Re: it's mailman time again

2023-09-02 Thread Richard Porter
Pouring kerosine on fire? *flame me back if warranted* Voice networks have no POTS left in them? *mostly?* …. Get Outlook for iOS From: NANOG on behalf of Randy Bush Sent: Saturday, September 2, 2023 4:30:07 PM To: Jim Popovitch via

Re: it's mailman time again

2023-09-02 Thread Randy Bush
> Mail in transit is mostly TLS transport these days, yep. mostly. opsec folk are not fond of 'mostly.' > BUT mail in storage and idle state isn't always secured. I'm sure > that most any of us could find a public s3 bucket with an mbox file on > it if we cared to look. sigh randy

Re: it's mailman time again

2023-09-02 Thread Jim Popovitch via NANOG
On Sat, 2023-09-02 at 13:10 -0400, John Levine wrote: > > It's like changing your password, it sort of made sense in the 1980s > when networks meant coax Ethernets and bored students could sniff > passwords, and now it's cargo cult security. These days the only > sniffable shared media left is

Re: it's mailman time again

2023-09-02 Thread John Levine
It appears that Aaron de Bruyn via NANOG said: >-=-=-=-=-=- > >I donno Rich...a couple of decades ago I lost my Slashdot account because >someone was able to access it. >I used the password in two places...Slashdot and all the blasted mailman >instances I was signed up with. I can believe that

Re: it's mailman time again

2023-09-02 Thread John Levine
It appears that Rich Kulawiec said: >On Fri, Sep 01, 2023 at 10:16:05AM -0700, Randy Bush wrote: >> and i just have to wonder about sending passords over the net in >> cleartext in 2023. really? > >This is a non-issue. It's like changing your password, it sort of made sense in the 1980s when

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Nick Hilliard
Masataka Ohta wrote on 02/09/2023 16:04: 100 50Mbps flows are as harmful as 1 5Gbps flow. This is quite an unusual opinion. Maybe you could explain? Nick

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Mark Tinka
On 9/2/23 17:38, Masataka Ohta wrote: Wrong. It can be performed only at the edges by policing total incoming traffic without detecting flows. I am not talking about policing in the core, I am talking about detection in the core. Policing at the edge is pretty standard. You can police a

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Masataka Ohta
Mark Tinka wrote: it is the core's ability to balance the Layer 2 payload across multiple links effectively. Wrong. It can be performed only at the edges by policing total incoming traffic without detecting flows. While some vendors have implemented adaptive load balancing algorithms

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Mark Tinka
On 9/2/23 17:04, Masataka Ohta wrote: Both of you are totally wrong, because the proper thing to do here is to police, if *ANY*, based on total traffic without detecting any flow. I don't think it's as much an issue of flow detection as it is the core's ability to balance the Layer 2

Re: it's mailman time again

2023-09-02 Thread Aaron de Bruyn via NANOG
I donno Rich...a couple of decades ago I lost my Slashdot account because someone was able to access it. I used the password in two places...Slashdot and all the blasted mailman instances I was signed up with. To this day, I still use the same password on all my mailman subscriptions because I

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Masataka Ohta
Mark Tinka wrote: On 9/1/23 15:59, Mike Hammett wrote: I wouldn't call 50 megabit/s an elephant flow Fair point. Both of you are totally wrong, because the proper thing to do here is to police, if *ANY*, based on total traffic without detecting any flow. 100 50Mbps flows are as harmful

Re: it's mailman time again

2023-09-02 Thread Rich Kulawiec
On Fri, Sep 01, 2023 at 10:16:05AM -0700, Randy Bush wrote: > and i just have to wonder about sending passords over the net in > cleartext in 2023. really? This is a non-issue. Given that pretty much every SMTP connection is encrypted and that the worst thing that an attacker in possession of

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Mark Tinka
On 9/2/23 08:43, Saku Ytti wrote: What in particular are you missing? As I explained, PTX/MX both allow for example speculating on transit pseudowires having CW on them. Which is non-default and requires 'zero-control-word'. You should be looking at 'hash-key' on PTX and 'enhanced-hash-key'

Re: Lossy cogent p2p experiences?

2023-09-02 Thread Saku Ytti
On Fri, 1 Sept 2023 at 22:56, Mark Tinka wrote: > PTX1000/10001 (Express) offers no real configurable options for load > balancing the same way MX (Trio) does. This is what took us by surprise. What in particular are you missing? As I explained, PTX/MX both allow for example speculating on