Potaroo blog

Author Archives: Potaroo blog

Regulating Big Tech. This Time, for sure!

There is a growing unease within the US and elsewhere over the extraordinary rise of these technology giants, not just in monetary terms but in terms of their social power as well. There is a growing sentiment that the current situation looks like it will never be adequately corrected by just competitive pressures within market itself. Some further forms of regulatory intervention will be needed to force a fundamental realignment of these players. In so doing, it appears that regulators appear to be finally catching up with the online world in the US, in Europe and in China.

TLS with a side of DANE

These are some notes I took from the DNS OARC meeting held in September 2021. This was a short virtual meeting, but for those of us missing a fix of heavy-duty DNS, it was very welcome in any case!

Running Code

There was a discussion in a working group session at the recent IETF 111 meeting over a proposal that the working group should require at least two implementations of a draft before the working group would consider the document ready. What's going on here?

Some not-DNS Topics at IETF 111

It may be surprising to the DNSphiles out there but there really are other topics that are discussed at IETF meetings not directly related to the DNS! These are some notes I took on the topic of current activities in some of the active IETF areas that are not DNS topics.

DNS at IETF 111

IETF 111 was held virtually in July 2020. These are some notes I took on the topic of current activities in the area of the Domain Name System and its continuing refinement at IETF 111.

Outage Reporting

With so many enterprises all over the Internet forced to make a choice between just a handful of viable content distribution platforms for their content and services then nobody should be surprised when a single platform's outage has massive service impact. But that's not what's prompted me to write this note. It's Akamai's report of the incident that I found unusual.

Another Portent of the Decline and Fall of the Telco

The Swedish carrier group Telia has recently announced the sale of its international wholesale business to Polhelm Infra, an infrastructure investment manager jointly owned by a number of Swedish pension funds. Why would a telco operator sell off what was a core part of its operation to a pension fund?

A Survey on Securing Inter-Domain Routing: Part 1 – BGP: Design, Threats and Security Requirements

The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol, and after some thirty years of operation BGP is now one of the more venerable of the Internet’s core” protocols. One of the major ongoing concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet continues to be vulnerable to various forms of attack. In Part 1 of this study, we will look at the design of BGP, the threat model and the requirements from a security framework for BGP.


The world of cryptographic algorithms is one that constantly evolves and increasing key sizes in the venerable RSA crypto algorithm is a source of concern for DNSSEC. The response to this escalation in key sizes is to look at alternative forms of public-key algorithms which have a higher cryptographic “density”, using elliptic curve cryptography. Here we will look at the level of Internet support provided for a recent crypto offering, the Edwards curve algorithm Ed25519.

DNS Centrality

How did we get to here? How did a network technology such as the Internet, which was designed to pass control away from the central network to the connected devices succumb to unprecedented levels of centrality?

Transport vs Network

According to the OSI Reference Model for network protocols it should not matter in the slightest what value you put in the IP protocol field in IP packet headers. It’s really none of the network's business! but in today’s public Internet it appears to matter a lot that the transport protocol header is visible to the network. Why?

IPv4 in the Headlines

The world of IPv4 addresses is a relatively obscure backwater of the Internet. All that drama of IPv4 address exhaustion happened with little in the way of mainstream media attention. So it came as a bit of a surprise to see a recent headline in the Washington Post about IPv4 addresses.

IPv6 Fragmentation Loss

In this report I would like to revisit this measurement of packet drop for IPv6 Fragmented packets and see if the picture has changed over the intervening four years since we last measured this behaviour.

DNS at IETF 110

The amount of activity in the DNS in the IETF seems to be growing every meeting. I thought that the best way to illustrate to considerably body of DNS working being undertaken at the IETF these days would be to take a snapshot of DNS activity that was reported to the DNS-related Working Group meetings at IETF 110.

TCP Congestion Control at IETF 110

IETF 110 was held virtually in March 2020. These are some notes I took on the topic of current research activities in the area of transport protocol flow control at the meeting of the Internet Congestion Control Research Group at that meeting.

Measuring ROAs and ROV

In 2020 APNIC Labs set up a measurement system for the validators. What we were trying to provide was a detailed view of where invalid routes were being propagated, and also take a longitudinal view of how things are changing over time. The report is at https://stats.labs.apnic.net/rpki and the description of the measurement is at https://www.potaroo.net/ispcol/2020-06/rov.html. I'd like to update this description with some work we’ve done on this measurement platform in recent months.
1 2 3 12