dnsop - Monday, March 27, 2017

dnsop

dnsop@jabber.ietf.org

Monday, March 27, 2017< ^ >

dnshane has set the subject to: virtual interim meeting

Room Configuration

Room Occupants

GMT+0
[00:06:54] Chinien Wang leaves the room
[00:09:26] Chinien Wang joins the room
[00:11:31] Chinien Wang leaves the room
[01:15:28] Chinien Wang joins the room
[02:59:26] Roger Murray joins the room
[02:59:41] Roger Murray leaves the room
[03:59:17] Chinien Wang leaves the room
[04:21:46] Chinien Wang joins the room
[04:30:11] Chinien Wang leaves the room
[07:52:39] Pieter Lexis (PowerDNS) joins the room
[07:57:03] Pieter Lexis (PowerDNS) leaves the room: Machine going to sleep
[08:20:22] Pieter Lexis (PowerDNS) joins the room
[15:51:43] Pieter Lexis (PowerDNS) leaves the room
[15:58:32] Pieter Lexis (PowerDNS) joins the room
[17:45:09] herve.prigent joins the room
[17:47:17] SHollenbeck joins the room
[17:47:34] herve.prigent leaves the room
[17:47:37] herve.prigent joins the room
[17:47:37] Dan York joins the room
[17:47:40] Meetecho joins the room
[17:47:56] Dan York has set the subject to: IETF 98 DNSOP
[17:48:10] Andreas Schulze joins the room
[17:48:23] Hugo Salgado joins the room
[17:48:25] <Dan York> I'll be scribing
[17:55:06] avri doria joins the room
[17:55:07] Lorenzo Miniero joins the room
[17:55:08] Edward Lewis joins the room
[17:55:09] Richard Franks joins the room
[17:55:10] Antoin Verschuren joins the room
[17:55:12] Pieter Lexis joins the room
[17:55:45] Yoshiro joins the room
[17:57:14] Philip Homburg joins the room
[17:57:18] Sam Weiler joins the room
[17:57:56] Sharon Goldberg joins the room
[17:58:23] Jan Komissar joins the room
[17:58:44] Weiler joins the room
[17:58:54] sara@sinodun.com joins the room
[17:59:19] Kal Feher joins the room
[18:00:31] Roger Carney joins the room
[18:00:56] Viktor Dukhovni joins the room
[18:01:27] Pieter Lexis leaves the room
[18:01:28] keith joins the room
[18:01:37] Pieter Lexis joins the room
[18:01:40] suzworldwide joins the room
[18:01:43] Shane Kerr joins the room
[18:01:43] Scott Morizot joins the room
[18:02:14] Andreas Schulze_DATEV joins the room
[18:02:19] <Dan York> Starting
[18:02:38] mellon joins the room
[18:02:40] fneves joins the room
[18:02:46] Francis Dupont joins the room
[18:02:50] koji joins the room
[18:02:54] Andreas Schulze_DATEV leaves the room
[18:03:02] Andreas Schulze_DATEV joins the room
[18:03:09] keith leaves the room
[18:03:16] keith joins the room
[18:03:27] <Dan York> Materials at https://datatracker.ietf.org/meeting/98/materials#dnsop
[18:03:31] ajs joins the room
[18:03:51] <suzworldwide> And we're underway.....welcome all :)
[18:04:02] Cedrick Mbeyet joins the room
[18:04:03] Brian Reid joins the room
[18:04:14] Sharon Goldberg leaves the room
[18:04:20] Okke Timm joins the room
[18:04:29] <Dan York> Warren Kumari as new AD standing at the mic
[18:04:31] jaap joins the room
[18:04:42] Dennis Kort joins the room
[18:04:46] <Shane Kerr> Wow Warren levels up! :-D
[18:05:04] <Dan York> Joel Jaeggli at mic
[18:05:24] Jinmei Tatuya joins the room
[18:06:24] John Woodworth joins the room
[18:06:55] Sharon Goldberg joins the room
[18:06:56] Dean Ballew joins the room
[18:07:09] Alex K joins the room
[18:07:19] Andreas Schulze_DATEV leaves the room
[18:07:37] <Dan York> FYI, we're in these slides: https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-chair-slides-01.pdf
[18:08:10] each joins the room
[18:08:49] <Dan York> Stuart Cheshire at mic
[18:08:52] Andreas Schulze_3961 joins the room
[18:10:29] Andreas Schulze_3961 leaves the room
[18:10:30] fenton joins the room
[18:11:29] <Dan York> If any of you are remote and want a comment relayed, please preface it with "MIC:"
[18:13:01] <Dan York> Paul Hoffman is now presenting https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-terminology-bis-ietf98-00.pdf
[18:13:09] Alex K leaves the room
[18:13:32] Wendy Seltzer joins the room
[18:13:48] <Viktor Dukhovni> Audio gone on my end...
[18:13:52] <Shane Kerr> For me too.
[18:13:53] <Edward Lewis> metoo
[18:13:54] <Antoin Verschuren> Here too
[18:13:56] <Pieter Lexis (PowerDNS)> my audio is gone too
[18:14:00] <Dennis Kort> Looks like is gone in the room.
[18:14:02] <Sharon Goldberg> audioi down
[18:14:02] <mellon> There are issues in the room.
[18:14:04] <ajs> audio is broken in room
[18:14:37] <ajs> up now.  Working?
[18:14:37] <Viktor Dukhovni> Anyone on site able to get Meetecho help?
[18:14:40] <suzworldwide> rebooted audio and speaker, thanks
[18:14:40] <Sharon Goldberg> i can't hear it
[18:15:06] <Shane Kerr> Poor Paul, rebooted in the session. ;)
[18:15:08] <suzworldwide> meetecho: still have an audio problem
[18:15:09] Andreas Schulze_DATEV joins the room
[18:15:14] <Sharon Goldberg> i can't hear still...
[18:15:16] <John Woodworth> same here
[18:15:17] <Sharon Goldberg> do others hear?
[18:15:19] Sam Weiler_4654 joins the room
[18:15:23] <Viktor Dukhovni> Nope, silent.
[18:15:26] <Dennis Kort> no audio in meetecho
[18:15:27] <Meetecho> Fing this as I type
[18:15:30] <Meetecho> Fixing
[18:15:38] Dimitris Papadopoulos joins the room
[18:15:40] <suzworldwide> sound check for remote: better?
[18:15:40] <Meetecho> there's a problem with the streamer in the room
[18:15:43] Andreas Schulze_DATEV leaves the room
[18:15:51] <Okke Timm> still no audio after forced browser reload
[18:15:54] <Dan York> The sound is back in the room
[18:16:05] Sam Weiler leaves the room
[18:16:07] <Richard Franks> MIC Please reboot Paul, remote users cannot hear a word
[18:16:10] <Dan York> (in the physical room)
[18:16:13] John Woodworth_9868 joins the room
[18:16:14] Okke Timm leaves the room
[18:16:28] Okke Timm joins the room
[18:16:30] John Woodworth leaves the room
[18:16:37] avri doria leaves the room
[18:16:37] <Viktor Dukhovni> Remote audio still off...
[18:16:38] avri doria joins the room
[18:16:41] Wouter Wijngaards joins the room
[18:16:49] <Meetecho> Yep, working on this
[18:16:54] <Weiler> may we have detailed jabber scribing while this is broken, please?
[18:17:00] <Dan York> Okay
[18:17:03] <John Woodworth_9868> just relaunched, no joy
[18:17:08] ogud@jabber.org joins the room
[18:17:08] <Dan York> George michaelson at mic
[18:17:17] <ajs> George Michaelson at mic
[18:17:22] <Weiler> ((will this likely affect the recording after the fact?)
[18:17:23] <Dan York> Paul asked for comment from people
[18:17:24] <Meetecho> I'll notify here as soon as it's fixed
[18:17:41] <ajs> and suggesting that issues on slides needs lots of discussion
[18:17:42] <Dan York> George: ontologies are argued about for years and years and years
[18:17:57] <suzworldwide> @meetecho thx
[18:17:58] Andrew Fregly joins the room
[18:18:16] <Dan York> George: doesn't like a definition of "domain" ... it will be argued about forever
[18:18:30] <Dan York> George: Ship it... we'll argue about it more later.
[18:18:34] Roger Murray joins the room
[18:18:42] <Meetecho> the mp3 stream should be up
[18:18:42] ogud@jabber.org leaves the room
[18:18:48] <Dan York> George: It will always be changed. There will be more bis versions.
[18:18:48] <Meetecho> still working on the live feed
[18:19:03] <Dan York> Ondrej Sury at mic
[18:19:10] <mellon> The WiFi in the room is so bufferbloated as to be useless, unfortunately.
[18:19:22] Dimitris Papadopoulos_3095 joins the room
[18:19:25] <Dan York> Ondrej - should we start rewriting documents to be compatible with this terminology?
[18:19:34] avri doria leaves the room
[18:19:35] avri doria joins the room
[18:19:38] <Dan York> Andrew Sullivan at mic
[18:19:41] Andrew Fregly leaves the room
[18:19:47] <Dennis Kort> mp3 stream works http://ietf98streaming.dnsalias.net/ietf/ietf986.m3u
[18:19:49] ogud@jabber.org joins the room
[18:20:21] <Andreas Schulze> yep: http://icecast-ietf.conf.meetecho.com:8000/zurichd.mp3 works
[18:20:22] <Dan York> Andrew: if people think there are implications of some of this terminology on work going on in other groups, that would be useful feedback for the authors
[18:20:28] Pieter Lexis leaves the room
[18:20:28] <Viktor Dukhovni> Should this document attempt to define a preferred meaning of "indeterminate" in DNSSEC?
[18:20:31] mellon leaves the room: Replaced by new connection
[18:20:31] mellon joins the room
[18:20:35] <Viktor Dukhovni> (please relay)
[18:20:53] <Dan York> ok
[18:21:09] <Dean Ballew> mp3 stream works great. Thx
[18:21:17] <Viktor Dukhovni> (Live Audio still down sadly)
[18:21:39] <jaap> http://ietf98streaming.dnsalias.net/ietf/ietf986.m3u
[18:21:41] <jaap> works for audio
[18:21:53] avri doria leaves the room
[18:21:54] avri doria joins the room
[18:22:04] <Dan York> Viktor - Paul asked that it be taken to the list. He doesn't want to define that... but thinks we probably should.
[18:22:27] <Shane Kerr> Sound working again.
[18:22:27] Pieter Lexis joins the room
[18:22:28] <Richard Franks> Audio back on
[18:22:29] <ajs> Speaking for myself, I don’t want to define _any_ of this, but it seems important
[18:23:02] <Meetecho> audio back
[18:23:13] <Pieter Lexis (PowerDNS)> Meetecho, thanks!
[18:23:17] <Meetecho> sorry, a network switch had gone, fixed now
[18:23:20] <Dan York> Paul wants to finish this up by the summer and ship it
[18:24:04] <Dan York> Now Sharon Goldberg presenting remotely
[18:24:12] Peter Koch joins the room
[18:24:21] mellon leaves the room: Replaced by new connection
[18:24:22] mellon joins the room
[18:24:43] <Dan York> Sharon is presenting these slides: https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-nsec5-ietf98-01.pdf
[18:25:41] <Brian Reid> The purpose of definition lists like this is not so much to explain our meaning to the reader as to ensure that we all use the same term for referring to the same thing.
[18:25:59] <ajs> @reid: yes
[18:26:00] Andrew Fregly joins the room
[18:26:21] <suzworldwide> @reid people can decide whether to use the convention, but at least we have one :)
[18:26:30] danyork joins the room
[18:26:44] Ralph Dolmans joins the room
[18:26:50] Simon Romano joins the room
[18:27:05] <suzworldwide> @meetecho: slightly lower volume in the room?
[18:27:10] <Meetecho> (y)
[18:27:46] <Meetecho> better now?
[18:27:52] <suzworldwide> y
[18:28:01] <suzworldwide> thx
[18:28:17] Ralph Dolmans_6345 joins the room
[18:28:19] <mellon> it’s not better where I’m sitting.   I’m having to stick my fingers in my ears.
[18:28:26] <Meetecho> :D
[18:28:32] <Meetecho> will lower more, than, just a sec
[18:28:35] <Dan York> It's actually quiet in the middle
[18:28:37] <mellon> thx
[18:28:46] <Meetecho> decreased some more
[18:28:51] <mellon> is it possibly just one channel of two?
[18:28:59] <Meetecho> don't want to risk going further, if it already was quiet in other ponts
[18:29:09] <ajs> I think it’s not the volume, it’s the tonal quality
[18:29:13] <Dan York> I wouldn't go lower ... it's almost too quiet for us in the middle
[18:29:31] <mellon> I don’t hear it coming from the far speaker at all.
[18:29:36] <mellon> The one on the left of the room.
[18:29:53] Juan P. Cerezo joins the room
[18:30:16] <ajs> I thin the mic is not great and there’s a lot of harsh treble.  I can hear on the left, but the arrangement in this room isn’t great.
[18:30:31] <Meetecho> raised a tiny bit just to address Dan's comment
[18:30:50] <mellon> I’m going to have to leave the room or something.
[18:30:58] <ajs> but I have a question about the content :)  I have read the discussion on the list, but I still don’t understand why this is solving a problem that anyone really has.
[18:31:14] <mellon> you aren’t the only one to ask that question. :)
[18:31:40] <Shane Kerr> If we don't have the problem of zone enumeration then why do we have NSEC3?
[18:31:42] <ajs> I mean, I don’t care if it goes ahead, but it seems like there’s an opportunity cost here.
[18:31:56] <Edward Lewis> to Shane - opt out
[18:32:07] tobias joins the room
[18:32:14] <Shane Kerr> We don't need hashing and salting and so on for opt out.
[18:32:18] <ajs> Since NSEC3 seems to solve enumeration “well enough”, why do we need more?
[18:32:23] <Edward Lewis> Yep.
[18:32:41] <ajs> and this requires online crypto, which seems like a net loss
[18:32:51] <Dan York> No slide numbers... so I can't help point anyone remote to where we are in https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-nsec5-ietf98-01.pdf
[18:32:54] <mellon> It’s a neat hack.
[18:32:57] <mellon> I suspect that’s part of it.
[18:33:06] <suzworldwide> this is slide 12 according to my pdf
[18:33:11] <Shane Kerr> PowerDNS uses online crypto, Cloudflare uses online crypto... it's not a deal breaker.
[18:33:17] <ajs> it’s neat, sure.  I don’t care if it goes ahead
[18:33:20] <Dan York> We're on slide 12 right now according to my PDF viewer
[18:33:22] <ajs> I’m not saying it’s a deal breaker
[18:33:27] <Edward Lewis> Hatin' on on-line keys is so 90's ;)
[18:33:29] <ajs> I just don’t know why this is worth adding
[18:33:34] <Shane Kerr> ;)
[18:33:34] <Dan York> Ha.. what @suzworldwide sadi
[18:33:50] Andrew Fregly leaves the room
[18:34:14] <ogud@jabber.org> Online keys is not scary it is what all web servers do today so why is DNS more scary ?
[18:35:16] <ajs> I don’t think it’s scary.  I think it’s a requirement here and not a requirement for other things, so there’s a trade, and the additional cost + opportunity cost + maintenance cost seems like a lot to trade for the dubious benefit of preventing offiline enumeration
[18:35:58] <ajs> since just about every zone can be enumerated offline anyway by random guesses of “mx” plus some numbers, some variations on “www”, and some variations on “ns”.
[18:36:03] <ogud@jabber.org> I love the crypto work in this draft but I do not see the use case
[18:36:49] <Dan York> Any questions you all want me to relay?
[18:36:58] <Dan York> Ondrej Sury at mic
[18:37:33] <Shane Kerr> "Not complicated at all". - overstatement of the century
[18:38:19] Pierre PFISTER joins the room
[18:38:22] <Dan York> Merike Kaeo
[18:38:30] <Dan York> Evan Hunt at mic
[18:39:31] <Dan York> DKG at mic
[18:39:52] <Viktor Dukhovni> Please relay: are you planning support for X25519? Should P-256 even be used, given that this is new?
[18:39:53] <Weiler> Q for dkg: can you get them to explain their requirements to us?
[18:40:12] <Pieter Lexis (PowerDNS)> +1 to Weiler's q
[18:40:25] <Viktor Dukhovni> Relay if useful: As to TLD enumeration, most TLD zone data is available for download via CZDS or similar...
[18:40:36] <Weiler> also: evan +1.
[18:40:52] <danyork> Relaying
[18:40:57] <Peter Koch> how would NSEC5 interact with aggressive negative caching?
[18:42:09] ogud@jabber.org joins the room
[18:42:10] Benno Overeinder joins the room
[18:42:19] <Weiler> DKG: that doesn't explain how NSEC3 doesn't work.  More details or it didn't happen. :-)
[18:42:31] ogud@jabber.org leaves the room
[18:42:39] Suzanne (co-chair) joins the room
[18:43:11] <Dan York> DKG - "I'm in touch with several groups that won't deploy DNSSEC because they are concerned about zone enumeration. NSEC5 solves that."
[18:43:34] dkg joins the room
[18:43:41] <ogud@jabber.org> Online signing with NSEC and black lies is much simpler than NSEC3/5
[18:43:57] <each> nsec3 makes it moderately expensive and annoying to enumerate a zone. nsec5 makes it more expensive and annoying. passive DNS undoes most of the benefit of both of them
[18:44:05] <Peter Koch> thanks, Sharon
[18:44:11] <Dan York> Ondrej Sury at mic
[18:44:16] <each> so I think "it's possible to enumerate zones" is a pill that we're going to have to swallow, regardless
[18:44:43] <dkg> Weiler: https://dnscurve.org/nsec3walker.html
[18:44:45] <Sharon Goldberg> sure. you can see more details on our relationship with negative caching in section 8 of our paper
[18:45:21] <each> I will say that if I had to deploy either this or white lies, I'd pick this in a second.
[18:45:26] <Dan York> Andrew Sullivan at mic
[18:45:32] <Sharon Goldberg> https://eprint.iacr.org/2017/099.pdf
[18:45:36] <ogud@jabber.org> There is s perfect dictionary for enumerating zones it is the .com zone
[18:45:39] <Dan York> (Mic line is closed, btw, so I can no longer relay)
[18:45:41] ajs leaves the room
[18:45:58] <dkg> ogud@jabber.org: that doesn't let you enumerate within those zones.
[18:45:59] <Viktor Dukhovni> Relay: How would NSEC5 be rolled out? Surely for quite some time zones would still need NSEC3 for interop? Is NSEC5 then useful and when?
[18:46:18] <Dan York> Viktor - I'm sorry, mic line is closed right now
[18:46:39] <Viktor Dukhovni> I'll be patient.
[18:46:39] <dkg> Viktor Dukhovni: zones that care about enumeration can deploy with only NSEC5
[18:46:39] <Edward Lewis> Victor - look to how NSEC3 was rolled out for one example.
[18:46:40] <Suzanne (co-chair)> this is actually more interest than we'd seen on the mailing list, so I hope folks will follow up there
[18:46:55] <dkg> and the result is that they have unverified NXDOMAIN records
[18:46:57] <Wendy Seltzer> "this much" = fingers about 1" apart
[18:47:08] <dkg> (for those clients that can't verify NSEC5)
[18:47:46] <Dan York> +1 to @ajs ' comments about deployment issues
[18:47:54] <each> another +1 to that
[18:48:20] <dkg> the fact that it takes time to deploy means we should have started deployment yesterday
[18:48:23] ajs joins the room
[18:48:36] Vicky joins the room
[18:48:39] <ogud@jabber.org> @dkg give me a zone and I will enumerate it for you
[18:48:40] <Weiler> (who is that?)
[18:48:49] <Dan York> Shumon Huque
[18:48:54] <Dan York> Paul Vixie at mic
[18:48:55] <Weiler> thank you.
[18:49:17] <each> that was elegant.
[18:49:23] <Dan York> Roy Ahrens at mic
[18:49:24] <dkg> i'd respond to that if the mic lines weren't closed
[18:49:53] <ajs> This isn’t just “time to deploy”.  It’s the way it interacts with deployment with the other stuff
[18:49:58] <dkg> passive dns is done by specialized operators who have particular access to centralized resolvers or network traffic.
[18:50:25] <dkg> ajs: that's true.
[18:50:58] <dkg> ajs: shumon's point about other ongoing transitions suggests that we should get this done concurrently with them, though.
[18:51:10] <Weiler> (so NSEC5 creates a new class of key used for DNSSEC stuff.)
[18:51:22] <ajs> The “what makes successful protocol” and the “planning for transitions” stuff that came/is coming from the IAB could be relevant here
[18:51:23] <dkg> Weiler: yes, that is correct.
[18:51:35] <ajs> I’m not suggesting that the argument is lock down in either direction
[18:51:51] <ajs> but it’s really important to consider this part
[18:51:54] <ogud@jabber.org> NSEC5 is an an "negative answer only KEY"
[18:52:03] <ogud@jabber.org> Wish we had that when we did NSEC3
[18:52:05] <ajs> and I am not convinced that the draft is considering that at all
[18:52:14] <dkg> ogud@jabber.org: it's better than that, because it can't even forge negative answers
[18:52:18] Peter Koch leaves the room
[18:52:53] <Dan York> Sara Dickinson now presenting about C-DNS
[18:52:53] <Dan York> https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-c-dns-00.pdf
[18:53:00] <Dan York> A DNS Packet Capture Format
[18:53:31] suzworldwide leaves the room
[18:54:32] Hugo Salgado leaves the room
[18:54:50] <Dan York> On slide 5, "Draft Status"
[18:55:42] <dkg> ogud@jabber.org: are you suggesting that you'll enumerate a non-signed zone via passive dns?
[18:55:48] <dkg> or are you suggesting something else?
[18:57:02] <Dan York> Sara is done - any questions?
[18:57:08] <Dan York> Roy Ahrens at mic
[18:57:18] Alex K joins the room
[18:57:50] <Dan York> Brian Dickson at mic
[18:59:00] <Dan York> ?? at mic
[18:59:47] <Dan York> Jim Reid at mic
[19:00:28] <Dan York> Lars Liman at mic
[19:01:49] Simon Pietro Romano joins the room
[19:02:32] <Dan York> Next up - Dave Crocker presenting
[19:02:47] <Dan York> His slides: https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-attrleaf-registry-for-underscore-names-01.pdf
[19:04:10] <Dan York> The URI record Dave referenced is in https://tools.ietf.org/html/rfc7553
[19:04:12] Pieter Lexis (PowerDNS) joins the room
[19:05:18] <ajs> I thought this was a reasonably good idea in the first place except that it was a mess.  I still think that’s true, which I think tells us something about what a disaster underscores are.  But there’s IMO no question that some kind of registry is needed
[19:06:31] fenton leaves the room
[19:06:49] <Dan York> Anyone have any comments for Dave?
[19:07:09] <Dan York> Ondrej Sury at mic
[19:07:38] <Dan York> Ondrej's point was that TLSA records also have underscores
[19:07:43] <Dan York> Jim Fenton at mic
[19:08:22] Daniel Stirnimann joins the room
[19:08:24] <Dan York> (Hmm... is "leaf" in the terminology draft? Paging Paul Hoffman...)
[19:08:54] <Dan York> Lars Liman at mic
[19:09:47] <Dan York> John Levine at mic
[19:10:01] Brian Reid leaves the room
[19:10:11] <Dan York> John: "The situation is less dire"
[19:10:12] fenton joins the room
[19:10:13] Brian Reid joins the room
[19:10:37] <Dan York> Brian Dickson at mic
[19:11:14] <Dan York> Stuart Cheshire at mic
[19:11:26] fenton leaves the room
[19:11:50] <Dan York> Paul Vixie at mic
[19:13:54] <Dan York> Dave Lawrence presenting on BULK DNS Resource Records
[19:13:56] <Dan York> Slides: https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-bulk-rr-type-00.pdf
[19:14:20] Pieter Lexis (PowerDNS) leaves the room
[19:19:25] <Shane Kerr> I gave a long review fo -05
[19:19:30] <Shane Kerr> Waiting for -06
[19:19:32] <Shane Kerr> :)
[19:20:02] <Dan York> Ondrej Sury at mic
[19:20:08] <John Woodworth_9868> Thanks Shane
[19:20:56] ray joins the room
[19:21:11] Simon Leinen joins the room
[19:21:23] <ray> “I had a problem with bulk record generation, so I decided to use regexes - now I have two problems…”
[19:22:23] <Dan York> Stephane Bortzmeyer at mic
[19:22:34] <Dan York> John Woodworth_9868- any running code?
[19:23:00] <John Woodworth_9868> @ray didn't NAPTR pave the way for regex already?
[19:23:05] <Dan York> Brian Dickson at mic
[19:23:15] <ray> remind me how that went… ;-)
[19:23:29] <ajs> I think we clearly need to add full regex to NAPTR so that the DNS can be Turing-complete.
[19:24:13] <Shane Kerr> regex aren't Turing-complete, are they? They only support LR(1) grammar, right?
[19:24:19] dkg shudders
[19:24:24] <Yoshiro> Tatsuya Jinmei at mic
[19:24:39] <tobias> The thing that worries me is that we have ongoing research at tu berlin on the impact protocol design has on deployment and implementation security... and one of our core-findings is that pushing complex grammars into protocols makes their various implementations more susceptible to parsing/memory access related security issues.
[19:24:42] <Dan York> Tatuya Jinmei at mic
[19:24:52] <Dan York> Thank you, @Yoshiro
[19:24:58] <Dan York> Benno at mic
[19:25:04] <Dan York> John Levine at mic
[19:25:27] <Dan York> That was Benno Overeinder at mic
[19:25:29] <ajs> I think mic line closed, yes?
[19:25:44] <ajs> because what John is saying is I think a dangerous path
[19:25:48] <John Woodworth_9868> NPN covers offline signing
[19:25:50] <Suzanne (co-chair)> it is, sorry
[19:25:51] <Dan York> @ajs - yes
[19:26:16] <Dan York> Paul Wouters now presenting - https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-algorithm-update-wouters-00.pdf
[19:26:27] <ajs> So the thing is, there is a really serious desire on the part of several large operators’ customers for standard ways to represent some of these Tricks
[19:26:29] <John Woodworth_9868> Thanks Tale!
[19:26:47] <Dan York> Paul: "trying to cut the long tail of DNS a little shorter"
[19:27:09] <ajs> and I think this draft is a good start in that direction, so that it’s bad for some kinds of server use case isn’t a good disqualifier.
[19:27:19] <ajs> “optional” does seem wise
[19:27:29] <Pieter Lexis (PowerDNS)> ajs, this is the case. However, I think the least common denominator is not good enough for any operator
[19:29:21] <Dan York> Andrew Sullivan at mic
[19:30:43] ajs leaves the room
[19:31:13] <Dan York> John Dickinson at mic
[19:31:28] ajs joins the room
[19:33:21] <Dan York> Olafur Gudmundsson at mic
[19:34:00] Dean Ballew leaves the room
[19:34:06] <Dan York> DKG at mic
[19:34:39] Simon Leinen leaves the room
[19:34:44] <Dan York> Christian Huitema at mic
[19:34:44] Simon Leinen joins the room
[19:34:48] Dean Ballew joins the room
[19:34:58] <ajs> didn’t strike me as controversial when we tried to do it either.
[19:35:16] <Vicky> I like the plus / minus syntax. Super clear.
[19:35:40] <Brian Reid> +1
[19:35:46] <Andreas Schulze> yes/no is clearer then "maybe"
[19:36:36] <ray> +1
[19:36:40] <Kal Feher> Keeping the table simple is ideal. there can still be the whys and wherefores elsewhere in the doc
[19:36:40] <Dan York> Brian Dickson at mic
[19:36:51] <Kal Feher> I like the + -
[19:37:53] <Dan York> Daniel Migault at mic
[19:38:07] <Suzanne (co-chair)> I keep forgetting to remind people about names at the mic, sorry
[19:38:15] <Andreas Schulze> deadlines would be more useful then "SHOULD-"
[19:38:36] <ray> (my +1 was to the +/- notation - not “yes / no”)
[19:38:47] <Dan York> Evan Hunt at mic
[19:40:03] tomek joins the room
[19:40:09] <Dan York> Roy Ahrens now up to present about "A New Default"
[19:40:10] liman joins the room
[19:40:18] <Dan York> Slides: https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-algorithm-update-arends-00.pdf
[19:40:21] <Dan York> Slide 1 of 72
[19:40:21] <ray> “Arends”
[19:40:38] <Dan York> Thanks, @ray
[19:40:49] <Dan York> Slide 2 of 72
[19:41:27] Marco Pizzoli joins the room
[19:41:30] <Shane Kerr> Probably we need to encode Lua scripts in TXT records and then a resolver can validate any algorithm...
[19:41:30] <John Woodworth_9868> Dan York/ StephaneBortzmeyer - i have an older bind9 hack but will need to dig it up.  also not sure how well it kept up with changes to the draft
[19:41:42] Shane Kerr is only half joking...
[19:41:56] Sam Weiler_4654 leaves the room
[19:42:02] <Dan York> Roy mentioned RFC6944 - https://tools.ietf.org/html/rfc6944
[19:42:08] Sam Weiler joins the room
[19:42:12] <Pieter Lexis (PowerDNS)> Shane Kerr, I think Bert Hubert has a brnach with that
[19:42:15] <ajs> I think I’ve just sent to the list a suggestion to the effect of what Roy is suggesting.
[19:42:16] <Dan York> Slide 3
[19:42:36] <Shane Kerr> @Pieter - why am I not surprised? :-D
[19:42:36] <Pieter Lexis (PowerDNS)> Shane Kerr, https://gist.github.com/ahupowerdns/1e8bfbba95a277a4fac09cb3654eb2ac
[19:42:58] <ajs> When we produced 6944, the idea was that it would be the thing updated
[19:43:12] <ajs> and the IANA table _would_ be updated: its reference would be updated
[19:43:33] <Dan York> Slide 8 ... and I'm laughing at Roy's "slide numbers"
[19:43:41] <Shane Kerr> @Pieter... That is the coolest thing ever.
[19:44:29] <Pieter Lexis (PowerDNS)> Shane Kerr, I think he also attempted to limit the number of Lua OPCODEs per-query
[19:44:41] <Dan York> Mark Andrews at mic
[19:44:44] <Pieter Lexis (PowerDNS)> you'd need to discuss this with him :)
[19:45:06] Pieter Lexis (PowerDNS) leaves the room: offline
[19:45:09] <Andreas Schulze> clearly: best slides award :-)
[19:45:13] Pieter Lexis (PowerDNS) joins the room
[19:45:38] <Dan York> Mic lines forming
[19:45:55] <Shane Kerr> Managed change? LUA RR!!!
[19:46:28] <Shane Kerr> Old software? Can't change default? LUA RR!!!
[19:46:37] <Dan York> Merike Kaeo at mic
[19:47:07] Pierre PFISTER leaves the room
[19:48:05] <ajs> Roy’s point here, however, is that something is supposed to obsolete 6944 and make the new rules: that’s what an applicability statement needs to do
[19:48:08] <Dan York> Olafur Gudmundsson at mic
[19:48:11] <Pieter Lexis (PowerDNS)> I would like to know more about unchanging defaults
[19:48:18] <ajs> and that’s what the plan was when 6944 was deployed
[19:48:48] <ajs> (Also, we had this fight in 2011-2013 :-/)
[19:48:57] <Dan York> Pieter - "unchanging"?
[19:49:17] <Pieter Lexis (PowerDNS)> unchangable, sorry. This is mostly regarding Mark Andrews statements
[19:49:28] <Pieter Lexis (PowerDNS)> we'll take it offlien
[19:49:44] <Dan York> Paul Wouters at mic
[19:49:46] <Pieter Lexis (PowerDNS)> heh, my typing skills fail me at 10PM :)
[19:49:46] Hugo Salgado joins the room
[19:51:10] <Dan York> Evan Hunt at mic
[19:51:18] <ajs> “MANDATORY TO IMPLEMENT” imagines the IETF Protocol Police to enforce that mandatory rule
[19:51:38] <ajs> we don’t have such people.  I cannot believe I am channelling arguments from Pete Resnick here, but I am.
[19:51:46] <Dan York> :-)
[19:51:53] <ajs> (i.e. Pete was right and I was wrong)
[19:52:02] Pierre PFISTER joins the room
[19:52:12] <Dan York> John Kristoff presenting
[19:52:27] <Dan York> https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-dns-over-tcp-operational-requirements-00.pdf
[19:52:36] <each> I want an "IETF Protocol Police" raid jacket
[19:52:58] <ajs> A _lot_ of people want that jacket
[19:53:02] <ajs> but we’re not making them
[19:53:04] <each> $$$
[19:53:36] SHollenbeck leaves the room
[19:54:03] Pierre PFISTER leaves the room
[19:54:09] <tobias> each: https://www.spreadshirt.com/ ?
[19:55:05] <each> tobias: https://www.customraidjackets.com/
[19:55:30] <Pieter Lexis (PowerDNS)> each, "Your connection is not secure" Error code: SEC_ERROR_EXPIRED_CERTIFICATE
[19:55:31] <tobias> your connection is not secure... ;-)
[19:55:46] <Pieter Lexis (PowerDNS)> more than 2 years expired even
[19:55:59] <Dan York> Ondrej Sury at mic
[19:56:03] <ajs> I believe that Warren actually has a protocol police badge
[19:56:15] <each> yeah, sha-1 cert. safe to ignore if you're not sending them credit card details
[19:56:16] <Dan York> ajs- yes, I've seen Warren pull that badge out
[19:56:31] <Dan York> Geoff Huston at mic
[19:56:45] <Shane Kerr> Clearly the Internet Police haven't gotten to the customraidjackets.com site yet....
[19:56:51] <each> heh.
[19:56:55] <tobias> hrhr
[19:57:07] <ajs> I think the opening passage of this draft is all on its own a reason to adopt it and make it a BCP
[19:57:58] <Dan York> +1 ajs
[19:57:59] <Dan York> Murray Kucherawy at mic
[19:58:39] <Dan York> Paul Ebersman at mic
[19:58:51] <Dan York> Ray Bellis at mic
[19:58:56] koji leaves the room
[19:59:13] mellon leaves the room
[19:59:22] herve.prigent leaves the room
[19:59:39] liman leaves the room
[19:59:39] tomek leaves the room
[19:59:49] ajs leaves the room
[20:00:15] <Dan York> Ray Bellis now quickly presenting https://www.ietf.org/proceedings/98/slides/slides-98-dnsop-xpf-ietf98-00.pdf
[20:00:33] <Suzanne (co-chair)> Again apologies to all for the scheduling fail
[20:00:34] ray leaves the room
[20:01:07] <Brian Reid> Not a scheduling fail. Just standard congestion.
[20:01:37] fneves leaves the room
[20:01:48] <Pieter Lexis (PowerDNS)> mic: in CGNAT and other complicated set ups, a port number might need to be added, but this can be taken to the list
[20:01:51] <tobias> hrm... ietf meeting congestion control protocol? (imccp) anyone?
[20:01:58] keith leaves the room: IETF98 Chicago
[20:02:10] <Dan York> Sara Dickinson at mic
[20:02:21] <Dan York> Pieter - best to take that to the list
[20:02:30] <Pieter Lexis (PowerDNS)> Dan York, ack
[20:02:35] <Dan York> people are leaving the room (and others want to come in for the next session)
[20:02:37] <Suzanne (co-chair)> @brian thanks but There's Got To Be a Better Way….OTOH there's always the mailing list
[20:02:48] Roger Murray leaves the room
[20:02:54] ogud@jabber.org leaves the room
[20:03:02] sara@sinodun.com leaves the room
[20:03:07] <each> tobias: the imccp WG has been scheduled 12 seconds for their meeting
[20:03:08] Meetecho leaves the room
[20:03:08] Vicky leaves the room
[20:03:11] Cedrick Mbeyet leaves the room
[20:03:13] Cedrick Mbeyet joins the room
[20:03:17] <Dan York> And that's it
[20:03:17] Suzanne (co-chair) leaves the room
[20:03:18] Jinmei Tatuya leaves the room
[20:03:19] <Andreas Schulze> @Dan: thanks for relaying
[20:03:23] <Dan York> See you at IETF99
[20:03:25] Francis Dupont leaves the room: Computer went to sleep
[20:03:28] <Dan York> You're welcome
[20:03:29] Richard Franks leaves the room
[20:03:36] Brian Reid leaves the room
[20:03:41] Andreas Schulze leaves the room
[20:03:45] Pieter Lexis (PowerDNS) leaves the room
[20:03:47] Jan Komissar leaves the room
[20:03:47] Juan P. Cerezo leaves the room
[20:03:47] Viktor Dukhovni leaves the room
[20:03:47] Dimitris Papadopoulos leaves the room
[20:03:47] Shane Kerr leaves the room
[20:03:47] Sharon Goldberg leaves the room
[20:03:47] Philip Homburg leaves the room
[20:03:47] Ralph Dolmans leaves the room
[20:03:47] Scott Morizot leaves the room
[20:03:47] Marco Pizzoli leaves the room
[20:03:47] Sam Weiler leaves the room
[20:03:47] avri doria leaves the room
[20:03:47] Ralph Dolmans_6345 leaves the room
[20:03:47] Wouter Wijngaards leaves the room
[20:03:47] Dennis Kort leaves the room
[20:03:47] Pieter Lexis leaves the room
[20:03:47] Wendy Seltzer leaves the room
[20:03:47] Kal Feher leaves the room
[20:03:47] Dean Ballew leaves the room
[20:03:47] Roger Carney leaves the room
[20:03:47] Dimitris Papadopoulos_3095 leaves the room
[20:03:47] Simon Leinen leaves the room
[20:03:47] Okke Timm leaves the room
[20:03:47] John Woodworth_9868 leaves the room
[20:03:47] Lorenzo Miniero leaves the room
[20:03:47] Simon Pietro Romano leaves the room
[20:03:47] Edward Lewis leaves the room
[20:03:47] Daniel Stirnimann leaves the room
[20:03:47] Antoin Verschuren leaves the room
[20:03:47] Alex K leaves the room
[20:05:16] Benno Overeinder leaves the room
[20:08:59] tobias leaves the room: Replaced by new connection
[20:09:00] tobias joins the room
[20:09:32] ray joins the room
[20:09:44] Hugo Salgado leaves the room
[20:10:51] Yoshiro joins the room
[20:11:01] Yoshiro leaves the room
[20:11:14] Yoshiro leaves the room
[20:14:05] Weiler leaves the room
[20:17:13] Roger Murray joins the room
[20:19:00] Weiler joins the room
[20:19:37] Cedrick Mbeyet leaves the room
[20:19:47] Jinmei Tatuya joins the room
[20:20:18] Weiler leaves the room
[20:21:08] Pierre PFISTER joins the room
[20:21:28] Dan York leaves the room
[20:22:54] Jinmei Tatuya leaves the room: Replaced by new connection
[20:24:35] ajs joins the room
[20:24:41] ajs leaves the room
[20:24:53] each leaves the room
[20:25:14] Suzanne (co-chair) joins the room
[20:25:43] Suzanne (co-chair) leaves the room
[20:28:35] danyork leaves the room
[20:28:41] sara@sinodun.com joins the room
[20:30:51] Cedrick Mbeyet joins the room
[20:32:35] Pierre PFISTER leaves the room
[20:33:22] ray leaves the room
[20:33:53] Pierre PFISTER joins the room
[20:34:24] herve.prigent joins the room
[20:34:54] Vicky joins the room
[20:36:21] Cedrick Mbeyet leaves the room
[20:36:22] Pierre PFISTER leaves the room
[20:37:46] tobias leaves the room
[20:37:46] herve.prigent leaves the room
[20:38:48] Dan York joins the room
[20:38:53] Dan York leaves the room
[20:40:33] Roger Murray leaves the room
[20:46:32] ogud@jabber.org joins the room
[20:55:26] tomek joins the room
[21:00:54] ray joins the room
[21:01:19] ray leaves the room
[21:01:43] liman joins the room
[21:11:55] liman leaves the room: Replaced by new connection
[21:12:05] liman joins the room
[21:18:01] ogud@jabber.org leaves the room
[21:18:36] tomek leaves the room
[21:19:57] tomek joins the room
[21:24:18] tomek leaves the room: Replaced by new connection
[21:24:25] tomek joins the room
[21:36:37] jaap leaves the room
[21:38:03] Vicky leaves the room
[21:38:37] tomek leaves the room
[21:38:45] sara@sinodun.com leaves the room
[21:48:04] each joins the room
[21:53:24] jaap joins the room
[22:02:24] liman leaves the room
[22:09:26] keith joins the room
[22:09:32] jaap leaves the room
[22:09:33] keith leaves the room
[22:16:17] tomek joins the room
[22:26:29] each leaves the room
[22:32:57] each joins the room
[22:38:01] each leaves the room
[22:53:02] tomek leaves the room
[22:53:16] tomek joins the room
[22:53:24] tomek leaves the room
[23:37:26] tomek joins the room

Powered by ejabberd - robust, scalable and extensible XMPP server