Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 18 July 2018 16:28 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B93EC1311BB for <dnsop@ietfa.amsl.com>; Wed, 18 Jul 2018 09:28:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0eX2NaVBRIl for <dnsop@ietfa.amsl.com>; Wed, 18 Jul 2018 09:28:08 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5B071311EF for <dnsop@ietf.org>; Wed, 18 Jul 2018 09:28:07 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id q127-v6so4625362ljq.11 for <dnsop@ietf.org>; Wed, 18 Jul 2018 09:28:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gLWQrPJVT+hWlSs/E0rG1rZvGciGarUGVc6nhT98QO8=; b=ebfvwC3DXpcj2nr7reHHOa+FDV/g7Bi1Jw39nXVsYHDIv4cOq/nPMsGaQXflspz+Uz dmZ7kgE3D/NCBwJ0q1W4KeMxDC+GtTBTbLW967kkhPMSKRt3m6SQnBrxKMA8LoZGuxml kLaE6Ktv6XJMHpgUyitGQ1c09F56epIXbl90y5Potg04n4qJ8OvsZIwHmUPW2tlYcZPs Io+qDb0hElHy7Xvd9jF6wFaHNBxJHtO4bokLXaIq34H1cY/0v8bU65sKG2LdjIgr7SRL gyKzTF4ya1e0KBd+51t1VvLZJ9hB6rqKtT4qMn4JgHVkTPaIpUGnZrO5HEXeAwj0x8Ll Nrjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gLWQrPJVT+hWlSs/E0rG1rZvGciGarUGVc6nhT98QO8=; b=DL462ZQEPVYz71UbcvxU8lZ9ZoE9mYKMBxpMaJOjX2RjSST+nnSdDbt/QXKxEH34rn ftJgy78WVuRCM4e6L0OuAgiVHwpxRVBl+6XI7gmaKJgUa9zXYOyJqmjl6sJI+XcO3Nse 4y4mb7jxwy7JugiZrjP5rD5K+EO/hmi6tAD0zV2fqSjD+UWqaISINae8WU7iBVi3fKMQ OJU7fLQ1wlXsJjmiAr+OSf4bHh3p1mAFN8X7D/acjyZJQPHHlcTpR2hCbsy5OAkjhcw9 N775EfUzLxhfbqEHHq6gxFMd9aE87Ykpd1DX+Ax236tH4BU00K2R5NuWHgb6ylTUazjn DkZA==
X-Gm-Message-State: AOUpUlFu8X50FLN3xWmVVJtFtVW2ZIcRWFkiN9qaUCbHHkwYW1t9cUbb 7rDSNqF3GDrFJk3btNqcTApKown/T+mRLr1lkI3wSg==
X-Google-Smtp-Source: AAOMgpdHSH8lhSs0JWVRfhK/ireXAr+BduqDHwy73IDq73km+JZjI1rLZCmEvyMuqQnbDQnfBk3JG1v79U42C2W/U30=
X-Received: by 2002:a2e:7d10:: with SMTP id y16-v6mr4929177ljc.29.1531931285985; Wed, 18 Jul 2018 09:28:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:3a13:0:0:0:0:0 with HTTP; Wed, 18 Jul 2018 09:28:05 -0700 (PDT)
In-Reply-To: <47526f5b-4374-2f89-5df3-450ed609e817@dcrocker.net>
References: <CAL0qLwZUxY3nK1nZW1c6CBJrQpAocy8LRT0iN3=Aan06X3k1-w@mail.gmail.com> <47526f5b-4374-2f89-5df3-450ed609e817@dcrocker.net>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Wed, 18 Jul 2018 12:28:05 -0400
Message-ID: <CAL0qLwaqDeduTFRi3JUvDyTMz6MLXfSZUR0xftHJgXYRqw2U5A@mail.gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Cc: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001f1dd80571488cb7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/G-ZxC_kumLdGndbD6CK6v4NGm6o>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 16:28:12 -0000

On Wed, Jul 18, 2018 at 12:21 PM, Dave Crocker <dhc@dcrocker.net> wrote:

> Folks,
>
> I'm responding to Murray's impressive proofreading details offlist, but
> there are some points he raises that might need wg discussion:


Aw shucks.


> COMMENT:
>>
>> The text specifically calls for a stable reference. Do we have guidance
>> about what constitutes such a thing? I believe IANA has its own guidelines
>> to that end; are they available to the Designated Expert?
>>
>
> I'm inclined to let IANA raise this if they see and issue and then let
> them drive the resolution of this point.


Yeah, I don't have the right answer either, but I'm concerned that we're
asking the DE to make a decision with guidelines she doesn't have (or
worse, come up with some that are not consistent with what IANA usually
does).


> Section 6:
>>
>> COMMENT:
>>
>> I have doubts that SECDIR would accept this one-sentence comment. I
>> suggest saying something more specific, like:
>>
>> "This document establishes a registry, and encourages a slight
>> reorganization of attributes stored in the DNS. It establishes no new
>> security issues."
>>
>
> The first clause is redundant and makes sense to have here only either if
> the readers of this section haven't read the rest of the document, or if
> the clause is useful to what follows.  I believe neither applies here.
>

I imagine myself as a SECDIR reviewer, and believe this would be the first
section I would read for any document to which I'm assigned.  Discovering
there a sentence that basically says "None" would get my back up ("We'll
see about that!").

More generally, I have had success with my proposed tactic in the past, so
I thought I'd suggest it here.

I don't understand the 'encourages' statement but suspect I don't agree.
>

Reading the document, I got the impression that in your research you
discovered some underscore names that don't quite follow the proposed
placement.  If my inference is wrong, then so is that clause.


> Section 6.1:
>>
>> COMMENT:
>>
>> This seems to me to be content that belongs in its own section outside of
>> Section 6 since it doesn't seem to me to be a security issue, but it's
>> worth saying. Maybe give it its own section between what's now Sections 3
>> and 4?
>>
>
> Well, I agree it's awkward where it is, but gosh.  An entire major
> section?  For such a small and explanatory -- rather than
> specification/normative bit of text? Mumble.
>
> If no one minds, I would rather make it Section 1.4, just after the
> sub-section tht describes the construct.  I think it actually works well
> there.


That works too.

-MSK