Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / 112 / 11 Nov 2021
Internet Engineering Task Force / 112 / 11 Nov 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF112-DPRIVE-20211111-1200

Description

DPRIVE meeting session at IETF112
2021/11/11 1200

https://datatracker.ietf.org/meeting/112/proceedings/

A

Greetings everyone. This is the the deprived working group session for ietf 112., I believe we're sort of in madrid. If I remember the schedule correctly, we're gonna go ahead and get started. My name is brian haberman and I'm joined by my illustrious co-chair tim wisinski and I believe, sitting in.

A

I believe sitting in the audience somewhere is, is our uh our fabulous area director eric, so he can always keep us in line.

A

um Quick quick couple of notes here: uh jabber room, is pretty much where it's always been at the private ietf.jabra.org and we'll be keeping minutes in the um in the in the through the tools link. That's provided on the page. Tim is going to try and keep notes as much as possible, uh but we do have the ability for anybody else to jump in and help if they feel the the interest um to to make sure that we're we're getting all the correct action items and important points down for posterity.

A

Before we get started a couple of administrative administration slides the first one is the notewell. I think everybody who has been to an ietf meeting. You should be very aware of this and have read through these documents.

A

They include a number of of important pieces here, including the standards process, harassment procedures, anti-harassment procedures, copyright processes, code of conduct, etc, etc. So, if you have not read this recently, please go do so and we just promised not to have a pop quiz at the end. For these.

A

Other piece of administration we've been trying to you know push code of conduct guidelines that have been documented in rfc 7154. um You know a quick set of of introductory meta points for this. uh I don't think there's anything here. That is, you know of surprise we're trying to be as inclusive as possible and basing everything based on our um on our best engineering judgment and um and as tim indicated, uh you know, these slides came from from west hartaker.

A

So um thanks to wes for putting these together for this working group and other working groups that probably pillage you slide this slide at some point in time this week.

A

So um our agenda, you know pretty much a standard flow for the deprived working group. um Anybody who has updates they want to make to the agenda we'll solicit those in a second uh we'll go through some updates of existing current work and then we'll talk about current working group business and then we'll cover any new working group business that that's been brought to the to deprive.

A

If you really want to track, what's going on the data tracker link on the slides, will get you right to the deprive space show you all the documents and the progress of all those documents.

A

So for the agenda first couple of things we're going to talk about um are going to be. um You know some some cleanup of some work that we're trying to advance into the isg for publication.

A

uh That's the the dns over quick, it's been through working group last call and right now we're having a a side conversation about doing an early port allocation of a port 853 for uh for quick. The the issue we have here is that um that port had already been reallocated for dns over dtls.

A

uh Both the authors of the dns over quick and the workgroup chairs have been poking around and we don't seem to be able to see any implementations of dns over dtls and it is an experimental document.

A

So one possibility here is to actually mark this document as historic and then reallocate that port for use for dns over quick.

A

That would be an iesg action, but we would need to you know first discuss in the working group whether or not we want to move dns over dtls to historic, and I don't think we're going to try and discuss that here. We'll probably have this as a as a point of discussion on the mailing list, or if we have some time left at the at the end of the session, we could we could revisit this point if people want to have a an in-person discussion.

A

And then for the agenda, we'll we'll have um the uh the authors of the unoff, the authoritative, give their presentation on on what they've been doing. They do not have slides and so they'll just be talking to points that they want to make and then going forward. We're going to have a presentation from joey salazar on on some a new draft that they had.

A

They have not actually posted the ietf, um but they have. We have made the github repo available for for people to review.

A

And then ben is going to talk a little about a little bit about his ds glue draft, and then we have a set of drafts that were just posted to the mailing list that will be presented by brian dixon.

A

So at this point, I'd like to ask if there are any any people who who want to see it change the agenda either. You know a reorganization, add delete. What have you.

A

All right hearing, nothing then um first on the agenda is, I assume it's going to be paul to talk about the unoff to authoritative document.

B

A good morning, at least for those of you from the west coast, um so we have no slides and we were allocated 30 minutes, but we're going to use way less than that which is okay, because we would be. When I say we I mean peter, and I would be happy to have more time to talk about the next presentation from joey and dkg.

B

Basically, the status of the unoff to authoritative document is we posted the o4 draft about six weeks ago we announced it on the mailing list. We asked for comments, there's still a few open issues, especially with respect to how this might interact with a fully authenticated system, and we got absolutely no replies. So I'm not sure what that means for now, um but it either could mean the documents perfectly stable, which seems unlikely or um that the working group is thinking about use cases again, which would actually be good.

B

I'd like to see more thought put into use cases. um If the working group is happy with the current draft, with the with unoff to authoritative, o4 um and the fact that it uses svcb as the protocol for tracking- and we have just a vague mention of probing in there- maybe we want more or maybe the working group wants more. If that's the case, then peter- and I have talked about starting some interop testing the status currently is that it would be experimental.

B

But if we do a bunch of interop testing and developers and operators are happy with it, then it could probably start off on standards track.

B

On the other hand, uh the working group might want to go in a different direction, with a different use case, such as the unilateral probing that we're about to hear about, and so you know we wouldn't want to start doing interop testing and such if it looked like that the working group was in fact interested in a different use case and a different way to do things.

B

So, basically, we're waiting on working group input um and we've tried so far, and I think we've been successful at uh keep making changes in all in every draft forum. Based on working group input, you know we started off with doing just probing and the working group said no. We can't be doing probing because that won't work in parallel with a fully authenticated use case. So we included a fully authenticated use case. We took that out when there was a draft that started to describe the fully authenticated use case.

B

We took out probing and were using svcb, so possibly the working group's just getting confused with all of our changes that we've been doing for the working group, um but the status is we're waiting on working group input and that input could either be.

B

Please make these changes in this draft or um we're looking for a new way of doing things um and um such as the um the one that we're about to hear, which is just fine peter, and I both our desire here is not to have finished an rfc but to get more encryption on the internet and the best way to do that is to have a document that there are a lot of vendors and developers behind. That's our document great.

B

If it's a different document great, um I guess I'm pushing for a little bit more input, regardless of what it is and that's that's all we have until we hear more on the mailing list. There isn't much we can be doing so back to you, brian and tim, or if people have questions on this, that's fine, but again our preference, strong preference is always to be getting discussion on the mailing list, especially on a document like this, where there was strong interest in the use case, but also strong pushback against the use case.

B

Mailing list traffic is really the most valuable here for documenting what the working group wants.

A

Thanks paul anybody have any comments or questions for paul joey.

C

Thank you. I just wanted to say that um first, uh apologies, a personal level, because I have been meaning to get uh some input for this draft uh in the mailing list. I will get to it, I promise so in the meantime, I just wanted to say that at least from my perspective- and I believe that dkg shares it- and he will probably talk about this more when he presents- is that I don't think that is.

C

This should be a question of either or um I think that the use case, the use case that you guys are working currently on this draft. The unauthorized um encryption is, is good and like the development of this document shouldn't- or at least from my perspective, I wouldn't like it to be like trumped by the development of other use cases. I also think that more encryption internet is is the way to go.

C

uh So, um like my perspective from for about the draft that dkg is about to present is that we should simply talk about the different use case scenarios and and work on them, um and I think that as we move along or as we go down that route, we will simply get more clarity in either all of the use cases, or we will focus on one use case at a time and then uh yeah, that's just my perspective and I just wanted to to make it public. Thank you.

B

Great, thank you and- and I do think that us uh rekindling the use case discussion on the mailing list without it being about a particular draft, um would be good, um and I don't want to foreshadow the next document, but um just to be clear, peter, and I feel like that. Their use case is just fine, you know so um it it's not a one use case is better than the other. It's just our draft has evolved in a certain way.

B

Their draft is starting from um a certain perspective, um and but again we think that we've stated the use case for the current working group draft as clearly as we can we're really happy that they stated their use case very clearly from the beginning. It's not just hey. We have an idea of how to do something, so I would love to see more on that. Maybe the working group does want us to both go at the same time. We're happy to do that, um but we want. We need to hear from the working group.

A

uh Brian dixon.

D

Obviously, I'm presenting later in the session, um I think the only places there might be some concern I didn't apply yet on the mail list was because I've only just uh done. The work on the uh authoritative, sorry authenticated to authoritative proposal, and it would be premature to comment until actually, I have the uh the drafts uh ready to to compare um and that's really only just been done, plus uh getting feedback from the working group on.

D

What's in my my drafts, um the only place that I think there is concern and I'll address that on the mailing list is just the um the differences in signaling uh protocol wise uh that are probably not compatible completely or duplicative, um and it might be something where switching the the signaling method from sbcb to what I'm proposing might be something to consider.

D

uh What I'm doing the intent is to make it very quick and easy to pass and adopt so well, we'll see we'll wait for feedback from the group.

B

um And again, yeah. Thank you. Thank you, brian. But again the working group has to decide whether a use case is that the unauthenticated um uh use case needs to be in aligned with the fully authenticated use case we had. We currently are doing that because the working group asked us to do that about nine months ago. So the current draft has has that alignment as part of its use case, um but then the interest in the fully authenticated fell off, at least from the the document authors.

B

So the working group needs to decide whether that alignment is important or not. If it is, it changes a lot of things um in the protocol. If it's not as important, then it frees things up, and I and again we're going to see that in the next presentation.

B

My great thanks.

A

uh Eric.

E

Hi paul, I I wouldn't characterize the situation quite the way you just characterized it. um I know you started.

B

Very excited, I'm using the information in front of me. Please.

E

Give me please give me more sure, um I'm about to um uh I wouldn't say interesting news from the document. Authors, I would say, interest is remain constant. I would say my estimation of like how likely the working group to be interested in doing this has fallen off, and so my interest in community fight about it has also fallen off so um like based on this discussion, with um based on based on how ben's draft is received.

E

um My interest may revive, um but um like, as I said at the very beginning, um I'm interested in doing something here, but I'm not interested to spend the next five years of life arguing about it and so to the extent to which the working group wants to do something I'm prepared to like do that work, but I'm not interested in spending a lot of time trying to sell the working group on it, which is a position from the beginning so um so like since now, I think we're clear on the situation for the authors.

E

Okay, thank.

B

Yeah and and very fair point is that that you know we had some good input on your draft and then it fell off. And yes, there is the question of and peter, and I are feeling this as well of how much are we supposed to be selling? Is it worth worthwhile doing the selling, and I totally hear you on the not wanting to spend time on doing selling so great.

A

All right, so I guess the question. I have yeah. Sorry, sorry go ahead, brian, oh sure, sorry, paul yeah! I don't see anybody else in the queue, um so I so I think, there's a couple of different ways that I could see going here and I'd like to get your opinion on them. You know one is is to do a working group last call to make sure that people are at least happy with what's been specified in the document today, but I think at that point it would be.

A

You know, essentially using a process from other working groups where, if we're happy with the version that goes through, that working group last call, we would just mark it as ready for experimentation. It wouldn't advance.

A

We would just keep it in a steady state and mark it. Some way that it's um it's the stable version for experimentation, um the the the other option would be to uh then um the other option would be to to hold off on doing that kind of working group. Last call and do more of that use case discussion that you've talked about.

B

Do you.

A

Have a brian.

B

And, to be fair, that you talked about very early on we're following your lead on trying to do that.

A

Oh no, no right, I'm just saying with what you mentioned today is where I was going right. um You know my concern there is is that you know we seem to have intermittent interest from other working group participants to do that, and so I'm just curious. As do you have a preference for one of those two approaches as as an immediate.

B

Next step um I'll speak for myself and maybe peter will get in the queue I prefer, the second one. I prefer that we don't say that this is finished uh for two reasons: one is it only vaguely hints at the use of ds glue and we haven't gone far with ds, glue and such like that, or some ds glue equivalent, maybe some of the stuff that brian's going to be presenting.

B

So I don't feel that we are actually complete. I don't think that we are even complete with the stated use case, so I would prefer more use case discussion um that peter and I can track and stick into the document and again the document's sort of waving around, depending as the working group goes, but we're okay. With doing that, I would I would prefer that than to have anyone, see a stable document and feel that they were supposed to be uh implementing from it.

B

Given that there are known holes, you know I I I don't want to say it's stable with holes that that feels weird to me. I don't want implementers spending their time on it.

A

Yeah, that's that's fair and I appreciate that that view of the of the state of affairs tim.

F

Hi thanks thanks thanks brian thanks paul. um Would it help us- um and maybe we can get our 80 to weigh in if we had reviews from some of the other directorates on the document like now, while we sort of go through the experimentation process just to see if we're covering all our security bases or things of that nature right, um it's just more of an open-ended question right. I don't know.

B

My personal feeling is my personal feeling is no, because um what you're asking is is the um is what is specified there uh correct and good enough and, like I said, it's got holes because the working group has had holes so for the same reason I don't want to have implementers spend time on something that might change. I don't want the directorate to feel like that. This is something that they should be evaluating. If we know it has holes because the holes as they fill in will certainly add security properties, I mean I don't want.

B

I don't want a sector review that says this obviously has holes for security properties, because we know that at the current time.

F

Okay, thanks paul yeah. I get that.

E

Eric I mean, I basically, you know paul and I think different about the best technical approach.

E

But I agree upon on the procedural point like the underlying problem is that the working group has not come to consensus on what it wants and like, and so we have a bunch of proposals with sort of like various kind of like male levels of support, um and you know and not much implementer action or or I think, uh progress towards consensus on on the overall approach and like I think you know, we both in our own, our own ways, attempted to like whip some of that support and and then not really succeeded and- um and um so I think you know like, I think we understand pretty well what pulsar is all like.

E

I think, like also, I think we understand like pretty well what it does and what security properties are, and I think, like you know, like there's a. I think you know that that that's much clearer than any of the financial authenticator proposals. Obviously, but I think, like you know like the like, the question is: what is the work we want to move forward with?

E

As like the place where it wants to like focus its effort for the next year or so in terms of like in terms of like in terms of like you know, driving both specification and rollout, and I think until we decide that like trying to get like any trying to like run the ietf machinery of, like you, know, publishing specification we'll have the same sort of like well. What well you know we'll we will be positioned in in five years of being like do. We would deprecate the port.

E

You know that would detail us now we deprecate the port that we, like all things like like a new thing or or or the thing. So I think that that's that's like, like the other way to go. It's like we gotta like get to a point of consensus, and I don't know like you know, or I think the clear failure by the way would be also an alternative.

E

um You know, but I think like that that and I I had a better proposal I would on in terms of like how to get there, but I think, like the chairs needed to craft some sort of way to like get us to that consensus um or to declare failure.

A

All right uh thanks eric, so so what what tim and I are going to do is we're going to go off and probably huddle with the um with with eric to discuss ways to try and get this discussion facilitated in a way that gets us to a point where we can actually determine whether or not there's consensus on on any of this stuff, because you know both paul and and eric are right. You know, we've been we've been around on these.

A

You know for a bit over the last few years, and, and there are pockets of support for different approaches and- and I don't think the working group has a clear consensus on on any one or two things they want to work on so we'll we will um we'll figure out a way to facilitate this discussion going forward.

A

All right um next on the agenda is uh dkg and joey to talk about their new draft.

G

Thanks, um I uh so are you you're running the slides brian? Yes, great um thanks so uh joey and I wrote this draft. um I would run video, but last time I tried that my ancient laptop uh started crapping out on the audio, so I'll stick with audio for now. um So I'm going to present this. uh This is joint work with with joey, um and this is an unusual sorry that we haven't posted this directly to the data tracker.

G

uh We sort of missed the the cut off and then uh I guess we could have start done at the beginning of the week, but we'll do it shortly. um We have a link to a gitlab repo people can follow here. Next slide, please.

G

So. The goal here is to talk about this unusual draft because it's actually describing no protocol elements whatsoever.

G

It's describing internal state and proposed guidance for implementers for how to unilaterally probe from the recursive authori recursive resolver to an authoritative server and what so the reason that we were uh interested in like what does this actually look like is kind of because we wanted this um opportunistic mechanism to get out of the way of something that gives you stronger guarantees in particular, we want to say, like imagine, you were a dns, authoritative server.

G

What should you do if you don't want to risk things getting locked down? If you don't want to risk, you know breaking your setup. What can you do that would be relatively safe to do without coordinating or signaling to anyone else that you're doing it and likewise for a recursive resolver?

G

How could you probe as you're, doing authoritative, queries and end up contri encrypting, the bulk of your traffic? Even if it doesn't mean 100 protection and it doesn't mean protection against active attacks? How can we reduce the visibility to a passive monitor, and we want this, this proposal to really be out of the way uh and not interfere with or or provide sort of, conflicting guidance with a more robust approach, along the lines of like fully authenticated, um potentially with hard fail um and what's interesting?

G

Is that if we do this, uh it actually gives us some insight into what we think the signaling should look like for um uh for the stronger uh connection, the stronger uh encrypted and authenticated connection between the recursive and the authoritative.

G

So the line I wrote in here is that you know raise the floor without lowering the ceiling. What can we do to just get more of the traffic protected against the passive monitor without getting in the way of the stronger connections? Next slide, please.

G

Okay, so if we start a new probing, what are the things that could go wrong? The draft tries to figure out what we can do to minimize certain bad things right. So we don't want to see. Dns query suddenly become much slower. We don't want to see the recursive resolver consume. You know a thousand times as many resources or the authoritatives. We don't want to see them flooded with annoying overload.

G

um We don't. We certainly don't want to penalize resolvers, authoritative, servers that adopt these things, and likewise we don't want to um we. Don't we wouldn't want a recurser. That's doing this probing to degrade its service to to in other cases, and we certainly don't. We also want to minimize the amount of data that we accidentally leak.

G

So you know- and you know I'm mindful here- that star tls when we introduced it to smtp and imap. We didn't have a good roadmap out of that, and it's taken us many many many years far too long to go from start tls and those protocols to stricter transport.

G

So we want to make sure that we don't you know lock in uh potentially against protection against passive attacks. That's still vulnerable to active attackers.

G

So those are the those are the concerns when you're trying to think about how to do unilateral probing, at least the concerns that we came up with, hopefully other folks in the working group. If they have other concerns, we'll raise them next slide. Please!

G

So let me just go into what the draft suggests as guidance for the different servers involved. We basically say if you're an authoritative server do what you can and here's what you can do: listen with dns over tls on port 853 or listen, uh sorry and listen with dns over quick on udp port 853.

G

We just recommend that you do those things. There's no reason not to do them. You don't need to worry about how you authenticate. You can just offer any old x510 certificate, and if someone comes to you asking for sni, you don't really care just respond. It doesn't matter what the s is.

G

um We looked at asking the authoritative servers to opportunistically offer do on port 443, um but if we did that, we need to specify what the path part of the url would be and we didn't want to like make up what a standard path would be for dough, so we just kind of uh left it at dot and doq. If folks, I think that what we specified in the rest of the draft will actually work fine if we throw doh in there as well.

G

If someone wants to choose an expected path, but we didn't feel comfortable doing that, so we left it at dot and doq for now. Next slide, please.

G

So. The guidance for the recursers for the recursive resolvers is uh significantly more uh detail than the guidance for authoritative resolvers, because the recursers are the ones that are where it's really on them to do.

G

The probing um right, the authoritatives just sort of have to offer it and then the recursors can try, and so what we've done is we we've outlined um what we think is a reasonably complete specification for the type of internal state, that's needed to probe for dot and or doq based on the authoritative ip address, so note that this probing is done by ip address, not by ns name.

G

It's also not done by the zone that you're looking up. The probing is entirely like hey. When I connect to this ip address. Can I make the connection work and that ends up being playing a role in how this interacts with uh the authoritative servers?

G

Sorry, the the str, whatever the stronger proposal ends up being. um I I want to note a similarity here that this has to the happy eyeballs guidance. So this is not novel for the itf. Isn't it's not like recommending implementation guidance without specific protocol changes is a totally novel thing. The ietf has recommended some happy eyeballs work for ipv4 and ipv6.

G

Obviously this is not exactly the same as happy eyeballs for ipv4 and ipv6, but it's a similar type of guidance. It says: hey, uh you know, try these different channels at once. If you get one that works, here's how you should prioritize the one that's working, um so we map out like a specific set of internal state. It's relatively minimal. We don't think it's a big burden to implement um and outlines how to update that state. Depending on what you encounter on the network next slide, please.

G

So um we have a set of parameters. These are probably supposed to be. The easiest thing would be to make these global parameters for your recursive resolver.

G

You could again, this is unilateral, so you're not negotiating this or publishing it anywhere. These are just parameters that you might need to write down someplace, and maybe you want to offer them as configuration parameters tunable by the administrator.

G

Maybe you want to have distinct parameters depending on the zone, the ip address, or the name server that you're looking up, you could do those things. I think the simplest approach and the goal here is to provide a simple recommendation if you just have this as a global parameters for their cursive resolvers right. So we want to know how long do you remember that you had success at making an encrypted connection that we call that persistence?

G

We want to know how long you avoid retrying uh encrypted transports once you've found that none of them work, um and we call that damping and then we want to know you know if you're trying encrypted transports, because you knew that they were good and then they start to fail. We want to know how rapidly you fall back to your text transport, and so we call that timeout.

G

So those are the three different parameters that we think you need as a baseline to make this algorithm work uh next slide.

G

So um I'm not getting into the exact steps. The draft actually outlines fairly detailed like what do you do when a connection fails? What do you do when you run out of resources? um uh How you know, how should you try them in a happy eyeball sense? You open the connections all at once. You see what one comes through.

G

The clear text will probably give you a response first, but leave the um you know, leave the attempts at encrypted transport open to make sure that you have the connection um it gives you guidance on sort of all of those steps. I'm not going to go into detail on what that guidance is. I hope people read the draft and correct the things that joey and I have missed um or places where we might have gotten it wrong.

G

um You know the implementers uh people who who have existing recursive resolvers could look at that and tell me probably um no, no you uh you forgot this particular failure. State we'd love to get that kind of feedback, but one of the things that outlining this does is it sort of gives us a clear sense of. If you wanted to signal which this draft does not do.

G

What would you need from the signal to do better than this draft um in particular, so we were looking at the stuff that paul that paul hoffman wrote and we we we looked at it and I think we were saying basically once we're doing this kind of signaling.

G

um We think you can do better than um unilateral probing and the things you need to do better are not signaling hey. This thing is available because the way that you signal hey this thing is available, is you just make it available right?

G

It's just as easy for me to make one query to the authoritative server on port 853 or two one on tcp and one on udp um and get an answer. Is this thing available? What we really need from the signal is an indicator by the um by the zone operator. That says we do expect uh encrypted transport to be running, and we, when we expect you to be able to authenticate to it.

G

We here's how we expect you to authenticate okay and here's the thing that you need to authenticate now we might decide that you don't need to explicitly mark this in the signal because you might decide. For example, it's only going to work with x 509, it's only going to work with the ns name rather than zone the zone name or something like that, um this, whatever we define for how the signal should work needs to answer these questions, um but this is information that we need.

G

We need another one, more slide, full of information that I think we need from from a signal next slide. Please.

G

I okay and so most critically here we need to know whether the zone operator or the name server operator, depending on where the signal gets placed, whether whether a hard fail should be in place by the recurser.

G

Now, of course, we can signal we'd like you to hard fail um if you connect and you if you try to connect and authenticated strong encryption is not available um and existing resolvers simply won't hard fail uh and that's understood right, but we can signal that we want a hard fail in the same way that, like mta, sts or hsts, says don't bother connecting in the clear text: I've I've committed to this authoritative, resolver being strong.

G

This is but this is about like let's think about this from the from the outset here, so that we don't get into another start tls situation where we have a decade go by before somebody says: let's avoid the active attacks and then additionally, we probably also want a signal that says if secure transport fails.

G

Let us know now note that that's distinct from hard fail. um You might want to um initially say: don't hard fail as an authoritative and just collect reports from people that says you know hey I tried encrypted. I tried to do an encrypted connection. That was authenticated and I didn't get it so it looks a lot like tlsrpt. Then I see you in the queue I'm happy to hear your feedback.

G

All right, no I'll, wait. Okay um next slide, please.

G

um So if we think that a signal could have the types of details that we just outlined in those two past slides, the next question for unilateral probing is: how is this going to interact um uh the? How is this going to interact with the strong with the strong crypto, um so the signal that we get for strong crypto is likely to be bound either to the domain that's being queried or to uh or to the name server name, but the probing information that we have is bound to ip addresses.

G

So there's kind of an interesting, slight impedance mismatch here um between the like, basically as we're doing the probing we're collecting this information and remembering it about different, authoritative, ip addresses that we connect to and those are so that it doesn't quite match up with where we expect the signals to land, because I think, while we have talked in this working group about signaling being attached to the um the reverse lookup that is the in adder zone, uh I don't think anyone seriously thinks that that's a feasible approach.

G

So there's a weird impedance mismatch. We have to think about there um and then the other question is like if I've, if I've, if I get a signal, should that signal also update the probe information that I've got and if so, how?

G

So I'm raising these questions, because I don't have any answers for them, but I think thinking about it with this unilateral way encourages us to sort of work through those problems um I see brian and eric in the queue I'm happy to take you questions I realize there's been some stuff going on in the chat that I have not had a chance to read. While presenting brian, you want to talk.

G

I saw briefly that brian um turned on his audio and then I didn't hear anything it didn't.

D

Quite pick up, um I said: uh go ahead uh or I'll get out of the queue. uh I'm I'm happy to wait for the end. I think the rest of your presentation may be have information that I'll be commenting on.

G

uh Okay, so I see a cue is lining up this, this uh presentation and this paper I think, joey and I both intended this as a provocation. So the fact that we have five people in the queue uh suggest we may have succeeded.

G

um Yes,.

A

So daniel, why don't you just go ahead and finish your presentation, then we'll we'll start working on the queue. Yep sounds good. Okay! Next slide, please.

G

um So if we get a signal again uh so so one thing that we noted, as we were sort of sketching out, what this uh unilateral probing would look like was that uh the probe doesn't need to send sni, because it's not gonna care. What the authentication looks like it's going to do a connection and if the tls handshake or the quick handshake ends up working, fine, we're good. We protect it against passive attackers anyway, but a signal connection might send sni and that itself might be a privacy leak.

G

So there's some interesting interactions there um and then we have this final sort of thought. Experiment is: is there some situation where a signal connection would succeed where a probe fails? The only thing I could think of when I was trying to like work through the problem. Space was a situation where the signal connection does send an sni and somehow that allows the server to offer a connection.

G

um The the authenticated server, the sorry, authoritative server, to offer a connection that it wouldn't do if no s I had come in, um which is why we gave the guidance that um authoritative servers should ignore sni uh when they're offering these things. That is, if sni comes in, don't if you get a probe with no s, I don't abort just because you can't figure out what the name is just serve any old certificate or identification, but maybe there's some other situation where signal connection could succeed where a probe is failing next slide.

G

So uh I'm not going to get into the details about what the other drafts are. Obviously this touches on a bunch of them.

G

There's more that haven't even been mentioned here, we're hoping that this stays out of the way of the drafts that actually do specify protocol elements, we're just saying: what can you do if you didn't want to do any active mechanisms?

G

But you know if folks, who have been thinking hard about these other drafts, want to weigh in on how to improve this unilateral step. That would also be great next slide. I think that's it uh right. So there's the get lab link. um It's in my personal gitlab account. We will publish it to the data tracker shortly. uh I think we have provoked a queue of seven. So, let's get to it, uh I recognize that ben is at the tail of the queue, even though he was the first one in the queue earlier.

G

um Well, let's just.

A

Let's just work from the top.

G

Yeah.

A

So brian dixon.

D

It's definitely interesting. um I think um it'll probably be the case that uh aligning it with any of the dedicated uh signaling mechanisms, uh probably advisable modulo response from the working group to those proposals.

D

um But the other comment I have- and this comment is actually applicable to both the the probing and to the unoff uh as well as uh any any other related uh proposals is um at least on my proposals. It's what's being proposed is the how, but uh what is left unanswered uh is the uh when uh right now it seems to be the case that uh especially uh both the probing and the unoff case, uh it seems to be an all or nothing, and I don't think authority.

D

Server operators are going to be happy with that or are going to be likely to enable um encrypted connections if all the traffic is going to go over that all of a sudden, I would be interested in soliciting suggestions from the working group on ways that a client could signal to a resolver that it wants um privacy on the upstream queries from the resolver to the authoritative so that it can reduce to the absolute minimum. The traffic that is authentic is encrypted so as to not overly consume resources, I.e.

D

If, if you can minimize the resource consumption, you can get the thing that you want, which is encrypted transport for sensitive queries, but you avoid consuming resources on all the queries that aren't sensitive, um whether it's something so.

G

Sensitive.

D

A signal I understand, but uh that that's sorry go ahead.

G

No, I think this, I think, that's a that's a really interesting point. uh I think you and I might disagree about what the goals are here. um Ultimately, my goal here is to get as many of the precursor to authoritative uh traffic, that's flowing across the network to be encrypted, so um I am not contemplating uh at least this draft explicitly does not contemplate the idea of marking specific queries as sensitive um it is. It is strictly about getting as many queries to be encrypted as possible, and I want to.

G

I want to just point out that I think this draft actually does provide the kind of signaling you describe the signal that I send to an authoritative that says I want privacy on this query is, um is I I open a connection to port 853, or maybe I open two connections to port 5853, one on tcp and one on udp, um and if the authoritative server decides, I am out of resources and note that this draft actually explicitly contemplates the resource overload situation.

G

um It says, stop answering you know if you as an authoritative server, can't afford to answer encrypted queries, then stop answering on port 853. Just send back port closed, that's the cheapest thing you can possibly do, um and so so, while I agree with you that we want the the clients to do something explicit so that the server knows they want encrypted connections, I'm pretty sure that just making the connection seems sufficient for that.

G

Now, if you think, if you think that we can't have my the motivation for this draft is a world where all recursive to authoritative traffic is encrypted. If you think that is not possible, if you think that authoritative servers will rebel and refuse to offer it, then we have a whole different set of thinking to do. I think, as a working group, but the goal here, in my opinion, is to have all of the recursive to authoritative traffic encrypted.

D

Okay, so um I realized you know: itf were participating as individuals, but my day, job is with godaddy and we run authoritatives for the bulk of the long tail of domains, and I can say for absolute certain. There is no way we could accommodate uh with our current uh infrastructure or even our proposed expansion of infrastructure, all queries coming over tls connections or even over tcp connections.

D

uh It has to be.

G

What about.

H

Over small connections.

D

The same same deal, um the the state that's required and the the overhead, um even with establishing connections- uh I I'm pretty sure we will do experiments for sure, but- and I don't think the signaling would be between the recursive and the authoritative. I think the signaling would be from the client to the recursive, the recursive choosing, whether to use an existing open connection for the query over dot or doq versus sending it over udp or tcp.

D

There are other mechanisms for associating domains with uh uh encrypted or not using the name server names, because a name server can have multiple names at the same ip, uh but this is this is this is getting a long way down the discussion, but I think that that needs to to start the conversation needs to start in terms of. Is there a way to do this and how?

D

Okay? I should get into the queue now.

G

Okay, thank you, brian. I think this is a really interesting thing to raise right.

G

I mean, I don't think I've heard this in any deprived meetings before that authoritative simply would be unwilling to accept encrypted connections um like unwilling to turn on encryption uh I mean maybe- and maybe the answer here is that's true for some authoritatives and those authorities will just have to send port closed responses on port 853 until they get their infrastructure spun up, and that's one way that you can differentiate between authoritative hosting providers or not eric you're next, in the queue.

C

um I just wanted to be american that maybe.

C

Okay, sure, is this better perfect? Thank you all right, thanks um yeah, that maybe what we could add is simply uh in the authoritative uh servers recommendations, part. It could be some sort of sentence explicitly mentioning what you say: tkg, that if an authoritative server is faced with resource exhaustion or something uh then the the cheapest way to signal that would be simply by closing the ports. um I say this in order to like keep uh consideration to what brian said, and also with the understanding that that should not.

A

Hinder.

C

In any way, the the development of these uh use cases and these scenarios, in my opinion, if that makes sense,.

G

Yeah, we actually do have a section um called resource exhaustion uh in the draft that that's uh under the authoritative server guidance, and it basically says hey if you have insufficient resources, um I think the sentence is an authoritative server facing resource exhaustion should cleanly close, open connections from the result resolvers based on the authoritative's preferred prioritization, and then it offers a prioritization scheme for how to close existing open connections um and suggest that, maybe you just wanna, I I think it does not currently say stop answering on encrypted connections.

G

um We should probably add that you're right.

G

uh Next, in the queue.

E

Presenting this, um this is rather more rather more careful, workout than perhaps necessary. um So so thank you. um um You know. uh I originally wanted to talk about the sort of like the the issue of sni and like labels and whatever and scoping for the hscs type mechanism, but I think, like brands, comments, I think, like forced us to step back right. um You know like I I I had heard what you just you used to research that dkg that you hadn't heard anybody say like. Oh, we just want to donate this at all.

E

I heard that before um I think perhaps that is where I work, which is like all the work that you and I you and I and ben and paul and peter have been doing because they've been premised on the idea that we're trying to get like more or less universal.

E

Like you know encryption, you know tls from the from the requested right and if the story really is that, like the people who are in the authoritative are uninterested in like delivering tls um then like we can just like all pack it up and go home and like that, will save like an enormous amount of effort like on all of our parts, um and um you know I.

E

I don't think that like trying to like say like which- which, like I don't think like, if like, if like the if the the prize at the end of this, is like that the clients get to label like one percent of their queries as sensitive um and like those getting encrypted like that. Just does not like that. That's not just worth the squeeze so um uh so so I think, like you know um now, I I must say I'm like quite surprised to hear that people think the load is excessive.

E

Like I mean compared to like the load that, like you, know that, like a modern cdn takes, this is just like not like a trivial important amount of data, which is why I, like all these people, are offering free. You know, while these people are offering free gis like those services but um but like, if that, if the people I think about anybody want to do so, then like that's the place to start not not just sort of spend like endless hours, trying to find like a new way to like do something.

E

Nobody wants to do. um So. I think that that I would definitely encourage, like the working group placements on that topic, um which I think circles back to this point I was making earlier about my draft impulse draft, which is like you know like we should like. I think we have like a broad understanding of like what the solution space looks like and if I can, and we ought to figure out what pieces loosen space people like are actually willing.

E

The players are actually willing to do and if I and like only focus on this, but on my pieces that are relevant, so I guess I would definitely see some people queuing up, which is great. I would love to hear like people who operate, authoritative, servers, um you know, um you know say you know we will. We would not be willing to do like like we would be interested in something which, like leads us to like universal encryption from like authoritative, represent.

E

And I'll take my comments with s and I separately like some to the list or get up or something when, if they become relevant.

G

I am definitely interested in your comments on sni ecker, uh but yeah. I I hear you. um I wanna also note that this draft actually doesn't um there's nothing stopping anybody from just implementing. What's in this draft the whole.

C

Point of this.

G

Is that it's not about any sort of handshake or like if you, if you run a recursive resolver, you can just start doing this. um Likewise,.

E

Yeah running authoritative, I I just selfishly want your intellectual effort on something else: it's not before no one's gonna. Do this um um the um uh I do wanna say one more thing um actually, which is um you know, brian suggested that, like um you know that uh uh servers um that, like the the clients should like somehow they know like I want this or not. um You know like cert like it.

E

We don't need a mechanism for servers to gradually roll out support for this under the in the design you pose like they can simply stochastically send por sprayport closed some to like some fraction of the ip addresses, um and that is like the cheapest way for this to be done. um Trying to like build some sort of gradual internet. Why gradual element is not a good plan um like just like just like you know, just like select a ipad address range and return. Okay versus port closed.

G

Peter.

I

Hello there a couple of comments. uh I I like this draft, but paul already mentioned that um one of the slides said tls reports. There is a draft from roy irons for doing dns error reporting, which might be of interest. Although I can see the trouble with doing dns error reporting in dns.

G

Right.

I

Dkg, can you go to slide five? Please.

G

uh I don't control the slides, but I'm happy to see it go to five. Oh there we go.

I

uh This says the draft maps out the internal states. I found that the internal state it starts from is severely different from the internal state, our resolver and also in general. I feel the draft is too prescriptive in this area, but that's all fixable in editing.

I

uh I would love to edit yeah.

I

I guess we'll have a few other conversations before we get to fixing that like do. We even want encryption everywhere, as discussed before the queue on the sni note. I believe that the content served by a name server should never depend on the sni, but indeed sni might make sense in some authenticated scenario.

I

Yep and finally, uh several people said this today. Several people said this in the past. If a name server does not want to serve some encrypted transports, it should just return. Tcp resets when I proposed this earlier brian dixon told me that would be too expensive I, but I don't know what to make of that.

I

That's all I had.

G

All right, thank you, eric nygren, I think you're. Next, maybe eric and peter can drop themselves from the queue. So we can actually see the queue get shorter.

J

Yeah, um so as a operator of a large, um authoritative, dns platform, I think one our one of our or probably our top uh priority is availability and stability. um So I think this goes to what brian said earlier of of being able to control, what's going on with, clients um is critical and change and change.

J

Safety is one of those things because of availability that has a that is also critical, so being able to roll out changes safely and understand what behavior they have um is is very important, and I think what this comes down to is that we really need to be careful within this space if we do want to get to the having as much of this encrypted as possible in the long run, is not poisoning or well in the short term- and I haven't read this draft yet, but I think this I, the idea of laying out some ground rules of, if you're going to do it um probing um here's how you might do it would actually be helpful there, especially if we talk about how not to do it, because one of the things um just as a concrete example, most large scale operators have um behind a single ip address, will have a pool of tens to hundreds to thousands of servers beyond that single ip and are going to roll out changes very, very slowly.

J

Incrementally so only one or two servers that pool might start off have having um a a dot or a dock. So we'll want to think about how do we communicate that?

J

And how does that interfere with kind of a scheme like this like if you, if, if, for example, introducing um a docs onto one eye object kind of one back end caused a bunch of clients to now start having timeouts, because they discovered in the probe but then got mapped to it, occasionally mapped to a different back end which and then started having timeouts that would prevent um actually being able to roll out to the whole cluster, because we'd start seeing hey, there were timeouts here but and then there'll be no way to actually do the rollout so kind of the the.

J

If we just need to make sure that any probing mechanism we we deploy or we let people other people encourage deploy, doesn't mean it says that we don't have a way to deploy a fully authenticated mechanism longer term.

G

Thanks eric, that's a, I think, that's a really good point and that you know that's. The goal of this proposal is to try to flesh out what we think would would achieve the results that you're describing. um I don't know how often the remapping that you're describing happens. It probably depends on the particular infrastructure provider, um but I agree with you. You know. Maybe maybe the answer is we want to fiddle with the default. Timeout parameter, that's described in the draft.

G

The draft does you know joey, and I tried to think about how do we make sure that we're not really overburdening um providers that don't want to roll something like this out, and maybe we need more guidance on the authoritative side to say: hey if you're, you know, if you're going to try to do phase rollout, do your you know: do your phase rollout on the basis of like partitioning the ip address, client space, and we need to tell the recursers um you know: don't share this state across multiple recursers that are querying from different ip addresses or something like that um anyway.

G

I I appreciate your insight on that and I would love uh suggested uh text um or proposals that would that would make this probing um guidelines, something that would encourage and facilitate deployment. Thank you.

A

uh Jim you're up next.

G

um I'm not hearing jim. I.

A

Am not hearing jim either.

G

uh Maybe we'll skip jim for now stay in the queue jim. When you get your audio issues sorted out, we'll take ben next.

H

Hi hi ben.

G

Okay,.

H

Quick notes: uh I am aware of real offside interest in 100 encryption, not like name conditional. um I I know auth implementers, who believe that this is totally deployable and wanted to play it. So please, please make it possible. um I don't think the impedance mismatch you mentioned is a real problem. uh I just kind of think that you'll you'll check, if you can do the, uh if you have the authentication support and if that works, you won't even get to the stage of checking.

H

If you have some cached hint for opportunistic, uh as as was mentioned before dns error reporting is, I think, actually a perfect fit for telling authoritatives whether tls is working.

H

We just need to make sure it fits, but I believe it does. I don't think we need an sts signal, as you mentioned. I think the existence of unilateral probing here makes that sts signal unnecessary.

H

Instead, we should just say that if you create an explicit signal, uh you know if you, if you, if you publish an explicit signal declaring that you support a dot, then you have to actually support a dot uh and.

G

So then, hang on a second can I can I just respond to that. One point: I don't want you to make a bunch of good points and then I forgot, which ones to respond to for that one in particular.

G

um The one non-strict signal that I could imagine saying is that I do want error reports right like I could imagine if I haven't, if I've got an authoritative and I haven't deployed adot, I don't want to get my dns error, reporting stuff flooded with information about how hey my authoritative, encrypted transport isn't working.

H

Okay, that's a really interesting point. We yeah we'll have to figure out um how to say what you want error reports about, um and last I'll just say. We I'd like to be very clear that that resolvers using this must omit the sni.

H

Thanks.

A

Jim reed, back again, brian.

G

Oh jim was that jim.

G

You're sending audio but we're not hearing you.

G

uh Brian dixon want to go while jim still sorts out his audio sure.

D

um Yeah, I just want to make clear that we definitely want to provide the ability to do encrypted transport, so my suggestion that it not be 100 is not that we don't want it to be a hundred percent. We don't, I don't think we'll, be, uh have the facilities to do that and the problem with all or nothing if that ends up uh consuming resources, that it ends up being nothing.

D

I think that's not to the benefit of of the the efforts here or to the group if, if it's a resource consumption thing not being greedy, not having resolvers that are greedy and consuming all the resources is an important part to make the analogy between udp and tcp. uh Udp allows you to be greedy. Tcp has back pressure through.

D

You know um the the retry and things like that that let let the you know the available resources uh align with um the the demand for those resources, um but since dns is effectively stateless, uh whether it's over udp or whatever, each query and answer consumes whatever amount of resources it takes.

D

That's why I'm suggesting having some method of effectively providing self-control on the resolvers would be to the advantage of all the resolvers, rather than just a few keep in mind.

D

There are about three million ip addresses that are seen by authoritative servers that are resolvers, legitimate, resolvers, so the the balance of resource consumption, if it's not possible for the resolvers themselves to self-control uh what amount of traffic you're sending they're gonna have the effect of of um you know the people who actually need privacy from recursive to authoritative uh if it's not available, because the resources have been consumed.

D

That's that's really um that, from my perspective, uh as as just a working group participant that doesn't seem to align with the the intent- and certainly I remember earlier- um uh I may have been in this group or may have just been in conversations in the hallway the intent of definitely uh client-to-resolver all.

D

But it was not the case that uh resolver to off all uh encrypted uh as being a request requirement uh for what dpriv is doing and that to me at least seems to fly in the face of what previous expectations were. And I don't I don't. I don't know. I don't have an answer, but I think that's something that needs to happen in terms of discussion. Thanks thanks brian.

G

I I think I agree with you that it would be a shame if greedy clients caused the ecosystem to refuse to adopt um and that the the goal of this draft actually is to describe mechanisms. You can do as a client to to reduce the amount of greediness and also to sort of give authoritative server operators the guidance that they need to say: hey yeah.

G

It is okay to prioritize my clear text traffic while, while my resources are constrained, um so if you have specific suggestions for how to ensure that these things are less greedy, that don't involve the stub saying to the recurser hey, this is a sensitive query, I'm all for it. The reason I'm concerned about stub signaling to the recurser like hey. I need this query to be private. Is I have I I honestly cannot imagine end users making that decision in a way that makes sense.

G

um The trouble with these with these leaks is that they are privacy leaks. We don't know when something is going to turn out to be private. um You might only learn later, uh even even if you could distinguish between things that caught queries that cause harm when they're leaked in queries that don't you might only distinguish between that.

G

After the fact, um you might never know that it was a problem and I think, introducing some new mechanism that asks dns clients to to bin their queries into sensitive queries that need encrypted transport between authoritative and and recursive and queries. That, don't is just pretty implausible to me and if the goal is a wide scale deployment, then we need to think about how to do that wide scale deployment without introducing that kind of signaling.

G

So if you have suggestions for the draft that that help make things be less greedy and make it less scary for for deployers on either side, I please please contribute them. I really appreciate your insight. There.

D

Sure- and I I would uh just offer two two more comments along those lines. One is, uh it might be the case that it's not on a per query basis, but on a per client basis, so there might be some small percentage of your clients that have to have privacy if those queries are coming over encrypted transport from the client to the resolver. uh The the existence or non-existence of the request to be have those queries be uh treated as sensitive would not be visible to a an on path, observer or off path.

D

Observer, passive observer, uh because that traffic being encrypted um allows for you know whether it's a per client basis as opposed to per query basis, uh but something along those lines would be valuable. uh Sorry, I I'm gonna, I'm gonna, add one more question. uh uh Suggestion.

C

Then I'll drop off.

D

Yeah, the other uh thing is, I I would see actually um with uh the probing.

D

um I think you do want to do sni strictly because of the the potential for authority operators to use different names uh and offer uh encrypted transport only on a subset of the names for a particular ip and that that's what our plan would be thanks.

G

uh Thanks, so let me just so. This is interesting. We just had one person say, uh must not send s, and I, and we just had somebody else say you know, should send sni or maybe even must send sni. So that's something that we'll need to sort out. um As far as your point about uh this being a per client rather than per query configuration your description of that, and maybe this was not exactly what you meant to say, but your description was if a client must have their queries encrypted.

G

I want to point out that this mechanism is a failure for any such requirement, because this mechanism does not defend against an active attacker. In fact, it doesn't even defend against a resource, exhausted, authoritative server. There will be like this mechanism is designed to fall back to the clear text. So if you have, if we, if the recurser has a signal from the client that says um my queries must be encrypted from recursive to authoritative leg. This mechanism is the wrong mechanism to do that.

G

Ralph you're up.

G

We heard you about as well as we heard jim reid. Can you try again.

A

Maybe not um so what I would say dkg is. um I I think there's been a lot of good comments here, so uh I I think the what I'd like to do is if ralph or or jim, want to um you know either chime in on chat or or reach you via via email to to get their questions and ask. That would probably be the best way to go forward um and then I'd just encourage you and joey to get your draft posted to the data tracker.

A

So people can can get access to it and we have it for historical records for the for the meeting.

G

Yep sounds good. We'll do we'll make sure that happens. Thanks for watching discussion.

C

Thank you. Everybody.

A

All right, so the next uh on the agenda is, is ben to talk about the ds, glue.

A

And it is all yours.

H

Okay, uh I'm happy to run my own slides, but if you want to do it, that's fine next slide.

H

So, to be clear, the this is the scope of this presentation is almost the opposite of dkgs. This is only about authenticated ada, and maybe I need to be a little bit clear about what authenticated means. It seems like we've. We've had some some different definitions, so here's what I mean I mean basically downgrade resistant. I mean an active network adversary cannot ever gain access to the dns query or the response all they can do is force a denial of service.

H

Authenticated out, I have this abbreviation a2 dot authenticated adot is possible without any modification to the parents. We can actually do this today, using components that already exist. You know we could just sort of walk away and declare victory almost, but it requires resolvers to be very, very patient. So first, the resolver has to do an ns revalidation before using a name server. So I get an ns record in glue. It says you know this name. Server is the name server for this child zone.

H

Now I have to go use that name server and ask for the ns record again and use dns sec to validate that that's actually correct, and then I can use that name server and also before I actually use the name server. I need to send an svcb query is assuming, in this model that we we settle on on using svcb I'll note that the the svcb for dns draft is now adopted in add.

H

So if the resolver sends an svcb query for this name and again uses dns sec to validate it, then in principle we can do authenticated a dot. um There's some interesting lingering questions about about how you do certificate validation, but, but apart from that, we're very close.

H

The problem is that this slows down resolution of all domains, not just domains that are participating in this experiment, a resolver that implements this quality policy, slows down resolution of every domain that it tries to resolve. So for that reason it seems like this is not likely to be deployed at scale, although, if you disagree, I'd be interested to hear okay next slide.

H

So we've had a lot of different proposals in this working group, and we've got a few more today about adot parent signals, so within the framework that I've just specified an a dot parent signal. Anything in the parent telling you to use a dot is purely a performance, optimization, it's a way to make a dot faster, and that may be really important because resolvers are impatient.

H

So if we can't make this pretty fast, it may be that we can't get it widely deployed, but helping it helps me a lot to think about these parent signals in this performance. Optimization context where there's there's a slow path that we know would work and we're just trying to find a shortcut next slide.

H

This, I think, is the most important slide of this presentation. This is the slide that I really want to focus on. The thing that makes these parent signals hard is that there are a lot of questions that we need to answer to figure out the shape of the solution, and there are a lot of plausible answers to these questions, so I'm not going to walk through all of these on this slide. This is just to say this is a long list of possible questions.

H

Next slide.

H

And these are those questions again with the answers that that I put in to to produce the ds glue result. So I would argue that if you pick these answers, then the ds glue, design kind of falls out and if you propose a different design, it's probably because you have different answers for some of these questions, and maybe those are valid answers really.

H

What I would like is for the working group to think through- or at least somehow come to consensus on on these answers or on the answers to these questions, because that's going to shape the design that we come up with so briefly, we cannot slow down the resolution of any existing domains at all.

H

We do care about authenticated dns over tls under non-adot parents. An example of that is the dkg.gitlab.io link that was just sent around right. So if, if dot io is as a tld is not doing a dot, then we might still want authenticated a dot for subdomains of gitlab.io so that we don't see that we're actually accessing dkg.getgitlab.I.

H

Otherwise we leak the dkg label. Can we require that the parents are signed in this case? Yes, can we add new rr types to the glue, so the assumption here is no that's different from, for example, draft a docs which proposed adding new rr types to the glue.

H

Can we add new digest types to the ds record? Yes, this relies on new digest types.

H

This there's also an element here that is optimizing for the latency of domains that do enable adot, because hopefully, eventually that will be a large fraction of the internet um and finally, can the child atomically update whole batches of glue that contain multiple rr sets the ns and the ds and the glue all together atomically.

H

uh You know I we this assumes. We cannot rely on that. Okay, next slide.

H

So the result of this those assumptions for from my perspective, is the the ds glue structure. So this is a new algorithm type called ds glue. It also relies on a digest type, which has previously been proposed called verbatim, which is a fake digest type so effectively. It lets you just plop arbitrary, arbitrary bytes into what would normally be the digest field, and so the the ds glue each ds glue record contains a tlv encoding. A compact encoding of an rr set a glue r set.

H

uh This has to be an rr set below the zone cut inside this um inside this child zone and so to prove that only actually the prefix of the name is encoded, so the child, the child zone name, is implicit and you can also encode non-existence of a glue r set this way by encoding, an empty rrs next slide.

H

What does it mean? So if you get a ds glue record, it's a ds record, and so it's subject to the standard rrsigs over dsr-r sets and the whole resolution fails due to bogus if anything is tampered or removed. That's the real authentication value of all this, and how do you interpret the contents? So the contents of this ds glue record the rr set inside the record is a glue rr set. That means it's only for delegation following it's not authoritative, for the child zone, it cannot be returned to a stub resolver.

H

It's only used during this delegation process and it can repeat ordinary glue, in which case the ds glue takes precedence, uh are set by our arson.

H

In principle, you can represent any r glue of any rr type this way, but the draft says basically don't do anything crazy because, like originally, I had tried to put nsec rr sets inside the ds glue and it became clear that that was very confusing. So instead we're just going to say you have to stick to some rr types that are understood and we can expand that as we understand more next slide.

H

So here's a very simple example: here's a totally ordinary child and parent zone. They happen to be using dnssec and cds, but they are. They are a totally ordinary child and parent zone next slide.

H

Here's the same example with as I was talking about at the beginning, the slow a2 dot. So all you have to do is drop an svcb record into the client and in principle a sufficiently patient resolver could revalidate the ns record check for the presence of an svcb record, find it upgrade to dot and then actually issue the the query that it wants to issue, but this is slow, so next slide.

H

This is what that zone looks like again with ds glue. So what we've done is is just added two cds records.

H

Each of those cds records encodes an rr set, one of them encodes the ns rr set the other one encodes. The svc brr set cds copies these into the parent verbatim and we're done notably in principle. The parent doesn't need to know anything about this.

H

As long as cds is working, the the parent just gets some more ds records and and that's the end of the story, but to uh to a resolver, a resolver looks in the parent zone and uh if the resolver is ds, glue aware it sees that the ds record contains these authenticated glue, r sets and it can use them to go directly to dns over tls, notably if the. If the resolver isn't aware of ds glue, then these just look like ds records of some unknown algorithm type, they're ignored next slide.

H

So my point here is ds. Glue shows that we can do authenticated a dot even under some very challenging assumptions. We can do it with no slowdown for non-participating zones. We can do it with minimum latency for participating zones. We don't actually even need the child zone to be signed, but really this is a very large design space. There are a lot of different possibilities here and we are going to have to figure out where we want to be in that design space that could take a while, but also we're not blocked.

H

If we can agree on some of the details of the slow path, we can actually get started with that today and start experimenting. Maybe we can't deploy at scale, but we could at least set up experimental, resolvers or very privacy, conscious resolvers that are willing to make that performance for for privacy trade-off.

H

That's all for my slides.

A

Ben uh warren looks like your first nicu.

K

Thank you yep. This is warren, so I mean I. I will happily say that I do like the fact that this is authenticated, but it does still feel to me quite complex.

K

um I do think it's something that's potentially a reasonable thing to work towards, but I still think that something, like you know, opportunistic name hack for now is a good way to at least get some of this going. In the meantime.

K

My big concerns with this is um it requires dns, which is not a huge issue, but there are a lot of instances where client. Oh sorry, end users cannot really publish arbitrary ds records.

K

um There are a lot of things where people have web uis in order to insert ds records, and they only allow a really small number of them.

K

There's also places where the um child provides the ds key to the parent and the parent is the only one who generates the ds record. So I think, as a long-term.

H

This might be so for what it's worth this actually can be made to work with cdns key, but only if the child can also convince the parent to use the verbatim digest, fight, yeah.

K

And in the cases where it's actually, the parent, who generates the ds from the dns key, that gets.

H

Triggered.

K

Right right, the.

H

Parent, I, the parent, can generate the ds record, but only if the child can tell the parent to please use the verbatim digest.

K

Yeah so I mean again, I think, as a long-term thing, this might be a reasonable thing, but I still think it's worth the um getting something opportunistic for now, because then we at least have some protection. Yes, it's not perfect, but it sure is better than nothing anyway soapbox right over.

A

Thanks warren uh jonathan you're next.

L

Hey uh everybody hear me.

D

Yes,.

L

Great okay, um so I I I like where you're coming from with this, I, like particularly the idea of setting out you know this idea of these are the questions that I've answered in this way, and that's how I got here. I think that's great one thing I kind of want to quibble with is this idea of whether or not we can ever add new r types? You know.

C

I've.

L

Seen I think many proposals here in other groups of using ds for things that are not really dns sec, there's clearly a need for a a better record type in the parent of some type, whether it's ns2 like to maple's proposal, whether it's some general purpose thing it doesn't matter, there's clearly a need for that, and we also now have a mechanism. That's been relatively successful for a couple of years for breaking changes which is flag day.

L

So as part of this work, I'd like us at a minimum, deprived and ideally bringing it to dns lab to agree on whether or not we can ever add new rr types to a parent, and if we say no great, let's say that out loud and let's say: you've got ds and that's it have fun. If we don't believe that, let's say that as well, because I think we're all making this assumption that we can't do it um with that. But clearly it's happening.

L

Clearly, we've done it in the past, so let's either decide that we could never do it or let's decide that we really need to do it. I I don't like this middle ground of we'll just assume. We can't do it so we'll overload something that was not its original purpose and that's not you know a complaint. I like the way the draft works. I really just want us to tackle that question as part of this and agree as a group on the answer to it. If we can.

H

Thanks, uh you know I'll I'll, just say that there are shades of grey in there too. Right, like we've heard, I think, opinions in the working group that the new rr types in the parent are possible, but the time scale for them is essentially too long for our patients. For this work.

L

Sure- and that makes sense and maybe another aspect of it is you know we decide that there's a time aspect to it and you know yes, you can have them if you're willing to wait 10 years or something, but I also think we can play with that time. So I'd like us just to all think about that as group going forward. Thank you thanks.

A

Jonathan uh eric you're next.

E

Wasn't that jonathan.

E

Eric it's me actually yeah. um Thanks for the presentation ben, um I appreciate your attempt to smuggle the entire dns into uh into the parent zone. um That's that's never solving this problem, so whenever I have to deal with it again, um um I I think that this, the the most important slide, or rather most important side of the answers, is a great contribution to like how to think about this.

E

um I think I would just go back to um uh um sort of like my appeal from both from my previous two appearances in the microphone um which is like you know, we've now seen a we have now I mean we've spent probably the past two years, like people trying out different, like you know, different kinds of like permutations of the design space and attempt to find something that people will accept right and that we can consensus on and um and like when.

E

I, what I see is like every single one of those um you know um has sort of like different people, perhaps has a that's clever but like we can't do it for this reason and we're not going to do it right and so like.

E

I would implore the chairs to like try to craft some mechanism like for getting us out of this hole, even if that is declaring defeat and going home because, like we are burning like an enormous amount of like intellectual effort by like you and me and dkg, I'm like trying to solve this problem and if the answer is it's just a hard, no like any like if we go through that previous immediate answer to that slide.

E

But if the answer is like that, no basically those things are all have no's on them, then like, let's just admit that and go home because like because, like it's just not worth like, you know like refining these proposals over and over again merely discover. They cannot be done, um though. I think this is a good work and, like I'd be more if this were the answer. I'd be more than pleased I'd like for this to be the answer right away, um so I I I don't mean to discourage you in any way.

E

I just don't. I just I'm trying to think about recycling with your effort right and my effort and appeals effort.

A

Thank you.

A

Paul you're next.

B

So when we used to have face-to-face meetings, sometimes uh somebody in line would say would get out of line and say I I don't need to say anything because the person in front of me just said everything. So I'm doing that now everything eckerd just said.

A

Thanks paul uh dkg.

G

uh I, like I, also like this draft. I, like this framing. Thank you ben um my. I have one question for you, which is: have you tried to publish such a reddit record uh in any uh authoritative zone, or do you not want to talk about that on the mic.

H

uh I haven't, I haven't attempted to do that. um The I mean yes, the the truth is that I think there are some barriers to doing this, uh as is today at the specifically at the tld layer. You know below you know, for for lower zone cuts. You can you can do whatever you want, but um but with clds you need some way to push those ds records into the parent, which means you need cds support.

H

There are only a small number of tlds that have their own that have their own cds support and a lot of those cds implementations have filtering for defined algorithms. So it's common to for parents to validate the not validate sorry but perform a little bit of of basic format. Checking on the cds record, including checking that it uh that it has a known, algorithm type.

H

So, okay,.

G

So look this this mechanism we've been here before um with txt records versus, say spf records right is this is the same game just at the next layer up in the dns hierarchy.

G

Right, oh, we can't distribute uh spf records because, most you know a bunch of dns hosts, refuse to publish them and now we're saying that the parent zones refuse to publish certain things. So there is clearly a need for this to be published either the parent zones can decide to publish these whatever these hypothetical new uh code points are within ds or they can publish them as new record types.

G

um The parent zones that refuse to do that are basically directly blocking progress and we just need to say this is what we need you to do if we think it's a bigger lift to ask them to accept new record types than to that and to ask them for this. We should ask them for this. uh I don't like ben's right, we're, not blocked uh unless we just let ourselves get stuck between these two choices. I would be fine with this being a result.

H

Thanks uh yeah, I do think just adding new record types is, is a bit more complicated than it sounds because if you just add new record types to the glue they're, not authenticated, so we need. uh We also need to figure out what our plan would be for authenticating. Any new authenticated record type. That's never been done before right.

G

Now I meant to say that we need new record types, that that would be signed record types by the parents, though that's what I'm going to say.

H

That's a novel concept.

A

Peter you're next.

M

Yeah, so if you can hear me so um I think the goal that was mentioned in the beginning of the presentation was that an active attacker can't learn anything about the query, and you said that you could also do that without the s glue. If you perform an s revalidation um by asking the name server what the s records are- and um I think at that point- you're already leaking the child zone, name to that name, server that you're querying, which has not been authenticated.

M

So I don't think the statement is true that nothing is learned by an active attacker and if you want to avoid that, I think um using bs glue is one way to do it and, as far as I understood, the bs clue would contain information from the child zones, such as the scvp record, for example, svcp record. um But, as I just said, it's not good enough to query that stuff from the child name server, because at that point it's not authenticated. Yet you have to query from the parent anyways.

M

So what's the point of keeping that record in the child zone? Why don't you just add it to the parent? Only in the ds glue.

H

Sure so um you might be right about that. First point: I'm going to have to think about that a little bit more.

H

On the second point, it uh I don't think it's true, because the the owner name of the svcb record is the name server name, not uh not the child zone name.

H

uh So in this, the model that this is all in is that the name server name is not sensitive. It's the um it's! The original q name contents that are considered sensitive.

M

Okay, thank you. I confused that.

H

um But maybe that maybe that answers part of your question in general, my my attitude here has been that for conceptual simplicity, this stuff is glue. uh Glue is supposed to also is supposed to be replicating things that are actually in the child zone. So, even if it's not necessary, it seems like a good idea to also have it in the child zone.

A

All right thanks peter uh ralph you're next.

H

Can people hear me.

H

Yes,.

N

Okay, great different browsers, so I mean what this draft and others are doing- is pretty much changing the way how resolvers, iterate uh or recurs to the domain stream and basing this change on pretty much a heck by cleverly reusing some existing record. I don't think it's good engineering and I echo what john said.

N

We certainly can change stuff at the parent and the slides we had there with the uh here's. What we can we can't do. Some people in the working group might have different opinions on what you can and what you can't do. So I think- and that's the basis that what may be accurate, that we seem to be impossible to common consensus on this so uh but for recursing.

N

I would really rather see something that is more in line with how the dns works and, of course, if you want to introduce that you have to introduce records at the parent and the and the child, possibly also to make that bulletproof, rather than hacking it onto an existing record. That's just my opinion.

H

Thanks uh yeah, so I would be. I would be happy to see new drafts talking about um what it would take to add a new authenticated record type at the parent zone. I do think that the barriers to that are remarkably high. um You know, epp being part of it, dnsec rules being part of it.

H

You know we're talking about, I think, a new set of rrsigs from the parent and possibly new bits in the super parent, because we need an authenticated way to tell the resolver about whether these records are present, so that an intermediary can't remove them and claim that a resolver is is implementing the old behavior instead of the new behavior. Sorry that an authoritative has the old behavior instead of the new behavior.

H

So uh it seems quite tricky to me um like.

N

A very involved change. It definitely is hard, but I don't think it's impossible and dns sec rules are also something I mean if we are going to this way, revisiting dns after uh so many years. We probably also can change stuff there, but it would be a proper kind of dns solution rather than a hack that we seem to push on. That's what I just think.

H

Sure I you know, I think that anybody who writes a hack tends to get a little bit attached to it. So uh you know I have a view of this where you know this is maybe just an expansion of the idea of what constant of what a ds record is. Maybe it's actually all of the signed data required for a delegation, but um but that's a matter of opinion.

A

Thanks ralph.

O

And robert you're last in the cube, hey thanks ben for presenting, I just wanted to close on some thoughts on this versus the other drafts we've heard about today. I think we need to have multiple paths to getting a dot and authenticated a dot out there, if not today, like eventually, the signals are going to change. Whatever we hear about today is going to through experience, turn out to be wrong and, from my point of view, having coexistence and transition are key requirements.

O

You know some of the other comments we've heard today about onboarding load or making safe changes to infrastructure. Those all those all are very important, so you know, I think, maybe we need to shift away from perfect towards us accepting any draft that has promise, even if it's flawed full of flaws or like tons of flaws. If it works, we should perhaps accept it. I guess what I'm saying is. We should lower the bar from to could work instead of works universally or has unanimous support by by the working group.

H

Yeah I'll note that our charter discusses authenticated a adot as something that we should pursue on an experimental basis, so it doesn't require us to come up with a standard or proposed standard level solution. An experimental level solution is also within charters, clearly within charter. So.

H

So it may be that there's work here that the working group wouldn't like as proposed standard, but that the working group would like, as experimental.

A

Yeah ben I'll just follow up with that one, because you know we. We, the chairs, put a note to the mailing list several months ago, asking about interest in doing more of an experimental.

A

uh You know approach for some of these things, so you know if, if we can get a you know a group of people interested in doing that. uh The chairs would definitely encourage that kind of experimentation.

O

I think that'd be great if the chairs could organize that that would be fantastic.

A

Sure all right, thanks ben.

A

All right uh next on the agenda is brian dixon, to talk about uh actually four drafts that he just pushed links to the mailing list. The other day.

D

Hi everybody, um so I guess the first comment up front is the the drafts are the latest version of some things that have been things I've been working on for the last several weeks, so I apologize for the late push of the latest versions of those to the list, but um in any case they are what they are.

D

um The reason I am presenting both uh drafts that are uh in deprive and dns op, is that they're, primarily motivated by the uh the the uh a dot component, uh but some of the uh some of the other drafts have wider applicability or you know, are better suited for being in dns off.

D

So the the only reason that they're in dns op is they're a better fit there, but the primary draft depends on them uh in terms of like how it works next slide.

D

So this is what I was taking as a takeaway or how I was viewing uh what what um would be goals, at least in terms of my view, on things uh for dns over tls to authority. uh With the you know, authentication um and I think they're pretty straightforward. uh This is going to be kind of similar to what ben's questions and answers were, but with different answers.

D

um So the the goal primary goal is obviously channel security between reserve, resolver and authoritative server being available uh using tls as a channel security mechanism, there's no real alternative there and I'm, including a relaxation on these tls certificate types so that this is more easily deployable and has less of a uh an overhead or um encumbrance on anybody who wants to actually do this, the the more flexible you are on tls cert types, though you know it avoids creating a economic penalty for having to do tls.

D

Obviously, another goal is maximize interoperability, that's just an obvious thing and the next one. I think it acknowledges the current time frame for making any kind of changes in terms of record types and possibly even um ds, hash algorithms.

D

um I'm not sure that those will be up deployable in a short time frame. What I'm, taking as goals is making it deployable as quickly as possible and including avoiding any use of non-dns elements and limiting new dns protocol elements to those that are strictly required. So if there is some portion of the the design that could be done with dns protocol elements or could be done without them, I'm picking the do it without them.

D

In order to minimize the friction between where we are now and having something, that's deployable or deployed uh signal, adot support and permit to secure discovery.

D

That's for downgrade resistance and to avoid needing to probe, um I see probing as something that itself could be um abused or generally something that is not strictly needed or desirable, absolutely validate server identity. That's what the authenticated piece is in terms of the goals uh protect against downgrade attacks and uh resolve reversal, authoritative, server roles, I'm looking at this from both sides of the equation.

D

So there's what you do on the authoritative side and what the resolver does. So in these proposals, I'm saying I'm putting strict requirements on what the authoritative servers have to publish or how they do, what they're doing and what the resolvers do those recommendations.

D

um You know they can be ignored or you know there is a penalty to not doing some of the things, but these are not requirements. uh Next slide.

D

So a consequence of those goals is what are some non goals that I I inferred from the goals um that encrypted transport does not provide data integrity.

D

um Dnsec exists for that, so this is not something that is a goal for what I'm proposing and I think it should not be a goal for any implementation uh or any any proposal for any kind of adot um does not require use of web pki. And the reason for this is this is all dns the resolver to authoritative it's strictly dns queries and dns answers. I I see web pki requirement as being something that would be questionable. uh It may not be acceptable to all participants or all operators, um and it's not necessary.

D

So I'm saying this is a non-goal, um the other. The next one does not require a single, unique server identity. That's actually a goal is to actually have multiple server identities which allows for distinguishing the behavior whether or not it supports adot for a particular server as signaled by the name and attaching the behavior to the names of the name. Servers a server and an ip address can have multiple names. This is actually a really good way to allow incremental deployment of adot.

D

Associated with, for instance, zone names, it doesn't require registry side changes and it doesn't require registrar side changes with one minor change, which is that the name server validation component might require registrars to add support for new dns key algorithms, and that's generally going to be a question of their their validation on uh updates sent for ds records, whether it be through cds or through uis.

D

Next slide.

D

Next slide, please so the other drafts that are included in this presentation are related or dependencies. One of them is uh the alternative to ds blue, which I'm calling nsv, which is named server validation. uh It is proposing a new dns key algorithm, but does not require a new ds um algorithm.

D

It encodes new data into the dns key, which is actually never actually published, but the dns key ephemeral data is then hashed and published in the ds record um in the parent, and this is necessary to protect the domain name on the ns delegation.

D

uh Oh sorry, the name server name on the delete on the dns, the validation from the delegation from the parent, so the parents doing a delegation. The ns record is not signed. You have to have some way of protecting that name of the name server. In order to do any kind of up. This is where the authentication piece actually is is tied to the the parent.

D

The next one is a new rr type uh dnst dns transport signaling that only gets published in the child and the child zone. Here, I'm referring to is the dns server named the zone that serves the dns server name.

D

This is necessary for explicit transport signaling and for the discovery by resolvers and that's necessary, uh but that only applies on the child side. um It's a new ir type, uh the glueless guidance, I think. Actually I can ignore this for now, so I'm not even going to talk about it. I think it ends up not being necessary.

D

Next slide.

D

Next slide, please.

D

uh So the this is the piece before you start doing. Tls you need to follow the delegation and have some way of finding the right name server. To talk to to do your tls.

D

If you, you need to find the right ip address and that's based on the name in the ns record in the parent, the delegation side and that's unsigned in the parent, because that's how dnsec was defined, it's an unfortunate thing. So if you got an ns record in the parent, you got the domain name, that's being delegated ns and then the name server name, um the ns record is non-authoritative can't be signed. The target name uh can be glued or unglued.

D

um The resolver contacts, the name server by ip address only and the the dns protocol on the wire actually does not involve the name server's name only its ip address in glue for the ip address, not not authoritative, but that's irrelevant. If you are going to revalidate that delegation as part of the the overall authentication process um next slide, please again, I'm just skipping over some of the stuff that I put in the original draft, but I think they're no longer needed so bold face things here, just highlighting what this.

D

Tls adot, which is basically just uh tlsa records, so tls needs the ip address, plus a domain name. uh Resolver connects to the ip address. The resolver has to revalidate the name and the if you've protected the ns name, the with the nsb. You can now talk to the ip address and look for signed data within the child related to tlsa records, the name server, transport dnst as a signaling mechanism, and uh you can also reconfirm the uh address record for the name server.

D

But the main the main pieces are having this tlsa record to get the um the the validation component for the tls session, um and that is within the name, server's names zone, and that requires that that be assigned zone, because tlsa requires dns sec and as long as tlsa dot validates, then you can trust the the actual tls certificate that you receive if it matches.

D

So you don't need web pki, but you can use web pki certs. You just need that those be have a tlsa record published for them, and the dns messages are sent over the connection. Only after tls is established.

D

That's a very dead slide. I'm apologizing for that. In advance um next slide, please.

D

uh Nsv is name server, validation, uh you're, basically putting a uh a hash of the name, server name uh in a ds record and hashing it in a ds, key record and then hashing it to the ds and that allows the resolver to take the delegation. Ns records the to the target names and use that as the input to uh construct reconstruction reconstructing the dns key and then hashing it. Comparing that against the ds record that is seen and if it matches you can now use that um delegation, the ns name.

D

uh And if it doesn't you don't uh it's just. How do you validate a nana's record or the r data in an s record?.

D

And this is strictly for protecting the target name in the ns.

D

The other element about this is, if, because of the way that dns sec um is uh architected, unknown, uh algorithms for dns keys are ignored by resolvers, so it's backward compatible. That, I think, is a very key element of this.

D

It's not going to affect any unaware. Resolvers ns, via wear resolvers, are going to be able to validate dns records and then continue on with the rest of the validation process.

A

Next slide, please so, just as a note brian, we got less than five minutes.

D

Oh, I'm sorry, okay, uh dnst, uh it's just uh signaling uses flags, uh it's as simple as possible. Only only the necessary elements are involved. Next.

C

Slide.

D

It's designed to be downgrade resistant, that's mostly because everything's in the child zone of the name, server name other than that nsv.

D

This means it's signed and the signaling and tls tlsa records give you the ability to confirm the tls certificates and it lets. You establish a downgrade resistant pls session next slide.

D

Next slide next slide again sorry uh and then there's some other stuff. That's not really relevant uh interoperability, um what they have to do and what they don't need to do. So it requires dane tlsa um clients.

D

I guess I should say should. Is that a must but validate the mechanism for validation is gain um it's optional, for if the clients want to do um web pki and they can ignore dynastic validation if they want, but that's not advisable next slide. Please.

D

And it's work in progress, so not really been out there very long, I'm looking for feedback.

D

I think the covers the absolute bare minimum required to get to something that can be deployed um quickly. That's it for me. Oh did I run out of time. I'm sorry.

A

That's right: we we had some. We had a couple of different discussion points that um kind of ran a little bit long, so um yeah, but I I also want to make sure everybody realizes that brian you're going to be talking about these slides again in indiana, stop in a few hours. So, yes, um you know there is an opportunity there for for on mic discussion.

A

So thanks, thank you for that.

A

um Okay, so really quick.

A

Tim.

F

Oh, I was just gonna talk over the action items unless you want to go ahead. Yep.

A

No go for it.

F

Oh okay, the ones I put in the minutes and people if they want us to have more action items, just you can add them to the ether pad um action item on taking to the mailing list on moving dns over dtls to historic and then update the port name. And of course you know how how we describe the name. Can you know believe that as an as something for us um also, we will talk with the av about use case discussions from the unauthoritative draft.

F

um That's a pretty good comment and I believe the last one is we're going to follow up on um ecker's mechanism crafting comment, and we will take any and all sort of suggestions on that one. But I believe those are the three action items we're currently sitting on. So if anyone wants to add more, please do so.

A

Thank you tim. um So with with that, um if you have additional items that you think need to be noted, um you know the you know you put them in the minutes and the notes um or send them to the chairs, and um we will make sure that they get recorded.

A

um Otherwise, I will take this opportunity to thank everybody for participating. I I actually was very grateful to see you know some of the robust discussions that we had around some of these documents and and and hopefully um we can come up with a with uh some approaches to help. You know get some of this stuff unstuck and get more people uh engaged in in looking at these proposals and and either doing experiments or pointing out where they may be implementation or deployment issues.

A

So thanks once again for attending the deprived meeting for ietf 112, and we look forward to seeing you next time at ietf113 have a good day. Everybody bye.

A

You.