2. This is the DNSEXT Working Group (where the microphones are at Scandic hights) San Diego IETF60 jabber:dnsext@ietf.xmpp.org

3. IETF 60 DNSEXT WG Agenda DNSEXT Administrivia5 min appointing scribes Classic David Blacka jabber: George Michaelson (dnsext@ietf.xmpp.org)dnsext@ietf.xmpp.org blue sheet agenda bashing Monday Aug 2, 09:00-11:30 1st slot DNSSEC session Thursday Aug 5, 9:00-10:15(!?) Other DNSEXT extension work.

4. IETF 60 DNSEXT WG Monday agenda Announcements: Reid: DNS-MODA announcement (approx 3 min, no discussion) DNSSEC Deployment issues Report on implementation Key management topics (approx 60 minutes) StJohns: draft-stjohns-dnssec-trustupdate-01 Ihren: DNSSEC in-band key rollover (draft-kolkman-dnsext-dnssec-in-band-rollover-00)

5. IETF 60 DNSEXT WG Monday agenda continued Requirements for future work on Denial of Existence (approx 60 minutes) Loomis/Laurie: Requirements overview Possible transitions Koch: draft-ietf-dnsext-dnssec-trans-00.txt Possible approaches Arends: DNSNR draft-arends-dnsnr-00.txt Laurie: NSEC2 http://www.links.org/dnssec/draft-laurie- dnsext-nsec2-01.txthttp://www.links.org/dnssec/draft-laurie- dnsext-nsec2-01.txt Weiler: comparing the above Wrapup (approx 10 minutes)

6. IETF 60 DNSEXT WG Thursday Agenda Other DNSEXT work. Schlyter: Report on RFC 3597 interoperability testing. http://www.rfc.se/interop3597 http://www.rfc.se/interop3597 Eastlake: draft-eastlake-tsig-sha-03.txt (10m) Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 ) More WG Administrivia Document Status Charter Review Open mike

7. IETF 60 DNSEXT WG And now for something completely different Report on implementation Key management topics (approx 60 minutes) StJohns: draft-stjohns-dnssec-trustupdate- 01 Ihren: DNSSEC in-band key rollover (draft-kolkman-dnsext-dnssec-in-band- rollover-00)

8. IETF 60 DNSEXT WG Continuing the agenda Intermezzo: Vixie: DLV More discussion of key-managment We forgot the MODA announcement And then NSEC++

9. IETF 60 DNSEXT WG Process NSEC walking is a (perceived) barrier to deployment The WG cannot force DNSSEC-bis to be deployed and may speed deployment if a solution is found Therefore we have to seriously consider this We have to know what the requirements are before we can actually start to engineer

10. IETF 60 DNSEXT WG Process 2 We can assess the current proposals on how they interact with DNS(SEC) protocol We cannot at this moment not assess if they solve the problem There may be other solutions to the problem think white lies schemes different complexity/security properties

11. IETF 60 DNSEXT WG Process 3 Seriously discuss the requirement; to gain understanding and assess completeness Discuss the two proposals Interaction with the protocol No measure against the requirements during this meeting. As always, the room does not decide, the list does

12. IETF 60 DNSEXT WG Process 4 A Warning dnsext contentious status SEVERE Olafur may explode HIGH irreversible physical damage may occur ELEVATED elevated egos may burst GUARDED general insults may be exchanged LOW low risk of protocol developing

13. IETF 60 DNSEXT WG

14. This is the DNSEXT Working Group (where the microphones are at Scandic heights) San Diego IETF60 jabber:dnsext@ietf.xmpp.org

15. IETF 60 DNSEXT WG Thursday Meeting Other DNSEXT work. Classic Scribe (Peter Koch) Jabber Scribe

16. IETF 60 DNSEXT WG Agenda Schlyter: Report on RFC 3597 interoperability testing. http://www.rfc.se/interop3597 http://www.rfc.se/interop3597 Eastlake: draft-eastlake-tsig-sha-03.txt Eastlake: draft-ietf-dnsext-ecc-key-04.txt Austein: draft-austein-dnsext-nsid-01.txt (10m) (Related to draft-ietf-dnsop-serverid-02 ) More WG Administrivia Document Status Charter Review Open mike Roy Arends on Finger Printing

17. IETF 60 DNSEXT WG WG Administrivia

18. IETF 60 DNSEXT WG WG Active docs draft-ietf-dnsext-wcard-clarify-03 Version 4 did not make the cut-off but is ready to be submitted. draft-ietf-dnsext-tkey-renewal-mode-04 After WG last call a problem was discovered, protocol made unrealistic assumptions This has been fixed in 04, a new WGLC will be done

19. IETF 60 DNSEXT WG WG Final stages draft-ietf-dnsext-mdns-33 33: I-D nits are not satisfied 1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.1.2.ip6.arpa is more than 72 characters. draft-ietf-dnsext-insensitive-04 Waiting for write-up

20. IETF 60 DNSEXT WG WG stalled draft-ietf-dnsext-rfc2536bis-dsa-4 stalled draft-ietf-dnsext-rfc2539bis-dhk-4 stalled draft-ietf-dnsext-ecc-key-4 stalled All waiting for 2535bis. Can be thawed

21. IETF 60 DNSEXT WG Docs @ IESG Publication Requested draft-ietf-dnsext-dnssec-intro-11 draft-ietf-dnsext-dnssec-protocol-07 draft-ietf-dnsext-dnssec-records-09

22. IETF 60 DNSEXT WG More Docs @ IESG RFC Ed Queue draft-ietf-dnsext-dns-threats-07 draft-ietf-dnsext-nsec-rdata-06 AD is watching draft-ietf-dnsext-dnssec-opt-in-05 We focused on getting DNSSECbis done draft-ietf-dnsext-axfr-clarify-05 Waiting for AD write up draft-dnsext-opcode-discover-03

23. IETF 60 DNSEXT WG Still more docs at IESG Revised ID Needed draft-ietf-dnsext-dhcid-rr-07 Waiting for DHC WG output.

24. IETF 60 DNSEXT WG RFC since last time we met draft-ietf-dnsext-gss-tsig-07.txt (RFC3645) draft-ietf-dnsext-ad-is-secure-07.txt (RFC3655) draft-ietf-dnsext-delegation-signer-16.txt (RFC3658) draft-ietf-dnsext-dnssec-2535typecode- change-07.txt (RFC3755) draft-ietf-dnsext-keyrr-key-signing-flag-13.txt (RFC3757)

25. IETF 60 DNSEXT WG New work items Does this group mind if we worked on DNSSEC key management? Would need charter changes DNSOP relations and security folk input

26. IETF 60 DNSEXT WG More new work items We propose to work on “Zone Enumeration” Would need charter changes (task description) Requirements as first result After that we decide on approach

27. IETF 60 DNSEXT WG The Plan Slow but steady progress on getting documents from proposed to draft standard Clean up the “left-overs” Have the list of docs hanging at the IESG and expired docs reduced to NULL by next IETF Closely track protocol needs for DNSSEC deployment