IETF
pearg
pearg@jabber.ietf.org
Tuesday, January 19, 2021< ^ >
kaduk@jabber.org/barnowl has set the subject to: PEARG at IETF 104
Room Configuration
Room Occupants

GMT+0
[16:24:11] shivan joins the room
[16:28:35] blassey joins the room
[16:29:16] menscher joins the room
[16:50:51] caraitto joins the room
[16:54:31] caraitto leaves the room: Disconnected: BOSH client silent for over 60 seconds
[17:57:01] caraitto joins the room
[17:58:09] caraitto leaves the room: Disconnected: BOSH client silent for over 60 seconds
[18:17:50] svaldez joins the room
[18:18:55] spammy joins the room
[18:27:44] svaldez leaves the room: Disconnected: BOSH client silent for over 60 seconds
[18:30:04] caraitto joins the room
[18:33:03] svaldez joins the room
[18:36:47] sd139@jabber.uk joins the room
[18:36:50] spammy leaves the room: Disconnected: BOSH client silent for over 60 seconds
[18:38:39] sd139@jabber.uk joins the room
[18:38:44] sd139@jabber.uk leaves the room
[18:48:40] svaldez leaves the room: Disconnected: BOSH client silent for over 60 seconds
[19:39:14] sd139@jabber.uk leaves the room
[19:39:20] sd139@jabber.uk joins the room
[19:40:41] sd139@jabber.uk leaves the room
[19:41:19] sd139@jabber.uk joins the room
[19:48:27] Christian Huitema joins the room
[19:51:37] Ben Schwartz joins the room
[19:52:15] Ben Schwartz has set the subject to: PEARG IP Address Privacy Interim
[19:53:20] svaldez joins the room
[20:00:06] Eric Orth joins the room
[20:00:09] David_Schinazi joins the room
[20:00:33] Paul Jensen joins the room
[20:00:40] Ben Schwartz has set the subject to: PEARG IP Address Privacy Interim https://codimd.ietf.org/pearg-interim-jan-2021
[20:03:00] sftcd joins the room
[20:03:06] <sd139@jabber.uk> Agenda: https://github.com/IRTF-PEARG/wg-materials/blob/master/interim-21-01/agenda.md
[20:04:01] davidben joins the room
[20:04:44] Samuel Weiler joins the room
[20:04:49] wseltzer joins the room
[20:05:01] <shivan> Hello all! Notes: https://codimd.ietf.org/pearg-interim-jan-2021?both
[20:05:31] shivan has set the subject to: PEARG interim Jan 2021
[20:05:57] Petr joins the room
[20:07:25] <shivan> oops Ben, didn't realize you'd already helpfully updated the topic :)
[20:07:31] shivan has set the subject to: PEARG IP Address Privacy Interim https://codimd.ietf.org/pearg-interim-jan-2021
[20:10:14] <shivan> Slides for current talk: https://github.com/IRTF-PEARG/wg-materials/blob/master/interim-21-01/Anti-abuse_applications_of_IP.pdf
[20:12:02] pearg joins the room
[20:12:09] jhoyla joins the room
[20:13:12] <Christian Huitema> In the anti-abuse discussion, it would help to distinguish between anti-abuse in which the user cooperates (e.g. account protection) and those in which the user is considered the adversary (e.g. ad protection).
[20:15:26] <sftcd> it'd also be useful to distinguish the features of IP addresses that enable the different anti-abuse mechanisms (e.g. same as before, return routable, ...) - given all these are post-facto re-uses of IP addresses and not what addresses are for, it should be useful in future to know where the real utility was, as the network changes
[20:17:03] sftcd-with-native-xmpp-client joins the room
[20:17:41] sftcd-with-native-xmpp-client leaves the room
[20:19:22] Erik Anderson joins the room
[20:20:38] <sftcd> my experience is that anti-abuse people are always a bit freaked out when you hint that their current mechanisms might change
[20:21:30] csperkins joins the room
[20:24:38] <jhoyla> EDM = Electronic Dance Music?
[20:24:53] <sftcd> obviously:-)
[20:24:59] <Eric Orth> So the counter-argument was that in the botnet case, the abuse detection might be working against the client software, but potentially (making an assumption) in favor of the actual "proper owner" of the device end user? I think that just helps show that the situation is very complicated.
[20:26:12] <wseltzer> It's also worth thinking about what's foreclosed if we ban anonymity, by mandating IP-identification; versus what's possible to layer on top of anonymous communications, e.g. via trust tokens
[20:26:23] <jhoyla> Can you spoof your source IP in QUIC, as in UDP?
[20:26:34] <jhoyla> (Assuming you're on-path)
[20:26:38] <sftcd> you can always spoof
[20:27:14] <jhoyla> Can you successfully complete a QUIC handshake using an IP you don't control?
[20:27:21] <menscher> No, you cannot
[20:27:37] Christian Huitema leaves the room: Disconnected: closed
[20:27:44] <menscher> Well, same as with TCP.  If you're on-path then you "control" the IP ;)
[20:27:58] <sftcd> I guess the worst there would be careless use of early data
[20:28:49] Christian Huitema joins the room
[20:29:35] <jhoyla> For example if the user is in India, and isn't issued an IPv4 address
[20:29:38] <sftcd> lots of the anti-abuse industry has yet to catch up properly with IPv6
[20:29:45] <Christian Huitema> @jhoyla you can definitely complete a QUIC handshake through a NAT.
[20:30:34] achernya joins the room
[20:32:00] <jhoyla> *cough* PrivacyPass *cough*
[20:33:11] <sftcd> sometimes they also want a database index to use to lookup reputation (hence not being very advanced wrt IPv6)
[20:33:40] <Christian Huitema> How do we ensure that anti-abuse signals are not used for something else, like "more relevant ads"?
[20:33:59] <jhoyla> Unlinkability is a good start
[20:34:18] <Samuel Weiler> The claim that you're not trying to track humans sounds inconsistent with the law enforcement use case described earlier.
[20:35:14] <Christian Huitema> That talk sounded a lot like the classic "for the children" talks...
[20:35:18] <jhoyla> @Christian Huitema there is a vaild use case of not serving ads to bots.@
[20:38:26] <jhoyla> Esp. if you had your bots send traffic volumes based on a PRNG.
[20:39:25] spammy joins the room
[20:39:51] <Christian Huitema> In the DDOS case, what actually changes if the DDOS is coming through a set of proxies? Doesn't it make the defense simpler?
[20:40:55] <svaldez> If the proxies are also serving legitimate user traffic, you may need to block more legitimate users in response to a DDOS attack if you have to block at the proxy scale?
[20:41:33] <Christian Huitema> Suppose a DDOS attack routed through ToR. Does it not start by ddossing ToR?
[20:42:55] <Eric Orth> One service's massive DDOS could be another service's relatively small impact on normal traffic.  If the proxy is much bigger and more used than the victim site, the proxy/tor might not consider itself DDOSed.
[20:43:19] <svaldez> Depends on the scale of the attack. On small and medium sized businesses, a DDoS attack via Tor might still take down the site, but doesn't get big enough to DDoS Tor. DDoS might also not be purely traffic/latency.
[20:44:39] caraitto leaves the room: Disconnected: BOSH client silent for over 60 seconds
[20:46:24] caraitto joins the room
[20:46:51] <Eric Orth> This informing-users case is the only usecase I see here where the identifier really needs to be global like IP.  Most of the detection stuff discussed earlier could be just as well served by some site-specific identifier.  Say a proxy/tor-like-thing gives the site some cryptographic has of (IP,target-site).  Wouldn't that work for most DDOS detection stuff?
[20:49:00] <menscher> Tor *does* proxy DDoS traffic.  Fortunately there aren't that many exit nodes to block, and Tor users are accustomed to being blocked
[20:50:12] <svaldez> Does the informing-users case even need a global? Can't the proxy thing do some aggregation of reports from target sites that can be proxied back to the origin IP?
[20:51:36] <Eric Orth> I was imagining recognizing the same users when they go to some other service (eg Google Search).  But yes, I imagine there are other alternative informing-users mechanisms that could still work with site-specific user identifiers.
[20:55:01] spammy leaves the room: Disconnected: BOSH client silent for over 60 seconds
[20:55:29] DaveO joins the room
[21:02:54] Luigi Iannone joins the room
[21:03:46] <menscher> FWIW our *signal* that users were infected with FakeVimes *was* their IP
[21:04:14] sysrqb joins the room
[21:04:14] <menscher> (They were unwittingly forced through a proxy)
[21:04:16] kantorkel joins the room
[21:05:59] <David_Schinazi> Christian has a privacy-preserving microphone
[21:06:10] <menscher> Lol...
[21:06:30] <Erik Anderson> And George has a privacy-preserving webcam.
[21:07:21] <Christian Huitema> Sorry about that. The mike went off when I shared the screen, and I could not see the unmute button anymore
[21:08:31] spammy joins the room
[21:16:01] spammy leaves the room: Disconnected: BOSH client silent for over 60 seconds
[21:18:55] whalen@jabber.org joins the room
[21:30:23] whalen@jabber.org leaves the room
[21:42:34] <shivan> This is the spec linked by George from Tor: https://github.com/torproject/torspec/blob/master/proposals/327-pow-over-intro.txt
[21:49:37] whalen@jabber.org joins the room
[21:54:29] Mirja joins the room
[21:57:00] DaveO leaves the room
[21:58:49] Samuel Weiler leaves the room
[22:00:06] Samuel Weiler joins the room
[22:02:07] Mirja leaves the room
[22:02:11] svaldez leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:02:13] David_Schinazi leaves the room
[22:03:22] Samuel Weiler leaves the room
[22:03:31] <shivan> Thanks all!
[22:04:41] pearg leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:07:21] Eric Orth leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:07:56] kantorkel leaves the room
[22:10:39] caraitto leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:12:13] <sysrqb> Where would be a good place to talk about the reputation system? Is that a topic I should start on the mailing list?
[22:12:54] whalen@jabber.org leaves the room
[22:13:28] whalen@jabber.org joins the room
[22:15:35] Petr leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:17:04] Paul Jensen leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:17:13] caraitto joins the room
[22:19:34] caraitto leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:19:45] Ben Schwartz leaves the room
[22:22:25] jhoyla leaves the room
[22:23:56] Samuel Weiler joins the room
[22:24:09] Samuel Weiler leaves the room
[22:26:24] whalen@jabber.org leaves the room
[22:28:43] Luigi Iannone leaves the room
[22:39:40] whalen@jabber.org joins the room
[22:51:00] spammy joins the room
[22:52:56] davidben leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:54:32] Erik Anderson leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:54:35] spammy leaves the room: Disconnected: BOSH client silent for over 60 seconds
[22:58:20] Samuel Weiler joins the room
[22:58:20] Samuel Weiler leaves the room
[22:59:28] Samuel Weiler joins the room
[23:02:01] Christian Huitema leaves the room
[23:28:30] whalen@jabber.org leaves the room
[23:29:33] achernya leaves the room
[23:30:35] whalen@jabber.org joins the room
[23:34:47] whalen@jabber.org leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!