This is theDNSEXT Working Group

(where the microphones are at Scandic hights)

San Diego IETF60

jabber:dnsext@ietf.xmpp.org

IETF 60 DNSEXT WG

Agenda DNSEXTAdministrivia 5 min

appointing scribesClassic David Blackajabber: George Michaelson (dnsext@ietf.xmpp.org)

blue sheetagenda bashing

Monday Aug 2, 09:00-11:30 1st slotDNSSEC sessionThursday Aug 5, 9:00-10:15(!?) Other DNSEXT extension work.

IETF 60 DNSEXT WG

Monday agendaAnnouncements:

Reid: DNS-MODA announcement (approx 3 min, no discussion)

DNSSEC Deployment issues

Report on implementation

Key management topics (approx 60 minutes)StJohns: draft-stjohns-dnssec-trustupdate-01

Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)

IETF 60 DNSEXT WG

Monday agenda continuedRequirements for future work on Denial of Existence (approx 60 minutes)

Loomis/Laurie: Requirements overview Possible transitions

Koch: draft-ietf-dnsext-dnssec-trans-00.txt

Possible approachesArends: DNSNR draft-arends-dnsnr-00.txtLaurie: NSEC2 http://www.links.org/dnssec/draft-laurie-dnsext-nsec2-01.txtWeiler: comparing the above

Wrapup (approx 10 minutes)

IETF 60 DNSEXT WG

Thursday AgendaOther DNSEXT work. Schlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597Eastlake: draft-eastlake-tsig-sha-03.txt (10m)Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 )More WG Administrivia

Document StatusCharter Review

Open mike

IETF 60 DNSEXT WG

And now for something completely differentReport on implementation

Key management topics (approx 60 minutes)

StJohns: draft-stjohns-dnssec-trustupdate-01

Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)

IETF 60 DNSEXT WG

Continuing the agendaIntermezzo: Vixie: DLV

More discussion of key-managment

We forgot the MODA announcement

And then NSEC++

IETF 60 DNSEXT WG

ProcessNSEC walking is a (perceived) barrier to deployment

The WG cannot force DNSSEC-bis to be deployed and may speed deployment if a solution is found

Therefore we have to seriously consider this

We have to know what the requirements are before we can actually start to engineer

IETF 60 DNSEXT WG

Process 2We can assess the current proposals on how they interact with DNS(SEC) protocol

We cannot at this moment not assess if they solve the problem

There may be other solutions to the problem

think white lies schemesdifferent complexity/security properties

IETF 60 DNSEXT WG

Process 3Seriously discuss the requirement; to gain understanding and assess completeness

Discuss the two proposalsInteraction with the protocol

No measure against the requirements during this meeting.

As always, the room does not decide, the list does

IETF 60 DNSEXT WG

Process 4A Warning

dnsext contentious status

SEVEREOlafur may explode

SEVEREOlafur may explode

HIGHirreversible physicaldamage may occur

HIGHirreversible physicaldamage may occur

ELEVATEDelevated egos may burst

ELEVATEDelevated egos may burst

GUARDEDgeneral insults may

be exchanged

GUARDEDgeneral insults may

be exchanged

LOWlow risk of protocol

developing

LOWlow risk of protocol

developing

IETF 60 DNSEXT WG

This is theDNSEXT Working Group

(where the microphones are at Scandic heights)

San Diego IETF60

jabber:dnsext@ietf.xmpp.org

IETF 60 DNSEXT WG

Thursday MeetingOther DNSEXT work.

Classic Scribe (Peter Koch)

Jabber Scribe

IETF 60 DNSEXT WG

AgendaSchlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597Eastlake: draft-eastlake-tsig-sha-03.txt Eastlake: draft-ietf-dnsext-ecc-key-04.txt

Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 )More WG Administrivia

Document StatusCharter Review

Open mikeRoy Arends on Finger Printing

IETF 60 DNSEXT WG

WG Administrivia

IETF 60 DNSEXT WG

WG Active docsdraft-ietf-dnsext-wcard-clarify-03

Version 4 did not make the cut-off but is ready to be submitted.

draft-ietf-dnsext-tkey-renewal-mode-04After WG last call a problem was discovered, protocol made unrealistic assumptionsThis has been fixed in 04, a new WGLC will be done

IETF 60 DNSEXT WG

WG Final stagesdraft-ietf-dnsext-mdns-33

33: I-D nits are not satisfied

1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.ip6.arpa

is more than 72 characters.

draft-ietf-dnsext-insensitive-04Waiting for write-up

IETF 60 DNSEXT WG

WG stalleddraft-ietf-dnsext-rfc2536bis-dsa-4

stalled

draft-ietf-dnsext-rfc2539bis-dhk-4stalled

draft-ietf-dnsext-ecc-key-4stalled

All waiting for 2535bis. Can be thawed

IETF 60 DNSEXT WG

Docs @ IESGPublication Requested

draft-ietf-dnsext-dnssec-intro-11

draft-ietf-dnsext-dnssec-protocol-07

draft-ietf-dnsext-dnssec-records-09

IETF 60 DNSEXT WG

More Docs @ IESGRFC Ed Queue

draft-ietf-dnsext-dns-threats-07draft-ietf-dnsext-nsec-rdata-06

AD is watchingdraft-ietf-dnsext-dnssec-opt-in-05

We focused on getting DNSSECbis done

draft-ietf-dnsext-axfr-clarify-05Waiting for AD write up

draft-dnsext-opcode-discover-03

IETF 60 DNSEXT WG

Still more docs at IESGRevised ID Needed

draft-ietf-dnsext-dhcid-rr-07Waiting for DHC WG output.

IETF 60 DNSEXT WG

RFC since last time we metdraft-ietf-dnsext-gss-tsig-07.txt (RFC3645)

draft-ietf-dnsext-ad-is-secure-07.txt (RFC3655)

draft-ietf-dnsext-delegation-signer-16.txt (RFC3658)

draft-ietf-dnsext-dnssec-2535typecode-change-07.txt (RFC3755)

draft-ietf-dnsext-keyrr-key-signing-flag-13.txt (RFC3757)

IETF 60 DNSEXT WG

New work itemsDoes this group mind if we worked on DNSSEC key management?

Would need charter changes

DNSOP relations and security folk input

IETF 60 DNSEXT WG

More new work itemsWe propose to work on “Zone Enumeration”

Would need charter changes (task description)

Requirements as first resultAfter that we decide on approach

IETF 60 DNSEXT WG

The PlanSlow but steady progress on getting documents from proposed to draft standardClean up the “left-overs”

Have the list of docs hanging at the IESG and expired docs reduced to NULL by next IETF

Closely track protocol needs for DNSSEC deployment