Re: [DNSOP] [Ext] Dnsdir early review of draft-ietf-dnsop-rfc7958bis-00
Paul Hoffman <paul.hoffman@icann.org> Tue, 06 February 2024 23:45 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED655C14F71E; Tue, 6 Feb 2024 15:45:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EsDOJ98ADHjU; Tue, 6 Feb 2024 15:45:35 -0800 (PST)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3732C14F6AA; Tue, 6 Feb 2024 15:45:35 -0800 (PST)
Received: from MBX112-W2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.5]) by ppa4.dc.icann.org (8.17.1.24/8.17.1.24) with ESMTPS id 416NidfE016122 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 6 Feb 2024 15:44:39 -0800
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Tue, 6 Feb 2024 15:45:33 -0800
Received: from MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) by MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) with mapi id 15.02.1258.028; Tue, 6 Feb 2024 15:45:33 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: Florian Obser <fobser@ripe.net>
CC: "dnsdir@ietf.org" <dnsdir@ietf.org>, dnsop <dnsop@ietf.org>, "draft-ietf-dnsop-rfc7958bis.all@ietf.org" <draft-ietf-dnsop-rfc7958bis.all@ietf.org>
Thread-Topic: [Ext] Dnsdir early review of draft-ietf-dnsop-rfc7958bis-00
Thread-Index: AQHaWQ+hr6VT36sbm0+gcf67/0oL+bD+gSOA
Date: Tue, 06 Feb 2024 23:45:33 +0000
Message-ID: <9D147B88-4E24-4E9E-B12B-E7938C7C5D9F@icann.org>
References: <170723265380.12216.1920561465383751473@ietfa.amsl.com>
In-Reply-To: <170723265380.12216.1920561465383751473@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <58E9345A9A879C4180CBD0C8CBB5E405@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-06_15,2024-01-31_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4o6ruuXgSVdnGBgde5-6_xEb6l8>
Subject: Re: [DNSOP] [Ext] Dnsdir early review of draft-ietf-dnsop-rfc7958bis-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 23:45:40 -0000
On Feb 6, 2024, at 07:17, Florian Obser via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Florian Obser > Review result: Ready with Nits > > I have been selected as the DNS Directorate reviewer for this draft. The > DNS Directorate seeks to review all DNS or DNS-related drafts as > they pass through IETF last call and IESG review, and sometimes on special > request. The purpose of the review is to provide assistance to the ADs. > For more information about the DNS Directorate, please see > https://urldefense.com/v3/__https://wiki.ietf.org/en/group/dnsdir__;!!PtGJab4!6S9q28SHczOYdpnCKXaXJu1oilTfH7vLs0xQf_RWxiIQcNuTmGpm3Twl69l62UsGqODyeK6cR8oBuSNSRi3HNmvz$ [wiki[.]ietf[.]org] > > I think the document is basically ready. I spotted a few nits, feel free to > ignore as many as you like. > > * Abstract > >> This document describes the format and publication mechanisms IANA >> intends to use to distribute the DNSSEC trust anchors. > > while in "1. Introduction" we have: > >> This document describes the formats and distribution methods of DNSSEC >> trust anchors that have been used by IANA for the root zone of the DNS >> since 2010. > > Which one is it? Maybe this would be better: > >> This document describes the format and publication mechanisms IANA >> uses to distribute the DNSSEC trust anchors. Yep, that's better for the abstract. > > * 1. Introduction > >> A detailed description of corresponding >> key management practices can be found in [DPS], which can be >> retrieved from the IANA Repository at <https://www.iana.org/dnssec/>. > > It seems redundant to add a reference as [DPS] and then provide a link > in-line. Additionally the reference and in-line link are different: > https://www.iana.org/dnssec/ > vs. > https://www.iana.org/dnssec/procedures > > Maybe just shorten it to > >> A detailed description of corresponding key management practices can >> be found in [DPS]. Fair point. > > * 2. IANA DNSSEC Root Zone Trust Anchor Formats and Semantics > >> IANA publishes trust anchors for the root zone as an XML document >> that contains the hashes of the DNSKEY records. > > since IANA wishes to also publish the DNSKEY itself, maybe this is better: > >> IANA publishes trust anchors for the root zone as an XML document >> that contains the hashes of the DNSKEY records and optionally the keys >> from the DNSKEY records. Good catch! > > * Appendix A. Historical Note > > Missing text: >> The second KSK for use in the root zone of the DNS was [ MORE GOES >> HERE ]. > Yep, still TBD. Will fix. Thanks! --Paul Hoffman
- [DNSOP] Dnsdir early review of draft-ietf-dnsop-r… Florian Obser via Datatracker
- Re: [DNSOP] [Ext] Dnsdir early review of draft-ie… Paul Hoffman