TL;DR> Can I have another hour in the free-time/discussion space for the
workshop to *workshop* this, and can I have 5+5 minutes at the IPsecME
WG talk about the conclusions?Steffen Klassert <[email protected]> wrote: > The IPsec workshop is organized by the 'IPsec and Network Security > Association' and was held first time in 2018. It started as the 'Linux > IPsec workshop', but it became clear rather soon that there is a need > to connect the Linux and IETF IPsec community. As I read the sentence, I thought it was going to say the "wider IPsec" community, and the IETF IPsec community. ... it doesn't say that exactly. But, it made me think, particularly with quantum-safe algorithms coming (and "ESPv3") if there is renewed need for interop testing. (The last one I was at was 20 years ago, on the 20th floor of some not-yet-occupied Newbridge building in Kanata, with an amazing view...) Given the Internet, the IETF Hackathon and tools like gather.town, maybe it does not need to be in-person. One Challenge that I have regularly seen with both hackathons and many of the in-person bakeoffs of 28 years ago (%), was that when a bug was found, it often took more than 1hr for people to figure out how to fix it. Laptops and compilers and the like were less portable, so sometimes people couldn't even fix things on site. I remember one IKEv2/CA implementation where I think to get a certificate out in a particular format, the developers had to breakpoint the program and print/x the contents of a variable. The IETF Hackathon VPN is now a bit more reliable, and provides L2 bridging all the time, but L3 only during the IETF meetings. So self-assigned addresses and IPv6-LL work across it. I know that people are testing 1:1, and more open source means that people can run your code without you, but OTH, hardware offload is difficult to debug, and kernel debugging in the era of multi-socket systems with dozens, even hundreds, of cores is a difficult skill, probably with a short validity lifetime. (You need to retrain on the latest tools) The other thing that occured after the interops stopped occuring regularly was that the quality of interoperility went down. Abysmally. To the point where I'd say that IPsec was existentially challenged. It was just harder for people to figure out what they were doing wrong without access (and understanding) of the detailed debug for other systems... closed systems. People/companies that were in that round of interop were better off, but new entrants were significant disadvantaged. I have some specific ideas about how to hybrid online/in-person, and somewhat "continuously". 20 years ago I know we (FreeS/WAN team) tried to put up web intefaces to online test beds.... they were under used. Or perhaps used only by people with the wrong level of involvement. (I'm not trying to disparage anyone here: but someone who can't fix code won't be able to... fix code) Thanks for reading this far. I propose that we workshop the idea at the workshop. I might do 2-3 slides... at most. With the idea of creating 3-4 slides as a summary of the report. (%) - were it not for the travel challenges, I'd get RGM3 to host us in 2027 in Dearborn, MI for a 30th anniversary event. (%%) - At some point, someone said we couldn't call them bakeoffs, because Betty Crocker. I sure prefer that term. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
