DNS Extensions Working Group Tuesday afternoon IETF 73 Minneapolis, US 2008-11-18 15:20-1700 CST Minute scribe: John Schnizlein Editor: Andrew Sullivan Chairs: Olafur Gudmundsson and Andrew Sullivan The Chairs called the meeting to order at 15:20. Jabber and minute scribes volunteered. No-one asked for changes to the agenda. The Chairs ran quickly through the status of WG items. Many are languishing. A WG item that had been prominent was the protocol-profile work, but the Chairs killed the work as promised in Dublin because of a lack of progress. Some output will be taken up under new work. The Chairs updated the room on the status of two open expert review requests, which are both about to be rejected. Andrew Sullivan asked for feedback on how the process has been running. Peter Koch noted a possible "race condition" between active working group documents and the expert review output. Andrew committed to producing some guidance for practice. Donald Eastlake noted that there is already some provision to help with this in the existing document. Olafur Gudmundsson opened the discussion on further forgery resilience work, and updated the working group on the details of a design team meeting. The team included the Chairs, Nicholas Weaver, Antoin Verschuren, Jim Reid, Matt Larson, Peter Koch, and David Blacka. The team meeting appeared to yield some agreement, but additional consultation with the WG is necessary. The Chairs opened the microphone for discussion. The discussion that followed included Shane Kerr, Ed Lewis, Olaf Kolkman, Stuart Cheshire, Jelte Jansen, Jim Reid, Peter Koch, Bruce Campbell, Roy Arends, Lars Liman, Rob Austein, Matt Larson, Paul Hoffman, Ted Lemon, Wes Hardaker, Jason Livingwood, and Nicholas Weaver. Several themes emerged in the discussion. Some people are wary of doing anything at all. Others are interested in proceeding, but are anxious to do things carefully. Everyone is aware that in fact DNSSEC is the only real answer, but several participants noted that DNSSEC will take a long time to be universally deployed, and may never be. In addition, there was some scepticism about how important acting is, given that many sites haven't patched already. There appeared to be frequent expressions of concern about the side effects of any action. Many people thought the proposals are all hacks. Finally, some expressed worries that efforts in this direction will steal energy from deployment of DNSSEC. Olafur took an action item to summarize, provide some set of proposals to the WG (including the option of "do nothing"), and then stated that he wanted to wind up work on the issue quickly. The Chairs opened discussion on draft-bellis-dnsext-dnsproxy-00. This may be where the (killed) profile work reappears. Heard no opposition to adopting this as WG effort. Those who support adoption are assumed to volunteer to review the document. The Chairs opened discussion of draft-bagnulo-behave-dns64, and explained that the reason it is on the agenda here - not as liaison - is that it changes DNS behavior. The new BEHAVE charter says that any DNS-changing work that comes from BEHAVE will also get a WGLC in DNSEXT. Marcello Bagnulo gave a presentation on the state of affairs with DNS64. As he went, he asked some questions of the WG. He asked whether the synthetic response from DNS64 needed to be somehow "tagged" to indicate the synthesis. Discussion involving Ed Lewis, Francis Dupont, Roy Arends, Peter Koch, Rob Austein, and Mark Andrews seemed to indicate that tagging is unnecessary. Discussion turned to DNSSEC, but ran out of time. Andrew Sullivan, speaking not as chair, asked people to review the draft soon because the DNSEXT participants have the expertise needed to be brought to bear on the problem. He asked that messages be sent to the BEHAVE mailing list, and noted that if people wanted to send comments there without subscribing he is willing to accept such messages and forward them. The Chairs opened discussion on draft-andrews-dnsext-expire. The Chairs noted that the author requested adoption of the draft previously. Does the WG want to adopt this draft? Peter Koch, Rob Austein, and Ed Lewis all commented. The Chairs said they plan to look on the mailing list for arguments for/against and for 5 people supporting to review documents. The Chairs noted an outstanding request for the WG to adopt draft-crocker-dnssec-algo-signal. Please express support or opposition on the list. Stuart Cheshire discussed Sleep Proxy. He has requested a new EDNS0 option code from IANA. Need the device's MAC address to wake a sleeping proxy DNS server holding certain records. Rob: who do you anticipate implementing this? This is a LAN hack. Stewart: Just me. Yes, this is a local-only hack. Roy Arends reported finding a contradiction in the NSEC3 RFC. He has posted details on the mailing list. Olaf Kolkman: it would be useful for a document to carry NSEC3 through proposed standard. The meeting adjourned at 17:00.