dnsop - Tuesday, July 27, 2021

dnsop

dnsop@jabber.ietf.org

Tuesday, July 27, 2021< ^ >

Benno Overeinder has set the subject to: DNSOP at IETF 110

Room Configuration

Room Occupants

GMT+0
[00:00:02] <Benno Overeinder_web_382> https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc5933-bis/
[00:00:21] Lars-Johan Liman_web_926 joins the room
[00:02:18] <Peter van Dijk_web_760> https://datatracker.ietf.org/doc/draft-ietf-dnsop-update-timeout/, which I did not really like, might still be interesting in the context of Domain Verification
[00:02:38] <Jim Reid_web_270> Thanks for the clarification Jay. I was bitten by the need for ANRW registration earlier today.
[00:02:42] Olaf Kolkman_web_141 leaves the room
[00:02:48] Olaf Kolkman_web_553 joins the room
[00:03:28] Barbara Stark_web_264 leaves the room
[00:03:32] <Peter van Dijk_web_760> +1 on parties requiring verification being clear on what needs to stick around
[00:03:55] <Paul Wouters_web_801> that should be clear in the name in the zone
[00:04:16] <Peter van Dijk_web_760> Paul, in what way?
[00:04:33] Hans Kuhn_web_815 leaves the room
[00:04:54] <Peter van Dijk_web_760> is pubsuffix even an IETF thing?
[00:04:57] Olaf Kolkman_web_553 leaves the room
[00:05:28] <Benjamin Schwartz_web_567> There already is?  https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#underscored-globally-scoped-dns-node-names
[00:05:30] <Paul Wouters_web_801> I meant TXT record value should contain a string that makes it clear if the record expires or is continuous
[00:05:30] <Joey Salazar_web_424> I agree DNSSEC should/could be used, but how to promote that with vendors who specifically have a point against it (like Let's Encrypt)?
[00:05:58] <Peter van Dijk_web_760> Paul, so in the content - makes sense to me
[00:06:06] <Paul Wouters_web_801> and yes there is an _underscore registry :)
[00:06:17] <Paul Wouters_web_801> yes adopt, yes informational :)
[00:06:22] <Peter van Dijk_web_760> (if we have that, we can mostly replace TIMEOUT with a zone linter that checks those)
[00:06:30] <Joey Salazar_web_424> +1 yes adopt, yes informational
[00:06:33] <Vittorio Bertola_web_558> +1 for adopting this
[00:06:40] Jiankang Yao_web_799 leaves the room
[00:06:48] <Peter van Dijk_web_760> Joey, LE is against DNSSEC? I haven't noticed that - do you have a reference?
[00:06:49] Jiankang Yao_web_673 joins the room
[00:07:03] <Paul Wouters_web_801> viktor: thats why the service name should be in the RRdata
[00:07:13] <Joey Salazar_web_424> I'd say if possible, a small recommendations sections maybe mentioning how this would be good from a competition/service POV
[00:07:16] <Peter van Dijk_web_760> Viktor makes an excellent point, yes
[00:07:18] <Paul Wouters_web_801> along with expiry :)
[00:07:19] <Brian Haberman_web_684> @PvD https://datatracker.ietf.org/doc/html/rfc8126#section-4.6
[00:07:20] James Gould_web_418 leaves the room
[00:07:33] <zulipbot> (Ralf Weber) No, public suffix I think is still Mozilla as the IETF efforts to replace it (dbound) failed
[00:07:42] James Gould_web_504 joins the room
[00:07:53] <Joey Salazar_web_424> @Peter van Dijk just directly from the slides, where they said LE has a vantage point if no DNSSEC
[00:07:56] Jiankang Yao_web_673 leaves the room
[00:07:57] <Peter van Dijk_web_760> ah, Specification Required, not Standard Required, yes
[00:08:04] Jiankang Yao_web_156 joins the room
[00:08:17] <Brian Haberman_web_684> Yeah, I got my terminology mixed up.
[00:08:25] <John Levine_web_466> @ralf the DBOUND WG failed, the PSL is still a community maintained text file on github
[00:09:04] <Peter van Dijk_web_760> Brian, no worries, but then it's closer to how I remembered it, which is good
[00:09:52] <Peter van Dijk_web_760> Joey, right! I don't think that says LE is against DNSSEC (which they check carefully), I always felt the multiple vantage points were more of a fallback in case of no DNSSEC
[00:10:00] Roy Arends_web_329 leaves the room
[00:11:22] Jiankang Yao_web_156 leaves the room
[00:11:32] Jiankang Yao_web_171 joins the room
[00:11:46] <Joey Salazar_web_424> Fair : ) then let's say I reiterate the question for those who prefer no DNSSEC, or simply to promote its use in general, does that work @Peter van Dijk?
[00:11:47] Jiankang Yao_web_171 leaves the room
[00:11:51] Jiankang Yao_web_891 joins the room
[00:12:17] <Peter van Dijk_web_760> oh yes, that works :)
[00:12:30] <Joey Salazar_web_424> ^^
[00:12:38] <Peter van Dijk_web_760> it scares me that CA issuance is mostly tied to DNS, and DNS is mostly untrusted
[00:12:59] <Peter van Dijk_web_760> always a very confusing argument when people tell me DANE makes no sense
[00:13:12] Jared Mauch_web_412 leaves the room
[00:13:34] <Paul Wouters_web_801> knot now supports add dnskey records  (because i needed it and they nicely wrote a patch for me :)
[00:14:46] <Peter van Dijk_web_760> nice :)
[00:18:09] Dawei Fan_web_991 leaves the room
[00:18:59] Yahya_web_888 leaves the room
[00:21:23] <Wes Hardaker_web_467> I'd just like to thank them for implementing CSYNC.  It's RFC came out in 2015 but hasn't really seen deployment yet.
[00:21:57] <David Lawrence_web_792> You totally agree that Suzanne's sins are showing?
[00:22:54] Nigel Hickson_web_276 leaves the room
[00:23:01] Lucy Lynch_web_249 joins the room
[00:23:44] <Shumon Huque_web_304> I was agreeing with Ulrich re: automation (I wasn't aware that Suzanne had any sins!):grinning:
[00:24:30] William Roffman_web_600 joins the room
[00:25:14] William Roffman_web_600 leaves the room
[00:26:08] Chris Box_web_809 joins the room
[00:26:32] Yoshiro Yoneya_web_197 leaves the room
[00:26:39] Yoshiro Yoneya_web_476 joins the room
[00:28:14] Job Snijders_web_656 leaves the room
[00:28:28] <Andrew Campling_web_811> Access Denied DNS Error Page seems like a way to provide a real improvement in the user experience, especially supporting multiple filtering
[00:29:38] <Joey Salazar_web_424> +1 Andrew
[00:30:25] <Joey Salazar_web_424> I also think it gives an edge on the quality and type of service the users would get
[00:31:19] <Andrew Campling_web_811> Agreed - and should allow over-blocking etc to be fixed quickly
[00:32:43] John Levine_web_466 leaves the room
[00:32:55] Patrick Tarpey_web_548 leaves the room
[00:32:56] Samuel Weiler_web_967 leaves the room
[00:33:42] Olaf Kolkman_web_677 joins the room
[00:34:17] <George Michaelson_web_332> IANA registry for rule34
[00:34:23] Michael StJohns_web_892 leaves the room
[00:37:06] Brian Haberman_web_684 leaves the room
[00:38:02] කෙසර රත්නායක_web_600 leaves the room
[00:40:26] Linlin Zhou_web_839 joins the room
[00:41:51] Ray Bellis_web_502 leaves the room
[00:42:11] Jiankang Yao_web_891 leaves the room
[00:42:45] Jiankang Yao_web_448 joins the room
[00:43:09] Linlin Zhou_web_839 leaves the room
[00:43:11] <Paul Wouters_web_801> what??
[00:43:50] Robert Story_web_898 leaves the room
[00:43:59] Linlin Zhou_web_121 joins the room
[00:44:30] Francisco Arias_web_503 leaves the room
[00:44:41] Francisco Arias_web_319 joins the room
[00:44:44] <Joey Salazar_web_424> Then it's about time the users start understanding this IMO
[00:45:19] Francisco Arias_web_319 leaves the room
[00:45:25] <Jim Reid_web_270> +1000 to what Paul just said
[00:45:41] Linlin Zhou_web_121 leaves the room
[00:45:45] Linlin Zhou_web_354 joins the room
[00:45:54] Linlin Zhou_web_354 leaves the room
[00:46:00] <Jonathan Reed_web_133> I would hate to see us punt this to a nonexistent group of experts that will never actually be convened.
[00:46:06] Jay Daley_web_157 leaves the room
[00:46:21] <Paul Wouters_web_801> what Paul and Warren said, (and I said similar things a few IETFs ago)
[00:46:27] <Brett Carr_web_121> yes agreed there are a lot of stakeholders involved here and so bringing lots of ppl in to discuss it properly is a good idea
[00:46:38] <Joey Salazar_web_424> I fail to see how providing a mechanism for transparency would actually mean the IETF agrees with DNS transparency
[00:46:46] <Andrew Campling_web_811> Can we avoid pejorative terms like DNS censorship - malware filtering etc is a good thing!
[00:46:47] <Joey Salazar_web_424> *DNS filtering sorry
[00:47:04] <Paul Wouters_web_801> it feels like when the enterprise came to the TLS WG for their requires eavesdropping requirements. this is very similar
[00:47:06] <Jonathan Reed_web_133> Agree with Andrew.  We need to stop pretending the only use case here is hostile nation states.
[00:47:27] <Joey Salazar_web_424> +1 Jonathan Reed
[00:47:45] <Vittorio Bertola_web_558> The significant number of governments, corporations, ISPs and users that already today do DNS filtering without this standard seems to disprove this idea that the IETF's "recognition" has any weight in the adoption of this mechanism.
[00:47:48] <David K_web_863> Governments are already forcing this by making providers give A records to specific IPs which explain why content was blocked. Anything that would work "better" than that seems beneficial.
[00:47:57] <Brian Dickson_web_180> My opinion: clarifying the scope to be RESOLVER rather than AUTHORITATIVE filtering/censorship/whatever, and the ensuring the protocol CANNOT be leveraged in the wrong place.
Not 100% sure that is completely feasible, but, that might be how to approach.
[00:48:20] Linlin Zhou_web_855 joins the room
[00:48:22] <Jim Reid_web_270> @Jonathan, how to make a distinction between that use case and the more "benign" use of DNS filtering?
[00:48:24] Linlin Zhou_web_855 leaves the room
[00:48:25] Linlin Zhou_web_520 joins the room
[00:48:42] <Shane Kerr_web_653> I find it hard to believe that there is anywhere where the majority of users opt-in for anything. :-P
[00:48:51] <Brian Dickson_web_180> (I.e. the SOPA/PIPA stuff has to be killed at the initial stages, but opt-in or national-level rules applied to resolvers might be okay.)
[00:48:53] <Vittorio Bertola_web_558> Also, I'd ask to please stop using the term "censorship" - there are many more DNS filtering use cases that do not pertain to censorship but to network security or user preferences (e.g. parental controls).
[00:49:26] <Jonathan Reed_web_133> Any tool and technology can be used for good or evil.   Customers pay money to their ISPs to block sites that they (the customers) find objectionable.  The IETF is welcome to believe those customers are wrong and are morally equivalent to authoritarian regimes if they want.
[00:49:30] <Jim Reid_web_270> Wil a repressive regime use an IETF standard to say "we've filtering DNS repsonses"?
[00:49:46] Rebecca Guthrie_web_547 leaves the room
[00:49:59] Joe Abley_web_219 leaves the room
[00:50:00] Tom Harrison_web_837 leaves the room
[00:50:08] <Marco Davids_web_153> :sleeping: thank you all!
[00:50:10] <Brian Dickson_web_180> If the regime is the ones operating the resolvers, probably not, but otherwise, possibly operators could
[00:50:16] <Brian Dickson_web_180> Also, thank you all
[00:50:43] Jiri Novotny_web_487 leaves the room
[00:50:48] <Vittorio Bertola_web_558> In European countries I totally see the ISPs reporting what was blocked due to laws/court orders.
[00:50:59] <Vittorio Bertola_web_558> But it's an interesting conversation that we need to have :)
[00:51:24] James Gould_web_504 leaves the room
[00:51:33] Wataru Ohgai_web_341 leaves the room
[00:51:36] Lucy Lynch_web_249 leaves the room
[00:51:40] Burt Kaliski_web_131 leaves the room
[00:51:40] Pallavi Aras_web_662 leaves the room
[00:51:41] Jonathan Reed_web_133 leaves the room
[00:51:41] Shivan Sahib_web_987 leaves the room
[00:51:41] Jasdip Singh_web_284 leaves the room
[00:51:41] Paul Wouters_web_801 leaves the room
[00:51:41] <Warren Kumari_web_244> Night all!
[00:51:42] Wes Hardaker_web_467 leaves the room
[00:51:42] Chris Box_web_809 leaves the room
[00:51:42] Shumon Huque_web_304 leaves the room
[00:51:43] Geoff Huston_web_246 leaves the room
[00:51:43] Eric Orth_web_872 leaves the room
[00:51:44] Jim Reid_web_270 leaves the room
[00:51:44] Jeremiah Androscavage_web_963 leaves the room
[00:51:44] Mark Andrews_web_377 leaves the room
[00:51:44] Tim Wicinski_web_675 leaves the room
[00:51:45] Richard Wilhelm_web_952 leaves the room
[00:51:45] Nicklas Pousette_web_308 leaves the room
[00:51:45] Shane Kerr_web_653 leaves the room
[00:51:45] Scott Hollenbeck_web_118 leaves the room
[00:51:45] Hugo Kobayashi_web_400 leaves the room
[00:51:46] <Vittorio Bertola_web_558> Good night...
[00:51:46] Jen Linkova_web_387 leaves the room
[00:51:47] Avri Doria_web_637 leaves the room
[00:51:47] Suzanne Woolf_web_712 leaves the room
[00:51:47] Tommy Jensen_web_547 leaves the room
[00:51:48] Marco Davids_web_153 leaves the room
[00:51:48] Gustavo Lozano_web_116 leaves the room
[00:51:48] Ulrich Wisser_web_980 leaves the room
[00:51:48] Andrew Campling_web_811 leaves the room
[00:51:49] Dan Wing_web_117 leaves the room
[00:51:49] Stuart Cheshire_web_984 leaves the room
[00:51:49] Benjamin Schwartz_web_567 leaves the room
[00:51:49] Yan Yan_web_106 leaves the room
[00:51:50] Tim April_web_592 leaves the room
[00:51:50] PE_web_697 leaves the room
[00:51:51] Donald Eastlake_web_102 leaves the room
[00:51:51] Warren Kumari_web_244 leaves the room
[00:51:52] Jacques Latour_web_949 leaves the room
[00:51:52] Paul Hoffman_web_303 leaves the room
[00:51:52] Puneet Sood_web_529 leaves the room
[00:51:52] Vittorio Bertola_web_558 leaves the room
[00:51:53] Matthew Quick_web_207 leaves the room
[00:51:53] Brian Dickson_web_180 leaves the room
[00:51:54] Linlin Zhou_web_520 leaves the room
[00:51:56] James Galvin_web_623 leaves the room
[00:51:57] David K_web_863 leaves the room
[00:51:57] Yoshiro Yoneya_web_476 leaves the room
[00:51:59] Akira Kato_web_105 leaves the room
[00:52:00] Jacques Latour_web_945 joins the room
[00:52:02] Kazunori Fujiwara_web_944 leaves the room
[00:52:03] Joey Salazar_web_424 leaves the room
[00:52:03] Korry Luke_web_412 leaves the room
[00:52:04] Jacques Latour_web_945 leaves the room
[00:52:04] <Peter van Dijk_web_760> night!
[00:52:06] Amanda Baber_web_679 leaves the room
[00:52:07] Ralf Weber_web_401 leaves the room
[00:52:09] Peter van Dijk_web_760 leaves the room
[00:52:11] Brett Carr_web_121 leaves the room
[00:52:12] Yoshitaka Aharen_web_197 leaves the room
[00:52:12] Chi-Yuan Chen_web_137 leaves the room
[00:52:13] George Michaelson_web_332 leaves the room
[00:52:14] Jorge Cano_web_475 leaves the room
[00:52:15] PE_web_170 joins the room
[00:52:20] <John Woodworth_web_746> thanks everyone!
[00:52:30] Ching-Heng Ku_web_978 leaves the room
[00:52:32] Jiankang Yao_web_448 leaves the room
[00:52:33] John Woodworth_web_746 leaves the room
[00:52:35] Yuji Koyama_web_681 leaves the room
[00:52:38] Benno Overeinder_web_382 leaves the room
[00:52:57] Shinta Sato_web_626 leaves the room
[00:52:57] David Lawrence_web_792 leaves the room
[00:52:58] PuneetS leaves the room: Disconnected: BOSH client silent for over 60 seconds
[00:53:14] Mark Kosters_web_249 leaves the room
[00:53:14] Paolo Saviano_web_366 leaves the room
[00:53:14] Vincent Levigneron_web_601 leaves the room
[00:53:14] Duane Wessels_web_714 leaves the room
[00:53:14] Viktor Dukhovni_web_296 leaves the room
[00:53:14] Scott Rose_web_985 leaves the room
[00:53:14] Olaf Kolkman_web_677 leaves the room
[00:53:14] Lars-Johan Liman_web_926 leaves the room
[00:53:14] Joel Jaeggli_web_571 leaves the room
[00:53:15] PE_web_170 leaves the room
[00:53:15] David Smith_web_966 leaves the room
[00:53:37] Meetecho leaves the room
[00:54:32] Yoshiro Yoneya leaves the room
[01:05:51] Meetecho-alex leaves the room
[02:27:27] ash leaves the room
[03:08:19] tale leaves the room
[14:43:12] tale joins the room
[14:43:16] tale leaves the room
[14:43:25] tale joins the room
[14:43:34] tale leaves the room
[14:43:38] tale joins the room
[14:44:13] tale leaves the room
[14:44:15] tale joins the room
[14:54:13] englishm joins the room
[14:59:42] tale leaves the room: Disconnected: closed
[15:05:47] englishm leaves the room
[15:06:09] tale joins the room
[15:26:21] tale leaves the room: Disconnected: closed
[16:03:29] tale joins the room
[16:22:02] tale leaves the room: Disconnected: closed
[16:22:19] tale joins the room
[17:15:37] tale leaves the room
[17:35:18] englishm joins the room
[17:59:25] englishm leaves the room
[18:57:58] ash joins the room
[20:44:38] Shivan Sahib leaves the room
[21:09:10] ash leaves the room
[21:11:21] zulipbot leaves the room: Disconnected: closed
[21:12:39] Half-Shot joins the room
[21:12:39] Matrix Traveler (bot) joins the room
[21:12:39] sftcd joins the room
[21:12:39] zyxbac joins the room
[21:12:39] halfshot joins the room
[21:12:39] cjsu joins the room
[21:12:40] Jan Včelák joins the room
[21:12:40] hugo-salgado joins the room
[21:12:40] weiler joins the room
[21:16:47] zulipbot joins the room

Powered by ejabberd - robust, scalable and extensible XMPP server