Notetaker: Alan Ford
Dave Plonka: is the positive feedback self-selecting because of people
you could contact?
Bjørn: Yes, probably, but still positive. Was a very small sample,
hoping to do more.
Wes Hardaker: we have done some experiments with TTL too, would like to
collaborate. Ref paper "Cache me if you can", as well as one on DNS
attacks if you can't reach a server.
Stuart Cheshire: valuable work, as this is highly relevant to the
Internet over the last 40 years. Should show work to CCWG.
Mirja: Are you hunting for new Congestion Control Algorithms in the
wild?
Margarida: Very interested in this. But if we don't have source code to
match, we can't validate behaviour. But very interested to see what we
can find from such data.
Wes Hardaker: you are right web browser ecosystem has no interest in
DANE so it's not maintained. It is widely used in email however (4.2M
valid records). Let's Encrypt regularly rotates keys which makes it
problematic to keep DANE records up to date.
Greg Choules: how can we make things easier for users to set up CAA and
DANE records in the first place?
Pouyan: my view, we need simple guide - what is meaning of each
identifier. Also people aren't aware of, e.g., typos, etc.; these
problems aren't found. Need some feedback from the CA if the policies
are broken, "your policies mean XYZ", etc.
Geoff Huston: DNSSEC is finding it very hard. Nobody wants to pay
validation penalty in real-time apps; it takes too long. Ref "Chain
Extensions" where all answers are bundled up in one hit - but blocked by
UDP/DNS packet sizes. DNS should be rearchitected to support larger
payloads. Also keys confuse everyone, all the time. Nobody understands
what they mean.
Pouyan: a lot has changed since DNSSEC first proposed. DNS-over-SCTP,
DNS-over-TCP, both are approaches to getting DNSSEC to work.
Geoff: mainstream is over UDP, it can't work today.
Lorenzo Colitti: What do the mobile devices that have a /64 directly on
their interfaces do? They are not routers so what do they do?
Johanna: can't say for sure. Note Destination Unreachable is a SHOULD so
quite valid not to return.
(No questions)
Lorenzo: Limiting factor is IPv6 in home networks still very hard to
make work. NAT64 in home networks just not implemented.