Re: [Netrqmts] IETF 105 Minutes

Toerless Eckert <tte@cs.fau.de> Tue, 30 July 2019 22:23 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: netrqmts@ietfa.amsl.com
Delivered-To: netrqmts@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A42212023B for <netrqmts@ietfa.amsl.com>; Tue, 30 Jul 2019 15:23:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hnqb1BdjzpVl for <netrqmts@ietfa.amsl.com>; Tue, 30 Jul 2019 15:23:47 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1F421201EB for <netrqmts@ietf.org>; Tue, 30 Jul 2019 15:23:46 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id EFFD654802C; Wed, 31 Jul 2019 00:23:40 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id DD7EE440041; Wed, 31 Jul 2019 00:23:40 +0200 (CEST)
Date: Wed, 31 Jul 2019 00:23:40 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: netrqmts@ietf.org
Message-ID: <20190730222340.x6g232kpp7eadanp@faui48f.informatik.uni-erlangen.de>
References: <DF3803B7-C05B-4A31-B873-73A86B1416CE@vigilsec.com> <19915.1564514403@localhost> <20190730202439.zl6gjvzasxofvej2@faui48f.informatik.uni-erlangen.de> <27837.1564524525@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <27837.1564524525@localhost>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netrqmts/HHHadCp1CnZcrh9XXhU-opxX2lA>
Subject: Re: [Netrqmts] IETF 105 Minutes
X-BeenThere: netrqmts@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Meeting Network Requirements <netrqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netrqmts/>
List-Post: <mailto:netrqmts@ietf.org>
List-Help: <mailto:netrqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 22:23:51 -0000

On Tue, Jul 30, 2019 at 06:08:45PM -0400, Michael Richardson wrote:
> We used to see those people, they were in the terminal room re-installing
> windows 98.   Those days are over.  Firewalls have not prevents 14B a year of
> damage from trojans, and they never will as long as the MIME Security
> Considerations continues to be ignored.

Be that as it may. Whats the point of presenting an access thats
different from 99.999% of what users are experienced to ?

>     > all those users not working at the network level. I also think that
>     > folks who want to test if their applications work well and invested
>     > into ICE/STUN and other firewall traversal mechanisms (like RTCweb and
>     > other app groups), would maybe like to have something more reflective
>     > of relevant end-user access (with firewall).
> 
> A $22 home router fixes that problem.

Sure, but why would i have to bring my own WiFi<->WiFi home router to
the IETF to give me that function for the company notebook.

> I have been a NOC volunteer in decades past, and I've been involved in
> pulling "Long Range Ethernet" into places... at 4m vertical/floor, and 100m
> total for GbE over copper,  the 30th floor of some hotels was a problem.
> (Atlanta...)
> We aren't having to do this anymore.

Sure, but in return you're presented with all type of crappy
pre-existing L2 WiFi/LAN setup from the hotel, right ? Thats at least
what i was told when i asked about the Montreal setup. Sure, its
replacing real physcial labor with solving likely often proprietary
vendor configuration riddles. But impressive either way.

>     > Where would the discussion about what type of security options to
>     > offer/ document fit ?
> 
> I'd put them in /dev/null.
> I think that IETF participants are adults, and don't need this, and
> I don't think the IETF should take on the liability of offering anything that
> probably won't really help anyway.

Well, i think it does need at least to be documented better. And
actually asking the complete set of IETF attendents more formally via
something like a SurveyMoneky, would give more insight what they are
thinking after they have been educated.

>     > Not sure what other think to be meetecho problems. I only thoght the
>     > video quality from remote participants sucked but didn't get an answer
>     > whether thats because of unavoidable remote participant upstream limits
>     > or application level enforced uper bandwidth/quality limits.
> 
> Meetecho gets wired infrastructure into each meeting room.  
> If not for that, if the hotel had decent Access Points, then we might not
> have to wire the meeting rooms at all.  If the hotel had large enough
> capacity Internet, but perhaps too poor (bufferbloated) latency, we might be
> able to get by providing an appropriate network for Meetecho only via other
> means.

I guess the best thing i could think of would be to have a BCP RFC for
how hotels should build out their network infrastructure to be best
prepared for conferences/workshops etc. This could easily proliferate to
all the big hotel chain network people if many of us would just continue
to ask other conferences to check that document and discuss with the
hotel they are using. The Meetecho example would be excellent to justify
a better buildout. Likewise the need to easily be able to set up
multiple SSID, have easily accessible policies for multicast/broadcast
policing (the issue we had in Montreal), IMHO also private-VLAN style
security, and so on and so forth. But if we only pick to mention one
particular narrow and very IETF centric security model, i don't think
such a document would be seen as too useful.

> I know that Meetecho is used at other conferences, and I assume that those
> conferences do not bring the same kit that IETF brings, so I wonder what they
> do there, and what problems we are avoiding.

Right.

Toerless

> -- 
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [