Re: [dnsext] Forgery resilience and meeting in Stockholm
"Federico Lucifredi" <FLucifredi@novell.com> Thu, 21 May 2009 14:59 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B46AA3A6F70; Thu, 21 May 2009 07:59:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.625
X-Spam-Level:
X-Spam-Status: No, score=-99.625 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, SARE_MLH_Stock1=0.87, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zrm+tcaiPi+Q; Thu, 21 May 2009 07:59:22 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5E75C3A6A3D; Thu, 21 May 2009 07:59:22 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1M79go-000OdA-4S for namedroppers-data0@psg.com; Thu, 21 May 2009 14:56:10 +0000
Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <namedroppers@stora.ogud.com>) id 1M79ga-000Obt-Tj for namedroppers@ops.ietf.org; Thu, 21 May 2009 14:56:03 +0000
Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.3/8.14.3) with ESMTP id n4LEttr0068402 for <namedroppers@ops.ietf.org>; Thu, 21 May 2009 10:55:55 -0400 (EDT) (envelope-from namedroppers@stora.ogud.com)
Received: (from namedroppers@localhost) by stora.ogud.com (8.14.3/8.14.3/Submit) id n4LEttOY068401 for namedroppers@ops.ietf.org; Thu, 21 May 2009 10:55:55 -0400 (EDT) (envelope-from namedroppers)
Received: from [137.65.248.137] (helo=sinclair.provo.novell.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <FLucifredi@novell.com>) id 1M6pMf-000JhN-Gr; Wed, 20 May 2009 17:14:07 +0000
Received: from INET-PRV-MTA by sinclair.provo.novell.com with Novell_GroupWise; Wed, 20 May 2009 11:13:58 -0600
Message-Id: <4A14021302000005001E108A@sinclair.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 7.0.3
Date: Wed, 20 May 2009 11:13:55 -0600
From: Federico Lucifredi <FLucifredi@novell.com>
To: ogud@ogud.com, namedroppers@ops.ietf.org, owner-namedroppers@ops.ietf.org
Subject: Re: [dnsext] Forgery resilience and meeting in Stockholm
References: <4A14021302000005001E1087@sinclair.provo.novell.com> <4A14021302000005001E108A@sinclair.provo.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
[ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] I would support #3 for further study. Best-F ------Original Message------ From: Ólafur Guðmundsson /DNSEXT chair Sender: owner-namedroppers@ops.ietf.org To: namedroppers@ops.ietf.org Sent: May 20, 2009 11:17 Subject: Re: [dnsext] Forgery resilience and meeting in Stockholm With less than one day left before the chairs need to make a determination. The purpose of this message is to point out that the discussion has possibly been derailed by heated arguments about the merits of a subset of the options, at the detriment of other options. At this point we have enough support to say EDNS0 Ping is acceptable for further study, even though there is a large number detractors. (option #4) It is close call for option #3 x20 There is no public support for option #2, and no one has argued for option #1. If you are in favor of options #1, #2 or #5 now is the time to speak up. As an experiment I have set up a poll for the different options, http://www.doodle.com/7yvife73qvwtnr5m Feel free to post to namedroppers or participate in the pool. When you participate in the poll use a name that I can correlate to a namedroppers subscription i.e. no AB or BA names. thanks Olafur Olafur At 14:14 08/05/2009, Andrew Sullivan wrote: >Dear colleagues, > >Your Chairs have been observing the discussion around adoption of >various drafts for techniques to mitigate forgeries and cache >poisoning. It appears to us that the WG is not converging on >consensus. > >We currently have a request open to adopt EDNS0 ping. The discussion >of adopting the document appeared to expose a fault in the community, >where some expressed strong opposition to undertaking any further forgery >resilience work when DNSSEC is already available, while others argued >that DNSSEC is not getting deployed and therefore we need other urgent >action. > >Meanwhile, some other mechanisms, including "0x20" and those outlined >in draft-wijngaards-dnsext-resolver-side-mitigation-01.txt seem to be >showing up in various implementations. > >We think it would be better if we came to some more or less shared >agreement on what to do in this space (including nothing). The >portion of the meeting we had in Dublin that was dedicated to this >topic seems not to have inspired consensus. Therefore, we would like >to present five options for consideration: > >1. Do nothing, and take all energy that might be devoted to this >effort and direct it towards DNSSEC deployment. > >2. Adopt draft-wijngaards-dnsext-resolver-side-mitigation-01.txt, and >include in it recommendations to do nothing else except what that >document contains. Remove from section 3 any strategies we do not >want to adopt. (Note that this latter condition entails decisions >about the next two options.) > >3. Adopt draft-vixie-dnsext-dns0x20-00. If we do (2), then perhaps >this gets included in that document, or perhaps it proceeds as part of >a set of documents. Let's leave the editorial process issues out of >the discussion, and just focus on whether we want to include this >strategy in the tool box. > >4. Adopt draft-hubert-ulevitch-edns-ping-01.txt. As in (3), this >might be included as part of (2) or processed individually, but that >doesn't matter. > >5. Officially adopt nothing, but support (2) and (3) going ahead as >individual submissions on the Informational track. (2) would >obviously need to be modified slightly to keep out any protocol items >that might be entailed. The reason (4) can't just go ahead on the >individual track is that the assignment of an EDNS0 code point >requires standards action, so the work would come back here anyway. > >We will plan to request a meeting session in Stockholm to discuss this >issue (and possibly some other topics before us). If the WG can come >to a clear consensus on-list before then (and we have no other >business), then obviously we will be in a position to cancel the >Stockholm session. If we have not come to a conclusion by 20 May, we >will keep the session scheduled. > >In the absence of strong arguments in favour of action and at least an >apparently broad constituency to do the work within the WG, the Chairs >are inclined to take option (1), because the WG is supposed to be >sleeping. This is by no means to say that we are prejudiced in favour >of that option. It is rather to say that we are procedurally bound, >by our charter, to a default of "No" for at least some of these >documents. Adding a new standards-track item to the WG work requires >rechartering, please note, and given one other request we have open we >may therefore need to recharter anyway. > >Best regards, > >Olafur and Andrew > >-- >Andrew Sullivan >ajs@shinkuro.com >Shinkuro, Inc. > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/> -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] Forgery resilience and meeting in Stockh… Andrew Sullivan
- Re: [dnsext] Forgery resilience and meeting in St… Nicholas Weaver
- Re: [dnsext] Forgery resilience and meeting in St… bert hubert
- Re: [dnsext] Forgery resilience and meeting in St… W.C.A. Wijngaards
- Re: [dnsext] Forgery resilience and meeting in St… bert hubert
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Matthijs Mekking
- Re: [dnsext] Forgery resilience and meeting in St… bert hubert
- Re: [dnsext] Forgery resilience and meeting in St… bmanning
- Re: [dnsext] Forgery resilience and meeting in St… Ondřej Surý
- Re: [dnsext] Forgery resilience and meeting in St… Matthijs Mekking
- Re: [dnsext] Forgery resilience and meeting in St… Roy Arends
- Re: [dnsext] Forgery resilience and meeting in St… bert hubert
- Re: [dnsext] Forgery resilience and meeting in St… Stefan Schmidt
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… bmanning
- Re: [dnsext] Forgery resilience and meeting in St… Nicholas Weaver
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Nicholas Weaver
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Paul Vixie
- Re: [dnsext] Forgery resilience and meeting in St… Andrew Sullivan
- Re: [dnsext] Forgery resilience and meeting in St… Paul Vixie
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Nicholas Weaver
- Re: [dnsext] Forgery resilience and meeting in St… Paul Vixie
- Re: [dnsext] Forgery resilience and meeting in St… Olafur Gudmundsson
- Re: [dnsext] Forgery resilience and meeting in St… bmanning
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Paul Vixie
- Re: [dnsext] Forgery resilience and meeting in St… Matt Larson
- Re: [dnsext] Forgery resilience and meeting in St… Paul Vixie
- Re: [dnsext] Forgery resilience and meeting in St… Mark Andrews
- Re: [dnsext] Forgery resilience and meeting in St… Bert
- Re: [dnsext] Forgery resilience and meeting in St… Joe Abley
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Joe Abley
- Re: [dnsext] Forgery resilience and meeting in St… Shane Kerr
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Desperate plea for 0x20, was Re: [dnsext] Forgery… Shane Kerr
- Re: [dnsext] Forgery resilience and meeting in St… Florian Weimer
- Re: Desperate plea for 0x20, was Re: [dnsext] For… Paul Vixie
- Re: Desperate plea for 0x20, was Re: [dnsext] For… Jeffrey A. Williams
- Re: [dnsext] Forgery resilience and meeting in St… Nicholas Weaver
- RE: Desperate plea for 0x20, was Re: [dnsext] For… Antoin Verschuren
- RE: [dnsext] Forgery resilience and meeting in St… Antoin Verschuren
- Re: Desperate plea for 0x20, was Re: [dnsext] For… Federico Lucifredi
- Re: Desperate plea for 0x20, was Re: [dnsext] For… Florian Weimer
- Re: [dnsext] Forgery resilience and meeting in St… Otmar Lendl
- Re: [dnsext] Forgery resilience and meeting in St… Ólafur Guðmundsson /DNSEXT chair
- Re: [dnsext] Forgery resilience and meeting in St… Paul Vixie
- Re: [dnsext] Forgery resilience and meeting in St… Nicholas Weaver
- Re: [dnsext] Forgery resilience and meeting in St… bmanning
- Re: [dnsext] Forgery resilience and meeting in St… Federico Lucifredi
- Re: [dnsext] Forgery resilience and meeting in St… Peter Koch
- Re: [dnsext] Forgery resilience and meeting in St… Ted Lemon
- Re: [dnsext] Forgery resilience and meeting in St… bmanning
- Re: [dnsext] Forgery resilience and meeting in St… Olafur Gudmundsson