Minutes of the DNS Extensions Working Group meeting at IETF 77 Prepared by Matthew Pounsett dnsext - 2010/03/23 13:00 PDT Name Equivalence / Aliases Issue ================================ Constraints Changes -------------------- NEW: Solutions must work with intermediary iterators and forwarders NEW: Delegation hierarchy needs to be taken into account. Records near the root of the tree can't make definitive statements about what is happening further from the root. CHANGE: Perhaps instead of "may require upgrades of client resolvers" perhaps "may require upgrades of client applications" Questions To Answer ------------------- 1) Do we require UPDATEs to modify nodes that are "the same"? 1a) Do we require immediate updates of all nodes, or can we allow for some delay required by copy operations? 1b) By "immediate" do we mean that all authoritative servers need to updated instantly? 1c) By "immediate" do we mean that caches need to be updated instantly too? (out of scope) 2) Is it okay that one of the names pointing to a node is an alias? Do we need to know what all of the aliases are? 3) If we do things way X, what breaks for the community? What about way Y? Possibly a more tractable question than finding all possible use cases. 4) Before trying to get a complete taxonomy, should we find out how the community feels about the hard constraints? draft-ietf-dnsext-dnssec-bis-updates-10 ======================================= - CD bit handling logic needs to be sorted out on mailing list - Changes due to "rollover and die"? Deferred until after rollover discussion - Time to WGLC and publish? Unanswered draft-dempsky-dnscurve-01 ========================= Comments -------- - client privacy is an interesting problem solved by this technology and by no other - point to point encryption may cause problems with middleboxes blocking DNS traffic they don't recognize - integrity not encryption should be considered to solve the middlebox problem - should consider a better researched curve - Diffie-Hellman results should be cached - should answer the question "What problem are we trying to solve?" before choosing to adopt this work and start engineering Sense of the room ----------------- Who has read this draft? enough How many people support adoption of this document? quiet How many people are opposed to adoption of this draft? quiet How many people have not made up their minds? more significant Taking this to the mailing list for followup. Paul Vixie - 0x20 ================= Should this progress with the intention of amending 1035? support, few opposed Should the document be spit into Standards Track and Informational? Unanswered Roll over and die ================= Should some changed be incorporated in draft-ietf-dnsext-dnssec-bis- updates? Additional discussion deferred to the list.