dnsext working group agenda dnsext
play

DNSEXT Working Group Agenda DNSEXT Administrivia 5 min appointing - PowerPoint PPT Presentation

Sep 07, 2022 •172 likes •553 views

DNSEXT Working Group Agenda DNSEXT Administrivia 5 min appointing scribes (dnsext@jabber.xmpp.org) blue sheet agenda bashing ISSUE tracker Working group Document status 5 min Call for Interop report volunteers 5 min Wild card clarify 10

  1. DNSEXT Working Group

  2. Agenda DNSEXT Administrivia 5 min appointing scribes (dnsext@jabber.xmpp.org) blue sheet agenda bashing ISSUE tracker Working group Document status 5 min Call for Interop report volunteers 5 min Wild card clarify 10 min draft-ietf-dnsext-wcard-clarify-02.txt DNSSEC-bis session 90 min IETF 58 DNSEXT WG

  3. ISSUE Tracking “Oh no… he had a workflow course” Purpose: Keeping track Helps distinguishing “work” from “discussion” Helps to keep an overview of open and closed issues Most important: Clearly describing the issue and proposing text. Tools: Form to describe the issue precisely and uniformly Issue tracker IETF 58 DNSEXT WG

  4. Issue Tracking The form: To be found in the monthly posting The tracker: https://roundup.machshav.com/dnsext/ or The tool of preference of the doc editor IETF 58 DNSEXT WG

  5. WG (Highly) Active draft-ietf-dnsext-dnssec-intro-06 draft-ietf-dnsext-dnssec-protocol-03 draft-ietf-dnsext-dnssec-records-05 draft-ietf-dnsext-wildcard-clarify-02 IETF 58 DNSEXT WG

  6. WG Final stages draft-ietf-dnsext-mdns-24 Needs WGLC summary draft-ietf-dnsext-tkey-renewal-mode draft-ietf-dnsext-case-insensitive Both have WGLC completed, summary needs to be posted. After final review on ID nits the docs can go to IESG. IETF 58 DNSEXT WG

  7. WG stalled draft-ietf-dnsext-rfc2536bis-dsa-4 stalled draft-ietf-dnsext-rfc2539bis-dhk-4 stalled draft-ietf-dnsext-ecc-key-4 stalled All waiting for 2535bis. IETF 58 DNSEXT WG

  8. Docs @ IESG draft-ietf-dnsext-axfr-clarify-05 Waiting for AD writeup draft-ietf-dnsext-delegation-signer In the RFC queue draft-ietf-dnsext-dnssec-2535typecode-change- Needs IANA considerations fixed then to RFC queue draft-ietf-dnsext-keyrr-key-signing-flag-11 Needs IANA considerations fixed then to RFC queue IETF 58 DNSEXT WG

  9. More Docs @ IESG draft-ietf-dnsext-dnssec-opt-in-05 WG needs to provide boilerplate indicating non- standards track status. (Stalled, 2535bis first) draft-ietf-dnsext-dhcid-rr-07 Waiting for DHC WG draft-ietf-dnsext-dns-threats-4 AD Evaluation draft-dnsext-opcode-discover Waiting for editorial changes. IETF 58 DNSEXT WG

  10. RFC since IETF57 draft-ietf-dnsext-unknown-rrs RFC3597 draft-ietf-dnsext-rfc1886bis RFC3596 draft-ietf-dnsext-gss-tsig RFC3645 draft-ietf-dnsext-ad-is-secure RFC3655 IETF 58 DNSEXT WG

  11. RIP since IETF57 draft-ietf-dnsext-dnssec-roadmap RIP draft-ietf-dnsext-ipv6-name-auto-reg RIP draft-ietf-dnsext-rfc2782bis-2 MIA IETF 58 DNSEXT WG

  12. Call for interop reports IETF 58 DNSEXT WG

  13. Wildcard document Number of issues Document contains language that potentially updates 1034 Caching of QNAME=*.example *. <anydomain> where <anydomain> contains * labels. * CNAME and the search algorithm * NS ‘legality’ Doc is more than clarification; it updates 1034 Note: wcard-clarify is not a normative reference in 2535bis IETF 58 DNSEXT WG

  14. RFC2535bis DNSSEC DNSSEC-bis editors report (Roy Arends) Open issues list and open mike NSEC type code representation Caching and reuse of DNSSEC Rrsets Compression guidelines Protocol constraints on algorithm use RRSIG TTL use, follow corresponding RRset or RFC2181 Document status, next steps and schedule IETF 58 DNSEXT WG

  15. DNSSEC Editors Report Fix an omission: dnssec-editors mailinglist did not have a public archive. Location on mailing list soon. Report by Roy Arends IETF 58 DNSEXT WG

  16. DNSSECbis drafts editors report Current set: draft-ietf-dnsext-dnssec-intro-07 draft-ietf-dnsext-dnssec-records-05 draft-ietf-dnsext-dnssec-protocol-03 Questions? Email: dnssec-editors@east.isi.edu IETF 58 DNSEXT WG

  17. DNSSECbis Questions Recently Resolved: Q6: Should resolvers cache known “BAD” data? protocol describes a method (4.1 rate limiting) to protect against DoS mentioned in threats (2.5 Denial of Service). Q11: Allow DNSKEY at delegation points? protocol outlaws DNSKEY at delegation point. (2.1 Including DNSKEY RRs in a Zone) Q16: server operation when query has DO = 0 and CD = 1. Original text made bits dependent. Since message bits are orthogonal, text has been removed. Q17: Should the KEY RR typecode be retained for TKEY operations as well? KEY/SIG RR is retained for TKEY, typecode-change-05 addresses this. IETF 58 DNSEXT WG

  18. Open Questions Q15: Should a security-aware stub resolver be allowed to set the CD bit? Q18: TTL values for RRSIG Q19: Suppression of duplicate RRs in a RRset Q20:expanding wildcards in authority section. Q21: Caching and Reuse of NSEC IETF 58 DNSEXT WG

  19. Hallway nits Small fixes like typos, nits, wording, clarifications. Implicit requirements (resolver/signer): need more explaining need to be made [more] explicit. IETF 58 DNSEXT WG

  20. DNSSEC Open issues and open mike. IETF 58 DNSEXT WG

  21. Open ISSUES While nearing finalization… IETF 58 DNSEXT WG

  22. Q15: Setting of CD bit Should a security-aware stub resolver be allowed to set the CD bit? No consensus: Protocol allows having the CD bit set, but explains why it isn't good for normal operation. Default to go with current text. IETF 58 DNSEXT WG

  23. Q18: RRsig TTL can violate RFC2181 RFC2181 says RRset must have the same TTL on all RR’s. RRsig’s at one name cover multiple RRsets that may have different TTL’s RRsig set is really a meta RRset RRsig belongs with RR type it covers Consensus seems to be: overwrite RFC2181 for RRsig. IETF 58 DNSEXT WG

  24. Q19: Suppression of duplications Options: SHOULD Signer suppress duplicate RR records before signing ? SHOULD Verifier suppress duplicate RR records before verification ? Force Hard Failure No consensus yet. IETF 58 DNSEXT WG

  25. Q20: expand wildcard in Authority section? Example B.7 has answer to a query that is answered by a wildcard match Does the wildcard NSEC record in authority section have owner name of *.w.example.com. <QNAME> Suggested action: unexpanded wildcard IETF 58 DNSEXT WG

  26. Q21: Caching and Reuse of NSEC Current doc says: Reuse only if Q-trinity is identical to old Q- trinity. Suggested relaxation: MAY reuse if QNAME and CLASS same but QTYPE is different MAY reuse if ONAME is equal to QNAME IETF 58 DNSEXT WG

  27. Compression Guidelines RFC2597 section 4: Future specifications for new RR types that contain domain names within their RDATA MUST NOT allow the use of name compression for those names, and SHOULD explicitly state that the embedded domain names MUST NOT be compressed Records says: Server MUST NOT compress RDATA domain names in RRsig and NSEC Resolver SHOULD decompress RDATA domain names in RRsig and NSEC Suggested action: IETF 58 DNSEXT WG

  28. NSEC issue Current NSEC/NXT definition allows types 1..127 (bit map) Representation of types 128..65535 undefined WG seems to have consensus on fixing this Consensus on one and only one format! Backwards compatibility is not required WG needs ID describing change IETF 58 DNSEXT WG

  29. NSEC road ahead Chairs have appointed document editor Jakob Schlyter Shorten list of proposals to propose one format to namedroppers Ask if there are prohibitive objections against any formats Hum for each proposal that does not meet prohibitive objections Loudest hum goes to list in the form of I-D. IETF 58 DNSEXT WG

  30. NSEC proposals #0. Extend bitmap to all 64K types Simple compact, max size 8K Bad in the case of sparse/high type codes Easy to search #1. List types present in sorted order Simple, linear growth, easy to search Can represent less than 32K types. IETF 58 DNSEXT WG

  31. NSEC proposals (cont) #2. [DavidB] First 256 types in one byte each followed by sorted 16 bit type code list <length> <lower byte>+ <type codes>* Optimizes the current and near term usage Simple to search, on average can represent few more types than #1 IETF 58 DNSEXT WG

  32. NSEC proposals (cont) #3 [MichaelG] Skip list of blocks Each block covers 256 type codes, corresponds to upper byte in type code. <block> <block>* ν [length] [block ID] [lower byte of type code]+ Optimized for size if there are 128 or more types in a block, the list contains types NOT present. Max size is under 33K, can cover all types Smaller when lots of types present IETF 58 DNSEXT WG

  33. NSEC proposals (cont) #4 [Mark A] Similar to #3 but uses bitmap in each block. Each block covers 256 type codes, corresponds to upper byte in type code. <block> <block> [block ID] [length] [bitmap 0..<top_bit in block>] Covers all types, max size about 8.5K, relationship between number of types and size complicated. IETF 58 DNSEXT WG

  34. NSEC selection #0 Expanded bitmap #1 Sorted typecode list #2 Sorted typecode with 1st 256 types optimization #3 Skip list of blocks of typecodes #4 Skip list of blocks of bitmaps IETF 58 DNSEXT WG

  35. Document status Will reflect closed questions Security considerations will get updated in new version New versions RSN, with change list. NSEC ID will delay us a little bit. Goal: WGLC before end of year . IETF 58 DNSEXT WG

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

draft-ietf-dnsext-dnssec-bis-updates-10 Samuel Weiler IETF77, Anaheim 24 March 2010 Samuel

draft-ietf-dnsext-dnssec-bis-updates-10 Samuel Weiler IETF77, Anaheim 24 March 2010 Samuel

Changes Since -09 Path Forward draft-ietf-dnsext-dnssec-bis-updates-10 Samuel Weiler IETF77, Anaheim 24 March 2010 Samuel Weiler draft-ietf-dnsext-dnssec-bis-updates-10 Changes Since -09 Path Forward Changes Since -09 Nested Trust Anchors

743 views • 14 slides
DNS Conformance Tester &amp; Test Event Report dnsext WG@65th IETF 2006/03/21(Tues.) Yukiyo

DNS Conformance Tester &amp; Test Event Report dnsext WG@65th IETF 2006/03/21(Tues.) Yukiyo

DNS Conformance Tester &amp; Test Event Report dnsext WG@65th IETF 2006/03/21(Tues.) Yukiyo Akisada@Yokogawa Electric Corporation, TAHI Project TOC Status of DNS Conformance Tester Introduction of DNS Conformance Tester Test Event

459 views • 24 slides
AAM Aircraft Working Group Kickoff AAM Aircraft Working Group Kickoff Agenda May 28, 2020 Topic

AAM Aircraft Working Group Kickoff AAM Aircraft Working Group Kickoff Agenda May 28, 2020 Topic

AAM Aircraft Working Group Kickoff AAM Aircraft Working Group Kickoff Agenda May 28, 2020 Topic Speaker Time (EDT) Description Introduction Carl Russell 3:00PM 3:20PM Welcome attendees, share the meeting agenda, introduce the NASA

233 views • 10 slides
HOUSING AND NEIGHBORHOOD WORKING GROUP Agenda for today Introductions Goals for working

HOUSING AND NEIGHBORHOOD WORKING GROUP Agenda for today Introductions Goals for working

HOUSING AND NEIGHBORHOOD WORKING GROUP Agenda for today Introductions Goals for working group (co-chairs: G. Adamkiewicz and Y. Long) Brief presentation housing working group Next steps Planning for upcoming calls

727 views • 36 slides
Technological Advisory Council 12-4-2014 Agenda Mobile Device Theft Working Group IIT

Technological Advisory Council 12-4-2014 Agenda Mobile Device Theft Working Group IIT

Technological Advisory Council 12-4-2014 Agenda Mobile Device Theft Working Group IIT Student Presentation Cybersecurity Working Group Internet of Things Working Group 477 Testing Working Group Advanced Sharing

2.07k views • 181 slides
NMEC Working Group Wednesday, June 12, 2019 at 1:00-2:00pm Agenda 1. Introduction/Welcome 2.

NMEC Working Group Wednesday, June 12, 2019 at 1:00-2:00pm Agenda 1. Introduction/Welcome 2.

NMEC Working Group Wednesday, June 12, 2019 at 1:00-2:00pm Agenda 1. Introduction/Welcome 2. Recap of Working Group Meetings 3. Draft Report Overview 4. Review Recommendations on Priority Buckets 5. Working Group Next Steps Welcome Coby

544 views • 16 slides
DNA working group meeting IETF 67 dna working group meeting 2006/11/06 Agenda Agenda Bashing -

DNA working group meeting IETF 67 dna working group meeting 2006/11/06 Agenda Agenda Bashing -

DNA working group meeting IETF 67 dna working group meeting 2006/11/06 Agenda Agenda Bashing - 05 mins Call for Scribes WG document status - 10 mins Merged DNA protocol discussion - 90 mins FRD discussion - 15 mins IETF 67 dna working group

359 views • 4 slides
ASE Vision Committee Meeting August 26, 2019 Agenda Agenda I. Debrief Airline Panel Discussion

ASE Vision Committee Meeting August 26, 2019 Agenda Agenda I. Debrief Airline Panel Discussion

ASE Vision Committee Meeting August 26, 2019 Agenda Agenda I. Debrief Airline Panel Discussion II. Review of Working Group Assignments A. Airport Experience Working Group B. Technical Working Group C. Focus Group D. Community Character

483 views • 17 slides
Working Group Quarterly Meeting June 25, 2020 2:00-3:30 pm (Eastern) Agenda Welcome and

Working Group Quarterly Meeting June 25, 2020 2:00-3:30 pm (Eastern) Agenda Welcome and

CAT Coalition AV Infrastructure-Industry Working Group Quarterly Meeting June 25, 2020 2:00-3:30 pm (Eastern) Agenda Welcome and Introductions Ongoing Commitment to Outreach and Knowledge Transfer Working Group Activities and Work

525 views • 21 slides
UPSFF Working Group Aug. 30, 2018 1 Agenda Welcome and Introductions (10 min) UPSFF

UPSFF Working Group Aug. 30, 2018 1 Agenda Welcome and Introductions (10 min) UPSFF

UPSFF Working Group Aug. 30, 2018 1 Agenda Welcome and Introductions (10 min) UPSFF Review Process (10 min) D.C. Code 38-2911 Working group responsibilities Timeline UPSFF Overview (45 min) UPSFF in context How

344 views • 17 slides
CYCLING WORKING GROUP -MEETING 1- 03/12/2013 Agenda 1. Call to order 2. Agreement on

CYCLING WORKING GROUP -MEETING 1- 03/12/2013 Agenda 1. Call to order 2. Agreement on

CYCLING WORKING GROUP -MEETING 1- 03/12/2013 Agenda 1. Call to order 2. Agreement on appointment of a Chair 3. Appointment of a recording secretary 4. Discuss and agree on mandate of working group 5. Roles and responsibilities of group

538 views • 15 slides
Agenda Working Group II 1. Opening of WG II meeting by the chairman 2. Approval of the agenda

Agenda Working Group II 1. Opening of WG II meeting by the chairman 2. Approval of the agenda

Agenda Working Group II 1. Opening of WG II meeting by the chairman 2. Approval of the agenda 3. Approval of the minutes from 11 July 2012 4. Fishing opportunities 2013 presentation of ICES advice by Carmen Fernandez Blue Whiting

519 views • 3 slides
September 2017 Trust in water 1 C-MeX Working Group Agenda Timing Item Lead 11:00 11:10

September 2017 Trust in water 1 C-MeX Working Group Agenda Timing Item Lead 11:00 11:10

Customer Measure of Experience (C-MeX) for PR19: C-MeX Working Group Set-up Meeting September 2017 Trust in water 1 C-MeX Working Group Agenda Timing Item Lead 11:00 11:10 Welcome and introductions Leah Fry, Housekeeping Ryan Davies

292 views • 15 slides
Agenda of CEOS Working Group on Disasters Meeting # 8 August 28, 2017 (version 6) The CEOS Working

Agenda of CEOS Working Group on Disasters Meeting # 8 August 28, 2017 (version 6) The CEOS Working

Agenda of CEOS Working Group on Disasters Meeting # 8 August 28, 2017 (version 6) The CEOS Working Group on Disasters (WGDisasters) will hold its eighth meeting from September 4 th to 8 th in Buenos Aires (in conjunction with the the DRR Americas

365 views • 3 slides
Technical Working Group Meeting September 8, 2020 1. Greetings and Introductions Agenda

Technical Working Group Meeting September 8, 2020 1. Greetings and Introductions Agenda

Technical Working Group Meeting September 8, 2020 1. Greetings and Introductions Agenda Agenda Agenda 2. July 26 Board of Directors Meeting Updates Guest Presentation: California Product Stewardship Council (CPSC)Senate Bill 212,

333 views • 31 slides
A warm welcome to the working group EUREKA in the ERA! Agenda Day 1: Monday 22 September 14h00

A warm welcome to the working group EUREKA in the ERA! Agenda Day 1: Monday 22 September 14h00

A warm welcome to the working group EUREKA in the ERA! Agenda Day 1: Monday 22 September 14h00 17h30 1. Welcome 2. Introduction of working group members 3. Presentation of mandate 4. Presentation of mapping of the instruments in ERA 5.

741 views • 52 slides
CSE410 aka CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis

CSE410 aka CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis

CSE410 aka CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall http:/ /www.cse.buffalo.edu/faculty/alphonce/SP17 /CSE410 https:/ /piazza.com/class/iybn33z3aro2p compiling and running without debugger

397 views • 19 slides
45'6(71+8 3%),)/'()#% &quot;#$%&amp;'()#%*+#,+-#.)/+01#.1'22)%. 3%),)/'()#% ! 9$(:)%7

45'6(71+8 3%),)/'()#% &quot;#$%&amp;'()#%*+#,+-#.)/+01#.1'22)%. 3%),)/'()#% ! 9$(:)%7

45'6(71+8 3%),)/'()#% &quot;#$%&amp;'()#%*+#,+-#.)/+01#.1'22)%. 3%),)/'()#% ! 9$(:)%7 3%&amp;71*('%&amp;)%.+(57+%77&amp;+,#1+$%),)/'()#%+ ;7,)%)%.+':65'&lt;7(*=+(712*=+'%&amp;+*$&lt;*()($()#%*

483 views • 27 slides
Computational Logic The (ISO-)Prolog Programming Language 1 (ISO-)Prolog A practical

Computational Logic The (ISO-)Prolog Programming Language 1 (ISO-)Prolog A practical

Computational Logic The (ISO-)Prolog Programming Language 1 (ISO-)Prolog A practical programming language based on the logic programming paradigm. Main differences with pure logic programming: depth-first search rule,

869 views • 62 slides
The Uses of SAT Solvers in Vampire Giles Reger and Martin Suda School of Computer Science,

The Uses of SAT Solvers in Vampire Giles Reger and Martin Suda School of Computer Science,

The Uses of SAT Solvers in Vampire Giles Reger and Martin Suda School of Computer Science, University of Manchester The 2nd Vampire Workshop Reger,G Vampire and SAT Solvers 1 / 30 Introduction In this talk we will: Talk about the different

449 views • 44 slides
Project Unconference Arts and Humanities in the Digital Age Concept Define Concept Using

Project Unconference Arts and Humanities in the Digital Age Concept Define Concept Using

Project Unconference Arts and Humanities in the Digital Age Concept Define Concept Using the Post-It notes provided, create the following categories: Project aim(s) Research question(s) Digital collections/data

301 views • 19 slides
LECTURE CAPTURE The process of recording taught sessions and publishing them for students to

LECTURE CAPTURE The process of recording taught sessions and publishing them for students to

LECTURE CAPTURE The process of recording taught sessions and publishing them for students to replay after the class At Sheffield Hallam, we mean a recording of WHAT IS LECTURE materials displayed on screen and the accompanying CAPTURE?

212 views • 10 slides
5th TF-Media 5th TF-Media Survey results and their usage How relevant the results are Num ber

5th TF-Media 5th TF-Media Survey results and their usage How relevant the results are Num ber

26-28 October, 2011 Oporto, Portugal Peter Szegedi, PDO szegedi@terena org szegedi@terena.org www.terena.org 5th TF-Media 5th TF-Media Survey results and their usage How relevant the results are Num ber of NRENs interested in m edia

125 views • 11 slides
Girth of a group Robert Jajcay Comenius University robert.jajcay@fmph.uniba.sk Bovec,

Girth of a group Robert Jajcay Comenius University robert.jajcay@fmph.uniba.sk Bovec,

Girth of a group Robert Jajcay Comenius University robert.jajcay@fmph.uniba.sk Bovec, Slovenija, L-L Meeting September 22, 2012 Robert Jajcay Comenius University robert.jajcay@fmph.uniba.sk Bovec, Slovenija, L-L Meeting Girth of a

434 views • 39 slides

More recommend