dnsop - Thursday, March 11, 2021

dnsop

dnsop@jabber.ietf.org

Thursday, March 11, 2021< ^ >

MarcoSIDN@Home has set the subject to: DNSOP at IETF 109

Room Configuration

Room Occupants

GMT+0
[04:58:53] tale leaves the room
[11:51:54] tale joins the room
[14:04:11] Yoshiro Yoneya joins the room
[14:13:20] hugo-salgado joins the room
[14:17:27] Meetecho joins the room
[14:20:03] Yoshiro Yoneya_web_577 joins the room
[14:20:03] Paolo Saviano_web_655 joins the room
[14:20:03] सचिन गर्ग_web_289 joins the room
[14:20:03] Cullen Jennings_web_785 joins the room
[14:20:03] Yuji Koyama_web_573 joins the room
[14:20:03] Daniel Migault_web_420 joins the room
[14:20:03] Mike Kosek_web_199 joins the room
[14:20:03] Willem Toorop_web_743 joins the room
[14:20:03] Takeshi Kusaba_web_621 joins the room
[14:20:03] Suzanne Woolf_web_578 joins the room
[14:20:03] Robert Story_web_644 joins the room
[14:20:03] Gijs Beernink_web_974 joins the room
[14:20:03] Tim Wicinski_web_568 joins the room
[14:20:03] Zaid AlBanna_web_204 joins the room
[14:20:03] Kazunori Fujiwara_web_569 joins the room
[14:20:33] Benno Overeinder_web_407 joins the room
[14:21:01] Eric Kinnear_web_308 joins the room
[14:21:39] Paul Hoffman_web_181 joins the room
[14:21:51] Ulrich Wisser_web_267 joins the room
[14:22:11] Paul Wouters_web_719 joins the room
[14:22:19] Akira Kato_web_436 joins the room
[14:22:20] Mike Kosek_web_199 leaves the room
[14:22:23] Mike Kosek_web_206 joins the room
[14:22:49] George Michaelson_web_423 joins the room
[14:23:21] <George Michaelson_web_423> Can somebody whistle muzak?
[14:23:22] Murray Kucherawy_web_849 joins the room
[14:23:26] Paul Wouters_web_719 leaves the room
[14:23:38] <George Michaelson_web_423> Ahhhhh IETF muzak
[14:23:41] Jonathan Reed_web_317 joins the room
[14:23:49] <George Michaelson_web_423> Its "rap" but .. less rythmic
[14:23:53] Christian Elmerot_web_303 joins the room
[14:24:26] Vincent Levigneron_web_645 joins the room
[14:24:27] Takashi Tomine_web_411 joins the room
[14:24:32] Wes Hardaker_web_318 joins the room
[14:24:33] David Lawrence_web_306 joins the room
[14:24:34] Libor Peltan_web_314 joins the room
[14:24:38] HidekiSato_web_979 joins the room
[14:24:41] Kim Davies_web_328 joins the room
[14:24:50] Meetecho leaves the room
[14:25:29] PE_web_323 joins the room
[14:26:07] Joao Damas_web_168 joins the room
[14:26:19] Sergey Fomin_web_424 joins the room
[14:26:20] Yoshitaka Aharen_web_851 joins the room
[14:26:31] Eric Orth_web_764 joins the room
[14:26:38] Hugo Kobayashi_web_601 joins the room
[14:26:45] Warren Kumari_web_974 joins the room
[14:26:50] Benno Overeinder_web_407 leaves the room
[14:26:56] Benno Overeinder_web_716 joins the room
[14:27:11] Meetecho joins the room
[14:27:17] Stuart Cheshire_web_335 joins the room
[14:27:21] Donald Eastlake_web_670 joins the room
[14:27:25] Michael Breuer_web_250 joins the room
[14:27:41] Samuel Weiler_web_589 joins the room
[14:27:49] Sara Dickinson_web_750 joins the room
[14:27:57] Mike Bishop_web_418 joins the room
[14:28:03] dee3@hot-chilli.net joins the room
[14:28:13] Scott Hollenbeck_web_130 joins the room
[14:28:22] Peter Thomassen_web_897 joins the room
[14:28:24] Jiankang Yao_web_582 joins the room
[14:28:24] Wes Hardaker_web_318 leaves the room
[14:28:25] Shu-Fang Hsu_web_899 joins the room
[14:28:29] Wes Hardaker_web_754 joins the room
[14:28:30] Tim Wicinski_web_568 leaves the room
[14:28:36] Ralf Weber_web_940 joins the room
[14:28:36] Tim Wicinski_web_353 joins the room
[14:28:39] Sergey Myasoedov_web_724 joins the room
[14:28:39] Nicklas Pousette_web_324 joins the room
[14:28:40] Benjamin Schwartz_web_835 joins the room
[14:28:40] Benno Overeinder joins the room
[14:28:41] Shinta Sato_web_522 joins the room
[14:28:42] Mike Bishop_web_418 leaves the room
[14:28:47] Mike Bishop_web_510 joins the room
[14:28:48] Jiri Novotny_web_895 joins the room
[14:28:50] Jan Včelák_web_461 joins the room
[14:28:54] alex_web_664 joins the room
[14:28:55] Chris Box_web_504 joins the room
[14:29:05] Marco Davids_web_554 joins the room
[14:29:08] Benno Overeinder has set the subject to: DNSOP at IETF 110
[14:29:13] Takahiro Nemoto_web_279 joins the room
[14:29:17] Shumon Huque_web_645 joins the room
[14:29:19] Naoki Hanai_web_783 joins the room
[14:29:20] <Warren Kumari_web_974> I thought that the IETF Muzak was the sound of a thousand people humming, but none actually knowing what the hum is about...?
[14:29:21] Francisco Arias_web_252 joins the room
[14:29:23] Ladislav Lhotka_web_437 joins the room
[14:29:27] Dan McArdle_web_246 joins the room
[14:29:42] <zulipbot> (Puneet Sood) Test
[14:29:47] Shinta Sato_web_522 leaves the room
[14:29:53] Jim Reid_web_605 joins the room
[14:29:54] Michael Gibbs_web_158 joins the room
[14:29:56] Roy Arends_web_378 joins the room
[14:30:03] Yoshitaka Aharen_web_851 leaves the room
[14:30:05] <Warren Kumari_web_974> @Puneet: Worked.
[14:30:06] Yoshitaka Aharen_web_522 joins the room
[14:30:07] Peter van Dijk_web_471 joins the room
[14:30:08] Joey Salazar_web_831 joins the room
[14:30:09] Andrew Campling_web_897 joins the room
[14:30:10] John Woodworth_web_186 joins the room
[14:30:20] Vincent Levigneron_web_645 leaves the room
[14:30:23] Vincent Levigneron_web_737 joins the room
[14:30:25] Vincent Levigneron_web_737 leaves the room
[14:30:33] Pallavi Aras_web_735 joins the room
[14:30:33] Andreas Pantelopoulos_web_703 joins the room
[14:30:43] Vincent Levigneron_web_641 joins the room
[14:30:44] Burt Kaliski_web_747 joins the room
[14:30:48] Nicklas Pousette_web_324 leaves the room
[14:30:59] Jody Kolker_web_636 joins the room
[14:31:00] Nicklas Pousette_web_182 joins the room
[14:31:02] <Jim Reid_web_605> Sun? What's that?
[14:31:05] James Galvin_web_909 joins the room
[14:31:07] Vittorio Bertola_web_986 joins the room
[14:31:13] Hugo Salgado_web_853 joins the room
[14:31:14] Alexander Mayrhofer_web_934 joins the room
[14:31:15] Nicklas Pousette_web_182 leaves the room
[14:31:21] Hiromu Shiozawa_web_415 joins the room
[14:31:22] Ash Wilson_web_430 joins the room
[14:31:28] <Wes Hardaker_web_754> I can play crappy guitar at the start of the second one!  ha ha
[14:31:29] Puneet Sood_web_113 joins the room
[14:31:30] Brian Dickson_web_855 joins the room
[14:31:36] Gustavo Lozano_web_197 joins the room
[14:31:43] Joseph K_web_650 joins the room
[14:31:46] James Galvin_web_909 leaves the room
[14:31:47] Tommy Jensen_web_518 joins the room
[14:31:48] Nicklas Pousette_web_757 joins the room
[14:31:48] Brett Carr_web_553 joins the room
[14:31:52] James Galvin_web_153 joins the room
[14:31:53] Antoin Verschuren_web_133 joins the room
[14:31:55] Jiankang Yao_web_582 leaves the room
[14:31:59] Jeff Osborn_web_575 joins the room
[14:32:03] Peter Koch_web_918 joins the room
[14:32:04] Jiankang Yao_web_806 joins the room
[14:32:14] James Gould_web_541 joins the room
[14:32:19] Victor Kuarsingh_web_608 joins the room
[14:32:25] Guillermo Cicileo_web_943 joins the room
[14:32:36] Ted Lemon_web_742 joins the room
[14:32:45] Vladimír Čunát_web_654 joins the room
[14:32:46] Ray Bellis_web_667 joins the room
[14:32:49] Joseph K_web_650 leaves the room
[14:32:52] Joseph K_web_136 joins the room
[14:32:53] Joel Jaeggli_web_605 joins the room
[14:33:01] Anders Kölligan_web_624 joins the room
[14:33:20] Stan Srednyak_web_841 joins the room
[14:33:28] Peter Feil_web_365 joins the room
[14:33:33] Shinta Sato_web_751 joins the room
[14:33:37] Ted Lemon_web_742 leaves the room
[14:33:41] Ted Lemon_web_404 joins the room
[14:33:48] Ash Wilson joins the room
[14:34:10] Geng-Da Tsai_web_288 joins the room
[14:34:12] Jiankang Yao_web_806 leaves the room
[14:34:12] David Lawrence_web_306 leaves the room
[14:34:18] David Lawrence_web_669 joins the room
[14:34:20] Jiankang Yao_web_718 joins the room
[14:34:32] <Peter van Dijk_web_471> whatever text is below 'dnsop-nsec-ttl' is cropped off the screen here
[14:34:47] John Levine_web_349 joins the room
[14:35:02] <Jonathan Reed_web_317> I'm also seeing cropping, yeah
[14:35:09] Ben Schwartz joins the room
[14:35:16] Tom Hill_web_256 joins the room
[14:35:21] Andrew Campling_web_897 leaves the room
[14:35:23] Matthew Pounsett_web_899 joins the room
[14:35:24] Andrew Campling_web_747 joins the room
[14:35:29] Robert Story_web_644 leaves the room
[14:35:33] Robert Story_web_736 joins the room
[14:35:40] Erik Nygren_web_157 joins the room
[14:35:50] Fred Baker_web_336 joins the room
[14:35:59] <Peter van Dijk_web_471> better!
[14:36:07] Matt Green_web_659 joins the room
[14:36:42] James Gould_web_541 leaves the room
[14:36:43] Naoki Hanai_web_783 leaves the room
[14:36:48] James Gould_web_789 joins the room
[14:36:49] Naoki Hanai_web_636 joins the room
[14:36:54] Patrick Tarpey_web_269 joins the room
[14:36:58] Joel Jaeggli_web_605 leaves the room
[14:37:04] Joel Jaeggli_web_923 joins the room
[14:37:16] <Shumon Huque_web_645> ns-revalidation has a few outstanding comments to be addressed in the queue. This was also decelerated a bit by the departure of Ralph Dolmans. But we'll have an updated version soon.
[14:37:59] lundstrom.jerry joins the room
[14:38:05] Francisco Arias_web_252 leaves the room
[14:38:08] <Paul Hoffman_web_181> Showing up means different things these days...
[14:38:10] Francisco Arias_web_705 joins the room
[14:40:09] Jyrki Soini_web_682 joins the room
[14:40:41] <Warren Kumari_web_974> Link to IAB Liaison: https://datatracker.ietf.org/liaison/1720/
[14:40:59] Matthew Quick_web_336 joins the room
[14:41:31] <Tim Wicinski_web_353> Peter, the text was left was "tim needs to do his job"
[14:41:37] <Suzanne Woolf_web_578> @meetecho will the room stay open between the DNSOP sessions? We're back to back this session and the next
[14:41:43] <Peter van Dijk_web_471> Tim, I noticed :D thanks
[14:42:02] Petr Špaček_web_861 joins the room
[14:42:13] <Meetecho> Suzanne: no, it's a different room so you'll have to leave this one and join the other, I'm afraid
[14:42:34] Vicky Risk_web_950 joins the room
[14:42:46] tale leaves the room: Disconnected: closed
[14:42:54] Puneet Sood_web_113 leaves the room
[14:42:58] <Suzanne Woolf_web_578> @meetecho OK, we'll remind people at the end of this session, thanks!
[14:43:30] <Tim Wicinski_web_353> Thanks shumon,  you are suffering the same "Where's Ralph" problem
[14:44:11] <Peter van Dijk_web_471> Waldo Dolmans
[14:44:19] Puneet Sood_web_387 joins the room
[14:44:38] <Vladimír Čunát_web_654> I'd assume he won't be much around dnsop anymore, but it's mostly guessing.
[14:45:25] <Benno Overeinder> I will chase Waldo Dolmans down.  Actually, I am still in contact with Ralph, but he is very busy starting a job in another country, etc.
[14:45:29] <Shumon Huque_web_645> Well, he still wants to be involved in the draft, but it's harder now since he moved to the Far East and is day job isn't DNS anymore!
[14:45:58] Tim Wicinski_web_353 leaves the room
[14:46:03] Tim Wicinski_web_383 joins the room
[14:46:43] James Gould_web_789 leaves the room
[14:48:53] Shumon Huque_web_645 leaves the room
[14:48:53] Shu-Fang Hsu_web_899 leaves the room
[14:48:57] Shumon Huque_web_114 joins the room
[14:48:59] Shu-Fang Hsu_web_548 joins the room
[14:49:27] Jody Kolker_web_636 leaves the room
[14:52:42] <Vicky Risk_web_950> I was wondering if the deRuijters were for the pizza ... or what?
[14:52:53] <Tom Hill_web_256> Aww.. There's no site at https://xot.rocks :)
[14:52:58] <Peter van Dijk_web_471> Vicky, pineapple was offered separately for those ;)
[14:54:45] <Ben Schwartz> Wrong WG.  ITYM dns://xot.rocks
[14:56:46] <Suzanne Woolf_web_578> dns:://anything sounds like a very dubious idea :-)
[14:57:12] Ted Lemon_web_404 leaves the room
[14:57:17] Ted Lemon_web_925 joins the room
[14:58:02] Geng-Da Tsai_web_288 leaves the room
[14:58:22] HidekiSato_web_979 leaves the room
[14:58:27] Burt Kaliski_web_747 leaves the room
[14:58:28] HidekiSato_web_911 joins the room
[14:58:30] Burt Kaliski_web_725 joins the room
[14:59:00] Tim April_web_821 joins the room
[14:59:11] Tim April_web_821 leaves the room
[14:59:16] Tim April_web_522 joins the room
[14:59:47] Mike Kosek_web_206 leaves the room
[14:59:52] Mike Kosek_web_435 joins the room
[14:59:59] Dmitry Belyavskiy_web_917 joins the room
[15:01:55] Peter Feil_web_365 leaves the room
[15:01:57] <George Michaelson_web_423> dns:://anything looks like DECnet routing
[15:02:25] <Peter Thomassen_web_897> can't see you, Pieter! :)
[15:03:16] Ladislav Lhotka_web_437 leaves the room
[15:03:21] Ladislav Lhotka_web_492 joins the room
[15:03:27] <Ray Bellis_web_667> I don't like this CSYNC stuff - it implies that the catz either becomes a synthetic zone, or at least depends on some other process to read the current members' SOA and dynamically update the CSYNC records.
[15:03:46] Ladislav Lhotka_web_492 leaves the room
[15:04:33] Gexu Meng_web_325 joins the room
[15:06:00] Willem Toorop_web_743 leaves the room
[15:06:06] Willem Toorop_web_108 joins the room
[15:06:22] Antoin Verschuren_web_133 leaves the room
[15:06:34] Antoin Verschuren_web_592 joins the room
[15:07:03] Burt Kaliski_web_725 leaves the room
[15:07:14] Yuji Koyama_web_573 leaves the room
[15:07:19] Yuji Koyama_web_100 joins the room
[15:07:42] Burt Kaliski_web_818 joins the room
[15:07:50] Tom Carpay_web_824 joins the room
[15:07:55] Neil Cook_web_722 joins the room
[15:09:03] Ulrich Wisser_web_267 leaves the room
[15:09:08] Ulrich Wisser_web_596 joins the room
[15:09:23] Yuji Koyama_web_100 leaves the room
[15:09:28] Matthew Pounsett_web_899 leaves the room
[15:09:29] Yuji Koyama_web_355 joins the room
[15:09:31] Matthew Pounsett_web_912 joins the room
[15:09:42] Matthew Pounsett_web_912 leaves the room
[15:09:45] Matthew Pounsett_web_187 joins the room
[15:11:32] Naoki Hanai_web_636 leaves the room
[15:11:37] Naoki Hanai_web_613 joins the room
[15:11:47] Peter Feil_web_537 joins the room
[15:13:24] <Vicky Risk_web_950> Having configuration groups instead of multiple catalogs, doesn't that make the catalog larger? which exacerbates the issues associated with large catalog updates.
[15:14:01] Tommy Jensen_web_518 leaves the room
[15:14:07] Tommy Jensen_web_290 joins the room
[15:14:50] Mike Kosek_web_435 leaves the room
[15:14:56] Mike Kosek_web_192 joins the room
[15:15:16] Peter Koch_web_918 leaves the room
[15:15:20] Peter Koch_web_329 joins the room
[15:15:46] Shu-Fang Hsu_web_548 leaves the room
[15:15:51] Shu-Fang Hsu_web_636 joins the room
[15:16:05] <Peter van Dijk_web_471> Operators can still split (like Peter is saying right now); but the groups allow some operators to not have to split :)
[15:16:51] Tim Wicinski_web_383 leaves the room
[15:16:55] Tim Wicinski_web_104 joins the room
[15:16:55] Sidan Qi_web_295 joins the room
[15:17:00] Mehmet Ersue_web_517 joins the room
[15:17:34] Akira Kato_web_436 leaves the room
[15:17:37] Akira Kato_web_240 joins the room
[15:17:53] <Petr Špaček_web_861> A new class for catalog zones? :troll:
[15:18:31] <Libor Peltan_web_314> @vicky yes, but i consider the benefits worth it
[15:18:35] Mehmet Ersue_web_517 leaves the room
[15:18:36] <Peter van Dijk_web_471> can't do it, PowerDNS is an Internet Class Name Server!
[15:19:04] सचिन गर्ग_web_289 leaves the room
[15:19:04] <Peter Thomassen_web_897> sorry, forgot to introduce myself :-) we run deSEC, a free managed DNSSEC provider, and we're very interested in all efforts helping adopt DNSSEC. --> https://desec.io/
[15:19:07] <George Michaelson_web_423> Proof by exclusion: it cannot be paul because it does not have a (grey) beard.
[15:19:10] <George Michaelson_web_423> IMPOSTOR
[15:19:29] <Vladimír Čunát_web_654> There's a vest, though.
[15:19:32] <George Michaelson_web_423> The term is "hello"
[15:19:39] <George Michaelson_web_423> the vest is alive!
[15:19:39] <Libor Peltan_web_314> To summarize it, i consider the lack of discussion about the whole "properties" idea as an approval to continue this way. (That catalog zone is no longer just a list of PTRs.)
[15:19:49] <Peter van Dijk_web_471> The vest and the soothing baritone are enough identity for me
[15:19:55] Joey Salazar_web_831 leaves the room
[15:19:57] <Murray Kucherawy_web_849> I prefer "whazzaaaap"
[15:20:03] <Willem Toorop_web_108> @libor yes, but all not mandatory
[15:20:06] Kim Davies_web_328 leaves the room
[15:20:09] <Libor Peltan_web_314> yes
[15:20:12] <Ray Bellis_web_667> @Libor that approval needs to be based on list consensus, not the "virtual room"
[15:20:16] <Murray Kucherawy_web_849> @Peter van Dijk: Better than any crypto I can think of.
[15:20:41] <Libor Peltan_web_314> Sure, I meant the approval to continue the work in this direction.
[15:20:52] Mike Kosek_web_192 leaves the room
[15:21:19] Joey Salazar_web_674 joins the room
[15:23:31] Joey Salazar_web_674 leaves the room
[15:24:24] Geng-Da Tsai_web_738 joins the room
[15:24:33] <George Michaelson_web_423> Forgive a naieve question/point, but is making a crypto alg a MAY not a recipe for "goes unvalidatable" because no support emerges for MAY not MUST?
[15:24:49] <George Michaelson_web_423> it feels like a loss of SEP comes from MAY basically
[15:24:51] Joey Salazar_web_512 joins the room
[15:25:38] <George Michaelson_web_423> oh, he covered it
[15:25:53] Jyrki Soini_web_682 leaves the room
[15:25:55] Vincent Levigneron_web_641 leaves the room
[15:25:58] Jyrki Soini_web_763 joins the room
[15:26:00] Vincent Levigneron_web_785 joins the room
[15:26:48] <Vladimír Čunát_web_654> Sounds better than not being able to allocate an algorithm number.
[15:26:57] <Peter van Dijk_web_471> +1 Vladimir
[15:27:19] <Jim Reid_web_605> Yes. Or people plucking alg numbers out of the air
[15:27:27] <Daniel Migault_web_420> Would be good to have the feed backs from implementers.
[15:27:39] <Peter van Dijk_web_471> Jim, which I've had to do a few times for small scale experiments already, and did not like.
[15:27:48] <Daniel Migault_web_420> on how a non tsandard algorithm will be considered.
[15:28:11] <Tom Hill_web_256> Is that Queen Elizabeth speaking?! It's uncanny.
[15:28:57] Patrick Tarpey_web_269 leaves the room
[15:29:14] Vincent Levigneron_web_785 leaves the room
[15:29:20] Vincent Levigneron_web_594 joins the room
[15:29:27] Joey Salazar_web_512 leaves the room
[15:30:35] <Jim Reid_web_605> You never see her and me in the same room at the same time...
[15:30:45] <Tom Hill_web_256> !
[15:30:56] Wes Hardaker_web_754 leaves the room
[15:31:00] Matt Green_web_659 leaves the room
[15:31:01] Hugo Kobayashi_web_601 leaves the room
[15:31:03] Tom Carpay_web_824 leaves the room
[15:31:07] John Levine_web_349 leaves the room
[15:31:07] Roy Arends_web_378 leaves the room
[15:31:08] PE_web_323 leaves the room
[15:31:08] Scott Hollenbeck_web_130 leaves the room
[15:31:09] Ulrich Wisser_web_596 leaves the room
[15:31:09] Jonathan Reed_web_317 leaves the room
[15:31:09] Stan Srednyak_web_841 leaves the room
[15:31:10] Tom Hill_web_256 leaves the room
[15:31:10] Vittorio Bertola_web_986 leaves the room
[15:31:10] Hugo Salgado_web_853 leaves the room
[15:31:10] Neil Cook_web_722 leaves the room
[15:31:10] Shu-Fang Hsu_web_636 leaves the room
[15:31:10] Ash Wilson_web_430 leaves the room
[15:31:11] Alexander Mayrhofer_web_934 leaves the room
[15:31:11] Samuel Weiler_web_589 leaves the room
[15:31:12] HidekiSato_web_911 leaves the room
[15:31:12] Warren Kumari_web_974 leaves the room
[15:31:12] Peter Thomassen_web_897 leaves the room
[15:31:12] Jeff Osborn_web_575 leaves the room
[15:31:12] Joao Damas_web_168 leaves the room
[15:31:13] Sara Dickinson_web_750 leaves the room
[15:31:13] Marco Davids_web_554 leaves the room
[15:31:13] Anders Kölligan_web_624 leaves the room
[15:31:13] Francisco Arias_web_705 leaves the room
[15:31:13] Dan McArdle_web_246 leaves the room
[15:31:13] Jan Včelák_web_461 leaves the room
[15:31:13] Kazunori Fujiwara_web_569 leaves the room
[15:31:14] Benjamin Schwartz_web_835 leaves the room
[15:31:14] Vicky Risk_web_950 leaves the room
[15:31:14] Suzanne Woolf_web_578 leaves the room
[15:31:14] Jim Reid_web_605 leaves the room
[15:31:14] Sidan Qi_web_295 leaves the room
[15:31:14] Ralf Weber_web_940 leaves the room
[15:31:15] Donald Eastlake_web_670 leaves the room
[15:31:15] Nicklas Pousette_web_757 leaves the room
[15:31:16] alex_web_664 leaves the room
[15:31:18] Peter Feil_web_537 leaves the room
[15:31:18] Ray Bellis_web_667 leaves the room
[15:31:18] Robert Story_web_736 leaves the room
[15:31:19] George Michaelson_web_423 leaves the room
[15:31:19] Tim Wicinski_web_104 leaves the room
[15:31:19] Yoshiro Yoneya_web_577 leaves the room
[15:31:20] Shumon Huque_web_114 leaves the room
[15:31:20] <Petr Špaček_web_861> LOL
[15:31:20] Takashi Tomine_web_411 leaves the room
[15:31:21] Akira Kato_web_240 leaves the room
[15:31:22] Eric Orth_web_764 leaves the room
[15:31:23] Michael Breuer_web_250 leaves the room
[15:31:24] Sergey Myasoedov_web_724 leaves the room
[15:31:28] Brian Dickson_web_855 leaves the room
[15:31:28] James Galvin_web_153 leaves the room
[15:31:29] Guillermo Cicileo_web_943 leaves the room
[15:31:29] Chris Box_web_504 leaves the room
[15:31:31] Mike Bishop_web_510 leaves the room
[15:31:32] Chris Box_web_807 joins the room
[15:31:33] Benno Overeinder_web_716 leaves the room
[15:31:35] Takeshi Kusaba_web_621 leaves the room
[15:31:36] Brett Carr_web_553 leaves the room
[15:31:36] Dmitry Belyavskiy_web_917 leaves the room
[15:31:40] Murray Kucherawy_web_849 leaves the room
[15:31:41] Naoki Hanai_web_613 leaves the room
[15:31:41] Andreas Pantelopoulos_web_703 leaves the room
[15:31:44] lundstrom.jerry leaves the room
[15:31:45] Jiri Novotny_web_895 leaves the room
[15:31:47] Hiromu Shiozawa_web_415 leaves the room
[15:31:48] Willem Toorop_web_108 leaves the room
[15:31:52] Andrew Campling_web_747 leaves the room
[15:31:53] dee3@hot-chilli.net leaves the room
[15:31:58] Chris Box_web_807 leaves the room
[15:32:00] Libor Peltan_web_314 leaves the room
[15:32:01] Jerry Lundström joins the room
[15:32:05] <Vladimír Čunát_web_654> :-)
[15:32:14] Takahiro Nemoto_web_279 leaves the room
[15:32:19] David Lawrence_web_669 leaves the room
[15:32:35] Paul Hoffman_web_181 leaves the room
[15:32:45] Vincent Levigneron_web_594 leaves the room
[15:32:46] Tommy Jensen_web_290 leaves the room
[15:32:57] Peter van Dijk_web_471 leaves the room
[15:33:12] Sergey Fomin_web_424 leaves the room
[15:33:16] Zaid AlBanna_web_204 leaves the room
[15:33:16] Gijs Beernink_web_974 leaves the room
[15:33:16] Daniel Migault_web_420 leaves the room
[15:33:16] Cullen Jennings_web_785 leaves the room
[15:33:16] Paolo Saviano_web_655 leaves the room
[15:33:16] Eric Kinnear_web_308 leaves the room
[15:33:16] Christian Elmerot_web_303 leaves the room
[15:33:16] Stuart Cheshire_web_335 leaves the room
[15:33:16] Michael Gibbs_web_158 leaves the room
[15:33:16] Yoshitaka Aharen_web_522 leaves the room
[15:33:16] John Woodworth_web_186 leaves the room
[15:33:16] Pallavi Aras_web_735 leaves the room
[15:33:16] Gustavo Lozano_web_197 leaves the room
[15:33:16] Victor Kuarsingh_web_608 leaves the room
[15:33:16] Vladimír Čunát_web_654 leaves the room
[15:33:16] Joseph K_web_136 leaves the room
[15:33:16] Shinta Sato_web_751 leaves the room
[15:33:16] Jiankang Yao_web_718 leaves the room
[15:33:16] Erik Nygren_web_157 leaves the room
[15:33:16] Fred Baker_web_336 leaves the room
[15:33:16] Joel Jaeggli_web_923 leaves the room
[15:33:16] Matthew Quick_web_336 leaves the room
[15:33:16] Petr Špaček_web_861 leaves the room
[15:33:16] Puneet Sood_web_387 leaves the room
[15:33:16] Ted Lemon_web_925 leaves the room
[15:33:16] Tim April_web_522 leaves the room
[15:33:16] Gexu Meng_web_325 leaves the room
[15:33:16] Antoin Verschuren_web_592 leaves the room
[15:33:16] Burt Kaliski_web_818 leaves the room
[15:33:16] Yuji Koyama_web_355 leaves the room
[15:33:16] Matthew Pounsett_web_187 leaves the room
[15:33:16] Peter Koch_web_329 leaves the room
[15:33:16] Geng-Da Tsai_web_738 leaves the room
[15:33:16] Jyrki Soini_web_763 leaves the room
[15:33:38] mcr joins the room
[15:33:59] <mcr> hi. chairs?
[15:34:26] <mcr> should I be prepared to share my slides, or do you prefer to?
[15:37:35] Meetecho leaves the room
[15:38:05] Meetecho joins the room
[15:40:31] <Jerry Lundström> mcr: think you can choose
[15:50:03] Neil Cook_web_512 joins the room
[15:50:03] Gijs Beernink_web_429 joins the room
[15:50:03] Yuji Koyama_web_211 joins the room
[15:50:03] Brian Dickson_web_933 joins the room
[15:50:03] Daniel Migault_web_760 joins the room
[15:50:03] Michael Richardson_web_172 joins the room
[15:50:03] Michael Gibbs_web_599 joins the room
[15:50:03] Alessandro Toppi_web_169 joins the room
[15:50:03] Lorenzo Miniero_web_865 joins the room
[15:50:03] Kazunori Fujiwara_web_120 joins the room
[15:50:03] George Michaelson_web_680 joins the room
[15:50:03] Vladimír Čunát_web_329 joins the room
[15:50:03] Scott Hollenbeck_web_375 joins the room
[15:50:03] Benno Overeinder_web_324 joins the room
[15:50:03] Tim Wicinski_web_973 joins the room
[15:50:03] Akira Kato_web_407 joins the room
[15:50:03] Tom Carpay_web_193 joins the room
[15:50:23] Yoshiro Yoneya_web_149 joins the room
[15:50:42] Paul Wouters_web_969 joins the room
[15:51:06] Andrew Campling_web_125 joins the room
[15:51:11] <Paul Wouters_web_969> what did i miss in the previous session? :)
[15:52:24] Fred Baker_web_529 joins the room
[15:52:38] <George Michaelson_web_680> Stuff. lots of stuff. we decided to go back to UDP only, 511 byte max payload and MD5
[15:52:53] Robert Story_web_629 joins the room
[15:53:00] hta joins the room
[15:53:12] <Jerry Lundström> CRC you mean
[15:53:33] Harald Alvestrand_web_361 joins the room
[15:53:38] Wes Hardaker_web_461 joins the room
[15:53:52] Joao Damas_web_938 joins the room
[15:54:08] Suzanne Woolf_web_654 joins the room
[15:54:08] <mcr> Jerry, I will project then, since I have some animated slides.
[15:54:15] Takeshi Kusaba_web_570 joins the room
[15:54:17] <Paul Wouters_web_969> excellent, the DNS camel is now a dromedary
[15:54:34] Peter Koch_web_752 joins the room
[15:54:44] Antoin Verschuren_web_973 joins the room
[15:55:26] Paul Hoffman_web_612 joins the room
[15:55:30] Juan Cerezo_web_134 joins the room
[15:55:36] Ulrich Wisser_web_604 joins the room
[15:56:04] Willem Toorop_web_238 joins the room
[15:56:08] Christian Elmerot_web_613 joins the room
[15:56:09] Brian Dickson_web_933 leaves the room
[15:56:12] Peter Yee_web_790 joins the room
[15:56:18] <Paul Hoffman_web_612> Not even that: a mule
[15:56:20] Warren Kumari_web_881 joins the room
[15:56:22] Yoshitaka Aharen_web_322 joins the room
[15:56:22] Brian Dickson_web_727 joins the room
[15:56:25] alex_web_916 joins the room
[15:57:00] Eric Orth_web_426 joins the room
[15:57:04] Joel Jaeggli_web_580 joins the room
[15:57:22] Tirumaleswar Reddy.K_web_906 joins the room
[15:57:31] Nicklas Pousette_web_362 joins the room
[15:57:37] Sara Dickinson_web_335 joins the room
[15:57:43] Vincent Levigneron_web_193 joins the room
[15:58:11] Naoki Hanai_web_903 joins the room
[15:58:16] PE_web_561 joins the room
[15:58:18] Libor Peltan_web_403 joins the room
[15:58:21] Shinta Sato_web_560 joins the room
[15:58:28] Vicky Risk_web_995 joins the room
[15:58:33] Peter Thomassen_web_880 joins the room
[15:58:33] John Levine_web_358 joins the room
[15:58:56] <Libor Peltan_web_403> Llama
[15:58:59] Peter van Dijk_web_982 joins the room
[15:58:59] Shumon Huque_web_589 joins the room
[15:59:05] Marco Davids_web_209 joins the room
[15:59:19] Petr Špaček_web_912 joins the room
[15:59:24] Mohamed Boucadair_web_467 joins the room
[15:59:33] Jiri Novotny_web_172 joins the room
[15:59:38] Peter Koch_web_752 leaves the room
[15:59:43] Peter Koch_web_890 joins the room
[15:59:57] Jeff Osborn_web_514 joins the room
[15:59:58] Stuart Cheshire_web_868 joins the room
[16:00:01] Jari Arkko_web_174 joins the room
[16:00:09] Shinta Sato_web_560 leaves the room
[16:00:12] <Suzanne Woolf_web_654> sometimes I think it's a platypus....
[16:00:24] Tommy Jensen_web_123 joins the room
[16:00:33] Daniel Migault_web_760 leaves the room
[16:00:38] Mike Bishop_web_935 joins the room
[16:00:38] Roy Arends_web_537 joins the room
[16:00:45] Andreas Pantelopoulos_web_585 joins the room
[16:00:55] Francisco Arias_web_482 joins the room
[16:00:57] Ralf Weber_web_862 joins the room
[16:00:59] Anthony Faust_web_247 joins the room
[16:01:10] Baula Xu_web_823 joins the room
[16:01:18] Vittorio Bertola_web_597 joins the room
[16:01:25] Stan Srednyak_web_140 joins the room
[16:01:26] Pallavi Aras_web_531 joins the room
[16:01:38] Igor Gashinsky_web_890 joins the room
[16:01:38] <mcr> dns lays eggs...
[16:01:43] James Galvin_web_483 joins the room
[16:01:45] Jim Reid_web_184 joins the room
[16:01:45] Hugo Kobayashi_web_288 joins the room
[16:01:45] Shinta Sato_web_705 joins the room
[16:01:45] David Lawrence_web_938 joins the room
[16:01:46] Tim April_web_932 joins the room
[16:01:48] Sergey Fomin_web_425 joins the room
[16:01:59] Jonathan Reed_web_670 joins the room
[16:02:00] <Suzanne Woolf_web_654> ...and has hair
[16:02:05] <Peter van Dijk_web_982> PaulW, we're moving dnskey algorithm and flag assignment to GitHub PRs with Emoji voting. Delegation only will surely benefit from this :D
[16:02:06] Hiromu Shiozawa_web_719 joins the room
[16:02:07] Takahiro Nemoto_web_454 joins the room
[16:02:11] Gustavo Lozano_web_425 joins the room
[16:02:15] Puneet Sood_web_864 joins the room
[16:02:19] Brett Carr_web_789 joins the room
[16:02:22] Sean Turner_web_610 joins the room
[16:02:28] Ash Wilson_web_827 joins the room
[16:02:34] Benjamin Schwartz_web_718 joins the room
[16:02:36] <Peter van Dijk_web_982> (and dotpin ;) )
[16:02:37] <George Michaelson_web_680> Can't hear Kazunori
[16:02:42] <Paul Wouters_web_969> i dont hear anything ?
[16:02:43] John Woodworth_web_931 joins the room
[16:02:51] Ray Bellis_web_874 joins the room
[16:03:05] <Jeff Osborn_web_514> Me neither.
[16:03:08] <Jim Reid_web_184> Benno, you need to sing a son until we start
[16:03:13] <Paul Wouters_web_969> peter. I see, i will have to get noh :shit:ts.ca   :)
[16:03:17] <Vicky Risk_web_995> there is nothing to hear!!
[16:03:17] Daniel Migault_web_926 joins the room
[16:03:17] <Libor Peltan_web_403> I hear DNS grow
[16:03:18] Sergey Myasoedov_web_135 joins the room
[16:03:19] Eric Kinnear_web_571 joins the room
[16:03:24] <Paul Wouters_web_969> oh booh. they undid my nice emoji
[16:03:28] <Meetecho> Kazunori: can you click the mic icon? I onl see you in queue
[16:03:48] Baula Xu_web_823 leaves the room
[16:03:56] Baula Xu_web_209 joins the room
[16:04:09] Anthony Faust_web_247 leaves the room
[16:04:28] Michelle Cotton_web_262 joins the room
[16:04:33] Anthony Faust_web_591 joins the room
[16:04:59] Alexander Mayrhofer_web_328 joins the room
[16:05:17] Nitin Batta_web_703 joins the room
[16:05:18] Ole Jacobsen_web_591 joins the room
[16:05:39] Dan McArdle_web_901 joins the room
[16:05:39] Himanshu Shah_web_503 joins the room
[16:05:51] Hugo Salgado_web_487 joins the room
[16:05:59] Ulrich Wisser_web_604 leaves the room
[16:06:03] Ulrich Wisser_web_194 joins the room
[16:06:19] Himanshu Shah_web_503 leaves the room
[16:07:02] Tim April_web_932 leaves the room
[16:07:03] Nicklas Pousette_web_362 leaves the room
[16:07:06] Nicklas Pousette_web_527 joins the room
[16:07:07] Tim April_web_295 joins the room
[16:07:08] Nicklas Pousette_web_527 leaves the room
[16:07:11] Nicklas Pousette_web_429 joins the room
[16:07:19] Lixia Zhang_web_742 joins the room
[16:07:53] <George Michaelson_web_680> hah! Star Trek death match, to pick the best DNS payload size. I get to watch
[16:08:08] <Vicky Risk_web_995> so this is a manual pmtu
[16:08:23] <George Michaelson_web_680> it's UDP. what do you want to do PMTU?
[16:08:39] Lixia Zhang_web_742 leaves the room
[16:08:43] <George Michaelson_web_680> "one size fits all" PMTU. (hint: its the small one)
[16:08:45] <Peter van Dijk_web_982> As an implementer I have no idea what to do with that slide.
[16:08:55] <Peter van Dijk_web_982> (the one suggesting a responder probes a bunch of things)
[16:09:18] Erik Nygren_web_571 joins the room
[16:09:47] <Peter van Dijk_web_982> or, in fact, even as a requester I wouldn't know what to do.
[16:09:57] <Brian Dickson_web_727> Have a config thing that specifies what to probe, and a default set of things in the config, and do TCP PMTUD to those?
[16:10:24] Takashi Tomine_web_247 joins the room
[16:10:29] <Peter van Dijk_web_982> That requires 'probing' to be defined as something useful.
[16:10:40] Anthony Faust_web_591 leaves the room
[16:11:02] <Brian Dickson_web_727> TCP PMTUD - use that to calculate a value, and transmogrify to UDP thing
[16:11:09] Matt Green_web_569 joins the room
[16:11:20] <Peter van Dijk_web_982> I'm not a web server, I don't have data to probe with. Also I don't have time for probing :)
[16:11:34] Jared Mauch_web_570 joins the room
[16:11:36] <Vladimír Čunát_web_329> Probing towards *well*-connected places like root doesn't seem like a reliable bound to me.
[16:11:38] Patrick Tarpey_web_488 joins the room
[16:11:41] Takashi Tomine_web_247 leaves the room
[16:11:53] <Peter van Dijk_web_982> Indeed, that only provides an absolute upper bound.
[16:11:57] Jared Mauch_web_570 leaves the room
[16:12:10] <Jonathan Reed_web_670> +1 to Puneet's suggestion
[16:12:17] Anthony Faust_web_377 joins the room
[16:12:31] <Brian Dickson_web_727> Thus the suggestion about the operator supplied set rather than hard-coded set.
[16:12:33] Mike Kosek_web_482 joins the room
[16:12:33] <Peter van Dijk_web_982> was distracted, what was his suggestion?
[16:12:46] <Ralf Weber_web_862> 1400
[16:12:58] <Ralf Weber_web_862> or a range from 1232 to 1400
[16:13:09] <Peter van Dijk_web_982> right
[16:13:23] <Jerry Lundström> he suggested a range, not a fixed number
[16:13:27] <Jonathan Reed_web_670> Right, recommending a range
[16:13:37] <Jerry Lundström> +1 range
[16:13:46] <Petr Špaček_web_912> I'm not sure it is good idea to bake a value in an RFC. The value might change in future by simply changing defaults in software, will we update RFC? In my eyes it's waste of effort.
[16:14:00] <Vladimír Čunát_web_329> Even the discussion towards 1232 default of DNS Frag Day was quite long and hard.
[16:14:31] <George Michaelson_web_680> isn't the probed client in the kernel MTU cache radix trie?
[16:14:43] Meetecho leaves the room
[16:14:45] <George Michaelson_web_680> I guess not, if you never did TCP.
[16:14:49] Meetecho joins the room
[16:14:50] <Peter van Dijk_web_982> only for clients that you have seen recently
[16:14:52] <Petr Špaček_web_912> Exactly.
[16:14:53] <Peter van Dijk_web_982> and that
[16:15:01] <Peter van Dijk_web_982> the data simply is not there most of the time
[16:15:02] Meetecho leaves the room
[16:15:04] <Vladimír Čunát_web_329> And assuming stuff like ICMP works.
[16:15:05] <Brian Dickson_web_727> I strongly suggest everyone read Geoff's article, and take it into consideration before discussing or taking a strong position.
[16:15:10] <Peter van Dijk_web_982> and even TCP only has it if you hit the limits first
[16:15:17] <Petr Špaček_web_912> I realize this is radical, but I would rather drop the document than to put it out only because we have spent time on it.
[16:15:22] <Peter van Dijk_web_982> I have read Geoff's article.
[16:15:25] Meetecho joins the room
[16:15:30] Jim Reid_web_184 leaves the room
[16:15:35] Jim Reid_web_474 joins the room
[16:15:46] Guillermo Cicileo_web_942 joins the room
[16:16:17] <Peter van Dijk_web_982> Petr, I like the DONTFRAG bit, but that's about it.
[16:16:30] <Jim Reid_web_474> if most queries are going to use DoH, will UDP payloads matter in the longer term?
[16:16:40] <Brian Dickson_web_727> The two main take-aways are, don't use the SAME value for IP4 and IP6, and pick the largest value that is known to not cause problems. Picking too small a value leads to poor outcomes.
[16:16:55] <Ralf Weber_web_862> Yeah from recursive to authoritative for. a long time coming
[16:17:11] <Peter van Dijk_web_982> Jim, a joke?
[16:17:22] <Jerry Lundström> :D
[16:17:30] <Petr Špaček_web_912> DONTFRAG sounds like a good idea, but I think there already are papers on that topic (not necessairly RFCs) so having RFC just to point to a paper sounds like not very productive.
[16:17:33] <Jim Reid_web_474> @Peter. maybe. :-)
[16:17:35] <Paul Hoffman_web_612> Green sheet!
[16:18:19] <Brian Dickson_web_727> The frag issue on recursive to auth is actually a big deal, and is where the greatest level of thought should be applied. I.e. recursive to auth is where the Fragmentation is Poisonous is applicable. Preventing fragmentation on that path is really really a big deal.
[16:18:43] <Peter van Dijk_web_982> Yes - so I do think publishing DONTFRAG guidance would be tremendously useful.
[16:19:53] <zulipbot> (Puneet Sood) @_**JabberBot|28** [said](https://zulip-trial1.ietf.org/#narrow/stream/55-jabber.3Adnsop/topic/dnsop/near/27300):
```quote
Paul Hoffman_web_612: Green sheet!
```
what is green sheet?
[16:19:54] <Suzanne Woolf_web_654> @Petr, agreed and this is why the chairs are looking for where consensus might actually lie-- if the WG can't agree enough of the content of the draft is worth publishing, we'll drop it.
[16:20:06] Christopher de Soto_web_261 joins the room
[16:20:07] <Peter van Dijk_web_982> Puneet, the green sheet is Wes' background
[16:20:37] <Warren Kumari_web_881> Subtly different to a blue sheet? :-P
[16:20:37] Kazunori Fujiwara_web_120 leaves the room
[16:20:42] Kazunori Fujiwara_web_148 joins the room
[16:21:02] <Warren Kumari_web_881> Everybody, go write your name on Wes' bedsheet....
[16:21:07] <Brian Dickson_web_727> Correct. However, that also requires sane values on both BUFSIZE and configured auth server be used, since there is no UDP ability to retransmit.
I think the draft should put explicit guidance on IPv4 and IPv6 to not use defaults over 1472 and 1452 respectively, but also make that subject to revision for the potential of recursive-to-auth eventually being frequently/commonly being over paths with PMTU >> 1500 (e.g. 9000)
[16:21:07] <Paul Wouters_web_969> opt-out should die by now. We have the RAM :P
[16:21:10] <Suzanne Woolf_web_654> I've always heard that called a "green screen"
[16:22:00] <Peter van Dijk_web_982> Suzanne, same
[16:22:03] <Paul Wouters_web_969> Is there really a iteration problem to solve ?
[16:22:36] <Jim Reid_web_474> Too many iterations is a DoS vector for validators
[16:22:49] <Peter van Dijk_web_982> Jim, and auths
[16:22:59] <Peter van Dijk_web_982> But at least they made their own bed.
[16:23:13] Alexander Mayrhofer_web_328 leaves the room
[16:23:15] <Peter van Dijk_web_982> (mostly)
[16:23:20] Alexander Mayrhofer_web_767 joins the room
[16:24:08] <Shumon Huque_web_589> Do validators already implement a cap on the number of hash iterations? I suspect many do, but haven't checked.
[16:24:09] <Brian Dickson_web_727> Good guidance for implementers and operators, who may not be as aware of the impact they are causing themselves.
[16:24:18] <Peter van Dijk_web_982> Shumon, yes
[16:24:28] <Paul Wouters_web_969> roy has a good point
[16:24:49] <Shumon Huque_web_589> Peter - what do you do? Is it key size based or absolute?
[16:25:04] Matt Green_web_569 leaves the room
[16:25:25] <Peter van Dijk_web_982> PowerDNS Recursor has a (configurable, default) cap at 2500, keysize ignored
[16:25:29] Kim Davies_web_641 joins the room
[16:25:35] <Peter van Dijk_web_982> above that we go insecure, as 5155 currently demands
[16:26:07] Juan Cerezo_web_134 leaves the room
[16:26:13] Matthew Pounsett_web_241 joins the room
[16:26:13] Juan Cerezo_web_912 joins the room
[16:26:46] <Vicky Risk_web_995> paul vixie
[16:27:03] Yoshiro Yoneya_web_149 leaves the room
[16:27:07] Yoshiro Yoneya_web_643 joins the room
[16:27:15] <Willem Toorop_web_238> Unbound, the same (also goes insecure if iterations > cap), but takes along the key sizes as shown in the presentation. So max 150 iterations for key size 1024 etc.
[16:28:30] Michelle Cotton_web_262 leaves the room
[16:28:39] Nitin Batta_web_703 leaves the room
[16:28:44] Nitin Batta_web_575 joins the room
[16:28:55] <Vladimír Čunát_web_329> Yes, ainbow table for a given zone.  (say, decode new names fast)
[16:29:06] Mike StJohns joins the room
[16:29:25] Patrick Tarpey_web_488 leaves the room
[16:29:27] Scott Hollenbeck_web_375 leaves the room
[16:29:31] Patrick Tarpey_web_568 joins the room
[16:29:31] <Brian Dickson_web_727> Trying to word this question carefully: is there any strong support by anyone regarding use of NSEC3? Would there be any support for making recommendations of NSEC over NSEC3, particularly for the root issues for this draft?
[16:29:32] Scott Hollenbeck_web_300 joins the room
[16:29:44] Igor Gashinsky_web_890 leaves the room
[16:29:50] <Peter van Dijk_web_982> +1 to deprecating NSEC3 altogether ;)
[16:29:54] <Peter van Dijk_web_982> (it would really help if NSEC had opt-out)
[16:30:04] <Jim Reid_web_474> +1 to what Peter said.
[16:30:15] <Paul Wouters_web_969> +1
[16:30:16] <Paul Wouters_web_969> :)
[16:30:20] <Ralf Weber_web_862> Yeah +1 for me also, but not happening any time soon, so reducing iterations is what we have
[16:30:23] <Ray Bellis_web_874> there are still TLDs that want NSEC3 to prevent enumeration
[16:30:30] <Christian Elmerot_web_613> +1
[16:30:30] <Peter van Dijk_web_982> Ralf, yep, that's the pragmatic response.
[16:30:36] Pallavi Aras_web_531 leaves the room
[16:30:37] <Paul Wouters_web_969> s/prevent/slow down/
[16:30:39] <Suzanne Woolf_web_654> $dayjob_hat: we talked about doing NSEC3->NSEC for our zones last year
[16:30:41] <Brian Dickson_web_727> If someone (a large DNS hosting company) were to say, go 100% DNSSEC, that might even make opt-out a non-issue. Just saying.
[16:30:46] Nitin Batta_web_575 leaves the room
[16:30:49] Nitin Batta_web_513 joins the room
[16:30:51] Nitin Batta_web_513 leaves the room
[16:30:54] Nitin Batta_web_959 joins the room
[16:31:06] <Petr Špaček_web_912> You are saying that for far too long already :troll:
[16:31:07] <Paul Wouters_web_969> brian: i look forward to godaddy and google doing that :)
[16:31:34] Nitin Batta_web_959 leaves the room
[16:31:40] Sergey Fomin_web_425 leaves the room
[16:31:58] <Brian Dickson_web_727> Hope to have something to say in another few weeks... yes, I am aware I have been saying that, but $dayjob has REDACTED ISSUES. :-)
[16:32:41] <Brian Dickson_web_727> (But we have switched our hosted DNSSEC to NSEC and alg 13 across the board)
[16:33:10] <Paul Wouters_web_969> brian: yay :)
[16:33:14] <Peter van Dijk_web_982> Congrats on algo 13!
[16:33:42] <Peter Koch_web_890> I understand that this is a policy issue at least as much as it is a standards/protocol issue;  taking decision about other entities' risk assessment might turn out to be a slippery slope
[16:34:28] <Paul Hoffman_web_612> So would *not* taking risk into account.
[16:34:32] <Wes Hardaker_web_461> There is always a tussle between the produces of the data and the security they require vs the consumers and the resources they're willing to commit to use the data
[16:34:41] <Brian Dickson_web_727> Agree. However, saying "NOT RECOMMENDED" is not the same as "DEPRECATED".
[16:36:25] <Brian Dickson_web_727> IMHO, having good recommendations for operators with small zones where enumeration is a non-issue, would avoid unnecessary self-inflicted pain. Making non-recommendations (saying does not apply to TLDs) might help carve out the scope of recommendatinos.
[16:36:52] <Paul Wouters_web_969> I'll have to read it. moving dns hoster and doing CDS/CDNSKEY is tricky
[16:37:01] PE_web_561 leaves the room
[16:37:06] PE_web_461 joins the room
[16:37:12] <Paul Wouters_web_969> and most people move (registrar+dnshoster) at once
[16:37:12] <Peter van Dijk_web_982> There's some excellent thinking behind Ulrich&co's paper.
[16:37:29] Tim April_web_295 leaves the room
[16:37:32] Tim April_web_814 joins the room
[16:37:34] <Ben Schwartz> Does this assume the same algorithms on both sides?
[16:37:52] <Peter van Dijk_web_982> I don't think so but don't hold it against me
[16:38:09] <Brian Dickson_web_727> Haven't committed to this yet at $dayjob but the idea is to have the registrar do the polling and EPP, hope to actually pursue implementing.
[16:38:10] <Shumon Huque_web_589> Ben - it does not today, but we have another proposal in the pipeline for how to deal with that. Stay tuned.
[16:38:17] <Peter van Dijk_web_982> ah cool
[16:38:19] <Jim Reid_web_474> Brian, making protocol special cases for TLDs (or other kinds of zones) seems wrong. Though I suppose that ship sailed when NSEC3 was done for a handful of TLDs.
[16:38:59] <Brian Dickson_web_727> Yeah, mostly make it "zone size" rather than topological or operational special-casing.
[16:39:03] Sidan Qi_web_819 joins the room
[16:39:14] <Peter Thomassen_web_880> Same algorithms are currently implicitly required by RFC 6840, but that could be updated through the new document
[16:39:15] <Brian Dickson_web_727> Or rather, risk of enumeration.
[16:39:41] <Ben Schwartz> "Use NSEC if you don't need NSEC3" seems uncontroversial but not very useful
[16:40:29] <Paul Wouters_web_969> If you want to avoid teenagers getting your zone data, use nsec3
[16:40:32] <Brian Dickson_web_727> It's better than nothing, and hopefully actionable to reduce blind use of NSEC3.
[16:40:46] <Peter van Dijk_web_982> Ben, actually it would be good for many operators to give that a good thinkover.
[16:41:02] <Ben Schwartz> OK
[16:41:18] <Paul Wouters_web_969> if you want to prevent real adversaries from getting your zone, go back to the drawing board
[16:41:22] Monika Ermert_web_965 joins the room
[16:41:29] Samuel Weiler_web_844 joins the room
[16:41:37] <Paul Wouters_web_969> they already have it
[16:42:07] <Brian Dickson_web_727> DNS data is public, so you can't prevent anyone obtaining it. The enumeration thing is probably less useful now that there are public resolvers with large-ish caches
[16:42:11] <Christian Elmerot_web_613> We are talking about data openly queryable regardless
[16:42:27] <Peter van Dijk_web_982> https://crt.sh/ also has all your interesting names.
[16:42:59] <Paul Wouters_web_969> peter: ahh so hidden DNS names and no TLS will keep your serer hidden and secure :)
[16:43:08] <Peter van Dijk_web_982> PaulW, well, one of those!
[16:43:50] <Vladimír Čunát_web_329> Best have the server air-gapped.
[16:44:00] <Paul Wouters_web_969> :)
[16:44:02] <Ben Schwartz> Check out this one neat trick to avoid appearing in CT logs [DANE].
[16:44:30] <Vladimír Čunát_web_329> :-D
[16:44:46] John Levine_web_358 leaves the room
[16:44:49] John Levine_web_910 joins the room
[16:44:52] <Shumon Huque_web_589> Until DT logs appear :)
[16:45:22] Chi-Jiun Su_web_638 joins the room
[16:45:36] Shinta Sato_web_705 leaves the room
[16:45:40] Jonathan Reed_web_670 leaves the room
[16:45:46] Jonathan Reed_web_820 joins the room
[16:47:18] Ole Jacobsen_web_591 leaves the room
[16:47:21] Ole Jacobsen_web_769 joins the room
[16:47:23] Shinta Sato_web_300 joins the room
[16:49:59] David Smith_web_219 joins the room
[16:52:32] Joao Damas_web_938 leaves the room
[16:52:37] Joao Damas_web_616 joins the room
[16:52:44] Naoki Hanai_web_903 leaves the room
[16:52:47] Naoki Hanai_web_279 joins the room
[16:54:02] Mike Kosek_web_482 leaves the room
[16:54:05] Mike Kosek_web_376 joins the room
[16:54:05] <Vladimír Čunát_web_329> Fixed until the cert rotates.
[16:54:15] <Petr Špaček_web_912> +1
[16:54:20] <Jonathan Reed_web_820> I just want to note that there's another potential implementor besides browsers, which is client software like AdGuard or Avast.  I have no data about plans any of them may have, but they're things-that-aren't-browsers-but-also-aren't-OS-stubs.
[16:55:30] <Vladimír Čunát_web_329> +1 for bringing some significant client(s) into this.
[16:55:46] Michelle Cotton_web_674 joins the room
[16:56:36] Tommy Jensen_web_123 leaves the room
[16:56:41] Tommy Jensen_web_200 joins the room
[16:57:35] <Petr Špaček_web_912> When you do that, mention also EDE...
[16:57:59] Naoki Hanai_web_279 leaves the room
[16:58:04] Naoki Hanai_web_758 joins the room
[16:58:04] Tom Carpay_web_193 leaves the room
[16:58:11] <Petr Špaček_web_912> chairs: Maybe capport WG would have the right people?
[16:58:23] Mohamed Boucadair_web_467 leaves the room
[16:58:34] <Vladimír Čunát_web_329> The draft mentions EDE, but it won't hurt to stress it separately.
[16:59:29] Tirumaleswar Reddy.K_web_906 leaves the room
[16:59:44] Peter Yee_web_790 leaves the room
[16:59:56] <Paul Hoffman_web_612> +1 to capport as a good target. They had to deal with lots of these issues.
[16:59:58] Stuart Cheshire_web_868 leaves the room
[17:00:06] <Paul Wouters_web_969> nom nom side channel :)
[17:00:46] <Paul Wouters_web_969> websockets over DNS :)
[17:01:05] Tim April_web_814 leaves the room
[17:02:03] Mike Kosek_web_376 leaves the room
[17:02:08] Mike Kosek_web_911 joins the room
[17:02:43] <Jim Reid_web_474> @Petr, capport has closed. The WG members should still be around.
[17:03:22] <Vladimír Čunát_web_329> > The mailing list will remain open for that and other related discussion.
[17:03:32] <Petr Špaček_web_912> @Jim, I'm aware, hopefully at least capport charts are still alive.
[17:03:42] <Petr Špaček_web_912> * chairs
[17:03:46] Tim April_web_645 joins the room
[17:04:32] Guillermo Cicileo_web_942 leaves the room
[17:06:19] <Brian Dickson_web_727> This error reporting is between recursives and auths, and spoofing requires being an active MITM, or brute-forcing the traffic info (Query ID and other pieces of entropy)
[17:06:32] <Brian Dickson_web_727> I.e. answer has to match a valid query
[17:06:36] <Vladimír Čunát_web_329> Isn't it better to send those malicious reports by e-mail?
[17:07:06] Scott Rose_web_936 joins the room
[17:07:17] <Warren Kumari_web_881> ... only if over TCP...
[17:07:43] <Petr Špaček_web_912> E-mail over UDP :thinking: :troll:
[17:07:46] <Paul Wouters_web_969> you have a configuration problem. Now clients are all reporting back to you with an erorr.Now you have two problems
[17:08:15] <Petr Špaček_web_912> This is DMARC for DNS with all pros and cons.
[17:08:16] <Brian Dickson_web_727> Isn't this an option that needs the auth to enable first?
[17:08:17] Patrick Tarpey_web_568 leaves the room
[17:08:20] <Peter van Dijk_web_982> Brian, nothing in the draft supports what you just said though.
[17:08:25] <Peter van Dijk_web_982> Brian, yes, it's opt-in from the auth.
[17:08:30] <Vladimír Čunát_web_329> Well, the reporting could be restricted to TCP, if "we" determine it's worth it.
[17:08:34] <Brian Dickson_web_727> Okay, I guess I need to contribute text :-)
[17:08:38] <Vladimír Čunát_web_329> (TCP or cookies, say)
[17:08:47] <Brian Dickson_web_727> +1
[17:08:53] <Ben Schwartz> +1
[17:08:56] <Paul Wouters_web_969> so you go from mostly UDP to massive TCP load ?
[17:09:04] <Paul Wouters_web_969> now you have 3 problems
[17:09:06] <Warren Kumari_web_881> for (addr=1; addr <=2**32; addr++) {send (src,  "Error") }.  :-P
[17:09:08] <Brian Dickson_web_727> Or cookies everywhere, FTW
[17:09:18] <Vladimír Čunát_web_329> The reporting server is separable easily.
[17:09:25] <Warren Kumari_web_881> Gimme a sec, and I'm sure I can come up with a 4th :-)
[17:09:56] Andreas Pantelopoulos_web_585 leaves the room
[17:10:01] Andreas Pantelopoulos_web_620 joins the room
[17:10:10] <hugo-salgado> Could it be renamed to "resolver-feedback" on adoption? The resemblance to "EDE" is a bit confusing...
[17:10:31] <Peter van Dijk_web_982> There is a strong connection with EDE, but it does sound even more eerily similar than that connection supports, yes :)
[17:10:40] <Jim Reid_web_474> I support WG adoption
[17:10:58] Peter van Dijk_web_982 leaves the room
[17:11:03] Peter van Dijk_web_433 joins the room
[17:11:03] <Warren Kumari_web_881> <no hats> I also support adoption; I think that this is useful..
[17:11:06] <Paul Wouters_web_969> a zillion resolvers will have proper TCP or COOKIEs. i'm not too worried about forced stuff. Just use cloudflare :)
[17:11:24] <Paul Wouters_web_969> (s/forced/forged)
[17:11:26] Han Zhang_web_995 joins the room
[17:12:16] <Warren Kumari_web_881> cat errors.txt | awk '{print $3}' | sort | uniq -c | sort -rn   ?
[17:12:33] <Brian Dickson_web_727> Maybe an additional flag, saying "Yeah, I know it has problems" so the client won't report about known borkedness
[17:12:47] <Paul Wouters_web_969> we could use https://exampe.com/security.txt as the reporting url :)
[17:12:49] <Vladimír Čunát_web_329> Oh, nice!
[17:12:55] <Vladimír Čunát_web_329> (for the flag)
[17:13:14] Chris Box_web_544 joins the room
[17:13:25] <Brian Dickson_web_727> Can we send the chat log to the list? ;-)
[17:13:29] <Petr Špaček_web_912> @Brian So you disable it for a while.
[17:13:36] <Paul Wouters_web_969> let's all send the chat log to the list :)
[17:13:39] <Vicky Risk_web_995> there is an etherpad
[17:13:48] <Petr Špaček_web_912> You can even do sampling and send the option just for 1/1000 of queries or so.
[17:13:56] <Peter van Dijk_web_433> https://www.ietf.org/jabber/logs/dnsop/2021-03-11.html
[17:14:16] <Paul Wouters_web_969> petr: oh maybe a Proof of Work blockchain submission process ? :)
[17:14:18] Kim Davies_web_641 leaves the room
[17:14:21] Kim Davies_web_658 joins the room
[17:14:23] Joey Salazar_web_354 joins the room
[17:14:48] Shumon Huque_web_589 leaves the room
[17:14:51] Shumon Huque_web_845 joins the room
[17:15:13] <Paul Wouters_web_969> +1 (seriously)
[17:15:21] <Peter van Dijk_web_433> hashcash
[17:15:32] <Petr Špaček_web_912> :rofl:
[17:15:32] <Vittorio Bertola_web_597> Perhaps a DMARC-like "percentage" flag that tells clients to generate a random number and only report the error if it's less than that. So if you have a lot of traffic you can only get a small fraction of the reports.
[17:16:00] <Brian Dickson_web_727> Other ideas: match client to source IP and ASN, and track certain kinds of failure situations against ASN, with flags and samples. E.g. things like validation failure due to transport stripping DNSSEC records.
[17:16:02] Gijs Beernink_web_429 leaves the room
[17:16:07] Gijs Beernink_web_527 joins the room
[17:16:19] <Petr Špaček_web_912> @Vittorio you can do that already, just send the option defined in the draft 1/1000 of times.
[17:16:36] <Vladimír Čunát_web_329> Same with per-ASN.
[17:17:07] <Paul Wouters_web_969> your email will be down along with DNS :)
[17:17:26] Christopher de Soto_web_261 leaves the room
[17:17:33] <Paul Wouters_web_969> so will your reporting server i guess :P
[17:18:05] <Petr Špaček_web_912> I strongly recommend reading the draft. Most importantly, authoritative servers opt-in by sending _another_ domain name where reports should be sent. This allows sampling, sending to a third party which will do processing and call you phone when something seriously blows up.
[17:18:28] Joey Salazar_web_354 leaves the room
[17:18:41] <Peter Thomassen_web_880> thank you for the heads-up and sorry for the noise
[17:18:50] <Paul Wouters_web_969> if you cant monitor your own DNS queries from external view, why can you keep up that reporting server that does nothing for 5 years until you need it ?
[17:19:26] <Petr Špaček_web_912> @Paul Again, it's like DMARC. You don't have to, you can pay a third party do to all the analysis and alerting for you.
[17:19:44] <Petr Špaček_web_912> (If you wish, you can _also_ run everything yourself.)
[17:20:20] <Brian Dickson_web_727> You can monitor from SOME external views, but not from EVERY external vantage point. So, apples/oranges. I don't disagree on the sentiment, but it still has value.
[17:20:37] Eric Orth_web_426 leaves the room
[17:20:42] Eric Orth_web_838 joins the room
[17:20:47] <Brian Dickson_web_727> It also supports the concept of a fire drill... put in an occasional intentional error just to trigger reports.
[17:20:52] <Petr Špaček_web_912> In fact you decide for each individual query if you want to monitor it or not - and where reports should be sent.
[17:21:01] <Brian Dickson_web_727> (It == implicit in the functionality, not the draft itself.)
[17:21:20] <Paul Wouters_web_969> brian: if it is a remote corner of the world transport error. then nice to get the report , but your infrastructure is not broken. there might not be much you can do
[17:21:31] <Suzanne Woolf_web_654> We'll be looking for comment and possibly adoption on the mailing list-- detailed feedback like this will be helpful
[17:22:15] <Suzanne Woolf_web_654> both issues and psosible ways to resolve them
[17:22:16] <Ben Schwartz> Alexander Mayrhofer_web_767: I think servers are surely free to do that.  I don't think it's standards-relevant.
[17:22:22] <Paul Wouters_web_969> Can't we  standarize Viktor sending out emails :)
[17:22:38] <Brian Dickson_web_727> Idea: also have the reporting server provide its own contact info, so if the remote corner broken infra problem exists, there is the ability for the auth to report to the operator of the recursive... somehow.
[17:22:51] <Vladimír Čunát_web_329> Encryption towards auths isn't there yet, but hopefully soon.
[17:22:57] <mcr> A few thousand clones of Viktor shouldn't be a problem. Does Viktor come with a Dockerfile?
[17:23:08] <Jerry Lundström> lol
[17:23:13] <Petr Špaček_web_912> :rofl:
[17:24:26] Andreas Pantelopoulos_web_620 leaves the room
[17:24:26] James Galvin_web_483 leaves the room
[17:24:30] Andreas Pantelopoulos_web_739 joins the room
[17:24:33] James Galvin_web_761 joins the room
[17:25:29] Alexey Melnikov_web_422 joins the room
[17:25:47] Sergey Myasoedov_web_135 leaves the room
[17:25:48] Ralf Weber_web_862 leaves the room
[17:25:53] Ralf Weber_web_608 joins the room
[17:26:30] <Paul Hoffman_web_612> For those who don't know, Viktor  does all the useful IETF work as a hobby. It has nothing to do with his $dayjob.
[17:27:08] <Brian Dickson_web_727> Okay, wow!
[17:29:26] Alexey Melnikov_web_422 leaves the room
[17:29:29] Alexey Melnikov_web_885 joins the room
[17:30:03] Ash Wilson_web_827 leaves the room
[17:30:12] Pallavi Aras_web_535 joins the room
[17:30:36] <mcr> I think that there is a jarring conceptual thing on TEEs: many of us are used to thinking of them as being i2c connected TPM chips, which run at like 1Mhz, and have 2K of ram. (or that 286 running XENIX that talks to your keyboard) But, the TEE environment inside the main CPU can be as big as anything else, but it usually has no VM, no kernel access, and does no I/O.
[17:30:44] Chi-Jiun Su_web_638 leaves the room
[17:30:54] Roland Schott_web_589 joins the room
[17:30:56] Chi-Jiun Su_web_481 joins the room
[17:31:06] Daniel Gillmor_web_417 joins the room
[17:31:06] Han Zhang_web_995 leaves the room
[17:31:09] Han Zhang_web_604 joins the room
[17:31:16] dkg joins the room
[17:31:25] <Ben Schwartz> Yeah, it's called an "enclave" but it's more like a "mode".
[17:32:03] <mcr> https://datatracker.ietf.org/doc/draft-reddy-add-server-policy-selection/   also contains a way to carry an attestation about this Trusted Application to the client.  Not everyone thinks this is a good thing.
[17:32:42] <mcr> https://jari.volvo/manual.html
[17:33:31] Anthony Faust_web_377 leaves the room
[17:33:33] <George Michaelson_web_680> not doing IO makes it a bit hard to understand the applicability to a protocol on the wire
[17:33:53] Ben Schwartz leaves the room
[17:34:10] <hta> The inside-TEE software would have to be auditable somehow.
[17:34:28] Neil Cook_web_512 leaves the room
[17:34:31] <hta> If it's allowed to have any side effects, you can attach a console to the side effect.
[17:34:42] <mcr> @George, you get no access to the ethernet chip. That's what it means to have no I/O.  But, the TCP/UDP contents are copied in, still encrypted.   The TEE software would have to come with an attestation.
[17:35:17] <Jiri Novotny_web_172> @george well the IO is available through an OCALL/ECALL interface which is a slower way, however there are interesting advances with use of io_uring
[17:36:11] <Jiri Novotny_web_172> @hta - auditable software is one of the assumptions
[17:36:20] <Jiri Novotny_web_172> e.g. opensource
[17:36:29] <mcr> @hta, I suspect that there will be more rowhammer-like attacks, but this is not a new thing, and would apply to not using the TEE.  I suspect the TEE stuff will be easier to validate as being immune, or make immune.
[17:37:08] Francisco Arias_web_482 leaves the room
[17:37:13] Francisco Arias_web_210 joins the room
[17:37:37] Peter Thomassen_web_880 leaves the room
[17:37:55] <mcr> @warren, see above pointer to Tiru's document.
[17:39:48] <George Michaelson_web_680> CFRG and explore relatoonship to homomorphic?
[17:39:49] <Jiri Novotny_web_172> also https://datatracker.ietf.org/doc/draft-ietf-teep-architecture/
[17:40:19] <Warren Kumari_web_881> Yes, I've been following teep, but we need to fully understand what is being attested to.
[17:41:37] <Jiri Novotny_web_172> that's true
[17:44:01] Tim April_web_645 leaves the room
[17:44:06] <Suzanne Woolf_web_654> @warren this is why I love the pearg idea
[17:44:18] <Warren Kumari_web_881> Yah. It sounds facinating...
[17:44:25] Nicklas Pousette_web_429 leaves the room
[17:44:29] <Daniel Migault_web_926> dk: can you provide more detail why you believe TEE might not be as secure as mentioned.
[17:44:48] Brian Dickson_web_727 leaves the room
[17:45:02] Brian Dickson_web_857 joins the room
[17:45:11] Nicklas Pousette_web_634 joins the room
[17:45:13] Nicklas Pousette_web_634 leaves the room
[17:45:16] Nicklas Pousette_web_568 joins the room
[17:45:31] George Michaelson_web_680 leaves the room
[17:45:41] <mcr> My document is draft-ietf-opsawg-mud-iot-dns-considerations, sorry for the missing "-ietf" in the title.
[17:45:42] George Michaelson_web_168 joins the room
[17:46:12] <Paul Hoffman_web_612> Who is the "we" in "we all love to talk about IoT devices"?
[17:46:29] Vicky Risk_web_995 leaves the room
[17:46:32] <Peter van Dijk_web_433> If it's not you, it's them
[17:47:03] Ole Jacobsen_web_769 leaves the room
[17:47:07] Vicky Risk_web_922 joins the room
[17:47:54] Erik Nygren_web_571 leaves the room
[17:47:57] Erik Nygren_web_306 joins the room
[17:48:14] Takahiro Nemoto_web_454 leaves the room
[17:48:20] Takahiro Nemoto_web_501 joins the room
[17:48:47] slm joins the room
[17:49:18] Takahiro Nemoto_web_501 leaves the room
[17:49:36] Alexander Mayrhofer_web_767 leaves the room
[17:49:40] Baula Xu_web_209 leaves the room
[17:49:44] Alexander Mayrhofer_web_234 joins the room
[17:49:48] Roy Arends_web_537 leaves the room
[17:51:31] David Lawrence_web_938 leaves the room
[17:51:36] David Lawrence_web_471 joins the room
[17:51:37] Fred Baker_web_529 leaves the room
[17:53:32] Michelle Cotton_web_674 leaves the room
[17:54:03] <Erik Nygren_web_306> +1 to Ben, this can be very dynamic.
[17:54:20] <Vladimír Čunát_web_329> Some devices use the first one, yes.
[17:54:23] <Shumon Huque_web_845> RRsets are atomic and unordered, but end systems often employ address selection algorithms which will order how they might be used.
[17:54:23] tale joins the room
[17:54:31] tale leaves the room
[17:54:36] <Erik Nygren_web_306> We spent lots of time trying to solve this in draft-ietf-v6ops-464xlat-optimization-03 and kept finding the rabbit hole of corner cases gets deeper and deeper
[17:54:47] tale joins the room
[17:54:51] Takashi Tomine_web_131 joins the room
[17:55:05] <Shumon Huque_web_845> Traditionally, many implementations will shuffle the records in the RRset, but the DNS protocol does not require that.
[17:55:12] Han Zhang_web_604 leaves the room
[17:55:28] <David Lawrence_web_471> "likely" is the operative word here.
[17:55:32] <Erik Nygren_web_306> A version of BIND10 also tried to sort by default and it broke a bunch environments horribly and got rolled-back as a default.
[17:56:00] Sean Turner_web_610 leaves the room
[17:56:05] <Erik Nygren_web_306> But some servers handing out pools of IPs are unhappy if you just pick the first one in the set.  Many assume clients will distribute fairly uniformly.
[17:56:14] <Shumon Huque_web_845> Yes, I remember that Erik - that affected one of my customers too :)
[17:56:25] <Vittorio Bertola_web_597> I hear camels complaining. Their backs ache.
[17:56:47] Baula Xu_web_810 joins the room
[17:57:20] <Vladimír Čunát_web_329> BIND10 broke environments?
[17:57:26] <Shumon Huque_web_845> BIND9!
[17:57:40] <Shumon Huque_web_845> BIND10 has not awoken from the dead I believe :)
[17:57:56] Brett Carr_web_789 leaves the room
[17:58:14] Shumon Huque_web_845 leaves the room
[17:58:20] Shumon Huque_web_886 joins the room
[17:59:07] Chris Box_web_544 leaves the room
[17:59:47] Scott Rose_web_936 leaves the room
[18:00:17] Wes Hardaker_web_461 leaves the room
[18:00:26] Baula Xu_web_810 leaves the room
[18:00:29] Baula Xu_web_387 joins the room
[18:01:00] <Paul Wouters_web_969> it is clear. next one is online
[18:01:00] Eric Kinnear_web_571 leaves the room
[18:01:01] Jari Arkko_web_174 leaves the room
[18:01:02] Mike Bishop_web_935 leaves the room
[18:01:03] Ralf Weber_web_608 leaves the room
[18:01:03] Jonathan Reed_web_820 leaves the room
[18:01:03] Joel Jaeggli_web_580 leaves the room
[18:01:04] Jeff Osborn_web_514 leaves the room
[18:01:04] Pallavi Aras_web_535 leaves the room
[18:01:04] Benjamin Schwartz_web_718 leaves the room
[18:01:05] Jim Reid_web_474 leaves the room
[18:01:05] Marco Davids_web_209 leaves the room
[18:01:05] PE_web_461 leaves the room
[18:01:05] Tommy Jensen_web_200 leaves the room
[18:01:05] Andrew Campling_web_125 leaves the room
[18:01:05] Robert Story_web_629 leaves the room
[18:01:05] Scott Hollenbeck_web_300 leaves the room
[18:01:05] Andreas Pantelopoulos_web_739 leaves the room
[18:01:05] Chi-Jiun Su_web_481 leaves the room
[18:01:06] Sidan Qi_web_819 leaves the room
[18:01:06] Joao Damas_web_616 leaves the room
[18:01:06] Harald Alvestrand_web_361 leaves the room
[18:01:06] Stan Srednyak_web_140 leaves the room
[18:01:07] Hugo Kobayashi_web_288 leaves the room
[18:01:07] Akira Kato_web_407 leaves the room
[18:01:07] Vittorio Bertola_web_597 leaves the room
[18:01:07] Shumon Huque_web_886 leaves the room
[18:01:07] Matthew Pounsett_web_241 leaves the room
[18:01:07] Takashi Tomine_web_131 leaves the room
[18:01:08] Roland Schott_web_589 leaves the room
[18:01:08] Christian Elmerot_web_613 leaves the room
[18:01:08] Ulrich Wisser_web_194 leaves the room
[18:01:08] Alexander Mayrhofer_web_234 leaves the room
[18:01:09] Kim Davies_web_658 leaves the room
[18:01:09] Yoshitaka Aharen_web_322 leaves the room
[18:01:09] <Paul Wouters_web_969> they said that during plenary
[18:01:09] Kazunori Fujiwara_web_148 leaves the room
[18:01:09] Nicklas Pousette_web_568 leaves the room
[18:01:09] John Levine_web_910 leaves the room
[18:01:09] Joel Jaeggli_web_663 joins the room
[18:01:09] Puneet Sood_web_864 leaves the room
[18:01:09] <Paul Hoffman_web_612> Bye y'all!
[18:01:10] Jiri Novotny_web_172 leaves the room
[18:01:11] Hugo Salgado_web_487 leaves the room
[18:01:12] Francisco Arias_web_210 leaves the room
[18:01:12] Yoshiro Yoneya_web_643 leaves the room
[18:01:14] Sara Dickinson_web_335 leaves the room
[18:01:14] Paul Hoffman_web_612 leaves the room
[18:01:14] Vincent Levigneron_web_193 leaves the room
[18:01:14] George Michaelson_web_168 leaves the room
[18:01:15] Shinta Sato_web_300 leaves the room
[18:01:17] Antoin Verschuren_web_973 leaves the room
[18:01:18] Naoki Hanai_web_758 leaves the room
[18:01:19] alex_web_916 leaves the room
[18:01:19] Samuel Weiler_web_844 leaves the room
[18:01:19] Gustavo Lozano_web_425 leaves the room
[18:01:20] Michael Richardson_web_172 leaves the room
[18:01:20] <John Woodworth_web_931> thanks!
[18:01:22] Eric Orth_web_838 leaves the room
[18:01:23] Vicky Risk_web_922 leaves the room
[18:01:23] Michael Gibbs_web_599 leaves the room
[18:01:26] Baula Xu_web_387 leaves the room
[18:01:27] Dan McArdle_web_901 leaves the room
[18:01:27] Peter van Dijk_web_433 leaves the room
[18:01:28] <Suzanne Woolf_web_654> Thanks everybody!!
[18:01:31] <Brian Dickson_web_857> Thanks and see ya
[18:01:35] John Woodworth_web_931 leaves the room
[18:01:38] Yoshiro Yoneya leaves the room
[18:01:47] Brian Dickson_web_857 leaves the room
[18:01:47] Peter Koch_web_890 leaves the room
[18:02:01] Yuji Koyama_web_211 leaves the room
[18:02:06] Tim Wicinski_web_973 leaves the room
[18:02:06] Alessandro Toppi_web_169 leaves the room
[18:02:06] Lorenzo Miniero_web_865 leaves the room
[18:02:06] Vladimír Čunát_web_329 leaves the room
[18:02:06] Benno Overeinder_web_324 leaves the room
[18:02:06] Paul Wouters_web_969 leaves the room
[18:02:06] Suzanne Woolf_web_654 leaves the room
[18:02:06] Takeshi Kusaba_web_570 leaves the room
[18:02:06] Willem Toorop_web_238 leaves the room
[18:02:06] Warren Kumari_web_881 leaves the room
[18:02:06] Libor Peltan_web_403 leaves the room
[18:02:06] Petr Špaček_web_912 leaves the room
[18:02:06] Hiromu Shiozawa_web_719 leaves the room
[18:02:06] Ray Bellis_web_874 leaves the room
[18:02:06] Daniel Migault_web_926 leaves the room
[18:02:06] Juan Cerezo_web_912 leaves the room
[18:02:06] Monika Ermert_web_965 leaves the room
[18:02:06] David Smith_web_219 leaves the room
[18:02:06] Mike Kosek_web_911 leaves the room
[18:02:06] Gijs Beernink_web_527 leaves the room
[18:02:06] James Galvin_web_761 leaves the room
[18:02:06] Alexey Melnikov_web_885 leaves the room
[18:02:06] Daniel Gillmor_web_417 leaves the room
[18:02:06] Erik Nygren_web_306 leaves the room
[18:02:06] David Lawrence_web_471 leaves the room
[18:02:06] Joel Jaeggli_web_663 leaves the room
[18:02:58] mcr leaves the room
[18:04:11] Meetecho leaves the room
[18:04:47] Jerry Lundström leaves the room
[18:10:22] Benno Overeinder leaves the room
[19:27:05] tale leaves the room
[19:55:14] dkg leaves the room
[20:08:15] Test joins the room
[20:11:09] Test leaves the room: Disconnected: BOSH client silent for over 60 seconds
[20:26:30] slm leaves the room: Disconnected: closed
[20:40:43] tale joins the room
[21:40:59] tale leaves the room
[22:22:41] hta leaves the room
[22:23:06] hta joins the room
[22:35:50] tale joins the room

Powered by ejabberd - robust, scalable and extensible XMPP server