Upload
gwendolyn-hoffman
View
39
Download
0
Embed Size (px)
DESCRIPTION
This is the DNSEXT Working Group (where the microphones are at Scandic hights). San Diego IETF60 jabber:[email protected]. Agenda DNSEXT. Administrivia5 min appointing scribes Classic David Blacka jabber: George Michaelson ( [email protected] ) blue sheet agenda bashing - PowerPoint PPT Presentation
Citation preview
This is theDNSEXT Working Group
(where the microphones are at Scandic hights)
San Diego IETF60jabber:[email protected]
IETF 60 DNSEXT WG
Agenda DNSEXTAdministrivia 5 min
appointing scribesClassic David Blackajabber: George Michaelson ([email protected])
blue sheetagenda bashing
Monday Aug 2, 09:00-11:30 1st slotDNSSEC sessionThursday Aug 5, 9:00-10:15(!?) Other DNSEXT extension work.
IETF 60 DNSEXT WG
Monday agendaAnnouncements:
Reid: DNS-MODA announcement (approx 3 min, no discussion)
DNSSEC Deployment issuesReport on implementation Key management topics (approx 60 minutes)
StJohns: draft-stjohns-dnssec-trustupdate-01Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)
IETF 60 DNSEXT WG
Monday agenda continuedRequirements for future work on Denial of Existence (approx 60 minutes)
Loomis/Laurie: Requirements overview Possible transitions
Koch: draft-ietf-dnsext-dnssec-trans-00.txtPossible approaches
Arends: DNSNR draft-arends-dnsnr-00.txtLaurie: NSEC2 http://www.links.org/dnssec/draft-laurie-dnsext-nsec2-01.txtWeiler: comparing the above
Wrapup (approx 10 minutes)
IETF 60 DNSEXT WG
Thursday AgendaOther DNSEXT work. Schlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597Eastlake: draft-eastlake-tsig-sha-03.txt (10m)Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 )More WG Administrivia
Document StatusCharter Review
Open mike
IETF 60 DNSEXT WG
And now for something completely differentReport on implementation Key management topics (approx 60 minutes)
StJohns: draft-stjohns-dnssec-trustupdate-01Ihren: DNSSEC in-band key rollover(draft-kolkman-dnsext-dnssec-in-band-rollover-00)
IETF 60 DNSEXT WG
Continuing the agendaIntermezzo: Vixie: DLVMore discussion of key-managment
We forgot the MODA announcement
And then NSEC++
IETF 60 DNSEXT WG
ProcessNSEC walking is a (perceived) barrier to deploymentThe WG cannot force DNSSEC-bis to be deployed and may speed deployment if a solution is foundTherefore we have to seriously consider thisWe have to know what the requirements are before we can actually start to engineer
IETF 60 DNSEXT WG
Process 2We can assess the current proposals on how they interact with DNS(SEC) protocol
We cannot at this moment not assess if they solve the problem
There may be other solutions to the problem
think white lies schemesdifferent complexity/security properties
IETF 60 DNSEXT WG
Process 3Seriously discuss the requirement; to gain understanding and assess completenessDiscuss the two proposals
Interaction with the protocolNo measure against the requirements during this meeting.
As always, the room does not decide, the list does
IETF 60 DNSEXT WG
Process 4A Warning
dnsext contentious status
SEVEREOlafur may explode
HIGHirreversible physicaldamage may occur
ELEVATEDelevated egos may burst
GUARDEDgeneral insults may
be exchanged
LOWlow risk of protocol
developing
IETF 60 DNSEXT WG
This is theDNSEXT Working Group
(where the microphones are at Scandic heights)
San Diego IETF60jabber:[email protected]
IETF 60 DNSEXT WG
Thursday MeetingOther DNSEXT work.Classic Scribe (Peter Koch)Jabber Scribe
IETF 60 DNSEXT WG
AgendaSchlyter: Report on RFC 3597 interoperability testing.http://www.rfc.se/interop3597Eastlake: draft-eastlake-tsig-sha-03.txt Eastlake: draft-ietf-dnsext-ecc-key-04.txt
Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 )More WG Administrivia
Document StatusCharter Review
Open mikeRoy Arends on Finger Printing
IETF 60 DNSEXT WG
WG Administrivia
IETF 60 DNSEXT WG
WG Active docsdraft-ietf-dnsext-wcard-clarify-03
Version 4 did not make the cut-off but is ready to be submitted.
draft-ietf-dnsext-tkey-renewal-mode-04After WG last call a problem was discovered, protocol made unrealistic assumptionsThis has been fixed in 04, a new WGLC will be done
IETF 60 DNSEXT WG
WG Final stagesdraft-ietf-dnsext-mdns-33
33: I-D nits are not satisfied
1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.ip6.arpa
is more than 72 characters.
draft-ietf-dnsext-insensitive-04Waiting for write-up
IETF 60 DNSEXT WG
WG stalleddraft-ietf-dnsext-rfc2536bis-dsa-4
stalled
draft-ietf-dnsext-rfc2539bis-dhk-4stalled
draft-ietf-dnsext-ecc-key-4stalled
All waiting for 2535bis. Can be thawed
IETF 60 DNSEXT WG
Docs @ IESGPublication Requested
draft-ietf-dnsext-dnssec-intro-11draft-ietf-dnsext-dnssec-protocol-07draft-ietf-dnsext-dnssec-records-09
IETF 60 DNSEXT WG
More Docs @ IESGRFC Ed Queue
draft-ietf-dnsext-dns-threats-07draft-ietf-dnsext-nsec-rdata-06
AD is watchingdraft-ietf-dnsext-dnssec-opt-in-05
We focused on getting DNSSECbis donedraft-ietf-dnsext-axfr-clarify-05
Waiting for AD write updraft-dnsext-opcode-discover-03
IETF 60 DNSEXT WG
Still more docs at IESGRevised ID Needed
draft-ietf-dnsext-dhcid-rr-07Waiting for DHC WG output.
IETF 60 DNSEXT WG
RFC since last time we metdraft-ietf-dnsext-gss-tsig-07.txt (RFC3645)draft-ietf-dnsext-ad-is-secure-07.txt (RFC3655)draft-ietf-dnsext-delegation-signer-16.txt (RFC3658)draft-ietf-dnsext-dnssec-2535typecode-change-07.txt (RFC3755)draft-ietf-dnsext-keyrr-key-signing-flag-13.txt (RFC3757)
IETF 60 DNSEXT WG
New work itemsDoes this group mind if we worked on DNSSEC key management?
Would need charter changesDNSOP relations and security folk input
IETF 60 DNSEXT WG
More new work itemsWe propose to work on “Zone Enumeration”
Would need charter changes (task description)Requirements as first result
After that we decide on approach
IETF 60 DNSEXT WG
The PlanSlow but steady progress on getting documents from proposed to draft standardClean up the “left-overs”
Have the list of docs hanging at the IESG and expired docs reduced to NULL by next IETF
Closely track protocol needs for DNSSEC deployment