[14:16:49] --- LOGGING STARTED [14:16:57] --- kc has become available [14:17:09] I made the room persistent and logged... I hope [14:17:14] furrows new host for room that wasn't in the email? [14:17:30] --- Rodney has become available [14:17:31] gets fixed up by suz [14:17:39] furrows? [14:17:42] lots of people are having trouble connecting to the other room....not idea why [14:18:08] dome delay, so I think it may be a perf issue at jabber.org [14:18:19] s/dome/some ;-) [14:18:52] --- jaap has become available [14:18:53] --- johani@jabber.org has become available [14:18:55] I think its a problem between caida and jabber.org [14:19:13] --- Ralph has become available [14:19:13] doesn't tell me why johani couldn't connect from jabber.org though :) [14:19:19] --- SteveCrocker has become available [14:19:33] johan needs to loose the duck [14:19:40] johani has other issues with two jabber clients having turf wars inside his machine. [14:20:29] The duck crashed and burned. [14:20:36] Eat it? [14:20:47] --- dblacka has become available [14:20:50] --- matt-larson has become available [14:21:05] --- stuart.schechter has become available [14:21:51] --- mankin has become available [14:26:31] --- matt-larson has left [14:27:55] --- RussMundy has become available [14:34:16] * mstjohns raises hand [14:35:06] OK - I see what's going on. I signed up for "Root Update" which is an SSAC issue.... hmmm... OK I admit to confusion [14:36:04] that was *sarcasm* [14:36:47] ... :-) [14:38:03] steve... don't go there... please.... [14:38:55] well... ssac does have lots on its plate. [14:39:39] split view DNS with DNSSEC. Splitview is really the equivalent of lying through your teeth about reality... DNSSEC tries prevent DNS from lying. Hence the difficulty [14:41:13] not true... dnsssec trys to force your lies to be internally consistant [14:41:15] Isn't it ok to lie as long as you sign it? [14:41:40] At one time I actually was looking forward to split-DNS really banging its ugly head on DNSSEC, but although it's even uglier to get split-DNS and DNSSEC to work together it seems to be possible. And hence people will jump at the opportunity to add entropy to their lives. [14:42:12] lie about what? ... [14:42:49] Steve: In this context: yes. Because if you sign it so that it it pravably straight from your mouth then it isn't a lie anymore. It becomes truth. [14:42:50] johan: it's human nature [14:42:51] that name A is or isn't associated with IP address B. That subdomain Y doesn't exist. [14:44:02] Y may exist, but you're telling all of the non-internal queriers that it doesn't... hence a lie [14:44:02] But much as I loathe split-DNS I don't see a real point in going down there right here right now. [14:44:36] keeping your lies straight becomes even harder when you have to account for notaries [14:44:56] One can do split brain DNS easier when you don;t do it in a monolithis server [14:46:09] at some point you have one server answering the same question different ways for the same query from different sources... you're pretty much stuck with monolithism (how's that for a word?) somewhere... [14:46:37] si si [14:46:39] The problem w/ split-DNS isn't whether it's implemented in a monolithic server or not. The problem is the consequences of deliberate incoherence in the face of other protocols also having opinions on domain names. [14:46:48] the short answer is that DNSSEC is already hard. Adding split DNS just makes it miserably hard... [14:47:04] what johan said... [14:48:42] So I believe msj and I are in violent agreement that if the split-DNS proponents get's one in the face by DNSSEC then it is well deserved and not something to lose sleep over here and now. [14:50:15] so one namespace is hard to sign/secure... multiple namespaces are confusing at best and when those namespaces collide, DNSSEC gives you a ghost of a chance in discriminating the outcomes [14:50:19] Time check! [14:50:53] This is a very long conversation. Can people come to the registrar-oriented session at Vancouver ICANN and try to explore this there? [14:51:31] you have a chance, but you can get confused if you happen to get two different valid answers (RRSets) at the same query (name, rrtype, class). [14:51:34] Yes, I think we should structure the Vancouver meeting with a good chunk of time and strong involvement for registrars. [14:51:48] Vancouver ICANN or IETF? [14:52:00] I did write Vancouver ICANN, sorry [14:52:00] multiple namespaces are just plain stupid and purely a consequence of a world where people forgot that the only value in the name is as an identifier to enable communication and instead started to believe that there was value in the identifer as such. [14:52:01] Vancouver ICANN [14:52:37] people believe paper money has value... we live with this shared illusion and thrive... :-) [14:52:52] splitDNS == multiple namespaces ; sorry Johan [14:53:36] *frack* I already bought my tickets for the IETF... [14:53:49] mumble mumble. This will drive me to drinking. [14:54:07] and your point is? (B) [14:55:36] splitDNS ~= multiple namespaces ~= multiple roots for the purpose of DNSSEC [14:56:00] k cracks up at the brilliant socialist and the brilliant capitalist talk about fixing the Internet [14:57:14] agree with msj on last [14:57:52] sorry I got jabber captured.. what are we talking about IRT? [14:58:15] [15:55:36] splitDNS ~= multiple namespaces ~= multiple roots for the purpose of DNSSEC [15:00:59] kind of puts a kink in the IAB statement on a single namespace... [15:01:19] NAT already forced the issue [15:01:29] that and RFC1918 [15:02:00] The last time I worked for an organization not using split DNS was July 12, 1996. [15:02:22] Work for us :-) [15:02:45] no, don't do it! Its a trap! There's two of them... [15:02:50] so the best that ICANN can do is assert its version of the DNS root... by signing it. [15:02:55] There is no split-DNS on any system I have anything to say about. [15:02:57] right [15:03:32] Not every one needs split-DNS. That's the great thing about the Internet. But there is significant operational experience with it. [15:04:01] --- dblacka has left [15:04:27] It takes my ears about a half hour to recover after wearing a headset for 2 hours... [15:04:29] like I said on the phone, there are lots of ways to 'understand' split dns [15:04:41] ....most them wrong....or perilous....or both [15:04:45] --- Ralph has left [15:05:42] but more to my point, most (or all) are different!! [15:06:32] --- RussMundy has left [15:06:34] steve/allison - you're moderators/owners for this room. we can either use it again or I can destroy it [15:06:39] --- ed has left: Logged out [15:06:58] Now this room is lagging for me [15:07:48] --- bill has left [15:08:07] later [15:08:09] --- mstjohns has left [15:08:11] --- jaap has left [15:11:59] --- stuart.schechter has left [15:13:30] --- Rodney has left [15:16:45] --- suz has left [15:28:25] --- mankin has left [16:06:08] --- kc has left [16:14:31] --- johani@jabber.org has left: Logged out [17:20:38] --- SteveCrocker has left [20:47:29] --- kc has become available [20:47:49] --- kc has left [23:07:21] --- kc has become available [23:26:19] --- kc has left