[{"author": "David Lawrence", "text": "

Hey, so ... where is your datatracker picture set for Meetecho use?

", "time": "2024-03-18T05:33:32Z"}, {"author": "David Lawrence", "text": "

Oh ... huh. It came from Gravatar? I was unaware I even had a Gravatar.

", "time": "2024-03-18T05:34:03Z"}, {"author": "Jim Reid", "text": "

I think it's in your datatracker profile

", "time": "2024-03-18T05:34:03Z"}, {"author": "David Lawrence", "text": "

Yeah I was there but couldn't find it anywhere.

", "time": "2024-03-18T05:34:16Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "

Is it mandatory to have a cute picture?

", "time": "2024-03-18T05:34:25Z"}, {"author": "Lorenzo Miniero", "text": "

If we don't find a picture set in the datatracker gravatar is where we look, yes

", "time": "2024-03-18T05:34:28Z"}, {"author": "Robert Carolina", "text": "

St\u00e9phane Bortzmeyer said:

\n
\n

Is it mandatory to have a cute picture?

\n
\n

It doesn't hurt

", "time": "2024-03-18T05:36:29Z"}, {"author": "Chris Box", "text": "

Just amplifying what Tim said a couple of minutes ago: Ray will be presenting Multiple QTYPEs as the first item in the joint DNSSD/SNAC session tomorrow. So if you're interested, it's Tuesday 13:05 (ish) in P1.

", "time": "2024-03-18T05:39:07Z"}, {"author": "Suzanne Woolf", "text": "

Thx Chris

", "time": "2024-03-18T05:49:29Z"}, {"author": "Tim Wicinski", "text": "

A Stephane Sighting !

", "time": "2024-03-18T05:51:03Z"}, {"author": "Shane Kerr", "text": "

Are there slides online for this?

", "time": "2024-03-18T05:59:42Z"}, {"author": "Shane Kerr", "text": "

(This being the generalized notification draft update presentation.)

", "time": "2024-03-18T06:00:28Z"}, {"author": "Duane Wessels", "text": "

https://datatracker.ietf.org/meeting/119/materials/slides-119-dnsop-generalized-dns-notifications-00

", "time": "2024-03-18T06:00:37Z"}, {"author": "Shane Kerr", "text": "

Thanks Duane!

", "time": "2024-03-18T06:00:44Z"}, {"author": "Shane Kerr", "text": "

I would expect a different subsystem for this.

", "time": "2024-03-18T06:10:08Z"}, {"author": "Shane Kerr", "text": "

Yes, what Peter says. :-D

", "time": "2024-03-18T06:10:52Z"}, {"author": "Suzanne Woolf", "text": "

Shane-- if you go to the agenda page https://datatracker.ietf.org/meeting/119/agenda, there's a line for the DNSOP session. Click on the leftmost symbol in the row of symbols at the end. You'll see a popup for \"materials\", including links to all the slide decks.

", "time": "2024-03-18T06:11:15Z"}, {"author": "John Levine", "text": "

auth servers or their proxies have to send NOTIFY now when they get a new version of the zone. Doesn't seem new.

", "time": "2024-03-18T06:11:52Z"}, {"author": "Yoshitaka Aharen", "text": "

adjusting new gTLD registry agreement may be needed for wide deployment because it restricts what records can be put on the TLD zones.

", "time": "2024-03-18T06:13:28Z"}, {"author": "Jim Reid", "text": "

DSYNC tells the parent there's a new KSK . NOTIFY doesnt.

", "time": "2024-03-18T06:14:29Z"}, {"author": "John Levine", "text": "

@Yoshitaka Aharen yes, we know that would be an issue. It could also mean making the zone files much larger if the updates go to the registrars

", "time": "2024-03-18T06:14:37Z"}, {"author": "Peter Thomassen", "text": "

John Levine said:

\n
\n

Yoshitaka Aharen yes, we know that would be an issue. It could also mean making the zone files much larger if the updates go to the registrars

\n
\n

unless synthesized

", "time": "2024-03-18T06:15:11Z"}, {"author": "Shumon Huque", "text": "

\"The Circle\" - this term needs a definition :)

", "time": "2024-03-18T06:16:01Z"}, {"author": "Peter Thomassen", "text": "

(note that synthesizing DSYNC doesn't mean synthesizing all of the parent. The _dsync.parent zone can be its own zone that runs with online signing.)

", "time": "2024-03-18T06:16:44Z"}, {"author": "John Levine", "text": "

@Peter Thomassen hey, I said \"could\"

", "time": "2024-03-18T06:17:59Z"}, {"author": "John Levine", "text": "

the hard part would be the ICANN process, not the software

", "time": "2024-03-18T06:18:19Z"}, {"author": "Warren Kumari", "text": "

Otherwise we'll once again get a tiny room....

", "time": "2024-03-18T06:19:19Z"}, {"author": "Warren Kumari", "text": "

:-P

", "time": "2024-03-18T06:19:23Z"}, {"author": "Duane Wessels", "text": "

\"storing the trust anchor contents in the DNS\" -- isn't that RFC5011?

", "time": "2024-03-18T06:28:11Z"}, {"author": "George Michaelson", "text": "

I apologize for not raising my hand here first

", "time": "2024-03-18T06:29:53Z"}, {"author": "Ralf Weber", "text": "

This has the key 2 years before it is used or appears. In 5011 the new key only will be introduced a couple of weeks before the rollover

", "time": "2024-03-18T06:30:17Z"}, {"author": "Eliot Lear", "text": "

Congratulations Olafur :palms_up_together:

", "time": "2024-03-18T06:32:14Z"}, {"author": "Duane Wessels", "text": "

Per IANA's \"Proposal for Future Root Zone KSK Rollovers\" the new key will be published in the DNS RFC5011-style for 1.75 years
\n before the new KSK is used for signing.

", "time": "2024-03-18T06:33:47Z"}, {"author": "Suzanne Woolf", "text": "

@George -- no worries, it's just easier for the chairs and the speakers.

", "time": "2024-03-18T06:33:57Z"}, {"author": "Ralf Weber", "text": "

Looks like I missed that, so thanks for pointing that out Duane. This then means we will see three root keys for 1.75 years? I don't think it would be a problem for the root, but I don't think its a good advise for zones down the tree.

", "time": "2024-03-18T06:38:19Z"}, {"author": "Duane Wessels", "text": "

Right. There would bet 2 KSK and 1 ZSK most of the time, but also 2 ZSK on the quarter boundaries for ZSK rollovers.

", "time": "2024-03-18T06:41:15Z"}, {"author": "Eliot Lear", "text": "

The big bet here is that one would not have to roll a key early, right?

", "time": "2024-03-18T06:41:51Z"}, {"author": "Duane Wessels", "text": "

Maybe. If there were a need for an emergency KSK rollover, we would be in a better position to do that if the new KSK had been published for the 30 days necessary for RFC5011 validators to accept it. But an emergency rollover before the 30 days would be tricky.

", "time": "2024-03-18T06:44:40Z"}, {"author": "Geoff Huston", "text": "

What circumstances would motivate an \"early\" roll? Considering that there is a \"chain of trust\" in having the outgoing key sign the incoming key then key compromise is maybe not all that good a reason to roll early.

", "time": "2024-03-18T06:45:29Z"}, {"author": "Jim Reid", "text": "

Predicting 30 days in advance when a KSK will go bad could be awkward too Duane.

", "time": "2024-03-18T06:45:44Z"}, {"author": "Benjamin Schwartz", "text": "

I've heard some implementors saying that they disagree with the philosophy of NS revalidation and do not intend to implement it. I would like to see some real discussion about whether we have consensus for this draft.

", "time": "2024-03-18T06:45:54Z"}, {"author": "Eliot Lear", "text": "

To be clear, I was talking about the 1.75 year timing that Ralf mentioned not applying to lower level zones.

", "time": "2024-03-18T06:46:31Z"}, {"author": "Duane Wessels", "text": "

IANA has a published emergency KSK rollover plan at https://www.iana.org/dnssec/procedures

", "time": "2024-03-18T06:50:38Z"}, {"author": "George Michaelson", "text": "

Ironic that within living memory we've decided to freeze/ossify some parts to say e.g. QDCOUNT is 1

", "time": "2024-03-18T06:57:37Z"}, {"author": "George Michaelson", "text": "

so we only grease some bits of the machine!

", "time": "2024-03-18T06:57:44Z"}, {"author": "George Michaelson", "text": "

I guess \"you don't put grease on the brake blocks, george\"

", "time": "2024-03-18T06:58:46Z"}, {"author": "Jim Reid", "text": "

Some of those bits will need greasing more often than others.

", "time": "2024-03-18T06:58:51Z"}, {"author": "Shane Kerr", "text": "

I look at logs filled with ignored errors every day. I wonder if statistical sampling will actually cause any fixes. :-P

", "time": "2024-03-18T06:59:54Z"}, {"author": "Chris Box", "text": "

QDCOUNT=1 has to recognise that DNS is already ossified (= hard to change due to diverse deployed implementations). Greasing is a worthy aim. I hope it can succeed.

", "time": "2024-03-18T07:00:05Z"}, {"author": "George Michaelson", "text": "

hmm. so @chris you're saying if a middle box already blocks on it, we cant grease because its rusted on, but if its new we should grease it regularly

", "time": "2024-03-18T07:01:04Z"}, {"author": "Chris Box", "text": "

Essentially yes. It was easier for QUIC because they were a new protocol.

", "time": "2024-03-18T07:01:33Z"}, {"author": "Stephen Farrell", "text": "

doing GREASE for DNS is a fine idea

", "time": "2024-03-18T07:02:07Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "

OK but TLS did it too, and it is far from new.

", "time": "2024-03-18T07:02:14Z"}, {"author": "Chris Box", "text": "

TLS1.3 has to pretend to be TLS1.2 on the outside because of ossification.

", "time": "2024-03-18T07:02:39Z"}, {"author": "Suzanne Woolf", "text": "

@Chris-- comments on qdcount draft? Changes to suggest?

", "time": "2024-03-18T07:02:54Z"}, {"author": "Suzanne Woolf", "text": "

Would be great to have them :-)

", "time": "2024-03-18T07:03:07Z"}, {"author": "Chris Box", "text": "

Will send

", "time": "2024-03-18T07:03:15Z"}, {"author": "Suzanne Woolf", "text": "

many thanks.

", "time": "2024-03-18T07:03:53Z"}, {"author": "Shane Kerr", "text": "

TLS 1.3 is incompatible with earlier versions though right? So essentially a new version?

", "time": "2024-03-18T07:03:55Z"}, {"author": "Shane Kerr", "text": "

Oh, now I read Chris's comment. :-D

", "time": "2024-03-18T07:04:41Z"}, {"author": "Eliot Lear", "text": "

Thanks chairs, thanks all!

", "time": "2024-03-18T07:05:32Z"}, {"author": "Tim Wicinski", "text": "

thanks all

", "time": "2024-03-18T07:05:40Z"}]