[dns-privacy] Barry Leiba's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)

Barry Leiba via Datatracker <noreply@ietf.org> Wed, 05 February 2020 08:30 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E6C2120273; Wed, 5 Feb 2020 00:30:29 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-dprive-bcp-op@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dprive-chairs@ietf.org, tjw.ietf@gmail.com, dns-privacy@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.116.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Barry Leiba <barryleiba@computer.org>
Message-ID: <158089142938.12762.6290507656137173098.idtracker@ietfa.amsl.com>
Date: Wed, 05 Feb 2020 00:30:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/L2Vh0mV3KFuaq0DMF7JcICePfnI>
Subject: [dns-privacy] Barry Leiba's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 08:30:33 -0000

Barry Leiba has entered the following ballot position for
draft-ietf-dprive-bcp-op-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


I support Ben’s DISCUSS.

Other comments:

Throughout, “privacy-related” needs the hyphen, as it’s a compound modifier.

— Section 1 —

   For example the user has a clear expectation of which
   resolvers have visibility of their query data however this resolver/
   transport selection may provide an added mechanism to track them as
   they move across network environments.

This sentence needs some punctuation: certainty, a comma after “for example”,
and probably one before “however”.  Even with those, it’s an awkward sentence
and you might consider rephrasing it.

   It is an untested area that simply using a DNS
   resolution service constitutes consent from the user for the operator
   to process their query data.

   Whether simply using a DNS resolution service constitutes consent
   from the user for the operator to process their query data is as yet

   o  To introduce the DNS Recursive Operator Privacy (DROP) statement
      and present a framework to assist writers of this document.

When I read this, I thought you meant *this* document, and that didn’t make
sense.  You mean “that document”, or, better, “writers of a DROP statement.”

      DROP statement is a document that an operator can publish
      outlining their operational practices and commitments with regard
      to privacy thereby providing a means for clients to evaluate the
      privacy properties of a given DNS privacy service.

This needs at least a comma before “thereby”.  I might also change to “publish,
which outlines ... privacy, and thereby provides a means”.

(At this point I’m going to stop calling out all but the most hard-to-follow
editorial issues.)

— Section 2 —

   Whilst the issues raised here are targeted at those operators who
   choose to offer a DNS privacy service, considerations for areas 2 and
   3 could equally apply to operators who only offer DNS over
   unencrypted transports but who would like to align with privacy best

If we’re considering encryption to be part of the best practice, this seems
odd.  Maybe say “but who would otherwise like to align...”?

— Section 5.1.1 —

   o  DNS-over-TLS [RFC7858] and [RFC8310].
   o  DoH [RFC8484].

There’s no reason to hyphenate the former, and the latter should also be
expanded here:

   o  DNS over TLS [RFC7858] and [RFC8310].
   o  DNS over HTTPS [RFC8484].

Similarly, take the hyphens out of “DNS over DTLS” in the next paragraph, and
out of “DNS over TLS” throughout the document.

— Section —
It’s “forgo” (give up), not “forego” (go before).

— Section 8 —
For a document such as this, the Security Considerations sectiin seems very
meagre.  As the Sec ADs have not called this out, I’ll presume they think it’s
OK, and I won’t press the issue.  Perhaps all relevant information is already
elsewhere in the document.