IETF
doh
doh@jabber.ietf.org
Thursday, November 16, 2017< ^ >
Room Configuration
Room Occupants

GMT+0
[04:40:09] Yoshiro Yoneya joins the room
[05:19:39] meetecho joins the room
[05:20:32] ted.h joins the room
[05:24:56] Alyssa joins the room
[05:25:15] Vipul Mathur joins the room
[05:25:15] Linjian Song joins the room
[05:25:15] John Border joins the room
[05:29:09] Alyssa leaves the room: Connection failed: connection closed
[05:29:55] <ted.h> If you need something reflected to the room, please preface it with mic: (or MIC:, if you feel shouty).  I will relay it for you.
[05:31:27] Kal Feher joins the room
[05:32:32] Linjian Song leaves the room
[05:33:27] m&m joins the room
[05:34:08] <ted.h> The chairs open the meeting.
[05:34:11] <ted.h> Note well displayed.
[05:34:29] Linjian Song joins the room
[05:35:49] <ted.h> Agenda displayed
[05:36:02] Alyssa joins the room
[05:36:17] Alyssa leaves the room: Connection failed: connection closed
[05:36:24] frodek joins the room
[05:36:50] Alp Toker joins the room
[05:36:52] Suzanne joins the room
[05:37:11] hildjj joins the room
[05:37:47] <ted.h> Patrick McManus at the mic.
[05:38:18] <ted.h> Agenda bash:  last item changed to "Identify if next drafts" are needed.
[05:38:43] <ted.h> Patrick McManus and Paul Hoffman present.
[05:39:05] <ted.h> Pre-history slide
[05:39:07] Alissa Cooper joins the room
[05:39:36] blassey joins the room
[05:39:57] <ted.h> (Slide numbers are on the top, but showing the slide number from the bottom of the slide before)
[05:40:05] wseltzer@jabber.org joins the room
[05:40:08] Alissa Cooper leaves the room
[05:40:09] Alissa Cooper joins the room
[05:40:10] <ted.h> Now on Recent history slide.  6 month schedule.
[05:40:14] <ted.h> github slide.
[05:40:29] Roger Murray joins the room
[05:40:58] <ted.h> Now on Current Issue Summary slide
[05:41:39] Mikio Hara joins the room
[05:41:59] <ted.h> Two issues worth face to face time slide
[05:42:20] <ted.h> https://github.com/dohwg/draft-ietf-doh-dns-over-https/issues
[05:42:30] <ted.h> Currently discussing issue 11
[05:43:24] <ted.h> Martin Thomson and Mark Nottingham are waiting to pounce.
[05:45:58] <ted.h> Martin Thomson at the mic.
[05:46:28] <ted.h> Reminder; use mic: if you want something reflected.
[05:48:33] <ted.h> mnot next.
[05:50:10] <ted.h> ianswett
[05:51:11] Eliot Lear joins the room
[05:52:26] <hildjj> RFC 6919 has "REALLY SHOULD NOT", but not "REALLY SHOULD".
[05:53:03] <ted.h> Andrew Sullivan at the mic
[05:53:46] <ted.h> John Levine at the mic
[05:54:20] <ted.h> Mark Nottingham
[05:54:32] Andrew Sullivan joins the room
[05:54:38] <Suzanne> @hildjj "REALLY SHOULD WE REALLY MEAN IT" ?
[05:55:13] <hildjj> I was getting up to say just use "RECOMMENDED"
[05:55:18] <ted.h> I really don't think this is arbitrary, but the mic line is cut.
[05:55:33] <hildjj> my statement wasn't important, so i'm not bent out of shape.
[05:56:07] <Andrew Sullivan> I am pretty uncomfortable with Mark's suggestion that we should attempt to make people feel comfy by not using SHOULD, and I'm sorry to make him bristle but if this is not http being used as a transport then I am not sure what it is we're doing
[05:56:23] Alp Toker leaves the room: Disconnected: closed
[05:56:24] Alp Toker joins the room
[05:56:33] <Andrew Sullivan> we literally are encapsulating the 1035 wire format in http.
[05:56:56] <ted.h> Slide listing issues 13,14, 15 (HTTP Caching)
[05:57:35] <ted.h> Once again, Mark and Martin waiting to pounce.
[05:57:38] Alissa Cooper leaves the room
[05:58:03] Eliot Lear leaves the room
[05:58:21] Mark Andrews joins the room
[05:58:32] <Andrew Sullivan> I will be sad if I will have walked into the room thinking this is a good idea, and leave it thinking it's a terrible idea because http doesn't play well with dns use cases :-/
[05:58:36] Daniel Stenberg joins the room
[05:58:36] <ted.h> mnot up.
[05:59:31] <Andrew Sullivan> if people can speak slowly into the mic, it would help fight the white noise of air handling back here
[06:00:27] <ted.h> Martin Thomson at the mic
[06:01:27] <Andrew Sullivan> Every Mac in this room has a client-side DNS cache
[06:01:57] <Andrew Sullivan> Well, maybe not those who're running something other than MacOSX
[06:02:41] <Andrew Sullivan> It's not denial, it's the way the protocol works
[06:03:06] <Andrew Sullivan> It _is_ advisory.  It's not an assumption
[06:03:14] <ted.h> Ben at the floor mic
[06:04:34] <ted.h> Ray Bellis at the mic
[06:04:48] mnot joins the room
[06:04:56] <mnot> examples ++
[06:05:51] Daniel joins the room
[06:06:42] <ted.h> Tale from the chair desk, but apparently as an individual.
[06:07:19] Alp Toker joins the room
[06:07:23] <ted.h> Ralf Weber at the mic
[06:07:32] <Andrew Sullivan> Tale is right about this point, but there's nothing for it given the HTTP semantics.
[06:07:55] <ted.h> Warren Kumari at the mic
[06:11:02] <ted.h> Jim Reid
[06:11:38] <ted.h> Mark Nottingham
[06:12:23] Alp Toker leaves the room: Disconnected: closed
[06:12:36] <Suzanne> Suggest a clarification to the draft re: DNSSEC to say what Paul just said. Right now it seems ever so slightly odd that it doesn't mention DNSSEC at all, even to say "everything works, don't worry about it".
[06:13:39] <Andrew Sullivan> That isn't true at all
[06:13:51] <Andrew Sullivan> there's a DNSSEC timings draft that spends a lot of effort on this very problem
[06:14:11] <Andrew Sullivan> It is possible that Paul hasn't read it, but it is not something that the DNS community hasn't worked on
[06:14:27] Alyssa joins the room
[06:14:37] Alyssa leaves the room: Connection failed: connection closed
[06:14:45] <Andrew Sullivan> DNS is very confusing from the inside too, @mnot :)
[06:15:03] Linjian Song leaves the room
[06:15:23] <Suzanne> @ajs which part isn't true?
[06:15:43] <ted.h> John Levine
[06:15:54] <Andrew Sullivan> the part that wasn't true was Paul H's claim that the DNS community hasn't spent any time on these cache timing questions
[06:15:57] Alp Toker joins the room
[06:16:14] <mnot> http://httpwg.org/specs/
[06:16:15] <ted.h> Martin Thomson at the mic:
[06:16:22] <Andrew Sullivan> there was a _great deal_ of effort spent on this, and indeed at one point the DNSOP WG had two drafts in flight at the same time.
[06:16:27] <Andrew Sullivan> I can't say that they're easy to read
[06:17:27] <ted.h> Would it be valuable to have a separate caching document, so we could update it independently?
[06:17:36] <mnot> Let’s see how big it gets
[06:17:44] <mnot> once it’s defined, I don’t think it should change much
[06:17:50] <Suzanne> Ah OK, many tears have been shed and shirts have been rent on that, yes
[06:19:25] <Andrew Sullivan> I don't fully understand what Martin is asking about
[06:19:58] <mnot> I understand what they’re talking about from an HTTP standpoint
[06:20:05] <mnot> we need a push intro / overview
[06:20:27] <ted.h> I don't think it would do what Martin thinks it will, once it get synthesized with the other elements of a DNS cache.
[06:20:52] <Andrew Sullivan> DNS caches are entirely based on the RRset, not the message
[06:21:01] <Andrew Sullivan> I _think_ this is just the inverse point of that, which came up earlier
[06:21:16] <Andrew Sullivan> but I think he was speaking too shorthandy for me to understand properly
[06:21:36] Samuel Weiler joins the room
[06:22:03] <ted.h> Authors leave pink box, mic lines open for "what other technical issues"
[06:22:06] <ted.h> Ray Bellis at the mic
[06:22:51] <ted.h> Eliot Lear at the mic:
[06:23:31] <Suzanne> I got all wincey at the idea of changing how DNS responses work, even just within the encapsulation, because it sounded like re-slicing what DNS already does with rules for RRsets in responses. But I may well have misunderstood, so if anyone who does understand the question clearly thinks we have a problem, that I-D would be a good thing to have.
[06:25:43] Alp Toker leaves the room: Disconnected: closed
[06:26:21] <ted.h> Patrick McManus responds to Eliot
[06:26:57] Alp Toker joins the room
[06:28:06] <ted.h> Tale describes an ecosystem document from the chair.
[06:28:24] <ted.h> Stephen Ng at the mic:
[06:29:52] <Andrew Sullivan> It seems clear this can't be a replacement of UDP/TCP 53, because you couldn't bootstrap your http resolver in a lot of cases, surely.
[06:30:02] <Andrew Sullivan> I didn't think anyone was proposing a replacement, were they?
[06:30:46] <Andrew Sullivan> Oh, I get it.  Never mind.
[06:30:48] <ted.h> Doesn't that have the same issues with mandating HTTP/2  How will you react when a javascript implementation doesn't do it?
[06:31:11] <ted.h> Adam Roach, hat free.
[06:32:42] Alp Toker leaves the room: Disconnected: closed
[06:32:51] <ted.h> Mark Nottingham asks about the ecosystem document
[06:32:54] <ted.h> Tale responds
[06:33:23] Alyssa joins the room
[06:33:32] Alyssa leaves the room: Connection failed: connection closed
[06:33:49] <Samuel Weiler> I opened a pull request that starts to talk about validation.
[06:35:29] <ted.h> DHC, here we come!
[06:35:57] <Samuel Weiler> NOOOOOOOOOOO
[06:36:37] <ted.h> Martin Thomson at the mic
[06:36:53] <mnot> +1 to a reasonable amount of text from eliot in the draft
[06:37:39] <mnot> agreed with MT, but it’s no different than the client configuring 8.8.8.8 etc.
[06:37:55] <mnot> i.e., these questions aren’t *new*
[06:38:07] <ted.h> @mnot there are already a variety of ways that gets configured, including enterprise config tool.
[06:38:09] Alp Toker joins the room
[06:39:05] <mnot> “discovery” is someone convincing the user that it’s a good idea to configure, or as ted says, some management process.
[06:39:11] <ted.h> Andrew Sullivan at the mic
[06:40:45] <ted.h> Poison over HTTP (is POH, instead of DOH)
[06:40:53] <ted.h> Patrick McManus at the mic
[06:42:59] <Andrew Sullivan> The "origin" stuff, which I think I understand, almost certainly won't prevent poison.
[06:43:29] Alp Toker leaves the room: Disconnected: closed
[06:43:34] Alp Toker joins the room
[06:43:37] <ted.h> @Andrew if you have the DOH server configured as a recursive resolver, it will not.  But if it is not, it should not be giving you any DNS info.
[06:43:44] <Andrew Sullivan> Indeed, only this week we discovered that everyone in DNSOP doesn't fully understand precisely what RFC1034 says about referrals.
[06:43:55] Alp Toker leaves the room: Disconnected: closed
[06:44:01] <mnot> if folks have a concern about poison, it would be very helpful to see an example of how that would work.
[06:44:06] <ted.h> @Andrew there's a belief a server could give you DNS data for itself, even if its not configured as a recursive resolver.  I think that's wrong.
[06:44:26] <Andrew Sullivan> @ted: yes.  And I think we need to work that stuff out explicitly.
[06:44:28] <ted.h> Mike Bishop
[06:44:47] Cullen Jennings joins the room
[06:45:02] <ted.h> Even DNSSEC can confirm correct but suboptimal info, which is a way of getting poison through.
[06:45:18] <ted.h> I would not trust it from random sources, even if it is DNSSEC validated.
[06:45:27] <ted.h> Erik Kline
[06:45:46] <Andrew Sullivan> We have resilience stuff in DNS, but of course that resilience stuff depends on the QID and some other things, and the QID is lost in this protocol
[06:46:33] <ted.h> Martin Thomson replies to Erik.
[06:47:04] <ted.h> Lorenzo and Eliot still in line.
[06:47:20] <Andrew Sullivan> This discussion once again reminds me how _completely strange_ DNS is as a protocol.  Things that all the DNS geeks in the room are just used to are insane for lots of other people
[06:47:50] <ted.h> Lorenzo at the mic
[06:48:38] <ted.h> Paul Hoffman answering Lorenzo
[06:49:17] <Andrew Sullivan> I think these seemingly-naïve questions are good.  I think the point is that there's a whole lot of stuff that is currently implicit in the i-d but probably needs to be made explicit
[06:49:24] <mnot> +1
[06:50:22] <ted.h> Eliot at the mic
[06:50:23] <mnot> I think it’s good to understand what we’re doing.
[06:51:35] <ted.h> Timing draft?
[06:51:35] <Andrew Sullivan> And what "we" are :-)
[06:52:50] <ted.h> Alex at the mic
[06:52:57] <ted.h> Paul Hoffman responding
[06:53:44] Christian Amsüss joins the room
[06:54:07] <ted.h> Andrew Sullivan
[06:56:06] <Kal Feher> I hope I have this right a DOH server is supposed to just encap dns naively and send thru to the client. one imagines a situation that a server takes some kind of action based on the dns response.  
[06:56:17] <ted.h> Sam Weiler
[06:56:40] blassey leaves the room: Disconnected: closed
[06:56:40] ted.h leaves the room
[06:56:47] Samuel Weiler leaves the room
[06:56:52] hildjj leaves the room
[06:56:54] Roger Murray leaves the room
[06:57:03] mnot leaves the room
[06:57:03] m&m leaves the room
[06:57:16] meetecho leaves the room
[06:57:17] Andrew Sullivan leaves the room
[06:57:22] Suzanne leaves the room
[06:57:53] John Border leaves the room
[06:57:58] Kal Feher leaves the room
[06:58:03] Mark Andrews leaves the room
[06:58:28] Mikio Hara leaves the room
[06:58:29] Daniel Stenberg leaves the room
[06:58:29] Christian Amsüss leaves the room
[06:58:29] Cullen Jennings leaves the room
[06:58:29] Vipul Mathur leaves the room
[06:59:25] Alp Toker joins the room
[07:02:38] hildjj joins the room
[07:05:10] Andrew Sullivan joins the room
[07:10:04] Andrew Sullivan leaves the room
[07:10:22] frodek leaves the room
[07:10:40] Daniel leaves the room: offline
[07:13:00] Alp Toker leaves the room: Disconnected: closed
[07:15:37] Alp Toker leaves the room: Disconnected: closed
[07:17:36] frodek joins the room
[07:18:52] hildjj leaves the room
[07:19:08] frodek leaves the room
[07:22:08] Alyssa joins the room
[07:22:22] Alyssa leaves the room: Connection failed: connection closed
[07:24:14] Alp Toker joins the room
[07:33:22] wseltzer@jabber.org leaves the room
[07:35:10] Alp Toker joins the room
[07:35:10] Alp Toker leaves the room: Disconnected: closed
[07:37:49] Samuel Weiler joins the room
[07:37:52] Yoshiro Yoneya leaves the room
[07:37:57] Yoshiro Yoneya joins the room
[07:38:10] Yoshiro Yoneya leaves the room
[07:39:36] wseltzer joins the room
[07:39:37] mnot joins the room
[07:40:18] Alp Toker joins the room
[07:40:36] hildjj joins the room
[07:41:52] wseltzer leaves the room
[07:45:32] hildjj leaves the room
[07:47:46] Roger Murray joins the room
[07:48:11] Roger Murray leaves the room
[07:48:25] Roger Murray joins the room
[07:50:39] blassey joins the room
[07:50:51] Samuel Weiler leaves the room
[07:52:42] m&m joins the room
[07:53:19] Alp Toker leaves the room: Disconnected: closed
[07:53:20] Alp Toker joins the room
[07:54:57] Suzanne joins the room
[07:56:08] ted.h joins the room
[07:57:04] Alp Toker leaves the room: Disconnected: closed
[07:58:37] Roger Murray leaves the room
[08:01:53] wseltzer joins the room
[08:03:20] Alp Toker joins the room
[08:08:29] Alp Toker leaves the room
[08:08:30] Alp Toker leaves the room: Disconnected: closed
[08:08:34] Alp Toker joins the room
[08:08:40] blassey leaves the room: Disconnected: No route to host
[08:14:22] wseltzer leaves the room
[08:20:23] wseltzer joins the room
[08:21:32] ted.h leaves the room
[08:26:22] wseltzer leaves the room
[08:30:21] mnot leaves the room
[08:30:24] wseltzer joins the room
[08:31:49] ted.h joins the room
[08:37:56] wseltzer leaves the room
[08:44:14] Alp Toker leaves the room
[08:49:06] ted.h leaves the room
[08:58:49] Samuel Weiler joins the room
[08:59:06] wseltzer joins the room
[09:09:22] wseltzer leaves the room
[09:11:45] Samuel Weiler leaves the room
[09:16:23] Suzanne leaves the room
[09:18:46] Suzanne joins the room
[09:25:23] Suzanne leaves the room
[09:26:49] Samuel Weiler joins the room
[09:29:04] Samuel Weiler leaves the room
[09:44:02] m&m leaves the room
[10:14:33] Samuel Weiler joins the room
[10:22:48] wseltzer joins the room
[10:28:46] wseltzer leaves the room
[10:35:12] Samuel Weiler leaves the room
[10:56:37] Alyssa joins the room
[11:02:03] Samuel Weiler joins the room
[11:02:26] Alyssa leaves the room: Connection failed: connection closed
[11:02:33] Samuel Weiler leaves the room
[14:54:21] Samuel Weiler joins the room
[15:09:36] Samuel Weiler leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!