44th IETF: BOFs - DNSOP, IPSRA

[Steve Coya <scoya@ns.cnri.reston.va.us>]

Domain Name Server Operations BOF (dnsop)

Thursday, March 18 at 0900-1130
===============================

Chair: Lars-Johan Liman <liman@sunet.se>

DESCRIPTION:

There is lots of collective wisdom and experience about administration
of domain name servers, but there is also great need for documentation
of that wisdom, to build up a knowledge bank that the increasing
number of less experienced DNS-administrators can learn from. This BOF
aims to identify various topics in DNS operations that can be
documented, and to discuss whether the IETF is the right forum to do
so.

AGENDA:

o Welcome and agenda bashing.

o Revise root server requirement specification.
  Update RFC 2010.

o Write BCP for operation of large name servers, i.e., servers with
  enormous zones (e.g. TLD servers) or extremely many zones (large
  ISPs).

o Make upcoming RIPE document "Simple DNS Configuration Example"
  Internet-draft and head for BCP publication.

o Document experiences of DNSSEC deployment and operations.

o Geographic distribution of servers for "high level services" (TLDs
  and the like).
  - Topology vs. geography.
  - Exchanges and major ISPs vs. prominent sites.
  - Physical and operational security needs.

o Performance issues
  - Zone transfer performance, or lack thereof.
  - Investigate relation between network quality and DNS performance
  - Experiences with IXFR, compressed XFR?

o Y2K

o IPv6
  - IPv6 information in DNS.
  - DNS transportation over IPv6.

o Zone file distribution between servers, ftp, AXFR, ...

o Future work
  - Go for WG?
  - Other discussion fora?

o AOB


Not all of the above lead to RFC documents in natural ways, but I
think there is need for a place to discuss this, and even if the
outcome of the BOF is to understand which items could be pushed to RFCs
in a reasonable way, and possibly to identify the "right forum" for
discussions of other topics, I see that as Good Things(TM).

===================================================================
IP Security Remote Access BOF (ipsra)

Monday, March 15 at 0930-1130
=============================

Chair: Roy Pereira <rpereira@timestep.com>

DESCRIPTION:

The rapid growth of remote access and the subsequent transition from 
older direct-dial methods to Internet-based remote access is making an 
impact secure communications. 

IP Security (IPSec), as it is today defined, is missing key functionality
needed to effectively support Internet-based remote access as well as 
being difficult to deploy to remote users. IPSec is quite functional and 
provides for a very robust base of security specifications, thus any new
functionality would have to be added to the existing specifications as
add-ons and not disrupt existing implementations.

To address these problems the IPSRA Working Group will:

1) specify an extensible mechanism for bootstrapping remote IPSec users
2) specify an extensible mechanism to extend IPSec to support legacy user
   authentication methods such as RADIUS

The proposed work item for this group would yield standards that are
compatible with the existing IPSec architecture [RFC 2401] and IKE,
complementing the standards work achieved by the IPSec Working Group. 
This work will be derived from, but not limited to, all or some of the 
following documents:
  draft-ietf-ipsec-iskamp-xauth
  draft-ietf-ipsec-isakmp-mode-cfg
  draft-ietf-ipsec-isakmp-hybrid-auth
  draft-ietf-ipsec-dhcp

AGENDA:

- - Agenda bashing
- - Series of presentations of related work
- - Open discussion and consensus gathering: do we need to form a WG to 
  do the proposed work?
- - Collect feedback and modify charter
- - adjourn


------- End of Forwarded Message