[11:05:20] chi.jiun.su joins the room
[11:40:45] jmagallanes leaves the room
[11:40:46] jmagallanes joins the room
[13:14:55] avezza joins the room
[13:17:50] sd139@jabber.uk joins the room
[13:46:33] sd139@jabber.uk leaves the room
[13:58:10] Brian Haberman joins the room
[13:58:29] Brian Haberman has set the subject to: DPRIVE - IETF 108
[13:59:29] Meetecho joins the room
[14:00:01] Paolo Saviano joins the room
[14:00:01] Bernie Innocenti joins the room
[14:00:01] Andrew McConachie joins the room
[14:00:01] Petr Spacek joins the room
[14:00:01] Daniel Gillmor joins the room
[14:00:01] Zaid AlBanna joins the room
[14:00:01] Pallavi Aras joins the room
[14:00:01] Mark Andrews joins the room
[14:00:01] Willem Toorop joins the room
[14:00:01] Tim Wicinski joins the room
[14:00:01] PE joins the room
[14:00:01] Alister Winfield joins the room
[14:00:01] Robin Geuze joins the room
[14:00:01] Peter van Dijk joins the room
[14:00:02] Brian Haberman_234 joins the room
[14:00:09] Markus joins the room
[14:00:16] dmcardle joins the room
[14:00:20] Paul Hoffman joins the room
[14:00:22] Kazunori Fujiwara joins the room
[14:00:23] Andrew McConachie leaves the room
[14:00:25] Tim April joins the room
[14:00:25] Dan McArdle joins the room
[14:00:36] Andrew McConachie joins the room
[14:01:04] Swapneel Sheth joins the room
[14:01:22] sd139@jabber.uk joins the room
[14:01:27] Yoshiro Yoneya joins the room
[14:01:34] Suzanne Woolf joins the room
[14:01:57] alex-meetecho joins the room
[14:01:58] Kris Shrishak joins the room
[14:02:12] Éric Vyncke joins the room
[14:02:52] Sara Dickinson joins the room
[14:02:56] Eric Vyncke joins the room
[14:02:58] Ralph Dolmans joins the room
[14:03:02] Matthew Quick joins the room
[14:03:06] <Zaid AlBanna> Yes I can here you
[14:03:11] <Paul Hoffman> We can hear Tim
[14:03:22] <Eric Vyncke> We even see Brian :-)
[14:03:33] Ted Hardie joins the room
[14:03:40] Ralf Weber joins the room
[14:03:44] <Paul Hoffman> Seeing is not hearing, as Meetecho constantly proves...
[14:03:55] Mike Bishop joins the room
[14:03:57] <Eric Vyncke> ;-)
[14:04:09] Yoshiro Yoneya / 米谷嘉朗 joins the room
[14:04:10] Hitesh Kotian joins the room
[14:04:13] Steve Olshansky joins the room
[14:04:34] James Galvin joins the room
[14:04:41] Robert Story joins the room
[14:04:53] <Brian Haberman> @meetecho : I am getting an "audo closed" message whenever I press the Send Audio button.
[14:05:14] Simon Vera-Schockner joins the room
[14:05:18] <Paul Hoffman> That happened to Ralf yesterday in ADD, I believe
[14:05:19] Scott Hollenbeck joins the room
[14:05:21] Han Zhang joins the room
[14:05:27] Avri Doria joins the room
[14:05:36] <Daniel Gillmor> brian: browser mic permissions?
[14:05:42] <Meetecho> Brian Haberman: did you reject permission to share the audio by mistake, by any chance? Depending on the browser, it may be remembering this and preventing further attempts
[14:06:01] <Brian Haberman_234> I actually accepted permissions. Let me try again.
[14:06:02] Jean-Michel Combes joins the room
[14:06:07] Brian Haberman_234 leaves the room
[14:06:13] <Meetecho> If this is Chrome, you can reset permissions here chrome://settings/content/microphone
[14:06:15] willem joins the room
[14:06:26] Brian Haberman_663 joins the room
[14:06:26] <Tim Wicinski> Brian is just forcing me to do all the work today.
[14:06:35] <Meetecho> If you're on MacOS Catalina, it may be a provacy policy in the OS, and so you'd need to allow the browser to access mic/webcam in the first place
[14:06:36] Ray Bellis joins the room
[14:06:40] Benno Overeinder joins the room
[14:06:44] Joseph Yee joins the room
[14:06:47] <Daniel Gillmor> when there are 233 other Brian Haberman's, it's got do be exhausting
[14:07:04] <Meetecho> It's usually only needed for screen sharing, on Catalina, but some people needed to do it for mic/webcam too
[14:07:13] Swapneel Patnekar joins the room
[14:07:20] tale joins the room
[14:07:32] Brian Haberman_663 leaves the room
[14:07:42] Florian Obser joins the room
[14:07:49] <tale> Good morning/afternoon/evening/night!
[14:08:08] Roman Danyliw joins the room
[14:08:10] Benno Overeinder leaves the room
[14:08:16] Jorge Cano joins the room
[14:08:16] Benno Overeinder joins the room
[14:08:18] <Peter van Dijk> generic UTC greeting to you!
[14:08:20] Wes Hardaker joins the room
[14:08:22] Dan Druta joins the room
[14:08:32] Huaru Yang joins the room
[14:08:37] Richard Wilhelm joins the room
[14:08:39] <Meetecho> Brian Haberman: not sure if you managed to read my previous messages before you left? Chat history is sometimes unavailable to some users
[14:08:41] Brian Haberman_307 joins the room
[14:08:44] <Eric Vyncke> Generic Local Time greeting to you ;)
[14:08:50] Duane Wessels joins the room
[14:08:55] rickwilhelm-Verisign@jabb3r.org joins the room
[14:09:13] Shivan Sahib joins the room
[14:09:14] <tale> YEs
[14:09:15] Jonathan Reed joins the room
[14:09:17] <tale> We hear now
[14:09:24] <Zaid AlBanna> YICHY
[14:09:29] Chi-Jiun Su joins the room
[14:09:32] Shumon Huque joins the room
[14:09:32] John Border joins the room
[14:09:32] John Levine joins the room
[14:09:33] Eric Rescorla joins the room
[14:09:45] Alister Winfield leaves the room
[14:09:50] Alister Winfield joins the room
[14:09:57] <Eric Vyncke> Took me 10 sec to decode Yes I Can Hear You
[14:10:03] Renjie Tang joins the room
[14:10:05] Alessandro Ghedini joins the room
[14:10:05] Shumon Huque_ joins the room
[14:10:12] Pieter Lexis joins the room
[14:10:12] Michael Breuer joins the room
[14:10:15] Alister Winfield leaves the room
[14:10:20] Alister Winfield joins the room
[14:10:21] Barbara Stark joins the room
[14:10:35] <Zaid AlBanna> it sounds funny :)
[14:10:37] Joe Harvey joins the room
[14:10:40] Francois Ortolan joins the room
[14:10:42] Kazuho Oku joins the room
[14:10:42] Allison Mankin joins the room
[14:10:43] Samuel Weiler joins the room
[14:10:46] Alister Winfield leaves the room
[14:10:46] Willem Toorop leaves the room
[14:10:50] Alister Winfield joins the room
[14:10:54] Willem Toorop joins the room
[14:10:57] Vittorio Bertola joins the room
[14:11:10] Hugo Salgado joins the room
[14:11:13] Hugo Salgado (jabber) joins the room
[14:11:15] Alister Winfield leaves the room
[14:11:20] Alister Winfield joins the room
[14:11:22] Erik Nygren joins the room
[14:11:23] David Smith joins the room
[14:11:33] Erik Kline joins the room
[14:11:41] Erik Nygren leaves the room
[14:11:42] Kazuho Oku leaves the room
[14:11:44] <Paul Hoffman> Works for me. But not all use cases are related to my draft.
[14:11:45] Robin Geuze leaves the room
[14:11:46] Erik Nygren joins the room
[14:11:47] Alister Winfield leaves the room
[14:11:50] Alister Winfield joins the room
[14:11:52] Robin Geuze joins the room
[14:11:53] Eric Orth joins the room
[14:12:02] <Peter van Dijk> Yes, agreed
[14:12:03] Jim Reid joins the room
[14:12:06] Erik Nygren leaves the room
[14:12:06] Robin Geuze leaves the room
[14:12:11] Erik Nygren joins the room
[14:12:13] Robin Geuze joins the room
[14:12:14] <Peter van Dijk> but it would be good if everybody had seen your last slide before talking about -any- use cases :)
[14:12:18] Alister Winfield leaves the room
[14:12:20] Alister Winfield joins the room
[14:12:25] Amelia Andersdotter joins the room
[14:12:27] Zaid AlBanna leaves the room
[14:12:34] Zaid AlBanna joins the room
[14:12:38] Peter Koch joins the room
[14:12:39] <Paul Hoffman> I _like_ good last slides. :-)
[14:12:41] Monika Ermert joins the room
[14:12:45] Alister Winfield leaves the room
[14:12:47] Alister Winfield joins the room
[14:12:56] nygren joins the room
[14:13:00] Emmanuel Bretelle joins the room
[14:13:29] Alister Winfield leaves the room
[14:13:29] Alister Winfield joins the room
[14:13:46] <Ted Hardie> Sustainable. Organic. IETF participants.
[14:13:55] Joey Salazar joins the room
[14:14:00] Puneet Sood joins the room
[14:14:13] John Levine_ joins the room
[14:14:15] Suzanne Woolf leaves the room
[14:14:24] Suzanne Woolf joins the room
[14:14:36] Alexander Mayrhofer joins the room
[14:14:53] Francois Ortolan leaves the room
[14:14:55] Simon Vera-Schockner leaves the room
[14:14:55] Simon Vera-Schockner joins the room
[14:15:27] Tim Wicinski leaves the room
[14:15:30] Tim Wicinski joins the room
[14:15:42] Sam Weiler joins the room
[14:16:00] James Gould joins the room
[14:16:08] Zaid AlBanna leaves the room
[14:16:12] Zaid AlBanna joins the room
[14:16:25] James Gould leaves the room
[14:16:28] <Eric Vyncke> Big big thank to the RFC 7626 bis original authors and to the WG
[14:16:30] James Gould joins the room
[14:16:36] Simon Hicks joins the room
[14:16:41] Mohit Sethi joins the room
[14:16:50] James Gould leaves the room
[14:17:13] Mohit Sethi leaves the room
[14:17:39] Pete Resnick joins the room
[14:17:45] <Peter van Dijk> Tim, I don't know if I'm set up for screen sharing, can you present my PDF when it's time?
[14:17:47] James Gould joins the room
[14:17:59] Andrew Campling joins the room
[14:18:10] vladimir.cunat joins the room
[14:18:29] Desiree Miloshevic joins the room
[14:18:29] <Tim Wicinski> yes that was our plan
[14:18:37] andrew_campling joins the room
[14:18:42] Suzanne Woolf leaves the room
[14:18:49] <Peter van Dijk> :thumbsup:
[14:19:10] Frode Kileng joins the room
[14:19:47] <Brian Haberman_307> @Eric: Definitely a big "thank you" to the authors!
[14:19:51] Suzanne Woolf joins the room
[14:21:58] James Adair joins the room
[14:22:54] Renjie Tang leaves the room
[14:23:16] <Sam Weiler> "zot" the nameserver?
[14:23:55] Dan York joins the room
[14:23:56] <Pallavi Aras> XoT= "Xfr over TLS"
[14:24:07] Burt Kaliski joins the room
[14:24:13] <Pallavi Aras> Zone Transfer over TLS
[14:25:41] Guillermo Cicileo joins the room
[14:26:14] <Eric Vyncke> "zot" in vernicular Flemish means "dumb"
[14:26:22] <Eric Vyncke> ;-)
[14:26:22] Suzanne Woolf leaves the room
[14:26:22] Suzanne Woolf joins the room
[14:26:39] <Ray Bellis> I can't remember the rationale, unless it was in anticipation of DOT.
[14:26:39] frodek joins the room
[14:26:40] <Robin Geuze> or "weird"
[14:26:41] rstory joins the room
[14:26:52] <Daniel Gillmor> see also Scott McCloud's canonical series
[14:26:54] <Mark Andrews> prevent resource exhaustion
[14:27:04] <Puneet Sood> head of line blocking due to lots of XFR traffic?
[14:27:21] <Tim Wicinski> Mr Gillmor with the properly aged reference
[14:27:32] rstory leaves the room
[14:27:42] <andrew_campling> "Zot the Nameserver" sounds like a medieval ruler, probably from Eastern Europe :)
[14:27:59] HAIGUANG Wang joins the room
[14:28:56] <Sam Weiler> Now I'm thinking of Rob's "one name [wraith] to rule them all" shirts.
[14:29:02] <Allison Mankin> Oh, dear, about zot. We need to pronounce it more clearly as iks-ot
[14:29:41] <Eric Vyncke> ;-)
[14:29:48] Suzanne Woolf leaves the room
[14:30:20] ekr@jabber.org joins the room
[14:30:47] John Border leaves the room
[14:30:50] John Border joins the room
[14:31:22] Tim Wicinski leaves the room
[14:31:27] Tim Wicinski joins the room
[14:31:52] Suzanne Woolf joins the room
[14:32:03] Tim Wicinski leaves the room
[14:32:13] Tim Wicinski joins the room
[14:32:17] <Ray Bellis> don't put it in XOT - use a Stateful DNS option instead
[14:32:49] Tim Wicinski leaves the room
[14:32:53] Tim Wicinski joins the room
[14:33:09] Dragana Damjanovic joins the room
[14:33:09] <vladimir.cunat> extended DNS error codes won't be enough?
[14:33:24] <Allison Mankin> Ray, there's a separate draft about how stateful DNS might do a XOT
[14:33:28] Vittorio Bertola leaves the room
[14:33:30] Vittorio Bertola joins the room
[14:33:41] <Ray Bellis> @Allison ack
[14:33:51] Matt Green joins the room
[14:34:03] <Brian Haberman_307> If anyone wants their questions reflected to the audio, please let me know by tagging messages with "mic:"
[14:34:04] <Ray Bellis> but please leave throttling etc type issues to that version
[14:34:40] <Allison Mankin> That's a good point, Ray. We'll review.
[14:34:41] Peter Koch leaves the room
[14:34:41] Tim April leaves the room
[14:34:43] Peter Koch joins the room
[14:34:44] <Pete Resnick> @Brian: There are already two people in the queue to ask questions. It might help to answer them before they are forgotten.
[14:34:44] Tim April joins the room
[14:35:04] Alissa Cooper joins the room
[14:35:27] <Daniel Gillmor> he's aware and has checked in with me -- i'm fine holding til the end of Sara's presentation
[14:35:30] <Brian Haberman_307> @Pete: We are holding questions for the end of the presentation.
[14:35:34] <Peter van Dijk> same
[14:35:40] <Pete Resnick> ack
[14:36:00] <Mark Andrews> A packet can still be 64k with compression
[14:36:16] <vladimir.cunat> pointer refer to the first 16k
[14:36:16] <Pete Resnick> (As a listener, I like interruptions for questions. I have a short attention span.)
[14:36:18] <Ray Bellis> it just won't be as efficient
[14:36:57] Kaveh Ranjbar joins the room
[14:37:08] Chi-Jiun Su leaves the room
[14:37:38] Chi-Jiun Su joins the room
[14:38:03] Chi-Jiun Su leaves the room
[14:38:18] <andrew_campling> ALPN to be encrypted in ECH?
[14:38:26] Chi-Jiun Su joins the room
[14:38:27] Pete Resnick leaves the room
[14:38:32] Chi-Jiun Su leaves the room
[14:38:32] Chi-Jiun Su joins the room
[14:38:33] Pete Resnick joins the room
[14:38:57] Chi-Jiun Su leaves the room
[14:39:22] Chi-Jiun Su joins the room
[14:39:24] Chi-Jiun Su leaves the room
[14:39:24] Chi-Jiun Su joins the room
[14:39:33] Chi-Jiun Su leaves the room
[14:39:33] Chi-Jiun Su joins the room
[14:39:58] Chi-Jiun Su leaves the room
[14:40:21] Matthew Quick leaves the room
[14:40:25] Chi-Jiun Su joins the room
[14:40:29] Matthew Quick joins the room
[14:40:30] <nygren > IIRC there's a public and actual ALPN in ECH. (The echconfig can specify a alpn to be included in the cleartext but the actual alpn is encrypted.)
[14:40:40] Chi-Jiun Su leaves the room
[14:41:04] Chi-Jiun Su joins the room
[14:41:06] <ekr@jabber.org> Are there valid reasons to do both axfr and resolution over the same connection?
[14:41:10] Chi-Jiun Su leaves the room
[14:41:10] Chi-Jiun Su joins the room
[14:41:25] Chi-Jiun Su leaves the room
[14:41:44] Eric Kinnear joins the room
[14:42:44] <Peter Koch> any real operator requirements regarding concealing the _fact_ that an AXFR is in progress?
[14:42:49] <Daniel Gillmor> ekr: sure, if you already have a connection established
[14:42:53] Chi-Jiun Su joins the room
[14:43:20] <ekr@jabber.org> @DKG: that's what I thought
[14:43:22] <Erik Kline> nygren: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-07#section-3.2 mentioned having an outer, innocuous ALPN
[14:43:31] Vittorio Bertola leaves the room
[14:43:34] Vittorio Bertola joins the room
[14:43:47] <Ray Bellis> personally I'd recommend against *not* mixing the two. If you've got an AXFR in progress it'll block any further "normal" queries over the same connection
[14:44:06] Zaid AlBanna leaves the room
[14:44:08] Monika Ermert leaves the room
[14:44:08] <Ray Bellis> (until the AXFR has completed)
[14:44:11] Monika Ermert joins the room
[14:44:12] <Daniel Gillmor> "recommend against not mixing" means "recommend mixing" ?
[14:44:13] Zaid AlBanna joins the room
[14:44:27] <Ray Bellis> duh, sorry, unintended double negative
[14:44:51] <Ray Bellis> I recommend "do not mix them"
[14:44:55] Eric Rescorla leaves the room
[14:44:58] <Daniel Gillmor> gotcha, thanks
[14:45:05] Eric Rescorla joins the room
[14:45:07] <Ray Bellis> thanks for the spot
[14:45:28] <ekr@jabber.org> yeah, so this seems like the wrong answer. We already have a perfectly good ALPN "dot"
[14:45:41] <nygren > Another option could be to use SNI? Then different hostnames could just be used in cases where demuxing is needed.
[14:46:41] <nygren > Did the "dot" ALPN get defined/registered anywhere yet? I thought it hadn't (which has been a pain for cases and results in some squatting on it.)
[14:47:08] <Allison Mankin> We have guidance for resumption in 7858
[14:47:16] <Erik Kline> nygren: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
[14:47:17] <Robin Geuze> https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
[14:47:18] <Daniel Gillmor> ekr: looks like the semantics here shift -- alpn "xot" can only handle certain query/response types
[14:47:28] <Daniel Gillmor> while alpn "dot" can handle all of them
[14:47:46] <Daniel Gillmor> (I think peter's point about additional codepaths is relevant here)
[14:48:05] <Peter van Dijk> I strongly imagine we (powerdns/dnsdist) would implement this by ignoring the ALPN and being done
[14:48:08] <ekr@jabber.org> I think I muse have missed this point
[14:48:16] <ekr@jabber.org> Can someone repeat it
[14:48:38] <Peter van Dijk> ekr, without the ALPN bit in the draft, you can put stunnel or haproxy in front of your BIND and be compliant, done
[14:48:48] <Peter van Dijk> with the ALPN bit, you can't do that
[14:48:54] <Daniel Gillmor> because you have to filter queries
[14:49:09] <Peter van Dijk> yes, which haproxy doesn't know how to do, for example
[14:49:15] <John Levine_> @ray AXFR results come back in 64K chunks, other results can be interleaved
[14:49:22] <Daniel Gillmor> right, because haproxy is application-agnostic
[14:49:46] <Jonathan Reed> s/hidden master/hidden primary/g; in my comment.
[14:51:11] <Mike Bishop> Would it be more acceptable if the definition of the ALPN was that the client MUST NOT make other requests, but the server is permitted to?
[14:51:32] <Mike Bishop> (to answer them if received, that is)
[14:51:42] <Peter van Dijk> it would help but then you assume that no other types will make sense around an XFR in the future
[14:51:55] <Peter van Dijk> *still assume
[14:52:06] <nygren > (I guess I got confused as RFC 7858 <https://tools.ietf.org/html/rfc7858> doesn't register the "dot" alpn.)
[14:52:09] <Allison Mankin> A DNS resolver can't cleanly refuse a query
[14:53:14] <Jonathan Reed> It was registered post-facto, but is on the IANA page now.
[14:53:17] <John Levine_> it can answer REFUSED
[14:53:33] <tale> I'm not sure what you mean, Allison, since I know you know REFUSED but somehow that contravenes your "cleanly" criteria.
[14:54:03] <Robin Geuze> but REFUSED implies that the auth does not know the zone at all
[14:54:18] <Allison Mankin> It's the cleanly. REFUSED is ambiguous in DNS - having a REFUSED with this is likely to cause issues
[14:54:24] <John Levine_> no, it just means I'm nto going to answer your question
[14:54:28] <vladimir.cunat> With extended DNS errors it can even provide more information about the refusal.
[14:54:33] <Robin Geuze> there is no real way to signal "answer on a different connection"
[14:54:42] <Allison Mankin> Right
[14:55:08] <ekr@jabber.org> I just don't know,what do I do if someone asks for an axfr and I don't want to do it?
[14:55:24] <Paul Hoffman> My apologies. I must leave now and not give my presentation.
[14:55:26] <tale> I've thought for a couple of years that we need a clarification on tc, especially given the argument about size limits in DoH.
[14:55:34] Ulrich Wisser joins the room
[14:55:34] <Tim Wicinski> okay paul
[14:55:41] Shwetha Bhandari joins the room
[14:56:39] Paul Hoffman leaves the room
[14:57:22] <vladimir.cunat> $ kdig AXFR cz @c.ns.nic.cz
;; AXFR for cz.
;; ERROR: server replied with error 'NOTAUTH'
[14:58:05] <ekr@jabber.org> I'll ask this at the mic,but what would you do if I offered ALPN=xot and then started doing non-axfr queries
[14:59:08] <Mike Bishop> Seems like there's a good direction in defining a generic mechanism for: a) restrictions on what types of requests I'll serve you, and b) rejection of a request I'm not willing to answer on this connection.
[14:59:16] <Mike Bishop> Is the first something you could do in EDNS0?
[14:59:39] <Tim Wicinski> the authserver-info draft Puneet and Paul have may be useful here
[14:59:57] Shwetha Bhandari leaves the room
[15:01:05] <tale> Yes, Mike, in a way. For servers doing EDNS0. And someone already mentioned the recently done Extended Errors draft which could support that sort of signalling.
[15:01:25] <Peter van Dijk> the XoT draft even mentions EDE for this purpose
[15:01:38] <tale> (EDE = extended error)
[15:01:40] <Peter van Dijk> If a XoT server receives traffic other than XoT traffic on a XoT connection it MUST respond with the extended DNS error code 21 - Not Supported [I-D.ietf-dnsop-extended-error]. It SHOULD treat this as protocol error and close the connection.
[15:02:06] <Ray Bellis> AXFR targets are identified by IP, not by name.
[15:02:53] <Ray Bellis> this would be a major change to configurations
[15:03:32] willem leaves the room: Disconnected: closed
[15:03:34] <Peter van Dijk> but, those configurations already need additional data for, say, checking the server cert
[15:04:14] willem joins the room
[15:05:05] <Ray Bellis> true
[15:06:04] <nygren > and haproxy and the like presumably already have good support for demuxing based on SNI to different backends.
[15:06:14] <Peter van Dijk> yes
[15:06:26] Sandeep Rao joins the room
[15:06:58] <Robin Geuze> haproxy can also demux on alpn though ;)
[15:07:01] <Alister Winfield> SNI I feel is more useful especially if you have split views etc.
[15:07:13] <Joey Salazar> makes using sni seem like a good idea more and more
[15:07:29] Suzanne Woolf leaves the room
[15:07:34] Suzanne Woolf joins the room
[15:08:39] Tim Wicinski leaves the room
[15:08:42] Tim Wicinski joins the room
[15:09:30] Tim Wicinski leaves the room
[15:09:32] Tim Wicinski joins the room
[15:10:12] <Daniel Gillmor> are other folks seeing repeated slide stream restarts?
[15:10:51] <Joey Salazar> yes
[15:11:16] <Joey Salazar> but seems to have stopped
[15:11:57] Jorge Cano leaves the room
[15:12:27] <Tim Wicinski> Apologies - thunderstorms been going on for several hours. I'm getting regular reconnects. Alerted Brian to step up
[15:14:34] Tim Wicinski leaves the room
[15:14:36] Tim Wicinski joins the room
[15:16:31] <Dan York> Are minutes being taken? Just joining again and I don't see anything at https://codimd.ietf.org/notes-ietf-108-dprive
[15:16:45] Guillermo Cicileo leaves the room
[15:16:58] Guillermo Cicileo joins the room
[15:17:22] Monika Ermert leaves the room
[15:17:25] <Brian Haberman> @Dan : I thought Tim was taking notes. The chairs will figure out what is going on.
[15:17:29] Monika Ermert joins the room
[15:18:00] Alissa Cooper leaves the room
[15:18:33] Guillermo Cicileo leaves the room
[15:18:40] <Tim Wicinski> taking notes locally as I was having random reconnects.
[15:18:48] Guillermo Cicileo joins the room
[15:19:14] <Sam Weiler> Why not just use the DS? You have a hash there - why direct to the child, where you have to then get the DNSKEY (whcih you need to validate the TLS connection)?
[15:19:35] <Robin Geuze> we do use the DS
[15:19:47] <Duane Wessels> there is no dnskey in the child. its a pseudo dnskey
[15:19:57] <vladimir.cunat> You can't afford to get the DNSKEY.
[15:20:10] Chris Box joins the room
[15:20:19] <Sam Weiler> okay, I think I got it.
[15:20:24] <Robin Geuze> the DNSKEY mentioned is a virtual one constructed by the client based on the public key send during the TLS handshake
[15:20:44] <Ray Bellis> oh god, where do we start...
[15:21:17] Hugo Salgado leaves the room
[15:21:19] <Alexander Mayrhofer> Hm. I like the simplicity of clever hacks, admitted. And that one qualifies :)
[15:21:31] Mark Andrews leaves the room
[15:21:34] Hugo Salgado (jabber) leaves the room
[15:21:38] Mark Andrews joins the room
[15:21:45] <Alexander Mayrhofer> But, yeah, do we want "clever hacks" in the DNS..
[15:22:03] <Ray Bellis> the abuse of the semantics is unrivalled in anything I can remember
[15:22:09] <John Levine_> it's a gross kludge but in a good way
[15:22:13] <Peter Koch> maybe go back and start actual _protocol design_, SCNR
[15:22:18] <Sam Weiler> Ray++. I'm not speaking against it yet, though.
[15:22:24] <Daniel Gillmor> Ray, surely your memory is better than that
[15:22:36] <Peter van Dijk> haha
[15:22:41] <Peter van Dijk> thank you all, those are pretty kind words :)
[15:22:47] <Sam Weiler> it's better than adding a new RRtype at the parent.
[15:23:11] <vladimir.cunat> better in the hackiness factor, for sure
[15:23:15] <Peter van Dijk> a new RRtype at the parent would be clean design; it's also, I think, unfeasible
[15:23:22] James Adair leaves the room
[15:23:34] <Sam Weiler> new RRtypes only at the parent are crazy problematic.
[15:23:47] <Robin Geuze> the problem with a new RRtype is that you need two drafts, and 3 different people to implement them
[15:23:59] <Daniel Gillmor> they seem basically impossible. we're lucky that we have DS at the parent as widely as we do
[15:24:09] <Robin Geuze> you need a draft for the RRType, you need an EPP draft to actually get it there
[15:24:14] <Sam Weiler> that. is. not. the. problem. (with an RR type only at the parent)
[15:24:29] <Robin Geuze> and then you need the registry, the registrar and the DNS operator to implement it
[15:24:48] <Sam Weiler> okay, fine, those are ALSO problems. :-)
[15:25:06] <Ray Bellis> I can't see any analysis in the draft as to why the record has to be on the parent side of the zone cut
[15:25:23] <Robin Geuze> how would you do end-to-end crypto otherwise?
[15:25:25] <Ray Bellis> or is that supposed to be "self evident"
[15:25:38] <Peter van Dijk> if it's on the child side, you already leak that you are visiting facebook.com
[15:25:41] Erik Kline leaves the room
[15:25:42] <Ray Bellis> it should at least be mentioned
[15:25:45] <Sam Weiler> that all RR types are created equal?
[15:25:52] <Peter van Dijk> if it's not self evident we should improve our text
[15:25:55] <willem> You need to signal ADoT support at the parent to prevent downgrade attack
[15:26:16] <Ray Bellis> right
[15:26:27] <Sam Weiler> er, i'm not sure about the downgrade argument.
[15:26:30] <Daniel Gillmor> i agree with Ray that it should be explicitly noted in the text.
[15:26:45] <vladimir.cunat> +1
[15:26:49] <Sam Weiler> (though you'll get at least one query in the child downgraded, potentially)
[15:26:59] <Robin Geuze> as long as you have DNSSEC you can prevent downgrade indeed
[15:27:04] <Daniel Gillmor> i think there's also an efficiency argument
[15:27:06] <Robin Geuze> but then it means DoT requires DNSSEC
[15:27:15] <vladimir.cunat> at the parent
[15:27:20] <vladimir.cunat> not at the child zone
[15:27:21] <Daniel Gillmor> you don't want the extra roundtrip to the child
[15:27:22] <Sam Weiler> robin: I don't think so, no.
[15:27:31] <Ray Bellis> heck, I'd prefer djbware type solutions (coding it in the NS name) than this...
[15:27:33] <Robin Geuze> if you want to signal in the child you do
[15:27:45] <Peter van Dijk> Ray, but NS names are unsigned
[15:28:28] <Ray Bellis> I can't begin to imagine how many DNSSEC related code paths might have to be changed to cope with this.
[15:28:33] <Robin Geuze> none
[15:28:36] <Robin Geuze> we tested that
[15:28:37] <Peter van Dijk> zero
[15:28:37] <Peter van Dijk> i checked
[15:28:39] <Ray Bellis> really?
[15:28:51] <Peter van Dijk> a year ago, Google Public DNS and Knot Resolver were fixed to deal with surprises in DS records
[15:28:56] <Peter van Dijk> and not having DNSKEYs to go with them
[15:29:00] <Robin Geuze> the DNSSEC spec is pretty specific, if you don't support an algorithm you should ignore it
[15:29:10] <Peter van Dijk> unbound and BIND and powerdns were fine with it already
[15:29:14] <vladimir.cunat> It's fun that the dealings with unknow DS/DNSKEY algortihms cover this nicely.
[15:29:19] <willem> Sam: Oppertunistically trying ADoT to an NS could be blocked by a party in the middle, and is indistinguishable from no support of ADoT (unless there is signalling at the parent, preferably signed)
[15:29:55] <vladimir.cunat> not just blocked but MITMed, too
[15:30:02] <Sam Weiler> right…. opportunistic can be blocked. but it can also work. I was saying no the "dnssec is a prereq for dot"
[15:30:03] <Andrew Campling> Not easy to hear the comment
[15:30:09] <Peter van Dijk> also, resolvers ain't got time for probing
[15:30:19] <Ray Bellis> people are speaking? I'm getting no audio at all.
[15:30:30] <Robin Geuze> yes people are speaking
[15:30:33] <Sam Weiler> @ray: yeah. it's just hiding under the noise floor
[15:30:33] <Ray Bellis> (reloading the page)
[15:30:35] <John Levine_> I hear Puneet weakly
[15:30:37] Ray Bellis leaves the room
[15:30:38] <Meetecho> Ray Bellis: there's a button to reconnect just audio
[15:30:43] Ray Bellis joins the room
[15:30:44] <Daniel Gillmor> Puneet Sood was speaking, but it was very quiet
[15:30:53] tim costello joins the room
[15:30:55] <Andrew Campling> I had volume on max, could barely hear
[15:31:08] <Shumon Huque_> I'm on Jabber, but don't have audio to address the current comment.
[15:31:17] <Shumon Huque_> We're working on updating the draft.
[15:31:34] <Peter van Dijk> I'll relay, Shumon
[15:31:39] Guillermo Cicileo leaves the room
[15:31:52] Sandeep Rao leaves the room
[15:31:53] <willem> Maybe the chairs should hum to sense the interest for adoption of ds-dot-signal?
[15:31:58] Sandeep Rao joins the room
[15:32:03] <Tim Wicinski> I know you are Shumon. You know I can be relentless
[15:32:07] Pieter Lexis leaves the room
[15:32:10] Pieter Lexis joins the room
[15:32:47] <Shumon Huque_> I know! :)
[15:33:01] Jiankang Yao joins the room
[15:33:08] <Jim Reid> what doc are we humming on?
[15:33:18] <Ray Bellis> still no audio here :(
[15:33:22] Jiankang Yao leaves the room
[15:33:27] Jiankang Yao joins the room
[15:33:30] <Tim Wicinski> ds-dot-signal
[15:33:42] <Jim Reid> Thanks Tim
[15:33:49] <Ted Hardie> What will the second hum be?
[15:33:51] <Ted Hardie> Oppposed?
[15:33:57] <vladimir.cunat> right
[15:33:58] <Suzanne Woolf> +1 to Brian that's what we found out in DNSOP on Wednesday
[15:33:59] <Meetecho> Ray Bellis: there's a circling arrows icon in the bottom/right corner that can reconnect the audio stream
[15:34:01] <Peter van Dijk> usually yes
[15:34:03] Matt Green leaves the room
[15:34:09] <Ray Bellis> @meetecho I tried that already (twice)
[15:34:25] <Meetecho> Ray Bellis: do you see info on audio bitrates in the bottom row?
[15:34:30] <Ray Bellis> 18 kbps
[15:34:50] <Meetecho> So media is indeed coming in: I suspect some autoplay policy preventing audio to start
[15:34:53] <John Levine_> maybe YOU aren't humming ...
[15:35:18] <Ray Bellis> it *was* working until the end of Peter's presentation
[15:35:34] <Avri Doria> so, in order not to hum, one must hum softly twice?
[15:36:02] Jiankang Yao leaves the room
[15:36:03] <Meetecho> Ray Bellis: have you checked if it's not a local thing, e.g., browser/tab/speakers muted?
[15:36:06] <Ray Bellis> it was a bluetooth issue my end
[15:36:09] Jiankang Yao joins the room
[15:36:11] <Ted Hardie> In previous meetings it was "do not hum" for one and "hum at whatever" for the other, but that's not what others have seen.
[15:36:22] <tale> You ... don't? want to see that keep moving?!
[15:36:30] Dragana Damjanovic leaves the room
[15:36:40] Mark Andrews leaves the room
[15:36:42] <Daniel Gillmor> ted: your experience matches mine
[15:36:47] Pieter Lexis leaves the room
[15:36:49] Eric Rescorla leaves the room
[15:36:59] <Éric Vyncke> Thank Brian, Tim, presenters, authors, and participants !
[15:37:08] Desiree Miloshevic leaves the room
[15:37:09] David Smith leaves the room
[15:37:14] andrew_campling leaves the room
[15:37:14] Peter Koch leaves the room
[15:37:15] <Robin Geuze> thanks all!
[15:37:16] PE leaves the room
[15:37:16] Kris Shrishak leaves the room
[15:37:16] Sara Dickinson leaves the room
[15:37:18] Andrew Campling leaves the room
[15:37:18] Avri Doria leaves the room
[15:37:20] Amelia Andersdotter leaves the room
[15:37:20] Ted Hardie leaves the room
[15:37:20] Jim Reid leaves the room
[15:37:20] Chi-Jiun Su leaves the room
[15:37:21] Shumon Huque leaves the room
[15:37:21] <Vittorio Bertola> Thanks
[15:37:21] Scott Hollenbeck leaves the room
[15:37:21] Chris Box leaves the room
[15:37:21] Puneet Sood leaves the room
[15:37:22] Joe Harvey leaves the room
[15:37:22] Mike Bishop leaves the room
[15:37:22] Markus leaves the room
[15:37:22] Swapneel Sheth leaves the room
[15:37:22] Hitesh Kotian leaves the room
[15:37:22] tim costello leaves the room
[15:37:23] Pallavi Aras leaves the room
[15:37:23] Bernie Innocenti leaves the room
[15:37:23] Florian Obser leaves the room
[15:37:24] Alexander Mayrhofer leaves the room
[15:37:24] Roman Danyliw leaves the room
[15:37:25] Steve Olshansky leaves the room
[15:37:25] Simon Vera-Schockner leaves the room
[15:37:25] Ralf Weber leaves the room
[15:37:25] Andrew McConachie leaves the room
[15:37:26] <Peter van Dijk> thanks!
[15:37:26] Tim April leaves the room
[15:37:26] Shumon Huque_ leaves the room
[15:37:26] Willem Toorop leaves the room
[15:37:27] HAIGUANG Wang leaves the room
[15:37:27] Vittorio Bertola leaves the room
[15:37:27] Frode Kileng leaves the room
[15:37:27] <Suzanne Woolf> Thx Tim & Brian!
[15:37:28] John Border leaves the room
[15:37:28] Barbara Stark leaves the room
[15:37:28] Jonathan Reed leaves the room
[15:37:28] Kazunori Fujiwara leaves the room
[15:37:28] Han Zhang leaves the room
[15:37:29] rickwilhelm-Verisign@jabb3r.org leaves the room
[15:37:31] Ralph Dolmans leaves the room
[15:37:31] Suzanne Woolf leaves the room
[15:37:32] <Tim Wicinski> thanks presenters
[15:37:32] Yoshiro Yoneya leaves the room
[15:37:33] tale leaves the room
[15:37:33] Dan Druta leaves the room
[15:37:34] Richard Wilhelm leaves the room
[15:37:34] Ray Bellis leaves the room
[15:37:35] Jiankang Yao leaves the room
[15:37:37] <Tim Wicinski> and listeners
[15:37:42] frodek leaves the room
[15:37:42] Burt Kaliski leaves the room
[15:37:44] willem leaves the room
[15:37:46] Jean-Michel Combes leaves the room
[15:37:46] Joseph Yee leaves the room
[15:37:49] Robin Geuze leaves the room
[15:37:51] Ulrich Wisser leaves the room
[15:37:52] Éric Vyncke leaves the room
[15:37:59] Pete Resnick leaves the room
[15:38:00] Meetecho leaves the room
[15:38:00] <Eric Vyncke> ;-)
[15:38:04] <Brian Haberman_307> Thanks all!
[15:38:05] Eric Vyncke leaves the room
[15:38:05] Dan McArdle leaves the room
[15:38:05] Petr Spacek leaves the room
[15:38:06] Alister Winfield leaves the room
[15:38:09] dmcardle leaves the room
[15:38:13] Yoshiro Yoneya / 米谷嘉朗 leaves the room
[15:38:15] willem joins the room
[15:38:20] Joey Salazar leaves the room
[15:38:20] Zaid AlBanna leaves the room
[15:38:28] John Levine leaves the room
[15:38:33] Simon Hicks leaves the room
[15:38:36] vladimir.cunat leaves the room
[15:38:39] Wes Hardaker leaves the room
[15:38:45] willem leaves the room
[15:38:46] Monika Ermert leaves the room
[15:39:01] willem joins the room
[15:39:23] Brian Haberman_307 leaves the room
[15:39:23] Samuel Weiler leaves the room
[15:39:23] Allison Mankin leaves the room
[15:39:23] Daniel Gillmor leaves the room
[15:39:23] James Galvin leaves the room
[15:39:23] Alessandro Ghedini leaves the room
[15:39:23] Dan York leaves the room
[15:39:23] Kaveh Ranjbar leaves the room
[15:39:23] Benno Overeinder leaves the room
[15:39:23] Eric Kinnear leaves the room
[15:39:23] Michael Breuer leaves the room
[15:39:23] Huaru Yang leaves the room
[15:39:23] Erik Nygren leaves the room
[15:39:23] Paolo Saviano leaves the room
[15:39:23] Duane Wessels leaves the room
[15:39:23] Swapneel Patnekar leaves the room
[15:39:23] Emmanuel Bretelle leaves the room
[15:39:23] Eric Orth leaves the room
[15:39:23] Shivan Sahib leaves the room
[15:39:23] Matthew Quick leaves the room
[15:39:23] Robert Story leaves the room
[15:39:23] Peter van Dijk leaves the room
[15:39:23] Sandeep Rao leaves the room
[15:39:23] James Gould leaves the room
[15:39:23] Tim Wicinski leaves the room
[15:43:57] sd139@jabber.uk leaves the room
[15:50:36] avezza leaves the room
[15:58:12] alex-meetecho leaves the room
[15:58:51] willem leaves the room: Disconnected: closed
[16:00:51] ekr@jabber.org leaves the room
[16:07:20] nygren leaves the room
[16:17:40] ekr@jabber.org joins the room
[16:18:30] jmagallanes leaves the room
[16:22:52] Brian Haberman leaves the room
[16:26:48] jmagallanes joins the room
[16:27:33] jmagallanes leaves the room
[16:32:52] ekr@jabber.org leaves the room
[16:33:52] ekr@jabber.org joins the room
[17:04:23] Sam Weiler leaves the room
[17:16:40] nygren joins the room
[17:18:31] Sam Weiler joins the room
[17:34:23] ekr@jabber.org leaves the room
[17:51:38] nygren leaves the room
[18:19:38] ekr@jabber.org joins the room
[18:36:18] Sam Weiler leaves the room
[18:48:23] ekr@jabber.org leaves the room
[18:55:00] Sam Weiler joins the room
[19:02:00] Sam Weiler leaves the room
[19:09:07] Sam Weiler joins the room
[19:09:25] chi.jiun.su leaves the room
[19:33:57] Sam Weiler leaves the room
[19:51:14] chi.jiun.su joins the room
[19:52:14] chi.jiun.su leaves the room
[20:00:25] Sam Weiler joins the room
[20:00:25] Sam Weiler leaves the room
[20:00:38] Sam Weiler joins the room
[20:51:45] John Levine_ leaves the room
[22:20:11] Sam Weiler leaves the room