From owner-ipseckey-outgoing@lox.sandelman.ottawa.on.ca Fri Oct 4 14:24:57 2002 Received: from [[UNIX: localhost]] ([[UNIX: localhost]]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) id OAA02847 for ipseckey-outgoing; Fri, 4 Oct 2002 14:24:57 -0400 (EDT) Received: from noxmail.sandelman.ottawa.on.ca (nox.sandelman.ottawa.on.ca [192.139.46.6]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id OAA02842 for ; Fri, 4 Oct 2002 14:24:56 -0400 (EDT) Received: from sandelman.ottawa.on.ca (marajade.dasblinkenled.org [192.139.46.66] (may be forged)) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g94ILHG05340 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Fri, 4 Oct 2002 14:21:24 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g94ILGLF006454 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Fri, 4 Oct 2002 14:21:17 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g94ILGp0006450 for ; Fri, 4 Oct 2002 14:21:16 -0400 Date: Fri, 4 Oct 2002 14:21:16 -0400 To: ipseckey@sandelman.ca Subject: [IPSECKEY] BOF agenda Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 04 Oct 2002 14:19:12 -0400 From: Michael Richardson Sender: owner-ipseckey@sandelman.ottawa.on.ca Precedence: bulk Reply-To: ipseckey@sandelman.ottawa.on.ca X-List: ipseckey@sandelman.ca -----BEGIN PGP SIGNED MESSAGE----- This is what was sent. BOF description IPSEC KEYing information resoure recore BOF (ipseckey) time =============================== CHAIRS: Michael Richardson Olafur Gudmundsson MAILING LIST: ipseckey-request@sandelman.ca Archive: http://www.sandelman.ca/lists/html/ipseckey/ DESCRIPTION: IP security public KEY in DNS (ipseckey) This effort has a goal of designing a resource record for the domain name system (DNS) to replace the functionality of the IPSEC sub-type of the KEY resource record. Sub-types of the KEY resource record are being obsoleted by the dnsext WG as part of the revision of the DNSSEC standard. A replacement is sought. The scope of work is to identify what information is needed in a IPSEC specific keying resource record. The contents of the resource record are not limited to only the information that is in the DNS KEY record but also contains usefull IPSEC information information. The general problems of key management, and semantic content of the data stored in the resource record is beyond the scope of this effort. This effort is limited to syntactic issues only. Semantics of the contained information is left to future deployment documents to define. The resulting resource record should be easily extensible for new uses. This effort is specific to providing IPSEC information in DNS. All other distributed databases are out of scope. PROPOSED SCHEDULE DEC 02 Solicit various proposals on what information is needed in IPSEC specific KEYing record. FEB 02 First draft of consensus RR proposal APR 02 Advance Document to IESG AGENDA: 1. Open meeting and welcome 2. Scribe and blue sheet 3. Introduction Michael Richardson 4. Documents 4.1 Why KEY is being obsoleted. Dan Massey www.ietf.org/internet-drafts/draft-ietf-dnsext-restrict-key-for-dnssec-04.txt 4.2 Requirements. 4.n Any IPSECKEY proposal that have shown up by Atlanta. 5. open mike 6. Charter discussion 7. schedule discussion 8. Next step. $Id: ipseckey.txt,v 1.5 2002/10/04 18:14:06 mcr Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPZ3bmYqHRg3pndX9AQEo5QP+LGDZy7tTSxhI/7pc5JOtnxTbr5eHgZRJ 7FMzDfNPFkM0KeVH/7IPuNS9d87zPSG+vnIUObWkBIT5vDtmOZBk92mdulmdkKsh abyaUbxWmGj8nvVpIH99Zj4KSMGYS+QZjYrrv/FTnROO3koKMpHwoKw6v4IMst9i I65g9574pDs= =MR++ -----END PGP SIGNATURE----- - This is the IPSECKEY@sandelman.ca list. Email to ipseckey-request@sandelman.ca to be removed. - This is the IPSECKEY@sandelman.ca list. Email to ipseckey-request@sandelman.ca to be removed. From owner-ipseckey-outgoing@lox.sandelman.ottawa.on.ca Fri Oct 4 14:37:04 2002 Received: (from majordom@localhost) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) id OAA03792 for ipseckey-outgoing; Fri, 4 Oct 2002 14:37:04 -0400 (EDT) Received: from noxmail.sandelman.ottawa.on.ca (nox.sandelman.ottawa.on.ca [192.139.46.6]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id OAA03787 for ; Fri, 4 Oct 2002 14:37:03 -0400 (EDT) Received: from sandelman.ottawa.on.ca (marajade.dasblinkenled.org [192.139.46.66] (may be forged)) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g94IXOG05364 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Fri, 4 Oct 2002 14:33:30 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g94IXNLF006516 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Fri, 4 Oct 2002 14:33:24 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g94IXLAN006512; Fri, 4 Oct 2002 14:33:22 -0400 Message-Id: <200210041833.g94IXLAN006512@marajade.sandelman.ottawa.on.ca> To: ipseckey@sandelman.ca cc: Olafur Gudmundsson Subject: [IPSECKEY] Re: comments request on IPSECKEY BOF description In-reply-to: Your message of "Fri, 04 Oct 2002 14:03:02 EDT." <20021004133726.T16857-100000@hlid.dc.ogud.com> Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 04 Oct 2002 14:33:21 -0400 From: Michael Richardson Sender: owner-ipseckey@sandelman.ottawa.on.ca Precedence: bulk Reply-To: ipseckey@sandelman.ottawa.on.ca X-List: ipseckey@sandelman.ca -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Olafur" == Olafur Gudmundsson writes: CHARTER> The resulting resource record should be easily extensible for CHARTER> new uses. Olafur> This line scares me, and mcr> The intention is that this there is a place to add meta-data. Olafur> exactly the fine point here is we do not want to create a new Olafur> record that has sub types, rather we want to fit in as much as we Olafur> can in early but leave a mechanishm to expand with certain Olafur> rules. (detail that the WG will have to address). I would be Olafur> happy if you get rid of the word "easily" Okay, it is done. And seeing you on the list, let's get it started and get the archive filling. Sorry, I jumped on sending off the document to agenda. I think we can update it with edits easily, so I'll do them now, and collect any further changes that might come up, and resubmit on Monday. Olafur> on one line you have the same word twice. Sorry, which line is this? Olafur> line 5 s/time// It was place holder for inserting the time/location of the BOF. Olafur> After thinking about the agenda I think we should move Next step Olafur> up to after Open Mike and keep that short then go on to charter Olafur> and schedule is realy part of charter. We need someone to bring Okay. Olafur> Open question, do we need 1 or 2 hour slot ? I hope that 1 hour is enough. I've heard that Altanta is going to be very packed, schedule wise. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPZ3e7oqHRg3pndX9AQFTCQP/cmR2w01W8Shu5xWZ+cUQe8MFa5A2efdK u+NPqU/fnmAPEAHgvjR0Eg9ybQwfCK1uyARHzx9fsSX423NTJGTVRaf0XmSnZWXi aHpqEzGymhzYY16TcN78Ks0jBCitvNnW+UAfy5TGiFMsLs+4z2H149+sfw6JTv/h 5WBdY8UY3E0= =qa0j -----END PGP SIGNATURE----- - This is the IPSECKEY@sandelman.ca list. Email to ipseckey-request@sandelman.ca to be removed. From owner-ipseckey-outgoing@lox.sandelman.ottawa.on.ca Fri Oct 4 14:40:54 2002 Received: (from majordom@localhost) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) id OAA04046 for ipseckey-outgoing; Fri, 4 Oct 2002 14:40:54 -0400 (EDT) Received: from noxmail.sandelman.ottawa.on.ca (nox.sandelman.ottawa.on.ca [192.139.46.6]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id OAA04040 for ; Fri, 4 Oct 2002 14:40:53 -0400 (EDT) Received: from sandelman.ottawa.on.ca (marajade.dasblinkenled.org [192.139.46.66] (may be forged)) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g94IbDG05367 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Fri, 4 Oct 2002 14:37:19 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g94IbCLF006536 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Fri, 4 Oct 2002 14:37:12 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g94IbBNv006531; Fri, 4 Oct 2002 14:37:11 -0400 Message-Id: <200210041837.g94IbBNv006531@marajade.sandelman.ottawa.on.ca> To: Dan Massey cc: ipseckey@sandelman.ca Subject: [IPSECKEY] Re: comments request on IPSECKEY BOF description In-reply-to: Your message of "Fri, 04 Oct 2002 14:06:29 EDT." <3D9DD8A4.24FE46D9@isi.edu> Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 04 Oct 2002 14:37:11 -0400 From: Michael Richardson Sender: owner-ipseckey@sandelman.ottawa.on.ca Precedence: bulk Reply-To: ipseckey@sandelman.ottawa.on.ca X-List: ipseckey@sandelman.ca -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Dan" == Dan Massey writes: Dan> I just got off a plane so I'm still reading email in pieces... Dan> I'd like to suggest one minor very change in the agenda wording. Dan> The description captures the idea that the KEY record was restrcited Dan> so I think everyone agrees on the concepts, but the title "Why KEY is Dan> being obsoleted" struck me as a little off. How about something Dan> more like: Dan> "Why KEY record subtypes were obsoleted." Dan> "Why the KEY record is no longer available to applications." Dan> "Why the KEY record was restricted to only DNSSEC keys." Good point. I like the last one. (I have a problem with "applications" - it is a relative term. ) ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPZ3f1YqHRg3pndX9AQE51AP/TfZk09JxVgJJrNhfgXAaNYunrwUdFmKl EB+9iEIIX5krEkuZnfMNpi3Efej15yesgz4tMA36kZ8RLDcrtBm4N7ypsdDDJSZG fqnreTpODAp2/kmPPkcPUXguX0mOUk+SQsxWp3H5s4BH68umPQ9AbxqZvQKOxY0D 0jwbhMz6L80= =Rowh -----END PGP SIGNATURE----- - This is the IPSECKEY@sandelman.ca list. Email to ipseckey-request@sandelman.ca to be removed. From owner-ipseckey-outgoing@lox.sandelman.ottawa.on.ca Fri Oct 4 23:28:02 2002 Received: (from majordom@localhost) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) id XAA12570 for ipseckey-outgoing; Fri, 4 Oct 2002 23:28:02 -0400 (EDT) Received: from ogud.com (208-59-113-50.c3-0.129-ubr2.lnh-129.md.cable.rcn.com [208.59.113.50]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id XAA12565 for ; Fri, 4 Oct 2002 23:27:59 -0400 (EDT) Received: from localhost (ogud@localhost) by ogud.com (8.11.6/8.11.6) with ESMTP id g953Njw17626 for ; Fri, 4 Oct 2002 23:23:52 -0400 (EDT) (envelope-from ogud@ogud.com) Date: Fri, 4 Oct 2002 23:23:45 -0400 (EDT) From: Olafur Gudmundsson X-X-Sender: ogud@hlid.dc.ogud.com To: ipseckey@sandelman.ottawa.on.ca Subject: Re: [IPSECKEY] Re: comments request on IPSECKEY BOF description In-Reply-To: <200210041833.g94IXLAN006512@marajade.sandelman.ottawa.on.ca> Message-ID: <20021004231528.O17599-100000@hlid.dc.ogud.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ipseckey@sandelman.ottawa.on.ca Precedence: bulk X-List: ipseckey@sandelman.ottawa.on.ca On Fri, 4 Oct 2002, Michael Richardson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > >>>>> "Olafur" == Olafur Gudmundsson writes: > CHARTER> The resulting resource record should be easily extensible for > CHARTER> new uses. > > Olafur> This line scares me, and > > mcr> The intention is that this there is a place to add meta-data. > > Olafur> exactly the fine point here is we do not want to create a new > Olafur> record that has sub types, rather we want to fit in as much as we > Olafur> can in early but leave a mechanishm to expand with certain > Olafur> rules. (detail that the WG will have to address). I would be > Olafur> happy if you get rid of the word "easily" > > Okay, it is done. > And seeing you on the list, let's get it started and get the archive > filling. > Sorry, I jumped on sending off the document to agenda. I think we can > update it with edits easily, so I'll do them now, and collect any further > changes that might come up, and resubmit on Monday. Lets leave it alone for now and work on getting people to start thinking about what and how to get the relevant information into the RR. > > Olafur> on one line you have the same word twice. > > Sorry, which line is this? > Sorry line 28 the word is information at the end of the line. > Olafur> After thinking about the agenda I think we should move Next step > Olafur> up to after Open Mike and keep that short then go on to charter > Olafur> and schedule is realy part of charter. We need someone to bring > > Okay. > > Olafur> Open question, do we need 1 or 2 hour slot ? > > I hope that 1 hour is enough. > I've heard that Altanta is going to be very packed, schedule wise. > Fine by me, just requires a more control on how long people speak at open mike. This is a record, BOF was approved in 146 seconds :-) (based on the timestamps on your and Steve's message) Date: Fri, 04 Oct 2002 14:17:30 -0400 From: Michael Richardson Date: Fri, 04 Oct 2002 14:19:56 -0400 From: "Steven M. Bellovin" Olafur - This is the IPSECKEY@sandelman.ca list. Email to ipseckey-request@sandelman.ca to be removed. From owner-ipseckey-outgoing@lox.sandelman.ottawa.on.ca Fri Oct 18 15:43:30 2002 Received: (from majordom@localhost) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) id PAA13142 for ipseckey-outgoing; Fri, 18 Oct 2002 15:43:30 -0400 (EDT) Received: from noxmail.sandelman.ottawa.on.ca (nox.sandelman.ottawa.on.ca [192.139.46.6]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id PAA13132 for ; Fri, 18 Oct 2002 15:43:29 -0400 (EDT) Received: from sandelman.ottawa.on.ca (marajade.sandelman.ottawa.on.ca [192.139.46.20]) by noxmail.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id g9IJdMS11093 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Fri, 18 Oct 2002 15:39:44 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g9IJG3sL024990 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Fri, 18 Oct 2002 15:16:05 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by marajade.sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id g9IJFwHQ024985; Fri, 18 Oct 2002 15:15:58 -0400 Message-Id: <200210181915.g9IJFwHQ024985@marajade.sandelman.ottawa.on.ca> To: ipseckey@lox.sandelman.ottawa.on.ca, Dan Massey Subject: [IPSECKEY] IPSEC KEYing information resource record BOF (ipseckey) In-reply-to: Your message of "Fri, 18 Oct 2002 11:51:03 EDT." <3DB02DE7.4711E897@isi.edu> Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Fri, 18 Oct 2002 15:15:57 -0400 From: Michael Richardson Sender: owner-ipseckey@sandelman.ottawa.on.ca Precedence: bulk X-List: ipseckey@sandelman.ottawa.on.ca Dan, re: BOF announcement, my copy reads: BOF description IPSEC KEYing information resource record BOF (ipseckey) time =============================== CHAIRS: Michael Richardson Olafur Gudmundsson MAILING LIST: ipseckey-request@sandelman.ca Archive: http://www.sandelman.ca/lists/html/ipseckey/ DESCRIPTION: IP security public KEY in DNS (ipseckey) This effort has a goal of designing a IPSEC specific resource record for the domain name system (DNS) to replace the functionality of the IPSEC sub-type of the KEY resource record. Original DNSSEC specification explicitly specified flags on KEY resource records for use by IPSEC. Experience has show this to cause operational problems. DNSEXT working group is restricting the use of the KEY record to DNS uses only. IPSEC keying via DNS thus needs a new resource record. The scope of work is to identify what information is needed in a IPSEC specific keying resource record. The contents of the resource record are not limited to only the information that is in the DNS KEY record but also contains useful IPSEC information information. The general problems of key management, and semantic content of the data stored in the resource record is beyond the scope of this effort. This effort is limited to syntactic issues only. Semantics of the contained information is left to future deployment documents to define. The resulting resource record should be extensible for new uses. This effort is specific to providing IPSEC information in DNS. All other distributed channels are out of scope. PROPOSED SCHEDULE DEC 02 Solicit various proposals on what information is needed in IPSEC specific KEYing record. FEB 02 First draft of consensus RR proposal APR 02 Advance Document to IESG AGENDA: 1. Open meeting and welcome 2. Scribe and blue sheet 3. Introduction Michael Richardson 4. Documents 4.1 Why the KEY record was restricted to only DNSSEC keys. Dan Massey www.ietf.org/internet-drafts/draft-ietf-dnsext-restrict-key-for-dnssec-04.txt 4.2 Requirements. 4.n Any IPSECKEY proposal that have shown up by Atlanta. 5. open mike 6. Next step. 7. Charter discussion 8. schedule discussion $Id: ipseckey.txt,v 1.6 2002/10/04 18:39:37 mcr Exp $ - This is the IPSECKEY@sandelman.ca list. Email to ipseckey-request@sandelman.ca to be removed.