Session Date/Time: 05 Nov 2024 09:30

maprg

Summary

This meeting of the Measurement and Analysis for Protocols Research Group (maprg) featured presentations on a variety of measurement-related topics. Presentations covered network performance measurement, DNS behavior, congestion control algorithm reverse engineering, certificate mis-issuance mitigation, IPv6 scanning techniques, and IPv6 adoption in IoT devices. Several presenters were participating remotely from the IMC conference in Madrid.

Key Discussion Points

Network Performance Measurement (Bjorn): A tool providing network quality scores tailored to specific applications (video conferencing, gaming, streaming) was well-received by users. Participants noted the importance of independent, third-party standards for this type of measurement.
DNS Behavior (John): Experiments on DNS record expiration revealed unexpected behavior, with some resolvers caching records for extended periods despite configured TTLs. Participants suggested potential issues with experimental setup and referenced relevant prior work.
Congestion Control Algorithm Reverse Engineering (Margarita): A system (Abagnale) for generating simple implementations of CCAs from packet traces was presented. The system uses program synthesis to reverse engineer event handlers, which are then used to build complete CCAs. The discussion focused on the appropriate distance metrics for comparing collected and synthesized traces, as well as directions for future work.
Certificate Mis-issuance Mitigation (Puyang): An analysis of CAA, CT, and DANE usage showed that securing the WebPKI through these technologies is not widely adopted. DNSSEC penetration remains low, hindering DNS-based security protocols. Discussion centered on challenges in configuring CAA and DANE records, and the need for better tools, standardization, and feedback mechanisms.
IPv6 Scanning Techniques (Grant): Evaluation of different target generation algorithms for IPv6 scanning. Seed data set pre-processing (alias removal, inactive address removal) significantly impacts results. Using multiple TGAs in combination finds different addresses, improving overall discovery. Due to a technical glitch the presentation had to be truncated.
IPv6 Adoption in IoT Devices (Keanu): A study of IPv6 adoption in consumer IoT devices revealed that most devices are not fully IPv6-ready due to factors such as reliance on IPv4-only domains and improper DNS configuration. The privacy implications of using MAC addresses in IPv6 address generation were also discussed.

Decisions and Action Items

Action Item: John (DNS Behavior) to follow up with Wes Hardaker (USC/ISI) to debug experimental setup and review relevant literature.
Action Item: Margarita (Congestion Control) to present work to the congestion control working groups (ICRG and/or IETF).
Action Item: Puyang (Certificate Mis-issuance) to add information to the mailing list asking for feedback on DNS implementation.
Action Item: Participants to relay information on latency of DNSSEC in chat.

Next Steps

Continue research on DNS record expiration and caching behavior.
Further develop and refine the congestion control algorithm reverse engineering system.
Advocate for increased adoption of DNSSEC and improved CAA/DANE configuration tools.
Promote standardized evaluation methodologies for IPv6 scanning techniques.
Encourage IoT device manufacturers to improve IPv6 support and address privacy concerns.