Posts by huitema@social.secret-wg.org
(DIR) Post #AT5sfMOfMmUpAytmmO by huitema@social.secret-wg.org
2023-02-27T04:39:41Z
0 likes, 0 repeats
@bortzmeyer @TritTriton Sur ce suject, attraper des criminels par leur adresse Bitcoin, je recommende le livre d'Andy Greenberg, "Tracers in the dark" -- https://bookshop.org/p/books/tracers-in-the-dark-the-global-hunt-for-the-crime-lords-of-cryptocurrency-andy-greenberg/18264682?ean=9780385548090
(DIR) Post #AVaGY16Yv1l1eTBHlY by huitema@social.secret-wg.org
2023-05-12T16:12:46Z
0 likes, 0 repeats
@bortzmeyer Cela me rappelle les "bricoles" que dans les écoles à l'époque de mes grands-parents on pendait au cou des enfants surpris à parler breton!
(DIR) Post #AX9taE9FBTti4ZZWE4 by huitema@social.secret-wg.org
2023-06-28T18:31:59Z
2 likes, 2 repeats
A new RFC, about "Maintaining Robust Protocols". The original draft was titled "Postel was wrong", because Martin Thomson wanted to outline that "being tolerant with what you receive" leads to protocols drifting away from the standards, to the benefit of the largest "deviant". But this was too provocative. The final text is much milder.https://www.rfc-editor.org/rfc/rfc9413.html
(DIR) Post #AXAn0HhC6ziw5EtEJc by huitema@social.secret-wg.org
2023-03-08T18:07:16Z
1 likes, 0 repeats
@adamshostack @b0rk Danny Cohen's paper tells it all. CPUs and languages can be either big endian (ibm 360, English), little endian (intel 8086, Arabic) or baroque (pdp 11, German). For networking standards, you have to pick just one, you certainly don't want baroque, and thus "network order" is "big endian". And of course the name picked by Danny Cohen is based on Gulliver's Travels by Jonathan Swift, and refers to ways of eating eggs...
(DIR) Post #AXAn0IPVSFAYIfccNs by huitema@social.secret-wg.org
2023-03-08T18:13:34Z
0 likes, 0 repeats
@adamshostack @b0rk Of course, different network protocols can pick different endianess. There was actually a proposal to pick little endian logic for QUIC, because most of the code runs on little endian architectures (x86, arm). But tradition won.
(DIR) Post #AXAn0QD2STwwUJqm3s by huitema@social.secret-wg.org
2023-03-08T22:56:09Z
1 likes, 0 repeats
@SteveBellovin @b0rk @danmcd Lot's of early protocol choices where done based on CPU cost. Look for example at using exponential average with coefficient 1/8 for smoothing RTT measurements -- with 1/8 chosen because it can be computed as >>3. People were counting number of instructions when evaluating specifications!
(DIR) Post #Abt8CrfwlNBmloKno0 by huitema@social.secret-wg.org
2023-11-16T22:41:36Z
0 likes, 0 repeats
For a couple of years now, I have been working with Alain Durand at ICANN to collect statistics in DNS usage, patterns, etc. Data is updated monthly. Latest addition is a table of the concentration of DNS name servers, measured by looking at where the IP addresses of the servers are hosted. The big "winner" is of course Cloudflare, but there is also a significant correlation between being hosted by AWS or served by Akamai and have the DNS on the same network.https://ithi.research.icann.org/graph-m9.html
(DIR) Post #Abt8CtuYS23vhhBUqu by huitema@social.secret-wg.org
2023-11-16T23:00:44Z
0 likes, 0 repeats
And here is the graph showing the share of various providers, arranged by slices of the Majestic 1 Million, plus .COM shown for reference.
(DIR) Post #AccmM2U3a5PtmE8l5k by huitema@social.secret-wg.org
2023-12-08T21:35:28Z
0 likes, 0 repeats
@hrefna You are arguing for an intermediate state between "fully public" and "privacy enforced by encryption". I think the big issue is trust. The participants "trust" a set of parties to enforce the "guardrails" -- mostly, other participants in the group and the admins of their servers. Is that obvious to them? What happens if some trusted parties fail to enforce the guardrails? Once? Repeatedly? Because they were hacked?
(DIR) Post #AiQExhQ0QCEl9UFHBA by huitema@social.secret-wg.org
2024-05-28T04:10:05Z
0 likes, 0 repeats
@mnot The Internet is always evolving, and Geoff is right that security-by-TLS has beaten security-by-DNSSEC hands down. But then TLS credentials depend on proof-by-DNS, and thus from the security of DNS resolution. If we want to ditch DNSSEC, it would be nice to have some theory on the security of DNS resolution that does not have a circular dependency on the security of TLS.
(DIR) Post #AiQExjm3fB46SSZupU by huitema@social.secret-wg.org
2024-05-28T04:21:16Z
0 likes, 0 repeats
@mnot Geoff is also right that many of the efforts of the 90's did not exactly pan out. DNSSEC of course, but also BGPSEC which appears really hard to deploy, and IPSEC which has niche usage instead of being a fundational protocol. However, I think that completely replacing the end-to-end Internet by a CDN mediated infrastructure would enshrine CDN companies as gatekeepers. We should really think twice before swallowing that!
(DIR) Post #AiQUWqzoIrAEIuDJDs by huitema@social.secret-wg.org
2024-05-30T17:31:22Z
0 likes, 0 repeats
@jeroen @feld @mnot Dane pretty much means that the TLD managers set the policy. So we would get up to 1400 CA, probably much less because many orgs manage multiple TLDs. Still some competition, but changing CA would require changing name, and that's a big hurdle.
(DIR) Post #AiQUWsc8HrPdK39Qau by huitema@social.secret-wg.org
2024-05-30T18:09:35Z
0 likes, 0 repeats
@jeroen @feld @mnot the domain operation depends on the TLD continuing to advertise the name, and neither Dane not PKI will change that. The failure mode of Dane is if the TLD registry somehow hacks the client domain DNS data, so that a hacker (or a state agency) can intercept the domain's traffic. The domain has to "trust" the TLD management, because there is not much they can do if the TLD managers start colluding with attackers.
(DIR) Post #AiQUWuKTuSTudsuMMK by huitema@social.secret-wg.org
2024-05-30T18:24:02Z
0 likes, 0 repeats
@jeroen @feld @mnot If a CA is caught playing games, they will be taken out of the trust list of lots of key software and the domains will just get certs from different CA. But if a TLD plays games, the only remedy for existing domain users is to change domain names. That's why many people are uneasy, especially when it comes to ccTLD.
(DIR) Post #AlKZQFrg4ThiqCyIim by huitema@social.secret-wg.org
2024-08-25T15:55:35Z
0 likes, 0 repeats
@bortzmeyer Poutine a un petit problème. L'armée Russe utilise beaucoup de groupes Telegram. Si les services Français ont accès aux serveurs, ils peuvent lire le contenu de ces groupes et passer les mouvements de troupes aux Ukrainiens...
(DIR) Post #AnxUHbkMx5HqWSqs6K by huitema@social.secret-wg.org
2024-11-12T06:42:57Z
0 likes, 0 repeats
@tomjennings @dmgedgoods How many people here have used the "implicit typing" of the old Frortran versions, pre 77? Variable names starting with i, j, k, l, m, or n, were implicitly integers, other letters real. Funny how a convention of 50 years ago still influences the names of variables in modern languages.
(DIR) Post #As3fF5sxBaV3ir5NRo by huitema@social.secret-wg.org
2025-03-14T21:42:22Z
0 likes, 0 repeats
@bortzmeyer Une lecture détaillée montrera un changement d'approche. Protéger le réseau, oui. Mais aussi reconnaitre que des algorithmes classiques comme RENO et CUBIC ne minimisent pas les délais -- voir: bufferbloat. Permettre a de nouveaux algorithms d'innover, en ne demandant plus une "équité" avec RENO, mais simplement de "laisser une place raisonable aux autres".
(DIR) Post #Atr1QlwAx3pVGLApf6 by huitema@social.secret-wg.org
2025-05-07T14:47:11Z
0 likes, 0 repeats
@muellerwhh @icing @bagder The sad part about that is missing opportunities with AI. We do have a history of tools such as static analyzers making software better. I remember each successive improvement rooting out whole new categories of bugs. Machine learning could plausibly be used to produce super analyzers. But the current crop of AI tools does not do that.
(DIR) Post #AugMqvub6HEyYqM2Zk by huitema@social.secret-wg.org
2025-05-30T21:08:39Z
0 likes, 1 repeats
The IETF is making videos of previous meetings available by youtube. Youtube used to be freely accessible, but now requires signing in with Google account and opting into Google surveillance. Do people here believe that peertube could be a practical alternative? What would it take?
(DIR) Post #AyVWmsvCGEJGfo9aPg by huitema@social.secret-wg.org
2025-09-23T19:23:14Z
0 likes, 0 repeats
@rgacogne @bortzmeyer pifocodage?