To:
dnsop@cafax.se
From:
Lars-Johan Liman <liman@autonomica.se>
Date:
Mon, 03 Sep 2001 16:08:17 +0200 (MEST)
Sender:
owner-dnsop@cafax.se
Subject:
Fw: DNSOP Minutes
Minutes from the London meeting. Should have been on your desk long ago, apologies. This is in no way Ray's fault. Pls. comment ASAP. Cheers, /Liman
To: "Lars-Johan Liman \(E-mail\)" <liman@autonomica.se>
From: "Ray Plzak" <plzak@arin.net>
Date: Wed, 15 Aug 2001 08:32:31 -0400
Delivery-Date: Thu Aug 16 08:50:37 2001
Importance: Normal
Reply-To: <plzak@arin.net>
Subject: DNSOP MinutesLars, Draft minutes are below. Sorry for the delay. Ray ************************************************* DNSOP Working Group IETF 51 London 7 August 2001 Prepared by Ray Plzak 1. Open meeting, welcome, and agenda bashing. Russ Mundy requested time to provide a report on DNSSEC during agenda item 3. There were no objections. 2. Scribe and blue sheet. Blue sheet passed around for attendance. Ray Plzak to act as scribe. 3. Reports from projects and workshops.\hfil\break .nl.nl. (Olaf Kolkman, Miek Gieben)\hfil\break NIST (Scott Rose) a. Olaf presented his report. On July 7 they conducted a 1 day workshop. DNSSEC tasks such as key signing, zone delagation, key rollover were covered. Main conclusion - TSIG works, dnssec is difficult to troulbleshoot, and the documentation could be improved. They operated a secure registry. Dnssec can be taught in a day. Delagation from parent to child is still cumbersome. www..ripe.net/disi for further information. b. Miek presented his report. Main observation SIG at parent needs work. DNSEXT needs to do more on this. www.nlnet.nl for further information. c. Scott presented his report. They conducted a 2 day workshop 26-27 Jun at NIST w/ TIS Labs. The workshop was aimed at .GOV administrators. They used bind 9.1.3 because sig and tsig problems with 9.1.1 Zone transfers with tsig are easy to do and teach. They ran into problems w/ low ttl values doing zone signing and key rollover. Will probably not be deployed in .gov until written policy is developed. They will probably have another one in the Sep - Dec 9.2 comes out. d. Mark Kosters made a brief comment about the Verisign dnssec project. www.dnssec.research.netsol.com for more information. e. Russ presented his report. NAI Labs have signed an operational zone tislab.com using current specifications for parent-child. They have also signed zone in carin.net. There is no apparent negative impact with the exception of a response to query from 1 site tripped a human initiated intrusion alarm. The site had received more responses than expected. Russ said that they are using 9.1.1 for ops. 4. draft-ietf-dnsop-keyhand-04.txt (Ed Lewis) Update of this draft will be put on hold as there are so many problems under fix now that it doesn't make sense to updated the document now 5. draft-ietf-dnsop-rollover-01.txt (D. Eastlake, M. Andrews) Put on hold until dnsext efforts in this area produce results. 6. draft-ietf-dnsop-resolver-01.txt (Olaf Kolkman) Olaf presented his draft. There was one question about doing rollover in band. As it was quite complicated it was not answered. The question will be posed on list and answered there. 7. draft-ietf-dnsop-inaddr-required-02.txt (Daniel Senie) Daniel was not present. There was no presentation. The chair summarized the draft. The chair is looking for strong support to make reverse lookup a requirement without reference to security. If none is evident on the list then the draft will be discarded. 8. draft-esibov-dnsop-suppress-queries-00.txt (Levon Esibov, Stuart Kwan) No one present. There was no presentation. The chair summarized the draft. It is the opinion of the chair that this draft needs to be modified. 9. draft-crocker-unique-assign-01.txt (Dave Crocker) Before Dave presented his draft the AD stated draft needs to go IAB/IESG as it does not belong in the WG. Chair removed discussion from agenda but encouraged the wg to stay after the meeting to listen to Dave present his draft 10. Ohta drafts (added item by the chair. not on original agenda because of oversight by the chair.) Comments on test draft. The test is being conducted on the modified specification draft. Randy Bush stated that testing is still going on but it needs to be scaled up to see how it scales. More participants are needed. Ted Hardie stated that the specification draft raises possibility of hijacking attack. He requested that this be added to the test in order to see the operational performance characteristics. The magma wg could be adding some security in this area. The working group agreed to move the specification draft forward as experimental. 11. Review of charter and discussion of the status of the working group. (Liman) a. Performance and measuring draft. Remove and reinstate when ready. b. Key handling postponed until dnsext work is stablized. c. Chair will send milestones to list for comment 11. AOB None. 12. Closing Meeting adjourned.