►
From YouTube: IETF95-DNSOP-20160406-1620
Description
DNSOP meeting session at IETF95
2016/04/06 1620
A
D
A
G
It's
I
think
it's
been
6
for
21
will
get
rolling
here,
hey,
we
were
busy
at
424.
Sorry
welcome
to
session
one
of
the
two
sessions
for
dns
op.
This
is
only
an
hour
and
this
sessions,
most
is,
is
just
going
to
cover
what
I
call
we
call
current
working
group
business
stuff.
That's
been
adopted,
stuff,
they're
kind
of
arguing
about
things
like
that
I'm
Tim,
that
Suzanne
case
you
haven't
figured
that
out.
G
G
Yes,
it's
true
I,
always
end
up
in
the
hallway
at
Dane,
so
tonight's,
a
little
gender
bashing
this
afternoon,
some
updates
on
our
old
work
and
basically
current
working
for
business
and
tomorrow,
not
tomorrow
but
friday,
we're
going
to
talk
about
possible
new
working
group
business
that
stuff
that
you
know
people
have
presented
of
people
have
submitted
and
there's
been
some
good
discussion
on
the
list
about
and
probably
not
new
working
group
business.
As
I
call
it.
G
So
let's
do
some
document
updates.
Since
our
last
meeting
in
Yokohama
one
two,
three
four
five
fruit
loop
back
Dinah's
terminology,
the
5966
biz
update
to
name
is
a
shin,
and
this
morning
we
got
okay
alert
on
TCP
keep
alive.
So
we've
got
five
things
published
since
Yokohama
I
think
that's
pretty
good
and
we've.
You
know,
and
I
think
we
thank
you
all
for
actually
doing
the
work
on
doing
the
reviews
giving
the
feedbacks
working
with
the
authors
and,
in
the
end
of
their
cue
march,
draft
on
6303i
found
out
for
my
Anna.
G
That's
going
to
be
published
fairly
soon,
there's
actually
some
process
of
pushing
out
zone
files.
That's
taken
a
while,
so
we
were
wondering
what
was
going
on
there
yeah
it's
taking
six
months
of
push
ups
and
zone
files
and
eating
as
chain
query.
That's
in
the
editor
queue
as
well.
There's
been
some
mostly
what's
going
on.
G
Now
is
references
and
I
sat
down
this
on
Monday
with
the
editors
and
work
through
some
of
the
issues
and
I
think
we
have
a
lot
of
it:
cleaned
up
same
thing
for
clients,
I'm
net
I
know,
there's
been
some
comments
about
client
subnet,
some
last
minute
things,
and
will
we
can
get
those
into
the
auth
48?
The
editors
are
very
good
with
that.
So
David
I'll
probably
stay
on
top
of
you
guys
to
make
sure
we
get
all
that
stuff
sort
of
sorted
out
other
stuff,
that's
kind
of
sitting
the
cookies
draft.
G
There
was
some
iesg
comments
that
Donald
and
I
got.
We
got.
We
got
lost
in
our
discussion.
He
pushed
out
a
new
version
and
I'm
going
to
go
back
to
the
IHG
folks
and
get
them
to
release
their
ballot
positions
and
move
that
one
along
as
well,
though,
there's
two
things
that
are
currently
sitting
that
up
the
ipv6,
our
DNS
is
Lee
in
here,
I'm,
not
sure.
If
Lee
was
here,
we
are.
We
think
this
is
ready
for
working
group.
G
Last
call
we
had
a
lot
of
discussion
in
Yokohama
about
it
before
we
adopted
it
and
we
think
that's
we're
basically
ready
to
sort
of
push
that
through.
But
it's
been
pretty
quiet,
so
I'll
bring
this
up,
probably
on
the
list
pretty
soon
the
next
big
one.
It's
marks,
no
response
draft
I
do
think
it
needs
some
more
reviews
and
some
more
edits
and
so
I
think
I'm
going
to.
We
should
sorry
to
start
talking
of
anybody's
interest.
G
I,
don't
think
they've
actually
done
much
on
that
so
and
there's
other
stuff.
What
are
we
working
on
there?
We
go.
There's
there's
that
now
I
think
I
want
to
call
to
talk
about
resolver
priming
shortly.
Okay,
you
never
sent
me
anything,
but
I
don't
think
I
think
it's
just
in
words.
You
have
to
say
just
words
and.
H
So
it
wasn't
even
worth
the
slide,
so
resolver
priming.
The
draft
has
had
some
good
comments
in
the
last
few
months,
but
we
have
a
bunch
of
open
questions,
questions
in
the
document
and
questions
that
we've
asked
on
the
list
and
we
aren't
getting
like
good
response.
We
would
like
to
get
them
because
some
of
them
are
actually
pretty
big
questions
such
as.
What
do
you
do
when
the
rd
bit
is
set
to
one?
Do
you
set
the
gz?
Do
get
media
queries?
H
We
would
like
to
get
those
resolved
and
then
go
to
working
group
last
call,
but
we're
not
ready
to
go
to
working
group
last
call
until
those
questions
are
done
because
some
of
the
answers,
those
questions,
might
open
up
big
issues
and
let
me
just
drop
one
in
your
brain.
That's
not
here,
but
I
realized
on
the
airplane
coming
over
to
Buenos
Aires
when
you're
sitting
there
waiting
to
land
and
stuff.
So
you
go
to
your
your
config
to
find
out
the
root.
Hints
you
go
and
you
get
all
of
your
NS
records.
H
After
a
few
days
or
weeks,
they
start
timing
out,
and
so
you
need
to
get
them
again
and
then
the
question
is:
where
do
you
go
to
get
them?
Do
you
get
them
from
your
cache
where
they
are
sitting
where
you
have
answers,
or
do
you
go
back
to
your
config?
So
far,
everyone
I've
asked
has
had
a
strong
opinion
but
agreed
that
the
other
one
was
just
fine
too.
So
that
will
come
up
on
the
list.
What
I'm
saying
is
we
need
to
discuss
this
more?
It's
not
like.
Oh
we're
almost
done.
H
G
I
Okay,
thank
you.
Business
should
be
easy.
I
worked
with
a
number
of
good
people
on
this
I'm.
Sorry
I
didn't
put
any
of
the
names
on
here,
but
this
one
rolled
Park
avoidance,
which
is
probably
the
oldest
draft
in
the
group
at
the
moment,
ada,
should
be
done.
We
resolved
the
issue
that
came
up
during
the
last
call.
I
pushed
out
a
few
versions
in
the
last
few
weeks.
I
I
I
I
J
I
G
I
So
I
we
sub
set
a
new
version
out.
Just
after
the
internet
draft
submission
window
opened
up.
I've
already
got
the
number
of
good
comments
on
the
list.
Keep
them
coming,
we
need
more
reviews
to
pass
them
should
be
easy.
The
companion
document
to
this
one
is
likely
to
be
adopted
by
the
reg
extensions
working
group
and
ask
John
Levine
explained
there.
This
is
an
ugly
ugly
hawk,
but
it
is
the
best
possible
alternative.
G
I
G
Okay,
so
because
we
have
had
it
all
for
a
few
years,
yep
so
I
think
I'll
probably
send
a
note
out
to
list
explaining
all
that.
But
you
know
the
idea
behind
this
is
not
just
making
information
will
make
it
standards
track.
So
this
is
that
you
know
definitely
something
a
little
more
in
depth
there.
So
if
anybody
sees
that
that's
a
problem,
they
should
sort
of
race
or
you
know,
raise
that
flag
and,
let
us
know
kind
of
thing
up
chains,
Shane,
hello,.
I
K
I'll
try
again:
ok,
there
goes
my
singing
career
shanker,
so
I
guess
my
only
concern
with
making
this
standards
track
is
that
I
feel
like
the
approach
for
adding
a
new
des
is
there's
a
lot
of
a
lot
of
as
many
options
they're.
Not
it's
not
really
very
specific
and
clear.
So
I
don't
know,
send
text,
ok,
I'll,
discuss
it
on
this,
then
yeah
I'm.
K
I
G
K
I
G
M
Some
discussion,
something
ok,
recent
news
so
on
the
next
menu
cut
a
project
before
the
adoption
the
well.
There
were
a
lot
of
discussion,
so
it
was
one
of
these
drugs
that
were
lucky
enough
to
have.
Many
people
were
reading
it
commenting
on
it.
It
was
00
bubbly
and
everything
after
that
went
quiet
on
friendly
enough.
Also
good
thing:
two
implementations
were
discovered
that
art,
so
there
is
already
running
code
unbound
on
power,
DNS
already
implements
partially
and
lemon
cat.
M
It
is
good
and
rough
01
was
published
in
not
2016
and
suddenly
the
other
people
we
did
proper
on
this,
isn't
we
did
before
on.
There
was
105
message
on
the
list
again
if
we
want
to
show
the
iesg
that
many
people
read
the
draft
and
we're
interested
in
it,
that's
a
good
proof.
So,
among
all
the
discussions
it
seems
to
me
today
that
we
are
for
lasting
issues.
M
So,
first
one
because
I
have
been
a
lot
of
discussions
on
on
the
list
about
that
yeah.
The
idea
of
the
draft
is
to
recommend
behavior,
so
not
to
be
not
fall,
but
you
say
that
it
would
be
nice
good,
cetera
to
actually
do
an
X
dominica.
It's
not
required
so
the
most
of
the
sentence
of
the
normative
sentence
in
the
draft
you
should
and
I
don't
need
to
explain
what
is
should
when
you
compared
to
most
on
me
so
today.
In
my
opinion,
this
is
clear,
but
ok,
maybe
some
people
disagree
with
you.
M
There
have
been
some
remarks
of.
The
draft
was
to
implementation
oriented
because,
for
instance,
we
have
reference
to
trees.
We
talk
about
trees,
on
three
operations
such
as
parent
descendant,
etc.
So
I
don't
feel
the
need
to
apologize
for
this,
because
domain
names
are
a
tree
period.
So
if
you
cannot
implement
tree
like
operation
in
a
dns
program,
you
have
a
problem
anyway.
M
So
what
we
could
do
in
the
next
version
of
the
draft
would
be
to
make
very
clear
that
when
we
talk
about
a
tree
in
the
draft,
it's
a
model,
but
we
use
it
does
not
mean
that
it
has
to
be
the
implementation
in
the
memory
of
the
Shabak.
Basically,
basically,
IETF
anyway
never
dies
in
ur
implementation.
In
your
cut,
you
do
what
you
want.
The
only
thing
which
is
important
is
from
the
outside.
So
though
there
was
some
text
written
by
Freeman
about
this
idea
that
it
is
another
not
an
implementation.
M
They
are
not
in
01
the
conversion,
but
it
could
be
added
in
the
or
to
third
the
risk
of
security.
It
was
not
discussed
in
the
last
iteration
in
mark,
but
it
was
discussed
before
because
well,
basically,
the
ideas
use.
You
send
the
spurious
annex
domain
on
sir
broadcom,
and
then
you
delete
from
Katie
com,
basically
that
the
ID,
so
one
possible
solution,
would
be
to
limit
an
examine
cut
only
when
the
answer
is
validated
with
leezar
case
4.com,
because
they
would
assign
phones.
M
It
is
already
implemented
in
unborn
today
and
examine
cut
in
unbound
works.
This
way
the
annex
domain
has
to
be
validated
on
the
other
end.
Well,
what
one
possible
solution
could
be
two
other
in
the
draft,
something
like
a
resolver
may
decide
to
limit
an
extra
men
cut
to
validate
a
DNS
SEC
validated
answers
on
the
other
end.
M
If
you
are
dns
safe,
there
is
also
may
be
another
possibility,
which
is
to
use
aggressive
synthesis
of
annex
domain,
as
proposed
in
the
draft
by
a
free
wobble
on
cat,
oh
and
while
these
drafts,
currently
it's
not
adopted,
so
we
cannot
rely
on
it.
But
it's
an
interesting
combination,
annex
diamond
cut,
when
the
domain
is
not
validated
and
when
it
is
when
the
annex
domain
is
very
little,
you
can
even
go
further
on
synthesized
and
each
domain
on
the
last
one.
M
The
case
of
when
there
is
an
unexamined
cut,
but
there
is
over
already
other
some
information
below
the
cut
in
its
cache.
Is
it
possible
to
send
back
this
answers
when
there
is
a
request?
Of
course,
it's
a
bit
surprising
that
you
get
I
need
the
men
then
still
send
answers
for
videos
or
cut,
but
on
the
other
end
the
DNS
never
was
fully
consistent.
It's
eventually
consistent,
so
in
a
scene.
Why?
Even
if
eventual
consistency
was
mostly
for
the
case
of
different
servers,
not
from
the
same
server,
but
still
why
today
0
1?
M
There
is
nothing
explicit.
We
could
say
that,
for
instance,
a
resolver
may
send
that
already
cast
on
source,
even
if
it
has
received
any
demand,
be
four.
So,
in
my
opinion,
this
other
fall
issues
that
need
a
resolution
discussion
on
resolution,
after
that,
if
we
solve
this
and
put
this
in
02,
why
is
it
radio?
Is
it
another
problem
that
I
missed
now
up
to
you.
O
Are
eager
to
speak,
Ted
lemon,
so
I,
don't
really
want
to
reiterate
all
of
the
things
that
I
said
on
the
mailing
list,
because
I
think
you
captured
them
there.
But
I
think
that
the
fundamental
issue
here
is:
are
we
trying
to
clarify
something
about
how
the
dns
works
or
are
we
trying
to
specify
moon,
orbited,
behavior
and
the
document
is
written,
specifies
new,
normative
behavior
and
that's?
Why
there's
so
much
controversy?
M
One
legal
point:
currently,
the
draft
claims
to
update
1030
full
on
VZ
was
six
in
the
case
of
tennis
old
34.
It's
in
my
opinion,
the
clarification
because
I
think
the
pen
34
was
clear
on
that
already,
but
never
clear
enough
for
people
in
the
case
of
2308.
It's
a
we
loved
it
because
there
is
alternate
sentence
in
2308
that
seems
to
forbid
annex
dominica.
So
in
that
case,
to
read
update
on
the
wheel
modification
yep
yeah.
That
makes
sense.
F
However,
in
the
cash
you
can,
if
you
ask
for
an
a
record
and
get
one
and
then
later,
somebody
comes
along
and
asks
for
a
quad
a
record,
but
in
that
intervening
time
the
authority
has
changed
it
to
a
cname.
Well,
until
the
a
record
actually
times
out
of
the
cash,
you
will
continue
to
get
the
a
record
instead
of
the
scene
man.
So
the
eventual
consistency,
I
think,
is
good
enough
for
these
purposes.
So.
M
H
Paul,
half
and
I
definitely
thank
you
David
and
to
disagree
with
something
the
Ted
said
about.
You
know
that
something
doesn't
exist.
The
problem
is,
it
does
exist
in
the
cache.
That
is
what
the
cash
believes
and
saying
it
doesn't
exist.
Unless
you
do
something
more,
I
think
is
insane
so
yeah
just
say
may
and
I
think
there's
I
will
do
a
review
on
some
language
to
tone
it
down,
because
some
of
your
shoulds
in
fact
neat.
H
So
we
all
know
what
must
means
most
people
don't
know
what
shouldn't
should
means
must
accept
when
I,
how
I
describe
it
and
there's
a
bunch
of
holes
there,
which
you
might
then
turn
into
either
may
or
is
a
good
idea,
meaning
like
you
can
really
do
whatever
you
want.
This
seems
to
be
the
preferred
I
way
or
even
/,
not
just
preferred
like
we
would
like
you
to
but
sort
of
architectural
II
consistent
way.
So
I
will
I'll
send
some
edits
on
that
after
you
do
the
02.
P
Dan
York
relaying
for
America
fabrizzio,
says,
dig
a
calmed.
A
que.
A
DNS
net
returns
an
X
domain.
If
resolvers
abide
by
this,
the
whole
Akamai
DNS
will
be
off.
Cuny
minimization
will
stumble
upon
that
record.
Twitch
Dave
then
wrote
for
what
it's
worth
under
the
inside
in
a
sign
zone
constraint.
It
would
work
with
akamai.
Our
problem
is
limited
to
unsigned
songs.
M
Q
So
I
think,
probably
that
option
should
be
discussed
explicitly
in
the
draft
today.
It
says
actually
couldn't
remember
what
it
said
until
I
read
it
today,
but
section
2
says
should
should
should
do
this
and
only
in
a
later
section
I
think
section
5.
It
says,
however,
if
you
have
a
good
reason
to
ignore.
M
Q
G
Sounds
like
it
should
go
into
the
02
document,
yeah
yeah,
so
the
chairs
were
figuring
that
the
authors
will
do
is
0-2
version
with
these
comments
plus
a
few
others,
and
then
we
take
it
back
to
list
and
see
what
happens
and
then
from
there
go
to
a
working
group.
Last
call
is
that
sound
along
with
the
authors,
yeah?
Okay,
that's
a
few
okay,
oh
I,.
Q
Just
remembered
I
have
another
comment,
so
the
implementation
sections
they
talk
about
the
implementation,
but
they
have
a
comment
saying
removed
before
publication.
So
is
that
actually
a
requirement
from
the
RFC
editor,
because
I
think
it
would
be
useful
to
continue
to
have
some
information
about
the
implementations
that
were
available
at
the
time
of
publication.
Of
this
no.
M
Q
O
Again
just
a
reminder.
So
how
this
works
is
you
would
you
would
send
such
signaling
from
a
stub
or
from
a
recursive?
Only
you
only
send
us
inquiry
msgs,
not
in
response
messages.
You
would
send
it
when
the
query
type
was
a
dns
key
query.
If
you
have
a
configured
trust
anchor,
you
should
send
it.
If
you
have
some
cached
dias
records,
you
may
send
it,
but
you
must
not
send
it
otherwise.
O
So
since,
since
the
last
meeting
ITF
94,
this
was
adopted
by
the
working
group
and
published
as
00
into
the
working
group
name,
there
was
some
discussion
on
the
list.
It
was
then
published
at
01,
really
the
only
significant
change
between
zero,
zero
and
zero
one
is
in
00.
There
was
this
idea
that
if
you
were
forwarding
key
tags
from
a
stub,
you
should
do
a
union
of
the
recursive
key
tags
with
the
stubs
key
tags
and
then
send
the
union,
but
that
was
changed
to
be.
I
was
changed
from
intersection
to
union.
O
G
G
O
G
O
G
O
Idea
is
the
idea
of
the
current
draft
is
that
if
you
are
forwarding
key
tags
from
somebody
downstream,
you
would
repeat
the
option
multiple
times
in
the
message.
There
would
be
two
ed
nescopeck
options
with
separate
lists
and
then
that
could
sort
of
maybe
tell
you
something
additional
about
when
you're
when
you're
looking
at
the
data.
O
O
T
So
Warren
quarry
I
was
one
of
the
authors
on
a
sort
of
different
document
earlier
document
which
had
it
encoded
in
the
queue
name
and
one
of
the
issues
that
we
discovered
is.
If
there
is
a
forwarder,
which
is
unaware
of
the
sort
of
thing
and
a
client
is
the
client
might
put
the
send,
send
it
through
the
forwarder
before
I
would
send
it
off
to
whoever
collects
this
and
would
make
it
look
as
though
you
know
the
site.
The
machine
was
forwarded
through
actually
has
the
new
key
tag.
T
So
that
was
sort
of
one
of
the
reasons
why
myself
and
move
else
was
I.
Think
Roy
was
one
of
the
authors
which
I
looked
at
that
for
a
while,
and
then
we
came
up
with
the
things
like
every
time.
A
name
server
starts.
It
creates
a
uuid
and
puts
that
end.
So
can
disambiguate
them,
and
then
it
got
even
more
complex
and
we
became
concerned
and
run
away.
L
Go
ahead,
22
responses,
it
doesn't
need
to
be
complicated.
We
just
want
to
know.
Basically,
when
we're
doing
is
we
want
you
to
know
the
set
of
clients
out
there.
Basically,
that
understand
things.
We
don't
need
to
know
that
our
IP
address
or
lots
of
other
stuff.
We
just
want
to
know
which
algorithms
that
are
actually
in
the
trust
anchors,
so
it
doesn't
matter
if
it
all
comes
through
the
same
IP
address.
That's
Ana
relevancy
in
terms
of
what
we're
doing
here,
if
we're
doing
it
as
a
BS
option,
I
was.
O
H
H
The
reason
why
we're
thinking
of
adding
this
is
there
are
people
who
will
possibly
make
decisions
based
on
so
finding
that
information
having
it
show
up
in
places
where
we
can
look
at
it
and
evaluate
it
would
be
important,
and
given
that
I
do
have
the
same
concern
about
having
an
idea
whether
it
is
a
large
recur,
sir,
that
we
recognize
possibly
because
it's,
for
example,
if
I'm
running
either
a
busy
TLD
or
a
root
zone,
I
can
recognize
what
a
big
recur.
Sir,
is
because
it's
asking
me
a
lot
of
sensible
questions.
H
U
L
U
O
Thing
that
I
worry
about
a
lot
it
is
is,
as
you
probably
know
from
you
know,
any
time
you
look
at
data
that
comes
in
the
root
servers.
It's
it's
just
amazing,
the
the
stuff
that's
in
there
and
so
I
would
like
to
be
able
to
sort
of
differentiate
a
legitimate
signal
versus
an
accidental
signal,
and
so
that's
one
of
the
reasons
why
I
like
the
commas.
For
example,
you
know
if
we,
if
we
don't
have
that,
then
something
that
happens
to
match
this
might
be
confused
for
a
legitimate
trust
anchor.
O
U
V
Evan
ought
to
I
see
I
was
I
think
I
was
going
with
with
foreign
on
on
the
one
that
encoded
his
cue
name,
and
I
still
favor
that
approach.
I
agree
with
that
about
the
hexadecimal.
I
think
that
was
overly
clever.
I
recommended
decimal
with
with
punctuation
separating
the
key
tags
or
even
using
separate
labels,
but
separate
labels
has
the
problem
of
qname
minimization
ill
eating.
Some
of
the
data
that
you
wanted.
V
If
you
use
a
cue
name,
you
don't
have
to
upgrade
anything.
The
queue
name
is
just
going
to
get
passed
along.
It's
very
very
easy
to
collect
the
statistics
and
very
very
easy
to
get
the
answer
that
I
think
we're
looking
for
unless
we're
looking
for
an
answer
that
I
I
didn't
realize
that
we
were
looking
for
that,
in
which
case
I
should
sit
on
a
chop.
Okay,
thanks.
W
Honestly,
one
from
that
note
hexadecimal
is
to
be
a
presentation
thing.
The
thing
that's
guessing
code,
normal
wire,
should
make
technical
sense.
The
thing
that
it's
presented
to
the
user
should
make
human
sense
the
layer
in
between
it's
called
software.
So
please
standardized
for
what's
sensible
for
the
wire.
L
G
T
I
guess
let
me
try
and
put
you
to
a
clarification
on
which
thing
provides
the
info,
in
which
version,
if
you
have
the
ED
NS
01,
it's
the
recursive
that
sends
the
query
to
the
trance
point.
If
you
have
q
name
its
machines
behind
potentially
the
machine
which
sends
the
thing
so
you're
measuring
I
think
two
different
sets
of
things.
Potentially,
it's
not
qname
vs
e
DNS,
potentially
it's
qname
versus
etns
or
both
depending
on
what
you
actually
want
to
measure
right.
They
give
you
very
different
sets
of
views.
T
O
Yeah
I
don't
see
them
is
that
I
mean
I,
think
I
think
they're.
There
are
some.
There
are
some
differences,
but
I.
Think
overall
you
get
the
same.
Data
I
mean
they're
designed
so
that
you
get
the
trust,
anchor
key
tags
from
both
recursive
end
and
the
stumps
in
the
end
machines.
But
you
get
them
in
sort
of
different
ways.
V
Presumably,
if
the
ebon
hunt
again,
presumably
if
you
were
validating
stub-
and
you
were
passing
your
queries
through
a
validating
resolver-
then
the
Aquarius
would
be
sent
from
both.
Although
there
is
a
potential
that
a
queue
name
would
have
been
cashed
by
the
validating
resolver,
so
you
would
be
hiding
the
stub.
On
the
other
hand,
of
the.
If
you
were
passing
your
your
queries
from
a
validating
stub
through
a
non
validating
resolver,
then
you
would
be
finding
out
that
there
was
a
query
from
a
stub
that
would
look
the
same.
V
T
I
guess
one
last
try
before
I
give
up
on
this.
So
more
concrete
examples.
Let's
take
four
two,
two,
two
large
recursive
resolver
lots
of
people
use
it
if
it
is
not
upgraded
to
support
this
and
I
runner
a
validating
resolver
on
my
stamp
machine
which
happens
to
forward
through
that
it
will
make
it
appear
as
though
for
dr
dot
to
dot.
To
has
the
new
key
tag.
You
know,
one
query
from
me
will
hit
it.
It
doesn't
know
about
this.
T
H
Thank
you,
Jim
I've
heard
a
lot
of
questions
and
confusion.
I
think
it
might
be
premature
to
ask
this
now.
I
would
like
to
see
it
and
I
do
not
want
to
slow
this
down
I'm
one
of
the
people
for
whom
this
is
a
very
pointy
stick,
but
I
would
like
to
see
lots
of
discussion
on
the
list,
not
long
discussion,
but
lots
of
discussion
in
a
short
period
time
and
then
can
you
ask
the
question
of
a
be
a
plus
B,
0
0,
so.
C
I
G
Okay,
let's
let's
do
this?
How
should
we
continue
with
this
work?
Let's
hum
for
Humphrey?
Yes,
should
we
kill
this
work,
but
you
get
home
for
now.
If
you
want
to
kill
this
work,
okay,
okay,
so
so
I
think
I
think
we're
going
to
continue,
but
Paul's
Paul's
points
good
is,
is
we
should
hash
this
out
on
the
list
about
the
two
name
versus
the
DDS
option
and
come
to
some
sort
of
kids
rough
consensus
on
that
all.
I
G
B
H
Before
that,
just
while
you're
figuring
out
to
do
for
next
for
new
business,
a
note
for
the
room,
if
you
care
about
n
sec
5,
there's
gonna
be
a
presentation
about
it
tomorrow
in
sag.
So
that's
why
I'm
saying
it
now,
if
you
want
to
go
to
the
presentation,
there's
a
present,
a
short
presentation
on
insect
five
tomorrow,
probably
wouldn't
have
known
about
it:
otherwise
I'm
great
advertising
just
announcing
all
right.
Thank
you.
Thanks,
Paul
yeah.
B
B
C
K
Be
stuff
that's
already
being
discussed
by
the
work
group,
but
I
want
to
do
a
quick
introduction
and
some
work
that
we've
been
doing
about
DNS
over
HTTP.
So
this
is
not
just
myself.
I've
also
been
doing
this
with
my
colleague
Davey
at
yeah,
I
and
another
one.
My
colleagues
is
not
here
today,
arun,
shaw
and,
of
course,
the
famous
palm
pixi
up.
K
K
The
first
one
is
a
kind
of
survey
of
all
the
different
techniques
that
you
can
use,
I'm
sure
I
didn't
get
all
of
them,
but
I
tried
to
go
through
a
lot
of
them,
and
the
intention
of
this
is
just
to
be
informational,
so
that
people
who
are
thinking
about
designing
a
new
way
of
doing
dinosaur
HTTP
are
looking
for
ways
to
use.
This
will
have
a
place
to
start
to
get
a
kind
of
view.
A
high
level
view
of
the
different
techniques
that
you
can
use.
K
K
So
we've
had
a
little
bit
of
feedback
on
this
thanks
to
Jim
may
and
Stefan.
For
this
and
likely
there'll
be
one
more
draft
with
minor
updates,
but
because
it's
such
a
high
level
document
I,
don't
really
expect
a
lot,
a
lot
more
updates
with
it.
But
of
course,
if
you
have
some
criticism
or
want
any
changes,
just
let
me
know
the
next.
One
is
a
lot
more
detailed,
and
this
is
the
which
describes
the
dns
server
HTTP
wire
format.
K
We
we
actually
have
22
interoperable
implementations
for
this
one,
which
is
a
plug-in
for
engine
X,
I,
think
and
one
which
is
it,
go
a
go
language
implementation.
So
the
idea
here
is
we,
the
Imperial,
is
actually
very,
very
simple:
it
just
takes
the
the
wire
format,
DNS
message
and
those
it
as
a
binary
blob
using
HTTP.
We
use
a
post
message
for
this,
we'll
discuss
that
in
a
minute
yeah,
that's
basically
it
we
have
a
couple
of
headers
that
we
define
for
this.
K
K
Models,
it's
a
bit
weird,
but
yeah.
We
have.
We
have
two
different
scenarios
that
we
envision
for
this
one
is
where
people
use
it
in
a
proxy
mode.
So
this
is
it's
very,
very
similar
to
I.
Think
the
work
that's
been
done
already
for
DNS
over
TLS.
You
want
a
kind
of
VPN,
so
in
that
case,
you're
kind
of
acting
as
a
proxy
and
that's
the
mode
we're
using
this
signaling
for
UDP
or
TCP
becomes
important
because
the
stub
client
behind
it
needs
needs
for
the
proxy
to
act
like
a
real
dns
server.
K
So
you
need
you
want
to
get
the
simplest
way
that
do
that
is
just
ask
for
the
messages
in
the
right
format
from
the
dns
server.
So
in
this
mode
it's
a
kind
of
drop
in
support
for
the
protocol,
and
then
we
also
have
an
option
of
doing
what
I
call
direct
mode,
and
this
is
where
either
the
dns
server
itself
speaks.
Http
or
the
not
sure,
that's
really
useful,
and
it
may
be
a
little
bit
scary
but
more
useful.
Maybe
that
applications
may
speak
this
protocol
directly.
K
K
So
we
we've
had
a
bit
of
discussion
about
this
on
the
list.
We
think
we've
addressed
most
of
the
stuff
one
is
that
was
some
concern.
I
think
Paul
Hoffman
raised
it,
but
I
could
be
wrong
about
using
post
versus
get
since
conceptually
you're
just
doing
a
look
up,
which
is
seems
to
be
closer
to
again.
We
find
there's
a
lot
of
other
prior
history
of
using
a
post
for
this,
so
it's
seems
like
it's
a
closer
match
for
what
we're
actually
doing
just
throwing
binary
blobs
around.
K
There
was
also
some
suggestion
that
that
we
mentioned
that
it's
only
useful
in
this
proxy
mode
that
someone
said
you
could
use
it
for
web
development.
I
hesitate
to
put
much
text
in
about
that
because
well,
yes,
you
could
use
this
in
a
in
a
JavaScript
library
or
something
the
overhead
and
pain
of
like
constructing
binary.
Dns
object
seems
just
incredibly
crazy,
so
I
don't
know
we.
K
We
also
document
that
you
always
specify
the
flag,
whether
it's
the
UDP
or
TCP.
Just
for
simplicity
and
consistency,
we
tried
to
clarify,
try
to
clarify
twice
if
you
don't
need
the
two
byte
header
for
TCP
length,
because
it's
HTTP
and
we
already
know
the
length
it
may
still
not
be
clear,
in
which
case
I
give
up
in
someone
else
has
to
write
the
text.
I
expanded
the
Security
section
quite
a
bit.
Originally
it's
kind
of
said
now:
there's
nothing
really
to
worry
about.
K
Unfortunately,
I'm,
not
really
sure
of
a
good
way
to
do
that,
because
the
real
security
concerns
or
will
any
problem
with
DNS
or
any
problem
with
HTTP
or
if
using
HTTPS.
Any
problem
with
TLS
could
all
be
a
problem
here
and
there
may
be
new
ones
which
I
don't
really
can't
really.
Think
of
so
I
couldn't
find
any
documents
to
reference
like.
What's
all
of
best
practices
for
Dinah's
I,
don't
know,
I,
don't
know
what
to
put
there.
Another
suggestion
was
that
we
use
the
dot
well-known
uri
scheme.
K
K
Just
a
quick
note,
I'm
not
going
to
talk
to
the
slide,
but
we
did
do
some
Foreman's
test.
We
posted
them.
It
actually
looks
quite
good
one.
One
thing:
that's
interesting
is
the
TLS
performance
native
tailless
performance
for
the
Guinness
aqua.
We
tried
was
actually
really
bad
worse
than
HTTP
anyway,
so
we
should
we
adopt
it.
I
would
like
to
see
at
least
the
wire
format
document
adapted
I.
Think
the
survey
document
I
don't
really
mind.
K
K
So
I
would
like
the
working
group
to
adopt
it,
but
I'm
not
not
going
to
push
too
hard
for
it.
The
wire
format
document
I
I
think
it
would
be
much
a
much
stronger
document
if
it
was
a
DNS
up
document.
If
you
very
I'd
be
very
pleased
if
it
was
adopted
by
the
working
group,
however,
I
recognize
that
there
wasn't
a
lot
of
pre
discussion
about
possible
formats
for
DNS
over
HTTP,
and
we
did
kind
of
jump
in
and
present.
One
solution,
so
I
understand
that
there
may
be.
K
Can
some
concern
about
a
document
from
that
point
of
view
and
ultimately
could
be
informational
could
be
standards
track?
I
think
either
way
is
fine,
although
I
do
think
that
we
have
like
I
said
two
independent,
interoperable
implementations,
so
I
think
it
wouldn't
be
weird
to
have
it
as
a
standards
track
document,
except
for
maybe
signaling
that
this
is
a
generally
good
idea
where
I
think
it's
it's
an
interesting
and
useful
technique,
but
only
in
specific
cases.
So
anyway,
Ziller.
G
H
H
Going
back
to
slides.
I
I
was
the
one
who
brought
up
post
verses
yet
and
I
admit
that
I
thought
of
post
versus
get
because
I
was
thinking
of
my
model,
which
was
not
the
binary
one
and
I
and
I
was
like
no.
You
should
do
this
and
I
realized.
No
I
should
do
that.
Not
you
so
I'm,
fine
with,
if
you're
doing
the
binary
one
to
do
a
post
with
a
body
grant
with
a
body
is
known
to
like
right.
Really,
there
aren't
invoke
a
lot
of
Tears.
It's.
H
T
H
If
you
wanted
to
get
rid
of
your
second
bullet,
because
you
don't
want
someone
in
javascript
to
be
putting
together
a
dns
packet,
I
agree,
you
really
really
don't,
then
I
would
say
somebody
else
such
as
me
might
come,
do
some
of
the
legwork
as
well.
Do
it
a
different
way
and
make
it
and
only
look
at
that
group
so,
and
I
still
so
into
me-
that
is
a
strong
argument
also
for
doing
the
survey
document
as
well.
Okay,.
H
K
H
B
K
X
Yeah,
I'm
john
levine
mean
this
is
a
disgusting
crock,
but
it's
a
great,
but
it
solves
a
real
problem
and
I
would
like
it
to
be
no
well.
What
else
is
new
have
it
is
having
written
production,
dns
servers
and
cure
perl?
I
do
not
share
Paul's
concern
about
writing
this
stuff
in
JavaScript
and
and
not
basically,
you
know
if
this
is
if
we
can
put
this
on
the
standards
track,
and
this
will
allow
people
to
white
one
or
two
JavaScript
libraries
that
will
actually
work
to
look
up
at
SRV
record.
X
R
R
K
R
R
P
K
P
K
M
Remember
discussing
it
with
you
and
I.
Remember
your
own
Sultan,
o
mother
with
the
whole
system.
You
can
pass
any
DNS
request
as
your
DNS
of
anything.
If
you
find
nothing,
there's
always
service
that
some
things,
such
as
new
ed
Ellis
options
unknown
to
type
such
as
ever
we'd
be
missing
from
the
mapping,
but.
P
Was
the
idea
is
true
is
true,
well
I'm
just
here.
I
would
like
to
beg
your
indulgence
to
also
mention
that
at
the
hackathon
this
past
weekend,
Sara
Dickinson
did
a
whole.
Did
an
analysis
of
Google's
new
service
offering
this
and
put
her
notes
together
in
a
PDF.
It
was
in
the
hackathon
slides
they'll,
be
there
will
be
available
in
line
I'll.
Send
that
link
to
list
to.
K
It
I
know
we're
short
on
time,
but
I'm
going
to
take
the
opportunity.
That's
actually
a
good
example
of
one
of
the
strengths
of
this
approach
versus
using
a
restful
api
approach,
which
is
that,
for
example,
you
there's
no
way
to
do
a
validating
resolver
with
the
current
with
the
current
google
api,
and
they
may
extend
it
to
allow
that
possibility.
But
until
that
happens,
it's
not
possible
anyway.
W
W
W
K
W
Fair
enough,
because
if
we're
going
to
make
a
working
group
thing
out
of
it,
we
must
be
clear
on
what
type
of
problem
we're
trying
to
solve
here.
Yeah.
The
second
one
is
actually
is
this
DNS
of
work,
because
to
me
this
looks
like
a
transport
protocol
mechanism,
and
maybe
the
NSF
has
now
turned
into
the
the
transport
lesson
for.
R
W
G
Y
K
M
W
N
Y
N
N
N
B
So
thanks
a
lot
very
much.
Shame
thanks.
Everybody,
three
things:
blue
sheets,
I
think
we
only
have
one
of
them
up
here.
If
you
haven't
signed
the
other
one
sign
it
and
then
bring
it
up
here
for
those
of
you
who
be
here
on
Friday,
we
are
doing
session
to
friday
morning,
we'll
see
you
there
and
if
you're
not
safe,
travels
home
and
we'll
take
all
these
things
back
to
the
list
and
see
you
there.