All
I ended up taking a few days off last week than expected, but I wanted to
send out the minutes, as well as the list of chairs' actions we recorded.
The minutes are attached here but are also in their usual locations:
https://datatracker.ietf.org/doc/minutes-116-dnsop/
https://github.com/ietf-wg-dnsop/wg-materials/blob/main/dnsop-ietf116/dnsop-ietf116-minutes.txt
Many thanks to Paul Hoffman for excellent minute taking.
Please let us know if anything is incorrect.
Also here is what we have in terms of Chairs Actions. Again, speak up if
you think we are missing something (we could be).
Chairs Actions:
- Call for Adoptions:
- draft-thomassen-dnsop-cds-consistency
- draft-huque-dnsop-compact-lies
- Follow up on avoid-fragmentation
- Finish up Shepherd w/ups
- 8499-bis
- glue is not optional
- Kick off WGLC after those two are done
- zoneversion (tim Choice)
- draft-ietf-dnsop-caching-resolution-failures
- draft-ietf-dnsop-dns-error-reporting
We have our biweekly chairs call tomorrow (modulo some webex fail), so we
should have some updates on the writeups
thanks
tim/Benno/Suzanne
DNSOP WG
IETF 116, Yokohama
Thursday moringing, March 30, 2023
Chairs: Benno Overeinder, Suzanne Woolf, Tim Wicinski (remote)
Minutes taken by Paul Hoffman
Only stuff said that happened at the mic is reported here
Administrivia and updates of old work
GNU Name System (Very Short Update), Christian Grothoff
https://datatracker.ietf.org/doc/draft-schanzen-gns/
Warren Kumari: Need to reply to authors
Did the IETF conflict review
Close to DNSOP, but doesn't prevent publication
Has a limited number of possible responses in the
conflict review
Wes Hardaker: Thank you for using .alt
Lots of cool technology in the protocol
Christian: Knew that they had publish a RFC
Conflict with the RRtypes, prevents working with the DNS in the
future
George Michaelson: Mostly philosophical comments
Implement a registry function for .alt
First occupant has some expectation of structure
Who has control of the registry?
Christian: Will do first come, first served in their
own .alt
Has an issue with "reservers"
Should not be spinning an alternate registry
Christian: Didn't get an IANA, so they did their own
Eliot Lear: Thanks to the WG, authors and ADs
Has not made a publication decision yet
Invites people to still commment to the ISE
Structured Error Data for Filtered DNS - Document Update, Tirumal Reddy
https://datatracker.ietf.org/doc/draft-ietf-dnsop-structured-dns-error/
Ben Schwartz: Would like to see the registries tightly controlled: IETF
review
Wants to prevent the designated expert from being pressured for
odd states
Tommy Pauly: Agrees with Ben on reviews
Wants the text to not be browser-specific
Contact info marked as mandatory
There may be future cases which don't need contact info
Browser or OS may know better than the DNS about what
to do because it has more context
Tiru: Agrees, didn't put specific URIs in
Should be a list of URIs, but may be too narrow
Structured Error Data for Filtered DNS - Implementation, Gianpaolo Scalone
(remote) and Ralf Weber (local)
https://datatracker.ietf.org/doc/draft-ietf-dnsop-structured-dns-error/
Designed an extension for Chrome
Wes: Super happy to see the deployment
Ralf: No address redirection
Use NXDOMAIN with EDE
What is the UI when the main page is fine but are requesting
sub-resource like JS or CSS
Tiru: Don't want a user to go to another page, so put it all on the
main page
Gianpaolo: Sees some text to explain this
Tiru: Can address comments gotten here
Domain Verification Techniques using DNS, Shivan Kaul Sahib
https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques
Yasuhiro Morishita: Wants information for external DNS providers
Users cannot usually add underscore names
John Levine: Draft has considerbly improved
Wants more definition of what is machine-readable and what is
human-readable
Give plausible argument about why CNAME is not a good idea
Wes: Encourage text that says if not using DNSSEC, must do other
mechanisms
Compact Denial of Existence in DNSSEC, Shumon Huque
https://datatracker.ietf.org/doc/draft-huque-dnsop-compact-lies/
Lars-Johan Liman: Does the draft do things differently if the DO bit is
set?
Shumon: Not currently, but is considering
But this has impact on resolver, please describe in document
Viktor Dukhovni: A lot of complexity depending on resolver setting DO
bit
Someone might deliberately send known NXDOMAIN through resolvers
Shumon: Will document this
May take a while for current implementations to go away
Shumon: Optimistic that the current implementers can
change quickly
Jim Reid: Skeptical of this
Rather ugly from protocol point of view
A lot of work for just to make responses shorter
Would want it to be informational
Shumon: Wants to implement what is already done
Christian Elmerot: Thinks that this simplifies things quite a bit
Already using in production, but are doing it differently
Wants to have one way to suggested
Jim: Happy to have this help coordination, not standard
Ralf: Thanks for doing this, need to document it
Should minimize impact on the rest of the ecosystem
Consistency for CDS/CDNSKEY and CSYNC is Mandatory, Peter Thomassen (remote)
https://datatracker.ietf.org/doc/draft-thomassen-dnsop-cds-consistency/
Viktor: Corner case: if someone is moving to a hoster that doesn't do
DNSSEC
Peter: Could add a way to turn off DNSSEC on transfer
Johan Stenstram: Breaks the logic that "if it is signed, it is good"
Doesn't like "if this is really important"
Let's not go there
Authoritative servers are proxies for the registrant
Out of sync is reflection on the registrant: business issues
Wes: CSYNC was for keeping DNS up and running
CSYNC can't fix the business problems
Peter: Agrees that one signature should be OK
Other parts of the spec also suggest asking multiple places
Generalized DNS Notifications, Johan Stenstam
https://datatracker.ietf.org/doc/draft-thomassen-dnsop-generalized-dns-notify/
Viktor: Once it is a service, is the transport UDP?
DNS Out Of Protocol Signalling, Willem Toorop
https://datatracker.ietf.org/doc/draft-grubto-dnsop-dns-out-of-protocol-signalling/
Lars-Johan: Please do this
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
