Fw: DNSOP Minutes

[Lars-Johan Liman <liman@autonomica.se>]

Minutes from the London meeting. Should have been on your desk long
ago, apologies. This is in no way Ray's fault.

Pls. comment ASAP.

				Cheers,
				  /Liman

---

To: "Lars-Johan Liman \(E-mail\)" <liman@autonomica.se>
From: "Ray Plzak" <plzak@arin.net>
Date: Wed, 15 Aug 2001 08:32:31 -0400
Delivery-Date: Thu Aug 16 08:50:37 2001
Importance: Normal
Reply-To: <plzak@arin.net>
Subject: DNSOP Minutes

Lars,

Draft minutes are below.  Sorry for the delay.

Ray

*************************************************


DNSOP Working Group
IETF 51
London
7 August 2001

Prepared by Ray Plzak


 1. Open meeting, welcome, and agenda bashing.

Russ Mundy requested time to provide a report on DNSSEC during agenda item
3.  There were no objections.

 2. Scribe and blue sheet.

Blue sheet passed around for attendance.  Ray Plzak to act as scribe.

 3. Reports from projects and workshops.\hfil\break
      .nl.nl. (Olaf Kolkman, Miek Gieben)\hfil\break
      NIST (Scott Rose)

a.  Olaf presented his report.  On July 7 they conducted a 1 day workshop.
DNSSEC tasks such as key signing, zone delagation, key rollover were
covered.  Main conclusion - TSIG works, dnssec is difficult to
troulbleshoot, and the documentation could be improved.  They operated a
secure registry. Dnssec can be taught in a day.  Delagation from parent to
child is still cumbersome.
www..ripe.net/disi for further information.

b.  Miek presented his report.  Main observation SIG at parent needs work.
DNSEXT needs to do more on this.  www.nlnet.nl for further information.

c.  Scott presented his report.  They conducted a 2 day workshop 26-27 Jun
at NIST w/ TIS Labs.  The workshop was aimed at .GOV administrators.  They
used bind 9.1.3 because sig and tsig problems with 9.1.1  Zone transfers
with tsig are easy to do and teach.  They ran into problems w/ low ttl
values doing zone signing and key rollover.  Will probably not be deployed
in .gov until written policy is developed.  They will probably have another
one in the Sep - Dec 9.2 comes out.

d.  Mark Kosters made a brief comment about the Verisign dnssec project.
www.dnssec.research.netsol.com for more information.

e.  Russ presented his report.  NAI Labs have signed an operational zone
tislab.com  using current specifications for parent-child.  They have also
signed zone in carin.net.  There is no apparent negative impact with the
exception of a response to query from 1 site tripped a human initiated
intrusion alarm.  The site had received more responses than expected.  Russ
said that they are using 9.1.1 for ops.

 4. draft-ietf-dnsop-keyhand-04.txt (Ed Lewis)

Update of this draft will be put on hold as there are so many problems under
fix now that it doesn't make sense to updated the document now

 5. draft-ietf-dnsop-rollover-01.txt (D. Eastlake, M. Andrews)

Put on hold until dnsext efforts in this area produce results.

 6. draft-ietf-dnsop-resolver-01.txt (Olaf Kolkman)

Olaf presented his draft.  There was one question about doing rollover in
band.  As it was quite complicated it was not answered.  The question will
be posed on list and answered there.

 7. draft-ietf-dnsop-inaddr-required-02.txt (Daniel Senie)

Daniel was not present.  There was no presentation.  The chair summarized
the draft.  The chair is looking for strong support to make reverse lookup a
requirement without reference to security.  If none is evident on the list
then the draft will be discarded.

 8. draft-esibov-dnsop-suppress-queries-00.txt (Levon Esibov, Stuart Kwan)

No one present.  There was no presentation.  The chair summarized the draft.
It is the opinion of the chair that this draft needs to be modified.

 9. draft-crocker-unique-assign-01.txt (Dave Crocker)

Before Dave presented his draft the AD stated draft needs to go IAB/IESG as
it does not belong in the WG.  Chair removed discussion from agenda but
encouraged the wg to stay after the meeting to listen to Dave present his
draft

10.  Ohta drafts (added item by the chair.  not on original agenda because
of oversight by the chair.)

Comments on test draft.  The test is  being conducted on the modified
specification draft.

Randy Bush stated that testing is still going on but it needs to be scaled
up to see how it scales.  More participants are needed.

Ted Hardie stated that the specification draft raises possibility of
hijacking attack.  He requested that this be added to the test in order to
see the operational performance characteristics.  The magma wg could be
adding some security in this area.

The working group agreed to move the specification draft forward as
experimental.

11. Review of charter and discussion of the status of the working
    group. (Liman)

a.  Performance and measuring draft.  Remove and reinstate when ready.

b.  Key handling postponed until dnsext work is stablized.

c.  Chair will send milestones to list for comment


11. AOB

None.

12. Closing

Meeting adjourned.

---