Stéphane Bortzmeyer

Based in Paris (France)




Likes on articles

About the author

I work at AFNIC (the registry of .fr domain names), in the R&D department, on, among other things, DNS, security, statistics.

• On SAV: Why Is Source Address Validation Still a Problem? by Qasim Lone

You do not mention the use of RIPE Atlas probes. Is the user tag "iwantbcp38compliancetesting" still useful/used?

• On NOG.HR by Branimir Rajtar

You do not say if all the talks at the meeting were in croatian? (I ask because Vesna's one has a title in english.) I'm wondering if people are used to talk about things like QUIC in croatian.

• On Fragmentation: Still the Internet's Big Bad by Chris Buckridge

"Agreement that organisations such as the RIPE NCC or ICANN have the authority to administer Internet number or name resources" Organisations like the RIPE-NCC are a mean, not a goal in itself. If RIPE-NCC or ICANN were to be replaced by something else, it does not mean that the Internet would become fragmented. This mention of organisations appears a little bit too self-serving. "Agreement that these organisations will be governed according to multistakeholder processes" Again, this has nothing to do with fragmentation. If all the Internet were directed by Elon Musk according to a onestakeholder process, it does not mean it would be fragmented. Not every bad outcome is "fragmentation".

• On Measuring Encrypted-DNS Censorship Using OONI Probe by Simone Basso

"you generally identify DoT service endpoints by their IP name" Did you mean IP address?

• On Bias in Internet Measurement Infrastructure by Pavlos Sermpezis

Unless I'm wrong, the bias for RIPE Atlas probes is measured by the number of probes in the AS. Isn't there also a bias when asking N probes for a measurement, without specifying area/country/AS? Are we guaranteed that the set of probes we obtain respects the general population of probes? Or is there an extra bias here?

• On RIPE NCC Internet Country Report: Cyprus, Israel and Malta by Suzanne Taylor

"highly dependent on submarine cables for their connectivity" For islands, it is expected, no?

• Reply to Michael Booth on Splitting the Ping by Ben Cartwright-Cox

“Very nice write up, I like the detail of two way trip time. I'd also recommend looking in to ITU Y.1564, this works end to end at the application layer which may be more accurate. An ICMP ping may be processed by the processor on each layer three node (adding increased latency to what would be seen by other protocols such as http).”

« An ICMP ping may be processed by the processor on each layer three node (adding increased latency » Hmmm, certainly not. If you *direct* an ICMP echo request to a router, yes, the processing by the target (the router) will typically be slow, but, if you direct it to a remote machine, for all the routers on the path, it will just be an ordinary packet, forwarded like any other.

• On Splitting the Ping by Ben Cartwright-Cox

The README of sping has no usage instructions so, since it is not obvious, here is a summary: 0) Check that you have a clean path between the two machines (UDP port 6924 must pass) 1) On the responder (server / slave / pick the name you want), run sping without arguments 2) On the initiator (client / master / pick the name you want), run sping with -peers (I tried with IP addresses, may be it also works with names), for instance './sping -peers'. The result are displayed in the Web interface (by default, 'http://[::]:9523/metrics') under 'splitping_latency'. If you prefer see them in the console, add -debug.showstats to sping.

• On Who Protects You from Cyber Villains? by Youth IGF

"issues such as spam and copyright clearly cross the technical picket fence they have set" No, it is not at all clear to me and it requires explanations. How is copyright a technical issue? Also, it has nothing to do with the subject, which was protecting users (not Disney or Elsevier) from abuse.

• On NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack by petr_spacek

Regarding Geoff Huston's comment, and after discussion with Florian Maury, and with his authorization, I translate here his analysis : "The attack [NXNSattack] is quite different, and it has a significant impact. It was not detected at the time of iDNS. Moreover, the article  [about NXNSattack] is well written, mentions the related work and explains the differences. To summarize, this is an new and serious contribution."

Showing 52 comment(s)