Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile

"Paul Hoffman" <paul.hoffman@vpnc.org> Sat, 22 October 2016 23:25 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 737C81294A3 for <dns-privacy@ietfa.amsl.com>; Sat, 22 Oct 2016 16:25:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_3q2PnIITHA for <dns-privacy@ietfa.amsl.com>; Sat, 22 Oct 2016 16:25:23 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E57A129472 for <dns-privacy@ietf.org>; Sat, 22 Oct 2016 16:25:23 -0700 (PDT)
Received: from [10.32.60.49] (50-1-99-230.dsl.dynamic.fusionbroadband.com [50.1.99.230]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u9MNPK17032834 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dns-privacy@ietf.org>; Sat, 22 Oct 2016 16:25:21 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-99-230.dsl.dynamic.fusionbroadband.com [50.1.99.230] claimed to be [10.32.60.49]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Date: Sat, 22 Oct 2016 16:25:20 -0700
Message-ID: <03AC11BC-BE33-47B8-B1A2-1BDC26280B2C@vpnc.org>
In-Reply-To: <5dc29c0c-9f34-dcac-8d94-f2722ee6a4ba@gmail.com>
References: <5dc29c0c-9f34-dcac-8d94-f2722ee6a4ba@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Td0lGDe2oiS4flJYaVOHckev0CM>
Subject: Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Oct 2016 23:25:24 -0000

Greetings. I apologize for this being late, but I kinda wanted to see 
what topics other reviewers focused on. However, other than Stéphane's 
review, nothing has been said.

There are some big topics for the document that I have split out into 
other messages. Some may be considered rehashing of earlier discussions, 
and I'm totally open to "nope, that's not what the WG wants", but I 
think it is worth making sure we all still feel that way. The rest of 
this message are nits.

Section 1: "The proposals here might be adapted or extended in future to 
be used for recursive clients and authoritative servers, but this 
application is out of scope for the DNS PRIVate Exchange (DPRIVE) 
Working Group per its current charter." This document will long outlive 
the WG, so everything after the first comma should be removed.

Section 1: "How a DNS client can verify that any given credential 
matches the domain name obtained for a DNS server." "obtained" is 
somewhat difficult here because there are many ways that the name is 
determined. Proposal: "matches the domain name of the DNS server".

Section 1: "DNS-over-TLS draft" should be [RFC7858].

Section 2: "forwarder/proxy" (used twice) The rest of the sentence talks 
only about forwarder, and it's not clear how a proxy differs from a 
forward, so maybe just change these to "forwarder".

Section 4: In Table 1, change "N (D)" to "ND". I cannot figure out what 
the parentheses mean, and all three N situations are ND.

Section 4.3.1: "Bootstrapping" is not a widely-understood term. 
Proposal: replace it with "Configuration".

Section 8.3: The "[NOTE:" is not really a note, it is a full statement. 
Proposal: remove "[NOTE:" and "]".

Section 11: The first paragraph covers multiple topics; it could be 
broken after second sentence.

--Paul Hoffman