This is the DNSEXT Working Group (where the microphones are at Scandic hights) San Diego IETF60...
-
Upload
nickolas-lang -
Category
Documents
-
view
212 -
download
0
Transcript of This is the DNSEXT Working Group (where the microphones are at Scandic hights) San Diego IETF60...
This is theDNSEXT Working Group
(where the microphones are at Scandic hights)
San Diego IETF60
jabber:[email protected]
IETF 60 DNSEXT WG
Agenda DNSEXTAdministrivia 5 min
appointing scribesClassic David Blackajabber: George Michaelson ([email protected])
blue sheetagenda bashing
Monday Aug 2, 09:00-11:30 1st slotDNSSEC sessionThursday Aug 5, 9:00-10:15(!?) Other DNSEXT extension work.
IETF 60 DNSEXT WG
Monday agendaAnnouncements:
Reid: DNS-MODA announcement (approx 3 min, no discussion)
DNSSEC Deployment issues
Report on implementation
Key management topics (approx 60 minutes)StJohns: draft-stjohns-dnssec-trustupdate-01
Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)
IETF 60 DNSEXT WG
Monday agenda continuedRequirements for future work on Denial of Existence (approx 60 minutes)
Loomis/Laurie: Requirements overview Possible transitions
Koch: draft-ietf-dnsext-dnssec-trans-00.txt
Possible approachesArends: DNSNR draft-arends-dnsnr-00.txtLaurie: NSEC2 http://www.links.org/dnssec/draft-laurie-dnsext-nsec2-01.txtWeiler: comparing the above
Wrapup (approx 10 minutes)
IETF 60 DNSEXT WG
Thursday AgendaOther DNSEXT work. Schlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597Eastlake: draft-eastlake-tsig-sha-03.txt (10m)Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 )More WG Administrivia
Document StatusCharter Review
Open mike
IETF 60 DNSEXT WG
And now for something completely differentReport on implementation
Key management topics (approx 60 minutes)
StJohns: draft-stjohns-dnssec-trustupdate-01
Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)
IETF 60 DNSEXT WG
Continuing the agendaIntermezzo: Vixie: DLV
More discussion of key-managment
We forgot the MODA announcement
And then NSEC++
IETF 60 DNSEXT WG
ProcessNSEC walking is a (perceived) barrier to deployment
The WG cannot force DNSSEC-bis to be deployed and may speed deployment if a solution is found
Therefore we have to seriously consider this
We have to know what the requirements are before we can actually start to engineer
IETF 60 DNSEXT WG
Process 2We can assess the current proposals on how they interact with DNS(SEC) protocol
We cannot at this moment not assess if they solve the problem
There may be other solutions to the problem
think white lies schemesdifferent complexity/security properties
IETF 60 DNSEXT WG
Process 3Seriously discuss the requirement; to gain understanding and assess completeness
Discuss the two proposalsInteraction with the protocol
No measure against the requirements during this meeting.
As always, the room does not decide, the list does
IETF 60 DNSEXT WG
Process 4A Warning
dnsext contentious status
SEVEREOlafur may explode
SEVEREOlafur may explode
HIGHirreversible physicaldamage may occur
HIGHirreversible physicaldamage may occur
ELEVATEDelevated egos may burst
ELEVATEDelevated egos may burst
GUARDEDgeneral insults may
be exchanged
GUARDEDgeneral insults may
be exchanged
LOWlow risk of protocol
developing
LOWlow risk of protocol
developing
IETF 60 DNSEXT WG
This is theDNSEXT Working Group
(where the microphones are at Scandic heights)
San Diego IETF60
jabber:[email protected]
IETF 60 DNSEXT WG
Thursday MeetingOther DNSEXT work.
Classic Scribe (Peter Koch)
Jabber Scribe
IETF 60 DNSEXT WG
AgendaSchlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597Eastlake: draft-eastlake-tsig-sha-03.txt Eastlake: draft-ietf-dnsext-ecc-key-04.txt
Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 )More WG Administrivia
Document StatusCharter Review
Open mikeRoy Arends on Finger Printing
IETF 60 DNSEXT WG
WG Administrivia
IETF 60 DNSEXT WG
WG Active docsdraft-ietf-dnsext-wcard-clarify-03
Version 4 did not make the cut-off but is ready to be submitted.
draft-ietf-dnsext-tkey-renewal-mode-04After WG last call a problem was discovered, protocol made unrealistic assumptionsThis has been fixed in 04, a new WGLC will be done
IETF 60 DNSEXT WG
WG Final stagesdraft-ietf-dnsext-mdns-33
33: I-D nits are not satisfied
1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.ip6.arpa
is more than 72 characters.
draft-ietf-dnsext-insensitive-04Waiting for write-up
IETF 60 DNSEXT WG
WG stalleddraft-ietf-dnsext-rfc2536bis-dsa-4
stalled
draft-ietf-dnsext-rfc2539bis-dhk-4stalled
draft-ietf-dnsext-ecc-key-4stalled
All waiting for 2535bis. Can be thawed
IETF 60 DNSEXT WG
Docs @ IESGPublication Requested
draft-ietf-dnsext-dnssec-intro-11
draft-ietf-dnsext-dnssec-protocol-07
draft-ietf-dnsext-dnssec-records-09
IETF 60 DNSEXT WG
More Docs @ IESGRFC Ed Queue
draft-ietf-dnsext-dns-threats-07draft-ietf-dnsext-nsec-rdata-06
AD is watchingdraft-ietf-dnsext-dnssec-opt-in-05
We focused on getting DNSSECbis done
draft-ietf-dnsext-axfr-clarify-05Waiting for AD write up
draft-dnsext-opcode-discover-03
IETF 60 DNSEXT WG
Still more docs at IESGRevised ID Needed
draft-ietf-dnsext-dhcid-rr-07Waiting for DHC WG output.
IETF 60 DNSEXT WG
RFC since last time we metdraft-ietf-dnsext-gss-tsig-07.txt (RFC3645)
draft-ietf-dnsext-ad-is-secure-07.txt (RFC3655)
draft-ietf-dnsext-delegation-signer-16.txt (RFC3658)
draft-ietf-dnsext-dnssec-2535typecode-change-07.txt (RFC3755)
draft-ietf-dnsext-keyrr-key-signing-flag-13.txt (RFC3757)
IETF 60 DNSEXT WG
New work itemsDoes this group mind if we worked on DNSSEC key management?
Would need charter changes
DNSOP relations and security folk input
IETF 60 DNSEXT WG
More new work itemsWe propose to work on “Zone Enumeration”
Would need charter changes (task description)
Requirements as first resultAfter that we decide on approach
IETF 60 DNSEXT WG
The PlanSlow but steady progress on getting documents from proposed to draft standardClean up the “left-overs”
Have the list of docs hanging at the IESG and expired docs reduced to NULL by next IETF
Closely track protocol needs for DNSSEC deployment