[dns-privacy] Genart last call review of draft-ietf-dprive-xfr-over-tls-09

Dan Romascanu via Datatracker <noreply@ietf.org> Sat, 17 April 2021 09:43 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B25683A1BA6; Sat, 17 Apr 2021 02:43:55 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Dan Romascanu via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: dns-privacy@ietf.org, draft-ietf-dprive-xfr-over-tls.all@ietf.org, last-call@ietf.org, dromasca@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.28.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161865263565.11494.11842811379172646764@ietfa.amsl.com>
Reply-To: Dan Romascanu <dromasca@gmail.com>
Date: Sat, 17 Apr 2021 02:43:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/goJg92GO6BPq8mxWjtC6Bk-XJqY>
Subject: [dns-privacy] Genart last call review of draft-ietf-dprive-xfr-over-tls-09
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Apr 2021 09:43:56 -0000

Reviewer: Dan Romascanu
Review result: Ready with Nits

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-dprive-xfr-over-tls-09
Reviewer: Dan Romascanu
Review Date: 2021-04-17
IETF LC End Date: 2021-04-20
IESG Telechat date: Not scheduled for a telechat


Ready with nits.

This document specifies XFR-over-TLS (XoT) i.e. the use of TLS, rather than
clear text, to prevent zone content collection via passive monitoring of DNS
zone transfers. This is a very clear and well-written document. I had to do
further reading to understand some of the specified or referred concepts and
mechanisms, but after doing it all aligned nicely. I especially appreciate the
inclusion and level of detail of Section 7 which explains the updates to the
existing specifications, including the RFCs updated by this document and
clarifies the issues of backwards compatibility. There are a few nits that I
suggest to address before publication.

Major issues:

Minor issues:

Nits/editorial comments:

1. In Section 3:

> XoT: Generic XFR-over-TLS mechanisms as specified in this document

What does 'Generic' mean here? Are there also non-generic / specific mechanisms
similar to XoT that should be referenced? If not, consider dropping 'Generic'

2. In Section 5 there are two Design Considerations labelled both Performance.
Is this the intent? If yes, maybe they should be grouped together. If not maybe
at least one of the name may be changed.

3. Should not the fact that implementations MUST use TLS 1.3 or higher, which
is specified in Section 8.1, be also mentioned in the Introduction?

4. Section 9 uses in one instance the term 'multi-master'. Can an alternative
term be considered, taking into account the work summarized in I-Ds such as

5. I assume that Section 20 - Changelog will be removed before publication