Re: [dns-privacy] Genart last call review of draft-ietf-dprive-xfr-over-tls-09

Dan Romascanu <dromasca@gmail.com> Tue, 20 April 2021 09:36 UTC

Return-Path: <dromasca@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECF73A1A4A; Tue, 20 Apr 2021 02:36:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1P5aHmvQOE3o; Tue, 20 Apr 2021 02:36:17 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 069963A1A49; Tue, 20 Apr 2021 02:36:16 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id v123so30957242ioe.10; Tue, 20 Apr 2021 02:36:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jGuq6W4emdj9knnEPCvPwtWfQ9sPNLav1rtaYfnMuF0=; b=KpmabR8jzKdWPi5czrWjQfyBtt/kynRcqbPf/X4d+DPelze6J40UnSwH7Rsj3bIgE6 V7jkO9Qs0OskihyqCbuas5KEqzWTRwkfh2eahCzHpYaERupGs+C668vl0iXXDDhQJz5S KMktfgYmhIql7f+GWOcQGnI2Q97X03FYMD5UIGC9lmw7NXl/pvLVfMW2G3Ld+aAUBwPv DpIFgbU78oXyfoRIghJvMm1PkmzeFTtHMfTr3PvBg6imZIQQRS1+fXLE+cXHFfiHlDSu FIVTr8qsZYkLuGys0ewu2BzCpwSGWBGoywDbE+fPiGXYIEAeOPDVb4lqbonujkx+KpZM /8lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jGuq6W4emdj9knnEPCvPwtWfQ9sPNLav1rtaYfnMuF0=; b=gwW1rnXjPJhJ3WQgJe2sxd6lS+vlgvfs/OPQh3Pf3u6qo8QZRxFN2z/IVoiwS6Zz2R jqGgOs2ws9iGn9NkV+bSgTVCIHFKrtot5ew6vOztGSfVs2hjksdV59uh31XcYlJujPBW 6FHnhU2Fxyp3rWgWWJMhKd9+kQBpKyOweG90w06vmGR97Rb39kw2RJjwur/PyeFhxxt1 zaD7tv5ezQa3tk3MEeMTFkfPMQODsekF2TIG7qbUvJF4yElyjlDXFeqjpO82zdFGAqr0 LXo8lzH1RDPHyulYyvFg/d4bzV7ioTtQw0Z1ee5poi9gI8l5vH3AsOYZ2y8IIF8UnRuO ffFQ==
X-Gm-Message-State: AOAM533CjWxnWIrKNax7OC+kxEaNe3fpB3fLNJZPtwwFNw6T09K/I5U+ VQrXs084cvmK0Yhe0sTHcyMm7rfkC0DkR5IkS2k=
X-Google-Smtp-Source: ABdhPJw0tANGbSFVLxZsimtRQiN2Q0/eIHVSql8ImT3GWCruDaenbImmuZj6wIesrRs9agikUDpaZV/QWYhJLhJdj+4=
X-Received: by 2002:a05:6638:a2c:: with SMTP id 12mr16536201jao.99.1618911375346; Tue, 20 Apr 2021 02:36:15 -0700 (PDT)
MIME-Version: 1.0
References: <161865263565.11494.11842811379172646764@ietfa.amsl.com> <79092CDB-33DC-472D-B597-1CA22E4D4342@sinodun.com>
In-Reply-To: <79092CDB-33DC-472D-B597-1CA22E4D4342@sinodun.com>
From: Dan Romascanu <dromasca@gmail.com>
Date: Tue, 20 Apr 2021 12:36:03 +0300
Message-ID: <CAFgnS4W0s-BJj3nhdM4Li7WdRRG4WdvxR_xbX3RB5=XFq-Tj_Q@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: General Area Review Team <gen-art@ietf.org>, DNS Privacy Working Group <dns-privacy@ietf.org>, draft-ietf-dprive-xfr-over-tls.all@ietf.org, Last Call <last-call@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000734f8c05c0642dbe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/2aPi0PPnZFjA12Y913VzZRt5PZo>
Subject: Re: [dns-privacy] Genart last call review of draft-ietf-dprive-xfr-over-tls-09
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 09:36:22 -0000

Hi Sara,

Thank you for the response and for addressing the nit-comments in my
review. All seems fine to me now from my end.

Regards,

Dan


On Tue, Apr 20, 2021 at 11:51 AM Sara Dickinson <sara@sinodun.com> wrote:

>
>
> On 17 Apr 2021, at 10:43, Dan Romascanu via Datatracker <noreply@ietf.org>
> wrote:
>
> Reviewer: Dan Romascanu
> Review result: Ready with Nits
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
>
> For more information, please see the FAQ at
>
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
>
> Document: draft-ietf-dprive-xfr-over-tls-09
> Reviewer: Dan Romascanu
> Review Date: 2021-04-17
> IETF LC End Date: 2021-04-20
> IESG Telechat date: Not scheduled for a telechat
>
> Summary:
>
> Ready with nits.
>
> This document specifies XFR-over-TLS (XoT) i.e. the use of TLS, rather than
> clear text, to prevent zone content collection via passive monitoring of
> DNS
> zone transfers. This is a very clear and well-written document. I had to do
> further reading to understand some of the specified or referred concepts
> and
> mechanisms, but after doing it all aligned nicely. I especially appreciate
> the
> inclusion and level of detail of Section 7 which explains the updates to
> the
> existing specifications, including the RFCs updated by this document and
> clarifies the issues of backwards compatibility. There are a few nits that
> I
> suggest to address before publication.
>
>
> Hi Dan,
>
> Many thanks for the review.
>
>
> Major issues:
>
> Minor issues:
>
> Nits/editorial comments:
>
> 1. In Section 3:
>
> XoT: Generic XFR-over-TLS mechanisms as specified in this document
>
>
> What does 'Generic' mean here? Are there also non-generic / specific
> mechanisms
> similar to XoT that should be referenced? If not, consider dropping
> ‘Generic'
>
>
> It was intended to mean that the term applied to both IXFR and
> AXFR-over-TLS… I propose updating the text to the following:
>
> “XoT: XFR-over-TLS mechanisms as specified in this document which apply to
> both AXFR-over-TLS and IXFR-over-TLS"
>
>
> 2. In Section 5 there are two Design Considerations labelled both
> Performance.
> Is this the intent? If yes, maybe they should be grouped together. If not
> maybe
> at least one of the name may be changed.
>
>
> Good point - they are now grouped them together.
>
>
> 3. Should not the fact that implementations MUST use TLS 1.3 or higher,
> which
> is specified in Section 8.1, be also mentioned in the Introduction?
>
>
> Yes - the last paragraph is now update to add that.
>
>
> 4. Section 9 uses in one instance the term 'multi-master'. Can an
> alternative
> term be considered, taking into account the work summarized in I-Ds such as
> https://datatracker.ietf.org/doc/draft-knodel-terminology/?
>
>
> Thanks for spotting this. I suggest simply removing that text as I think
> term multi-primary in the title should be enough given our terminology
> section.
>
>
> 5. I assume that Section 20 - Changelog will be removed before publication
>
>
> I’ve added text to request this, just to make sure.
>
>
> I’ve published a -10 version the draft including these changes which I
> hope addresses your issues?
>
> Regards
>
> Sara.
>
>
>
>