dnsop - Tuesday, March 20, 2018

dnsop

dnsop@jabber.ietf.org

Tuesday, March 20, 2018< ^ >

Hugo Salgado has set the subject to: IETF 100 DNSOP

Room Configuration

Room Occupants

GMT+0
[08:45:58] Peter van Dijk (PowerDNS) joins the room
[09:27:54] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[09:38:53] Peter van Dijk (PowerDNS) joins the room
[09:58:57] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[10:54:11] Peter van Dijk (PowerDNS) joins the room
[10:56:13] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[11:12:54] Peter van Dijk (PowerDNS) joins the room
[11:20:15] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[11:28:33] Peter van Dijk (PowerDNS) joins the room
[11:54:08] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[13:33:56] Peter van Dijk (PowerDNS) joins the room
[14:13:10] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[14:15:10] Peter van Dijk (PowerDNS) joins the room
[14:17:35] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[14:19:08] Peter van Dijk (PowerDNS) joins the room
[14:23:06] Peter van Dijk (PowerDNS) leaves the room: Stream closed by us: Replaced by new connection (conflict)
[14:23:09] Peter van Dijk (PowerDNS) joins the room
[14:33:58] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[14:37:02] Peter van Dijk (PowerDNS) joins the room
[14:40:46] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[15:08:37] Pieter Lexis (PowerDNS) joins the room
[15:30:31] Peter van Dijk (PowerDNS) joins the room
[15:30:54] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[15:42:07] Cb5ZFivc joins the room
[15:43:14] Suzanne (co-chair) joins the room
[15:45:08] Pieter Lexis joins the room
[15:45:08] Wouter Wijngaards joins the room
[15:45:10] Jasminko Mulahusic joins the room
[15:45:11] Matt Larson joins the room
[15:45:11] Nathalie Coupet joins the room
[15:45:12] Rolf Sommerhalder joins the room
[15:45:12] Mark ANDREWS joins the room
[15:45:47] meetecho joins the room
[15:46:58] Joe Abley joins the room
[15:47:28] Joe Abley has set the subject to: IETF 101 DNSOP
[15:48:10] Ralph Dolmans joins the room
[15:48:36] danyork joins the room
[15:48:58] Yoshiro Yoneya joins the room
[15:49:15] Dave Crocker joins the room
[15:50:00] John Border joins the room
[15:50:16] Peter van Dijk (PowerDNS) joins the room
[15:50:54] MHL joins the room
[15:51:01] Kal Feher joins the room
[15:51:29] MHL leaves the room
[15:52:10] paulwouters joins the room
[15:53:25] AndrewS joins the room
[15:53:40] MHL joins the room
[15:53:57] <Joe Abley> the audio in this room is weirdly polyphonic
[15:54:16] John Levine joins the room
[15:54:21] fneves joins the room
[15:54:41] Scott Rose joins the room
[15:54:46] <John Levine> it it is is indeed deed deed deed
[15:54:48] <Suzanne (co-chair)> the audio in here is weird, yes
[15:54:57] MHL leaves the room
[15:55:09] <Matt Larson> Remote audio fine from my perspective
[15:55:22] ditto
[15:55:34] <Suzanne (co-chair)> yay….it's a big room and echo-y
[15:55:45] Edward Lewis joins the room
[15:57:32] Robert Story joins the room
[15:58:05] Naveen Lakshman joins the room
[15:58:10] Benno Overeinder joins the room
[15:59:17] Witold Krecicki joins the room
[15:59:45] john joins the room
[16:00:07] SHollenbeck joins the room
[16:00:31] DavidSchinazi joins the room
[16:04:51] fneves leaves the room
[16:05:12] liman joins the room
[16:05:19] john woodworth joins the room
[16:05:56] <liman> @jabley: it's only in the first row. The speakers are right above us, aimed towards the back.
[16:09:55] John Klensin joins the room
[16:10:00] SHollenbeck leaves the room
[16:10:12] SHollenbeck joins the room
[16:11:38] fanf joins the room
[16:12:33] Brian Haberman joins the room
[16:15:01] Benno Overeinder leaves the room: Disconnected: closed
[16:15:06] Jasminko Mulahusic leaves the room
[16:15:41] <AndrewS> Ship it.
[16:16:05] Benno Overeinder joins the room
[16:16:07] <Matt Larson> +1 to ship it
[16:16:21] <fanf> i deployed it years ago :-)
[16:17:09] fenton joins the room
[16:21:50] <meetecho> Anyone in the room that can let us know if the confidence monitors for the speakers are working and displaying the slides properly?
[16:22:24] <Peter van Dijk (PowerDNS)> i recall Tim mentioning at the start that a turn it off and on worked, but i'm not 100% certain
[16:22:47] <Suzanne (co-chair)> there's one and it seems fine to me (from the front desk)
[16:23:00] Simon Pietro Romano joins the room
[16:23:15] <meetecho> Got it, thx! Asked as we noticed the speaker looking at the slides a lot, and so assumed they might be off
[16:23:50] <John Klensin> @Meetecho: Seem to be. Fine as far as I can tell. Whoever decided that white type on gradient black/gray was a good idea should try reading remotely, but that isn't your fault.
[16:24:01] Pieter Lexis leaves the room
[16:24:04] <meetecho> John Klensin: :D
[16:24:48] Pieter Lexis joins the room
[16:25:10] <AndrewS> I don't see how this can be thrashed out at the mic. The remainder needs attention on list
[16:25:11] John Border leaves the room
[16:25:15] Benno Overeinder leaves the room: Disconnected: closed
[16:26:12] <Suzanne (co-chair)> @andrew apparently the room agrees :) wfm
[16:28:25] <AndrewS> BTW, this document being up reminds me that I offered to do that [a-z][a-z]-- registry draft just in case I got 5 reviewers. I got 2, so I am not planning to do it.
[16:28:41] Olafur joins the room
[16:30:07] <Matt Larson> I would be happy to talk about the root KSK roll now...
[16:30:10] <AndrewS> Or maybe 3. But still not enough to mean I actually think I'll have enough review to make the work worth doing :)
[16:30:30] <Joe Abley> I'm going to talk obliquely about one aspect of the ksk roll in a little while...
[16:30:43] <Joe Abley> https://datatracker.ietf.org/meeting/101/materials/slides-101-dnsop-sessa-bootstrap-validator-00
[16:30:49] <fanf> the discussion on the list made me think people preferred to avoid a -- registry
[16:31:06] Benno Overeinder joins the room
[16:36:13] Weiler joins the room
[16:37:16] Benno Overeinder leaves the room: Disconnected: closed
[16:39:37] paulwouters leaves the room
[16:42:14] <fanf> +1 for what Benno said
[16:43:06] <Peter van Dijk (PowerDNS)> evan was fearing 'split, then drop resolver'. That was actually my initial suggestion that let to this question here ;)
[16:43:12] <Peter van Dijk (PowerDNS)> *led
[16:43:37] <Weiler> we could signal DNSSEC 3.0
[16:43:44] Joe Abley leaves the room
[16:43:55] <fanf> +1 for what JL and evan are saying - that’s basically what i suggested in my comments
[16:49:13] <Matt Larson> (cringing)
[16:49:24] fneves joins the room
[16:49:25] <Matt Larson> (now crying)
[16:49:29] sara@sinodun.com joins the room
[16:49:45] <danyork> :-)
[16:49:45] <danyork> :-)
[16:49:51] <Suzanne (co-chair)> I love our remote participation tools, it's almost like Matt were here.
[16:50:24] <Matt Larson> Please read ICANN's plan to restart the root KSK roll and make a public comment: https://www.icann.org/public-comments/ksk-rollover-restart-2018-02-01-en
[16:52:53] <danyork> Wes Hardaker at mic
[16:53:16] <danyork> Paul Wouters at mic
[16:53:25] <Weiler> I don't see MSJ cringing. much.
[16:53:43] fenton leaves the room
[16:53:52] <danyork> Olafur G at mic
[16:54:03] <danyork> David Conrad at mic
[16:54:13] <danyork> Geoff Huston at mic
[16:54:44] <danyork> MSJ at mic
[16:54:58] fenton joins the room
[16:55:18] fenton leaves the room
[16:56:01] <Matt Larson> It's manual configuration all the way down
[16:56:21] <Peter van Dijk (PowerDNS)> just trust the linux distributions
[16:58:36] <danyork> Andrew Sullivan was at the mic
[16:58:39] <danyork> Roland at the mic
[16:58:56] sandoche@xmpp.jp joins the room
[16:58:58] <Matt Larson> I suggest everyone trust this: http://www.ask-mrdns.com/misc/root-key-attestation.asc
[16:59:17] <Peter van Dijk (PowerDNS)> http
[16:59:19] <Peter van Dijk (PowerDNS)> what year is it ;)
[16:59:21] <danyork> (Roland is holding up a t-shirt with the key on it)
[16:59:33] <Matt Larson> To de-snarkify that comment, I am agreeing with the "trust multiple sources" approach.
[16:59:56] fneves leaves the room
[16:59:57] <danyork> Willem Toorop at mic
[17:01:10] <danyork> Wes Hardaker at mic
[17:02:53] <fanf> regarding the multiple sources idea, i wrote up a suggestion based on that principle in 2014 - https://www.ietf.org/mail-archive/web/dnsop/current/msg11093.html - that draft was way too complicated and i have ideas for simplifying it
[17:03:35] <danyork> George M at mic
[17:04:56] <AndrewS> That draft even at the time put me in mind of https://tools.ietf.org/html/draft-laurie-dnssec-key-distribution-02, which lost out to what became 5011.
[17:06:41] <fanf> thanks i should have a (another?) look at that
[17:07:53] Willem Toorop joins the room
[17:08:37] Joe Abley joins the room
[17:09:42] Naveen Lakshman leaves the room
[17:11:25] <Matt Larson> What was the comment in the room?
[17:11:31] <Willem Toorop> Here is the link to the Zero configuration DNSSEC, from the getdns library that does DNSSEC trust anchor management for user-space applications: https://getdnsapi.net/releases/getdns-1-2-0/ (scroll down a bit for the general idea)
[17:12:19] <Suzanne (co-chair)> Off-mike people are just goofing about Bert's comments on the size of the DNS standard
[17:12:23] <danyork> Bert is talking about this slide deck: https://datatracker.ietf.org/meeting/101/materials/slides-101-dnsop-sessa-the-dns-camel-01
[17:12:58] <danyork> 185 RFCs
2781 pages
/ 166891 lines
888233 words
[17:15:27] <AndrewS> But this isn't news. We re-chartered DNSEXT and failed to get the RFC list down to something manageable for these very reasons in the past.
[17:15:41] <Joe Abley> replace DNS!
[17:15:50] <AndrewS> +1
[17:16:00] <Edward Lewis> Again with the replacement calls...
[17:16:07] <Suzanne (co-chair)> this time for sure!
[17:16:14] <Edward Lewis> Heard that before...
[17:16:44] <fanf> i am reminded of http://web.archive.org/web/20101016180043/http://download.nominet.org.uk/rfcdeps/svg/dnsproto.svg by ray bellis
[17:17:03] <AndrewS> I wonder what the complexity axis is measuring
[17:17:25] <Peter van Dijk (PowerDNS)> @fanf also https://emaillab.jp/wp/wp-content/uploads/2017/11/RFC-DNS.pdf
[17:17:26] <Matt Larson> @Andrew: implementor terror
[17:17:58] <Suzanne (co-chair)> hours of sleep per night during implementation phase
[17:18:42] <Edward Lewis> The original quality and security wasn't high (pre Clarifications on the DNS {2181})
[17:22:06] <Peter van Dijk (PowerDNS)> he means 5011
[17:23:28] <Weiler> @Matt: I was saying that 2000-some pages is about half the size of WebRTC. As Suz said, just taunting Bert.
[17:27:48] Narayanaswamy Baluswamy joins the room
[17:29:49] Narayanaswamy Baluswamy leaves the room
[17:30:03] <AndrewS> I am dubious that most -- maybe any -- of these were unexpected
[17:30:12] <AndrewS> we discussed the 0 cache hit rates, for instance, at length
[17:31:36] SHollenbeck leaves the room: Disconnected: closed
[17:31:50] <Joe Abley> I don't think the point is whether any of these individual reasons for complexity were unexpected. it's drawing attention to the aggregate cost of all the expected-but-manageable things that together have led to an unpleasantly rich and pungent soup.
[17:31:52] There is also no policing of implementations for compliance.
[17:32:36] <AndrewS> I agree with that pungent soup issue.
[17:32:47] <AndrewS> I mean, there were many reasons why I thought DNSEXT needed to stop
[17:35:45] <John Klensin> MIC: There is actually another issue with returning two record types for a single query (like A and AAAA) -- see the discussion of the original mail pair in RFC 8324 (more due to Craig Partridge than to me).
[17:36:07] <fanf> I use DNAME!!!
[17:36:16] <Matt Larson> @Tony: Not for long!
[17:36:27] John Levine leaves the room
[17:36:27] Joe Abley leaves the room
[17:36:52] Joe Abley joins the room
[17:37:20] <fanf> I should resurrect this https://tools.ietf.org/html/draft-fanf-dnsop-rfc2317bis then DNAME will be BCP :-)
[17:37:43] <Weiler> @Andrew but I'm thinking that we still need a dnsdispatch
[17:38:10] <Weiler> … with very sharp swords
[17:38:22] <Suzanne (co-chair)> @john, saw your comment for the MIC, I'll fit it in
[17:38:56] <Brian Haberman> @Weiler: trap doors work well.
[17:38:59] <John Klensin> @Suz: thanks
[17:39:21] <Kal Feher> agree that more info documents might help. but will implementers really read 20 years of history alongside all those lines of standards?
[17:39:24] <Weiler> @Brian: Jabba the Hutt's palace?
[17:39:37] <Brian Haberman> @Weiler: Sure.
[17:47:07] Weiler wonders if SRA has any words about the effort involved in refactoring the specs of the DNS (from 4033-5)
[17:48:05] <Matt Larson> I am not SRA but I am a co-author of 4033/4034/4035. It was a lot of work, and we were only reconciling the DNSSEC RFCs.
[17:48:07] <John Klensin> MIC: Given 8324 (and the large number of things I learned from it) and what I've learned from this presentation, I think the call to action might be: (1) Maybe we don't add more features until we have a consolidated document (2) we start treating every new feature proposal as if it had real costs and risks, both now and in terms of what it might prevent doing in the future, and really raise the requirement for justification of new ideas... well past "near" and "we could" and "someone wants it"
[17:52:47] <fanf> namecoin
[17:52:48] <Brian Haberman> Despite it being a joke, I actually know someone who is working on Blockchain-based naming. :(
[17:52:56] <Suzanne (co-chair)> @brian more than one
[17:53:16] <Peter van Dijk (PowerDNS)> i get confused emails about naming on the blockchain at least monthly
[17:53:40] <AndrewS> @John Ok, but who's the _we_? The various Stupid DNS Tricks(tm) that people do happened the way they did because the DNS Lords said "no". So everyone did it in their own way and now we have things like ANAME as proposals
[17:54:48] <AndrewS> There are several different "blockchain naming" proposals floating around, all solving the problem that trademarks exist in the world rather than solving the problems of naming and providing useful identifiers at Internet scale.
[17:55:30] Robert Story leaves the room
[17:55:42] Geoffrey Huston joins the room
[17:56:04] <danyork> @andrewS - yes, I've been seeing some of those "blockchain naming" proposals... but so far I've not seen any that can scale to the levels needed.
[17:56:04] <Joe Abley> there's a different between using distributed public ledgers to manage the namespace itself and the mechanism used to retrieve data using keys from that namespace
[17:56:05] <fanf> (aname exists because cname was fixed the wrong way between 883 and 1035)
[17:56:27] John Levine joins the room
[17:57:53] <John Klensin> @Andrew: I may be too optimistic, but I believe that, as the complexity level continues to rise, implementations may gradually converge on what actually works and interoperates. I hope the IETF can specify that base. If we cannot, then we should think about whether this WG and similar efforts are irrelevant because the actual DNS is going to evolve fractally (or like a pox). On the other hand, I still don't think emoji in labels are plausible, so maybe I just don't get it.
[17:58:06] <AndrewS> The proposals for the large-scale working-through of the DNS RFCs is literally the rocky shore the DNSEXT WG failed on. The solution we came up with was "funding": someone needs to pay someone to do it
[17:58:41] <AndrewS> A large-scale editorial job is needed. We were unable to find anyone willing to donate that money/time at that time, but it's a long time ago. Maybe someone wants to now
[17:59:47] Paolo Saviano joins the room
[18:00:10] <John Klensin> MIC: The ability to make a new feature work may be a necessary condition to its being a good idea, but it is not a sufficient one. I think that is close to the key point Bert and I have tried to make.
[18:03:33] Google needs to implement EDNS
[18:03:39] not half of EDNS
[18:04:14] Benno Overeinder joins the room
[18:07:26] @mic BIND sends responses that break these servers.
[18:08:38] <Suzanne (co-chair)> Thanks Mark, Brian H will read yours too, we closed the mic line in the room with him though
[18:08:47] Geoffrey Huston leaves the room
[18:09:39] The biggest problem is bad implementations.
[18:09:55] Willem Toorop leaves the room: Disconnected: closed
[18:10:26] <danyork> Peter Koch at mi
[18:10:26] <danyork> c
[18:10:33] <Olafur > My summary: we need DNS WG's that have the backbone to say "go away bad idea "
[18:10:48] <Olafur > when the bad ideas show up
[18:11:41] <AndrewS> The problem is deciding whose idea is bad, though. Most of the ideas are not actually bad, but of limited application
[18:11:48] <Suzanne (co-chair)> @olafur that's originally what happened with refuse-any, and people did it anyway. ;-)
[18:11:59] <danyork> I am reminded of RFC 5411 ... the Hitchhiker's Guide to SIP ... an RFC simply listing out all the various other RFCs that make up what is defined as "SIP"
[18:12:01] <Peter van Dijk (PowerDNS)> @Suzanne i was biting my tongue for that one!
[18:12:01] <danyork> https://tools.ietf.org/html/rfc5411
[18:12:20] <Weiler> so, given all this, what do we do with aname, specifically? (And should I refuse Tim's arm-twisting to help with the doc?)
[18:13:57] Brian Haberman leaves the room
[18:14:28] <AndrewS> Also, we _tried_ to do what Tim just suggested, and it didn't work
[18:14:32] DavidSchinazi leaves the room: Stream reset by peer
[18:14:37] Peter van Dijk (PowerDNS) leaves the room: Stream reset by peer
[18:14:43] Weiler leaves the room
[18:14:58] <fanf> maybe this discussion says we should follow evan’s alternative track of an auth-only aname without the resolver complexity
[18:14:59] <liman> The problem with just saying "no" to bad ideas, is that folks with limited insights in DNS then go away and make it work for them anyhow - in the most horrible ways. SPF in TXT records come to mind …
[18:15:00] danyork leaves the room: Disconnected: closed
[18:15:06] Joe Abley leaves the room
[18:15:18] AndrewS leaves the room
[18:15:24] fanf leaves the room
[18:15:25] sara@sinodun.com leaves the room
[18:15:30] Benno Overeinder leaves the room: Disconnected: closed
[18:15:32] john leaves the room: Stream reset by peer
[18:15:38] Olafur leaves the room
[18:15:42] Kal Feher leaves the room
[18:15:49] meetecho leaves the room
[18:15:53] sandoche@xmpp.jp leaves the room: Stream reset by peer
[18:15:58] john woodworth leaves the room
[18:15:58] Scott Rose leaves the room
[18:15:58] Paolo Saviano leaves the room
[18:15:58] John Levine leaves the room
[18:15:58] Edward Lewis leaves the room
[18:15:58] John Klensin leaves the room
[18:15:58] Wouter Wijngaards leaves the room
[18:15:58] Dave Crocker leaves the room
[18:15:58] Mark ANDREWS leaves the room
[18:15:58] Witold Krecicki leaves the room
[18:15:58] Ralph Dolmans leaves the room
[18:15:58] Matt Larson leaves the room
[18:15:58] Pieter Lexis leaves the room
[18:15:58] Simon Pietro Romano leaves the room
[18:15:58] Nathalie Coupet leaves the room
[18:15:58] Rolf Sommerhalder leaves the room
[18:16:08] Suzanne (co-chair) leaves the room
[18:16:12] Pieter Lexis (PowerDNS) leaves the room
[18:17:56] liman leaves the room
[18:23:33] Benno Overeinder joins the room
[18:26:03] Benno Overeinder leaves the room: Disconnected: closed
[18:27:08] Yoshiro Yoneya leaves the room
[18:27:11] SHollenbeck joins the room
[18:27:15] SHollenbeck leaves the room
[18:27:47] Weiler joins the room
[18:33:32] Weiler leaves the room
[18:44:19] sara@sinodun.com joins the room
[18:45:37] sara@sinodun.com leaves the room
[20:22:58] paulwouters joins the room
[20:23:38] paulwouters leaves the room
[21:48:42] liman joins the room
[22:07:29] Yoshiro Yoneya joins the room
[22:08:35] liman leaves the room
[22:11:03] Yoshiro Yoneya joins the room
[22:21:41] Yoshiro Yoneya leaves the room
[22:28:41] Yoshiro Yoneya joins the room
[22:32:39] liman joins the room
[22:32:45] liman leaves the room
[22:40:10] Yoshiro Yoneya leaves the room
[23:03:49] fanf joins the room
[23:12:29] sandoche@xmpp.jp joins the room
[23:31:28] Benno Overeinder joins the room
[23:32:47] Benno Overeinder leaves the room
[23:37:38] Olafur joins the room

Powered by ejabberd - robust, scalable and extensible XMPP server