Welcome to Madrid
", "time": "2025-07-21T10:05:19Z"}, {"author": "Paul Hoffman", "text": "Someone's gotta post a first message
", "time": "2025-07-21T10:05:45Z"}, {"author": "John Levine", "text": "Now I can go home
", "time": "2025-07-21T10:06:00Z"}, {"author": "Petr \u0160pa\u010dek", "text": "Option A is technically sound. Plus it gives deployment metrics ...
", "time": "2025-07-21T10:15:46Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "Is the resolver on the IETF meeting Wifi network trusted?
", "time": "2025-07-21T10:19:00Z"}, {"author": "Petr \u0160pa\u010dek", "text": "That's client's decision to be made, isn't it?
", "time": "2025-07-21T10:20:09Z"}, {"author": "Petr \u0160pa\u010dek", "text": "As in, do _you_ trust it?
", "time": "2025-07-21T10:20:24Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "Yes, I trust the NOC people
", "time": "2025-07-21T10:20:45Z"}, {"author": "Petr \u0160pa\u010dek", "text": "Here's answer to your question then :-)
", "time": "2025-07-21T10:20:59Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "So, I have to manually click on \"I trust this resolver\" ?
", "time": "2025-07-21T10:21:19Z"}, {"author": "Warren Kumari", "text": "@Petr : As someone who has been deeply involved in the IETF NOC for many years \u2014 I have no idea if I should trust it or not, and don\u2019t see how a \u201cuser\u201d could make this determination\u2026..
", "time": "2025-07-21T10:21:41Z"}, {"author": "Petr \u0160pa\u010dek", "text": "Up to you. You can also trust everything you see ...
", "time": "2025-07-21T10:21:58Z"}, {"author": "Warren Kumari", "text": "I\u2019ve got root on that box, and have no idea \u2014 because I don\u2019t really grok the trust model for this\u2026.
", "time": "2025-07-21T10:22:25Z"}, {"author": "Petr \u0160pa\u010dek", "text": "Web browsers do this decision zillion times a day. I don't see why TLS connection to a resolver is any different than TLS connection to a random web server.
", "time": "2025-07-21T10:22:58Z"}, {"author": "Duane Wessels", "text": "warren has root? now I really don't trust it.
", "time": "2025-07-21T10:23:01Z"}, {"author": "Ond\u0159ej Sur\u00fd", "text": "Please don't forget to provide the feedback on the mailinglist.
", "time": "2025-07-21T10:23:04Z"}, {"author": "Warren Kumari", "text": "Do I trust it to send me a URL to randomly follow? Hell no. Do I trust it to say example is at 192.0.2.2, and then I can examine the TLS cert when connecting to that address? Yes\u2026
", "time": "2025-07-21T10:23:53Z"}, {"author": "Daniel Gillmor", "text": "Petr, there is at least one difference, which is that for TLS at least the origin model is a well-understood thing, both for web deployments and for clients.
", "time": "2025-07-21T10:23:55Z"}, {"author": "Daniel Gillmor", "text": "for TLS on the web, that is.
", "time": "2025-07-21T10:24:08Z"}, {"author": "Petr \u0160pa\u010dek", "text": "I'm saying something else. We (as in, users of contemporary software) have delegated this decision to web browser software. This will be no different.
", "time": "2025-07-21T10:25:01Z"}, {"author": "Ond\u0159ej Sur\u00fd", "text": "That's what David(?) from Chrome said, I believe.
", "time": "2025-07-21T10:25:56Z"}, {"author": "Petr \u0160pa\u010dek", "text": "As in, this decision is orthogonal to JSON object which ships the data around. And dnsop is about the format, not about how the data is displayed to user.
", "time": "2025-07-21T10:26:02Z"}, {"author": "Daniel Gillmor", "text": "sure, the user agent will be the agent of the user here. but the details of how we expect the agents to be responsible for the user interest may shape how we structure the mechanism.
", "time": "2025-07-21T10:26:13Z"}, {"author": "Petr \u0160pa\u010dek", "text": "If I take it to extreme, should we define JPEG format so it cannot ever represent a malware? Same for JSON payloads ...
", "time": "2025-07-21T10:27:10Z"}, {"author": "Petr \u0160pa\u010dek", "text": "Or define JPEG so it cannot ever represent misleding information in a picture?
", "time": "2025-07-21T10:28:11Z"}, {"author": "Shane Kerr", "text": "So you're saying we should define EDE with images, Petr? :wink:
", "time": "2025-07-21T10:28:20Z"}, {"author": "Petr \u0160pa\u010dek", "text": "@Shane I think we already have that, if it fits within 64k ... :trollface:
", "time": "2025-07-21T10:29:07Z"}, {"author": "Benjamin Schwartz", "text": "Chairs: closing the mic line before the speaker is done speaking seems unfortunate.
", "time": "2025-07-21T10:29:31Z"}, {"author": "Tom Hill", "text": "64k should be enough for anyone? :)
", "time": "2025-07-21T10:30:01Z"}, {"author": "Warren Kumari", "text": "Thanks to the chairs / secretary / whoever for removing people from the queue after they have finished speaking\u2026 I usually forget to do so, so thanks!
", "time": "2025-07-21T10:30:30Z"}, {"author": "Tobias Fiebig", "text": "svg in EDE?
", "time": "2025-07-21T10:30:39Z"}, {"author": "Benno Overeinder", "text": "You are welcome Warren!
", "time": "2025-07-21T10:30:51Z"}, {"author": "Philip Homburg", "text": "In the future we will find that the main use of a new DNS protocol that allows for larger messages it to send cat pictures.
", "time": "2025-07-21T10:31:21Z"}, {"author": "Shane Kerr", "text": "Most of my screenshots fit in 65KB:
\nskerr:Screenshots$ ls -1 | wc -l\n1282\nskerr:Screenshots$ find . -size -65536c | wc -l\n895\nSure thing, EXTRA-TEXT is UTF-8 ... SVG would be perfect fit!
", "time": "2025-07-21T10:32:18Z"}, {"author": "Tommy Jensen", "text": "clearly the text version of PPM is a better fit
", "time": "2025-07-21T10:32:43Z"}, {"author": "Andrew Campling", "text": "The first draft on the topic seems useful, not sure about the second one. I'd like to see the first one move forward.
", "time": "2025-07-21T10:32:50Z"}, {"author": "Tommy Jensen", "text": "Having spent more time reading and thinking about Mark's draft, I am supportive, with my concerns more around adoption feasibility than technical objection
", "time": "2025-07-21T10:33:47Z"}, {"author": "Martin Thomson", "text": "NO to a WG
", "time": "2025-07-21T10:33:51Z"}, {"author": "Martin Thomson", "text": "This is such a small thing.
", "time": "2025-07-21T10:34:01Z"}, {"author": "Tommy Pauly", "text": "No new WG. That\u2019s too heavy
", "time": "2025-07-21T10:34:04Z"}, {"author": "Tommy Jensen", "text": "+1, here, not new WG
", "time": "2025-07-21T10:34:13Z"}, {"author": "Tommy Pauly", "text": "How about a design team if you want
", "time": "2025-07-21T10:34:19Z"}, {"author": "Petr \u0160pa\u010dek", "text": "it would give you a whole new shed to paint ...
", "time": "2025-07-21T10:34:24Z"}, {"author": "Martin Thomson", "text": "Maybe the chairs could schedule more time for the work so that progress could be made at this meeting.
", "time": "2025-07-21T10:34:29Z"}, {"author": "Vittorio Bertola", "text": "It's a pity that the queue was closed even before the presentation ended. I will try to post my thoughts to the list later today.
", "time": "2025-07-21T10:34:40Z"}, {"author": "Tommy Jensen", "text": "And an acronym to design Petr, which might take longer than draft revisions
", "time": "2025-07-21T10:34:42Z"}, {"author": "Warren Kumari", "text": "@ Tommy: Yes, I too am supportive\u2026
", "time": "2025-07-21T10:34:47Z"}, {"author": "Tom Hill", "text": "A focussed interim would be a good start
", "time": "2025-07-21T10:34:57Z"}, {"author": "David Lawrence", "text": "We can design Petr now?
", "time": "2025-07-21T10:35:13Z"}, {"author": "Warren Kumari", "text": "Structured error made me twitch, but MNot\u2019s use case more than make up for that for me\u2026.
", "time": "2025-07-21T10:35:43Z"}, {"author": "Warren Kumari", "text": "+1 to interim\u2026
", "time": "2025-07-21T10:36:01Z"}, {"author": "Benjamin Schwartz", "text": "I think Mark's draft is on the right track, but the interesting question here is about (1) who are the parties? and (2) how do we write a technical standard that emphasizes certain norms about how those parties interact?
\nOne interesting option might be a set of URNs to identify the censorship event, to normalize the idea that these events are only comprehensible through some lens (like Lumen), not something that can be fetched from an arbitrary source (like a URI).
", "time": "2025-07-21T10:37:33Z"}, {"author": "Geoff Huston", "text": "Yes Warren the data Tobias presented here does not correlate with the data I presented on this topic from an APNIC Labs measurement. (https://www.potaroo.net/presentations/2024-03-20-dnsv6-v6ops.pdf)
", "time": "2025-07-21T10:47:48Z"}, {"author": "Tom Hill", "text": "Have you had chance to compare Tobias' results yet?
", "time": "2025-07-21T10:49:20Z"}, {"author": "Warren Kumari", "text": "I think it is a very different measurement paradigm \u2014 measuring behavior to Auth != measuring behavior to/from Recursive\u2026
", "time": "2025-07-21T10:50:29Z"}, {"author": "Ond\u0159ej Sur\u00fd", "text": "PRF would be a good way to do unique tokens instead of random
", "time": "2025-07-21T10:50:41Z"}, {"author": "Geoff Huston", "text": "It is not clear to me exactly what Tobais' work is measuring. The Labs work is measuring the operational behaviour of DNS recursive resolvers.
", "time": "2025-07-21T10:51:10Z"}, {"author": "Ond\u0159ej Sur\u00fd", "text": "We already use SipHash 2-4 for DNS Cookies, but any cryptographically secure PRF would work.
", "time": "2025-07-21T10:51:16Z"}, {"author": "Tom Hill", "text": "@Warren during Geoff's measurements, a tier-1 network was dropping IPv6 frags. I'd have said that would affect traffic in both directions?
", "time": "2025-07-21T10:51:31Z"}, {"author": "Warren Kumari", "text": "I\u2019ve seen similar results to Geoff using other measurement techniques\u2026 My numbers look much more like Geoff\u2019s than Tobias\u2026
", "time": "2025-07-21T10:51:47Z"}, {"author": "Tommy Jensen", "text": "Sounds like Warren is volunteering to give a talk!
", "time": "2025-07-21T10:52:24Z"}, {"author": "Tom Hill", "text": "If there are still disparities, we need to figure out what's causing them.
", "time": "2025-07-21T10:52:31Z"}, {"author": "Tom Hill", "text": "\"Don't do IPv6-only DNS resolvers\" isn't a solution that fits with the reality of network design
", "time": "2025-07-21T10:52:52Z"}, {"author": "Warren Kumari", "text": "@Tom: Yes. But there are multiple sides to a connection, and (from what I\u2019ve seen) the recursive sides are more likely behind e.g enterprise firewalls which drop frags\u2026
", "time": "2025-07-21T10:52:55Z"}, {"author": "Andrew Campling", "text": "Surely the divergence of results needs to be understood before the document is progressed.
", "time": "2025-07-21T10:53:18Z"}, {"author": "Tom Hill", "text": "@Warren That's within the control of the enterprise network operator to fix, should they decide to use IPv6-only resolvers?
", "time": "2025-07-21T10:53:46Z"}, {"author": "Shumon Huque", "text": "Paul H -- I think largely the changes are topics that have been broached on the list in the past. We should review the recent PRs and confirm ..
", "time": "2025-07-21T10:53:49Z"}, {"author": "Warren Kumari", "text": "Authoratives are, kinda by definition, \u201con the Internet\u201d. Recursive live in enterprises, residences, etc.. You need to measure both sides\u2026
", "time": "2025-07-21T10:54:18Z"}, {"author": "Tom Hill", "text": "Right, but it's still up to you to make your resolvers work, based on the way you choose to deploy them
", "time": "2025-07-21T10:54:54Z"}, {"author": "Shane Kerr", "text": "It's domain CONTROL validation not domain OWNERSHIP validation, right?
", "time": "2025-07-21T10:54:59Z"}, {"author": "Tommy Jensen", "text": "+1 to Tom though, once we're talking about enterprises, we are talking about network operators in control of their own segments that introduce problems not common to general Internet users outside enterprise networks
", "time": "2025-07-21T10:55:04Z"}, {"author": "Geoff Huston", "text": "Andrew - I cannot speak to Tobias' methodology. At APNIC Labs we use a large set of end users and a small set of authoritative servers that are explicitly configured to behave in ways we want to measure (such as truncation, fragmentation, etc).
", "time": "2025-07-21T10:55:20Z"}, {"author": "Tom Hill", "text": "The original opposition to the draft was that the IPv6 internet was less reliable and so this was a bad idea for 'the DNS' in general
", "time": "2025-07-21T10:55:23Z"}, {"author": "Shumon Huque", "text": "Ben -- if you have a definition of \"control over domain\" feel free to provide one. At the moment, it just means you confirmed the ability to update the domain with a piece of data supplied be the validator at roughly the current time.
", "time": "2025-07-21T10:56:30Z"}, {"author": "Petr \u0160pa\u010dek", "text": "RFC 9499, search for \"Owner:\".
", "time": "2025-07-21T10:57:17Z"}, {"author": "Benjamin Schwartz", "text": "@Shumon Huque No ... the draft also supports persistent validation!
", "time": "2025-07-21T10:57:36Z"}, {"author": "Warren Kumari", "text": "If I run www.example.com, I don\u2019t care why a user cannot reach my site, just that they can\u2019t \u2014 I cannot realistically fix other people\u2019s recursive resolvers\u2026. Yes, the resolver operator should bit it themselves, but e.g enterprise resolver operators won\u2019t until things are on fire\u2026.
", "time": "2025-07-21T10:57:45Z"}, {"author": "Shumon Huque", "text": "Ben -- That is true - that is one the recent changes, so qualify my last statement accordingly :)
", "time": "2025-07-21T10:58:10Z"}]