Title: This is the DNSEXT Working Group (where the microphones are at Scandic hights)
1This is theDNSEXT Working Group(where the
microphones are at Scandic hights)
- San Diego IETF60
- jabberdnsext_at_ietf.xmpp.org
2Agenda DNSEXT
- Administrivia 5 min
- appointing scribes
- Classic David Blacka
- jabber George Michaelson (dnsext_at_ietf.xmpp.org)
- blue sheet
- agenda bashing
- Monday Aug 2, 0900-1130 1st slotDNSSEC session
- Thursday Aug 5, 900-1015(!?) Other DNSEXT
extension work.
3Monday agenda
- Announcements
- Reid DNS-MODA announcement (approx 3 min, no
discussion) - DNSSEC Deployment issues
- Report on implementation
- Key management topics (approx 60 minutes)
- StJohns draft-stjohns-dnssec-trustupdate-01
- Ihren DNSSEC in-band key rollover(draft-kolkman-
dnsext-dnssec-in-band-rollover-00)
4Monday agenda continued
- Requirements for future work on Denial of
Existence (approx 60 minutes) - Loomis/Laurie Requirements overview
- Possible transitions
- Koch draft-ietf-dnsext-dnssec-trans-00.txt
- Possible approaches
- Arends DNSNR draft-arends-dnsnr-00.txt
- Laurie NSEC2 http//www.links.org/dnssec/draft-la
urie-dnsext-nsec2-01.txt - Weiler comparing the above
- Wrapup (approx 10 minutes)
5Thursday AgendaOther DNSEXT work.
- Schlyter Report on RFC 3597 interoperability
testing.http//www.rfc.se/interop3597 - Eastlake draft-eastlake-tsig-sha-03.txt (10m)
- Austein draft-austein-dnsext-nsid-01.txt (10m)
(Related to draft-ietf-dnsop-serverid-02 ) - More WG Administrivia
- Document Status
- Charter Review
- Open mike
6And now for something completely different
- Report on implementation
- Key management topics (approx 60 minutes)
- StJohns draft-stjohns-dnssec-trustupdate-01
- Ihren DNSSEC in-band key rollover(draft-kolkman-
dnsext-dnssec-in-band-rollover-00)
7Continuing the agenda
- Intermezzo Vixie DLV
- More discussion of key-managment
- We forgot the MODA announcement
- And then NSEC
8Process
- NSEC walking is a (perceived) barrier to
deployment - The WG cannot force DNSSEC-bis to be deployed and
may speed deployment if a solution is found - Therefore we have to seriously consider this
- We have to know what the requirements are before
we can actually start to engineer
9Process 2
- We can assess the current proposals on how they
interact with DNS(SEC) protocol - We cannot at this moment not assess if they solve
the problem - There may be other solutions to the problem
- think white lies schemes
- different complexity/security properties
10Process 3
- Seriously discuss the requirement to gain
understanding and assess completeness - Discuss the two proposals
- Interaction with the protocol
- No measure against the requirements during this
meeting. - As always, the room does not decide, the list does
11Process 4A Warning
SEVEREOlafur may explode
HIGHirreversible physicaldamage may occur
ELEVATED elevated egos may burst
GUARDED general insults maybe exchanged
LOW low risk of protocoldeveloping
12(No Transcript)
13This is theDNSEXT Working Group(where the
microphones are at Scandic heights)
- San Diego IETF60
- jabberdnsext_at_ietf.xmpp.org
14Thursday Meeting
- Other DNSEXT work.
- Classic Scribe (Peter Koch)
- Jabber Scribe
15Agenda
- Schlyter Report on RFC 3597 interoperability
testing.http//www.rfc.se/interop3597 - Eastlake draft-eastlake-tsig-sha-03.txt
- Eastlake draft-ietf-dnsext-ecc-key-04.txt
- Austein draft-austein-dnsext-nsid-01.txt (10m)
(Related to draft-ietf-dnsop-serverid-02 ) - More WG Administrivia
- Document Status
- Charter Review
- Open mike
- Roy Arends on Finger Printing
16WG Administrivia
17WG Active docs
- draft-ietf-dnsext-wcard-clarify-03
- Version 4 did not make the cut-off but is ready
to be submitted. - draft-ietf-dnsext-tkey-renewal-mode-04
- After WG last call a problem was discovered,
protocol made unrealistic assumptions - This has been fixed in 04, a new WGLC will be
done
18WG Final stages
- draft-ietf-dnsext-mdns-33
- 33 I-D nits are not satisfied
1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.
6.7.8.9.0.1.2.ip6.arpa
- is more than 72 characters.
- draft-ietf-dnsext-insensitive-04
- Waiting for write-up
19WG stalled
- draft-ietf-dnsext-rfc2536bis-dsa-4
- stalled
- draft-ietf-dnsext-rfc2539bis-dhk-4
- stalled
- draft-ietf-dnsext-ecc-key-4
- stalled
- All waiting for 2535bis. Can be thawed
20Docs _at_ IESG
- Publication Requested
- draft-ietf-dnsext-dnssec-intro-11
- draft-ietf-dnsext-dnssec-protocol-07
- draft-ietf-dnsext-dnssec-records-09
21More Docs _at_ IESG
- RFC Ed Queue
- draft-ietf-dnsext-dns-threats-07
- draft-ietf-dnsext-nsec-rdata-06
- AD is watching
- draft-ietf-dnsext-dnssec-opt-in-05
- We focused on getting DNSSECbis done
- draft-ietf-dnsext-axfr-clarify-05
- Waiting for AD write up
- draft-dnsext-opcode-discover-03
22Still more docs at IESG
- Revised ID Needed
- draft-ietf-dnsext-dhcid-rr-07
- Waiting for DHC WG output.
23RFC since last time we met
- draft-ietf-dnsext-gss-tsig-07.txt (RFC3645)
- draft-ietf-dnsext-ad-is-secure-07.txt (RFC3655)
- draft-ietf-dnsext-delegation-signer-16.txt
(RFC3658) - draft-ietf-dnsext-dnssec-2535typecode-change-07.tx
t (RFC3755) - draft-ietf-dnsext-keyrr-key-signing-flag-13.txt
(RFC3757)
24New work items
- Does this group mind if we worked on DNSSEC key
management? - Would need charter changes
- DNSOP relations and security folk input
25More new work items
- We propose to work on Zone Enumeration
- Would need charter changes (task description)
- Requirements as first result
- After that we decide on approach
26The Plan
- Slow but steady progress on getting documents
from proposed to draft standard - Clean up the left-overs
- Have the list of docs hanging at the IESG and
expired docs reduced to NULL by next IETF - Closely track protocol needs for DNSSEC deployment