IETF
dnsop
dnsop@jabber.ietf.org
Thursday, March 6, 2014< ^ >
Peter Koch has set the subject to: next DNSOP meeting at IETF 85 in Atlanta
Room Configuration
Room Occupants

GMT+0
[00:09:54] josephyee leaves the room
[01:50:53] josephyee joins the room
[02:50:03] josephyee leaves the room
[05:40:52] marka joins the room
[06:03:19] marka leaves the room
[06:06:09] marka joins the room
[06:51:27] marka leaves the room
[07:08:25] marka joins the room
[07:25:55] ilari.liusvaara joins the room
[07:48:35] marka leaves the room
[08:36:37] marka joins the room
[08:54:46] marka leaves the room
[08:56:22] marka joins the room
[09:24:03] marka leaves the room
[10:01:45] marka joins the room
[10:18:37] marka leaves the room
[11:09:11] marka joins the room
[11:11:43] marka leaves the room
[11:23:31] marka joins the room
[11:25:56] marka leaves the room
[11:28:05] marka joins the room
[11:48:09] marka leaves the room
[12:32:20] josephyee joins the room
[13:15:56] marka joins the room
[14:16:23] josephyee leaves the room
[14:59:01] josephyee joins the room
[15:04:44] marka leaves the room
[15:23:59] josephyee joins the room
[15:24:02] josephyee leaves the room
[16:17:32] josephyee leaves the room
[16:28:47] josephyee joins the room
[16:55:07] marka joins the room
[16:57:28] marka leaves the room
[17:04:08] marka joins the room
[17:25:48] marka leaves the room
[17:29:41] marka joins the room
[17:36:21] josephyee leaves the room
[17:36:39] josephyee joins the room
[17:50:37] Tim Wicinski joins the room
[17:55:14] Tim Wicinski leaves the room
[17:55:20] Tim Wicinski joins the room
[17:55:32] Tim Wicinski has set the subject to: IETF 89 London
[17:55:57] Tim Wicinski has set the subject to: DNSOP meeting, IETF 89 London
[18:05:13] Tim Wicinski leaves the room
[18:07:04] Tim Wicinski joins the room
[18:09:47] Bjorn Aannestad joins the room
[18:17:57] Tim Wicinski leaves the room
[18:31:05] Carsten Strotmann joins the room
[18:31:23] marka leaves the room
[18:33:13] Tim Wicinski joins the room
[18:33:51] hosnieh joins the room
[18:34:08] hosnieh leaves the room
[18:34:15] Hosnieh Rafiee joins the room
[18:35:07] Tim Wicinski leaves the room
[18:35:13] marka joins the room
[18:35:38] matthijs joins the room
[18:36:42] <Hosnieh Rafiee> we can hear you :-)
[18:38:13] Bjorn Aannestad leaves the room
[18:39:39] Dan York joins the room
[18:39:48] <Dan York> Good evening
[18:40:00] <Dan York> I'll be jabber-scribing
[18:40:27] <Carsten Strotmann> Thanks Dan!
[18:41:15] <Dan York> I'm at the center microphone.  If there is anyone near the other mics who can help with names that would be awesome.
[18:41:45] Tim Wicinski joins the room
[18:41:59] <Tim Wicinski> http://tools.ietf.org/wg/dnsop/minutes
[18:42:10] jelte joins the room
[18:42:43] <Dan York> Materials can be found at https://datatracker.ietf.org/meeting/89/materials.html#ops
[18:42:48] <Dan York> under DNSOP
[18:42:54] Tim Wicinski leaves the room
[18:43:18] Suzanne (co-chair) joins the room
[18:43:18] <Dan York> Agenda: http://www.ietf.org/proceedings/89/agenda/agenda-89-dnsop
[18:43:34] Frederico A C Neves joins the room
[18:43:41] Hugo Salgado joins the room
[18:43:46] Yoshiro Yoneya joins the room
[18:43:51] fanf joins the room
[18:43:52] Ralf Weber joins the room
[18:43:55] joel jaeggli joins the room
[18:44:17] Tim Wicinski joins the room
[18:44:26] Marco Davids joins the room
[18:44:30] ted.h joins the room
[18:44:46] Rob Evans joins the room
[18:45:06] <Dan York> Slides: http://www.ietf.org/proceedings/89/slides/slides-89-dnsop-0.pdf
[18:45:33] russ joins the room
[18:45:45] <Dan York> Jumping to slide 5
[18:45:54] <Dan York> (We've gone through slides 1-4)
[18:46:25] sftcd joins the room
[18:47:11] <Dan York> Slide 6 - DNSE summary
[18:47:45] <Dan York> Stephane Bortzmeyer new presenting
[18:47:58] <Suzanne (co-chair)> sorry Dan
[18:48:02] <Suzanne (co-chair)> I'm new at this :)
[18:48:26] <Dan York> Oh, no worries, you're doing fine
[18:48:42] <Dan York> Slides: http://www.ietf.org/proceedings/89/slides/slides-89-dnsop-1.pdf
[18:48:52] <Dan York> Slide 2 - Open data
[18:49:05] <Dan York> Slide 3 - QNAME is revealing
[18:49:14] Guangqing Deng joins the room
[18:49:22] resnick joins the room
[18:49:41] <Dan York> Do we have remote participants here?  (Or is everyone in the room and just here for the side chat?)
[18:50:27] <jelte> remote participants please wake and speak up
[18:50:43] <Hugo Salgado> I'm remote and awake
[18:50:45] <Dan York> Audio stream for Sovereign Room: http://ietf89streaming.dnsalias.net/ietf/ietf897.m3u
[18:50:50] <Hosnieh Rafiee> :)
[18:50:51] <Dan York> Hugo Salgado: Thanks! :-)
[18:51:12] <Dan York> Slide 4: Who can listen?
[18:51:15] <Hosnieh Rafiee> I doubt
[18:51:22] <Hosnieh Rafiee> anyone can sleep with so many testing
[18:51:24] <Hosnieh Rafiee> on audio
[18:51:25] <Hosnieh Rafiee> :)
[18:51:58] <Dan York> Last slide 5 - Two cases
[18:52:30] wseltzer joins the room
[18:53:16] <Dan York> John Klensin at mic
[18:53:49] <Dan York> One suggestion - run a full resolver on your laptop
[18:54:13] <jelte> i don't trust my laptop
[18:54:43] <Rob Evans> Let's all query Stephane's laptop.
[18:54:55] <Dan York> Any comments you want relayed?
[18:56:56] josephyee leaves the room
[18:57:04] <Dan York> (?) at mic  (I heard "Eric")
[18:57:16] <wseltzer> Aaron Kaplan
[18:57:18] elewis joins the room
[18:57:21] <Dan York> Thank you
[18:57:32] <jelte> for clarity and speed, it's advised (read: mandatory) to prepend 'relay: ' to messages one wants relayed
[18:57:44] <sftcd> couldn't a sequence of queries to non-sensitive names be sensitive?
[18:58:33] <jelte> when correlating enough, any bit of information on anything can become sensitive (or it would hold no information in the first place)
[18:58:40] <elewis > What presentation is up now/slide number?
[18:58:47] <wseltzer> sftcd: sure. there's also the traffic analysis potential of fingerprinting a visitor based on DNS requests
[18:58:48] <Dan York> Douglas Otis at mic
[18:58:58] <jelte> slide up is requirements/tradeoffs (random sample)
[18:59:05] <Dan York> elewis : We're in between presentations
[18:59:06] <sftcd> so "protect all" seems like the right goal then
[18:59:21] <Dan York> elewis : Stephane is still up for the problem statement
[18:59:25] Victor Kuarsingh joins the room
[18:59:29] <wseltzer> +1 to protect all
[18:59:37] <Dan York> Peter Koch at mic
[18:59:42] <sftcd> we're at "clarifying questions" (aka statements:-)
[18:59:51] wseltzer :)
[19:00:52] <Dan York> Peter say: what are operational costs of countermeasures?
[19:01:00] <Dan York> s/say/says/
[19:01:15] <Dan York> Erik Nordmark at mic
[19:02:19] <Dan York> Andrew Sullivan at mic
[19:02:41] <Dan York> FYI, the slides up are the chair's slides: http://www.ietf.org/proceedings/89/slides/slides-89-dnsop-0.pdf
[19:02:51] <Dan York> We're on slide 7 - Requirements/Tradeoffs
[19:03:01] <Suzanne (co-chair)> Andrew Sullivan
[19:03:45] <Dan York> Andrew says: what are we leaking to *whom*?
[19:04:12] <Dan York> Andrew says: can't be just "what should not leak?"
[19:04:28] <Dan York> Barry Leiba at mic
[19:05:18] <Dan York> Russ Mundy at mic
[19:06:08] <Dan York> Aaron Kaplan at mic
[19:07:00] <Dan York> Joe Abley at mic
[19:07:45] <Dan York> Joe says: for some users there is a tradeoff between privacy and performance  (gives example of CDNs needing query info)
[19:07:55] <Dan York> Ted Hardie at mic
[19:08:24] <Dan York> Ted says: I hear people making architectural decisions already before wiki is even populated
[19:08:47] josephyee joins the room
[19:09:09] <Dan York> Ted says: we're trying to protect confidentiality of DNS queries against pervasive monitoring
[19:10:18] <Dan York> Stephane speaking
[19:10:43] <Dan York> Ted back at mic
[19:10:49] Andrew Sullivan joins the room
[19:11:20] <Dan York> Brian Dickson at mic
[19:11:48] <Dan York> Brain says: some of this can be informed by the domain boundary issue
[19:11:51] <Andrew Sullivan> The disagreement we just heard between Ted and Stephane is, I think, one of the most important things we can resolve
[19:12:01] <Dan York> Peter Koch at mic
[19:13:19] <Dan York> Peter says: do we want to protect against an active attacker?
[19:13:26] <Dan York> (?) at mic?
[19:13:45] <Andrew Sullivan> R. Weber
[19:13:51] <Andrew Sullivan> I think
[19:14:02] <Dan York> John Klensin at mic
[19:14:05] <Hosnieh Rafiee> I can implement and compare
[19:14:24] <Hosnieh Rafiee> at the moment I  compared the encryption decryption for RSA
[19:14:29] <Dan York> Andrew Sullivan: Thanks... I'm guessing Ralf Weber based on attendee list
[19:15:00] <Andrew Sullivan> yeah, sorry, could never remember Ralf spelling, and I was sure I'd get it wrong
[19:15:32] Doug Montgomery joins the room
[19:15:32] <Dan York> Phillip Hallam-Baker at mic
[19:15:47] <sftcd> sprinkling the world sprinkle is also undesirable
[19:16:05] <Dan York> Andrew Sullivan: no worries... it was very helpful. I can't see people's nametags at that mic
[19:16:46] <Andrew Sullivan> So, since the thing we've already specified isn't already deployed, we should invent a new thing that is also not deployed?
[19:16:55] <Dan York> PHB says: we need authenticity as well
[19:17:02] <jelte> i do agree that blindly ramming encryption on something may not help much (though it is ighly likely to be part of a full solution)
[19:17:05] <Dan York> Antoin Verschauen at mic
[19:17:16] <jelte> Verschuren
[19:17:22] <Dan York> er... Antoin Verschuren
[19:17:32] <Dan York> jelte: yes, thanks
[19:17:41] <jelte> np, dutch names are hard :)
[19:18:19] <Dan York> :-)
[19:18:25] <Dan York> Joel Jaeggli at mic as AD
[19:18:47] <Dan York> Joel says: "I don't think there's any danger of us doing something too quickly, here." :-D
[19:19:05] <Hosnieh Rafiee> :yes:
[19:19:32] <Dan York> We're now on slide 8 of the slides
[19:21:14] <Dan York> Now we're on the last slide - "Next Steps"
[19:21:21] Olafur Gudmundsson joins the room
[19:22:14] <Dan York> John Klensin at mic
[19:23:07] <Dan York> me at mic
[19:23:09] <ted.h> We know at least one problem we want to solve.  There may be mroe.
[19:23:13] <Dan York> Andrew Sullivan at mic
[19:23:23] <ted.h> But let's not be sure we solve at leat that, eh?
[19:23:35] <ted.h> um, okay, need caffeine.
[19:23:41] <ted.h> Let's be sure we solve at least that, eh?
[19:23:42] <sftcd> those are not mutually exclusive
[19:23:43] <Doug Montgomery> Can we have a requirement that solutions to this specific problem, not make worse other known problems - such as amplification attacks.
[19:23:47] <matthijs> Dan York: we missed your question can you repeat here?
[19:23:53] <Dan York> Peter Koch at mic
[19:23:56] <wseltzer> which problem *can* we solve first, without impeding solving others later?
[19:24:08] <Dan York> wseltzer: +1
[19:24:11] <matthijs> thnx
[19:24:58] <Dan York> jelte at mic
[19:25:09] <ted.h> Any change you make will have an impact on the space of solutions that come later, but "impede" is a loaded term.  It may give you a leg up, and it may impose costs for later security properties you wish to instill.
[19:25:36] <sftcd> http://tools.ietf.org/html/draft-barnes-pervasive-problem is a generic threat model (also early days for that though)
[19:25:50] <Dan York> matthijs: my question was really a comment that while we can adopt this document for a place to start, I don't think we're clear on the problem yet
[19:26:17] <Dan York> Brian Dickson has been at the mic speaking
[19:26:49] <matthijs> ok fixing it
[19:27:03] <ted.h> If your threat model is that the authoritative name server gets an NSL, you are not fixing it the same way as solving the loss of confidentiality on the wire.
[19:27:29] <ted.h> But requiring the WG to solve both before tackling one seems very, very odd.
[19:27:46] <wseltzer> +1 to ted
[19:27:50] resnick leaves the room
[19:28:21] <Andrew Sullivan> @Ted: yes, but deciding whether we think both are problems _is_ important, I think
[19:28:22] <Doug Montgomery> A threat model is not a risk model.  Understanding the risks (security, performance, interoperability, robustness, new risks) of both the current situation and the same risks associated with any proposed solution is key.
[19:28:39] <Dan York> (?) at mic (heard "John")
[19:28:49] <Andrew Sullivan> John Dickinson
[19:29:08] <Andrew Sullivan> Now Olafur Gudmundsson
[19:29:09] <Dan York> Olafur Gudmundsson at mic
[19:29:22] <Dan York> Warren Kumari at mic
[19:29:57] <fanf> punt to dnsext :-)
[19:30:08] <Dan York> Peter Koch at mic
[19:30:13] <Rob Evans> DNS EXtensions for Transport (privacy)
[19:30:16] <jelte> how about namedroppers@somethingsomething
[19:30:48] <jelte> just to make it clear it's not dnsext@ietf.org ;)
[19:30:54] <Dan York> Stephen Farrell at mic
[19:31:09] fanf leaves the room
[19:31:23] <Dan York> Stephane Bortzmeyer at mic
[19:32:03] <Andrew Sullivan> @jelteL I suggest dropnom@ietf.org, which has the nice property of fitting in the WG name rules and also nods at the history.  But I suspect it's early to buy paint for that bike shed.
[19:32:26] <ted.h> Documenting the privacy properties of the DNS does not help the user who has lost confidentiality.
[19:32:58] <jelte> yes i was only kidding (though dropping the names will be a solution to one of the potential problems)
[19:33:26] bortzmeyer joins the room
[19:33:39] <Dan York> My issue is not with calling it a problem statement ... it's that we have a bunch of problems and we're kind of all over the place on where we want to go
[19:33:43] <Dan York> (?) at mic
[19:33:47] <Dan York> Antoin Verschuren at mic
[19:33:51] <jelte> yeah
[19:34:00] <jelte> previous was matthijs mekking
[19:34:17] <Dan York> Aha! Thanks
[19:35:05] <Dan York> matthijs mekking
[19:35:12] <Dan York> PHB at mic
[19:35:16] pebersman joins the room
[19:35:32] Doug Montgomery leaves the room
[19:36:03] russ leaves the room: Replaced by new connection
[19:36:05] russ joins the room
[19:36:14] Peter Koch joins the room
[19:36:33] <Dan York> Aaron Kaplan at mic
[19:37:15] Guangqing Deng leaves the room
[19:37:17] <Andrew Sullivan> I won't go to the mic, but it is not just economic interests that tell against "just encrypt it all and hide it from everyone".  The plain fact is that an enormous amount of debugging and customer-support opportunities lie in the ability to look at these streams
[19:37:20] <Olafur Gudmundsson> DNSTRANS  here we come
[19:38:24] <russ> I've been pushing a somewhat protagonist position tonight with the intention of pointing out that security is Never Free (in one or many ways) and I see the current problem statements strongly infer that the security and associated costs should be applied to the entire Internet (Russ Mundy)
[19:39:03] <Dan York> me at mic
[19:39:12] <Dan York> Ted Hardie at mic
[19:39:28] <Andrew Sullivan> The DNS is full of sludge, and has been forever, and at the margins it turns out that keeping things visible to intermediate resolvers helps keeping things running.  Are we prepared to break that?
[19:39:31] Tim Wicinski leaves the room
[19:39:48] <Dan York> "The DNS is full of sludge"... :-)
[19:39:50] <jelte> could the chairs please watch the time :)
[19:39:58] <Hosnieh Rafiee> @Andrew: true, this is why it depends what and in which situation one needs to use this privacy
[19:40:12] <Dan York> jelte: The chairs DID just say we're out of time
[19:40:37] <jelte> oh, my apologies
[19:40:47] <jelte> please ignore
[19:40:48] <Hosnieh Rafiee> @Andrew: I think forcing all the systems to do this is not a correct way.. it should be like option for the users
[19:41:09] <Dan York> Linus Nordberg at mic
[19:41:16] <Dan York> Stephen Farrell at mic
[19:41:34] <Dan York> Brian Dickson at mic
[19:42:00] ted.h leaves the room
[19:42:07] ted.h joins the room
[19:42:13] Rob Evans leaves the room
[19:42:19] <Dan York> I agree with Brian
[19:42:21] <Dan York> :-)
[19:42:42] <Dan York> Tim - we'll set up another mailing list to discuss this
[19:42:43] Doug Montgomery joins the room
[19:43:04] Andrew Sullivan leaves the room
[19:43:11] <Dan York> Olafur was briefly at the mic
[19:43:13] Peter Koch leaves the room
[19:43:16] <Dan York> Barry Leiba at mic
[19:43:22] Doug Montgomery leaves the room
[19:43:27] marka leaves the room
[19:43:30] <Hugo Salgado> Thanks Dan!
[19:43:31] jelte leaves the room
[19:43:32] Guangqing Deng joins the room
[19:43:36] sftcd leaves the room
[19:43:38] joel jaeggli leaves the room
[19:43:38] <Dan York> We're done
[19:43:38] pebersman leaves the room
[19:43:43] Frederico A C Neves leaves the room
[19:43:43] Dan York leaves the room
[19:43:47] Carsten Strotmann leaves the room
[19:43:51] Hugo Salgado leaves the room
[19:43:51] russ leaves the room
[19:43:53] Victor Kuarsingh leaves the room
[19:44:04] Olafur Gudmundsson leaves the room
[19:44:04] Suzanne (co-chair) leaves the room
[19:44:11] Marco Davids leaves the room
[19:44:14] joel jaeggli joins the room
[19:44:18] matthijs leaves the room
[19:44:28] Yoshiro Yoneya leaves the room
[19:44:32] ilari.liusvaara leaves the room: offline
[19:45:04] joel jaeggli leaves the room
[19:45:23] Ralf Weber leaves the room
[19:45:31] Guangqing Deng leaves the room
[19:46:13] Hosnieh Rafiee leaves the room
[19:48:06] joel jaeggli joins the room
[19:48:28] ted.h leaves the room
[19:48:50] joel jaeggli leaves the room
[19:57:34] wseltzer leaves the room
[19:59:31] wseltzer joins the room
[19:59:56] elewis leaves the room
[20:03:00] bortzmeyer leaves the room
[20:09:37] wseltzer leaves the room
[20:10:37] Tim Wicinski joins the room
[20:45:05] bortzmeyer joins the room
[20:56:27] Tim Wicinski leaves the room
[21:43:54] Doug Montgomery joins the room
[21:47:19] Doug Montgomery leaves the room
[22:12:58] joel jaeggli joins the room
[22:29:09] russ joins the room
[22:33:00] russ leaves the room
[22:34:00] Frederico A C Neves joins the room
[22:56:02] Tim Wicinski joins the room
[23:06:29] joel jaeggli leaves the room
[23:07:09] Frederico A C Neves leaves the room
[23:15:37] Olafur Gudmundsson joins the room
[23:16:34] Olafur Gudmundsson leaves the room
[23:16:56] Olafur Gudmundsson joins the room
[23:41:40] Suzanne (co-chair) joins the room
[23:48:24] Ralf Weber joins the room
[23:54:34] josephyee leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!