1 / 26

This is the DNSEXT Working Group (where the microphones are at Scandic hights)

This is the DNSEXT Working Group (where the microphones are at Scandic hights). San Diego IETF60 jabber:dnsext@ietf.xmpp.org. Agenda DNSEXT. Administrivia 5 min appointing scribes Classic David Blacka jabber: George Michaelson ( dnsext@ietf.xmpp.org ) blue sheet agenda bashing

gwendolyn-hoffman
Download Presentation

This is the DNSEXT Working Group (where the microphones are at Scandic hights)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This is theDNSEXT Working Group(where the microphones are at Scandic hights) San Diego IETF60 jabber:dnsext@ietf.xmpp.org

  2. Agenda DNSEXT • Administrivia 5 min • appointing scribes • Classic David Blacka • jabber: George Michaelson (dnsext@ietf.xmpp.org) • blue sheet • agenda bashing • Monday Aug 2, 09:00-11:30 1st slotDNSSEC session • Thursday Aug 5, 9:00-10:15(!?) Other DNSEXT extension work.

  3. Monday agenda • Announcements: • Reid: DNS-MODA announcement (approx 3 min, no discussion) DNSSEC Deployment issues • Report on implementation • Key management topics (approx 60 minutes) • StJohns: draft-stjohns-dnssec-trustupdate-01 • Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)

  4. Monday agenda continued • Requirements for future work on Denial of Existence (approx 60 minutes) • Loomis/Laurie: Requirements overview • Possible transitions • Koch: draft-ietf-dnsext-dnssec-trans-00.txt • Possible approaches • Arends: DNSNR draft-arends-dnsnr-00.txt • Laurie: NSEC2 http://www.links.org/dnssec/draft-laurie-dnsext-nsec2-01.txt • Weiler: comparing the above • Wrapup (approx 10 minutes)

  5. Thursday AgendaOther DNSEXT work. • Schlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597 • Eastlake: draft-eastlake-tsig-sha-03.txt (10m) • Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 ) • More WG Administrivia • Document Status • Charter Review • Open mike

  6. And now for something completely different • Report on implementation • Key management topics (approx 60 minutes) • StJohns: draft-stjohns-dnssec-trustupdate-01 • Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)

  7. Continuing the agenda • Intermezzo: Vixie: DLV • More discussion of key-managment • We forgot the MODA announcement • And then NSEC++

  8. Process • NSEC walking is a (perceived) barrier to deployment • The WG cannot force DNSSEC-bis to be deployed and may speed deployment if a solution is found • Therefore we have to seriously consider this • We have to know what the requirements are before we can actually start to engineer

  9. Process 2 • We can assess the current proposals on how they interact with DNS(SEC) protocol • We cannot at this moment not assess if they solve the problem • There may be other solutions to the problem • think white lies schemes • different complexity/security properties

  10. Process 3 • Seriously discuss the requirement; to gain understanding and assess completeness • Discuss the two proposals • Interaction with the protocol • No measure against the requirements during this meeting. As always, the room does not decide, the list does

  11. dnsext contentious status Process 4A Warning SEVEREOlafur may explode HIGHirreversible physicaldamage may occur ELEVATED elevated egos may burst GUARDED general insults maybe exchanged LOW low risk of protocoldeveloping

  12. This is theDNSEXT Working Group(where the microphones are at Scandic heights) San Diego IETF60 jabber:dnsext@ietf.xmpp.org

  13. Thursday Meeting • Other DNSEXT work. • Classic Scribe (Peter Koch) • Jabber Scribe

  14. Agenda • Schlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597 • Eastlake: draft-eastlake-tsig-sha-03.txt • Eastlake: draft-ietf-dnsext-ecc-key-04.txt • Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 ) • More WG Administrivia • Document Status • Charter Review • Open mike • Roy Arends on Finger Printing

  15. WG Administrivia

  16. WG Active docs • draft-ietf-dnsext-wcard-clarify-03 • Version 4 did not make the cut-off but is ready to be submitted. • draft-ietf-dnsext-tkey-renewal-mode-04 • After WG last call a problem was discovered, protocol made unrealistic assumptions • This has been fixed in 04, a new WGLC will be done

  17. draft-ietf-dnsext-mdns-33 33: I-D nits are not satisfied is more than 72 characters. draft-ietf-dnsext-insensitive-04 Waiting for write-up WG Final stages 1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.ip6.arpa

  18. WG stalled • draft-ietf-dnsext-rfc2536bis-dsa-4 • stalled • draft-ietf-dnsext-rfc2539bis-dhk-4 • stalled • draft-ietf-dnsext-ecc-key-4 • stalled All waiting for 2535bis. Can be thawed

  19. Docs @ IESG Publication Requested • draft-ietf-dnsext-dnssec-intro-11 • draft-ietf-dnsext-dnssec-protocol-07 • draft-ietf-dnsext-dnssec-records-09

  20. More Docs @ IESG RFC Ed Queue • draft-ietf-dnsext-dns-threats-07 • draft-ietf-dnsext-nsec-rdata-06 AD is watching • draft-ietf-dnsext-dnssec-opt-in-05 • We focused on getting DNSSECbis done • draft-ietf-dnsext-axfr-clarify-05 • Waiting for AD write up • draft-dnsext-opcode-discover-03

  21. Still more docs at IESG Revised ID Needed • draft-ietf-dnsext-dhcid-rr-07 • Waiting for DHC WG output.

  22. RFC since last time we met • draft-ietf-dnsext-gss-tsig-07.txt (RFC3645) • draft-ietf-dnsext-ad-is-secure-07.txt (RFC3655) • draft-ietf-dnsext-delegation-signer-16.txt (RFC3658) • draft-ietf-dnsext-dnssec-2535typecode-change-07.txt (RFC3755) • draft-ietf-dnsext-keyrr-key-signing-flag-13.txt (RFC3757)

  23. New work items • Does this group mind if we worked on DNSSEC key management? • Would need charter changes • DNSOP relations and security folk input

  24. More new work items • We propose to work on “Zone Enumeration” • Would need charter changes (task description) • Requirements as first result • After that we decide on approach

  25. The Plan • Slow but steady progress on getting documents from proposed to draft standard • Clean up the “left-overs” • Have the list of docs hanging at the IESG and expired docs reduced to NULL by next IETF • Closely track protocol needs for DNSSEC deployment

More Related