[09:21:00] --- stpeter has joined
[09:21:14] --- stpeter has left
[11:03:01] --- jaap has joined
[11:03:09] --- jaap has left
[12:40:42] --- suresh has joined
[12:40:45] --- suresh has left
[15:02:19] --- dr has joined
[15:25:44] --- frodek has joined
[15:41:40] --- dr has left
[15:41:40] --- dr has joined
[16:32:53] --- frodek has left: Disconnected
[16:37:44] --- weiler has joined
[16:38:19] --- weiler has left
[17:02:59] --- frodek has joined
[17:03:07] --- frodek has left
[17:23:20] --- iljitsch has joined
[18:10:29] --- pdevries has joined
[18:28:46] --- rpayne has joined
[18:46:36] --- iljitsch has left: Disconnected
[18:58:27] --- dts has joined
[19:16:25] --- frodek has joined
[19:28:51] --- mstjohns has joined
[19:29:15] --- dudi has joined
[19:29:23] --- suz has joined
[19:29:25] --- weiler has joined
[19:29:45] --- raj has joined
[19:30:15] --- robertml has joined
[19:30:37] <weiler> Active WG drafts:
[19:30:58] <weiler> bad-dns-res-03: no report. One editting cycle needed.
[19:31:19] --- marka-isc has joined
[19:31:28] <weiler> dnssec-operational-practices, Olaf: changes since last mtg were that 2541 was incorporated (doc now updates 2541), also rearranged contents drastically.
[19:31:37] <weiler> to make it more logical and readable.
[19:31:45] --- dblacka has joined
[19:32:11] <weiler> also changed a definition: "key effectivity period", since that's more common that "key validity period" in the crypto world.
[19:32:20] <weiler> inaddr-required:
[19:32:26] <dts> Daniel Senie is here, online.
[19:32:41] --- mattlarson has joined
[19:32:42] <weiler> chair: Daniel wants to respond to some comments on-line. Chair: want to leave it on the list
[19:33:05] <weiler> RobAustein: are people ok with the amont of normative language in teh draft now?
[19:33:28] <weiler> pekka: another question: please poll to see if this is something that needs to go forward.
[19:33:54] --- ogud has joined
[19:34:01] <weiler> RobA: asking for sense of room: is this important
[19:34:18] --- mattlarson has left: Replaced by new connection
[19:34:27] <weiler> RobA: a numebr believe we ought to be working on this.
[19:34:48] <weiler> key-rollover-0requirements
[19:34:49] --- Hollenbeck has joined
[19:35:04] --- robertml has left
[19:35:27] <weiler> editor asking for comments
[19:35:44] <weiler> ipv6-dns-configuration-05: editor not present.
[19:36:00] <weiler> pekka: what about v6 issues doc?
[19:36:18] <weiler> pekka: has been stalled for ~1 year waiting for AD c omments, now on way to iesg
[19:36:26] <weiler> repsize
[19:37:05] <weiler> Bill Manning: respsize draft talks about one of the issues w/ v4 and v6 -- what you can fit in an unfragmented packet.
[19:37:26] <weiler> this draft points out issues -- some local optimizations break things
[19:37:43] <weiler> nice appendix -- it would be a shame to see that expire. Bill would like to see this move forward.
[19:38:47] <weiler> RobA: when we last asked, one of the editors didn't think enough people had read it (no one found the easter egg)
[19:39:01] <weiler> SuzanneWoolf: hard to tell...
[19:39:43] <weiler> [missed one commenter]
[19:39:53] <weiler> EdLewis: is there any reason to wait? I think they should go fwd.
[19:40:05] <weiler> Chair: we wanted to wglc last time, but not enough had read it.
[19:40:20] <weiler> peter koch: would like to see the christmas present
[19:42:46] --- ogud has left: Replaced by new connection
[19:42:46] <weiler> [didn't quite follow]
[19:42:46] --- ogud has joined
[19:42:46] <weiler> Bill Manning: "send text"
[19:42:52] --- dblacka has left: Replaced by new connection
[19:42:53] --- ogud has left
[19:42:59] --- ogud has joined
[19:43:30] --- dudi has left: Replaced by new connection
[19:43:30] --- dudi has joined
[19:43:30] --- dudi has left
[19:43:47] --- raj has left: Replaced by new connection
[19:44:06] --- dblacka has joined
[19:44:09] --- raj has joined
[19:44:52] --- dblacka has left: Replaced by new connection
[19:44:53] --- raj has left: Disconnected
[19:45:36] --- frodek has left
[19:45:57] --- mstjohns has left: Replaced by new connection
[19:45:58] --- mstjohns has joined
[19:45:58] --- mstjohns has left
[19:46:01] --- Hollenbeck has left: Disconnected
[19:46:06] <weiler> serverid
[19:46:28] --- dblacka has joined
[19:46:33] --- dudi has joined
[19:46:40] --- raj has joined
[19:46:49] <weiler> suzanne woolf: was intended as inpout to dnsext work on replacement for hostname.bind. last mtg decided to wait for substantive comments then last call -- there were none, and it expired. she'd like a commitment to last call it if there are none.
[19:47:06] <weiler> sra: i think we're past the point of needing comments, let's just last call it. please resubmit.
[19:47:12] <weiler> dont-publish
[19:47:25] --- frodek has joined
[19:47:41] --- levigner has joined
[19:47:57] --- jaap has joined
[19:48:04] <weiler> AlainDurand: we're resurrecting this doc.
[19:48:20] --- suz has left
[19:48:29] <weiler> alain: non-goal: receive tomatos
[19:48:44] --- suz has joined
[19:48:47] --- marka-isc has left
[19:48:58] <weiler> issues: with ambiguous data
[19:49:16] --- mstjohns has joined
[19:49:28] <weiler> issus 2: w/ unreachable
[19:49:51] <weiler> (can someone else take over for a bit?)
[19:51:38] <jaap> Are unreachable addresses a problem?
[19:52:00] --- robertml has joined
[19:52:02] <jaap> Not when it is internal to my home, or other (isolated part of the net
[19:52:47] <jaap> A problems? Yes, when adresses are published to be globally reachable
[19:52:57] <jaap> (eg, home smtp server)
[19:54:08] <jaap> Recommendations: don';t publish in DNS non-global reachable adresses
[19:55:19] <jaap> Lewis: nameservers behind firewalls have information escape. Does the document adresses this?
[19:55:32] <jaap> Answer: No.
[19:56:14] <jaap> Austein: should we go forward or not.
[19:56:36] --- resnick has joined
[19:57:04] <jaap> Mainning chaneling Roberts Elz; It is my data, my zone file, I publish what I want, reachable or not.
[19:57:17] <jaap> There is no concept about reachhablilaty.
[19:57:40] <jaap> Manning, with Elz opposes this idea.
[19:58:10] <jaap> Liman: kind of agrees with Manning, but also with Lewis.
[19:58:31] --- mguod has joined
[19:59:07] <jaap> What you should document ishould show you deal with the data that you might publish and is not really reachable.
[19:59:42] <jaap> Austein: disagrees with Manning but there is a middle ground here.
[20:00:30] <jaap> Pekka?: Agrees with Rob.
[20:01:28] <jaap> Lewis: It should not be a don't do this type of document, but it should document what it cost when people do these things.
[20:01:35] --- liman has joined
[20:01:56] --- liman has left
[20:02:09] <jaap> (Missed name): people are trying to put to many things in DNS but it isn't the job of DNS.
[20:03:00] <suz> that was keith moore
[20:03:03] --- marka-isc has joined
[20:04:24] <jaap> John Smith: issue is people should use split dns
[20:04:32] --- liman has joined
[20:04:48] <weiler> (I wonder if Suresh is getting scared?)
[20:05:24] <weiler> (current speaker says he was at one time called a luddite for mentioning split dns)
[20:06:23] <weiler> sra is declaring this topic out of order.
[20:06:33] <jaap> Austein: spil dns discussions is out of order.
[20:06:39] --- liman2 has joined
[20:06:52] --- liman2 has left
[20:07:34] <weiler> room seems to feel that the work is worthwhile.
[20:07:45] <weiler> new presenter:
[20:08:02] <jaap> Document adapted as WG item.
[20:08:09] <weiler> Jaehoon Paul Jeong, vp-dns-configuration.
[20:08:14] <weiler> v6, that is.
[20:08:35] <weiler> they had 9 iesg comments.
[20:08:36] <jaap> New topic: ipv6-dns-configuration
[20:09:14] <jaap> Speaker goes over comments from IESG
[20:09:28] <weiler> they added two paragraphs on dnssec... (not following this well)
[20:10:30] <jaap> (difficulty following this as well)
[20:10:41] <weiler> https://datatracker.ietf.org/public/pidtracker.cgi?command=print_ballot&ballot_id=1507&filename=draft-ietf-dnsop-ipv6-dns-configuration
[20:11:48] <weiler> they want dnssec experts to review the dnssec paragraphs.
[20:11:54] <weiler> (sigh)
[20:12:19] <mstjohns> I just read the two paragraphs - they need some fixing...
[20:12:57] --- liman has left
[20:14:01] --- raj has left: Replaced by new connection
[20:14:19] --- fenton has joined
[20:14:20] <weiler> (wasn't this supposed to have been done or shut down by last august?)
[20:14:21] --- raj has joined
[20:14:38] --- mguod has left
[20:14:39] <jaap> Kessens (AD): in IESG not 100% agreement. Ask to be careful.
[20:14:45] --- liman has joined
[20:15:09] --- liman has left
[20:15:12] --- dudi has left: Disconnected
[20:15:39] <jaap> Pekka: doesn't really understand about what the IESG disagrees
[20:17:04] <jaap> Austein: There is was quite some discussion about this, buit there is no consencus. No point is=n discussing things again.
[20:17:49] <jaap> Pekka: document not meant for consencus. Just describing what can be done
[20:18:00] <jaap> (I hope I unjderstand all this correctly)
[20:18:08] --- fenton has left
[20:19:28] <jaap> Durand: is confused (I'm as well)
[20:19:48] <jaap> asks AD what is next?
[20:20:48] --- liman has joined
[20:20:50] --- raj has left: Disconnected
[20:21:17] --- dr has left
[20:21:37] --- frodek has left
[20:21:38] <jaap> Kessens: next step, fix problems first, take away worry from some IESG members
[20:21:38] <jaap> (Network seems to die on me)
[20:22:23] <jaap> Back gain.
[20:22:25] --- darrin has joined
[20:22:31] <jaap> Geof Houston: 6to4 Reverse DNS Delegation
[20:22:34] <weiler> geoff huston.
[20:22:45] <weiler> building on previous work by keith moore
[20:23:06] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-huston-6to4-reverse-dns-03.txt
[20:23:06] <weiler> being tested by rirs -- populates reverse tree w/ self-service...
[20:23:22] <weiler> does this wg want to take this on as informational?
[20:23:33] <weiler> bhow many have read it: sizable
[20:24:06] <weiler> bill manning: existing maintainer of 2002 reverse map. strongly support and encourage this happening (operationally, if not within this group)
[20:24:18] <jaap> Manning: stronly encorages and support this (as maintainer of 2002 reversed)
[20:24:19] <weiler> MarkANdrews: definitely want to see somethign that addresses this issue
[20:24:42] <weiler> markA; Could do this all in dns rather than include http.
[20:24:44] --- darrin has left
[20:24:47] <weiler> (ick)
[20:24:48] --- dudi has joined
[20:25:06] <weiler> chair: please vote only if you've read it.
[20:25:21] <weiler> most (except bill) seem to think that it should be a wg item.
[20:25:30] <weiler> bill at mike pointing this out right now.
[20:25:48] <weiler> bill M: I got quizacal looks -- explaining: it'll take too long.
[20:26:08] <weiler> it could be done in a week or so, but he doesn't want it to wait . he just wants to ship it.
[20:26:35] <weiler> geoff: it's the ad's call - if the ad wants to take it on... but geoff think sit could benefit from a round through dnsop.
[20:26:51] <weiler> pekka savola: i said to take this on 1-1.5 years ago
[20:27:07] <weiler> pekka: lets use the wg process -- leaving it outside wg didn't make it progress.
[20:27:19] <suz> Bill: the "work item" could consist of WGLC :)
[20:27:35] <weiler> ???: enough people use this that the burden shouldn't fall to the usual dnsop suspects
[20:27:40] <weiler> chair: sounds like we should take it on.
[20:28:02] <weiler> new topic: Suresh Krishnaswamy (fromSPARTA) on split view.
[20:28:03] --- resnick has left: Disconnected
[20:28:17] <weiler> dnssec for split view
[20:28:34] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-krishnaswamy-dnsop-dnssec-split-view-00.txt
[20:28:50] <jaap> Split view in a nutshell:
[20:29:27] <jaap> Multiple views, don't publish all the namespace, but keep parts internally.
[20:29:45] <jaap> Draft explains how to use plitview with DNS SEC
[20:30:09] --- raj has joined
[20:30:09] <weiler> his proposal: does not depend on special code in auth servers (don't need to be able to load two versions of zone)
[20:30:15] --- geg has joined
[20:30:17] --- resnick has joined
[20:30:39] <jaap> Drafts doesn't describe hiding
[20:30:47] <jaap> split view is fragile
[20:31:26] <jaap> create seperate delegation for sensitive name
[20:31:26] --- geg has left: Disconnected
[20:31:56] <jaap> Importsncae of draft:
[20:31:56] --- ggm has joined
[20:32:06] <jaap> spli view and dnssec conflicts
[20:33:17] <jaap> Drafts goes in details, such as firewall config, examples etc.
[20:33:44] --- johani has joined
[20:35:01] <jaap> Keith: in you example you don't show application.
[20:35:27] <jaap> Austein warns about that the discussions goes isnto well known rathole
[20:35:33] <suz> chair: we're not hear to debate split DNS
[20:35:43] <suz> q is how do we do this, given that people will?
[20:35:44] <jaap> (Network is yoyoing again on me)
[20:36:05] <suz> keith: need to more fully document assumptions and risks
[20:36:24] <suz> chair: see above
[20:36:44] --- raj has left
[20:36:59] <suz> chair: focus on adding DNSSEC to split-view world
[20:37:08] --- raj has joined
[20:37:27] --- michael has joined
[20:37:28] --- mattlarson has joined
[20:37:56] <suz> Ed Lewis: split-view is essential, so yes, write it up. However, my way of doing it is different. Note there are multiple approaches. If we do WG item, it should show multiple approaches
[20:38:36] <suz> Sam Weiler: dsiagree with Keith that we should examine split-view in general, if people don't want to, don't bother
[20:38:58] --- robertml has left: Disconnected
[20:38:58] --- raj has left
[20:39:15] <suz> Bill Manning: if WGLC, advance it! there are philosophical issues, but not for here. Go forth.
[20:39:19] --- raj has joined
[20:40:35] <suz> Russ Mundy: note past criticisms on DNSSEC deployment for not abiding by RFC 1919. Since that's occasionally cited, current work should update existing work (admittedly obscure) on deployability of DNSSEC.
[20:41:32] <suz> chair: no clear sense of the room on adopting it as work item, so go to the list
[20:41:59] <weiler> other chair: probably enough to consider it a work item, but not enough to get it out of the WG
[20:42:12] <weiler> Scott Hollenbeck re: EPP DNSSEC extensions.
[20:42:32] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-hollenbeck-epp-secdns-06.txt
[20:42:39] --- mguod has joined
[20:42:48] <jaap> Hollenbeck: two slides. A couple of loos ends, are a couple of parameters necessary?
[20:44:05] <jaap> Mainly publication start and end date; DS TTL; RRSIG lifetime.
[20:44:07] <weiler> Ed: this is what I came to the mtg for.
[20:44:37] --- geg has joined
[20:45:17] <jaap> Lewis is worried that parent is telling too much about the child.
[20:47:30] <jaap> Signals problem when still parents publish keys which are retracted by child earlier then at first was agreed on.
[20:47:57] --- michael has left
[20:48:03] --- mmealling has joined
[20:48:51] <jaap> Lewis reminds of discussion earlier in the now dead provreg group: What if the parent doesn't agree about the TTL requested by the child?
[20:49:44] <jaap> That's why specifying TTLs was left out (?), but now it comes back.
[20:50:02] <jaap> Add send an email earlier this week about the details.
[20:50:53] <jaap> Olafur: Drop the TTL, the reason for it is very weak.
[20:51:15] <jaap> Mark Anderws: concurs
[20:51:36] --- raj has left: Logged out
[20:51:40] <jaap> Lewis and Hollenbeck thing there is a nive way out.
[20:51:50] <jaap> s/thing/think/
[20:52:07] --- dblacka has left: Disconnected
[20:52:13] <jaap> Sam Weiler will have some comments, Scott will wait on that.
[20:52:54] <jaap> Scott: wants the discussion finished in this group after wating on Sam
[20:52:54] <weiler> uh-oh.
[20:53:08] <weiler> now I feel like i'm on the spot...
[20:53:18] <suz> you are
[20:54:02] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-fujiwara-dnsop-bad-dns-auth-02.txt
[20:55:00] <jaap> Fuijwara high lights some details (Mainluy section 4 of the draft)
[20:55:29] <jaap> Rewrite necessary
[20:55:40] --- mattlarson has left: Replaced by new connection
[20:55:59] --- geg has left
[20:56:04] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-fujiwara-dnsop-dns-transport-issue-00.txt
[20:56:13] <jaap> more open issues.
[20:57:03] <jaap> Shows an example for which always TC is set but cannot connect via TCP
[20:57:59] --- mstjohns has left: Disconnected
[20:58:01] <jaap> Austein asks for the issues slide again
[20:59:27] --- dblacka@ecotroph.net has joined
[20:59:42] --- dblacka@ecotroph.net has left
[20:59:44] --- dudi has left: Disconnected
[21:00:00] --- dblacka has joined
[21:00:06] <jaap> Discussion starts over the role of EDNS0
[21:00:19] <jaap> with Mark Andrews.
[21:00:49] <jaap> Austein: Maybe not a WG item yet, probably should wait for next revision
[21:01:21] <jaap> New topic:
[21:01:24] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-yasuhiro-dnsop-increasing-dns-server-02.txt
[21:01:43] <jaap> (couldn';t follow remark made about this)
[21:02:18] <jaap> http://tools.ietf.org/tools/rfcmarkup?draft=draft-palet-v6ops-tun-auto-disc-03.txt
[21:02:42] <jaap> (Savola). There was a BOF about this
[21:02:54] <jaap> Tunnel End-point Discovery
[21:03:09] <jaap> Do we need it?
[21:03:23] <jaap> (Slides go to fast to keep up)
[21:04:17] --- raj has joined
[21:05:10] --- levigner has left: Disconnected
[21:09:14] <jaap> Olaf: reponds on the suggestion that new RR types take a long type
[21:10:18] --- ogud has left: Disconnected
[21:10:33] <jaap> Keith Moore: Things seems upside down to take another layer service towards DNS
[21:11:44] <jaap> Keith: unnecessary circular dependencies
[21:12:30] <jaap> Durand, things the dependency is not as bad as sketched
[21:17:04] --- dts has left
[21:17:08] --- ogud has joined
[21:17:53] --- ogud has left
[21:18:40] <jaap> (Discussion follows, but the details escape me).
[21:19:19] <jaap> Next Topic: The DNS Phase In Problem 10 minutes Koch
[21:20:27] <jaap> Slide problems; Acts for two peopke and a Mac starts (Ed Leiws & Peter Koch).
[21:21:45] <jaap> Problem: Wonderful feature FOO, Need lookup service. So. leyt's put it in DNS
[21:22:24] --- liman has left
[21:23:14] <jaap> Initial deployment: Foo record means yes, I have this feature, no I either don't know or I don;t care about the FOO feature.
[21:23:54] <jaap> So need somthomng like !FOO. Use wildcards, or something else?
[21:24:04] <jaap> Only needed fpor initial deployment
[21:25:01] <jaap> This problem is reoccurring: As example Enum space
[21:26:04] <jaap> Questions: Is this a probl;em? if so, where do we adress this, proactive WG fetilization needed?
[21:26:20] <jaap> People lining up for the phone.
[21:26:33] <jaap> Durand: don't think it is a problem.
[21:26:50] <jaap> Koch, doesn't want tol name SPF, but it is an example.
[21:27:07] <jaap> Mark A. argues to Durand it is a problem.
[21:28:05] --- raj has left: Replaced by new connection
[21:29:12] --- raj has joined
[21:29:35] <jaap> Sam Weiler doesn't understand the need for the three states (known, don't know, ignore the new FOO feature on purpose).
[21:32:20] <jaap> various arguments pro and con, whether this is a problem, breaks things etc.
[21:32:49] <jaap> Crispin: Why isn;t this just an error, Koch explains.
[21:33:57] <jaap> Lewis: Getting Thirsty (me too). Sounds like the chicken and egg problem.
[21:35:06] <jaap> Lewis doesn't think DNS can help a lot here.
[21:35:25] <jaap> Koch: Application designers might want guidelines on this.
[21:36:41] --- ogud has joined
[21:36:43] <jaap> Keith Moore: Maybe recommendations in an RFC for application developpers
[21:41:03] --- suz has left
[21:41:04] --- suz has joined
[21:41:55] --- ogud has left: Replaced by new connection
[21:41:55] --- ogud has joined
[21:41:55] --- ogud has left
[21:47:51] --- resnick has left: Disconnected
[21:47:58] --- johani has left: Logged out
[21:48:07] --- mguod has left: Replaced by new connection
[21:48:09] <jaap> New topic: Blue sheets
[21:48:09] <jaap> new topic: The DNS Phase In Problem 10 minutes Koch
[21:48:09] <jaap> (Having network problems again)
[21:48:40] --- mguod has joined
[21:48:58] --- suz has left
[21:48:58] --- suz has joined
[21:50:03] --- russmundy has joined
[21:50:57] <jaap> (Back on line). Basic idea, help people start with dnssec. Missed a lot of the talk, but details likely be available at http://www.dnssec-deployment.org/.
[21:51:40] <jaap> (Oops, topic was: Technical pieces for DNSSEC deployment)
[21:52:33] <jaap> Questions? None.
[21:52:36] <jaap> That;s it Folks!
[21:52:43] --- marka-isc has left
[21:52:55] --- raj has left: Disconnected
[21:53:38] --- jaap has left
[21:55:59] --- russmundy has left: Disconnected
[21:56:12] --- weiler has left
[21:56:35] --- suz has left
[21:58:34] --- dblacka has left: Disconnected
[21:58:38] --- robertml has joined
[22:02:36] --- mguod has left
[22:04:19] --- ggm has left: Disconnected
[22:06:44] --- mstjohns has joined
[22:06:53] --- robertml has left
[22:07:44] --- mstjohns has left
[22:16:18] --- levigner has joined
[22:32:20] --- RussMundy has joined
[22:35:28] --- levigner has left: Disconnected
[22:36:45] --- rpayne has left
[22:37:50] --- RussMundy has left: Logged out
[22:43:10] --- RussMundy has joined
[22:44:58] --- RussMundy has left: Logged out
[23:38:23] --- sra has joined
[23:50:21] --- sra has left