Re: [dns-privacy] Secdir early review of draft-ietf-dprive-unilateral-probing-07
Tim Wicinski <tjw.ietf@gmail.com> Fri, 09 June 2023 20:31 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF062C151533; Fri, 9 Jun 2023 13:31:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DP-bf7XX9GV7; Fri, 9 Jun 2023 13:31:20 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C997C151532; Fri, 9 Jun 2023 13:31:17 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-977d4a1cf0eso323803166b.1; Fri, 09 Jun 2023 13:31:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686342675; x=1688934675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tvHoZ0PdMMoRNnRvHibxLhWSvibkFHAIhtwUc7UDEaA=; b=n7ZI5mS4FEhaV58u8ymbxgTBYyWAxzqqVrrtVayFjt3chEG12gvK6IoeWSwZpAoYek qLuK/IbPOCxQKS/Flb4m1zrcJNLB5f8//dSTfYaSCLqoDKvfFmBG+PQW2Db+UQ4hqSg5 BS6vySaXuYKNcjqgnhWMeD0AieQUBO/wo71tsnJqHbpI18ZIjvNvGbfujfY2AubzoJGN OEfa3zht6RTwhY+5SiqA/sAzoPj8BQ8uHTrUGzCy0+wc2yNqiwwgb5mV6Fuxw1afep6/ un3CxdMB0uh5r6tzzfudgMetFDaHcwDbbejvxlW76QodqLQ0S/+JbNSxuqOqXGdHEd2D jEPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686342675; x=1688934675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tvHoZ0PdMMoRNnRvHibxLhWSvibkFHAIhtwUc7UDEaA=; b=elUCSdkeyMPjJTmSoSeIEemFUV72ty5eyojeG2D/16nSE6TCPDoHCkuyqUX85ugg3k 23BJKN/WzIASLubnTs4BW+FWJAJJG4pimQUcr4U0B9xKDUF+QcBhV70Dr8AlnFuEJbUh nhUffXTOt+iIMpmSggQ1SOQ6dAq7dSU+xeGON0cV/bD2aUXmVNO02VunCewg8KwTxy2e y2Og0q1+LDq61hZzyD2jEU7BmjWZWH3cTveQjXDHB0pxkn67ZqS9D5iD6ef/l9iv5udW PodQh5JIpD1hq/8rA8iSxCN+u9a/Ht/t35IngvARPtFcWdf20s6fArz65vLNTs+HBnMQ 30NQ==
X-Gm-Message-State: AC+VfDxY53GvBSjSdYLPTQV5GvTGRb5jZ4KCZBZi0jvjkLYo3Dsrm8Jf JAIv7tTnwoZLLozqldBCJhjTUKy1BROilLJq5OklXQZ9OIg=
X-Google-Smtp-Source: ACHHUZ7PV1X15HnnQfnHkp5bA1CyIdGqmie5Nr6HEr9xyVtLBF/qC7EpmoVWX44A5F9vBpgQPO/lUt44vxqNoJ1KIrA=
X-Received: by 2002:a17:907:94ca:b0:96a:52e:5379 with SMTP id dn10-20020a17090794ca00b0096a052e5379mr2382463ejc.63.1686342675558; Fri, 09 Jun 2023 13:31:15 -0700 (PDT)
MIME-Version: 1.0
References: <168634204133.61641.15990253589636399258@ietfa.amsl.com>
In-Reply-To: <168634204133.61641.15990253589636399258@ietfa.amsl.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Fri, 09 Jun 2023 16:31:03 -0400
Message-ID: <CADyWQ+G-6D1Sb8xj4UCbfNC1g_rafEWFn-hBJcLdv=th_5tHUA@mail.gmail.com>
To: Rich Salz <rsalz@akamai.com>
Cc: secdir@ietf.org, dns-privacy@ietf.org, draft-ietf-dprive-unilateral-probing.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002575fa05fdb8404b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ko3zTbiq5hQDbh6qbgv-ubHj24E>
Subject: Re: [dns-privacy] Secdir early review of draft-ietf-dprive-unilateral-probing-07
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 20:31:22 -0000
I pointed out to Mr Salz that Alajuela is the location of the author in question, not their employer. He apologizes for his lack of Geography. (or he should) tim On Fri, Jun 9, 2023 at 4:20 PM Rich Salz via Datatracker <noreply@ietf.org> wrote: > Reviewer: Rich Salz > Review result: Has Nits > > The term "unilateral" makes me do a double-take. That's probably on me, > but I > always think of it in a military context. So I am glad to see a short clear > definition early in the document, in the terminology section. All of the > comments below are optional. > > I am curious why Joey's affiliation is in the author's area but not the > title > page. > > Sec 2.1 I think before this there should be an intro sentence, like "There > were two main priorities for this work" or some such. Also the "--" should > probably be a colon. > > Sec 2.2 Is the main point of the first paragraph to say that DoQ and DoT > don't address this type of deployment but leave it open for future docs? > If > so, maybe that's worth stating directly. > > Sec 3 I think the ALPN the client "should" use (lowercase) is better than > "may > use" > > Sec 3.1 Merge first two paragraphs > > Sec 3,2 A server *could* use a classic TLS server cert, right? Worth > mentioning? Worth proposing an eKU for DNS? > > Sec 4.1 Is this 'happy eyeballs'? If so, worth mentioning I think. > > Sec 4.2, Merge the first two sentences: This document encourages the first > strategy, to minimize timeouts or accidental delays and does not describe > the > other two." The remaining paragraphs contain some redundancy or otherwise > could > benefit from editing. For example, consider not saying anything about NS > records. > > Sec 4.3, combine the two paragraphs that appear just after the table. > > Sec 4.4, combine first two paragraphs. Last paragraph seems out of place > for > this doc. > > Sec 4.5 In the table is "retain across reset" mean server restart? Are the > last > two paragraphs duplicate of 4.4? If not, I don't appreciate the difference; > merge them into one. > > Sec 4.6, ah, happy eyeballs comparison. Consider a forward pointer from > 4.1 > > Sec 4.6. Nice details. Does this borrow from what SMTP opportunistic > does? If > so, might be worth mentioning. > > Sec 4.6.3.1 "store early data" Is store the right word? Send or stuff > comes > to mind. > > Sec 4.6.3.3 Do not send SNI. Hmm. Okay. That's a big change from > common web > tls deployments. Worth calling out? > > Sec 4.6.8.2, can you point to specific sections in the RFCs? Okay if not. > > Sec 4.6.10, there's no title for the section referenced in 7858? :) > > Sec 5, "This document has no IANA considerations" is the boilerplate I've > seen > most often. > > Sec 6.2, A suggestion of what statistics to report would be useful. I also > think the section title isn't great. > > Appendix A, is that to be removed when published? Should A and B > explicitly > say they are not normative? > > > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy >
- [dns-privacy] Secdir early review of draft-ietf-d… Rich Salz via Datatracker
- Re: [dns-privacy] Secdir early review of draft-ie… Tim Wicinski
- Re: [dns-privacy] Secdir early review of draft-ie… Salz, Rich
- Re: [dns-privacy] [Ext] Secdir early review of dr… Paul Hoffman
- Re: [dns-privacy] [Ext] Secdir early review of dr… Salz, Rich