Minutes for the DNS Extensions Working Group IETF 75 Stockholm, SE 2009-07-29 13:00 The Chairs Olafur Gudmundsson and Andrew Sullivan brought the meeting to order. Peter Koch volunteered to take minutes. Joe Abley volunteered to report in the Jabber room. The Jabber log is at http://jabber.ietf.org/logs/dnsext/2009-07-29.txt. The audio recording of the meeting is available from ftp://videolab.uoregon.edu/pub/videolab/video/ietf75/ietf75-wed-largestage-pm.mp3. ---- The Chairs started with the usual administrative material. Due to projector trouble, the Note Well message was not displayed for very long, but Andrew reminded participants about their duties. The Chairs noted they had sent a report to the mailing list on working group progress, and asked for comments. None were heard. ---- The Chairs opened the discussion on forgery resilience. Olafur presented an overview of where the WG stands since the topic was last broached. The options included DNS Ping (document withdrawn), 0x20 (withdrawn but picked up by someone else), RTT Banding (which makes many people afraid and requires lots of work), Cache lifetime extension (covered in one or two drafts, and apparently widely accepted), discussion of CNAME/DNAME chaining (move the processing away from the authoritative servers), and just falling back to TCP (many think this won't scale, though some think this will work and .org seems to be holding up with large volumes of TCP traffic). Olafur asked whether the WG should adopt one or both of draft-barwood-dnsext-fr-resolver-mitigations and draft-wijngaards-dnsext-resolver-side-mitigation, or whether the item should simply be dropped from further consideration. The Chairs expressed surprise that there was initially little response from the WG. This caused Andrew to note that no strong support automatically means, "Do no more work," and were prepared to let the item drop. Some discussion then started including remarks from Olaf Kolkman, Suzanne Woolf, Peter Koch, Rob Austein, Bill Manning, Antoin Verschuren, Jelte Jansen, Wes Hardaker, Paul Hoffman, Shane Kerr, and Andreas Gustafsson. Discussion revolved around whether it would be good to document the ideas that have been proposed and to outline the potential effects of them -- even so far as to build a catalogue of "bad ideas". Several people suggested that the various proposals may have deleterious effects on interoperability. Others noted that merely writing down an option may give ideas legitimacy, though there was some observation that some of the ideas are in fact being implemented anyway. The Chairs put to the WG four options, by humming: 1. Do nothing. Some support was heard for that. 2. Adopt the Barwood draft. There was no support heard. 3. Adopt the Wijngaards draft. There was almost no support heard. 4. Adopt a combination of (2) and (3) -- a complete catalogue with recommendations. There was the most apparent support for this option, though still weak. The Chairs interpreted their task to be to take option (4) to the mailing list for confirmation, and to appoint editors for such a document. This concluded the discussion on the topic. ---- The Chairs opened discussion on the EDNS0 issues. They reported that a new editor, Michael Graff, for draft-ietf-dnsext-rfc2671bis-edns0 . In addition, a draft by Olafur on EDNS0 and the DO bit will have any useful bits in it integrated to rfc2671bis. Then Eric Osterweil presented some data about Path MTU, DNSSEC, and buffer sizes. Participants were directed to http://vantage-points.org and in particular the dnsfunnel application. There were no actions for the WG from this discussion. ---- Andrew Sullivan speaking as one of the co-editors asked for the WG's attention to draft-ietf-behave-dns64. He asked participants particularly to attend to the proposals mucking with DNS answers. There was some discussion including remarks from John Schnizlein and Rob Austein. He asked for feedback to BEHAVE, or, if participants are unwilling to join that list, offered to forward comments to the BEHAVE mailing list. ---- Shane Kerr spoke briefly about draft-kerr-ixfr-only-00. There were comments from the microphone from Jelte Jansen, Lars-Johan Liman, Masataka Ohta, and Peter Koch. The Chairs asked and learned that approximately 20 people had read the draft. The Chairs asked whether people thought the approach a good idea, and there was a mild hum in favour. There was no hum in response to the question of whether people thought it was a bad idea. The Chairs will send a note to the mailing list looking for stated support for certain drafts to be added to the Charter. Only if there is adequate support will the document be added to the Charter, making the documents in question in scope. ---- The Chairs opened discussion on the WG Charter. The draft Charter was already IETF last called, but after that message went out there were a few additional topics people asked to have added: IXFR Only DNS RFC Guide RFC 1034/5 rewrite DNSKEY support option? There was some discussion about some of these options, particularly on the topic of the DNS RFC Guide, including remarks from Lars-Johan Liman, Paul Hoffman, Peter Koch, Wes Hardaker. There was considerable discussion about the "living document" status of some work and whether it would be the most useful format for this work. The Chairs asked for guidance from the WG, and heard that the WG surely wanted to add a WG Charter item in support of a DNS RFC Guide. There was very little support for creating and RFC, and some support for some other format of such a guide. The Chairs were to investigate how to add a non-RFC milestone to the Charter. ---- Li Lianyuan spoke briefly about draft-li-dnsext-ipv4-ipv6-01. Mark Andrews suggested an alternative approach. The Chairs asked how many people had read the draft; approximately 15 indicated they had. The Chairs asked by hum whether there is a problem to address in this space, and got strong agreement from the WG. However, the hum about whether to adopt the draft received only a faint noise against and no support in favour. ---- The Chairs opened discussion on adding new DNSSEC algorithms. First, Steve Crocker presented briefly on draft-crocker-dnssec-algo-signal, and appealed for WG reviewers and adoption. There was some brief discussion at the microphone, but the Chairs deferred any decision about adopting the draft until after the rest of the algorithm discussion. Next, David Conrad asked the WG for feedback about the possibility of signing the root zone with RSA/SHA-256 from the very beginning. There were strong arguments presented for both the option of signing with SHA-256 and SHA-1, and many people were left standing at the microphone because the Chairs had to close the lines to keep the WG on schedule. The Chairs asked people to take their comments to the mailing list. Next, the Chairs turned to the question of how DNSSEC algorithm identifiers are assigned. There are three different registries for which standards action is always needed for allocation; people have asked that this be relaxed. Alternative arrangements are "RFC published", "Expert review", "First Come, First Served"; the latter seems bad because the space is constrained. The first area of concentration is the DNSKEY registry. The Chairs need guidance on what direction the WG wants to pursue. There was discussion at the mic including remarks from Alex Mayrhofer, Paul Hoffman, Wes Hardaker, and Steve Kent. Paul Hoffman volunteered to write an initial I-D for WG consideration on what to do next. The Chairs accepted his offer. The Chairs recused themselves from evaluating whether to adopt draft-crocker-dnssec-algo-signal, because both report to one of the draft's authors and the Chairs received a protest from a WG participant. Patrik Faltstrom agreed to act as arbiter of the WG's desires. The Chairs asked the questions for Patrik's information. Fifteen to twenty people reported having read the draft. Hums in favour and against adopting the draft seemed to be very similar; Patrik reported hearing a slight majority in favour of adopting, but wanted to talk to those expressing opinions and said he would report back to the WG after having done so. ---- The Chairs will notify the WG two months in advance of the start of the Hiroshima IETF if there is a WG meeting contemplated there. The Chairs thanked the WG, asked for the return of the blue sheets, and adjourned the meeting.