[dns-privacy] Ben Campbell's Yes on draft-ietf-dprive-dtls-and-tls-profiles-09: (with COMMENT)

Ben Campbell <ben@nostrum.com> Wed, 10 May 2017 21:48 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9997C1292CE; Wed, 10 May 2017 14:48:01 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dprive-dtls-and-tls-profiles@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dprive-chairs@ietf.org, tjw.ietf@gmail.com, dns-privacy@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.50.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149445288162.16739.870078352991642154.idtracker@ietfa.amsl.com>
Date: Wed, 10 May 2017 14:48:01 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/n1MRLkbPreZJAQazkKtA9qSt3tQ>
Subject: [dns-privacy] Ben Campbell's Yes on draft-ietf-dprive-dtls-and-tls-profiles-09: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 21:48:03 -0000

Ben Campbell has entered the following ballot position for
draft-ietf-dprive-dtls-and-tls-profiles-09: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I'm balloting "yes", but I do have some comments:

Substantive:

5: "Clients using Opportunistic Privacy SHOULD try for the best
case..."
When might it be reasonable _not_ to try for the best case? (That is, why
not MUST)? 

5.1: What's a reasonable granularity for the profile selection? The text
suggests that decision is on a per-query basis; is that the intent? I
assume you don't expect a user to make a decision for each query.

6.5: The statement that a client using OP "MAY" try to authenticate seems
inconsistent with the "SHOULD try for the best case" statement in S5.
(But seem my comment above about that.)

13.2: [I-D.ietf-dprive-dnsodtls] is referenced using 2119 keywords, so it
should be a normative reference. (Note that this would be a downref.)

Editorial:

2: "MUST implement DNS-over-TLS [RFC7858] and MAY implement DNS-
over-DTLS [I-D.ietf-dprive-dnsodtls]."
Unless these are new-to-this-draft requirements, please use descriptive
(non-2119) language. (Especially in a definition).

5: "Strict Privacy provides the strongest privacy guarantees and
   therefore SHOULD always be implemented in DNS clients along with
   Opportunistic Privacy."

Does that mean "SHOULD implement both strict and opportunistic privacy"
or "If you implement opportunistic you SHOULD also implement strict?"

 6.2: Should list item "2" be "ADN+IP", like in the table?

11: Is "SHOULD consider implementing" different than "SHOULD implement"?
If so, please consider dropping the 2119 "SHOULD" when talking about what
people think about.