IETF Logo Mail Archive

[DNSOP] Minutes from Thursday Meeting

tjw ietf <tjw.ietf@gmail.com> Mon, 24 July 2017 19:38 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7CC13178D; Mon, 24 Jul 2017 12:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E0lc7ULZBXYe; Mon, 24 Jul 2017 12:38:19 -0700 (PDT)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F25B1131667; Mon, 24 Jul 2017 12:38:18 -0700 (PDT)
Received: by mail-wm0-x236.google.com with SMTP id t201so27951137wmt.1; Mon, 24 Jul 2017 12:38:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=CRmwt2t3MVjRiQhJLmNk6O9rPg21jp7fH0D0LlHBmgE=; b=pGlq6f+H7BMKHIP5ZtknWzJ9jj+PDCvBC0LIzuop+ptgqXghKugse0gAkajUcmD/a1 B8yKnOf+OS1STI7YqiOkSpLPYDSJxjfKv1H+puHcmZqh8mJTTKYI+k26+BJxqdB3Fi54 jtLSHjOd1smunOOYjMBfwaFVdo0hPz60LDLqnO9+wZ1nGNaObPoj9HsvBrq0Cw/Jbk17 xxaZc9vvlBTQheYFHAUBfLtTNy0pJ9eIxIMXuVC3zMzciDKB6xGcJ85VMi7WubJInASN sZvGkSauP+81e286TqknsFU3Fo65Anysaln2SwCgEOmSLyPGaPVKYn/Xk450EwroYTCr osmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=CRmwt2t3MVjRiQhJLmNk6O9rPg21jp7fH0D0LlHBmgE=; b=fpC1SHoOU1ATuCPwrnt87/l8+U3tYQ5Vg9D8e9Fp+KcGItHeMdlcFrcOKM+JrLwta7 ljk7AuNyQa1oHmfMEzkFCTLaM2TfDM/aIJ39e0CRtW03y0vNbbzgrw02Ich240YOreLL mNUBFRyPJrWg90QEIy1c7JCibwUXRPNuluf0+zblCgXByQGaRv9pKtTzbj7ozlZHN40C zdZcWPNbT4lzeXZQtg/819qK/37XsgPaMCkat/RHjHkHQFjXCTQTObGv3rrt9HdCMJBv HE/lESrmhtJZIGuPby4uV51IZqup83tRlor4Q0nctnSGhvfiqrD7xcDsEU9BXQJetHle ldLQ==
X-Gm-Message-State: AIVw110HNM1zDThptAIo2b93bw0N7Auy3y9bJPkVeT8mo+sXvHQGVFIS 5hBEqcqSD5SFUlQBwQ/iInIi6+GKL3sE
X-Received: by 10.28.207.12 with SMTP id f12mr5300800wmg.92.1500925097121; Mon, 24 Jul 2017 12:38:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.152.139 with HTTP; Mon, 24 Jul 2017 12:38:16 -0700 (PDT)
From: tjw ietf <tjw.ietf@gmail.com>
Date: Mon, 24 Jul 2017 15:38:16 -0400
Message-ID: <CADyWQ+FEA6=D38dmkR4HBxJ3KLqXpzS7AQ2vzw-pLc+y9eqqmg@mail.gmail.com>
To: "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0d462a3fa3e80555155b9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/t2z83KBqOhS_N_P3zmUckmmVako>
Subject: [DNSOP] Minutes from Thursday Meeting
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 19:38:22 -0000

Thanks again to Mr, Hoffman from keeping copious notes.  They are uploaded
here:
Minutes IETF99: dnsop
<https://www.ietf.org/proceedings/99/minutes/minutes-99-dnsop-04.txt>

and I included them below for the time-constrained.   Please send any
corrections to the chairs.

thanks again

tim

------------


dnsop-ietf99-minutes-2.txt


DNSOP WG
Thursday 20 July 2017Tim Wicinski <tjw.ietf@gmail.com>, Suzanne Woolf <
suzworldwide@gmail.com>
Minutes taken by Paul Hoffman
Text from the slides is not reproduced here

DPRIVE on IETF network: Warren Kumari
        Pretty picture of the IETF use
        Open errata on RFC 8078, needs feedback

draft-bellis-dnsext-multi-qtypes and
draft-wkumari-dnsop-multiple-responses: Wes Hardaker
        If the client knows it has multiple questions:
draft-bellis-dnsext-multi-qtypes
        If the server has a better idea of what you want than you do:
draft-wkumari-dnsop-multiple-responses
        Happy eyeballs applies to both drafts
        Paul Hoffman: Likes both
        Shane Kerr: Likes multi-qtypes, both are OK
        Ralph Weber: Questions on multi-qtypes
                There is no need for either
        David Lawrence: Likes multiple-responses
        Ondrej Surey: Missing description of smart attackers
        Olafur Gundmunsson: If we open the question, there will be other
ideas coming
                Has an experiment that will result in a draft
        Andrew Sullivan: Disagrees that these are optimizations
                Change the architectural assumptions of the DNS
                We need a focused discussion on that
        Paul Wouters: Likes both
                Simplify the ANAME with special processing
        Kazunori Fujiwara: Wants to compare all of proposals
        Ray Bellis: Objects to Olafur's comment
                Wants to hear more from Andrew
        Mukund S: Prefers smart clients to smart servers
        Jim Reid: Would like objective data to indicate whether it is worth
the effort
                Warren promised data
        Matt Pounsett: Likes both drafts
                Maybe can do both changes in a single draft
                Wes: They depend on who has the knowledge

draft-bellis-dnsop-xpf: Peter van Dijk
        Substantial changes since previous version
        Ondrej S: Why not EDNS0?
                If there is a TSIG over the query, that will break
        Sara Dickenson: Client subnet is informational
                Violates basic principals
                Directly injects metadata into questions
                Needs more privacy concerns
                Say we're going to violate privacy
                Maybe consider encryption between trusted parties
        Daniel Kahn Gilmore: Agreed with Sara
        Warren Kumari: Wouldn't have done client subnet if they had thought
about privacy

draft-wkumari-dnsop-extended-error: David Lawrence
        Paul W: The signaling bits are not protected by crypto
        Olafur: People have wanted this forever; should do it
        Jim: Great ideas
                Maybe lightweight codepoint allocation
                Be careful of codes that will cause further action of
recursive servers
                David: Talking to IANA how expert review happens
        Petr Špaček: Needs implementation in clients or it is useless
        Andres Schultz: Need vendor values
        Ralf: Can be used for many things

draft-tale-dnsop-edns0-clientid: David Lawrence
        This is obviously PII
        Everything that Sara said about XPF applies here
        Customer will do this regardless of whether or not this is adopted
        Paul W: Doesn't like people coming to the WG and saying "we'll do
it anyway"
                We should stop accepting these
        Sara: Likes documenting what we are do
                Do as informational
                Likes the way the draft is organized
                Need to be careful about where we draw the line of
documentng things we don't like
        Peter VD: People are squatting on points; please do it
        Ralph: This needs to be done
        Stephane: Has too many privacy issues, doesn't want it adopted
                Won't review
                Privacy should be in control of the user, not the
administrator
                David: Wants to see people make more conscious decisions in
the life
        Daniel: Appreciates desire to document privacy violations
                Doesn't like the flexibility of the suboptions
                Where do we draw the line on which info do we not transmit
on the DNS?
        Paul W: No one knows the difference of Informational RFCs
                David: There are actually DNS full standards
                        We should be better about pushing to full standards

draft-edmonds-dnsop-capabilities: Robert Edmonds

draft-huque-dnssec-alg-nego: Shumon Huque
        Francis Dupont: Not clear which is stronger: use "preferred"
                Shumon: Either have client preference, or zone operator
specifies
        Ondrej S: If we all move to EC crypto, is this a problem?
                Shumon: Still might have reasons to transition to new algs
                Ondrej: Maybe the size isn't a problem
        Stephane: This ID could fit in draft-edmonds-dnsop-capabilities
                Think about that before going forwards on this draft
        Ralf: This makes DNSSEC a hell of lot more complicated
                Would rather work with what we have
        Petr: This will be a nightmare because it blows up the number of
possibilities
        ?: Likes the idea, gives more flexibility to DNSSEC
        Olafur: Horrible idea
                Delay DNSSEC deployment
                We already have techniques to determine how many resolvers
do what algorithms
                Causes delay of DANE deployment

v2.23.0 | Report a Bug | By Email