[01:20:26] --- keith.brazington has joined
[02:34:58] --- keith.brazington has left
[02:40:51] --- keith.brazington has joined
[05:58:27] --- rstory has joined
[06:09:02] --- keith.brazington has left
[06:09:32] --- keith.brazington has joined
[08:53:10] --- keith.brazington has joined
[09:01:30] --- roy has joined
[09:12:16] --- mikeb has joined
[09:45:34] --- russmundy@jabber.org has joined
[09:57:02] --- wouter has joined
[09:57:36] --- ogud: Olafur Gudmundsson has joined
[09:59:17] <roy> Audio works
[09:59:59] --- mrichardson has joined
[10:00:00] --- mrichardson has left
[10:00:04] --- yone has joined
[10:00:11] --- sm has joined
[10:01:26] --- dblacka has joined
[10:02:19] --- matthijs has joined
[10:04:05] --- Jelte has joined
[10:04:09] <Jelte> hiya
[10:04:28] --- msj has joined
[10:05:35] --- mrichardson has joined
[10:05:36] --- Andrew Sullivan has joined
[10:05:39] --- fujiwara has joined
[10:05:50] <mrichardson> Olafur, talks about the agenda, and why we are meeting.
[10:06:05] --- mgraff has joined
[10:06:08] <mrichardson> AD is looking for co-chair. Got list, and is doing interviews.
[10:06:36] <mrichardson> reviews list of published RFCs since Prague.
[10:06:42] <mrichardson> Protocol work on DNSSEC is done.
[10:07:25] <msj> fool me once - shame on you fool me five times and its an IETF working group on DNSSEC
[10:07:26] --- Antoin has joined
[10:07:30] --- agallant has joined
[10:07:38] --- matt has joined
[10:07:54] <mrichardson> rfc2929bis is going through IESG.
[10:08:02] <mrichardson> issue with how IANA processes templates.
[10:08:18] --- stephen.morris has joined
[10:08:30] --- ona has joined
[10:08:33] <mrichardson> DNS profile is new major document.
[10:08:44] <mrichardson> to give people guidance about what modern DNS does.
[10:08:57] <mrichardson> and a zombie came back: axfr-clarify.
[10:09:09] --- rstory has joined
[10:10:06] <mrichardson> ECC: let's just standardize a very few number of curves.
[10:10:19] --- dblacka has left
[10:11:10] <mrichardson> how many are younger than DNS: just Ed.
[10:11:45] <mgraff> I don't think Ed can do math.
[10:12:09] --- stephen.morris has left
[10:12:14] <mrichardson> (non-scribe) Ed is reall a 12-year old girl (maybe in his head)
[10:12:26] --- Suzanne has joined
[10:13:10] --- jpc has joined
[10:13:50] --- Antoin has left: Replaced by new connection
[10:14:58] <mrichardson> (scribe is distracted during discussion about WG document list)
[10:16:58] --- dblacka has joined
[10:17:35] --- Antoin has joined
[10:17:56] <mrichardson> PaulVixie: disagrees. Forgery resilience should be included, and two documents should progress together.
[10:19:18] <mrichardson> Scott Rose  up next.
[10:19:34] <mrichardson> waiting for slides.
[10:19:40] <mrichardson> DNAME-clarify
[10:19:50] <mrichardson> what happens when you add/delete DNAME records.
[10:20:25] --- levigner has joined
[10:22:23] <mrichardson> any q from jabber?
[10:22:24] --- jiangxingfeng has joined
[10:23:03] --- narten has joined
[10:24:55] --- jm has joined
[10:25:52] <mrichardson> George: what does modern DNS really mean
[10:25:56] <mrichardson> this is from the RAI ADs
[10:26:06] <mrichardson> is s/w compliant? what needs upgrading?
[10:26:33] --- shinta has joined
[10:26:39] <mrichardson> edns0, deployed does wrong thing, history of bad implementations. "spring clean"
[10:26:46] --- pawal has joined
[10:28:22] --- Antoin has left: Replaced by new connection
[10:31:57] <mrichardson> queries to microphone: how do structure this document?
[10:34:34] <mrichardson> the intention is that the document has to be more than 1 implementation team's views.
[10:35:20] <mrichardson> unlike other RFCs, this is meant to be revised.
[10:35:34] <mrichardson> suggestion to ask for future document numbers.
[10:36:12] <mrichardson> here is a list of RFCs that you need to implement, but take them with grain of salt, and here is how much.
[10:36:28] <mrichardson> this will grow into DNS 2.0, without changing the protocol, except when we do change the protocol.
[10:36:44] <mrichardson> will this document, or its existence, block clarifications?
[10:37:15] <mrichardson> 3rd issue: this is not only addresses to implementors, but also operators.
[10:37:31] <mrichardson> it could be in one document, or in two documents.
[10:37:43] <mrichardson> if it's in one document, needs to be seperate sections.
[10:37:53] <mrichardson> re: TCP listening.
[10:38:53] <mrichardson> discussion about collecting bits of text, and then redoing the right thing.
[10:39:09] <mrichardson> Olafur: any protocol work can proceed without blocking this document.
[10:39:17] <mrichardson> unless we discover that we need a bis of some other RFC.
[10:39:57] --- aalain@trstech.net has joined
[10:41:03] <mrichardson> Ed: 3 parts. wire protocol, semantics, and services.
[10:41:14] <mrichardson> for some work, we don't follow the semantics, just the protocol.
[10:41:57] --- fneves has joined
[10:42:03] --- benno has joined
[10:43:03] <mrichardson> all three pieces are required.
[10:43:21] --- weiler has joined
[10:43:30] <mrichardson> - scribe has to pay attention to emergency at work -
[10:44:38] <Suzanne> SRA: this doc should possibly include an attempt to address recurrent issues/confusions about terminology for this or that piece of DNS
[10:44:50] <Suzanne> GGM says "send text"
[10:45:46] <Suzanne> Andrew Sullivan: lots of little possible documents, termination of this document requires pruning....might depend on lots of sundry bis documents, then what?
[10:45:51] <Suzanne> GGM: not std
[10:46:27] <Suzanne> they're agreeing that the primary goal is "the world as it is," maybe with appendices/recommendations about what it should be
[10:47:49] <Suzanne> Olaf Kolkman: concerned that this document will become a checklist people will address without thought.
[10:48:21] <Suzanne> some discussion of tradeoffs needed, relative importance of various pieces
[10:48:25] --- japi has joined
[10:48:52] <Suzanne> GGM: wants to shy away from interoperability matrices, but document does need to address the question. 
[10:48:56] <Suzanne> "send text" :)
[10:49:24] <Suzanne> PAF (whose name I can't spell properly on my keyboard): checkbox lists can break interoperability, ironic but true
[10:49:50] <Suzanne> volunteers to send text (yay PAF)
[10:50:32] <Suzanne> PAF: more on checkboxes, consensus on any given one may be hard.
[10:51:03] <Suzanne> PAF: and maintaining such consensus through multiple revisions will be even worse.
[10:51:36] <Suzanne> also, sometimes a middlebox/firewall/thing complies with a policy rather than a protocol.
[10:51:48] <Suzanne> GGM: per Olaf, document the tradeoff when you do this
[10:52:48] <Suzanne> Olafur: before we go any further, is this worth doing?
[10:53:45] <Suzanne> poll the room, some support, some suspicion it's futile
[10:53:50] --- juampe has joined
[10:54:13] <mrichardson> Olafur: should we stop now?
[10:54:14] <Suzanne> guest scribe now retires.....
[10:54:25] <mgraff> *applauds for Suzanne*  :)
[10:54:30] <mrichardson> peter: disagree with Patrick + Olaf.
[10:54:48] <mrichardson> we have documents in the IETF that are so consensus driven, that they have been rewritten beyond any recognizable shape.
[10:54:54] <mrichardson> that is why the "considerations" bothers me.
[10:55:08] <mrichardson> some people just want to be told that they ought to implement EDNS0.
[10:55:11] --- jpc has left
[10:55:15] --- Antoin has joined
[10:55:17] <mrichardson> this can not be a procurement guideline.
[10:55:25] <mrichardson> they need more strict advice.
[10:55:41] <mrichardson> mrichardson-as-me: actually, governments do need the document as a procurement guideline!
[10:55:55] <mrichardson> new speaker: should this document be an RFC at all?
[10:56:03] <mrichardson> Olafur: should be a BCP.
[10:56:23] <mrichardson> a really up-to-date list is necessary... so we need a new document each time?
[10:56:27] <Andrew Sullivan> mrichardson: is dnsext the right group to be offering that guide?  
[10:56:35] <mgraff> This seems like it should be a research project on a wiki.
[10:56:53] <mrichardson> Vixie: who thought this was a bad idea... Paul's hand went up.
[10:57:03] <mrichardson> 1) because it won't be an STD.
[10:57:15] <mrichardson> Olafur: bcp not good enough?
[10:57:18] <mrichardson> no.
[10:57:23] <mgraff> bcp on ingres filtering...  We all do that yes?  :)
[10:57:31] --- jiangxingfeng has left: Replaced by new connection
[10:57:32] --- jiangxingfeng has joined
[10:57:49] <mrichardson> 2) 1034/1035 were the second edition. Someone thought it was cute to number the DNSSEC as 34/35 as well.
[10:58:02] <mrichardson> like 2821/2822 restatement of 821/822.
[10:58:09] <mrichardson> not a profile document, but a restatement from scratch.
[10:58:20] <mrichardson> Paul wants a new document that is complete.
[10:59:49] --- mrichardson has left
[11:00:17] --- mrichardson has joined
[11:00:19] <mrichardson> we need to make sure that this document gets done sooner.
[11:00:29] <mrichardson> hmm. I got kicked from jabber.
[11:00:43] <mrichardson> Ed: it helps having the documents split up.
[11:00:58] <mrichardson> not everyone wants dynamic update/zone interface, so it helps them pick and choose what they want.
[11:01:33] <mrichardson> new speaker:
[11:01:37] <mrichardson> deploying IPv6. 
[11:01:58] <Suzanne> new speaker is Kurtis Lindqvist
[11:02:02] <mrichardson> a vendor who required an IPv6 address to be configured in order to get a AAAA back.
[11:02:20] <mrichardson> this was not specified in an obvious place.
[11:02:32] <mrichardson> guidance would be helpful.
[11:03:05] <mrichardson> new DNS person: wants this document so that he can read it.
[11:03:10] <mrichardson> would like to write it.
[11:03:17] <mrichardson> Even Hunt was speaker.
[11:03:27] <mrichardson> Marc Andrews: likes restatement
[11:03:38] <mrichardson> index document is important input to that. no wasted effort.
[11:03:53] <mrichardson> Olaf: someone must be wrong with rfc...foo index?
[11:04:00] <mrichardson> oh, with rfc-index.txt.
[11:04:13] <mrichardson> looking through that seems to be doable.
[11:04:33] <mrichardson> Kurt: we understand what we need to look for, but others do not.
[11:04:55] <mrichardson> Shane Curt: agree with most statements. This is not a DNS specific problem. So many documents that are so old.
[11:05:25] * mrichardson points out that this problem was a problem that NEWTRK tried to solve.
[11:05:26] --- fdupont has joined
[11:05:48] <mrichardson> Olafur: agreement that we need to improve DNS documentation.
[11:06:05] <mrichardson> disagreement over what we need to do: from checklist to revision to current documents to restatement from scratch.
[11:06:15] <mrichardson> Olafur is taking this under advisement.
[11:06:59] <mrichardson> would like timeline to be end of 2008.
[11:07:21] <mrichardson> this is reasonable, and it will take some work.
[11:07:21] <mrichardson> there will need to be documents by mid-year.
[11:07:38] <mrichardson> now next document: EDNS0.  Paul.
[11:08:05] <mrichardson> we did 2671 awhile ago.
[11:08:13] <mrichardson> got there by throwing stuff out.
[11:08:52] <mrichardson> this update document is mostly clarification: typographical issues and interface to IANA/RFC-editor changes.
[11:08:56] <mrichardson> slide 1.
[11:09:06] <mrichardson> some ignore OPT RR.
[11:09:10] --- nevil has joined
[11:09:13] <mrichardson> TC & !OPT is allowed.
[11:09:18] --- jiangxingfeng has left
[11:09:19] <mrichardson> mention DO bit.
[11:11:36] <mrichardson> Olafur: EDNS0 great... add a paragraph that says that EDNS0 is mandatory to implement in new implementations.
[11:13:12] <mrichardson> path of least resistance to do this differently. 
[11:13:25] <mrichardson> this may cause an IETF fight, but that's okay.... EDNS0 itself is out.
[11:13:59] <mrichardson> Olaf: put text in the security considerations that not supporting it has impacts.
[11:14:28] <mrichardson> Jim Reid was comments about path of ...
[11:14:51] <mrichardson> Donald: we can say whatever we want, and it's not unusual for things that were SHOULD to become SHOULDNOT.
[11:15:17] <mrichardson> Ed is next.
[11:15:31] <mrichardson> AXFR clarify.
[11:16:20] --- Danny has joined
[11:16:37] <mrichardson> why do this now?
[11:16:47] <mrichardson> commercial concerns are requesting DNS operations "via AXFR"
[11:17:25] <mrichardson> process concerns, and were handled in -05.
[11:18:17] <mrichardson> thickening of the specification.
[11:18:57] <mrichardson> concern: AXFR client sending an AXFR with EDNS0, must be able to receive multiple records pre response message.
[11:19:57] <mrichardson> needs to hear from more implementers.
[11:22:34] <mrichardson> Sam: dnssec-bis-update
[11:23:33] <mrichardson> issue in 2007-09, with AD/DO conflict.
[11:23:59] --- msj has left
[11:24:04] <mrichardson> copy CB bit to upstream queryes.
[11:24:39] --- Roque@lacnic.net has joined
[11:24:46] <mrichardson> mst: intermediate resolution was designed as if there was only one resolver in the chain.
[11:25:30] <mrichardson> If client sets CB bit, and intermediate resolver asks another upstream intermediate resolver. The second one might filter out the authoritative data.
[11:26:08] <mrichardson> Olaf: support.
[11:26:16] <mrichardson> it's an end-to-end issue.
[11:26:54] <mrichardson> Marc Andrews: if we set the CB bit, it has to be pushed up the stack.
[11:27:02] <mrichardson> but, any resolver can set the bit, and it stays set.
[11:27:30] <mrichardson> a client which does not set CB, should still be able to get CB set upstream.
[11:28:00] <mrichardson> mst: the bit says that I want all the data.
[11:28:07] <mrichardson> Marc thinks...
[11:28:41] <mrichardson> Russ: this is legitimate clarification.
[11:29:59] <mrichardson> next item: SOA in negative answers.
[11:30:04] <wouter> :-)
[11:32:00] <mrichardson> Ed: nodata vs ....
[11:32:08] <mrichardson> shout out, header bits are not signed.
[11:32:21] <mrichardson> Sam: editors are not hearing enough to support this.
[11:32:29] <mrichardson> Marc: could put an RCODE on the nodata.
[11:32:41] <mrichardson> we have an RCODE allocated for no RR set.
[11:32:46] <mrichardson> Olafur: send text.
[11:32:48] <wouter> Yes Mark that would solve it
[11:32:57] <mrichardson> Sam: is there anything we have missed?
[11:33:45] <mrichardson> Jelte: RSA/SHA-256 signatures.
[11:33:52] <mrichardson> would like to make it a working group item.
[11:35:45] <wouter> Not implemented - understand
[11:36:04] <mrichardson> hopes WG can take this up.
[11:36:30] <mrichardson> Olafur: document is two years old, but was deferred for NSEC3.
[11:36:37] <mrichardson> do we want to start this work now, or is this premature?
[11:37:33] <mrichardson> concerns that SHA1 may become unrecommended within a year.
[11:37:39] <mrichardson> Paul: x-20
[11:37:50] <mrichardson> no slides for this.
[11:38:02] <mrichardson> dns-x-20. a terrible hack.
[11:38:12] <mrichardson> Dave Dagen. usually has better ideas!
[11:38:16] <matt> Dagon
[11:38:25] <mrichardson> Paul: a few million transactions now.
[11:38:39] <mrichardson> Paul thinks that it ought to advance.
[11:38:53] <mrichardson> changed so that the query can be copied bit-for-bit.
[11:38:57] <mrichardson> we, must be be copied.
[11:39:02] <mrichardson> s/we/er/
[11:39:19] <mrichardson> Olafur: a resolver that does this has to undo things before handing to application.
[11:39:39] <mrichardson> Stuart Cheschire: compile a list of bad implementations.
[11:39:55] <mrichardson> not just recursive servers,but all other middle boxes.
[11:40:11] <mrichardson> the DNS servers given out here do not work for PTR records.... for instance.
[11:40:26] <mrichardson> explicit scope is for recursive name servers.
[11:40:39] <mrichardson> too many broken middle boxes for stub-resolver use.
[11:41:00] <mrichardson> Olafur: wants to ask for hum, but postpones to after Donald's slot.
[11:41:08] --- jm has left
[11:41:46] <Jelte> i wonder how much damage is done by 'hotel-middleboxes', both directly to guests at the hotels and by stopping protocol enhancements 'because hotel middleboxes will break it anyway'
[11:42:02] <mrichardson> discusses cookie handshake protocol.
[11:42:16] <mrichardson> eastlake-dnsext-cookies-03.txt
[11:42:22] <mrichardson> protect against off-path DNS DoS.
[11:46:47] --- fdupont has left
[11:47:07] --- narten has left
[11:48:22] <mrichardson> take document to list.
[11:48:22] <mrichardson> http://sa.vix.com/~vixie/dns-0x20.txt < x.20 idea.
[11:48:22] <mrichardson> Paul: looked at doing cookies with OPT.
[11:48:22] <mrichardson> this is not enough better than other things to justify this.
[11:48:22] <mrichardson> a great idea, and a much better explanation, but does not see a reason to pursue, vs TSIG or DNSSEC.
[11:48:22] <mrichardson> Donald: TSIG is not practical to deploy in this way, and DNSSEC makes DoS attacks much worse.
[11:48:22] <mrichardson> new speaker: personally interested in this idea.... cookie idea.
[11:49:40] --- jm has joined
[11:50:25] --- jm has left
[11:50:48] --- juampe has left
[11:50:54] <mrichardson> Olaf: x.20 only protects client, but does not protect the server.
[11:50:56] --- juampe has joined
[11:51:04] --- matt has left
[11:51:15] <mrichardson> Olafur: we can adopt this as a WG item, and then decide not to proceed with it.
[11:51:35] <mrichardson> Olaf: is there someone willing to write code for cookie?
[11:52:05] <mrichardson> Peter: x.20 ... from what I grasp, it's a horrible idea.... there is nothing to standardized. except that the bits are copied.
[11:52:20] <mrichardson> that part should be addressed anyway.  This gap should be filled.
[11:52:41] <mrichardson> Peter: would rather not recommend this. but it can't be prevented.
[11:52:54] <roy> Could Peter explain why ?
[11:53:06] <mrichardson> roy, are you in the room?
[11:53:12] <roy> Only on Jabber
[11:54:24] <mrichardson> Peter: it's a horrible kludge. Either we believe in the DNSSEC stuff, or we don't.
[11:54:26] --- ona has left
[11:54:52] <mrichardson> Olafur: x-20 would be valuable even after universal of DNSSEC.
[11:55:01] <roy> tx mike
[11:55:14] <mrichardson> Sam: it will be at least as useful afterwards as before.
[11:55:30] <mrichardson> Sam: what happens (with x-20) due to caching?
[11:55:45] <mrichardson> Sam: what about if I was asking for a certain name, IDN, etc....
[11:56:03] <mrichardson> Olafur: US-ASCII was deemed to be case insensitive, so you can mangle.
[11:56:43] <mrichardson> Paul: if it's a binary label, then no work.
[11:57:26] <mrichardson> Paul: speak in defense of cookie proposal. It protects more than just the clients.
[11:57:37] <mrichardson> Paul: longer names are more secure than shorter ones with x-20.
[11:57:57] <mrichardson> Paul: expresses dismay about state of DNSSEC. But, Paul can do x-20 and cookies.
[11:58:32] <mrichardson> Olaf: believes in DNSSEC.  this is ugly to the point of beautiful.
[11:59:06] --- weiler has left
[11:59:21] --- matthijs has left
[11:59:41] <Jelte> can't we call it REM sleep?
[11:59:44] <mrichardson> Olaf: can you announce whether or not we are coming out of sleep.
[11:59:50] <mrichardson> to the WG as well.
[12:00:29] --- pawal has left
[12:00:36] --- dblacka has left
[12:00:38] --- Jelte has left
[12:00:50] --- juampe has left
[12:01:10] --- Andrew Sullivan has left
[12:01:53] --- agallant has left
[12:01:56] <mrichardson> oh... now at AXFR/UDP.
[12:02:15] --- Roque@lacnic.net has left
[12:02:26] <mrichardson> Ed: maybe IXFR will do.
[12:02:51] <mrichardson> IXFR can not support this as written, but it could be changed....?
[12:03:02] <mrichardson> Olaf: or setting SOA to zero.
[12:04:18] --- shinta has left
[12:04:29] --- mikeb has left
[12:04:43] --- levigner has left
[12:07:08] --- japi has left
[12:07:17] --- Antoin has left
[12:08:07] --- sm has left
[12:09:42] --- russmundy@jabber.org has left
[12:11:29] --- Suzanne has left
[12:11:52] --- roy has left
[12:14:06] --- fdupont has joined
[12:14:07] --- fdupont has left
[12:14:49] --- mgraff has left
[12:15:00] --- fneves has left
[12:16:28] --- wouter has left
[12:20:30] --- nevil has left
[12:29:11] --- Roque@lacnic.net has joined
[12:29:13] --- ogud: Olafur Gudmundsson has left: Replaced by new connection
[12:29:16] --- levigner has joined
[12:29:21] --- levigner has left
[12:33:44] --- russmundy@jabber.org has joined
[12:33:48] --- yone has left
[12:47:24] --- mrichardson has left
[12:52:28] --- rstory has left
[13:11:00] --- keith.brazington has left
[13:23:34] --- fujiwara has left
[13:25:45] --- russmundy@jabber.org has left
[14:12:22] --- aalain@trstech.net is now known as aalain
[14:24:09] --- Roque@lacnic.net has left
[15:01:24] --- Danny has left
[15:03:56] --- benno has left
[15:30:12] --- aalain has left
[18:29:42] --- Danny has joined
[22:33:05] --- Danny has left