Re: [93attendees] Network experiment during the meeting

Toerless Eckert <> Wed, 15 July 2015 04:08 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 31EE61B3196 for <>; Tue, 14 Jul 2015 21:08:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -13.911
X-Spam-Status: No, score=-13.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZhIfNz5s9uPa for <>; Tue, 14 Jul 2015 21:08:00 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 153F61B3188 for <>; Tue, 14 Jul 2015 21:07:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=3285; q=dns/txt; s=iport; t=1436933279; x=1438142879; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=9zZQkGS9HKy56x4v6CIPqWrq34UWKZC/rYrPi0J2QNE=; b=ZsYbszwvWBLipSwrAFZzkXI3itLFXodvrWt/6DwefQMK64F+pOhk7kJo drtANs8TfY9g8FvAgyq+vlXUi9xAmg1fDVqZElLtecRrtjZ/Fe2YihBsx Elhv/z9m2Sn9uWh8n4wL8pD6nGbT3EOkx3/AzCIXa1isab2s6rDKbInVK Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.15,477,1432598400"; d="scan'208";a="9866610"
Received: from ([]) by with ESMTP; 15 Jul 2015 04:07:51 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id t6F47oNC029695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Jul 2015 04:07:51 GMT
Received: from ( []) by (8.13.8/8.13.8) with ESMTP id t6F47nGn002844; Tue, 14 Jul 2015 21:07:49 -0700
Received: (from eckert@localhost) by (8.13.8/8.13.8/Submit) id t6F47mCM002842; Tue, 14 Jul 2015 21:07:48 -0700
Date: Tue, 14 Jul 2015 21:07:48 -0700
From: Toerless Eckert <>
To: Jari Arkko <>
Message-ID: <>
References: <> <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/
Archived-At: <>
Cc: joel jaeggli <>,, Rolf Winter <>,
Subject: Re: [93attendees] Network experiment during the meeting
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list of IETF 93 attendees that have opted in on this list. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Jul 2015 04:08:02 -0000

Rolfs web page explain almost nothing more than his email. I wouldn't
know any actual broacast packet of interest except for ARP. I am
pretty sure he means L2/L3 multicast. Having him say just "rfc919 / broadcast"
makes me a bit nervuous about how well the other bits are thought out.

As soon as IETF gives access for Rolf to any reasonable protected packets,
i would assume IETF is at least partially indemnifying Rolfs org from
legal responsibilities and takes on legal responsibilities itself.

It would be good to understand what the IETF is really responsible for.
I would fear that to be on the safe side, IETF should indemnify itself
against the attendees by having them sign "something". I am sure
that "something" needs to be better than "rfc919 / broadcast" unless he
really only wants to analyze ARP patterns.

Didn't IETF have security folks running around for decades telling us
to not be insecure because they will be tap'ing our unprotected WiFi
traffic and post our passwords ? Whatever happened of those experiments
(sorry, can't remember) ?

Logically its hilarious discussing legalese when Rolf would only tap 
what amounts to publically accessible packets, eg: on no- or obvious-password
encrypted WiFI accessible in public areas like Hotel lobbies. Of course i
am sure with digital laws being what they are, there is going to be difference
in him publishing a paper about those packets vs. posting a paper
about him observing/counting IETF participants in the public hotel
lobby and oh, their observable legal drug consumption patterns. 

I am actually interested in what the heck the technical details are.
Depending on what protocols are of interest, the different ways of how
multicast traffic is constrained (IGMP snooping) or L2 unicast converted 
(vendor specific) makes a lot of difference to what can be observed where.

If he can show some really useful stats he would create, i am all for giving
him all the access needed as long as we can make sure the IETF indemnifies
itself well enough so that it does not have to spend money later on some stupid
lawsuit with some disgruntled ITEF participant. But then again, i am using
a VPN tunnel for all my traffic anyhow. 


On Tue, Jul 14, 2015 at 07:29:28PM +0300, Jari Arkko wrote:
> > Rolf contacted me a while ago and I had him contact Jari for approval of
> > this "experiment". Jari has approved it.
> Right. I think it is a useful experiment and I find the privacy safeguards adequate.
> And indeed, the main purpose of passing this kind of experiments via the
> IETF chair is that I try to catch issues; in this case I reviewed the suggested
> safeguards and suggested some changes, and felt that the result was adequate.
> It is possible that there are legal or other standards that would specify in
> detail what we can and can not do. I am obviously not a lawyer either.
> I don?t mind passing this to someone who understands laws about
> human subject research or privacy, of course.
> Jari

> _______________________________________________
> 93attendees mailing list

Toerless Eckert,