Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile

["Paul Hoffman" <paul.hoffman@vpnc.org>]

Greetings. I apologize for this being late, but I kinda wanted to see 
what topics other reviewers focused on. However, other than Stéphane's 
review, nothing has been said.

There are some big topics for the document that I have split out into 
other messages. Some may be considered rehashing of earlier discussions, 
and I'm totally open to "nope, that's not what the WG wants", but I 
think it is worth making sure we all still feel that way. The rest of 
this message are nits.

Section 1: "The proposals here might be adapted or extended in future to 
be used for recursive clients and authoritative servers, but this 
application is out of scope for the DNS PRIVate Exchange (DPRIVE) 
Working Group per its current charter." This document will long outlive 
the WG, so everything after the first comma should be removed.

Section 1: "How a DNS client can verify that any given credential 
matches the domain name obtained for a DNS server." "obtained" is 
somewhat difficult here because there are many ways that the name is 
determined. Proposal: "matches the domain name of the DNS server".

Section 1: "DNS-over-TLS draft" should be [RFC7858].

Section 2: "forwarder/proxy" (used twice) The rest of the sentence talks 
only about forwarder, and it's not clear how a proxy differs from a 
forward, so maybe just change these to "forwarder".

Section 4: In Table 1, change "N (D)" to "ND". I cannot figure out what 
the parentheses mean, and all three N situations are ND.

Section 4.3.1: "Bootstrapping" is not a widely-understood term. 
Proposal: replace it with "Configuration".

Section 8.3: The "[NOTE:" is not really a note, it is a full statement. 
Proposal: remove "[NOTE:" and "]".

Section 11: The first paragraph covers multiple topics; it could be 
broken after second sentence.

--Paul Hoffman