11] --- tlyu@jis.mit.edu has joined
[21:12:12] <ggm> talked after workshop, don't agree this is old news. community issue not just expert issue
[21:12:21] <ggm> Eric Rescorla.
[21:12:41] <ggm> went in pessimistic, came out distraught
[21:12:47] <ggm> (was at workshop)
[21:13:07] <ggm> s.w is written by people stupider than you, your code is buggy, the deployed code is even worse
[21:13:21] --- ks has joined
[21:13:26] <ggm> how have the attackers got to the point, 40-50% financial inst. you can detect botnets coming OUT
[21:13:39] <ggm> bob said we have no Idea in the IETF about this
[21:13:45] <ggm> need to figure out what the right thing to do is.
[21:13:49] --- Stephen Farrell has left
[21:14:07] <ggm> people do things which dont do very well
[21:14:15] <ggm> report worth reading. be afraid if not
[21:14:19] <ggm> Bernard ABoba
[21:14:21] <ggm> also attended
[21:15:13] <ggm> 140bots plus 50:1 magnify == gigabit attack
[21:15:24] <ggm> crim platform has resources, ingenuity, new platform. evil geniuses!
[21:15:32] <ggm> each form is a business.
[21:15:46] <ggm> each business is deployed every 6mo-year. billion $ revenue.
[21:15:48] <ggm> breathtaking.
[21:15:52] <ggm> read the report
[21:16:01] <ggm> read the slides from the wkshop
[21:16:12] <ggm> will write up report, give flavour of activity what you can learn
[21:16:39] <ggm> Actions
[21:16:47] <ggm> IAB involved to inform community
[21:16:53] --- ShoichiSakane has left
[21:17:11] <ggm> extension of it
[21:17:21] <ggm> understand u/g economy
[21:17:25] <ggm> concluding note
[21:17:31] <ggm> getting worse.
[21:17:38] <ggm> are growing awareness.
[21:17:40] --- dthaler has left: Replaced by new connection
[21:17:48] <ggm> first step to finding effective solutions
[21:18:08] <ggm> Paul Furgusson makes the truck back up one slide
[21:18:09] <ggm> Actionable?
[21:18:30] <ggm> how to move forward? I am coauth on BCP38. willing to work to bring UTD
[21:18:38] <ggm> rough consensus from 2000
[21:19:08] <ggm> Danny stuff addressed,
[21:19:11] <ggm> increase clue density
[21:19:22] <ggm> look at proceedings, contribute where expertise lies
[21:19:42] <ggm> realize, lots think "obvious stuff" but whole point was to increase clue density
[21:19:49] <ggm> Paul F.
[21:20:02] <ggm> seeing as this came out of IAB workshop, wanna see IAB/IESG liaison to make things actionable
[21:20:34] <ggm> Leslie. closed mike line theory. use IAB time. thanks to Loa and Danny [applause]
[21:20:49] --- Bob has joined
[21:20:50] <ggm> Readout from the Routing & Addressing Workshop (Dave Meyer, Chris Morrow)
[21:21:02] <ggm> http://www3.ietf.org/proceedings/06nov/slides/plenaryt-4.pdf
[21:21:05] --- nm has left: Replaced by new connection
[21:21:06] --- nm has joined
[21:21:06] --- nm has left
[21:21:20] <ggm> Readout going to be done differntly. Dave and Chris
[21:21:30] <ggm> BrianC, IESG members, so we can have discuss afterward
[21:22:01] <ggm> Dave worried on sams reaction
[21:22:16] <ggm> slide on agenda
[21:22:24] <ggm> who/why/what/when/howmany/dinner?
[21:22:27] --- raeburn has joined
[21:22:31] --- sureshk has joined
[21:22:37] <ggm> key findins, recommendations
[21:22:39] <ggm> why do it?
[21:22:49] <ggm> scaling problems
[21:23:05] <ggm> something the IAB should look at
[21:23:16] <ggm> A is for Arch. (except in dallas)
[21:23:34] <ggm> shared opinion from backbones, none of IETF efforts provide complete solution
[21:23:45] <ggm> {phone dramas}
[21:23:51] <ggm> logistics
[21:23:53] --- csp has joined
[21:23:59] <ggm> held in amsterdam. 18-19 oct. 38 people
[21:24:05] <ggm> focussed on backbone operators
[21:24:16] <ggm> some h/w designers, ent. types
[21:24:22] --- csp has left
[21:24:36] <ggm> 18 of 38 wre the IETF mafia. scribe. thks to RIPE, ISOC, NLNET Cisco
[21:24:42] <ggm> objectives
[21:24:49] <ggm> develop shared understand on problems
[21:25:11] <ggm> Participant perspectives. Chris Morrow
[21:25:16] <ggm> vince/geoff graph.
[21:25:20] <ggm> looks like a problem
[21:25:57] <ggm> problem statement
[21:26:18] <ggm> routing looks to work, in the future ?near? future, substantial problem.
[21:26:20] <ggm> TE.
[21:26:24] <ggm> multihoming.
[21:26:43] <ggm> driving MH from cust perspective, lots of legal compliance stuff. forced to ensure have access. MH accomplishes that.
[21:27:15] <ggm> no real difference from V6 in this.
[21:27:22] <ggm> scaleable increases is the fear
[21:27:31] <ggm> Jason Schiller did numbers.
[21:27:34] --- nm has joined
[21:27:39] <ggm> est. of full V6 deployment today, on existing V4.
[21:27:45] --- Aki Niemi has joined
[21:27:47] <ggm> adds routes, MH, TE, V6
[21:28:03] <ggm> big numbers, 381k-561k routes.
[21:28:12] <ggm> its not the number of routes, its the RIB/FIB update cycle
[21:28:18] <ggm> {explains RIB and FIB}
[21:28:56] <ggm> Vince Fuller.
[21:29:01] <ggm> this slide is partly my fault.
[21:29:08] <ggm> numbers based on projection, all V6 tomorrow
[21:29:09] --- dthaler has joined
[21:29:14] <ggm> take all V4, map to V6
[21:29:31] <ggm> only one new V6 per 4, actually a conservative assumption
[21:29:35] <ggm> deagg carried forward
[21:29:45] <ggm> number of cust deags, typical. ie its justification stuff
[21:30:12] <ggm> projects go exponential
[21:30:28] <ggm> Eric Rescorla.
[21:30:39] <ggm> why say exponential, one is straight
[21:31:08] <ggm> Vince
[21:31:16] <ggm> polynomial is probably the best fit.
[21:31:23] <ggm> the green is exp. the red is linear
[21:31:31] <ggm> Vince guarantee its not linear
[21:31:58] <ggm> Eric when you make projections, ...
[21:32:09] <ggm> $20,000 there is a better fit polynomial
[21:32:16] <ggm> Vince I said its not linear
[21:32:30] <ggm> Gengis was looked in GROW
[21:32:35] <ggm> was linear
[21:32:43] <ggm> similar data from Geoff
[21:33:00] <ggm> Eric serious point. look exp. but are logistic. can't just curve fit.
[21:33:02] <iljitsch> did I stay up until the middle of the night for this!?!
[21:33:07] <ggm> cant eyeball it. just "its growing"
[21:33:33] <ggm> Dave. this is not an easy thing. Geoffs data. its at least super linear
[21:33:48] <ggm> Eric. its tough. don't just say "its <x>"
[21:33:52] <mrex> there currently is still "a rush" in getting connected for people that previously weren't because auf high speed networks and flatrates
[21:33:53] <ggm> Leslie take offline and analyse
[21:34:18] <ggm> another graph, which is thought to be non-linear
[21:34:30] <ggm> Alain Durand
[21:34:42] <ggm> making assumption flip switch and add all V6?
[21:34:42] <mrex> but that is going to saturate. in Germany we have already more than 50% of the people connected
[21:34:51] <ggm> But nobody is going to do it.
[21:34:55] --- raj has joined
[21:34:57] <ggm> Vince but thats how we get the baseline.
[21:35:07] <ggm> doesnt matter if it happens today, or later. end up on same curve
[21:35:24] <ggm> Alain. needs to have better math, model, looks like trying to present a slamdunk
[21:35:38] <ggm> Leslie we wont take actions on scientific fraud.
[21:36:09] <ggm> Margaret. sure will get to a point of agreement but 4 and 6 together
[21:36:14] <ggm> ?
[21:36:28] <ggm> Chris believe 4 and 6 co-exist for some time. long time
[21:36:33] <ggm> beyond end of graph
[21:36:39] <ggm> Lothberg. fix by not deploying V6?
[21:36:46] --- ks has left: Logged out
[21:37:05] <ggm> Chris. have to plan according to something like this. only one V6 prefix per customer, provider.
[21:37:18] --- fujiwara has left
[21:37:28] <ggm> Marg. show curve for 4, then add 6, move it up by <x>...
[21:37:54] <ggm> everyone is going to deploy 6 on all nodes, 4 on all nodes, no matter how big internet gets. not sure about this assumption. do 6 to eventually reduce V4
[21:37:59] <ggm> or with less mission criticalness.
[21:38:00] <ggm> BrianC
[21:38:13] <ggm> v4 is going to hit a logistic curve, it runs out. so it stops contributing. at 4bill
[21:38:26] <ggm> other point, these curves are 'go on doing what we do now'
[21:38:32] <ggm> wat for second half of talk
[21:38:48] <iljitsch> When IPv4 addresss space runs out the problem actually gets worse because people are going to fragment existing relatively large address blocks.
[21:39:03] <ggm> do not rush out and deploy tomorrow. but, not same thing as knowing how bad it can be
[21:39:08] <ggm> Ross Callon
[21:39:15] <ggm> Thats it for the graphs.
[21:39:17] <ggm> Chris
[21:39:22] <ggm> Moores law.
[21:39:55] <ggm> only works for commodities. not routers, cept pentium in juniper. its special purpose h/w
[21:40:05] <ggm> critical components, the TCAM, SRAM, low volume.
[21:40:11] --- petrescu7 has joined
[21:40:14] <ggm> memory speeds, lookups at line rate at OC48, 768 if/
[21:40:27] <ggm> end result is, growth, over 1.3x in 2 years, we cant keep ahead
[21:40:50] <ggm> last graph. maps this
[21:40:52] <ggm> Eric
[21:41:12] <ggm> to understand the argument. the blackline is the perf. of sys in moores law.
[21:41:21] <ggm> other lines are curve fits corresponding to require sys capacity.
[21:41:34] <ggm> saves us until maybe 2011 in most pessimistic
[21:41:36] <ggm> but not clear
[21:41:44] <ggm> the graphs aren't the best in the world for longterm predictions
[21:41:59] <ggm> Eric. 2011, 5% behind the curve
[21:42:24] <ggm> John. want to point out, actually routers do use commodity components, and use DRAM for FIB storage and works real good.
[21:42:47] <ggm> tcams, the hard/heavy lifting is not DRAM. ASICS are not made that way
[21:43:03] <ggm> rest of the talk is table growth, not forwarding speed. so in table size terms, TCAM not relevant
[21:43:05] <ggm> Dave.
[21:43:28] <ggm> clearly disagreement about this point. thats ok. trying to get understanding if there are issues we should be thinking about. not to 'one right one wrong' want to understand
[21:43:41] --- raj has left
[21:44:25] <ggm> hDave
[21:44:34] <ggm> Key workshop findings
[21:45:06] <ggm> scaleability a problem.
[21:45:12] <ggm> superlinear growth. concern.
[21:45:15] <ggm> BGP growth concern.
[21:45:19] <ggm> RIB update dynamics, deagg.
[21:45:25] <ggm> MH,
[21:45:43] <ggm> Qs about applicability of moores law to routers, if growth gets bigger
[21:45:47] --- Bob has left: Logged out
[21:46:00] <ggm> subject to constraints. Pa?CIDR. need TE. need MH, the laundry list
[21:46:07] <ggm> problem shared in 6/4.
[21:46:16] <ggm> larger V6 address space can exacerbate
[21:46:39] <ggm> Alain. reading about complainst from 16k routes, growth non-linear 'sky is falling'
[21:46:43] <ggm> we deployed CiDR
[21:46:46] <ggm> 1380
[21:46:52] <ggm> [heckling]
[21:47:06] <ggm> use of IP as both ID and LOC is a problem
[21:47:22] <ggm> felt solution to overload of IPAddr may solve mobility, MH
[21:47:31] <ggm> examined the tradeoffs inherent in Shim6, GSE
[21:48:00] <ggm> history was 8+8. segment IPv6 into global and local. rewrite addr at edge of domain.
[21:48:11] <ggm> evolved into GSE. same thing with variations.
[21:48:15] <ggm> like NAT on the edge almost
[21:48:41] <ggm> cost/benefits not aligned in current net.
[21:48:46] --- bhoeneis has left
[21:48:54] <ggm> canonical example is MH. edge sites get benefit, core net has to carry the prefix
[21:49:14] <ggm> cost/benefit curves differnt to enterprise, service/content provider
[21:49:20] <ggm> Daves Personal Obs
[21:49:25] <ggm> lots of enthusiasm
[21:50:02] <iljitsch> dave wore a "give peace a chance" t-shirt on the first day of the workshop. :-)
[21:50:06] <ggm> re-engagement with IETF leadership
[21:50:25] --- plenary has joined
[21:50:27] <ggm> positive socialization
[21:50:37] --- bhoeneis has joined
[21:50:46] <ggm> Workshop recommends
[21:50:49] <ggm> urgent problems
[21:51:49] <ggm> want open, transparent solutions
[21:52:06] --- spencerdawkins has joined
[21:52:17] <ggm> may want to look into interim solutions to buy time
[21:52:38] <ggm> want roadmap
[21:52:50] --- petrescu7 has left
[21:52:57] <ggm> Qs?
[21:53:18] <ggm> Marg. clarify Qs now and ??
[21:53:26] <ggm> Dave and then next step slides
[21:53:48] <ggm> BrianC want to answer Alain a bit better.
[21:54:02] <ggm> Road 1 did predict doom and gloom, put soln in place, kept the curve below the solid painspace.
[21:54:17] <ggm> Road 2, concern here, support statement the problem is urgent, in worse case we do cross the curve
[21:54:25] <ggm> ALain.
[21:54:30] <ggm> not denying there is a problem.
[21:54:44] <ggm> want to see more solid intelligence about numbers on screen. know if sky falls in 2, 5 or 10 from now.
[21:54:48] <ggm> may take different actions
[21:55:12] <spencerdawkins> must ... stop ... looking ... at ... curves ... in ... front ... of ... engineers ...
[21:55:25] <ggm> Leslie can discuss numbers.
[21:55:34] <ggm> but, people have done the work, and think there is a problem.
[21:55:46] <ggm> if don't believe graphs, do believe others who operate nets think tis bad
[21:55:50] <ggm> Lothberg.
[21:55:54] <ggm> thjings we can do today with the arch.
[21:56:31] <ggm> come up with tech, possible to make 50mil users be handled by internet, move around, I would do it. make the net bigger, better.
[21:56:42] <ggm> so take that graph, put my 50mil on, and I will use it if you can fix it
[21:56:47] <ggm> Peter Sherbin
[21:56:56] <ggm> Were from here? routing and addressing.
[21:57:12] <ggm> if we want to work on indep. and self-sustained address dist, who, by what mech. creates requirements for routing
[21:57:28] <ggm> leslie.
[21:57:30] <ggm> what we learned.
[21:57:36] <ggm> moving forward. issue to delve into.
[21:57:40] <ggm> and taking sense of urgency.
[21:57:51] <ggm> want to move forward in coordainated fashion. avoid poor choices for longterm.
[21:57:58] <ggm> arch issues to address.
[21:58:01] <ggm> wg to form
[21:58:08] <ggm> design teams, non WG groups.
[21:58:15] <ggm> more continuing discussion on issues
[21:58:24] <ggm> first step: clarify problem statement
[21:58:31] <ggm> we don't have time to mess around
[21:58:47] <ggm> IAB, IESG agree. joint discussion
[21:58:54] <ggm> taking the problem very seriously.
[21:59:01] <ggm> facilitate discuss, develop, support submissions
[21:59:07] <ggm> needs more input from other stakeholders.
[21:59:14] <ggm> under consideration. track situation, work
[21:59:21] <ggm> more IAB workshops
[21:59:28] --- geoff has left
[21:59:31] <ggm> non-WG BoF at Prague to review work
[21:59:38] <ggm> Immediate Q
[21:59:38] --- geoff has joined
[21:59:40] --- Aki Niemi has left
[21:59:48] <ggm> how to structure.
[21:59:54] <ggm> want Quick action, not a sprint
[22:00:14] <ggm> solve problems
[22:00:18] <ggm> long term effort.
[22:00:27] <ggm> balance near-term effort, acknowledge longterm effort
[22:01:23] <ggm> Moving forward.
[22:01:27] <ggm> prior work considered.
[22:01:41] <ggm> wkshop report almost ready for release as draft
[22:02:13] <ggm> thats it from Leslie. re-open mike lines
[22:02:41] <ggm> BrianC. not just leslie saying it. I concur. Routing area directors, Int-area Directors, Sec AD, other at mike..
[22:02:48] <ggm> think we're committed to go forward on this
[22:02:51] <ggm> Sam. Hi.
[22:02:55] <ggm> different comments
[22:03:23] <ggm> presentation, given by radia perlman to plenary, on getting along and working together.
[22:03:38] <ggm> much of the previous work in the space has been be coloured by rough consensus. "rough" emphasised
[22:03:47] <ggm> ppl gone away and 'didnt consider my idea' or 'didn't understand'
[22:03:51] <ggm> ppl dropped out of process
[22:03:59] --- sureshk has left
[22:04:15] <ggm> are there problems we need to solve NOW?
[22:04:23] <ggm> sure some rough consensus calls in the future.
[22:04:36] <ggm> need to establish ground rules, committ to working together, listening, expect ppl to do the same
[22:05:15] --- ogud has left: Replaced by new connection
[22:05:16] <spencerdawkins> radia perlman presentation at http://www3.ietf.org/proceedings/02mar/slides/plenary-3/index.html
[22:05:27] <ggm> read, explain, deal with issues
[22:05:45] <ggm> coord aspect, of process, focus on making sure we don't drive away consitutuencies
[22:05:55] <ggm> solns great forops, but not users would be a shame
[22:05:59] <ggm> Bob Hinden
[22:06:09] <ggm> pleased working on routing again., think thats what this is about
[22:06:14] <ggm> model hasn't changed much 4->6
[22:06:18] <ggm> two other thoughts.
[22:06:39] <ggm> whole V4 technology mid 70s. commercial in 92-3-4. anyone who can claim about whats going on in perpetuity.,
[22:06:57] <ggm> young industry. way might solve problemsin 10 years, going to be different than way done today
[22:07:45] <ggm> other examples of large, dist realtim DB around. bigger numbers
[22:08:07] <iljitsch> BGP is dead, long live BGP!
[22:08:44] --- TJ has left
[22:08:50] <ggm> agree with peter. finer grained routing into router, can do cool things. do more here, not just deal with scaling what we do today
[22:08:50] <ggm> lets get more dimensional growth
[22:08:50] <ggm> Chris
[22:08:50] <ggm> tried to make it "BGP is maybe not the right answer" "maybe the TCP stack is not the right answer right now"
[22:08:50] <ggm> we're open minded. V6 is young enough tobe fixed in deployment
[22:09:06] <ggm> not "I like BGP, lets keep using it"
[22:09:18] <ggm> Ross Callon
[22:09:35] <ggm> could touch on routing, address, apps, V6, TCP headers. might not, might be security in there.
[22:09:45] <ggm> fair number of people interested in topic
[22:09:53] <iljitsch> see http://www.bgpexpert.com/presentations/routingws-bgpproblems.pdf
[22:09:56] --- akiniemi has joined
[22:10:30] <ggm> BrianC did short Weds Plenary. how about short Weds plenary and do Bof?
[22:10:37] <ggm> replace Weds plenary with Bof {applause}
[22:10:46] <ggm> BrianC some stuff done at march have to do
[22:10:58] <ggm> Eric
[22:11:10] <ggm> good to do stuff in this space. but diverging interests in stakeholders. diverging pain
[22:11:17] --- fujiwara has joined
[22:11:51] <ggm> Leslie
[22:11:56] --- akiniemi has left
[22:11:59] <ggm> has been raised, as implication,
[22:12:15] <ggm> get non-normal routing track people in
[22:12:21] <ggm> will be trade-offs
[22:12:44] <ggm> Close q at this point,
[22:12:45] <ggm> Marg
[22:12:54] <ggm> start by saying, have exceptions with modelling. think its a real problem
[22:13:13] <ggm> wont affect us in 2011. affects us today. because we make MH expensive so people driven off net. not future prob. now prob
[22:13:18] <ggm> lot of different places to work
[22:13:24] <ggm> IETF only owns part of the pie
[22:14:10] --- geoff has left
[22:14:56] --- nan_626 has left: Lost connection
[22:14:56] --- ryu.inada has left: Lost connection
[22:15:42] --- dthaler has left
[22:16:10] --- Dave Nelson has left
[22:17:10] --- raeburn has left: Disconnected
[22:17:27] <ggm> Ted Hardie scares people
[22:17:42] --- spencerdawkins has left
[22:17:52] <ggm> underground economy driving gov to stop basic internet beliefs
[22:18:01] <ggm> talking here about economy again. throw money and solve forever.
[22:18:23] <ggm> $25mil per router but will scale. but cost of coming on wont be $19.95. wont be affordable for home devices.
[22:18:33] <ggm> we might lose basic charicteristcs of the net if we dont do this right
[22:18:46] <ggm> apps guy: sure PITA. replace host stacks. bad.
[22:18:59] <ggm> ask the virus writers to do it for me, since they can update.. {laugh}
[22:19:06] <ggm> think about this boldly from routing perspective
[22:19:19] <ggm> e2e but smart middles being talked.
[22:19:24] <ggm> had tunnels to <here>
[22:19:26] --- geoff has joined
[22:19:28] <ggm> trying to make endpoints ignorant.
[22:19:57] --- dlpartain has left
[22:20:08] <ggm> thats where we ought to set limits of what we imagine.
[22:20:20] <ggm> patch our way into oblivion. OSI, 1982, not internet, IETF, now
[22:20:30] <ggm> Leslie top that {laugh}
[22:20:34] <ggm> Dino Cisco
[22:20:54] <ggm> in terms of gathering requirements, wish said stronger. ops need to be part of designing proto. up front
[22:21:07] <ggm> decide if design is wrkable. cant be late.
[22:21:13] <ggm> Leslie thanks
[22:21:22] <iljitsch> only fair, they have to pay for it. :-)
[22:21:25] <ggm> IAB open Mic
[22:21:42] <ggm> [I'm hungry and my bum hurts and I am tired. so I am stopping]
[22:21:49] --- cmadson55-ietf has left
[22:22:05] <ggm> anway, this ritual abuse section is content free
[22:23:01] --- ggm has left
[22:24:23] --- cmadson55-ietf has joined
[22:32:00] --- tlyu@jis.mit.edu has left: Replaced by new connection
[22:33:29] --- tlyu@jis.mit.edu has joined
[22:39:27] --- nm has left: Replaced by new connection
[22:39:28] --- nm has joined
[22:39:28] --- nm has left
[22:40:14] --- kdz has left
[22:42:45] --- fujiwara has left
[22:45:44] --- plenary has left
[22:46:26] --- tlyu@jis.mit.edu has left
[22:46:32] --- fparent@jabber.org has left: Logged out
[22:46:39] --- harald has left
[22:46:41] --- dku has left: Computer went to sleep
[22:46:53] --- bhoeneis has left
[22:48:43] --- cmadson55-ietf has left
[22:49:57] --- kivinen has left
[22:51:36] --- iljitsch has left
[22:52:55] --- ryu.inada has joined
[22:54:25] --- ryu.inada has left
[22:57:01] --- geoff has left
[23:04:20] --- mo7sen has left
[23:04:42] --- sleinen has left
[23:07:55] --- mrex has left