Re: [dane] Meeting in Hawaii?

Dan York <york@isoc.org> Wed, 01 October 2014 11:50 UTC

From: Dan York <york@isoc.org>
To: Jakob Schlyter <jakob@kirei.se>
Thread-Topic: [dane] Meeting in Hawaii?
Thread-Index: AQHP2e1N0sxoKa3TGEiYsJUk3FqZjZwYjveAgAKYx4A=
Date: Wed, 01 Oct 2014 11:49:48 +0000
Message-ID: <4C36FDC5-12D2-48C1-A3D5-7AA4090E98C8@isoc.org>
References: <CAHw9_iLV1uWX2Fg5H9dBaMr=DsrGmyB_BJteP-kBA0MnXCkJ2w@mail.gmail.com> <E36D8CE6-F5E8-4606-950D-430FEAEA3523@kirei.se>
In-Reply-To: <E36D8CE6-F5E8-4606-950D-430FEAEA3523@kirei.se>
Accept-Language: en-US
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_4C36FDC512D248C1A3D57AA4090E98C8isocorg_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/EXa7D7HkRx3LUhH0Kzvv-RdAJmA
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [dane] Meeting in Hawaii?
Precedence: list

Warren, (and everyone else)

On Sep 29, 2014, at 4:10 PM, Jakob Schlyter <jakob@kirei.se<mailto:jakob@kirei.se>> wrote:

On 27 sep 2014, at 02:52, Warren Kumari <warren@kumari.net<mailto:warren@kumari.net>> wrote:

Please let us know if you'd really like to meet, and open issues on
documents that need discussing. Also, if you have a doc, we'd like it
revised *soon*.

All the authors of the various drafts on DANE for email (S/MIME and OpenPGP) will be there, and we will have discussions on the list beforehand. Given this, I for one, hope we can meet and flesh out any details left on this topic.

To Jakob's point, we're going to have a significant number of the DANE-related authors and implementors all together at IETF and I think a general topic of "What Else Do We Need To Do For DANE For Email" could be a good discussion topic.

While we have this great big "DANE brain trust" all in one location (and also coming in remotely), I would be interested in having (and would be willing to lead, if necessary) a discussion around "What Else Do We Need To Do To Get DANE More Widely Deployed". Now that we are seeing actual deployment and usage, are there things we have learned that can guide us in accelerating the deployment of DANE?

We've captured a good bit of implementation guidance in Viktor and Wes' https://tools.ietf.org/html/draft-ietf-dane-ops-06 and so perhaps a review of that document would help, but I'm also interested in questions like:

- what roadblocks are people running into with implementing DANE? (outside of the broader issue of getting DNSSEC validation and signing more widely available)

- are there more "Using DANE with <foo>" types of documents that we can or should create? (and who is willing to do so)

- have we seen areas where more standardization would help?

- are there some good examples/case studies of DANE implementations that we could perhaps capture as informational RFCs? (the Jabber community's implementation comes to mind)

- are there places where it would be helpful if there were reference implementations of DANE support? For example, DANE for email got a boost when Viktor added it to postfix. Are there other commonly-used open source projects where the addition of DANE support would help move deployment along? (I'm NOT saying that the DANE WG would be involved with these implementations... but brainstorming together and identifying a list could help other people and groups (ex. Internet Society, Verisign Labs, NLNet Labs) advocate and perhaps fund efforts to get that DANE support added.)

- are there test tools that need to be developed? or existing ones that need to be better promoted? are there interop tests we can arrange?

I realize some of this may seem outside our charter, but if I look at the charter, it includes these phrases:
-----
The
DANE WG shall also produce a set of implementation guidance
for operators and tool developers.

The group may also create documents that describe how protocol
entities can discover and validate these bindings in the execution
of specific applications. This work would be done in coordination
with the IETF Working Groups responsible for the protocols.

The group may in addition encourage interoperability testing and
document the results of such testing.
-----

So I do see a good bit of this covered under that.

The end result I'd like to see out of this discussion would be:

- guidance for the WG on what, if any, additional documents we need to create (and identification of who might write them)
- potential interoperability testing
- guidance to WG members and other organizations on how we can get DANE more widely deployed

Obviously I have an interest in this because I'm employed by the Internet Society in large part to do whatever possible to accelerate the deployment of DNSSEC (and IPv6 and... ), but this really means that I'm here for *you* all to help do what needs to be done. I'd definitely appreciate a sense of the group about what we can all collectively do to make DANE more widely used. Certainly we can have some of this discussion on the list... but in a f2f meeting we can have a much more engaged discussion.

So if we have time on the agenda and you all feel it would be appropriate, I'd like to have a discussion along these lines.

I'm not sure we need 2 hours though - 1,5 hours should be enough.

I'm also not sure we need 2 hours... although this discussion I outlined above could wind up occupying some time.

Dan

[dane] Meeting in Hawaii? Warren Kumari
Re: [dane] Meeting in Hawaii? Jakob Schlyter
Re: [dane] Meeting in Hawaii? Peter Saint-Andre - &yet
Re: [dane] Meeting in Hawaii? Dan York
Re: [dane] Meeting in Hawaii? Viktor Dukhovni
Re: [dane] Meeting in Hawaii? Warren Kumari
Re: [dane] Meeting in Hawaii? Michael Richardson
Re: [dane] Meeting in Hawaii? Viktor Dukhovni
Re: [dane] Meeting in Hawaii? Jens Wagner
Re: [dane] Meeting in Hawaii? Viktor Dukhovni
Re: [dane] Meeting in Hawaii? Jens Wagner
Re: [dane] Meeting in Hawaii? Viktor Dukhovni
Re: [dane] Meeting in Hawaii? Carsten Strotmann
Re: [dane] Meeting in Hawaii? James Cloos