[dns-privacy] Warren Kumari's Yes on draft-ietf-dprive-rfc7626-bis-06: (with COMMENT)

Warren Kumari via Datatracker <noreply@ietf.org> Thu, 08 October 2020 13:00 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Warren Kumari via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dprive-rfc7626-bis@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, Brian Haberman <brian@innovationslab.net>, dns-privacy@ietf.org, brian@innovationslab.net
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Warren Kumari <warren@kumari.net>
Message-ID: <160216203254.7120.12644413967454363372@ietfa.amsl.com>
Date: Thu, 08 Oct 2020 06:00:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/AHDhgd0AEbZiTHsIDP4hSEA5dHY>
Subject: [dns-privacy] Warren Kumari's Yes on draft-ietf-dprive-rfc7626-bis-06: (with COMMENT)

Warren Kumari has entered the following ballot position for
draft-ietf-dprive-rfc7626-bis-06: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

[ Thank you for addressing my DISCUSS point. ]

[Edit: I accidentally hit "Send" too early; I have another few comments, also
non-blocking: 1: "Also, sometimes, the QNAME embeds the software one uses,
which could be a privacy issue. For instance,
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.example.org."... Unless you
are a Microsoft or DNS weenie, this is likely not at clear -- what is being
leaked here? The fact that the site uses TCP? LDAP? Windows? Goldbach's
Conjecture? Example software? (I think adding a sentence here would be
helpful...) ]

Thank you for this document - it's really useful, and readable as well.

I do have a few small comments to (possibly) make it even better - I will in no
way be offended if you ignore these...

The background on how DNS works is nicely written, and I'm to point people at
it when I need to explain how the DNS works -- but I think a better name
example than: "What are the SRV records of _xmpp-server._tcp.example.com?"
would be good -- SRV is an unusual record type, and names with underscores
surprise people. I'd instead suggest "What is the MX records for example.com"
or "What is the A record for ftp.example.com?" -- I'm only mentioning this
because the rest of the section is a very general introduction and this might
confuse newcomers...

"At the time of writing, almost all this DNS traffic is currently sent in clear
(i.e., unencrypted). However there is increasing deployment of DNS-over-TLS
(DoT) [RFC7858] and DNS-over-HTTPS (DoH) [RFC8484], particularly in mobile
devices, browsers, and by providers of anycast recursive DNS resolution
services." I think that you might want to remove the "particularly in ..." - I
suspect that it will not age well; the document does say "At the time of
writing" and "increasing", etc., but this document is likely foundational
enough that it will still be referenced many many years from now, and this text
may just cloud matters then.

Whatever the case, thanks again for this document!

[dns-privacy] Warren Kumari's Yes on draft-ietf-d… Warren Kumari via Datatracker