Re: [Netrqmts] IETF 105 Minutes

Toerless Eckert <tte@cs.fau.de> Tue, 30 July 2019 20:24 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: netrqmts@ietfa.amsl.com
Delivered-To: netrqmts@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46627120256 for <netrqmts@ietfa.amsl.com>; Tue, 30 Jul 2019 13:24:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.951
X-Spam-Level:
X-Spam-Status: No, score=-3.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WmShvuMEMNC7 for <netrqmts@ietfa.amsl.com>; Tue, 30 Jul 2019 13:24:44 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE7712027B for <netrqmts@ietf.org>; Tue, 30 Jul 2019 13:24:44 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 4D588548002; Tue, 30 Jul 2019 22:24:39 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 3D280440041; Tue, 30 Jul 2019 22:24:39 +0200 (CEST)
Date: Tue, 30 Jul 2019 22:24:39 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: netrqmts@ietf.org
Message-ID: <20190730202439.zl6gjvzasxofvej2@faui48f.informatik.uni-erlangen.de>
References: <DF3803B7-C05B-4A31-B873-73A86B1416CE@vigilsec.com> <19915.1564514403@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <19915.1564514403@localhost>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netrqmts/5sG2ihr1n4kvrdqIHYg7MC8LqTY>
Subject: Re: [Netrqmts] IETF 105 Minutes
X-BeenThere: netrqmts@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Meeting Network Requirements <netrqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netrqmts/>
List-Post: <mailto:netrqmts@ietf.org>
List-Help: <mailto:netrqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 20:24:55 -0000

On Tue, Jul 30, 2019 at 03:20:03PM -0400, Michael Richardson wrote:
> +5.
> I find that the most important thing that the IETF meeting (network) does for
> people, is that it gives them an idea what a real end-to-end transparent
> network *can* be like.  Suddenly things that never worked for them work.

As i said in my prior mail to this list (which went without any reply),
most people nowadays wouldn't even know what it means to be directly on
the internet without any firewall, and i really question whether it is
prudent to ONLY have this option and NOT document it very clearly to all
those users not working at the network level. I also think that folks
who want to test if their applications work well and invested into
ICE/STUN and other firewall traversal mechanisms (like RTCweb and other
app groups), would maybe like to have something more reflective of
relevant end-user access (with firewall).

As much as we network layer nerds may like it, we should understand and
acknowledge that it doesn't represent a reasonable end-user-device
access method to not have any firewall. And i am mostly concerned about 
all those company notebooks used in IETF which too would expect even at starbucks
to have some degree of protection against scanning attacks. At leat on
one SSID.

> If we are going to continue to make such investments, can we somehow do so in
> a useful way?   Can we collaborate with the hotel to make changes that persist?  
> This goes into returning to the same hotels regularly, and *is* a mtgvenue
> discussion, not a netrqmts discussion.

I am already surprised how much the IETF noc team has been able to work
with hotels existing AP and access-LAN infrastructure and make it work
as good as possible. I do not always like the results (like in
montreal), but lets not underestimate the complexity of the job of the
noc doing this. 

> I think that we should split up the discussion into perhaps four areas.
> 
> 1) the L2/WiFi coverage of the meeting rooms for IETF participants
> 
> 2) the availability of IPv6 in the guest rooms [I don't mind captive portals,
>    *if* they follow our WG's specification...]
>    
> 3) the availability and flexibility of the bandwidth in/out of the conference
>    hotel(s).
> 
> 4) the architectural requirements for good IPv6 and good meetecho experience
>    within the venue.

Where would the discussion about what type of security options to offer/
document fit ?

> I think that the document tries to do this, but I don't get the impression
> the discussion split things up.
> 
> One could imagine a situation where the Meetecho network was a different
> network from the Participant network.  I'm not saying that's a good plan, but
> I'm saying that I think that we should think about whether we are expending
> a lot of effort in one area for reasons that are relating to another area.

Not sure what other think to be meetecho problems. I only thoght the
video quality from remote participants sucked but didn't get an answer
whether thats because of unavoidable remote participant upstream limits
or application level enforced uper bandwidth/quality limits.

Cheers
     Toerless