IETF Logo Mail Archive

[dns-privacy] AD review of draft-ietf-dprive-xfr-over-tls-08

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 18 March 2021 15:33 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F05A3A2E1B; Thu, 18 Mar 2021 08:33:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.619
X-Spam-Level:
X-Spam-Status: No, score=-9.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bwX7n8QI; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=fChWW0un
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CvH1dadW37Uc; Thu, 18 Mar 2021 08:33:46 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D94E3A2E15; Thu, 18 Mar 2021 08:33:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4176; q=dns/txt; s=iport; t=1616081626; x=1617291226; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=nk/BSjxguqt24Umz9AMNWO54f28pWokWoQDECDyUibE=; b=bwX7n8QIrPVhRA79L+3+IaTQOUS/GAVU62wholBnw7mPtYSs0dTP42+N Hi/hrInA5DwUwjRNMVgAqn9KcdCH91wcyDpmzs1kZlT2HArveBp7brQWz PTjBV0wFaZuFK1pfuWGtMAba7qWDKLKiCywV7qGXqj8fPiUQ1LhAZysom k=;
X-IPAS-Result: A0AzBQDMcVNgkIcNJK1agQmDI1GBVzYxhEKDSAOFOYghJY8lig6BQoERA1QLAQEBDQEBMgIEAQGEUBmBYgIlOBMCAwEBAQMCAwEBAQEFAQEBAgEGBBQBAQEBAQGGCwYnAQyGbhEMAQE3AREBBhwCJgIEMBUSBAoEgnWCVgMvAY9hkGoCih53gTKDBAEBBoJMgkQYghMJgQ8qgnaECYZLHxyBSUKBEScMEIccg1A1giuCSj4mBBgzgVQwFgORVoJ9phoKgwScUAMfg0SKZZYJlHudYQIqD4RNAgQCBAUCDgEBBoFrIYFbcBUaSwGCPlAXAg2MZYFGDQmDTYpZczgCBgEJAQEDCXyOfwEB
IronPort-PHdr: A9a23:EzPjmR+qghnLZP9uWNPoyV9lXQAupqn0MwgJ65Eul7NJdOG58o//O FDEjd1sgUPHG4LB5KEMh+nXtvXmXmoNqdaEvWsZeZNBHxkClY0NngMmDcLEbC+zLPPjYyEgW sgXUlhj8iK6PFRbXsHkaA6arni79zVHHBL5OEJ8Lfj0HYiHicOx2qiy9pTfbh8OiiC6ZOZ5L Q69qkPascxF6bY=
IronPort-HdrOrdr: A9a23:DuW2u6HEN+m6qIY/pLqFmJXXdLJzesId70hD6mlYcjYQWtCEls yogfQQ3QL1jjFUY307hdWcIsC7IE/03aVepa0cJ62rUgWjgmunK4l+8ZDvqgePJwTXzcQY76 tpdsFFZ+HYJVJxgd/mpCyxFNg9yNeKmZrY+Nv25V0Fd3AMV4hL6QBlBgGHVm1aLTM2S6YRPp ya+8ZBun6EcXMYcsy0ChA+LpT+jvfMk4/rZgNDOgUu7xOAgSjtxLnxFRWZ2Rl2aUIP/Z4J92 /Znwvlopiyqv3T8G6S60b/zbRz3OHgxNxKGdCWhqEuSgnEpw60aO1aKsa/lR8vpuXH0idOrP DpgzMNe/t+8GnQeGbdm2qs5yDF3Cw143HvjX+06EGT2/DRfz4xB8pfiY8xSHKwgCBM0KAeoc B29liEvJlaBw6oplWa2/H0VgpnnkfxgX0unf97tQ0mbaIiaaRcpYFawUVNEJ1oJlOC1KkbFo BVfaXhzccTVWnfQ2HSv2FpztDpdG80BA26Tk8LvdHQ+yRKnVhipnFoh/A3rzMlztYQWpNE7+ PLPuBDj7dVVPIbaqp7GaMoXda3MGrQWhjBWVjiY2jPJeUiATbgupT36LI66KWBY5oT1qY/n5 zHTRd+uXMtfVntTemDxodC/ByIYGjVZ0Wp9uhuo7xC/pHsTrviNiOODHo0ldG7nvkZCsrHH/ mpPpZbBOLiMHvuFY5F0xaWYegUFVAuFOku/vorUVOHpczGbqfwsPbATfrVLL3xVTYoM1mPRE crbXzWHoFt/0qrUnj3jFz6QHX2YHHy+pp2Dezf9+gXw44dK51UvmEu+A2Ez/DODQcHnr09fU N4Lr+iuLi8v3OK8WHB6HgsPAFcAEZT6LDpSGhLugcOLkPxfd84ypGiUFEX+EHCCg50TsvQHg IajU9w47iLI5uZwj1nF8iqKXuAj3wYpGuDSpAVnqHr37a8RroISrIdHIBhHwTCEBJ43TtwoG BYcQkeWwv0DTX1k5ioi5QSGcDSf9Rxmx2QPMZRsH7T3H/s/v0Hdz8+ZXqOWdTSqRsyTzBU72 cBjJM3sf6lo3KTDkcRxM4/K0ZBbWyLBqkuNnX6WKxk3pbxeA9xSm+Wgye9kB9bQBuxy2wiwk r8MCaTZfbHRn1at3ww6Ne3zHpEMkOAYkl3dnd29bdYKF2DkHNy3eiXD5DDjle5Ykcew+0bLT HOaSYTJAQr3NysyBuJgl+5ZAUb74k1MveYBLoudKy74ALdFKSY0a4BBPNa55BjKZTntfIKS/ uWf0uPICr/EP5B4X3eml81fC11omIji/XmxVns63W5xmc2BZPpURxbbqBeJ9GX9G7/QfmUlJ 1/kNIupOO1dmH8cMSPx62SbzlNLHro0CWLZvBtrZBfpqQpsrRvW5HdTDvTzXlCmAwkM92crj JofI1rpLTafoN/dc0bfCxUulIvidSUNUMu9gj7GPU3c10hh2LSVun5robguP4qGAmMtQHwMV 6Q/2lG8/DJUzCK2LQaB6gzSF4mIXQU+TBn5qePZofQAAKle6Vf51K8KGa6a6IYR66fG7kcxy wKr+2gjquSbW7/1w/Rtzcgff4L/GajXM+oAAWDXeRP6Me3PFyQgq2spM6/5Q2HPAeTegAdn8 lCc0dVc8FIzj8lh4cz2jKpSqP2rlk++mEulw1PhxrowMy+/GzfHUtaKgXXjZVdQClLPhGz/L b42Pnd0G64/SNM1pbCHlpBZ91CG9AfSY7sMidlQPJgyIKA7u4omSRMYBAnEm46hnT8xopdrM SE5Mk=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,259,1610409600"; d="scan'208";a="705153267"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Mar 2021 15:33:45 +0000
Received: from mail.cisco.com (xbe-aln-002.cisco.com [173.36.7.17]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 12IFXj52018806 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 18 Mar 2021 15:33:45 GMT
Received: from xfe-aln-004.cisco.com (173.37.135.124) by xbe-aln-002.cisco.com (173.36.7.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 18 Mar 2021 10:33:45 -0500
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xfe-aln-004.cisco.com (173.37.135.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 18 Mar 2021 10:33:44 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Thu, 18 Mar 2021 10:33:44 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hGivHIyUVzkG3d2/atv81AZ2Og4GSArUt4cIa4ozRhSATjHtJBP4jv35vwaqp6yvOmekHmF3Qeo/JqUxY6K2ddGlkZRA1CUcMEmAxQSrv20sgFQDHWoHDsDY4QhbL//HzDewwbNBQrHXVAMSF2bm5cLwTb7LHrreCcDoM6+SvtXwbF/GisMsU7R//pjQwOsxBJ4YehTJQKgptwPNNmZKEcZc3KCxTZB//skjzrTrE8zEB6MOwrMAqt/4Cf3ULroYf9m45JrzFyIgf+Md9mLZTFKRvR2NWOnaJHO3zoU1q6Orggqhig7pagSm+ppKp1ijMh1/u89o6Du7WIfYCqbPIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nk/BSjxguqt24Umz9AMNWO54f28pWokWoQDECDyUibE=; b=dr8x0KXayGa6AqxJg1Y7GzpbA8mgspHarPSl4S0wgO0RwdQD/XAtmb2ZiLYSF348oE+2wpDrC86gK5vJM+D5Z1tCRwRmCL/9Nv7f5Rre+q0q5nLEX6yRkp3EkJYMp5p4gSqjZFTGUDZXCgWNcyj6thvICz9VOlONyl9SoqRL5w5DODiGAmxTZZT8sI+ZBdphLiVBWwG9nqOV1aCe6uZzkrsnermKKHEjUxcPttyw1lGa/L+Us2CKRKOFli4F3xVbyRz/F1fDDfIkkXmd+J6hFSzcTSww6mR6mq+Ai/oVDdTylVd3ACT//ojsHEscgfX88iFmhpKEIx6DbwQS19QBPA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nk/BSjxguqt24Umz9AMNWO54f28pWokWoQDECDyUibE=; b=fChWW0unknbc9xYrP46wSuKy2y9PU+C/+N6/ChOhwTyRTjkCFjE/Cbe6KisqJti2np049V8HkG0Y1U2eSH19CivBrgzlngraNlNaljvshOavEWJ4I8JtIVjc4UH1N4KpMJ+p6DlqdKXB7Qne0smPw+vC/SBsZtkZhufQhKs0ou0=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4936.namprd11.prod.outlook.com (2603:10b6:510:42::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Thu, 18 Mar 2021 15:33:43 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::dcdf:3910:b85d:6eba]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::dcdf:3910:b85d:6eba%7]) with mapi id 15.20.3955.018; Thu, 18 Mar 2021 15:33:43 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "draft-ietf-dprive-xfr-over-tls.all@ietf.org" <draft-ietf-dprive-xfr-over-tls.all@ietf.org>
CC: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: AD review of draft-ietf-dprive-xfr-over-tls-08
Thread-Index: AQHXHAwUM9FOiyyBSECEkBBlaJXfAw==
Date: Thu, 18 Mar 2021 15:33:43 +0000
Message-ID: <743E167C-3449-49A9-81F9-48CE5E98846C@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:40c2:3a8f:5d3:1135]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 604a6843-caff-45a0-f2f5-08d8ea2336be
x-ms-traffictypediagnostic: PH0PR11MB4936:
x-microsoft-antispam-prvs: <PH0PR11MB493630E5984F57C14F65CD10A9699@PH0PR11MB4936.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: a/ievit5lMP1Pzf+BZ0Ua3I+HwvnMq1wnZddQc5KU4YmB2aT/ecGFgZ/aDPRa3NBPUVrOtTuFZv257NjTyUN63Q+Rpja/nVXRD35Q42S2xlpdumvLKDTjY7gymXZA0lZliCSQla1lvksKcy2fVrYM5E494GmbrTeZfN8B5hPPN06crCI01VxXJZuBJDMBEk818+Jot04ByHTiVJJPXIfKk53G2kRe26p9ZE6+ddqSlOSlLNbFQwQTy0LzWM7AhJep8VgsEpO6bWJ1GGjdlFeWp1tgPPYcVhpt2LSDHNguDfWRo041cO0HRCTe4mByafg7C4lU5CNCoR/rZP25i8QTHptVsSpjiiK+A+XgNCAyxsv4VCdJXWIynqKgeBF6M9JO0snGXeQ1lMGBYj75tlR92GUg8qSY90w1NbawS1wMFNryY/DNUBC/TZWfecXRUkhZBNy3K0MGlMfUhrqHGRIiMLv3K1zVBq5vhLvjI2nl4HIC5YuPYvnXgZJp4II39PBLVfM6TlZm0UCL+JEKr8s5j3xreecVk9j63w9RIpKf6GDxFzhuwvDy8Hg6VI9Rjv2ffiVi450CX/dyT6UFaEYXgusSCyvmuy++BqhnDt1sVv90Vk64BUxLoGo/y2bI4jo34FoTK8FjFra/mtIeqpAAA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(376002)(366004)(346002)(39860400002)(396003)(33656002)(66556008)(2616005)(186003)(66946007)(83380400001)(6512007)(450100002)(66446008)(6916009)(86362001)(91956017)(76116006)(38100700001)(8676002)(6486002)(64756008)(8936002)(71200400001)(6506007)(66476007)(5660300002)(36756003)(478600001)(2906002)(4326008)(316002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: J5jVTGRqdwxw0kotFewsS5HqeRJXGqJAP+9xbFMPRAE997efP+NCY1EZxd2xW+bP6NEcvOMbrkXrHpZ441cnVffu0c8VRA12nmiF6A8kaaavusJzwqb0Y2e9ecM8yNUwIQW40HKtZBsc47jOhS8pADWNWlpOBTjbdVf5cYTEHZvD1kf/3+vgUQ1EThHE8a4TP/4PfGPNIsZ5MIHn9YTCOGZjIVBZo4MxS9jcZyxlm1oFdgXF5dHL1USbW9ZHCOoFvMy/7NvPuZRxebPKBtBr8qIsm/WpllIEbB/7d0IldwSQfmlJ0GVz5MHpPtqIEZDGhjaXjt4UqZspJbx03gWeWbrdwoxcAYGwJG0ne5oM3akTCXHl3gbJ34Ccm8qRE7VqRtODBN6l6XmjDuZXUYF42uwGA+v7ZzuJm5nxQDhlkFbcginIqVIKkbdY3zXpaFw5N1MfG8FrxfUiAHZJ6i7kH2vNq23uPuElS4s7JdSRDEtFWs8bLimLZDaF+2dHU5bQcGMfCc/AnpzHQ2D2biv1h87MMLMJe2I8O7zeX9YPugvF+D9wBgpHO+Sp+pKjIjdCNuqNIwsqr1HJS7n7eSPIJT9Ebnz1tNvgsAHmPY3zQxANnZC4T4nRj+INTCRDVmSkPm75VGkwIPbBkaQtGDZ9E7VEXrogz1hembVuILbu+RVWl0YmEiiIVg1hQ4aDSXNgokchI2jLH456tFIL+CPK9+ULsMsF4kHTPRDq5/4v7HGS+AHziFpA9k0Ay4y6kaJe2U8Ny7dydVue0f7dVhYffF8Cw/knqUqJTjCO8oiygzu1wmBUFlEDt+5sJb33y9zBmES7VA1tillNZAAzLFnKaogTKi3yTrLICxWXw2m5NlKL+JmPcQijXvSuKmZXn3fX+vsHG4ztfr8iy/Xmr7WSCL2ipMPkwD3cOFy8dzgBxhH6HGCviGiFI4C5c5KBxVaFsR5C8ZauG6w0mNbURBq/T4BYWaEM1XdH6XN1VG7bYh9+39m/ET23gUaEip46hxrwy2hSqTIZn7OL+PmacjuzyfCCTUKeMu7vqLAnpCiO8tuOkZhBW1vtf4AcsobBBIr58JecErDvCWlaZSyGh3fMiD4a0FH5xUqFg+q91Ojrtimys0EijytNi+cGgJzhRyQ0m7+7fX2ATsSt7OpV8DgdPr9nUoyoR9+U2e0qetvCO7+gPdZnTpc8g//Vbzzr44cTTsA65HjYi2I3vN2Ztyr/N2jttzWQWX0HZ/JMO5+L6z8s1h032K6W51ducarSygFSUlaWLOz3yZPXFfgueU00fNGOT/QStY9Kq2PsmPs9Lig7XK8iHpPU6dHrC7Jpu+fDgE13njEjKYmCJMkBpoCAdcVxi/E4Cj/TMmkJKWLAxxfH/7OpRh1TepS/DMHy8hE0
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3D633D179C2B2843B42A34E42EAF8FFF@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 604a6843-caff-45a0-f2f5-08d8ea2336be
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2021 15:33:43.2918 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UjjC8tRh9/dBDIDN2TWxif2fBATnWsl5kQalejWNtKXY+FU3hVtkmI9EFZZIgHCsAPtqrdErF3qKUcfTBtg3Ag==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4936
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.17, xbe-aln-002.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/xI2eTy9_qbfOLsi0sgKxPK0iRvc>
Subject: [dns-privacy] AD review of draft-ietf-dprive-xfr-over-tls-08
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 15:33:55 -0000

Dear authors,

Thank you (and extended thanks to the WG) for this document.

Please find below my AD review of -08 revision of the document. Before proceeding with the publication process, I will appreciate replies about the points below (and possibly a revised I-D).

- Section 1: please replace the reference to RFC7626 with the 7626bis document, which is already in the RFC editor queue
- Section 1: does the use of legacy RFC 7626 rather than the bis impact the rest of the section ?
- Section 1: “Some operators use SSH tunneling or IPSec to encrypt the  transfer data” is this assertation backed by some public references ?
- Section 1: did you consider adding something about reconnaissance ? I.e., network scanning of an IPv6 prefix is basically impossible but having access to a DNS zone and its AAAA RR makes the reconnaissance trivial
- Section 4.1: from a logical flow perspective, I would have started with the threat model first, then the confidentiality/authentication/ parts
- Section 4: I find the logic of the ‘performance’ point weird because it is not really generated by the document but rather by an upgrade. I suggest to rewrite this part.
- Some nits usually ‘e.g.’ is surrounded by commas
- BTW, while I appreciate the trend to replace master by primary, may I suggest to clarify in the terminology section that ‘primary’ means ‘master’ and ‘secondary’ means ‘slave’ ? Up to you as it is a touchy topic but making the linked with the legacy document seems important to me. Really up to the authors.
- Section 5.2 last § missing a closing ‘)’
- Section 5.3.2 please qualify “lag” (I guess serial numbers)
- Section 6, unsure whether “(probably unintentional)" add any value, consider to remove ?
- Section 6.4, "one DoH connection" even with the "could hypothetically include" appears a little weird to me
- Section 7, consider expanding the XoT in the section title ? It looks weird in the ToC
- section 7.6, perhaps also expand XoT and ADoT in the section title
- section 7.6, §2 "short term,S.S. with regard" typo in S.S. ?
- section 8, long RTTs are mentioned as a reason to change of preferred primary, but, RTT is only one part of the TCP throughput. Should this be elaborated further ?
- section 8, in " 'parallel primary connection' model" should this be "models" ?
- section 9.3.1 " MitM" is not defined and current trend is to replace it with "on path active attacker" (really up to the authors as I do mind)
- section 9.3.3. nits in " client can authentic the"
- section 9 and 10, I wonder why section 9 (mechanisms) is not a sub-section of section 10 (I do not really mind though)
- section 11, should there be a "then" in " if AXFRs use AXoT all IXFRs MUST use IXoT" ?
- section 12, the text talks about implementations but I wonder whether the section title should rather be on operations 
- section 15, should there be a discussion on using simple IP ACL as authentication ? IP spoofing exists ;)

I hope it helps,

Regards

-éric

v2.23.0 | Report a Bug | By Email