add - Tuesday, March 9, 2021

add

add@jabber.ietf.org

Tuesday, March 9, 2021< ^ >

Ben Schwartz has set the subject to: ADD Interim Jan 2021 - Blue Sheets: https://codimd.ietf.org/notes-ietf-interim-2021-add-01-add

Room Configuration

Room Occupants

GMT+0
[11:57:46] Ash joins the room
[14:07:05] Yoshiro Yoneya_ joins the room
[14:12:31] Ash leaves the room
[14:16:16] Ash joins the room
[14:17:29] Meetecho joins the room
[14:20:03] Éric Vyncke_web_519 joins the room
[14:20:03] Subir Das_web_244 joins the room
[14:20:03] Paolo Saviano_web_899 joins the room
[14:20:03] Chris Lemmons_web_437 joins the room
[14:20:03] Daniel Gillmor_web_793 joins the room
[14:20:03] Tommy Jensen_web_319 joins the room
[14:20:03] Vincent Levigneron_web_405 joins the room
[14:20:03] Robert Story_web_749 joins the room
[14:20:03] Kazunori Fujiwara_web_254 joins the room
[14:20:03] Nicklas Pousette_web_861 joins the room
[14:20:03] Julien Maisonneuve_web_333 joins the room
[14:21:52] Peter Koch_web_243 joins the room
[14:22:18] Antoin Verschuren_web_365 joins the room
[14:23:01] Ole Trøan_web_149 joins the room
[14:23:27] Puneet Sood_web_988 joins the room
[14:24:10] Doug Stamper_web_303 joins the room
[14:24:15] Jason Weil_web_556 joins the room
[14:24:21] Ralf Weber_web_242 joins the room
[14:24:40] Benno Overeinder_web_215 joins the room
[14:24:43] Andrew Campling_web_112 joins the room
[14:25:11] Shinta Sato_web_348 joins the room
[14:25:29] Frode Kileng_web_906 joins the room
[14:25:31] David Lawrence_web_511 joins the room
[14:25:40] Scott Hollenbeck_web_736 joins the room
[14:25:42] Gianpaolo Scalone_web_513 joins the room
[14:25:54] Paul Wouters_web_475 joins the room
[14:26:05] frodek joins the room
[14:26:06] Benjamin Schwartz_web_541 joins the room
[14:26:08] Ralf Weber_web_242 leaves the room
[14:26:08] Luuk Hendriks_web_265 joins the room
[14:26:26] Glenn Deen_web_720 joins the room
[14:26:32] Christopher Wood_web_432 joins the room
[14:26:47] Farni Boten_web_119 joins the room
[14:26:48] Ash leaves the room
[14:26:51] Daniel Migault_web_951 joins the room
[14:26:55] Ralf Weber_web_920 joins the room
[14:26:58] Ralf Weber_web_920 leaves the room
[14:27:02] Ralf Weber_web_678 joins the room
[14:27:23] Christian Elmerot_web_705 joins the room
[14:27:24] Petr Špaček_web_401 joins the room
[14:27:29] Jonathan Hoyland_web_496 joins the room
[14:27:46] Chris Box_web_643 joins the room
[14:27:52] Thomas Duffy_web_604 joins the room
[14:27:59] Tom Carpay_web_665 joins the room
[14:28:07] jhoyla joins the room
[14:28:07] Jen Linkova_web_760 joins the room
[14:28:08] <Éric Vyncke_web_519> Many people in this WG meeting were in DPRIVE before ;-)
[14:28:18] tale joins the room
[14:28:31] Joe Harvey_web_886 joins the room
[14:28:45] Taiji Kimura_web_275 joins the room
[14:28:48] Eric Orth_web_781 joins the room
[14:29:05] Frode Sorensen_web_994 joins the room
[14:29:06] Jim Reid_web_163 joins the room
[14:29:14] tim costello_web_313 joins the room
[14:29:15] John Border_web_561 joins the room
[14:29:16] Anders Kölligan_web_493 joins the room
[14:29:17] Benno Overeinder joins the room
[14:29:21] Nancy Cam-Winget_web_756 joins the room
[14:29:24] Michael Breuer_web_775 joins the room
[14:29:24] Lixia Zhang_web_615 joins the room
[14:29:28] Kohei Isobe_web_752 joins the room
[14:29:29] James Galvin_web_168 joins the room
[14:29:37] David Lawrence_web_511 leaves the room
[14:29:40] David Lawrence_web_700 joins the room
[14:29:41] Wes Hardaker_web_579 joins the room
[14:29:49] Burt Kaliski_web_743 joins the room
[14:29:50] David Lawrence_web_700 leaves the room
[14:29:53] Benno Overeinder has set the subject to: IETF 110 - ADD
[14:29:53] David Lawrence_web_992 joins the room
[14:29:56] Mark Nottingham_web_276 joins the room
[14:29:57] Patrick Tarpey_web_660 joins the room
[14:30:08] Chi-Jiun Su_web_160 joins the room
[14:30:11] Richard Wilhelm_web_526 joins the room
[14:30:11] Hiromu Shiozawa_web_477 joins the room
[14:30:14] Andrew McConachie_web_162 joins the room
[14:30:14] Yuji Koyama_web_248 joins the room
[14:30:20] Mike Bishop_web_297 joins the room
[14:30:21] Libor Peltan_web_578 joins the room
[14:30:25] <Chris Lemmons_web_437> I can help scribe.
[14:30:27] Shumon Huque_web_206 joins the room
[14:30:30] Barry Leiba_web_974 joins the room
[14:30:32] Kirsty Paine_web_798 joins the room
[14:30:40] Mike English_web_186 joins the room
[14:30:40] Dominique Lazanski_web_115 joins the room
[14:30:42] Samuel Weiler_web_936 joins the room
[14:30:42] <tale > Thank you, Chris.
[14:30:45] Tommy Pauly_web_510 joins the room
[14:30:50] Andrew S_web_487 joins the room
[14:30:54] Eric Rescorla_web_757 joins the room
[14:30:55] Jiri Novotny_web_186 joins the room
[14:31:04] Kohei Isobe_web_752 leaves the room
[14:31:06] Ray Bellis_web_189 joins the room
[14:31:09] David Schinazi_web_317 joins the room
[14:31:10] dkg joins the room
[14:31:19] Joao Damas_web_974 joins the room
[14:31:20] Alexander Mayrhofer_web_778 joins the room
[14:31:22] Erik Kline_web_206 joins the room
[14:31:25] Neil Cook_web_725 joins the room
[14:31:31] Mohamed Boucadair_web_556 joins the room
[14:31:31] Brett Carr_web_295 joins the room
[14:31:32] Tero Kivinen_web_341 joins the room
[14:31:32] Vittorio Bertola_web_301 joins the room
[14:31:34] Fred Baker_web_482 joins the room
[14:31:36] jdub99@sure.im joins the room
[14:31:47] Meetecho leaves the room
[14:31:50] Hannu Flinck_web_606 joins the room
[14:31:51] Joey Salazar_web_752 joins the room
[14:31:54] Niels ten Oever_web_285 joins the room
[14:31:54] Willem Toorop_web_773 joins the room
[14:31:59] Eric Kinnear_web_826 joins the room
[14:32:00] Nicklas Pousette_web_861 leaves the room
[14:32:00] <tale > https://codimd.ietf.org/notes-ietf-110-add is the note taking etherpad; folks please follow along and help Chris out
[14:32:00] jdub99@sure.im leaves the room
[14:32:01] Dan Druta_web_508 joins the room
[14:32:03] Nicklas Pousette_web_334 joins the room
[14:32:06] Ben Schwartz joins the room
[14:32:17] Lu Zhao_web_763 joins the room
[14:32:18] Andreas Pantelopoulos_web_682 joins the room
[14:32:18] Francisco Arias_web_620 joins the room
[14:32:18] Francisco Arias_web_620 leaves the room
[14:32:29] Francisco Arias_web_110 joins the room
[14:32:30] Jason Weil_web_556 leaves the room
[14:32:31] Swapneel Sheth_web_268 joins the room
[14:32:34] Christopher Inacio_web_630 joins the room
[14:32:35] Jason Weil_web_822 joins the room
[14:32:37] Peter Feil_web_880 joins the room
[14:32:53] Duane Wessels_web_311 joins the room
[14:32:53] Daiki Ueno_web_778 joins the room
[14:33:11] Olaf Kolkman_web_974 joins the room
[14:33:16] Erik Nygren_web_127 joins the room
[14:33:23] HAIGUANG Wang_web_300 joins the room
[14:33:26] Linlin Zhou_web_545 joins the room
[14:33:52] PE_web_256 joins the room
[14:33:53] Francois Ortolan_web_290 joins the room
[14:34:10] HAIGUANG Wang_web_300 leaves the room
[14:34:19] HAIGUANG Wang_web_782 joins the room
[14:34:28] Jari Arkko_web_545 joins the room
[14:34:29] Chris Seal_web_848 joins the room
[14:34:48] Sara Dickinson_web_432 joins the room
[14:34:48] Jean-Michel Combes_web_436 joins the room
[14:34:58] Linlin Zhou_web_545 leaves the room
[14:35:08] Philipp Tiesel_web_606 joins the room
[14:35:15] Dan Druta_web_508 leaves the room
[14:36:07] Jiao Kang_web_239 joins the room
[14:36:22] Oshani Dayaratna_web_639 joins the room
[14:36:33] Stephan Emile_web_597 joins the room
[14:36:39] Benjamin Kaduk_web_961 joins the room
[14:36:56] <Chris Box_web_643> You can find these at https://github.com/ietf-wg-add/draft-ietf-add-ddr/issues
[14:36:57] Matthew Quick_web_557 joins the room
[14:37:02] <Eric Orth_web_781> Doesn't the SVCB draft already say hints should be included?
[14:37:20] Zaid AlBanna_web_281 joins the room
[14:37:36] Valery Smyslov_web_451 joins the room
[14:37:54] Tirumaleswar Reddy.K_web_706 joins the room
[14:38:02] Ulrich Wisser_web_442 joins the room
[14:38:16] Dan Druta_web_487 joins the room
[14:38:38] <Eric Orth_web_781> But overall, +1 to Ben's point there.  We should be careful of anything redundant with the SVCB draft.  Don't want SVCB implementers to feel any implied need to write DDR-specific SVCB logic.
[14:38:39] Oshani Dayaratna_web_639 leaves the room
[14:38:41] <Ben Schwartz> Eric: No, it doesn't contain a recommendation
[14:38:45] Oshani Dayaratna_web_914 joins the room
[14:38:49] Gabriel Montenegro_web_691 joins the room
[14:38:54] Avri Doria_web_991 joins the room
[14:39:21] kaduk@jabber.org/barnowl joins the room
[14:39:24] Oshani Dayaratna_web_914 leaves the room
[14:39:37] Francois Ortolan_web_290 leaves the room
[14:39:44] Suzanne Woolf_web_724 joins the room
[14:39:44] Francois Ortolan_web_805 joins the room
[14:39:52] Tim April_web_463 joins the room
[14:40:27] Pallavi Aras_web_581 joins the room
[14:40:34] kaduk@jabber.org/barnowl has set the subject to: IETF 110 - ADD
[14:40:49] Dan Druta_web_487 leaves the room
[14:40:49] Yuji Koyama_web_248 leaves the room
[14:40:49] Benjamin Kaduk_web_961 leaves the room
[14:40:49] Daiki Ueno_web_778 leaves the room
[14:40:54] Benjamin Kaduk_web_187 joins the room
[14:40:54] Daiki Ueno_web_654 joins the room
[14:40:55] Yuji Koyama_web_338 joins the room
[14:40:55] Dan Druta_web_715 joins the room
[14:41:39] Meetecho joins the room
[14:41:43] Lorenzo Colitti_web_125 joins the room
[14:42:03] Nicklas Pousette_web_334 leaves the room
[14:42:07] Nicklas Pousette_web_234 joins the room
[14:42:16] Yihao Jia_web_101 joins the room
[14:42:58] Matt Green_web_200 joins the room
[14:43:21] kaduk@jabber.org/barnowl has set the subject to: IETF 110 - ADD
[14:43:32] Yihao Jia_web_101 leaves the room
[14:43:49] kaduk@jabber.org/barnowl has set the subject to: IETF 110 - ADD
[14:44:31] <tale > Hop in queue if you'd like to comment for the notes
[14:44:44] Omer Shapira_web_617 joins the room
[14:44:45] David Smith_web_662 joins the room
[14:44:50] Nicklas Pousette_web_234 leaves the room
[14:44:59] Nicklas Pousette_web_202 joins the room
[14:44:59] Gabriel Montenegro_web_691 leaves the room
[14:45:15] Mark Nottingham_web_276 leaves the room
[14:45:27] Dan McArdle_web_248 joins the room
[14:45:53] Marcus Ihlar_web_388 joins the room
[14:45:58] Sanjay Mishra_web_135 joins the room
[14:46:11] Yihao Jia_web_673 joins the room
[14:46:33] Gabriel Montenegro_web_464 joins the room
[14:47:02] Ralf Weber_web_678 leaves the room
[14:47:06] Ralf Weber_web_834 joins the room
[14:47:13] Jody Kolker_web_905 joins the room
[14:47:17] <Eric Rescorla_web_757> So it seems to me like there are two models here:
[14:47:19] Simon Hicks_web_438 joins the room
[14:47:20] <Eric Rescorla_web_757> 1. This is a CNAME
[14:47:23] <Eric Rescorla_web_757> 2. This is a 302
[14:47:33] <Ben Schwartz> It's a CNAME
[14:47:39] Tim April_web_463 leaves the room
[14:47:39] <Eric Rescorla_web_757> And I think that Ben and I think it's a CANME
[14:47:41] <Eric Rescorla_web_757> CNAME
[14:47:43] Tim April_web_636 joins the room
[14:48:02] <dkg> a CNAME for a raw IP address?
[14:48:10] <Eric Rescorla_web_757> Well, conceptually :)
[14:48:13] <dkg> that's the impedence mismatch, though
[14:48:44] <Tommy Pauly_web_510> That the name is a CNAME? Sure, for the purposes of where we find the address. But I'm not going to use the raw original IP address as my HTTP authority, am I?
[14:48:51] <dkg> (fwiw, i also want it to be like a CNAME)
[14:48:59] <Eric Rescorla_web_757> Tommy: well, you actually could
[14:49:06] <Ben Schwartz> Tommy: Yes, the IP is the authority
[14:49:20] <Ben Schwartz> Cloudflare's URL is https://1.1.1.1/dns-query, no matter what endpoint you are reaching
[14:49:50] <dkg> Ben Schwartz: it could also be https://cloudflare-dns.com/dns-query no?
[14:49:56] <Ben Schwartz> Those are different URLs
[14:49:58] <kaduk@jabber.org/barnowl> There is perhaps also an analogy (though not a clear one) to SMTP
certificate validation, which is ... kind of a mess.
[14:50:02] <Jim Reid_web_163> Where's the cert for that IP address, the reverse DNS tree?
[14:50:27] <dkg> the cert has a sAN of type iPAddress
[14:50:44] <dkg> instead of a sAN of type dNSName
[14:51:47] Gianpaolo Scalone_web_513 leaves the room
[14:51:51] Gianpaolo Scalone_web_685 joins the room
[14:52:15] <zulipbot> (Erik Nygren) SVCB is more equivalent to a CNAME.  But this "designated" model is somewhat different from the HTTPS-style uses of SVCB so perhaps this doesn't work.  Do we need a param to indicate a host/origin/sni to use and validate?
[14:52:43] <Eric Rescorla_web_757> yes, we definitely need the IP in the cert
[14:52:46] Jason Weil_web_822 leaves the room
[14:52:52] <Eric Rescorla_web_757> Otherwise it's totally insecure
[14:53:01] Jason Weil_web_554 joins the room
[14:54:30] Ralf Weber_web_834 leaves the room
[14:54:33] Ralf Weber_web_644 joins the room
[14:54:45] Ralf Weber_web_644 leaves the room
[14:54:55] Monika Ermert_web_624 joins the room
[14:55:01] <Daniel Migault_web_951> 1.1.1. controls doh.example is achived by a cert that contains both the IP address and the fqdn. It is unclear to me if we are using something different to ensure doh.example also controls 1.1.1.1.
[14:55:21] Ralf Weber_web_274 joins the room
[14:55:22] Sara Dickinson_web_432 leaves the room
[14:55:40] <Erik Nygren_web_127> If we're going to use IP in the cert, we'll also need to get TLS WG to better define sending IP addresses in SNI.
[14:55:45] <kaduk@jabber.org/barnowl> > Asking a stock http stack to check multiple names in a single
> connection is a weird requirement
Well ... unless it's an http/3 stack and you're coalescing
[14:56:03] Peter Koch_web_243 leaves the room
[14:56:04] Jim Reid_web_163 leaves the room
[14:56:07] Peter Koch_web_736 joins the room
[14:56:12] ekr@jabber.org joins the room
[14:56:19] Jim Reid_web_813 joins the room
[14:56:25] Craig Taylor_web_132 joins the room
[14:56:30] Craig Taylor_web_132 leaves the room
[14:56:30] <kaduk@jabber.org/barnowl> > sending IP addresses in SNI
I propose a new TLS extension, server number indication
[14:56:32] Niels ten Oever_web_285 leaves the room
[14:56:32] <dkg> Erik Nygren_web_127: that's a good point
[14:56:33] Craig Taylor_web_620 joins the room
[14:56:35] Niels ten Oever_web_273 joins the room
[14:57:04] <dkg> kaduk@jabber.org/barnowl: i can't tell whether you're serious
[14:57:17] Jari Arkko_web_545 leaves the room
[14:57:22] Jari Arkko_web_452 joins the room
[14:57:23] <Mike Bishop_web_297> Sending an HTTP request with a Host of an IP address that the server doesn't possess will be... interesting.
[14:57:24] <Erik Nygren_web_127> (credit goes to rsalz for pointing out that issue of needing to define IP addresses for SNI better)
[14:58:01] <Tommy Jensen_web_319> Note: the Windows DoH server list expresses no "trust" whatsoever. It is a list of known URI mappings to allow bootstrap in a world without DDR.
[14:58:03] <dkg> kaduk: if both S(Name)I and S(Number)I are present in the client hello, how is certificate selection supposed to work?
[14:58:26] John Preuß Mattsson_web_978 joins the room
[14:59:01] Burt Kaliski_web_743 leaves the room
[14:59:04] <Jonathan Hoyland_web_496> @dkg wouldn't the correct behaviour to present a cert with both the name and the number?
[14:59:05] <dkg> The main problem we're having here is that we're jamming an IP address in places where we have a reasonably-well-defined semantic for DNS names.
[14:59:12] <kaduk@jabber.org/barnowl> dkg: I can't tell if I'm serious, either ... but the existing in-SNI
extension point is pretty rusted shut
[14:59:15] <ekr@jabber.org> @dkg: is there any way around that?
[14:59:24] <dkg> Jonathan Hoyland_web_496: sure, if you have one.  what if you don't have one with both?
[14:59:40] Dominique Lazanski_web_115 leaves the room
[14:59:43] <Jonathan Hoyland_web_496> Then you can't service the request.
[14:59:51] neednnelg@sure.im joins the room
[14:59:55] <Jonathan Hoyland_web_496> Or you could try and use Exported Authenticators.
[14:59:59] <kaduk@jabber.org/barnowl> I think that the natural extension of RFC 6066 SNI semantics is that
the server picks which one it will honor
[15:00:07] Tero Kivinen_web_341 leaves the room
[15:00:21] <dkg> can the client signal which one it prefers?
[15:00:31] Jody Kolker_web_905 leaves the room
[15:00:35] Craig Taylor_web_620 leaves the room
[15:00:38] <Jonathan Hoyland_web_496> Wouldn't that change the semantics?
[15:00:40] Craig Taylor_web_193 joins the room
[15:00:43] <dkg> it would
[15:00:45] Jonathan Hoyland_web_496 leaves the room
[15:00:46] Lorenzo Colitti_web_125 leaves the room
[15:00:46] Hannu Flinck_web_606 leaves the room
[15:00:51] Jonathan Hoyland_web_333 joins the room
[15:00:51] Lorenzo Colitti_web_483 joins the room
[15:01:06] Hannu Flinck_web_961 joins the room
[15:01:14] <Jonathan Hoyland_web_333> Then that is a much bigger change, no?
[15:01:28] Marcus Ihlar_web_388 leaves the room
[15:01:30] Peter Feil_web_880 leaves the room
[15:01:33] Nalini Elkins_web_110 joins the room
[15:01:33] Peter Feil_web_664 joins the room
[15:01:39] Peter Feil_web_664 leaves the room
[15:01:48] <kaduk@jabber.org/barnowl> Even within RFC 6066's server_name_list there is no stated indication
of client preference
[15:01:56] Joe Harvey_web_886 leaves the room
[15:02:01] Joe Harvey_web_967 joins the room
[15:02:26] <Andrew Campling_web_112> I think that Ben's referring to the 85% point that came up in the virtual interim
[15:02:26] <dkg> Ben, where do you want the encrypted connection?  from the client to the AP, or from the AP to the ISP's resolver
[15:02:27] Wes Hardaker_web_579 leaves the room
[15:02:29] Lixia Zhang_web_615 leaves the room
[15:02:32] Lixia Zhang_web_606 joins the room
[15:02:32] Wes Hardaker_web_446 joins the room
[15:02:36] <Tommy Jensen_web_319> Ben: I think this is covered on the next slide
[15:02:44] Peter Feil_web_455 joins the room
[15:03:27] Jyrki Soini_web_891 joins the room
[15:03:28] <Ben Schwartz> dkg: client to ISP, in the "legacy" case
[15:03:54] <Chris Box_web_643> This case is definitely useful to solve
[15:04:14] <Eric Rescorla_web_757> @Ben: can you provide a link to your proposed solution?
[15:04:15] <Neil Cook_web_725> And for non-legacy case, client to AP should also be supported
[15:04:27] <Chris Box_web_643> Of course
[15:04:37] <Ben Schwartz> Neil Cook_web_725: This draft does cover that
[15:04:57] Craig Taylor_web_193 leaves the room
[15:05:01] <Neil Cook_web_725> yes, just clarifying
[15:05:03] <Ben Schwartz> Eric: https://github.com/tfpauly/draft-pauly-adaptive-dns-privacy/pull/147
[15:05:04] Nalini Elkins_web_110 leaves the room
[15:05:07] Nalini Elkins_web_288 joins the room
[15:05:23] Nalini Elkins_web_288 leaves the room
[15:05:36] Nalini Elkins_web_872 joins the room
[15:06:05] <ekr@jabber.org> thx
[15:06:42] Yihao Jia_web_673 leaves the room
[15:07:16] Yihao Jia_web_306 joins the room
[15:07:28] Jiankang Yao_web_410 joins the room
[15:07:41] Gianpaolo Scalone_web_685 leaves the room
[15:07:49] <Tommy Pauly_web_510> @Ben it may be good to move the PR over to the WG repo so it's more visible for all
[15:08:00] <Chris Box_web_643> Yes please
[15:08:15] Brad Gorman_web_819 joins the room
[15:08:18] <Eric Kinnear_web_826> +1 Daniel, always good to capture in an issue
[15:08:23] <Erik Nygren_web_127> On the CNAME vs 302 argument as the SVCB analogue, if one follows CNAME literally then the cert should be for "resolver.arpa" which clearly isn't an option.  :-)
[15:08:25] Jiankang Yao_web_410 leaves the room
[15:08:27] Yoshiro Yoneya_web_192 joins the room
[15:08:30] Jiankang Yao_web_938 joins the room
[15:08:31] Yihao Jia_web_306 leaves the room
[15:08:51] Jiankang Yao_web_938 leaves the room
[15:08:54] Jiankang Yao_web_841 joins the room
[15:09:06] Gabriel Montenegro_web_464 leaves the room
[15:09:12] <Tommy Jensen_web_319> +1, please move your PR over Ben. Happy to discuss. I do agree with your current point that this could end up being a different draft.
[15:09:15] Gabriel Montenegro_web_158 joins the room
[15:09:16] Yihao Jia_web_427 joins the room
[15:09:27] <Tommy Pauly_web_510> @Erik, good point!
[15:09:43] <Tommy Jensen_web_319> Sorry to take so much of your time Med :(
[15:09:51] Jiankang Yao_web_841 leaves the room
[15:10:08] <Chris Box_web_643> https://github.com/ietf-wg-add/draft-ietf-add-dnr/issues
[15:10:24] Jiankang Yao_web_539 joins the room
[15:10:50] Jiao Kang_web_239 leaves the room
[15:10:56] Jiao Kang_web_456 joins the room
[15:11:21] Jiankang Yao_web_539 leaves the room
[15:11:43] <ekr@jabber.org> why aren't we just providing a SVCB record?
[15:11:46] <ekr@jabber.org> Effectively?
[15:12:01] Jiankang Yao_web_416 joins the room
[15:12:21] <Éric Vyncke_web_519> What I really wonder about is why allowing multiple protocols (DoT DoT DoQ...) but a single port field
[15:12:36] Benjamin Kaduk_web_187 leaves the room
[15:12:52] kaduk@jabber.org/barnowl leaves the room
[15:13:08] <Ben Schwartz> Or just the name and make the client do a SVCB query
[15:13:19] <Ben Schwartz> A la DDR Section 4.1
[15:13:41] Joao Damas_web_974 leaves the room
[15:13:58] Brad Gorman_web_819 leaves the room
[15:14:25] <Ben Schwartz> Oops, Section 5
[15:15:02] Pallavi Aras_web_581 leaves the room
[15:15:05] Pallavi Aras_web_196 joins the room
[15:15:06] John Woodworth_web_120 joins the room
[15:15:07] <Tommy Jensen_web_319> @ben Forcing DDR when DHCP/RA could provide the same information adds an unnecessary RTT. Format is definitely an open topic of course.
[15:15:30] <Ben Schwartz> We're not talking about a roundtrip on every page load :)
[15:15:37] <Tommy Jensen_web_319> It also opens up DNS attacks whereas this (DHCP/RA straight to encrypted connection) only has DHCP/RA attacks in plain text
[15:15:55] <Tommy Pauly_web_510> Stick the DNS record in DHCP ;)
[15:15:59] Nicklas Pousette_web_202 leaves the room
[15:16:02] Nicklas Pousette_web_773 joins the room
[15:16:16] <Ben Schwartz> Yeah, I would just literally ship a bunch of DNS records
[15:16:16] Marcus Ihlar_web_854 joins the room
[15:16:25] <Chris Lemmons_web_437> Thanks for the people helping with the notes. :)
[15:16:27] <Ben Schwartz> SVCB, CNAME, A, AAAA ... whatever you would get from DDR
[15:16:33] <ekr@jabber.org> exactly
[15:16:35] <Éric Vyncke_web_519> @Tommy of use PvD :-)
[15:16:43] <Tommy Pauly_web_510> Quite so
[15:17:12] Stephen Farrell_web_411 joins the room
[15:17:43] <ekr@jabber.org> I would say we should *either* do just the name *or* "everything in DDR"
[15:17:45] Benjamin Kaduk_web_336 joins the room
[15:17:51] <ekr@jabber.org> But this intermediate thing doesn't work
[15:17:59] <Tommy Pauly_web_510> +1 ekr
[15:18:00] kaduk@jabber.org/barnowl joins the room
[15:18:06] Vladimír Čunát_web_124 joins the room
[15:18:13] <Erik Nygren_web_127> If this is just SVCB defined in DDR then the DDR could either be an AliasForm ("just the name") or a ServiceForm ("name and config")
[15:18:16] <Neil Cook_web_725> +1
[15:18:52] sftcd joins the room
[15:18:58] Nalini Elkins_web_872 leaves the room
[15:19:06] <Erik Nygren_web_127> which is one of the reasons SVCB has AliasForm: to be able to handle the just-the-name-please-delegate-all-the-details-over-to-some-other-entity to another name.
[15:19:22] Vladimír Čunát_web_124 leaves the room
[15:19:29] <Patrick Tarpey_web_660> This would only happen on IP address allocation, so a few additional look ups for specific records seems quicker and easier to implment...
[15:19:41] Antony Antony_web_209 joins the room
[15:19:56] <Éric Vyncke_web_519> Having two options rather than combining the two pieces of information in one option does not look good to me (esp when talking about IPv6 RA)
[15:19:57] <Francois Ortolan_web_805> +1 Patrick
[15:20:13] <ekr@jabber.org> It's worth noting that in the DDR-in-DHCP version, you don't need the weird DDR IP address comparison stuff
[15:20:20] <ekr@jabber.org> Like the DHCP can just carry the domain name you want
[15:20:44] Mirja Kühlewind_web_993 joins the room
[15:20:52] Thomas Duffy_web_604 leaves the room
[15:21:59] Michael Palage_web_320 joins the room
[15:22:07] Jiao Kang_web_456 leaves the room
[15:22:25] Farni Boten_web_119 leaves the room
[15:22:28] Farni Boten_web_764 joins the room
[15:22:30] John Woodworth_web_120 leaves the room
[15:22:33] <Eric Orth_web_781> @ErikNygren: Good point.  If we just go with DDR-SVCB-record-in-DHCP, we've essentially created the case allowing the option of either everything or just the name.  We could make a recommendation to do one of service or alias form if we really think one is better.
[15:22:35] John Woodworth_web_414 joins the room
[15:23:30] <Ben Schwartz> I would still want an explicit name, not just via an AliasMode record, so that a really simple client can ignore those records and just do DDR off the name
[15:23:53] <Paul Wouters_web_475> for IKEv2, it all really will point to the one or two DNS servers that support every flavour of encrypted DNS
[15:24:26] <dkg> is there a linkage problem if the DHCP response offers multiple DNS resolver IPs?
[15:24:29] Farni Boten_web_764 leaves the room
[15:24:32] Farni Boten_web_331 joins the room
[15:24:48] Pallavi Aras_web_196 leaves the room
[15:24:50] <Ben Schwartz> dkg: Do you mean linkability?
[15:24:55] <Paul Wouters_web_475> dkg: why are you trusting DHCP offered DNS servers for privacy to begin with? :P
[15:25:03] Stan Srednyak_web_314 joins the room
[15:25:11] <Éric Vyncke_web_519> One reason why those 2 pieces of info must be in a single/atomic option
[15:25:13] <dkg> no, i'm not asking about linkability
[15:25:18] <dkg> i'll try to bring it to the mic
[15:25:25] <Tommy Pauly_web_510> You don't need DNSSEC for this to be safe
[15:25:25] <Erik Nygren_web_127> and we could just have the option to cram in both records into the option (but might be getting big?  Not sure on the RA option record size limits since it is ICMPv6 and you don't want to go fragmenting it)
[15:25:26] <Eric Rescorla_web_757> I don't see how DNSSEC is relevant here
[15:25:38] <dkg> i might just be confused, happy to be unconfused by others :)
[15:25:40] Ben Schwartz in queue to clarify the DNSSEC question
[15:27:10] Benjamin Kaduk_web_336 leaves the room
[15:27:20] Michael Palage_web_320 leaves the room
[15:27:51] Nalini Elkins_web_735 joins the room
[15:28:07] Marcus Ihlar_web_854 leaves the room
[15:28:44] <Jim Reid_web_813> @ Patrick, the overhead of an extra query or two could be an acceptable trade-off if it simplifies the protocol or minimises the threat surface.
[15:28:59] Peter Feil_web_455 leaves the room
[15:29:09] <Chris Box_web_643> Or simplifies operational management
[15:29:17] <Tommy Pauly_web_510> @DKG, yes it should have name-address maps
[15:29:19] <Tommy Pauly_web_510> That's good
[15:29:26] <Jim Reid_web_813> that too Chris.
[15:29:57] Scott Hollenbeck_web_736 leaves the room
[15:29:57] <Erik Nygren_web_127> "DNS-stapling"
[15:30:17] Christopher Wood_web_432 leaves the room
[15:31:00] Matt Green_web_200 leaves the room
[15:31:13] HAIGUANG Wang_web_782 leaves the room
[15:31:20] Shinta Sato_web_348 leaves the room
[15:31:28] Francois Ortolan_web_805 leaves the room
[15:31:30] Tim April_web_636 leaves the room
[15:31:32] Paul Wouters_web_475 leaves the room
[15:31:36] Richard Wilhelm_web_526 leaves the room
[15:31:45] Frode Sorensen_web_994 leaves the room
[15:31:46] Francisco Arias_web_110 leaves the room
[15:32:24] Andreas Pantelopoulos_web_682 leaves the room
[15:32:34] Ulrich Wisser_web_442 leaves the room
[15:32:35] Andrew McConachie_web_162 leaves the room
[15:32:39] Christian Elmerot_web_705 leaves the room
[15:32:42] Christian Elmerot_web_702 joins the room
[15:32:47] Swapneel Sheth_web_268 leaves the room
[15:32:48] Ole Trøan_web_149 leaves the room
[15:32:49] Jonathan Hoyland_web_333 leaves the room
[15:32:53] Samuel Weiler_web_936 leaves the room
[15:32:59] Eric Rescorla_web_757 leaves the room
[15:33:00] Avri Doria_web_991 leaves the room
[15:33:01] Patrick Tarpey_web_660 leaves the room
[15:33:02] PE_web_256 leaves the room
[15:33:02] Jiri Novotny_web_186 leaves the room
[15:33:03] Frode Kileng_web_906 leaves the room
[15:33:03] Lu Zhao_web_763 leaves the room
[15:33:03] Eric Orth_web_781 leaves the room
[15:33:04] Vittorio Bertola_web_301 leaves the room
[15:33:04] Jen Linkova_web_760 leaves the room
[15:33:04] Daniel Migault_web_951 leaves the room
[15:33:04] John Border_web_561 leaves the room
[15:33:05] Andrew S_web_487 leaves the room
[15:33:05] Taiji Kimura_web_275 leaves the room
[15:33:05] Ray Bellis_web_189 leaves the room
[15:33:05] Nancy Cam-Winget_web_756 leaves the room
[15:33:05] Gabriel Montenegro_web_158 leaves the room
[15:33:05] Tommy Pauly_web_510 leaves the room
[15:33:06] Stan Srednyak_web_314 leaves the room
[15:33:06] Dan McArdle_web_248 leaves the room
[15:33:06] Antony Antony_web_209 leaves the room
[15:33:06] Daiki Ueno_web_654 leaves the room
[15:33:06] Barry Leiba_web_974 leaves the room
[15:33:06] Chris Box_web_643 leaves the room
[15:33:07] Chi-Jiun Su_web_160 leaves the room
[15:33:07] Tirumaleswar Reddy.K_web_706 leaves the room
[15:33:07] Eric Kinnear_web_826 leaves the room
[15:33:07] Mirja Kühlewind_web_993 leaves the room
[15:33:08] Shumon Huque_web_206 leaves the room
[15:33:08] David Lawrence_web_992 leaves the room
[15:33:08] Andrew Campling_web_112 leaves the room
[15:33:08] Libor Peltan_web_578 leaves the room
[15:33:09] Tommy Jensen_web_319 leaves the room
[15:33:09] tim costello_web_313 leaves the room
[15:33:09] Mike Bishop_web_297 leaves the room
[15:33:09] Hannu Flinck_web_961 leaves the room
[15:33:09] Mohamed Boucadair_web_556 leaves the room
[15:33:09] Anders Kölligan_web_493 leaves the room
[15:33:09] Stephen Farrell_web_411 leaves the room
[15:33:09] Nalini Elkins_web_735 leaves the room
[15:33:10] Simon Hicks_web_438 leaves the room
[15:33:10] Neil Cook_web_725 leaves the room
[15:33:10] Suzanne Woolf_web_724 leaves the room
[15:33:10] Benjamin Schwartz_web_541 leaves the room
[15:33:11] Farni Boten_web_331 leaves the room
[15:33:12] Sanjay Mishra_web_135 leaves the room
[15:33:13] Jim Reid_web_813 leaves the room
[15:33:13] Tom Carpay_web_665 leaves the room
[15:33:15] Duane Wessels_web_311 leaves the room
[15:33:15] Julien Maisonneuve_web_333 leaves the room
[15:33:16] Dan Druta_web_715 leaves the room
[15:33:16] Jyrki Soini_web_891 leaves the room
[15:33:17] Éric Vyncke_web_519 leaves the room
[15:33:17] David Smith_web_662 leaves the room
[15:33:17] Kirsty Paine_web_798 leaves the room
[15:33:17] Yuji Koyama_web_338 leaves the room
[15:33:17] Jari Arkko_web_452 leaves the room
[15:33:19] Peter Koch_web_736 leaves the room
[15:33:19] Puneet Sood_web_988 leaves the room
[15:33:21] Christian Elmerot_web_702 leaves the room
[15:33:23] Robert Story_web_749 leaves the room
[15:33:24] Jean-Michel Combes_web_436 leaves the room
[15:33:29] Wes Hardaker_web_446 leaves the room
[15:33:32] Ralf Weber_web_274 leaves the room
[15:33:36] Hiromu Shiozawa_web_477 leaves the room
[15:33:42] Kazunori Fujiwara_web_254 leaves the room
[15:33:44] Lorenzo Colitti_web_483 leaves the room
[15:33:49] Doug Stamper_web_303 leaves the room
[15:33:50] Jiankang Yao_web_416 leaves the room
[15:33:52] Yoshiro Yoneya_web_192 leaves the room
[15:33:53] Christopher Inacio_web_630 leaves the room
[15:34:03] Joe Harvey_web_967 leaves the room
[15:34:06] Valery Smyslov_web_451 leaves the room
[15:34:10] Glenn Deen_web_720 leaves the room
[15:34:11] Antoin Verschuren_web_365 leaves the room
[15:34:16] Philipp Tiesel_web_606 leaves the room
[15:34:50] Fred Baker_web_482 leaves the room
[15:34:58] Yoshiro Yoneya_ leaves the room
[15:35:20] Michael Breuer_web_775 leaves the room
[15:35:26] John Woodworth_web_414 leaves the room
[15:35:44] John Preuß Mattsson_web_978 leaves the room
[15:35:51] Ben Schwartz leaves the room
[15:36:09] neednnelg@sure.im leaves the room
[15:36:17] Daniel Gillmor_web_793 leaves the room
[15:36:18] Paolo Saviano_web_899 leaves the room
[15:36:18] Luuk Hendriks_web_265 leaves the room
[15:36:18] Petr Špaček_web_401 leaves the room
[15:36:18] James Galvin_web_168 leaves the room
[15:36:18] Subir Das_web_244 leaves the room
[15:36:18] Vincent Levigneron_web_405 leaves the room
[15:36:18] Mike English_web_186 leaves the room
[15:36:18] Chris Lemmons_web_437 leaves the room
[15:36:18] Benno Overeinder_web_215 leaves the room
[15:36:18] Erik Kline_web_206 leaves the room
[15:36:18] Joey Salazar_web_752 leaves the room
[15:36:18] Jason Weil_web_554 leaves the room
[15:36:18] Brett Carr_web_295 leaves the room
[15:36:18] Monika Ermert_web_624 leaves the room
[15:36:18] Olaf Kolkman_web_974 leaves the room
[15:36:18] Stephan Emile_web_597 leaves the room
[15:36:18] Omer Shapira_web_617 leaves the room
[15:36:18] Alexander Mayrhofer_web_778 leaves the room
[15:36:18] Matthew Quick_web_557 leaves the room
[15:36:18] Zaid AlBanna_web_281 leaves the room
[15:36:18] Erik Nygren_web_127 leaves the room
[15:36:18] Chris Seal_web_848 leaves the room
[15:36:18] Willem Toorop_web_773 leaves the room
[15:36:18] Yihao Jia_web_427 leaves the room
[15:36:18] Nicklas Pousette_web_773 leaves the room
[15:36:18] Lixia Zhang_web_606 leaves the room
[15:36:18] Niels ten Oever_web_273 leaves the room
[15:36:18] David Schinazi_web_317 leaves the room
[15:38:06] Meetecho leaves the room
[15:39:17] kaduk@jabber.org/barnowl leaves the room
[15:52:35] frodek leaves the room
[15:52:49] sftcd leaves the room
[16:03:21] Benno Overeinder leaves the room: Disconnected: closed
[16:29:41] tale leaves the room
[18:07:24] ekr@jabber.org leaves the room
[20:20:49] zulipbot leaves the room: Disconnected: closed
[20:23:06] dkg leaves the room: leaving
[20:24:33] zulipbot joins the room
[20:25:06] zulipbot leaves the room: Disconnected: closed
[20:38:40] zulipbot joins the room
[20:38:57] zulipbot leaves the room: Disconnected: closed
[20:39:00] zulipbot joins the room
[20:39:23] zulipbot leaves the room: Disconnected: closed
[20:39:31] zulipbot joins the room
[20:39:52] zulipbot leaves the room: Disconnected: closed
[20:42:32] zulipbot joins the room
[20:43:36] zulipbot leaves the room: Disconnected: closed
[21:27:59] jhoyla leaves the room

Powered by ejabberd - robust, scalable and extensible XMPP server