►
From YouTube: COVID-19 Network Impacts Workshop, 2020-11-13
Description
Recording from Day 3 of the Internet Architecture Board's COVID-19 Network Impacts Workshop.
Day 1 Video: https://youtu.be/RTJNaE7TnGA
Day 2 Video: https://youtu.be/tleJg1_SGXM
Workshop home page: https://www.iab.org/activities/workshops/covid-19-network-impacts-workshop-2020/
A
Okay,
so
we
are
now
being
recorded,
welcome
back
to
day
three,
so
here's
the
I'll
just
I
have
two
more
slides
and
I'll
come
back
to
this
to
bash
it.
These
are
the
urls
just
as
a
reminder.
A
Yari
is
volunteered
to
help.
Take
some
notes,
but
I
think
you
know
people
doing
it.
Collaboratively
is
good,
so
go
to
the
pad
and
take
notes
of
interesting
things.
A
Yeah,
so
more
people
better
notes,
hopefully
yeah,
there's
the
workshop
thing
and
the
gift
repo
slides
for
today
these
slides
are
in
the
git
repo
and
my
last
slide
is
some
to
do's.
So
on
the
pad.
Can
you
check
at
some
point
that
your
name
and
affiliation
is
at
the
top
in
the
list
of
people
at
the
top?
A
If
you
go
and
look
up
the
urls,
if
you
made
a
submission,
just
check
the
right
version,
because
there's
some
people
updated
some
stuff,
we
may
or
may
not
have
gotten
it
all
correct
for
the
mic
line
for
today.
If,
if
and
when
we
do
need
a
mic
line,
just
use
the
convention
of
putting
in
q
plus
or
plus
q,
or
something
in
in
webex
chat
like
I
just
did
and
I'll
try
and
keep
track
of
that.
If
I
mock
it
up,
then
just
yell
at
me.
A
We
notes
we're
done
towards
the
end
of
today.
We've
also
kind
of
looked
for
some
feedback
about
the
format
of
this
workshop
yep
any
id.
You
know.
How
should
we
think
about
this?
If
we're
going
to
have
other
workshops
in
the
future
and
post
pandemic,
even
and
after
we'll
start
drafting
or
continue
drafting
the
workshop
report,
I
think
that's
in
the
git
repo
that
murray
has
created
a
file
there.
A
So
with
that,
I
just
I
wanted
to
just
bash
the
agenda.
So
this
is
your
chance
to
bash
the
agenda.
A
A
C
D
Okay,
so
jordan,
I
put
this
together,
I'm
sort
of
talking
for
a
second
about
as
an
application
type
of
guy
that
runs
stuff
over
the
network
network.
What
I
wish
the
network
gave
me
and
he's
going
to
talk
a
little
bit
about
why
I
might
not
be
able
to
get
that.
So
let
me
just
jump
into
this
pretty
quickly
here.
D
So
next
slide
the
particularly
as
people
have
moved
to
doing
all
this
web
conferencing
remote
learning
online,
that
you
know
we
have
all
kinds
of
people
working
from
home,
obviously,
and
one
of
the
real
issues
with
that
is
prioritizing
the
packets
on
the
downlink
to
people's
homes,
cable,
whatever
whatever
the
technology
is
for
that,
there's
there's
no
way
of
really
doing
that
and
we
end
up
with
all
of
our
stuff
really
mixed
together,
and
I
think
that
a
big
observation
for
me
that
came
out
of
this
covet
thing
and
it
had
to
do
with
with
youtube
and
others
moving
their
bandwidth
rates
down
was
the
last
thing
in
the
world
that
those
that
the
vendors
of
those
services
wanted
to
have
happen.
D
Maybe
not
the
last
thing
in
the
world,
but
one
thing
that
they
were
not
didn't
want
to
have
happen.
Is
people
say
I've
got
to
go
to
my
class.
Now
the
other
people
in
the
house
need
to
stop
watching
netflix
or
youtube
or
whatever.
It
is
because
my
you
know,
my
online
class
doesn't
work
while
you're
doing
that.
D
So
it's
actually
was
an
interest
to
make
it
possible
for
people
to
still
use
the
experience
but
to
reduce
the
quality
of
the
experience
at
some
level
in
a
way
that
that
allowed
everything
to
work
together,
and
they
went
there's
a
lot
of
discussions
back
and
forth
between
various
companies
on
this
between
various
lawyers
and
how
to
decide
how
to
to
do
that
and
make
it
work.
And
I
it
worked
out,
it
did
work
out.
You
know
most
points
in
time.
D
At
most
places
you
could
run
a
video
streaming
service
and
a
web
conferencing
application
simultaneously.
The
the,
but
that
would
be
would
have
been
a
crop
load
easier
to
do.
Had
there
been
some
way
to
and
would
have
worked
a
lot
better
if
there
was
some
way
to
prioritize
data
going
down
the
downlink
and,
of
course
this
has
been
known
for
many
years.
D
We'd
like
to
do
this,
but
it's
always
been
one
of
those
things
like
this
won't
work,
because
somebody
else
will
steal
all
the
bandwidth
of
it
and
it
will
be
no
fair
way
to
allocate-
and
I
think
the
observation
from
covid
that's
a
little
bit
or
from
this
copy
19
times
is
a
little
bit
different.
Is
that
was
actually
wrong.
Our
assumptions
about
people's
motivations,
only
the
big
apps
matter,
okay,
if
tons
of
little
small
apps
decide
seal
it,
it
makes
almost
no
difference.
D
It's
only
what
the
large
gorillas
that
use
significant
bandwidth
across
people's
do
matters.
Users
at
home
can
turn
on
and
off
apps
and
use
them
or
not
use
them
in
ways
that
control
what
happens
to
their
network
and
they
have
a
desire
to
have
something
to
have
on
their
network
and
the
various
competing
services.
Whether
you
know
youtube,
webex,
zoom
netflix.
All
of
these
it's
in
their
interest
to
find
a
way
to
prioritize
that
traffic
to
work
together.
D
So
if
there
was
a
very
simple
sort
of
less
than
best
effort
and
a
sort
of
higher
and
lower
priority
sort
of
a
very
minimal,
just
sort
of
code
point
marking
on
the
down
link
to
the
home,
I
think
it
would
help
a
lot
on
that,
whether
that's
possible
or
not.
I
mean
we'll
go
to
the
next
slide
in
just
a
second
here,
but
that's
that's
sort
of
the
desired
goal
from
an
application
point
of
view.
Does
that
make
sense
or
any
questions
about
the?
D
F
I
I
don't
know
about
that,
but
you
know
I
guess
the
question
is
you
know:
there's
been
a
lot
of
debate
about
the
sort
of
last
remaining
code
point
in
l4s
being
one
of
those
things
so
like
a
lowly
marking
that
could
be
used
by
an
app,
and
you
know
something
that
doctors
networks
are
working
on
at
the
moment.
F
But
you
know
this
has
been
discussed
for
a
while,
I
mean
honoring.
Dscp
markings
has
always
been
challenging
across
the
main
borders,
of
course,
but
you
know
maybe
just
pointing
out
in
your
example
here
a
potential
use
case.
It
would
be
interesting,
so
I
did.
I
sort
of
wonder
generally,
you
know
is
that
the
use
case
that
l4s
could
fill.
D
Yeah,
I
think
alforas
would
spill
with
no
problem
or
I
think,
there's
many
ways
to
skin
this
cat
l4s,
I
think,
probably,
would
meet
the
needs,
and
I,
my
personal
belief,
is
the
first
set
of
isps
in
the
world
that
managed
to
offer
a
great
gaming
experience.
That's
better
are
just
going
to
have
this
viral
marketing
mechanism
going
for
them.
That's
going
to
be
insane,
but
you
know.
E
And
so
I
want
to
jump
in
here
with
with,
I
think
two
things
I
think
cullen.
I
think
why.
E
E
You
know
the
kids
school
video
chat
that
I
do
you
know
my
work
chat,
because
I
can
go
and
move
to.
You
know
a
cellular
network
or
something
where
the
you
know
for
my
one
hour,
audio
call
or
something
or
something
else.
So
so
I
I
think
we
need
to
remember
you
know
the
the
by
you
know.
Obviously
the
internet
is
bi-directional
and
there's
different
buffering
behaviors.
You
know
c
c
buffer
bloat,
that
that
exists
in
devices
when
they
end
up
queuing
and
prioritizing
packets
and
and
that
behavior.
G
D
Mean
to
over
to
over
simplify
that,
but
all
of
these
apps,
like
all
these
apps,
are
doing
gift
serve
code
point
markings
across
the
wi-fi
network
and
inside
the
home
and
the
home
wireless
routers,
gnats
things
whatever
do
do
something
with
those
fairly
often
now
all
the
things
they
do
are
sort
of
wrong,
but
they're
not
so
wrong.
We
can't
sort
of
make
it
work,
so
that's
that
hasn't
been
our
biggest
pain
point.
E
And-
and
I
think
the
second
thing
is
that
quite
often,
there's
not
there's,
there's
not
a
diversity
of
provider
selection
available
and
that
also
poses
its
own
challenge
is
that
you
know
you
may
be
stuck
with
like
a
dsl
or
docsis
network
option.
You
know,
or
maybe
a
fiber
to
the
home
versus
docsis
as
the
two
solutions
and
you
may
not.
It
may
be
challenging
for
an
end
user
to
actually
get
the
network
service
that
they
desire.
E
So
so,
even
if
you
say
hey,
I
I'm
gonna
switch
to
jason's
network
because
it's
better
for
gaming,
jason's
network
isn't
universally
available,
because
maybe
it's
time
warner,
cable
or
something
in
that
area
or
or
sorry
a
charter
or
maybe
it's
you
know,
atlas
or
some
other
cable
company.
I.
D
Look
so
we've
had
many
problems
about.
You
know
whether
a
broadband
access
is
a
duopoly
or
monopoly
or
what
cartel
or
whatever
it
is,
but
I
mean
that
I,
this
doesn't
help
solve
any
of
those
things
but
boy
in
the
places
where
there
are.
I.
I
think
that
that
problem
is
a
separate
problem
which
will
take
care
of
it,
which
does
take
care
of
itself.
You
know
over
time,
but
right
now
we
don't
have
the
technology
for
them
to
compete
on
that
level
like
there's.
No,
you
know
it's
difficult.
D
I
think
today
I
look.
I
I
shouldn't
even
say
these
words.
I
don't
run
with
these.
You
go
both
both
of
you
guys
do,
but
it
does.
It
seems
difficult
for
people
to
compete
on
this
network
would
be
really
awesome
for
gaming
or
for
zoom
calls
today
than
than
just
basically
yeah
we
offer
you
know.
However,
many
megabits
per
second
of
downloading.
H
Hi
one
of
the
things
people
have
expressed
an
interest
in
is
just
some
kind
of
diagnostic
that
they
could
tell
whether
or
not
the
problem
is
their
problem
with
their
video
call
is
that
other
people
in
the
house
are
using
up
the
bandwidth
to
play,
games
names
or
it's
somewhere
down
link
or
it's
not
even
your
connection
at
all.
It's
somebody
else's
problem.
It's
really
hard
to
diagnose
these
things,
either
on
the
fly
or
any
given
time
I
mean.
D
Look
it's
very
true,
and
this
is
a
constant
problem.
I
think
all
the
app
you
know,
people
clone
up
webex
and
say
your
webex
call
sucks
and
we
don't
know
whether
it's
webex
was
the
problem
or
the
wi-fi
network
was
the
problem
or
the
wan
link
was
the
problem,
and
it's
generally
it's
quite
often
one
of
those
three.
But
it's
really
hard
to
tell
which
one
of
the
three
to
blame.
H
D
Being
able
to
talk
to
the
access
point
and
get
privacy
sensitive
information
about
what
was
going,
what
what
was
happening
across
the
the
wi-fi
link
versus
what
was
happening
across
the
wan
link
upstream
of
that
would
be
really
amazingly
useful,
and
I
think
that
you
know
that's
an
area
that
itf
could
drive
standards
on.
Is
it's
how
to
get
management
diagnostics,
information
from
access
points
about
the
apps
on
fl,
in
in
about
the
apps
on
flows,
I
want
to
be
very
highly
priced
at
privacy's
institute.
D
C
Yeah,
so
so
a
couple
of
points
just
to
chime
in
with
their
first
one,
which
is
also,
I
think,
popped
up
in
in
the
chat,
the
sort
of
us
markets
conditions
are
not
the
same,
so
the
conditions
in
other
markets
are
not
the
same
as
in
the
us,
so
in
other
words,
and
I've
seen
this
in
in
other
for
so
f4
there's
a
low
level
knowledge,
certainly
in
some
of
the
apps
developers,
about
the
conditions
that
apply
in
non-us
markets,
which
causes
decisions
to
be
made
which
are
non-optimal
in
most
of
the
world
or
lots
of
other
parts
of
the
world,
certainly
markets
far
bigger
than
the
us.
C
C
It
also
occurs
to
me
that
to
answer
some
of
these
questions
and
again,
I've
seen
these
surface
in
other
places,
maybe
occasionally
talking
to
the
some
of
the
service
providers,
would
be
a
good
thing
and
I'm
not
suggesting
by
the
way
that
column
wasn't
going
to
get
there
on
on
this
or
hasn't
done
that
in
the
past
I
should
add,
and
then
finally,
some
of
these
problems
could
be
solved
by
service
providers.
C
I
believe,
but
I
would
politely
observe
that
some
of
the
developments
within
the
itf
and
direction
of
travel
is,
is
to
obscure
a
lot
of
this
data
to
make
it
impossible
for
service
providers
to
do
network
management
to
provide
a
good
user
experience,
and
I
don't
think
some
of
the
people
doing
the
protocols
fully
understand
the
implications
of
what
they're
doing
and
that
from
an
end
user
experience
point
of
view.
That
can
be
really
bad
and,
dare
I
say,
not
consistent
with
rfc
8890,
for
example.
A
D
Right
this
is
webex.
I
get
to
unbeat
myself
yeah,
so
I'm
gonna
get
through
this
whole
thing
without
saying
spin
bit
you're
late.
I
think
there's
like
so
I
I
I
gonna.
You
know
what
I
said
in
the
in
the
the
chat.
Is
you
know
a
lot
of
environments,
sort
of
like
either
cloud
development,
environments
or
sort
of
like
large?
You
know
development
environments
like
the
one
that
I
deal
with
at
my
day.
D
Job
give
you
the
ability
to
do
sort
of
like
full,
end-to-end,
sampled,
rpc,
traces,
right
and
they're.
D
Super
super
super
super
useful
for
figuring
out
what
broke
and
a
lot
of
the
functionality
that
we're
asking
for
here
like
if
we
built
an
alternate
architecture
that
was
sort
of
at
the
rpc
layer
as
opposed
to
the
network
layer-
and
you
had
sort
of
you
know
some
sort
of
like
distributed
broker
thing
like
some
of
the
you
know,
I
think
some
of
the
the
work
1980s
was
going
this
direction
you
could
actually
slot
rpc
tracing
into
the
internet.
D
You
can't
do
that
a
lot
of
the
work
that
you
know
that
is
being
done
to
obscure
information
that
has
been
used
for
passive
measurement
in
the
past
is
not
specifically
targeted
at
obscuring
the
ability
to
trace
you
know
so
full
in
the
end.
It's
it's
targeted
at
reducing
the
amount
of
unintentional
radiation
right,
so
the
the
amount
of
data
that
you
didn't
actually
intend
to
put
in
the
wire
image.
That's
there.
D
I
think
there
is
a
there
is
a
room
for
research
into
how
you
can
get
closer
to
this
ideal
of
full
end
to
end
sort
of
flow
disposition,
tracing
and
an
on-demand
environment
right.
This
would
not
be
a
thing
where
the
isp
would
say
here
are
all
of
the
flows,
and
here
are
all
of
the
end-to-end
characteristics
of
those
flows.
It
would
be
more
of
a
you
know.
D
You
click
a
button
in
your
web
browser
and
it
talks
to
all
of
the
devices
along
the
path
that
are
enabled
for
for
doing
the
sort
of
tracing
in
order
to
create
a
trace
file.
Then
you
could
would
be
in
control
of
handing
to
somebody
right
like
you
need
to
design
this
in
a
way
where
you
know
end
user
control
of
the
metadata
came
first,
and
I
think
by
not
trying
to
hang
that
off.
D
Of
of
you
know
the
way
we've
done
this
in
the
past,
where
you're
unintentionally,
radiating
stuff,
you
have
the
ability
to
do
better
than
we've
done
in
the
past.
I'm
if
I,
if
I
knew
how
to
do
this
in
a
way
that
would
deploy
be
working
on
that
right
now,
but
I
think
it'll
be
really
really
useful
to
figure
out
what
could
be
done
incrementally
in
terms
of
sort
of
a
research
agenda
and
then
invest
in
that.
A
A
E
I'm
happy
to
to
talk
to
janna
at
length
about
anything
so
yeah.
So
when
colin
and
I
were
discussing
this
the
other
day,
I
said-
hey
well,
here's
why
the
isps
need
the
dscp
market.
E
You
know
we
can't
control
a
third
party,
we
can't
control
interconnect,
points
and
and
that's
why
many
companies
end
up
building
their
own
private
networks
and
there's
advantages
for
this
enterprise
networks.
They
tend
to
pay
more
money
than
wholesale
customers,
you
give
them
higher
sla
and
you
use
the
limited
number
of
dscp
bits
to
you
know
generally
provide
like
a
you
know,
a
bronze,
a
silver
or
a
gold
type
solution.
E
You
know
for
that.
You
know.
Customers
also
tend
to
be
very
sticky
on
these
services
and
they'll
actually
pay
to
extend
my
network.
You
know
to
locations
where
they
say.
Oh
well,
I'm
building
a
new
office
park
here.
You
know
I
already
have
you
know
either
this
mpls
service
or
you
know,
or
some
other
service
from
you.
You
know
I
want
to.
E
I
want
to
extend
network.
So
not
only
do
I
get
the
benefit
of
my
network
being
extended
by
these
people,
I'm
also
tending
to
charge
them
a
lot
higher
revenue
than
I
would
for
just
a
wholesale
ip
connection.
E
The
other
thing
is
when
it
comes
to
the
technical
implementation
on
the
routers,
once
you
configure
any
sort
of
rate
shaping
on
the
devices
generally,
it
will,
depending
on
the
platforms,
but
many
of
them
by
default,
we'll
stomp
on
all
the
dscp
bits.
E
They
may
say
I'm
going
to
connect
with
you
with
a
10
gig
port,
so
I
can
later
come
back
and
upgrade
my
contract,
but
I
don't
wanna,
I
don't
wanna
pay
for
more
than
two
gigs
of
traffic
that
way
they
can
budget
accurately,
and
the
other
thing
is
that
when
it
comes
to
these
bit,
you
know
the
bit
usage.
You
know
there
really
is
not
you
know,
aside
from
a
few
of
them,
there's
not
really.
You
know
a
consistent
standard
and
there's
no
incentive
for
inter-provider.
E
You
know
qs
or
dsp
markings
to
ensure
that
they
that
they
interoperate
and-
and
that
I
think,
is
really
you
know
really.
The
big
thing
is
that
there's
not
there's
not
a
market
incentive
for
people,
in
fact,
there's
a
disincentive
to
say
no.
I
want
to
have
these
people
be
sticky
on
my
network,
such
that
I
can
control
it
and
provide
that
controlled
experience
that
customers
is
paying
a
premium
for.
E
And
I
I
can
call
the
queue
if
you
want
stephen
janna.
I
Thanks
for
that
jared,
I
I
I
was
just
going
to
speak
to
something
slightly
different
from
earlier.
That's
basically,
the
point
I
was
trying
to
make.
The
point
that
I
wanted
to
make
is
that
we
were
talking
about
observability
and
being
able
to
do
these
things
with
with
traffic
going
through
the
networks.
I
was
going
to
say
that
at
a
high
level,
I
think
we
need
to
start
thinking
broadly
about
observability
and
tooling
differently
than
we
have
in
the
past.
I
I
mean
we
have
traditionally
thought
about
tooling
in
particular
ways
with
service
providers
with
operators
and
there's
always
been
contention
between
that
and
traffic
in
the
network
and
brian
already
mentioned
spin
bit-
and
here
I
am
mentioning
it
for
a
second
time,
so
you
truly
ruined
everybody's
day
now,
but
the
the
I
think
that
the
the
I
do
think
that
there's
a
real
problem
here
in
terms
of
us
being
able
to
to
to
see
what's
happening
both
at
the
end
users,
in
terms
of
what
the
quality
of
experience
is
for
end
users
ultimately
and
what's
happening
in
the
network
from
from
a
from
from
a
an
application's
point
of
view.
I
For
example-
and
I
think
that
I
would,
I
would
personally
be
more
interested
in
talking
about
more
explicit
measurements
on
aggregates
and
various
such
things,
making
those
kinds
of
things
visible
across
isp
boundaries,
instead
of
constantly
trying
to
do
this
on
a
per
flow
basis,
because
we
don't
actually
that
information
is
perhaps
useful
at
the
end
points,
but
pretty
much.
Nowhere
else
is
that
information
per
flow
information
is
really
that
useful.
I
I
I
I
like
I
said
I
do
think
that
this
is
an
important
problem
to
solve,
but
I
think
we
need
to
walk
away
and
try
to
walk
away
from
individual
flows.
We've
traditionally
used
individual
flows
because
I
believe
that's
where
information
has
been
available.
J
E
I
I
I
think
the
reality
of
things
like
dscp
is
that
there's
there's
really
insufficient
bit
space
available
for
the
levels
of
mappings
that
you
might
need.
K
E
Might
have
an
application
that
wants
to
say
you
know,
I'm
I'm
willing
to
go
into
the
junk
queue
and
kind
of
be
overflow
and
service
providers.
If,
if
there's
a
standard
bit
space
that
says
hey,
I
don't
want
to
you
know
you
know,
I
don't
want
my
equipment
to
stomp
on
this.
I
want
to
be
able
to
read
that
signal
and
then
whether
or
not
I
act
on
that
signal
on
a
policy
basis,
you
know,
based
upon
the
configuration,
I
I
think
is
you
know,
is
something
that's
feasible.
E
E
I
think
this
is
something
where
you
know
if
we
are
going
to
build
a
fully
differentiated
internet
where,
in
the
future,
if
we
want
to
develop
that
type
of
an
architecture
where
we
can
have
application
signal
that
have
end
user
signal
and
have
network
signal
these
behaviors,
we
need
a
lot
more
bit.
Space
build
to
be
able
to
do
that,
you
know,
and
that
I
think,
is,
is
really
kind
of.
The
crux
of
the
situation
is
that
there
is
such
a
limited
space
available.
J
Okay,
my
second
one
is
that
the
because
of
the
drcp,
you
also
mentioned
that
you
we
must
be
carefully
to
classify
the
traffic
to
the
different
dsap,
but
also,
I
think,
the
proposed
the
challenge,
the
because
your
the
dsap
is
indirectly.
J
So
I
think
that's
maybe
I
I
wonder
if
some
of
these
the
director
will
search
based
on
the
destination
ip
address,
or
this
can
also
be
used.
E
Yeah
and
and
and-
and
I
think
you
know,
there's
some
opportunity
to
do
things
and-
and
you
see
some
of
that
in
you
know,
so
we
have
some
people
internally,
who
propose
the
idea
of
using
the
dscp
bits
to
essentially
say
I
want
to
use
the
dsp
bit
to
pick
a
different
forwarding
table
on
the
device.
E
As
one
of
the
you
know,
as
one
of
the
solution
spaces
versus
doing
you
know
a
full
segment,
routing
or
other
types
of
implementation
which
might
be
you
know,
or
a
label,
you
know
or
label
based
lookup
to
identify
which
forwarding
table
to
use,
because
not
all
the
devices
that
are
in
the
path,
maybe
you
know
either
label
aware
or
you
know
we
may
not
want
to
pay
for
the
licensing
or
you
know
you
know,
or
whatever
may
come
into
play
with
that.
E
You
know
this
broadly
comes
down
to
an
economic
question
and
in
most
cases
for
the
service
provider,
it
is
cheaper
to
add
bandwidth
than
it
is
to
configure
dscp
correctly.
D
The
problem
is
no
amount
of
adding
bandwidth
solves
the
basic
problem
that
we
have
and
that's
that's
the
part
that
people
I
think
you
see
that
male
4s
work.
You
see
that
bumper
build
work.
I
I
mean
the
problem
is
not
lack
of
bandwidth
necessarily
right.
The
problem
is
the
the
implica
the
how
that
how
things
are
cued
in
that
bandwidth
and
there
are
many
ways
to
solve
that
cat
too.
I'm
not
saying
this
is
the
only
way
to
skin
that
cap,
but
it's
just.
A
So
I
guess
the
queue
seems
to
be
me:
brian
janna
and
then
matt,
and
maybe
we
take
off
this
topic
a
little
and
move
on
to
the
next
one.
On
the
question
of
observability,
I
mean
I,
I
I
think
that
this
is
certainly
something
worth
looking
at.
A
On
the
other
hand,
you
could
say
this
is
pretty
because
at
least
in
one
implementation
on
android,
it's
also
implemented
as
part
of
google
play
services,
which
is
actually
not
very
good
from
a
privacy
point
of
view,
because
it
keeps
calling
onto
google
in
various
ways.
So
it's
unclear
to
me
whether
we
can
really
tie
this
down
at
a
protocol
level
or
not.
I
think
we
could
it's
certainly
worth
thinking
about
how
you
how
you
would
make
things
more
sensibly
observable
in
a
privacy-friendly
way.
D
So
on
on
the
observability
point
I
just
want
to,
I,
I
just
want
to
go
to
something
that
that
jared
just
said
that
I
put
in
the
notes-
and
it
kind
of
struck
me
right
like
we're
talking
about
you-
know,
research
into
sort
of
like
distributed
tracing
privacy,
preserving
distributed
tracing
for
network
performance
right,
which
I
agree,
is
a
very
hard
problem.
D
I
don't
think
it's
an
unsolvable
problem,
because,
at
least
on
the
technical
side
of
things
we
do
our
pc
sampling,
like
at
large
scales
in
many
environments,
which
are
not
only
single
provider,
single
single
administrative
domain,
but
we're
talking
about
things
that
are
going
to
be.
You
know,
you
know
fiddly
and
twitchy,
and
things
that
are
fiddling
and
twitching
are
also
opportunities
for
network
vendors,
to
charge
additional
licensing
fees
and
the
thing
that
that
karen
said
is
like
for
the
service
provider.
D
Adding
bandwidth
is
cheaper
than
turning
the
scp
on
right,
like
the
sap
is
one
bit
right.
We're
talking
about
our
one
part
returns
it's
six
bits,
but
it
usually
gets.
It
is
eight
bits,
which
is
why
ecn
doesn't
work
like
and
if
we,
if
we
can't,
like
you,
know,
figure
out
how
we're
going
to
economically
turn,
you
know
six
bits
of
signaling
on
more
than
six
bits
of
signaling
is
going
to
be
harder
to
deploy
as
well.
D
I
still
think
it's
worth
so
what
you
said
stephen
about
like
this,
not
being
necessarily
the
protocol
issue.
I
think
it.
It
probably
isn't
a
protocol
issue,
and
probably
we
even
the
ietf
in
this
discussion,
focus
too
much
about
too
much
on
which
bits
do
we
put
on
and
a
little
bit
less
on
the?
What
is
the
the
interaction
model
right,
like
so
who's
in
control
of
when
something
gets
measured
and
who's
in
control
of
how
that
data
flows?
D
I
think
stepping
back
from
the
protocol
a
little
bit
and
working
on
that
problem
might
be
a
way
to
break
that
particular
log
jam,
but
but
keep
in
mind
that
like,
if
you
know
if
we
can
say
that
adding
bandwidth
is
cheaper
than
turning
the
sct
on
for
a
service
provider,
then
maybe
we
should
just
invest
in
adding
bandwidth.
A
Okay,
I
think
I
have
janet
and
then
matt
in
the
queue
and
I'm
suggesting
that,
after
that,
we
move
on
to
the
next
topic
unless
something
yells
about
it.
Yeah.
E
Yeah,
I
just
want
to
comment
back
to
to
brian
quick
and
say
that
I
can
buy
like
a
32
by
400
gig
box
for
for
less
than
10
grand
and
so
for
adding
the
ban
like
adding
the
bandwidth
like.
If
I'm
going
to
pay
a
software
license
for
mpls,
it's
probably
going
to
be
a
cost
and
I'm
going
to
pay
that
per
device.
I
Janna
thanks
steven,
so
I
I
I
agree
with
what
brian
said.
I
think
that
this
is
definitely
not
a
protocol
issue
in
my
opinion,
and
I
think
in
terms
of
just
the
protocol
issue,
I
I
actually
on
this
particular
point
I'll
say
I
agree
with
jared's
slide
here.
This
is,
I
think
the
the
ship
has
sailed
on
using
dhcp
for
anything,
but
what
it's
being
used
for,
but
that's
my
personal
opinion.
I
It
doesn't
hold
that
much
it's
it's
used
extensively
within
with
an
isps,
and
it's
used
extensively
for
reasons
that
hardware
does
hardware,
does
what
you
want
to
do
with
the
acp
and
you
can
define
these
code
points
to
mean
whatever
you
want
them
to
mean
and
hardware
will
do
it
for
you
at
line
speed
and
that's
really
useful
and
gets
used
all
over
the
place,
because
of
that
so
using
it
as
an
end-to-end
signal
of
something
is,
is
a
very,
very
long
shot,
but
on
the
other
hand,
if
we
move
away
from
the
protocol
itself-
and
we
ask
the
question
we
step
back
and
ask
the
questions
that
may
have
very
different
answers
than
what
they
did
20
30
years
ago.
I
I
L
Find
the
unmute
button.
I
I
wanted
a
second
list
in
a
different
way.
There's
a
there's!
Another
fundamental
reason
why
bandwidth
is
cheaper
than
control
I'll
put
boy,
and
that
is
during
non-crisis
time,
not
having
a
bandwidth
means
that
you
end
up
having
to
arbitrate
wishing
your
customers
can
watch
high-definition
video.
L
I
would
be
surprised
if
dscp
actually
has
much
effect
during
non-crisis
time
than
isps.
I
I
don't
have
any
data
on
that.
Just
because
it's
cheaper
than
control
and
crisis
excuse
me
and
then
the
other
thing
that
people
want
to
have
is
is
controlling
the
last
mile
because
of
low
delay,
applications
and
the
large
queues
being
at
the
last
mile.
So
it
makes
it
makes
sense
there
in
the
default
sort
of
environment
in
crisis
environment,
it's
a
very
different
problem
and
that's
what
we
hit
over
situation,
coveted
bump
and
there
it's.
L
You
really
do
need
to
train
bandwidth
and
at
that
point
we're
not
under
using
qos.
In
the
sense
we
since
we're
not
using
the
signaling
or
haven't
been
using
the
signal,
we're
not
appropriately
configured
to
do
the
right
thing
with
it
and
manual
traffic
management
telling
people
you
have
to
get
off
now
is
always
a
fallback
for
the
home
users.
D
L
If
it's
an,
if
it's
not
a
crisis
time
as
a
as
a
business
concern
for
access
to
isps,
they
want
all
their
customers
to
be
able
to
support
streaming
videos
and
whatever
their
economic
reality
is,
but
some
large
fraction
of
their
users
to
support
video
and
that
that
load
is
so
much
larger
than
everything
else.
The
aggregate
of
that
load
is
so
much
larger
than
everything
else
that
everything
sort
of
fits
in,
underneath
it
right
it
and
and.
D
The
I
don't
okay,
we
could
talk
about
oblong.
I
do
not
think
that's
true
if
you,
whether
it's
running
video
in
a
zoom
call
and
a
youtube,
call
at
the
same
time,
always
compete
with
each
other
and
they
both
can
drive
the
video
bandwidth
beyond.
Whatever
bandwidth
you
have
available,
no
matter
what
bandwidth
you
have
available
across,
you
know
broadly
available.
They
will
both
deliver
services
at
a
higher
bandwidth
than.
D
L
The
issue
is
it's
just
it's
the
high
pressure
on
smaller
services,
things
like
file,
sharing
document,
sharing,
email
and
such
like
that,
which
are
perhaps
more
economically
important
web
transactions
for
doing,
purchasing,
ordering
and
stuff
like
that,
which
is
all
relatively
low
bandwidth
and
actually
not
latency.
Sensitive
making
video
calls
work
well
on
your
crisis
does
require
a
good
big
qos
service.
A
Okay,
I'm
going
to
suggest
we
kind
of
move
on
because
I
suspect
some
of
the
same
discussion
will
come
up
under
security
or
anything
else
anyway.
So
and
so
the
next
topic-
people,
I
think,
wanted
to
talk
about,
was
kind
of
generic
sort
of
security
effects
and
I
think,
there's
kind
of
two
directions
here.
A
One
is
like
what
kind
of
new
threats
or
changes
and
threats
did
we
see
during
the
course
of
the
pandemic,
and
I
guess
the
other
kind
of
direction
is
what
kind
of
security
tools
did
we
have
that
we
started
using
more
during
the
pandemic
and
so
on?
I
don't
think
I
have
any
anybody
sent
me
explicit,
slides
on
this
unless
dominique's
one
is
intended
for
this
bullet,
I
wasn't
clear
so
what
I
was
just
going
to
do
was
kirsty
is
kirsty
on
the
call
today
I
guess
so
or
not.
A
I
haven't
worked
yeah,
so
I
was
just
going
to
pop
up
the
mail
you
sent
if
and
maybe
use
that
just
to
kind
of
kick
off
some
discussion.
If
that's
okay
with
you.
A
I'm
not
is
that
I'm
not
sure.
I
have
no
idea
how
visible
that
is
to
people,
but
you
couldn't
get
them
out
last
night
anyway,.
A
Good,
that's
a
nice
surprise!
So
why
don't
we
let
kirsty
talk
to
that
mail
and
maybe
that
will
just
kind
of
lead
us
into
the
discussion
and
dominique
slides
it
for
the
next
topic.
That's
fine!
So
kirsty!
You
want
to
chat
about
this.
G
Yeah
sure
I
guess
this
is
because
on
wednesday
I
raised
kind
of
the
security
posture
that
we
were
seeing
during
the
covid
stuff.
Really
so
since
march,
really
for
the
ncsc,
we
just
published
our
annual
review
and
it's
been
a
kind
of
year
of
two
halves
where
we
have
the
before
march
kind
of
normal
business
as
usual,
and
then
the
post
march,
where
the
ncsc's
workbook
looked
very
different.
So
some
of
the
stuff
you
might
be
aware
of,
like
the
coded
apps
and
all
that
kind
of
stuff.
G
But
what
I'm
really
focusing
on
here
is
the
shifting
attacks
that
we
saw
so
what's
quite
difficult.
I
suppose,
in
conjunction
to
a
lot
of
the
stuff
we've
already
seen
where
there's
a
lot
of
graphs
and
nice
measurements,
and
you
can
see
a
real
uptick
in
traffic
volumes
and
stuff.
What
we
see
instead
is
maybe
not
an
uptick
in
total
attacks,
but
a
shift
in
the
lures
being
used
and
the
attacker
behavior
and
the
shift
in
targets.
G
So
I
think
it's
going
to
be
quite
hard
to
look
at
kind
of
numbers
to
really
get
across
what
we
saw
as
an
impact,
and
so
the
impact
here
is
not
necessarily
an
overall
increase
in
in
certain
things,
it's
just
more
pivot
from
attackers.
G
So
I
can
describe
a
bit
of
this,
this
email
and
it's
just
taken
from
our
annual
reviews.
It's
very
high
level,
gisted
stats,
but
we
have
this
takedown
service
where,
if
we
see
a
malicious
ill,
then
we
we
can
contact
the
service
and
get
them
to
take
down.
G
Usually
the
url
taken
down
because
of
copyright
actually
from
using
a
government
logo
which
is
quite
amusing,
but
they
are
they're
taken
down
for
various
reasons,
and
so
you
can
see
some
stats
here
in
terms
of
this
latest
year,
how
many
were
taken
down
across
the
whole
year.
So
one
thousand.
F
G
710
fishing
urls
disc,
that
were
discovered,
were
taken
down
and,
of
course,
these
are
just
ones
that
have
been
discovered.
So
I
don't
know
how
many
there
are
in
total,
but
these
are
the
ones
we
discovered
and
were
taken
down.
You
can
see
what
proportion
were
associated
with
uk
government
themed
attacks
and
then
there's
just
a
nice
bit
that
our
global
share
reduced.
G
So
that's
a
nice
success
story
for
us
and
but
then,
since
march
we
have
a
focus
on
what
the
corona
virus
themes
that
began
to
be
used,
and
this
is
kind
of
relating,
I
suppose,
to
my
position
paper
a
bit
that,
in
terms
of
a
pandemic
situation
like
we
haven't
studied,
I
think
it's
an
interesting
question.
If,
in
a
pandemic
situation,
you're
isolated,
you
might
be
spending
a
lot
more
time
online
than
you
would
be
before,
and
so
your
tolerance
to
fishing
might
decrease.
G
So
there's
a
socio-technical
element
to
that
that
we
haven't
researched
fully
but
whatever,
for
whatever
reason,
coronavirus
teams
began
to
be
used
and
you
can
see
the
split
there
in
terms
of
what
they
were
associated
with
selling
bogus
ppa
like
pressing
on
people's
fears
to
sell
vaccines
and
stuff,
and
some
were
just
using
that
as
a
hook
to
get
money
quite
a
lot
of
them
somewhere
just
to
distribute
malware.
G
And
so
what
can
we
say
about
this?
So
stephen?
I
thought
you
came
back
with
a
request
for
how
this
compared
to
last
year
and
sorry-
I've
been
quite
busy
today.
So
I
haven't
fully
found
this,
but
I
guess
what
I
did
find
our
annual
review
from
the
previous
year,
and
so
in
the
previous
year
we
actually
took
down
177
000
fishing
euros,
which
was
roughly
23
000
a
tax
per
group,
and
so
what?
What
can
you
deduce
from
that?
G
Actually,
maybe
we
just
got
worse
at
detecting
fishing
you'd
like
to
think
year
on
year,
we're
getting
better.
So
in
theory
the
number
of
fishing
urls
discovered
should
increase.
Perhaps
it's
very
hard
to
quantify
that
or
if
it
at
least
stays
static,
we
can
say
okay,
why
did
we
have
a
reduction
in
this?
It
might
be
because
different
access
sectors,
other
than
phishing
and
were
found
like
there
might
have
been
a
better
way
to
gain
access.
One
specific
example
is
the
increase
in
vpn
vulnerability
exploitation.
G
So
we
saw
an
increase
in
scanning
for
those
vulnerabilities
and
that
you
could
hypothesize
is
because
there's
a
more
chance
that
a
target
you're
interested
in
is
using
a
vpn
service
right
like
if
it's
being
more
commonly
used
again,
it's
quite
hard
to
definitively
point
to
that
and
to
measure
it,
but
we
can
just
in
a
qualitative
way.
G
We
can
say
that
we've
seen
a
tax
where
that
has
been
the
initial
foothold,
whereas
in
other
campaigns,
perhaps
it
would
be
more
of
a
phishing
email,
so
yeah
the
the
numbers
themselves
are
just
kind
of
illustrative.
I
think
we
have
a
lot
of
experience
and
yeah.
We've
had
a
lot
of
incidents
that
we've
managed
that
have
dealt
with
cavities
the
theme,
and
so
I
suppose
it's
just
kind
of
what
what's
really
interesting
is
that
pre-march.
G
Basically,
there
were
no
campaigns
using
this
at
all
and
then
post
march
we
saw
a
rapid
increase
in
like
domain
registrations
for
coronavirus
related
names.
Some
of
those
are
legitimate,
but
quite
a
lot
we're
not,
and
so
I
guess
it's
just
kind
of
what
we
haven't
really
seen
before.
Is
this
sudden
from
zero
to
a
lot
of
attacks
using
a
certain
zero.
G
Launching
the
vulnerability
and
suspicious
email
reporting
service
so
that
you
are
able
to
kind
of
increase,
yeah
increase
that
layer
of
defense,
but
it's
just
it's
just
a
question:
that's
still
quite
a
manual
intervention,
so
I
guess
that's
kind
of
all.
I
have
to
say
about
that
email
I
can
send
some
follow-up
stats,
but,
like
I
said
I
feel
like
comparing
absolute
numbers
is
not
is
not
telling
the
full
story,
because
there
is
a
narrative
in
terms
of
her
incidents.
G
There
are
some
advisories
that
describe
this
as
well,
but
like
for
various
incidents,
the
initial
attack
factor
is
different.
The
lure
used
is
different.
Even
the
target
set
is
different,
so
we're
seeing
sectors
that
haven't
been
targeted
before
now
being
targeted
because
what
they
have
in
a
pandemic
situation
is
perceived
to
be
more
valuable.
A
Yeah,
I
guess,
and
thanks
for
kind
of
having
a
look
back
at
last
year's
numbers
and
yeah,
I
think
you're
right,
you
can't
they're
not
as
easily
comparable
as
kind
of
iterates
from
year
to
year.
I
I
think
one
thing
I
take
away
from
this
is
this
probably
in
terms
of
measuring
security
and
so
on.
A
There's
there's
work
to
be
done
in
figuring
out
what
things
to
measure
and
how
to
do,
because
I
mean
you
see
the
kind
of
annual
reporting
from
like
the
likes
of
yourselves
or
from
some
security
vendors
that
produce
these
interesting
reports
every
year,
but
they're
they're,
yeah
they're
not
commensurate
with
each
other
they're,
not
even
necessarily
commensurate
from
year
to
year
with
the
same
kind
of
source.
So
I
think
there's
there's
probably
some.
How
do
we
measure
interesting
security?
Things
work
to
be
done.
A
The
second
thing
I
I
was
wondering
about-
and
I
don't
know
the
answer
here-
either-
is
all
everybody
going
working
from
home,
presumably
does
create
some
new
kind
of
it
changes
the
kind
of
risk
in
in
various
ways,
some
obvious
ways.
It
might
create
more
risk
or
more
likelihood
of
an
attack
succeeding,
and
I
think
he
called
it
a
couple
of
those.
A
It
might
also
have
the
opposite
impact
too,
because
we
may
have
been
moving
from
a
place
where
a
lot
of
people
were
doing
like
a
little
bit
of
work
at
home
or
using
the
using
some
really
unmanaged,
five-year-old
laptop,
that's
still
running
about
an
operating
system,
and
then
they
moved
to
actually
having
a
little
bit
of
help
from
their
sysadmins
or
being
given
a
a
laptop
to
bring
home,
which
I
think
happened
in
a
lot
of
cases
and
that
might
actually
have
improved
security
for
them
and
decreased
decreased
risk.
But
we
don't
know
so
yeah.
A
I
guess
my
main
thing
on
this
topic
is
that
it
would
be
great
to
to
figure
out
how
to
measure
things
a
bit
better,
because
I
I'm
not
sure
I've
seen
good
discussion
of
of
the
effect
of
the
pandemic
now,
maybe
also
that
it
might
happen.
Maybe
there's
a
whole
bunch
of
papers
going
to
be
at
ndss
next
next
january
february,
whatever,
and
then
it
will
have
been
done.
A
M
Yeah
hi
thanks
for
sharing
this
data,
that's
actually
interesting.
I
do
have
a
question
more
on
your
other
mail,
a
little
bit
because
you
said
that
we
should
think
about
protocol
work
to
to
address
vulnerabilities
in
in
the
remote
infrastructure,
remote
working
infrastructure,
but
this
is
kind
of
it's
still
very
a
little
bit
high
level
for
me,
because
the
remote
infrastructure
is
not
like
the
one
infrastructure,
everybody
use
it
right.
It's
like
different
components.
M
It's
conferencing
tools,
it's
vpns
and
so
on
so
I'm
I
know.
I
think
I
don't
have
a
good
understanding
if
there's
anything
special
about
this
infrastructure
that
we
didn't
consider
yet
or
it's
just
like
a
bunch
of
applications
that
we've
been
talking
about,
and
then
the
other
point
is
also
that
I
think
a
lot
of
the
problems
we've
seen
and
including
the
one
about
zoom,
for
example,
that
you
mentioned
as
an
example,
is
really
people
not
applying
our
protocols
correctly
or
not
like
developing
an
application
in
a
secure
way.
M
Even
so,
I
think,
like
certain
security
standards
are
well
known,
so
it's
really
an
educational
problem
rather
than
a
protocol
problem
and
say
like
currently
we're
discussing
this
at
a
very
high
level.
We
need
to
do
something
because
there
obviously
is
a
problem,
but
it's
not
clear
who
should
be
doing
it
at
which
layer
and
and
you
know
what
exactly
so.
We
need
a
much
deeper
dive
in
there
or
do
we
have
further
sorts
of
insights.
G
Can
I
come
back
on
your
point
and
also
stephen
before
so
yeah,
so
the
question
I'm
asking,
is
I
mean
it's?
Not
it's
not
presupposing
anything
can
be
done
actually
like.
We
might
take
an
honest
look
at
this
and
say
actually
we've
done
everything
we
could
do
from
the
protocol
side
of
things
and
yeah
the
solutions
fly
elsewhere
and
the
question
it's
a
question
to
be
asked
like
what
could
be
done.
G
So
I
guess,
like
phishing,
is
a
very
easy
example
where
we
we
know
we
have
four
layers
and
helping
users
in
educating
them
is
only
one
of
those
layers
right,
and
so
we
can
do
what
we
can
do
in
that
layer
and
we've
done
a
lot
of
technical
research
on
what
lands
best
there,
but
the
other
layers
in
terms
of
like
making
it
harder
for
attackers
to
reach
your
users
from
in
the
first
place
like.
Is
there
something
that
can
be
done
there?
G
Is
it
just
encouraging
uptake
of
existing
protocols
that
are
already
out
there?
I
think
it's
just
a
question
and
it's
not
presupposing
anything
can
be
done
right.
It's
just
like
a
question
for
me
when
we
think
about
the
network
impact
yeah,
so
I
mean
for
infrastructure
you're
right
like
it's
a
range
of
stuff.
G
That
was
a
way
of
keeping
in
touch
with
their
families
and
so,
from
a
citizen
point
of
view,
that's
kind
of
our
focus
and
that's
that's
what
we're
thinking
about
and
then
you
have
obviously
from
an
enterprise
point
of
view.
Like
stephen
said
people
being
given
a
laptop
and
told
to
go
home
and
for
some
companies
that
may
have
improved
their
security
posture,
but
I
think
where
we
have
seen,
incidents
has
been
obviously
where
that
hasn't
worked
well
and
so
a
poor
roll
out
of
infrastructure
or
a
rushed.
G
I
mean
in
fairness.
It's
not!
It's
not
poor,
it's
just
time
constrained
and
it's
difficult
when
you
have
a
large
fleet
to
manage
where
we've
seen
that
been
done,
poorly
or
outdated.
Yes,
software
being
used
and
so
vulnerabilities
exist
that
are
being
exploited.
That's
the
kind
of
stuff
we
talk
about.
G
I
guess
it
is
unfortunate
because
for
security,
unless
you're
in
the
industry-
and
there
are
some
people
on
this
call-
I
think
who
are
kind
of
experts
in
this
field
and-
and
you
are
actually
managing
incidents-
then
we're
not
going
to
make
exact
details
of
an
exact
attack
public,
it's
very
difficult
to
anonymize
it,
and
obviously
we
care
about
the
privacy
of
people
and
organizations
and
reputational
risks
and
stuff.
G
So,
but
what
we
can
say
is
that
you
know,
as
a
group
of
incidents
of
the
collection
that
we
manage,
we
have
seen
increases
that
we
ascribe
due
to
the
shift
into
homeworking
and
the
rising
vpns
and
the
rising
like
these
kind
of
vulnerability,
like
sorry,
rising
users
who
are
being
more
vulnerable,
who
are
spending
longer
online
and
have
more
access
to
these
kind
of
security
scams
than
perhaps
previously
and
so
yeah.
G
N
N
N
I
think
security
is
one
such
area
because
kovat
amplified
the
law
of
the
internet
in
the
society.
Forced
many
people
who
previously
didn't
depend
on
the
internet
to
do
their
business,
but
now
they
do
so,
let's
not
think
about.
Oh,
we
handle
the
bandwidth
well,
so
we
succeeded
in
keyword
I
mentioned.
I
think
I
added
into
the
etherpad
notes
that
handling
the
backbone
internet
or
whatever
anything
beyond
last
mile.
That's
where
we
spend
the
years
of
years,
so
we
know
how
to
handle
those
stuff.
N
It
is
the
connectivity
to
the
residency
area,
that's
where
not
much
attention
has
been
paid
and
we
fall
short
in
tools
in
understanding
any
solutions,
but
I
want
to
go
back
about
the
security.
Sorry
for
thinking
so
long,
education
for
security
has
been
there
for.
As
long
as
I
can
remember,
the
question
we
need
to
ask
ourselves
is
how
effective
it
has
been.
N
If
one
can
learn
from
the
past,
you
can
project
in
the
future
how
effective
it
can
be.
The
the
another
thing
is
about
the
ietf
that
will
been
spending
so
much
efforts
on
security.
N
There's
a
a
number
of
working
groups
developed
the
solutions
you
know,
dns
cycles
is
the
first
one
I
got
involved
a
bit.
Then
there
is
a
bgp
security,
then
there's
a
d
game
and
there's
other
things.
My
pro
memory
cannot
remember
much.
The
question
is
how
much
effort
have
we
put
in
and
how
effective
they
have
been.
This
relates
to
yet
another
question:
how
do
we
handle
security?
N
N
Every
application
take
care
of
themselves,
I'm
not
suggesting
solution,
one
way
or
the
other,
but
I
think,
whichever
way
the
ib
believes,
let's
write
it
down
and
see
if
the
community
agrees
and
open
that
discussion,
I
just
so
far
haven't
seen
any
clear
documentation.
What
is
our
kind
of
basic
approach
to
address
the
security
challenges?
N
A
N
N
And
in
terms
of
in
terms
of
the
fake
news
today,
I
don't
remember,
we
had
anything
similar
back
10
years.
You
might
think
this
is
way
beyond
the
ietf
coverage.
Yes,
but
the
hosts,
I
mean
it's
a
security,
piecemeal
solution.
We
take
care
of
our
own
piece
or
there's
something
much
bigger
picture.
We
have
to
take
the
overall
view,
the
so
I'll
just
end
up
here.
I
think
that.
N
O
The
queue
hi
there
so
jersey.
I
wanted
to
thank
you
for
calling
out
the
the
range
of
different
kinds
of
security
issues
that
and
and
reliability
issues
that
come
up
with
your
messages
that
you
sent
to
the
list
with
kobit,
and
it
occurs
to
me
from
thinking
about
what
you've
written
that
we're
really
in
a
scenario
that
is
sort
of
like
the
september
that
never
ended
right
like
when
the
on
the
web,
you
know
suddenly
became
something
that
the
general
public
used.
O
There
was
this
huge
influx
of
new
users,
and
there
were
a
lot
of
a
lot
of
things
that
had
worked
for
folks,
who
were
comfortable
sort
of
digitally
before
it
became
obvious
that
they
were
sort
of
falling
apart,
and
I
think
maybe
one
of
the
things
that
you're
pointing
to
is.
O
That
is
that,
as
as
we
had
a
sudden
influx
of
people
who
didn't
who
weren't
used
to
living
online,
who
suddenly
became
used
to
living
online,
those
folks
became
vulnerable
to
all
the
things
that,
maybe
I
don't
know,
digital
natives
were
more
used
to
working
around
or
or
you
know,
protecting
us
as
bogus
talking
about
fishing
or
spam.
O
You
know
a
huge
part
of
that
has
nothing
to
do
with
protocols.
It
has
to
do
with
user
interface
and
user
expectations
and
how
we
manage
and
set
those
things
and.
O
Ietf
doesn't
do
stuff
at
that
layer,
but
we
do
things
that
that
provide
inputs
to
those
layers
that
could
provide
guidance
that,
like
how
pre
be
done
without
saying
you
know,
you
have
to
show
this
many
pixels
of
warning
or
whatever,
but
I
but
I,
but
it
seems
to
me
like
what
what
you're
talking
about
is
that
we
really
need
to
do
more
to
think
about
what
kinds
of
indicators
we
pre.
O
So
anyway,
just
it
seems
to
me
like
there's
a
there's,
a
question
about
not
only
user
interface
research
but
protocol
level
research
about
what
indicators
do
we
think
the
user
interface
people
need
to
be
able
to
expose
effectively
or
or
how
to
make
them
actionable.
I
mean
you
know
I
would
be
interested
in
seeing
that
kind
of
work
done.
I
think
we
have
a
responsibility
at
the
ietf
to
think
more
about
those
questions
than
we
had
in
the
past.
A
B
Yeah,
just
very
briefly,
I
think,
first
of
all,
like
we're,
I
guess,
discussing
an
area
which
is
not
necessarily
exactly
on
the
scope
of
of
this
workshop,
but
there
are
obviously
lots
of
problems
in
that
and
security
as
a
broad
category
is,
is
maybe
the
worst
of
those
problems,
and
we
need
to
address
that,
and-
and
you
know,
lots
of
work
is
ongoing
to
to
make
improvements
there
and
maybe
more
work
should
happen.
B
I
believe
at
least
that
more
work
should
happen,
but
I,
I
guess
just
commenting
quickly
on
on
what
you
were
saying.
I
I
think
there's
we
could
have
a
debate
about,
like
you
know,
is
the
situation
not
better
or
worse.
We've
made
also
a
lot
of
improvements
and
situations
in
some
ways
better,
but
there's
also,
we
can
probably
also
everybody
on
this
call
can
agree
that
there
are
huge
problems
left
and-
and
we
should
do
something
about
those
I
think
where
we
might
actually
disagree.
B
A
little
bit
is,
is
how
we
go
about
that.
So
I
I
actually
do
believe
what
you
said
about
those
holistic
approaches.
We
should
look
at
the
thing
as
a
whole.
B
I
do
not,
however,
believe
that,
like
there's,
like
you,
know
one
tool
or
one
solution
that
solves
these
different
diseases
because
they're
it's
it's
like
a
very
different
problem
to
protect
communications,
for
instance,
compared
to
protecting
data
or
being
worried
about
the
you
know,
influence
of
some
parties
who
have
more
access
to
more
data
than
some
some
others
do.
B
B
You
often
find
that
they
are.
You
know,
even
if
they
claim
that
this
is
like
the
holistic
approach,
they
actually
turn
out
to
be
a
very
narrow
solution.
In
fact,
they
often
have
also
some
some
major
problems
in
their
design.
So,
let's
not
jump
to
too
easily.
Those
sort
of
simple
ones
have
also
fixed
all
these
answers.
That's
all.
I
I'm
stopping
everybody
from
going
to
the
bathroom.
That's
not
a
good
place.
To
be
sorry
I'll.
My
I'll
make
a
quick
comment
at
a
high
level.
I
think
that
leisure's
point
is
definitely
something
that
you
can
it
resonates
with
with
many
of
us.
I
think
that
security
cannot
be
piecemeal,
that
we
have
to
do
a
high
level.
We
have
to
do
a
consolidated
solution.
It
has
to
be
a
one
piece,
not
piecemeal.
I
I
One
of
them
is
incentive
and
control
we
might
have
incentive,
but
we
don't
have
control
each
one
of
us
here,
controls
small
pieces,
unfortunately,
which
is
partly
why
you
end
up
with
this
piece
means
solution,
because
a
person
is
deploying
something
ends
up
wanting
to
deploy
something
that
they
can
secure
and
and
position
like
the
iab
or
the
ietf
are
places
where
we
can
have
these
conversations
and
other
vendors
come
together,
but
we
still
have
to
incentivize
each
one
of
those
entities
to
deploy
such
a
thing.
I
So
that's
at
the
simplest
level
encrypting
at
the
protocol
has
so
much
tension
between
operators
and
endpoints.
It's
hard
to
imagine
doing
much
more
than
that,
because
practically
there
are
limitations
to
how
this
this
this
unfortunately
unfolds.
I
I'd
say
that
on
the
second
side,
I'd
say
also
that
there's
this
part
of
the
blame
here
lies
unfortunately
with
eulesia
for
building
an
internet
that
is
fundamentally
insecure.
I
mean
we
have
we.
I
We
don't
have
these
these
basic
hooks
that
that
we
would
now
if
we
were
to
build
a
network
now
we
would
not
build
it
with
with
with,
without
some
nominal
notion
of
security,
hooks
and
things
like
that,
but
the
network
is
what
it
is
and-
and
I
think,
as
a
result,
bringing
something
piecemeal
is
is
what
we
end
up
having
as
a
result
of
that
and
and
finally
one
last
point
on
on.
Yes,
it
would
be
amazing
to
be
able
to
include
so
when
you're
building
something
piecemeal.
I
You
are
trying
to
define
the
attack
very
precisely
and
try
to
protect
against
very
precise
attacks
that
you
can
cover
you
can
limit
against,
and
you
you
build
for
those
attacks
now,
if
you
think
of
fake
news
as
an
attack,
it
walks
into
another
territory
which
again
the
protocol
developers
and
others
have
shied
away
from
which
is
values,
values
and
trying
to
arbitrate
what
is
good
and
what
is
not
I'd
love
to
have
a
conversation,
but
I
just
feel
like
this
is
not
a
conversation
that
I've
successfully
had
in
in
in
technical
communities,
and
I
also
feel
that
if
we
can't
it'd
be
interesting
for
me
to
see
if
we
can't
solve
this
with
humans
in
the
loop,
how
we
might
solve
this
with
just
machines.
I
It's
a
tough
problem.
I
don't
know
how
we
would
go
about
solving
it.
A
Okay,
so
let's
let's
take
that
break
so
are
people
able
to
find
that
or
you
need
ten,
I'm
gonna
assume
five
in
a
little
bit
works
right.
I
H
A
A
So
I
think
we
have
one
slide
on
this
topic
here
from
dominique,
which
I
guess
I'll
pop
up
any
other
and
then
so
again
we
want
to
do
this
pretty
quickly.
This
slide
has
some
nice
kind
of
juicy
topics
that
would
ease
up
all
of
the
45
minutes,
so
yeah.
Q
Sorry
about
that
stephen,
but
there's
been
discussion
on
consolidation
on
really
good
too
yeah,
so
andrew
and
I
put
in
sort
of
a
a
paper.
That's
a
bit
left
field
and
we
just
wanted
to
kind
of
stir
up
some
discussion,
and
actually
one
thing
I
did
want
to
say
is
one
of
the
positive
effects
I
think
of
coved,
because
we
were
talking
about
both
security
and
positive
effects
has
been
connectivity,
more
people
getting
online.
Q
So
that's
been
really
cool
to
see
yeah,
so
the
internet's
been
resilient
and
we
had
some
great
presentations
and
what's
gonna
happen
in
the
future.
Q
We
listed
a
couple
trends
which
we
can
discuss
further,
but
just
basically
trends
around
the
protocol
development
that
that,
obviously,
as
someone
said
in
the
chat
that
kind
of
limits,
the
the
ability
to
to
look
at
data
and
traffic,
but
also
kind
of
siphons
that
data
towards
endpoints
a
bit
more
but
also
I
threw
in
digital
sovereignty,
you
know
and
and
nationalistic
internets,
like
internets
or
networks
that
are
very
much
becoming
sort
of
just
you
know
within
each
country
and
that's
a
trend,
that's
social
and
political.
Q
As
much
as
anything
else.
We
gave
an
example
on
vpns,
one
of
the
interesting
things
and
andrew
can
talk
about
it
really
quickly
is
looking
at.
We
talked
a
lot
about
vpn
use
and
and
the
positive
effects
of
it
as
well,
but
again
there's
it's
also
a
chokepoint
and
all
of
this
sort
of
discussion
that
we're
having,
and
I
think
that
yaris
kicked
off
a
couple
years
ago
on
consolidation
on
the
different
layers
of
the
internet,
but
also
politics
as
well
politically
as
well.
Q
So
a
couple
of
suggestions
about
what
to
do.
Obviously,
security
and
privacy
needs
to
be
insured
and
to
stephen's
point
earlier.
He
was
saying
you
know
it's
not
bad,
and
and
obviously
there
needs
to
be
a
privacy
aspect
to
it
as
well,
but
just
being
a
little
more
aware
of
sort
of
how
consolidation
is
sort
of
becoming
a
bigger
issue
involving
more
stakeholders.
Q
I
volunteer
myself
to
do
some
security,
more
security
research,
but
also
in
this
area
as
well
thinking
more
critically
and
much
more
in
depth
in
this
paper
on
consolidation.
So
that's
my
quick
presentation
was
that
quick
enough.
A
That
was
nice
and
quick.
Yes,
thank
you,
okay,
so
I
guess
I
guess
what
we
want
to
do.
Is
you
know
what
do
we
forget
or
or
what
might
we
want
to
revisit?
We
obviously
talked
a
lot
about
observability
and
so
on.
A
C
Hi,
steve
yeah,
it
seemed
rude
to
leave
it
with
nothing.
So
our
one
one
which
we
touched
on
briefly
but
maybe
didn't
dwell
on,
is
you
you
rightly
flag
that
you
know
that
there
are
some
positive
benefits
from
end
to
end
encryption,
I'd
question
whether
privacy
is
one
of
them.
I
think
people
conflate
privacy
and
encryption
wrongly,
but
anyway,
that's
a
different
subject.
C
What
I
think
is
maybe
not
being
given
a
great
deal
of
thought.
So
far
is
the
negative
effects
of
encryption
and,
for
example,
since
kirsty
was
talking
about
some
of
the
security
cyber
security
issues,
the
more
signals
you
hide
the
easier
it
is
for
malware
to
flourish,
and
certainly
the
the
paper
that
dominic
referred
to
just
now.
I
think
our
contention
would
be
if
covid
happened
in
five
years
time.
C
So
I
think
the
negative
effects
of
some
of
the
current
sort
of
trends
and
developments
from
the
ietf
need
to
be
considered
in
the
light
of
how
they
might
impair
resilience
over
the
long
term,
because
I'm
quite
worried
about
that.
A
C
Discussed
we've
touched
on
the
encryption,
but
we
haven't
discussed
the
unintended
negative
effects
of
it
in
the
context
of
resilience.
I
don't
think
that
we
did
really
discuss
that
in
the
last
two
and
a
bit
sessions
two
and
a
half
sessions.
B
Yeah,
so
I
was
actually
gonna.
Maybe
talk
about
two
forgotten
things,
and,
and
one
is
maybe
what
andrew
just
mentioned
from
a
slightly
different
angle,
so
I
think
resilience
in
general.
We
haven't
really
talked
so
much
about
like
I
I'd,
be
interested
in
understanding,
like
infrastructure
resilience
and
and
so,
and
maybe
that's
related
to
what
andrew
was
talking
about
or
maybe
not,
but
I
you
know,
I
don't
think
we
need
to
go
to
the
encryption
debate
right
now.
It
may
also
be
related
to
dominic's
point
about
consolidation.
B
So
that's
one
thing
that
I
think
we
we
perhaps
should
have
export
more
in
depth.
At
least
I
remember
mostly
the
cp
discussion
right
now
and,
and
the
other
thing
is
that
we
always
think
of,
like
you
know,
repeats
of
the
same
situation
when
we
think
about
problems.
So
another
pandemic
exactly
like
this,
but
I
don't
think
that's
realistic.
I
think
we
should
expect
that
there'd
be
something
unexpected.
That's
you
know
a
different
event.
B
R
B
Think
it
would
be
important
to
to
try
and
not
not
put
us.
You
know
too
much
focused
on
like
this
particular
thing.
Are
we
gonna
respond
to
you
know
the
the
webex
versus
other
traffic
prioritization
issue,
and
but
the
real
problem
that
we
might
have
five
years
from
now
is
potentially
quite
different.
So,
let's
think
about
that.
E
Yeah
yeah
yeah
I'll
just
jump
in
here
and
say
I
I
think
actually
the
pandemic
has
shown
us
something
very
important,
which
is
that
the
internet
actually
worked
really
well
in
the
situation
in
in
a
collaborative
multi-stakeholder
environment.
You
know
insert
other
marketing
terms
here.
Everybody
seemed
to
work
really
well
together.
E
During
these
times
the
service
providers
upgraded
links,
application,
people
went
and
turned
you
know
turned
the
dials
to
you
know,
make
more
bandwidth
available,
and
because
we
had
this
global
network
available,
many
people
were
able
to
continue
to
to
function
continue
to
work.
So
you
know
there
was
not
as
much
of
a
you
know.
There
was
a
definitely
a
global
economic
impact,
but
it
wasn't
as
bad
as
it
would
have
been
if
we
did
not
have
these
collaboration
tools,
these
technologies
and
things
available.
E
So
I
I
want
us
to
not
lose
sight
of
that
that
you
know,
despite
all
of
the
horrible
things
that
we
that
we've
lived
through
this
year,
there's
really
some
amazing
outcomes
from
this.
In
that
you
know,
my
children
are
doing
school,
virtually
that's
working,
not
as
ideal
as
I
would
I
as
a
parent
would
like,
but
it
is
working
and
yeah
we.
We
still
have
these
issues
with.
E
You
know
the
tug
between
encryption
and
privacy,
and
you
know,
and
and
you
know
and
all
that-
and
you
know
app-
you
know
the
application
uniformity
that
you
know
that
seems
to
be
coming
out
of
the
ietf.
But
I
think
when
we're
talking
about
the
the
impact,
if
we
didn't
have
this
network,
how
how
much
worse
off
would
we
have
been,
and-
and
that
is
something
that
I
think
we
should
at
least
think
about
for
a
moment.
A
D
Right,
so
I
want
to
rip
off
what
jared
said.
Everything
jared
said:
yeah
in
sre
we
generally
when
we
look
at
sort
of
like
a
big
event
like
an
outage
or
something
that
was
in
near
miss.
We,
we
write
a
post-mortem
in
that
post-mortem.
We
have
three
sections:
what
went
poorly,
what
went
well
and
where
we
got
lucky
and
I've
thought
a
lot
about
like
so
you
know
the
fact
that
the
multi
collaborative
multi-stakeholder
environment
worked
well.
D
D
If
we
were
in
a
situation
in
the
united
states-
or
I
could
say
you
were
in
a
situation
in
the
united
states,
where
capacity
upgrades
needed
to
be
done
by
directly
by
the
national
telecommunications
infrastructure
authority
like
where
that
was
a
federal
response.
Given
the
rest
of
the
federal
response
to
this
pandemic,
I
think
having
a
multi-stakeholder
multi-operator
network
was
superior
to
that
to
that
to
that
architecture.
D
On
the
consolidation
point,
though,
I
think
that's
where
we
got
lucky
right
like
so
like
jared
said
you
know
the
you
know,
everyone
was
working
very
hard
together.
That
was,
it
was.
D
I
know
we
were
working
very
hard
and
you
know
we're
all
you
know
our
incentives
are
aligned
right,
like
we
all
want
our
services
to
work
well,
so
we
have
to
do
our
part
of
that
service
working
well,
but
in
a
a
more
consolidated
environment
it
would
only
take
one
of
the
hyperscalers
having
done
poorly
right
like
so
something
having
gone
wrong
in
one
of
the
application
areas
to
have
had
a
a
seriously
negative
impact
so
like
the
the
decentralization
of
it
and
the
multi-state
charisma,
but
I
think
was
was
a
definite
win,
but
I
think
that
that
it
was
a
little
riskier
than
it
needed
to
be
because
of
the
consolidation
aspect
of.
A
This,
I
think
we
have
a
building
cue.
We
don't
have
that
much
time,
I'm
going
to
suggest
that
we
basically
lump
in
all
these
three
topics
all
at
once,
but
if
you
want
to
talk
to
any
of
them
jump
in
the
queue
now
and
then
in,
let's
say
another
10
minutes:
yari
has
a
couple
of
wrap-up
slides
for
the
whole
thing
and
then
I'd
like
to
kind
of
just
have
some
kind
of
feedback
on
the
event
format
as
well.
So
let's
keep
some
time
for
that.
So
we
can
half
hour
left.
A
Let's
take
10
minutes,
try
and
take
10
minutes
more
for
this
topic,
where
the
cue
is
kirsty,
larry,
colin
maria
janna,
oliver.
G
Thank
you
steven.
I
hear
the
need
to
be
brief
and
that
works
for
me.
So
I
just
want
to
talk
about
like
stuff.
We
miss,
I
think
where.
G
However,
we
write
us
and
whatever
we
collate,
we
should
just
be
really
clear
on
what
we
mean
when
we
say
the
internet
worked
well
like
it's
certainly
true
that
people
could
stay
connected,
and
it's
certainly
true
that,
like
we
manage
capacity
well-
and
you
know,
but
just
as
I've
already
alluded
to
different
users
have
different
needs
and
it
working
well
like
for
me
that
would
have
been
not
a
single
scam
like
we
could
have
taken
them
all
down
immediately
right.
G
G
At
least
we've
had
a
good
discussion
today
and
I
think
that's
been
very
valuable
that
that
has
been
a
a
key
topic
in
in
the
workshop,
as
well
as
the
resilience
and
the
traffic
volume
and
management
of
that
so
yeah.
Thank
you
being
brief.
H
R
Yeah,
so
just
on
a
couple
of
points
I
mean
on
the
the
issue
of
unintended
effects
of
better
security.
I
mean
I
agree
that
the
the
issues
of
security
have
been
discussed
massively,
but
certainly
anything
other
than
encrypt.
All
the
things
gets
pushed
back
and
could
be
strong
push
back
in
the
itf
and
that's
fine,
but
there
are
perhaps
nuanced
reasons
to
not
quite
encrypt
everything
which
are
getting
lost
and
we
have
quite
a
one-sided
debate
there
in
terms
of
general
resilience.
R
K
R
Discuss
internet
architecture
in
terms
of
how
it
affects
resilience
of
the
network,
and
I
I
worry
that
we're
getting
increasingly
complicated,
increasingly
performance
architectures,
which
are
getting
so
close
to
using
all
the
the
capacity
all
the
features
that
we
we
have
nothing
left
for
resilience
and
robustness
at
the
end.
We
maybe
need
to
focus
more
on
that
and
more
on
what
happens
when
things
are
not
working.
Well,
when
we're
evolving
the
network,
thanks.
A
So
much
maria
janna
oliver,
actually
I'm
not
resilient.
It's
interesting
that
we,
the
iab,
tried
to
create
a
mailing
list
for
that
topic
around
it
a
year
ago,
and
there
was
a
bunch
of
initial
discussion
and
then
nobody
wanted
to
do
anything
and
it
just
kind
of
wasted
away,
and
so
I
think
the
queue
is
myriad
jana
and
oliver.
M
So
one
point:
we
didn't
talk
a
lot
a
lot
about,
and
maybe
we
don't
have
the
right
people
is
the
the
economical
impacts
or
changes
that.
K
M
Seen
and
the
question
if
they
might
stay
so,
for
example,
we've
seen
that
operators
are
suddenly
able
to
roll
out
bandwidth
very
quickly.
Are
they
able
to
roll
out
equally
much
bandwidth
in
the
near
future,
and
why
did
it
go
so
quickly?
What
were
the
the
problems
here,
but
also
about
measurement
data?
Usually
they
are
actually
economical
points.
Why
measurement
data
are
not
shared.
So
is
that
something
that
might
change
in
future
or
not?
M
So
I
think
there
are
a
lot
of
things
we've
been
talking
about,
which
are
actually
not
technical
points
but
points
where
economical
decision
was
made,
and
the
question
is:
does
it
change
in.
I
Steven
I
want
to
up
level
just
a
bit.
This
is
a
I'm
gonna,
be
I'm
I'm
gonna.
Try
to
be
brief.
I
promise
steven
the
this
is
the
I
want
to
make
a
point
that
that
you
know
usually
doesn't
we'll
just
make
the
point.
There
is
one
of
the
things
that
we
that
I
would
like
to
talk
about
here.
Just
briefly
is
is
the
unintended
unintended
consequences
that
we've
seen
for
having
the
internet
in
society
during
this
time?
I
I'm
up
leveling
it
I'm
not
talking
about
just
you
know,
unintended
consequences
in
particular
fields
or
particular
areas
of
network
of
the
network
and
so
on,
but
just
generally
in
society,
and
I
think,
there's
some
some
points
on
the
chat
that
are
being
made
about
this.
So
one
example
is,
as
jared
said.
I
completely
agree
that
we
should
be
grateful
for
the
things
that
the
network
has
made
possible.
I
I'm
I'm
very
deeply
aware
of
that,
and
I
think
about
that
all
the
time
this
is
the
the
problem,
however,
is
is,
for
example,
schools
have
continued
to
go
on
as
things
moved
online.
However,
having
you
know
dealing
with
two
teenage
children
who
are
now
going
to
school
right
now
online,
that
is
a
completely
disastrous
and
sucky
experience,
and
it's
actually
in
in
some
ways
made
it
worse
for
some
students
and
has
has
been
worked
amazingly
well
for
some
others.
I
This
is
true
across
the
board
in
meetings
now,
when
I
go
in
one
of
the
first
things
for
the
past
six
months,
I've
started
my
meetings
with
this.
How
is
everybody
doing,
and
some
people
are
actually
falling
off
the
cliff,
despite
the
fact
that
you're
you're
supposed
to
continue
working
as
though
things
are
normal,
the
curriculum
at
school
is
continuing
as
though
things
are
normal.
It's
going
at
the
same
pace,
but
so
we're
producing
something
here.
That
is
quite
different.
We
have
to
be
cognizant
of
that.
There
are
some
unintended
consequences.
I
I
Just
because
we
have
the
facade
of
school
hope
happening
doesn't
mean
that
school
is
actually
happening
or
meaningful.
Education
is
actually
happening
so
and
on
a
broader
scale.
We
know
that
the
pandemic
has
deepened
the
not
just
the
digital
divide,
but
existing
inequalities
on
inequities
in
society
in
in
so
many
ways,
and
to
the
extent
that
technology
amplifies
intent.
I
believe
that
all
technology,
all
it
does,
is
amplifies
intent.
I
do
want
us
to
think
about
what
the
internet
has
done
for
society
during
this
time.
I
What
intent
has
it
amplified
and
what
divides
it
has
amplified?
This
is
not
just
about
technical
architecture,
but
about
what
we
want
to
build
for
society.
Broadly
speaking,
and
what
do
we
want
to
amplify?
What
did
we
end
up
amplifying.
A
I
And
I
was
just
very
briefly:
gonna
say
that
my
my
point
here
was
so
much
was
much
more
about
education
itself
right
and
if
you
think
that
teaching
is,
if
you,
if
we
believe
that
the
value
here
of
education
is,
is
dumping,
information
down
into
a
student
then
sure
we
managed
it.
But
that's
what
I'm
talking
about
as
values
like
we
are
facilitating
some
things,
but
I
don't
think
we
are
clear
about
exactly
what
it
is
that
we
should
be
facilitating
and
if
we
are
facilitating
the
things
that
we
want
to
be.
I
This
is
really
a
question
about
values,
about
intent
and
that's
a
much
higher
level
conversation.
We
are
building
a.
We
are
building
technology,
which
is
amplifying
intent,
whether
we
want
to
or
whether
we
like
it
or
not,
but
I
think
as
engineers
we
try
to
walk
away
from
intent
and
simply
say:
well,
all
I'm
doing
is
building
this
security
piece
or
this
bandwidth
piece
or
whatever
it
is.
But
we
are
the
ones
building
this
technology.
We
are
the
ones
who
are
amplifying
these
that
we
are
implementing.
A
P
So
I'm
just
thinking
like
about
what
are
the
lessons
learned
from
the
three
sessions
that
we
had
and
like
going
back
to
bringing
like
what
you
started
earlier,
bringing
structure
into
what
did
we
actually
discuss?
What
did
we
actually
learn
from
that
to
my
perspective,
so
there
is
always
like
two
sides
of
a
coin
that
these
discussions
fall
into,
so
we
can
take
on
on
one
side
of
the
coin.
We
have
the
success
story
that
in
general,
the
internet
worked
very
well
so
right
now
we
are
having
this
meeting
here
virtual.
P
It's
all
working
we
have
webcams
on.
It
does
a
great
job
so-
and
this
is
what
we
have
seen
in
in
some
of
the
talks,
then
on
the
other
side
of
the
coin,
we
have
a
lot
of
punctual
issues,
so
isolated
issues
and,
for
example,
oh
there
was
congestion
at
this
peering
link.
Oh,
there
was
an
edge
cluster,
an
edge
cache
cluster
of
a
cdn
that
got
overloaded.
Oh,
there
was
like
a
certain
set
of
students,
didn't
have
access
to
like
proper
bandwidth
to
consume
study
material
for
their
their
their
online
courses.
P
So
that's
a
lot
of
isolated
issues.
We
have
a
lot
of
understanding
about
these
ones,
so
we
saw
a
lot
of
data
points
on
this
one,
and
then
we
have
the
general
perspective
on
yeah
the
internet
as
such,
didn't
broke
down.
There's
of
course,
some
stuff
that
we
didn't
understand
quite
well
from
the
perspectives
that
we
have
taken
so
far.
So
on
the
general
perspective,
we
have
this
interesting
discussion
about
the
digital
divide,
so
we
saw
some
data
points
on
the
dsl
access
capacities
and
how
this
correlates
to
income
regions.
P
This
was
very
interesting,
but
you
know
this
is
clearly
something
like
how
the
digital
divide
was
being
boosted
by
this
whole
situation.
This
is
something
that
we
probably
don't
have
like.
It's
a
general
aspect
that
we
don't
have
a
good
understanding
of
on
the
isolated
side,
so
the
other
side
of
the
coin.
P
We
had
lots
of
discussions
about
how
we
can
map
all
of
these
isolated
issues.
Congestion
here,
overloaded
links
there
other
things
how
to
map
this
into,
like
the
general
perspective,
how
to
create
like
an
abstract
and
and
an
abstract
view,
and
that
so
I
think
that
this
is
something
that
we
are
missing.
We
can
play
the
same
game
on
what
brian
said.
P
On
the
other
hand,
I
would
say
so:
that's
the
other
side
of
the
coin.
We
probably
got
lucky.
You
know
that
these
these
these
traffic
changes
didn't
got
to
an
extreme,
so
over
provisioning
and
you
know,
shifts
in
the
peak
times.
They
probably
saved
us
quite
a
lot.
So
this
could
have
been
like
way
worse,
and
I
would
say
that
on
this
side
we
got
lucky.
A
Okay,
so
I
think
we
have
yarry
has
like
about
four
slides,
so
yeah
and
we
have
20
minutes.
So
I
I
suspect,
yeah.
These
four
slides
could
take
up
20
minutes
plus
20
hours,
but
I.
B
I
I
would
only
like
to
speak
for
like
two
or
three
minutes,
but
can
I
share
instead
of
you,
because
I
have
updates.
A
I
share
hit,
stop
sharing.
I
do
want
to
try
and
get
feedback
on
the
form
workshop,
which
itself
is
an
experiment
we'll.
B
Okay,
well,
let's
go
with
steven's
version,
though
yeah.
B
Yes,
so
I
I
just
want
to
go
through
this
real
quick.
It's
not
the
summary
of
the
workshop.
It's
my
personal
summary
and
and
sort
of
I
guess
this.
This
is
the
oliver's
two
sides
of
the
coin.
First,
so
on
one
hand
we
had
like
a
reasonably
good
situation.
The
internet
really
worked
well.
B
I
think
we
can
say
that
we
also
have
lots
of
wonderful
data
by
you
all
and,
of
course,
others
in
the
world
about
what
actually
happened
and,
as
has
been
reported,
there
were
lots
of
people
and
organizations
that
were
very
motivated
to
make
sure
that
stuff
actually
works
and
everybody
gets
gets
the
thing,
and
I
I
think
we
can
also
say
that
the
internet
actually
is
is
well
suited
for
adapting
to
these
new
situations
for
various
reasons.
B
So
that's
all
good,
but
the
other
side
of
the
coin
is
switch.
B
So
the
other
side
of
the
coin
is
that
you
know.
Even
if
we
have
some
measurements,
we
can't
actually
observe
everything.
It's
it's
very
limited.
We
can't
be
basically
looking
at
packets
instead
of
like
well
we're
measuring
packets
and
the
real
measurement,
I
guess,
is
like.
Did
this
kit
graduate
from
school
as
planned?
What
so
so,
there's
a
lot
of
sort
of
room
for
for
doing
more,
maybe
and
trying
to
understand
what
the
effects
of
this
are.
B
We
also
have
limited
means
to
control
traffic
like,
even
if
I
wanted
to
you
know,
have
high
priority
for
this
verse
or
something
else
I
couldn't.
We
have
limited
ways
for
networks
and
apps
to
collaborate.
B
B
We
also
have
this
situation
that
the
internet
is
now
far
more
important
for
all
of
us
than
it
was
before.
We
also
have
you
know
just
talked
about
this
digital
divide
and
other
societal
effects.
So
clearly,
there's
room
for
making
things
better.
So
just
because
it
worked
well
doesn't
mean
that
we
were
free
to
not
do
anything.
B
We
have
to
make
it
better,
but
of
course,
there's
also
like
this
all
these
other
improvements
then,
and
we,
I
think
we
entered
some
of
that
discussion
today-
that
you
know
security
and
so
forth
that
we
already
knew
that
that
we
have
a
huge
problem
here
here
and
there
and
we
need
to
deal
with
that
pandemic
or
not.
B
They
also
wrote
this
to-do
list
in
kind
of
in
two
categories
like
this.
What
can
we
do
to
understand
the
the
internet
state
better,
better,
like
distribute
your
measurement
information
better?
B
So
you
know
this
is
what
the
internet
is
doing
and
it's
how
it's
helping-
and
this
is
where
we
need
to
improve
and
so
on,
and
then
continuing
expanding
the
coverage
of
the
things
that
we
measure
and
then
also
measuring
these
additional
things
like
experience
and
the
other
category
is
system
improvements
or
ecosystem
improvements,
and
so
it's
not
just
about
technical
stuff
that,
like
I
think,
particular,
always
wants
to
write
an
rfc.
B
But
but
you
know,
a
lot
of
this
is
also
like
you
know:
how
did
the
people
in
the
different
operators
talk
to
each
other?
Were
they
able
to
find
each
other
and
so
on?
That
may
not
be
an
rfc
or
technical
thing,
but
it
could
be
a
thing
that
we
need
to
improve,
or
maybe
not
maybe
it's
already
perfect,
and
everybody
knows
everybody
nanook
anyway.
B
So
what's
the
problem,
the
other
side
of
this
is
that,
like
this
education,
implementation,
improvements,
security
practices,
there's
a
lot
of
stuff,
that's
outside
standards
and
may
need
some
work,
but
then,
on
the
step
like
technical
standards
and
technology
level,
we
talk
about
network
app
collaboration,
perhaps
at
this
aggregate
level.
That
was
was
being
mentioned
by
jana.
B
Note
that
I
didn't
discuss
like
this
dhcp
bits
or
prioritization,
because
that
seemed
like
almost
not
not
possible.
We've
talked
about
resilience.
We
talked
about
the
potential
effects
of
centralization
or
consolidation.
How
that
may
impact
things
we?
We
talked
about
ddos
defense.
B
That
was
part
of
the
reason
that
I
said
earlier
that
we
should
look
at
other
things
than
this
current
pandemic,
because
we
could
have
a
situation
where
we're
actually
being
bombarded
by
by
some
network
attacks,
and
that
could
also
be
a
bad
situation.
So
maybe
that
that
should
be
part
of
our
toolkit,
and
you
know
we're
not
as
good
with
that
as
as
we
map
should
be,
and
then
obviously
we
will
need
to
have
resource
reservations
and
full
control
by
the
authorities,
because
otherwise
nothing
will
work
correctly,
and
this
is
a
joke.
B
We
didn't
get
that
anyway,
so
that
that
was
my
piece
and
hold
on
stop
talking
now.
Maybe
even
stop
sharing.
Unless
people
have
questions
on.
B
A
So
I
think
I'm
sharing
my
screen
now
does
that
does
that
become
visible
to
people?
Yes,
great?
Okay,
so
we
have
we're
around
like
the
last
ten
minutes.
So
I
guess
we'll
take
two
things
together.
A
If
people
have
stuff
that
hasn't
been
mentioned
already,
that
might
or
actions
that
are
pretty
concrete,
we
can
list
a
couple
of
those
and,
if
there's
any
feedback
on
the
format,
because
again
I
I
think
that's
useful,
because
it's
the
first
time
we've
done
this
kind
of
thing
so
input,
please
and
again
just
join
the
queue
if
it
turns
into
needing
a
queue
and
if
you're
the
first
one
just
start
to
start
talking.
E
Well
jared
here,
I
I
just
wanted
to
comment
briefly.
I
I
think
this.
This
worked
out
reasonably
well
for
a
format,
especially
having
it
distributed
over
three
days.
I
think
helped
make
it.
You
know
a
lot
easier
to
to
pay
attention.
G
Yeah,
thank
you
and
just
on
the
format.
I
thought
it
was
good
to
have
it
over
three
days
to
have
short
sessions,
appreciated
the
break
in
the
middle
as
well.
I
think
it
would
have
been
helpful
to
have
slides
and
a
bit
more
notice
of
time.
I
don't
know
how
everyone
else
found
scheduling
this
quite
quite
quickly,
but
it
was.
It
was
difficult,
it's
good
to
have
it
near
its
as
well,
where
my
brain
is
like
in
that
sort
of
space,
but
yeah.
Thank
you
for
running
it.
K
G
C
C
I'm
also
extremely
relieved
that
jason
has
remained
positive
because
he's
confirmed
that
in
the
chat.
So
I
think
that's
an
amazing
achievement
that
should
be
noted
and
then
finally,
on
on
the
other
column,
on
on
the
actions,
I
I
think
is
just
worth
posing.
The
question:
is
the
direction
of
travel
of
resilience
of
the
internet
going
up
or
down
my
personal
contention?
C
A
D
Yeah,
so
I'm
a
gigantic
fan
of
this
format
as
well,
especially
with
the
days
off
in
between.
Although
I
I
would
like
to
hear
feedback
on
the
format
from
somebody
in
pst,
so
utc
minus
seven,
because
I
suspect
that
waking
up
that
early
in
the
morning
three
days
in
a
row
is
just
for
three
days,
not
in
a
row
like
sort
of
just
messes
up
your
whole
sleep
schedule.
D
I
also
notice
that
we
don't
have
any
australians
on
the
call,
as
I
as
I
see
so
maybe
there's
like
some
selection
bias
on
how
awesome
this
particular
time
was
with
respect
to
resilience
going
up
and
down.
I
think
we
could
have
an
entire
other
workshop
on
that
plus
one
two.
D
I
forget
who
it
was
jared.
I
think
on
revisiting
this.
You
know
we're
going
back
on
a
lockdown
or
we're
going
back
into
we're.
Gonna
have
a
winter
revisiting
this
in
the
spring
and
seeing
how
the
internet
did.
I
think
revisiting
later
I'd
like
to
spend
a
little
bit
less
time
on
the
the
infrastructure
unless
the
infrastructure
just
like
happens
to
blow
up,
which
I
don't
think
it
will
and
a
little
bit
more
time
on
jonah's
questions
right
like
so.
D
The
internet
is
good
at
amplifying
the
things
the
internet
is
good
at
amplifying,
and
we've
done
a
really
good
job
of
making
sure
we
can
keep
doing
that,
and
I
think
that
sort
of
next
you
know
by
the
next
time
we
go
through
one
of
these
experiences
we'll
have
more
information,
or
at
least
anecdotes
about.
D
What's
you
know
what
it's
good
at?
What
it's
bad
at
or
more
information
anecdotes
about
sort
of
what
the
societal
impacts
are
and
I'd
like
to
dig
into
those
a
little
bit
more
might
need
a
slightly
different
guest
list.
But
please
put
me
on
it.
A
Okay,
the
queue
is
currently
empty.
I
guess
I
have
another
question:
is
you
know
if
which
I
typed
in
the
chat?
If,
if
the
iab
or
somebody's
organizing
a
workshop
like
this
in
future
after
we
can
all
travel
again,
what
bits
of
this
format
should
we
try
keep,
or
should
we
just
go
right
back
to
all
traveling
to
switzerland
and
having
cheese
and
funny
ways.
K
K
I
like
the
three-day
format,
and
the
thing
I
particularly
like
about
the
three-day
format,
is
that
it
gives
people
time
to
think
about
what
was
said
one
day
before
you
come
back
for
another
day
and
if
we
were
doing
it
in
person,
the
three-day
format
might
be
harder
with
that
extra
time
and
if
there
was
some
way
to
preserve
that,
you
know
the
ability
to
go
back
and
conjugate
and
maybe
have
side
conversations
and
then
come
back
to
the
subject
the
next
day.
K
I
think
it
would
be
good.
I
put
myself
in
the
cube
actually
to
say
that
I
like
the
three-day
format,
but
I
want
to
have
a
push
a
counter
opinion
about
doing
it
right
before
the
itf,
and
this
may
just
be
me.
K
So
you
know
I've
got
this
being
moderately
early
morning,
other
things
that
are
late
night,
then
suddenly
it's
going
to
be
kind
of
like
next
week,
where
there's
no
period
where
one
can
get
a
full
night
of
sleep
in
and
that
was
exaggerated
by
the
you
know
being
right
before
the
atf.
But
I
understand
other
people
like
to
do
all
their
itf
thinking
kind
of
in
a
in
a
period
of
time
together
and
it
helps
them.
So
it
worked
both
ways.
M
Apologies
yeah.
I
agree.
I
think
that
the
big
value
of
this
three-day
format
was
that
we
actually
had
some
time
in
the
meantime
to
chat
and
discuss
and
so
on.
So
maybe
we
can
go
for
some
hybrid
format.
We
have
some
online
discussion
first
and
then
maybe
meet
in
person
for
dinner
or
whatever
I
don't
know
it's.
It's
also
missing
a
little
bit
the
side,
conversations
and
the
coping
products
about
actions
or
conclusions.
M
So
I'm
I
I
think
I
even
say
I
read
the
papers
and
and
these
kind
of
things
I
think
I
learned
a
lot
about
really
understanding
the
situation
a
little
bit
better
and
how
things
happen,
what
work
well
and
so
on.
I'm
not
sure
I
got
a
lot
of
actions
out
of
that,
and
maybe
I
have
to
review
the
minutes
we've
been
taking,
but
maybe
the
main
point
really
about
this
workshop
is
just
to
document
what
we've
learned.
So
we
get
like
a
common
understanding.
M
J
Robin
okay,
this
romy,
in
fact
I'm
okay
with
the
format
of
this.
The
workshop,
though
this
is
a
little
harder,
because
this
is
a
little
late,
but
it
is
also
very
exciting
to
discuss
it
with
everyone.
J
But
you
know
this
regarding
these
actions
and
conclusions,
I
think,
from
my
own
point
of
view,
I
think
in
this
process.
I
I
I
have
one.
This
point
I
think
is
important
is
the
automation,
because
you
know
that,
because
we
talked
about
some
time
there's
the
the
experience
of
the
user
is
not
good
in
the
in
the
process
of
the
code
with
the
knight
team.
But
I
want
to
know
this,
how
our
the
application
and
the
network
respond
to
this
the
to
this
to
this,
and
how
long
will
it
take?
J
J
A
Okay,
so
I've
tried
to
capture
that
robin
that
we
can
correct
it
later
if
I
further
wrong,
which
I
might
have
done-
okay,
we're
kind
of
at
three
minutes
to
the
hour.
I
basically
I
I
guess
I
just
like
to
say
thanks
to
everybody,
for
turning
up
for
the
really
interesting
discussions
I
will
know
we
will
try
to
copy
the
all
the
text
from
the
pad
without
deleting
it
first
that'll
be
good
and
produce
a
workshop
report.
A
That'll,
be,
I
guess,
done
on
the
in
the
gate.
Repo
maria,
I
think,
has
created
a
template
or
a
draft
initial
draft,
and
I
think
that's
it
unless
anybody
else
from
the
program
committee
wants
to
also
say
thanks
for
turning
up
or
something
similar.
M
Maybe
note
on
the
on
the
report,
so
I
already
also
created
some
sections
for
the
measurement
part,
so
if
those
people
who
presented
want
to
actually
put
some
sentences
there,
that
would
be
very
welcome.
Otherwise,
other
input
is
also
welcome,
of
course,
and
with
that
also
thank
you
for
my
site.
I
really
enjoyed
it.
Thank
you
for
everybody
engaging
so
nicely
providing
slides
kind
of
last
minute,
like.