Agenda

Meeting of the DNS Extensions Working Group
IETF 75
Stockholm, SE
2009-07-29 13:00-15:00

agenda version: 2009-07-28



Meeting to order                        13:00   13:00
Note Well & Administration              13:00   13:02
WG Status Summary                       13:03   13:07
   (see detailed status report
   posted to namedroppers; 
   charter discussion later in the meeting)


Major Topic: Additional forgery resilience work     13:08   13:38

    There are proposals for several different techniques for being
    more resilient to forgery without deploying DNSSEC.  These include

    draft-barwood-dnsext-fr-resolver-mitigations-08
    draft-wijngaards-dnsext-resolver-side-mitigation-01
    draft-vixie-dnsext-dns0x20-00
    draft-hubert-ulevitch-edns-ping-01
    draft-weaver-dnsext-comprehensive-resolver-00 

    The last discussion of this did not converge on a consensus of what,
    of any of these, to pursue.  The worst of all results is the case
    where implementations all do their own thing because the WG can't
    settle on recommendations.  We should try to find some compromises
    that will be acceptable.

Major Topic: EDNS0                          13:39   14:00

    1.  draft-ietf-dnsext-rfc2671bis-edns0
    2.  DO bit and buffer sizes.
        (see draft-gudmundsson-dnsext-setting-ends0-do-bit-00)
    3.  Should EDNS0 options be converted to an expert review process,
    as RRTYPE assignment now is?

Drafts for WG attention

    draft-ietf-behave-dns64-00              14:01   14:07
        Draft has been adopted by behave.  Major question: is the
            current approach to DNSSEC ok in light of the changes to
            the data in the answer made by the dns64 node?  Compare
            with "DNS lies".
    draft-kerr-ixfr-only-00                 14:08   14:15
    Note: draft-livingood-dns-redirect-00.txt, which appears to have
    implications for the DNS protocol, is to be discussed in DNSOP and
    therefore isn't on the DNSEXT agenda.

Major Topic: WG charter                     14:16   14:30 

    Is the charter right?  Are there things we want to add?  Is this
    all too limiting, given the activity of the WG?

***Additional topic as time permits

***    draft-li-dnsext-ipv4-ipv6-01
***    If we manage to complete the charter discussion ahead of time
***    this draft will be in order.  Otherwise, we will proceed
***    to the next topic.


Major Topic: Adding new DNSSEC algorithms       14:31   15:00
    - draft-dolmatov-dnsext-dnssec-gost-00
    - draft-hoffman-dnssec-ecdsa-00
    - draft-hoffman-dnssec-dsa-sha2-00
    - draft-crocker-dnssec-algo-signal-03 

    The first three drafts all propose adding support for new algorithms
    to DNSSEC.  The questions before us are these:
        * whether we need general principles for adding support for
        new algorithms:
            + DNSKEY
            + NSEC3 obfuscation
            + DS digest
        * if so, what those principles ought to be
        * irrespective of the reasons needed for adding a new
        algorithm, what procedures are needed for adding one (RFC
        required?  Expert review?  Standards action?)

    The fourth draft is intended to provide support infrastructure for
    making these changes.  Is such work needed?



Meeting adjourned                           15:00