IETF
dnsop
dnsop@jabber.ietf.org
Tuesday, 26 July 2011< ^ >
Peter Koch (co-chair) has set the subject to: DNSOP@IETF80: 5mins
Room Configuration

GMT+0
[12:52:54] bje joins the room
[12:54:34] bje leaves the room
[12:54:38] bje joins the room
[12:54:41] bje leaves the room
[12:59:55] naptee joins the room
[13:00:01] naptee leaves the room
[13:04:30] naptee joins the room
[13:04:32] naptee leaves the room
[16:39:47] wouter joins the room
[16:43:14] paulwouters joins the room
[16:43:33] paulwouters has set the subject to: DNSOP@IETF81: 15mins
[16:43:49] paulwouters leaves the room
[16:51:47] paulwouters joins the room
[16:52:22] hardaker joins the room
[16:54:39] jinmei joins the room
[16:54:54] ogud joins the room
[16:55:12] ondrej joins the room
[16:55:32] <paulwouters> testing?
[16:55:39] <ondrej> 1...2...3
[16:56:26] sm joins the room
[16:56:42] yone joins the room
[16:57:18] johani joins the room
[16:58:09] jelte joins the room
[16:58:09] naptee joins the room
[16:59:13] <paulwouters> Peter: starting in a few minutes
[16:59:45] <jelte> hello
[17:00:16] <hardaker> is anyone in the room who is *not* listening to the audio stream?
[17:00:21] Pat joins the room
[17:00:22] <paulwouters> If i have the channel Wouter, the confusion will be complete :/
[17:00:30] <paulwouters> I think jelte and wouter are not here
[17:01:01] <jelte> yes i am listening remotely
[17:01:09] <hardaker> second note: if you wish to relay a note to the mic, please prefix your request with "RELAY:" so we can distinguish it from chatroom general banter (which never happens)
[17:01:13] <paulwouters> Peter: we are starting now
[17:01:16] scott_rose joins the room
[17:01:24] sm leaves the room
[17:01:38] <paulwouters> Peter: asking if remote audio works
[17:01:43] <jelte> sound is good
[17:01:49] <Pat> Audio works
[17:01:53] spx joins the room
[17:02:07] <paulwouters> peter koch and stephen morris are co-chairs.
[17:02:18] <paulwouters> peter: 90 minutes planned.
[17:02:19] josephyee joins the room
[17:02:33] Dowon Kim joins the room
[17:02:35] <paulwouters> Peter: see Note Well statement
[17:03:05] sandoche joins the room
[17:03:07] <paulwouters> peter: administrivia.
[17:03:20] <paulwouters> about 15 new people. first time dnsops visitors
[17:03:41] Benno Overeinder joins the room
[17:03:52] <paulwouters> tools site and data tracker
[17:04:04] <paulwouters> Chairs acan attach status to documents
[17:04:10] jacquesl12 joins the room
[17:04:31] matthijs joins the room
[17:04:42] weiler joins the room
[17:04:47] wej joins the room
[17:04:48] <paulwouters> state your name and optional affiliation if you speak
[17:04:48] danny joins the room
[17:04:58] sm joins the room
[17:05:18] Jacky Yao11 (Health Yao) joins the room
[17:05:33] fujiwara joins the room
[17:05:37] <paulwouters> talk about 4 working group drafts, 3 non/not-yet working group drafts
[17:05:40] sm leaves the room
[17:05:51] <paulwouters> request was send for future work items
[17:06:05] Chris Griffiths joins the room
[17:06:05] sm joins the room
[17:06:48] <paulwouters> any request for changes to agenda? [silence]
[17:07:02] <paulwouters> active document list
[17:07:09] <paulwouters> AS112 IPv4 Cull
[17:07:46] <paulwouters> minor things detected in the documents
[17:07:58] Hugo Kobayashi joins the room
[17:08:02] <paulwouters> the two day state took 3 weeks
[17:08:26] <paulwouters> attempted to get helphelp published. meanwhile IESG decided FYI decided that track should be dropped
[17:09:01] sm leaves the room
[17:09:22] <paulwouters> dnsop-rfc4661bis-07
[17:09:27] sm joins the room
[17:09:35] <paulwouters> status: past WGLC. edited Olaf and Mathhijs
[17:09:57] <paulwouters> little indepth review during WGLC. not formally meeting 5 editor treshhold
[17:10:11] <paulwouters> but long discussuions and support. Chairs would want to move on
[17:10:33] matthijs leaves the room
[17:10:35] <weiler> 5 reviewer threshold, presumably
[17:10:48] <paulwouters> (oops yeah)
[17:10:57] <jelte> :)
[17:11:08] matthijs joins the room
[17:11:30] Carlos Martinez joins the room
[17:11:37] <paulwouters> should we make recommendations for/against the KSK/ZSK split
[17:11:49] <paulwouters> chairs wanted to refrain.
[17:12:11] <paulwouters> grab diff between 07 and 08 to verify your comments were put in properly
[17:12:15] <paulwouters> no new issues please
[17:12:42] <paulwouters> olaf: do we have a time scale?
[17:12:52] <paulwouters> peter: prob not finished before mid september
[17:13:11] <paulwouters> draft-ietf-dnssec-dps-framework-04
[17:13:16] <paulwouters> went to last call
[17:13:22] <paulwouters> 7 people read it and want it moved on.
[17:13:28] <paulwouters> passed 5 reviewer mark
[17:13:31] <paulwouters> couple issues raised
[17:13:51] <paulwouters> -05 is prepared and will be submitted. leave for a month
[17:14:02] Andrew Sullivan joins the room
[17:14:03] <paulwouters> if no issues, will get forwarded to IESG
[17:14:19] <paulwouters> draft-dnsop-dnssec-key-timing-02
[17:14:40] <paulwouters> editors will publish -03 after the meeting.
[17:14:42] Jim Galvin joins the room
[17:14:50] <paulwouters> then document should be ready for WGLC
[17:15:29] <paulwouters> draft-ietf-dnsop-respsize-12
[17:15:36] <paulwouters> old draft. keeps coming back in revisions
[17:15:43] <paulwouters> submitted in march
[17:15:54] <paulwouters> intend to move it ahead. draft had WGLC two years ago
[17:16:23] <paulwouters> some operations environment changed. review was old. want to do prelim. review and redo WGLC
[17:16:40] <paulwouters> esp in the light of EDNS0 deployment, etc.
[17:17:01] <paulwouters> no date set. time frame before Taipei meeting
[17:17:07] <paulwouters> WGLC finished before that date
[17:17:11] matthijs leaves the room
[17:17:22] <hardaker> reminder: if you wish to relay a note to the mic, please prefix your request with "RELAY:" so we can distinguish it from chatroom general banter
[17:17:31] <paulwouters> other non wg internet drafts
[17:17:32] <hardaker> materials: https://datatracker.ietf.org/meeting/81/materials.html#wg-dnsop
[17:17:45] <paulwouters> draft-michaelson-as112 drafts
[17:18:02] <paulwouters> George will present
[17:18:02] matthijs joins the room
[17:18:14] <paulwouters> AS112/IPv6
[17:18:31] <paulwouters> changes to zones proposed
[17:18:45] <paulwouters> handling documents seperately or combine them
[17:19:07] <paulwouters> George speaking now
[17:19:14] <paulwouters> draft is about stupid graphic in ipv6
[17:19:16] <Pat> ouch
[17:19:17] <paulwouters> traffic
[17:19:33] <hardaker> Pat: audio jolt I take it?
[17:19:36] <paulwouters> esp in in-addr servers
[17:19:52] <Pat> hardaker: yes.
[17:20:07] <paulwouters> we got good feedback of Vienna.
[17:20:48] <paulwouters> requested delegation might become real traffic later on.
[17:20:59] <paulwouters> multicast people are concerned about preemptive delegations into as112
[17:21:14] <paulwouters> we need to reduce delegations
[17:21:35] <paulwouters> what processes should be done to change these.
[17:21:51] geoff joins the room
[17:22:07] keith joins the room
[17:22:07] <paulwouters> george's comments on sotomayor draft
[17:22:36] <paulwouters> requesting a lot of policy issues.
[17:22:45] <paulwouters> not just delegation blocks
[17:22:51] <spx> anyone else just lose audio?
[17:22:57] <paulwouters> therefor, drafts are different
[17:23:04] <paulwouters> George is pursuing just delegation
[17:23:20] <hardaker> spx: in the middle of George's talk?
[17:23:23] <paulwouters> proceed individually as two seperate documents
[17:23:29] <hardaker> or did you not hear anything from George?
[17:23:35] <wouter> no audio trouble.
[17:23:40] <jelte> my audio still works
[17:23:49] sandoche leaves the room
[17:23:54] <hardaker> spx: try IPv4 :-P
[17:23:54] <paulwouters> as112 ipv4 cull
[17:23:59] <paulwouters> "bring out your dead"
[17:24:15] <paulwouters> [who is speaking now?]
[17:24:16] <weiler> William Sotomayor
[17:24:41] sm leaves the room
[17:24:44] <paulwouters> as112 should pick up on junk traffic
[17:24:50] <paulwouters> get traffic away from the root
[17:25:09] <paulwouters> didnt mean to become bis
[17:25:24] <paulwouters> proposed delegations: [lists some ipv4 spaces]
[17:25:41] <paulwouters> should we mirror george's draft or not?
[17:26:06] <paulwouters> a number of as112 nodes are isolated - not on the internet
[17:26:17] <paulwouters> not globally available.
[17:26:25] <paulwouters> just local to an IX
[17:26:51] <paulwouters> wanted to get a sense for adoption as is, or carve out policy?
[17:27:16] <paulwouters> suggestion on isolated nodes. suggested to use DNAME
[17:27:19] spx is now known as rstory
[17:27:40] <weiler> paul left the room. :-)
[17:27:49] paulwouters leaves the room
[17:27:50] paulwouters joins the room
[17:27:56] <Pat> wb
[17:28:05] <paulwouters> [scribe recovers from pidgin crash]
[17:28:14] tomek joins the room
[17:28:33] <jelte> you were ahead of the audio anyway :)
[17:28:35] <paulwouters> Peter: we seen one particular request to delegate reverse ipv6 into as112
[17:29:16] <paulwouters> distiction of local zones vs as112 documents
[17:29:24] <paulwouters> getting on it is easy, getting off it is hard.
[17:29:38] <paulwouters> for as112 it is hard to get on.
[17:29:55] <paulwouters> it would need a large set of non-centrally controlled servers to catch up
[17:30:03] <paulwouters> to get off, you just break delegation
[17:30:04] sm joins the room
[17:30:10] <paulwouters> Andrew Sullivan: two things
[17:30:24] <paulwouters> when as112 was setup, we had lots of experience on ipv4
[17:30:41] <paulwouters> ipv6 we're still pretty new. i am nervous to add things now
[17:30:53] <paulwouters> not convinced we have enough input to make delegations decision
[17:31:03] <paulwouters> would like other pointers where this is discussed with operators
[17:31:09] <paulwouters> second thing
[17:31:17] <paulwouters> it is eay to get rid of delegation from the top
[17:31:26] <paulwouters> if i believe that with lame servers everywhere, that is dangerous
[17:31:41] <paulwouters> it is possible little pockets of lame responses in that area.
[17:32:04] sandoche joins the room
[17:32:05] <paulwouters> Warren of google: why not have as112 answer everything? and the ndelegate to it or not centrally ?
[17:32:20] <paulwouters> [missed name speaking now]
[17:32:36] <Pat> "George Michealson" I think
[17:32:46] <paulwouters> if you look in 6303, mark recommended fully specified ipv6 reverse. no place for 0.0.0.0.0[...] ip6.arpa
[17:33:15] <paulwouters> the overwhelpimg stupid mistakes are the mapped v4 addresses in the bottom 3 octets
[17:33:28] <paulwouters> the only delegation to reduce that is ...0.0.0.0.ipv6.arpa
[17:33:44] <paulwouters> never a good thing to have more specific delgation
[17:33:57] <paulwouters> the traffic is there.
[17:34:09] <paulwouters> what mark specified wont stop the traffic, it is not in the local delegation
[17:34:16] matthijs leaves the room
[17:34:31] <paulwouters> operationl realities, is it too early?i dont think so. it is just DNS
[17:34:45] <paulwouters> it wont get discussed at nanog
[17:35:09] matthijs joins the room
[17:35:42] <paulwouters> andrew sullivan: we just saw at plenary world ipv6 day at small penetration.
[17:35:58] <paulwouters> as112 was clever response to a mess. given that it is early in ipv6. perhaps we can do it better
[17:36:18] <paulwouters> it doesnt cost that much to wait a little longer
[17:36:28] <paulwouters> [prev person] I think that's cool.
[17:36:52] <paulwouters> andrew: as long as we 're willing to take a long time with this document :)
[17:37:09] <paulwouters> wes hardekkers
[17:37:27] <paulwouters> to andrew: yes naive. more people make more mistakes
[17:37:34] <paulwouters> what is the downside of doing it now
[17:37:53] <paulwouters> andrew: there isnt really that much harm. if we publishj convservative cases
[17:38:03] <paulwouters> andrew: multicast should not be in there
[17:38:12] <paulwouters> george: i agree. we put too much in, we need to revise
[17:38:28] <paulwouters> andrew: no objection to what is now a bogon
[17:38:51] <paulwouters> peter koch back at mic
[17:38:57] <paulwouters> [dramatic pauze]
[17:39:26] <paulwouters> i hear a bit, fast track might not hurt.
[17:39:28] <hardaker> ls
[17:39:32] <hardaker> drat
[17:39:40] <paulwouters> peter has the question: how do we get the phase in?
[17:39:52] <paulwouters> how do we involve and invoke the as112 operators
[17:39:58] weiyinxing joins the room
[17:40:02] <paulwouters> Jay houston? :
[17:40:07] <Pat> Jeff
[17:40:11] <paulwouters> we dont need to conserve RFC numbers.
[17:40:37] <paulwouters> publish the two drafts
[17:40:46] <paulwouters> peter: the "going to somewhere" are merging
[17:40:49] <ondrej> Geoff not Jeff
[17:40:56] <paulwouters> jeff: iana instructions are separate
[17:41:21] <paulwouters> peter: we need to take this to the list with some clarifying questions
[17:41:29] juampe.cerezo joins the room
[17:41:30] <paulwouters> one of those Q is : one or two documents
[17:41:45] <paulwouters> another is: how do we get this reasonably deployed once delegation is in place
[17:42:08] <paulwouters> we need to talk to operators too
[17:42:56] <paulwouters> mathijs: key timing draft
[17:43:12] <paulwouters> how to do key rollovers
[17:43:44] <paulwouters> already specified in 4641(bis)
[17:43:52] <paulwouters> document does not provide enough guidance to make thesoftware
[17:43:59] <paulwouters> how to implement
[17:44:10] <paulwouters> it's incomplete
[17:44:31] <paulwouters> doesnt cover algorithms on purpose
[17:44:38] <paulwouters> how to solve?
[17:44:40] <Pat> -move the mic. please-
[17:44:56] <paulwouters> option 1: re-use key states in current time document
[17:45:02] <paulwouters> and describe missing rollover scenarios.
[17:45:12] <paulwouters> problem: there is definition about trust in the key
[17:45:17] <paulwouters> it is different for ZSK and KSK
[17:45:34] <paulwouters> single type signing key rollover you need trust in both keys and a DS record
[17:45:45] <paulwouters> you need a RRSIG and DS to say a key is trusted.
[17:46:04] <paulwouters> option 2: redine th ekey states so that they become reusable
[17:46:13] <paulwouters> tried to do in my draft
[17:46:20] <paulwouters> key-timing-bis
[17:46:29] matthijs leaves the room
[17:46:32] <paulwouters> key rollover methods clone of key-timing)
[17:46:41] <paulwouters> policy rollover TBD
[17:46:54] matthijs joins the room
[17:46:55] <paulwouters> future direction
[17:47:24] <paulwouters> is there a problem to solve? is there enough momentum? is this a reasonable approach?
[17:47:29] <paulwouters> is this dnsop/ietf work?
[17:47:42] <paulwouters> should we really define key states? and redefine terminology?
[17:48:09] <ogud> +1
[17:48:32] <paulwouters> missed name speaking: as previous rfc author, i am in favour of your work
[17:48:34] tomek leaves the room
[17:48:46] <ogud> Johan Ihren
[17:49:09] <paulwouters> wg last autem: wrap up and ship, then do bis document
[17:49:19] <jelte> I think it makes no sense starting a -bis if a document is not finished
[17:49:25] <Andrew Sullivan> yes
[17:49:26] <paulwouters> it is not clear to me we know enough now that your approach is the right one
[17:49:54] <paulwouters> it is somewhat complicated. my fear is the old famous statement, "this time for sure" might not work
[17:50:12] <paulwouters> ship what we have, really try to revisit this issue with open eyes
[17:50:24] <paulwouters> matthijs: want to focus on missing rollover scenarios
[17:50:42] <paulwouters> matthijs: that's why i unraveled the key states to make it more reusable
[17:51:03] <paulwouters> matthijs: i was able to make flow diagrams for these rollovers
[17:51:06] Chris Griffiths leaves the room
[17:51:12] <paulwouters> matthijs: all rollovers we know now can be described
[17:51:45] <paulwouters> Johan: perhaps there is no way to describe this with unique states. perhaps simply too complicated.
[17:51:57] <paulwouters> perhaps right way would instead be to add properties to keys. where you can add/remove properties
[17:52:16] <paulwouters> to transition to other states. we realised this would not work[?]
[17:52:24] Chris Griffiths joins the room
[17:52:31] <paulwouters> matthijs: i'd love to have the discussion whether we missed something
[17:52:57] <paulwouters> wes hardakker: if we have such a complex state diagram that we cannot even describe as experts, people out there need it
[17:52:59] matthijs leaves the room
[17:53:24] <paulwouters> johan: document was up for discussion for the topic of there are some things we cannot describe in ascii
[17:53:33] matthijs joins the room
[17:53:33] <paulwouters> johan: we decided not to do that
[17:53:48] <paulwouters> andrew sullivan: this thing is good enough, ship it and we will do another one
[17:54:02] <paulwouters> if we are going to hold on, then i am opposed to doing that
[17:54:12] tomek joins the room
[17:54:20] <paulwouters> it is weird to have this document in line with other drafts. else we need tounify
[17:54:31] <jelte> +1, obviously :)
[17:54:47] <paulwouters> peter: the chairs share your perception of weirdness
[17:55:05] <paulwouters> peter: choice is not obvious
[17:55:14] <ogud> Mic: Can we get a timeline for how much effort it is to get the curent docuemnt to include what is supposed to be in the bis document ?
[17:55:16] <paulwouters> peter: pending review and comments in WGLC things might happen
[17:55:31] <paulwouters> andrew: when this goes to IETF last call, someone sees: we got a bis already lined up
[17:56:00] <paulwouters> peter: it might be better to have a moratorium.... wait a bit with the advise we gave knowing it is incomplete, but not wrong or harmfull
[17:56:05] NOMADE2-VL joins the room
[17:56:17] <paulwouters> andrew: interesting to hear the AD
[17:56:29] <paulwouters> wes hardaker: proposal....
[17:57:14] <paulwouters> the right way forward, if complexity is high, go ahead and put a note in the document. cut out stuff that is questionable. put it note "revision expected soon". this will get them started
[17:57:21] <paulwouters> matthijs: those notes are in there
[17:57:39] <jelte> do such statements survive lastcall/iesg?
[17:57:40] <paulwouters> johan: i agree with Wes.
[17:57:56] <paulwouters> johan: difference between incomplete and wrong
[17:58:31] <paulwouters> one key is not in widespread use yet. KSK/ZSK split is.
[17:58:45] <paulwouters> problems might not be the split. current document is still useful and not wrong
[17:58:53] <paulwouters> peter: also need to look at issue of target audience
[17:59:03] <paulwouters> will either get outsourced or hidden in nice or not so nice products
[17:59:17] <paulwouters> is it implementors of services?
[17:59:27] <paulwouters> what level of complexity can we expose there
[17:59:35] matthijs leaves the room
[17:59:42] <paulwouters> random dns operator, can we assume they will read a 55 page document.
[17:59:50] <paulwouters> if not, is it worth doing to work or not.
[17:59:55] matthijs joins the room
[18:00:01] <paulwouters> wes: the real question is :should they read that?
[18:00:04] <jelte> this was supposed to be for implementors, right?
[18:00:18] <paulwouters> wes: operations are always different for each. everyone rolls their own
[18:00:43] <paulwouters> you have to use the zone operator as one of your target audiences
[18:01:03] <paulwouters> matthijs: applies to previous docs as to this
[18:01:08] <paulwouters> peter; we have to come up with a schedule
[18:01:40] <paulwouters> peter: level or urgency unclear
[18:01:47] <paulwouters> peter: when do we want to set that milestone
[18:01:54] <paulwouters> mathijs: dont know
[18:02:11] <paulwouters> peter: sense of the room seemsto be, good to work on this, but not urgent
[18:02:45] <paulwouters> Next, automated ksk rollover problem statement
[18:02:53] <paulwouters> stephen morris presenting
[18:03:08] <paulwouters> child-parent synchronisation
[18:03:31] <paulwouters> draft-barwood-dnsop-ds-publih and draft-mekkin-dns-autoi-cpsync
[18:03:44] <paulwouters> in addition a couple of more inconclusive talks on mailing list
[18:04:02] <paulwouters> child-aprent sync we talk about is sync of DS in parent with DNSKEY in child
[18:04:09] <paulwouters> is this something that would be used?
[18:04:20] <paulwouters> we already have a mechanism to submit via EPP
[18:04:54] <paulwouters> are people ok with modifying registry/registrant/registrar
[18:05:06] <ogud> Mic: Not all setups are RRR thus EPP is irrelevant there
[18:05:15] <paulwouters> [someone at the nmic]: bypassing would not necc. work unless we would chang eRegistrar contract
[18:05:23] <Pat> "Alex M."
[18:05:44] <paulwouters> ogus: you want that said at mic?
[18:05:47] <ogud> yes
[18:05:57] matthijs leaves the room
[18:05:59] <paulwouters> ogus: wes will channel you
[18:06:02] <hardaker> in line at position 4 for you.
[18:06:35] <paulwouters> antoine verschuren: from parent to child , should that go through registrar? because dns packets already do that
[18:06:38] matthijs joins the room
[18:06:49] <paulwouters> delegation is going from parent to child. so there is a child parent relationship
[18:06:53] <ogud> Mic: In RRR world the registrar can do the scanning and insert the data into the Registry via EPP
[18:07:04] <hardaker> k
[18:07:14] <paulwouters> sidn specifically said, registrar is only there for administrative purposes
[18:07:33] <paulwouters> registrar is only there for administrative purposes. the rest is just dns
[18:07:42] Peter Koch (co-chair) joins the room
[18:08:06] <paulwouters> alex: when people changed things directly, the registrar might not know. registrars would need to get used to a new model
[18:08:28] <paulwouters> johan: like antoine. it is a protocol and it can go directly
[18:08:46] <paulwouters> we're not in the business to decide the one solution that should suit everyone
[18:09:22] <paulwouters> child parents might want to skip EPP if they are in the same operator
[18:09:44] <paulwouters> dont get rid of this because EPP only solves part of the problem
[18:09:58] <paulwouters> Olafur: not all setups are RRR, so EPP is irrelevant there
[18:10:17] <paulwouters> wes: who is it that we are trying to help. optimise for them first
[18:10:43] <paulwouters> wes: hunderds of thousands of users. users really does not care.
[18:11:06] <paulwouters> we can offer multiple things. they can pick one or more
[18:11:35] <paulwouters> if we do multiple ones, we must pick one mandatory one
[18:11:40] g.e.montenegro joins the room
[18:11:54] <paulwouters> matthijs: counter argument: dont try to side channel the registrar.
[18:11:59] <paulwouters> matthijs: we dont want to do that
[18:12:10] weiyinxing leaves the room
[18:12:30] <paulwouters> alex: its maybe not the right thing to do for us (registry) but I would like to have that tool in the toolbox
[18:12:40] matthijs leaves the room
[18:13:17] <paulwouters> hardaker: take over for a bit while i heat up my hands ?
[18:13:20] matthijs joins the room
[18:14:00] <hardaker> paulwouters: yep.
[18:14:05] Packetgrrl joins the room
[18:14:23] <hardaker> Johan: a long time ago I wrote a dnssec aware registry that I still use.
[18:14:31] <hardaker> I'm all in favor of doing auto-sync from child to parent.
[18:14:41] <hardaker> but at the same time I'm not arguing i'ts the right solutino for everyone
[18:14:47] <hardaker> we're adding tools to a toolbox
[18:15:03] <hardaker> we need both because both target different environments
[18:15:09] <hardaker> --
[18:15:22] <hardaker> for us we have a different data model, so there is no direct match
[18:15:23] <hardaker> --
[18:15:25] wej leaves the room
[18:15:38] <hardaker> Stephen: I'm just asking ?s
[18:15:52] <hardaker> 3rd: george's just passes a DS record from child to parent.
[18:16:00] <hardaker> is there an argument for doing general records?
[18:16:12] <hardaker> if not, DNSSEC, DS or both?
[18:16:15] <hardaker> --
[18:16:30] <hardaker> andrew Sullivan; people are either thinking epp/registrar world
[18:16:32] <Pat> -Please remind the speakers to name themselves before they speak/respond-
[18:16:35] <hardaker> or they're thinking zones down below
[18:16:42] <paulwouters> +1
[18:17:02] weiyinxing joins the room
[18:17:04] <hardaker> the most fraught with error is the at the zone cut.
[18:17:06] <hardaker> --
[18:17:10] Packetgrrl leaves the room
[18:17:15] <hardaker> peter k: is dns a provisioning protocol or a lookup protocol
[18:17:17] wej joins the room
[18:17:23] g.e.montenegro leaves the room
[18:17:44] <hardaker> paul w: I want t opoint out currently with dnssec deplomyment it is not getting a ds to the right spot.
[18:17:58] <hardaker> it would be nice to fix it if we could do it directly to parent/child.
[18:18:00] <hardaker> --
[18:18:17] <hardaker> andrew s: dns is weird. data and control protocol is all in the same channel (eg, axfr, etc)
[18:18:34] <hardaker> if I was designing it over again, I'd do it differently
[18:18:40] <hardaker> what's the least painful?
[18:18:49] <hardaker> I think putting this stuff into the protocol is not a bad idea.
[18:18:58] <hardaker> --
[18:19:35] <paulwouters> weary about propagatin of errors
[18:19:45] <paulwouters> wes: network manager world often gets it wrong
[18:19:59] <paulwouters> wes: protocols easy to use at the start, eg routing protocols. management not needed
[18:20:11] <paulwouters> wes: does not scale, management added afterwards
[18:20:32] wej leaves the room
[18:20:32] wej joins the room
[18:20:33] <paulwouters> wes: protocols have to be automated and self managing. its the only thing that works large scale
[18:20:42] <paulwouters> wes: yes stick it into the protocol.
[18:20:49] <paulwouters> wes: we know the parent/child relationship fails.
[18:20:56] <paulwouters> wes: broken clue is about 50%
[18:21:06] matthijs leaves the room
[18:21:11] <jelte> nice typo
[18:21:20] <paulwouters> john clensen?
[18:21:35] <jelte> klensin
[18:21:37] <paulwouters> trying to use the same mechanisms more and more for different things
[18:21:38] <Andrew Sullivan> klensin
[18:21:50] matthijs joins the room
[18:21:59] <paulwouters> are we sure that all these things are going to work together?
[18:22:08] <paulwouters> with name equivlaences. etc
[18:22:33] <paulwouters> its a question, not expect an answer now, i hope WG will look very carefully
[18:22:40] <paulwouters> peter: close queues
[18:23:04] <paulwouters> johan: yes we can break it quickly when people make errors
[18:23:11] <paulwouters> johan: one in a toolbox of solutions
[18:23:23] <paulwouters> johan: for every child I have a checkbox for parent checks
[18:24:02] <paulwouters> [missed name]: this isnt syncing info in a domain, but across a admin. boundary
[18:24:11] <paulwouters> if my parent breaks something for me, i cannot fix it
[18:24:25] <paulwouters> its more then automatic consistency in one domain
[18:24:51] <paulwouters> johan: there is an agreement between child/parent. they can be a checkbox to sign of. and if i break it, it was becaues i checked this box
[18:25:31] <paulwouters> leiman [?]
[18:25:47] <matthijs> you are not syncing between two authoritative domains, it's is your information that you are updating but that is a different zone
[18:25:48] <jelte> liman
[18:25:49] <paulwouters> do checks and balances. regardless of domain/interdomain
[18:26:15] <ondrej> Lars-Johan Liman
[18:26:17] <paulwouters> checks need to be build into the systems. like using calculators
[18:26:33] <paulwouters> they need tools and automated systems to help them
[18:26:49] <paulwouters> stephen morris: variety of viewpoints. and reservations on this
[18:26:58] <paulwouters> seems why previous attempts stalled
[18:27:10] <paulwouters> chairs propose: defining the problem
[18:27:15] <paulwouters> identify the audience
[18:27:18] <paulwouters> feedback from likely users
[18:27:21] <paulwouters> identify solution spaces
[18:27:25] <paulwouters> choose solutions to rpogress
[18:28:01] <paulwouters> if people are interested in this, come see me after the meeting
[18:28:56] <paulwouters> peter: next item. Future Directions of dnsop
[18:29:22] <paulwouters> number of documents have decreased. lots of attempts to put in more work. not much makes it
[18:30:33] <paulwouters> list of potential work items
[18:30:59] <paulwouters> as112 and trust history we talked about
[18:31:05] <paulwouters> child/parent key sync
[18:31:13] <paulwouters> dns operator change under dnssec is covered in 4641bis
[18:31:26] <paulwouters> A/AAAA multiple queries issue
[18:31:33] <paulwouters> updating rfc1912
[18:31:38] <paulwouters> elephant in the room
[18:32:00] <paulwouters> benchmark/performance meassurements
[18:32:14] <paulwouters> operational reality check for dns use in other protocols
[18:32:20] <paulwouters> dns "signing as a service"
[18:32:36] <paulwouters> name server control protocol
[18:32:56] <paulwouters> that couldgive us another 10 years of lifetime
[18:33:27] <paulwouters> response level to WGLC and other states, "there is room for improvement"
[18:33:57] <paulwouters> is there enough momentum to get the work done in this group?
[18:34:18] <paulwouters> that's why I'm trying to prioritise
[18:35:14] <paulwouters> if core dns issues are detecting outside the dns working groups should really be detected here. not at IESG review
[18:35:23] <paulwouters> there is a level of exhaustion
[18:35:29] <paulwouters> be careful on adopting new work
[18:36:28] <paulwouters> is it inscope for dnsop / ietf or not?
[18:36:32] sandoche leaves the room
[18:38:31] <hardaker> --
[18:38:43] <hardaker> dave crocker:
[18:38:59] <hardaker> each _ name is being created without a registry, which is a problem.
[18:39:19] <hardaker> my draft fixes this problem, but I can't get a response for where it should be pursued
[18:39:27] <hardaker> I'd like responses onlist or off.
[18:39:41] <hardaker> --
[18:39:51] <hardaker> peter: you deserve a response, but this isn't quite the right time.
[18:39:57] <hardaker> (and I should have responded)
[18:40:16] <hardaker> this list is generic and we were not trying to pick out individual items
[18:40:21] <hardaker> --
[18:40:27] <hardaker> dave: I just want to hear an answer
[18:40:28] <hardaker> --
[18:40:34] <hardaker> peter: is that enough of a response
[18:40:34] <hardaker> --
[18:40:41] <hardaker> dave: it'll probably have to be
[18:40:41] <hardaker> --
[18:40:52] <hardaker> Ron B: [missed it]
[18:41:32] <hardaker> peter: we've been talking with lmartin. have we reached a point to go beyond the bullet item verbosity and we need to find a way to coordinate with other WGs
[18:41:33] <hardaker> --
[18:41:50] Jim Galvin leaves the room
[18:42:05] <hardaker> Ron: second question re operational; seeing how people are using DNS and then smacking them on the head is one option, but isn't probably the right tact.
[18:42:23] <hardaker> instead finding out how it's being used and then maybe adapting what's needed based on what people are using.
[18:42:44] <hardaker> peter: in hind-site, smashing people on the head wasn't the intention.
[18:42:55] <hardaker> we invite people to dnsop to present their suggestions
[18:43:08] <hardaker> they sometimes take that back to improve their documents.
[18:43:09] <hardaker> --
[18:43:16] <hardaker> andrew s: I'd like to talk about the other ?
[18:43:20] jacquesl12 leaves the room
[18:43:29] <hardaker> what interest is thre in pursuing some of the work.
[18:43:59] <hardaker> I co-chair the other group, with a similar problem, I'd be very interested in hearing why we hear people interested in bringing work but we can't get people to review things.
[18:44:14] <hardaker> we only get a dozen or so that actually response
[18:44:23] <hardaker> is everyone else just a "tourist"
[18:44:34] <keith> some of us just can't stomach IETF processes
[18:44:37] <hardaker> maybe it's a time-resource issue.
[18:44:46] <hardaker> keith: ha! (respond if you want a relay)
[18:45:20] <hardaker> if there is really work , we need to do it
[18:45:27] <hardaker> --
[18:45:53] <hardaker> andre: I've found a solution I have a couple of people sitting and give them drafts to review.
[18:46:10] jacquesl12 joins the room
[18:46:12] <paulwouters> the new tactics is to freeze them to their chairs during working group meetings :/
[18:46:18] <hardaker> carrot: if you review the draft you can go to taipai
[18:46:20] jacquesl12 leaves the room
[18:47:26] <hardaker> peter: the chair has been very forgiving about not meeting the milestones and we'll consider what should be done about the future
[18:47:31] <hardaker> don't do too much at a time, eg,
[18:47:36] <hardaker> prioritize work
[18:47:41] <hardaker> unless there is more comments....
[18:47:54] <hardaker> we already discussed other WGs
[18:48:03] <hardaker> repute was yesterday, homenet tomorrow.
[18:48:13] NOMADE2-VL leaves the room
[18:48:16] weiler leaves the room
[18:48:20] josephyee leaves the room
[18:48:23] <hardaker> see you in taipei
[18:48:29] naptee leaves the room
[18:48:33] Pat leaves the room
[18:48:36] Andrew Sullivan leaves the room
[18:48:39] scott_rose leaves the room
[18:48:40] yone leaves the room
[18:48:43] ogud leaves the room
[18:48:47] Hugo Kobayashi leaves the room
[18:48:48] Peter Koch (co-chair) leaves the room: Computer went to sleep
[18:48:50] paulwouters leaves the room
[18:48:52] Jacky Yao11 (Health Yao) leaves the room
[18:48:58] keith leaves the room: IETF81, Quebec
[18:49:01] rstory leaves the room
[18:49:02] jinmei leaves the room
[18:49:06] geoff leaves the room
[18:49:07] weiyinxing leaves the room
[18:49:18] Benno Overeinder leaves the room
[18:49:28] sm leaves the room
[18:49:30] Chris Griffiths leaves the room
[18:49:38] Carlos Martinez leaves the room
[18:50:10] Dowon Kim leaves the room
[18:50:43] ondrej leaves the room
[18:51:18] tomek leaves the room
[18:51:20] matthijs leaves the room
[18:51:31] wouter leaves the room
[18:51:52] johani leaves the room
[18:51:56] matthijs joins the room
[18:52:30] matthijs leaves the room
[18:56:54] jelte leaves the room
[19:08:34] Dowon Kim joins the room
[19:13:12] Dowon Kim leaves the room
[19:15:56] Jim Galvin joins the room
[19:23:09] Chris Griffiths joins the room
[19:24:47] danny leaves the room
[19:24:52] Carlos Martinez joins the room
[19:27:48] tomek joins the room
[19:30:43] Chris Griffiths leaves the room
[19:31:49] Jim Galvin leaves the room
[19:32:51] juampe.cerezo leaves the room
[19:35:33] g.e.montenegro joins the room
[19:37:00] g.e.montenegro leaves the room
[19:40:37] fujiwara leaves the room
[19:55:14] wej leaves the room
[20:08:34] Benno Overeinder joins the room
[20:08:34] hardaker leaves the room
[20:27:46] Benno Overeinder leaves the room
[20:28:00] Benno Overeinder joins the room
[20:28:27] Benno Overeinder leaves the room
[20:38:32] paulwouters joins the room
[20:38:56] paulwouters leaves the room
[21:14:28] joseph.yee joins the room
[21:14:56] <joseph.yee> hi, this is Joseph, will channel any discussion from chat room, please put "mic:" in front
[21:15:16] <joseph.yee> oops wrong chatroom
[21:15:18] joseph.yee leaves the room
[21:40:48] Carlos Martinez leaves the room
[21:48:56] keith joins the room
[21:58:06] tomek leaves the room
[21:58:57] tomek joins the room
[22:11:42] keith leaves the room
[22:26:32] tomek leaves the room
[22:45:23] tomek joins the room
[22:47:33] Benno Overeinder joins the room
[22:53:08] tomek leaves the room
[23:25:09] Benno Overeinder leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!