[DNSOP] Minutes from Thursday Meeting
tjw ietf <tjw.ietf@gmail.com> Mon, 24 July 2017 19:38 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7CC13178D; Mon, 24 Jul 2017 12:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E0lc7ULZBXYe; Mon, 24 Jul 2017 12:38:19 -0700 (PDT)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F25B1131667; Mon, 24 Jul 2017 12:38:18 -0700 (PDT)
Received: by mail-wm0-x236.google.com with SMTP id t201so27951137wmt.1; Mon, 24 Jul 2017 12:38:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=CRmwt2t3MVjRiQhJLmNk6O9rPg21jp7fH0D0LlHBmgE=; b=pGlq6f+H7BMKHIP5ZtknWzJ9jj+PDCvBC0LIzuop+ptgqXghKugse0gAkajUcmD/a1 B8yKnOf+OS1STI7YqiOkSpLPYDSJxjfKv1H+puHcmZqh8mJTTKYI+k26+BJxqdB3Fi54 jtLSHjOd1smunOOYjMBfwaFVdo0hPz60LDLqnO9+wZ1nGNaObPoj9HsvBrq0Cw/Jbk17 xxaZc9vvlBTQheYFHAUBfLtTNy0pJ9eIxIMXuVC3zMzciDKB6xGcJ85VMi7WubJInASN sZvGkSauP+81e286TqknsFU3Fo65Anysaln2SwCgEOmSLyPGaPVKYn/Xk450EwroYTCr osmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=CRmwt2t3MVjRiQhJLmNk6O9rPg21jp7fH0D0LlHBmgE=; b=fpC1SHoOU1ATuCPwrnt87/l8+U3tYQ5Vg9D8e9Fp+KcGItHeMdlcFrcOKM+JrLwta7 ljk7AuNyQa1oHmfMEzkFCTLaM2TfDM/aIJ39e0CRtW03y0vNbbzgrw02Ich240YOreLL mNUBFRyPJrWg90QEIy1c7JCibwUXRPNuluf0+zblCgXByQGaRv9pKtTzbj7ozlZHN40C zdZcWPNbT4lzeXZQtg/819qK/37XsgPaMCkat/RHjHkHQFjXCTQTObGv3rrt9HdCMJBv HE/lESrmhtJZIGuPby4uV51IZqup83tRlor4Q0nctnSGhvfiqrD7xcDsEU9BXQJetHle ldLQ==
X-Gm-Message-State: AIVw110HNM1zDThptAIo2b93bw0N7Auy3y9bJPkVeT8mo+sXvHQGVFIS 5hBEqcqSD5SFUlQBwQ/iInIi6+GKL3sE
X-Received: by 10.28.207.12 with SMTP id f12mr5300800wmg.92.1500925097121; Mon, 24 Jul 2017 12:38:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.152.139 with HTTP; Mon, 24 Jul 2017 12:38:16 -0700 (PDT)
From: tjw ietf <tjw.ietf@gmail.com>
Date: Mon, 24 Jul 2017 15:38:16 -0400
Message-ID: <CADyWQ+FEA6=D38dmkR4HBxJ3KLqXpzS7AQ2vzw-pLc+y9eqqmg@mail.gmail.com>
To: "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0d462a3fa3e80555155b9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/t2z83KBqOhS_N_P3zmUckmmVako>
Subject: [DNSOP] Minutes from Thursday Meeting
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 19:38:22 -0000
Thanks again to Mr, Hoffman from keeping copious notes. They are uploaded here: Minutes IETF99: dnsop <https://www.ietf.org/proceedings/99/minutes/minutes-99-dnsop-04.txt> and I included them below for the time-constrained. Please send any corrections to the chairs. thanks again tim ------------ dnsop-ietf99-minutes-2.txt DNSOP WG Thursday 20 July 2017Tim Wicinski <tjw.ietf@gmail.com>, Suzanne Woolf < suzworldwide@gmail.com> Minutes taken by Paul Hoffman Text from the slides is not reproduced here DPRIVE on IETF network: Warren Kumari Pretty picture of the IETF use Open errata on RFC 8078, needs feedback draft-bellis-dnsext-multi-qtypes and draft-wkumari-dnsop-multiple-responses: Wes Hardaker If the client knows it has multiple questions: draft-bellis-dnsext-multi-qtypes If the server has a better idea of what you want than you do: draft-wkumari-dnsop-multiple-responses Happy eyeballs applies to both drafts Paul Hoffman: Likes both Shane Kerr: Likes multi-qtypes, both are OK Ralph Weber: Questions on multi-qtypes There is no need for either David Lawrence: Likes multiple-responses Ondrej Surey: Missing description of smart attackers Olafur Gundmunsson: If we open the question, there will be other ideas coming Has an experiment that will result in a draft Andrew Sullivan: Disagrees that these are optimizations Change the architectural assumptions of the DNS We need a focused discussion on that Paul Wouters: Likes both Simplify the ANAME with special processing Kazunori Fujiwara: Wants to compare all of proposals Ray Bellis: Objects to Olafur's comment Wants to hear more from Andrew Mukund S: Prefers smart clients to smart servers Jim Reid: Would like objective data to indicate whether it is worth the effort Warren promised data Matt Pounsett: Likes both drafts Maybe can do both changes in a single draft Wes: They depend on who has the knowledge draft-bellis-dnsop-xpf: Peter van Dijk Substantial changes since previous version Ondrej S: Why not EDNS0? If there is a TSIG over the query, that will break Sara Dickenson: Client subnet is informational Violates basic principals Directly injects metadata into questions Needs more privacy concerns Say we're going to violate privacy Maybe consider encryption between trusted parties Daniel Kahn Gilmore: Agreed with Sara Warren Kumari: Wouldn't have done client subnet if they had thought about privacy draft-wkumari-dnsop-extended-error: David Lawrence Paul W: The signaling bits are not protected by crypto Olafur: People have wanted this forever; should do it Jim: Great ideas Maybe lightweight codepoint allocation Be careful of codes that will cause further action of recursive servers David: Talking to IANA how expert review happens Petr Špaček: Needs implementation in clients or it is useless Andres Schultz: Need vendor values Ralf: Can be used for many things draft-tale-dnsop-edns0-clientid: David Lawrence This is obviously PII Everything that Sara said about XPF applies here Customer will do this regardless of whether or not this is adopted Paul W: Doesn't like people coming to the WG and saying "we'll do it anyway" We should stop accepting these Sara: Likes documenting what we are do Do as informational Likes the way the draft is organized Need to be careful about where we draw the line of documentng things we don't like Peter VD: People are squatting on points; please do it Ralph: This needs to be done Stephane: Has too many privacy issues, doesn't want it adopted Won't review Privacy should be in control of the user, not the administrator David: Wants to see people make more conscious decisions in the life Daniel: Appreciates desire to document privacy violations Doesn't like the flexibility of the suboptions Where do we draw the line on which info do we not transmit on the DNS? Paul W: No one knows the difference of Informational RFCs David: There are actually DNS full standards We should be better about pushing to full standards draft-edmonds-dnsop-capabilities: Robert Edmonds draft-huque-dnssec-alg-nego: Shumon Huque Francis Dupont: Not clear which is stronger: use "preferred" Shumon: Either have client preference, or zone operator specifies Ondrej S: If we all move to EC crypto, is this a problem? Shumon: Still might have reasons to transition to new algs Ondrej: Maybe the size isn't a problem Stephane: This ID could fit in draft-edmonds-dnsop-capabilities Think about that before going forwards on this draft Ralf: This makes DNSSEC a hell of lot more complicated Would rather work with what we have Petr: This will be a nightmare because it blows up the number of possibilities ?: Likes the idea, gives more flexibility to DNSSEC Olafur: Horrible idea Delay DNSSEC deployment We already have techniques to determine how many resolvers do what algorithms Causes delay of DANE deployment