Re: [DNSOP] Genart last call review of draft-ietf-dnsop-7706bis-07
Barry Leiba <barryleiba@computer.org> Fri, 28 February 2020 18:33 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D9083A1C81; Fri, 28 Feb 2020 10:33:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.387
X-Spam-Level:
X-Spam-Status: No, score=-1.387 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tL4wFtQqcaBw; Fri, 28 Feb 2020 10:33:01 -0800 (PST)
Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83F693A1C7D; Fri, 28 Feb 2020 10:33:00 -0800 (PST)
Received: by mail-io1-f53.google.com with SMTP id h8so4505891iob.2; Fri, 28 Feb 2020 10:33:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QaOk9zdIjRfrRBrdl7Xku2yU0KCGVfqCleeV/clTzwk=; b=ox2XxKsr7n+aH6i2/t9EXVaOLNfXYcJSjduM4DwJbTtwFvVh533vx/kUd7BZZvYEPS ymjSGW9fPTayEZVLXyr/pMNUGDX1PILzr2LuY0So+Mwa7qNCuTvWeQRTgujudoWSvjWn YH2UjH53Ax5NoVczbKoKAJ+vfx/tftqzhpfkwhCk5vPPzUfYY3TgwVbjSxAkXHWJPCG4 EUUTIl2D9cHNexJkSfsvn/rFYLeMe/Bms2sWNWLF9s29ZAcrQw5w3pOp0ahnALcvGQKA ClcIDrFBgs9WBPToPoidYorF+VyDBTlRwPjyo3AI07EeWPD6mBC3l+xVVgpqlN755Cks qIIQ==
X-Gm-Message-State: APjAAAXO8itvG6I7RHRu8+sh5gxmrydYbt7//hBj7KoY3uzcdOW/TQQ3 0DwFvjSQQgay0/iGB6RQYnsRsZIUy543dV37rXk=
X-Google-Smtp-Source: APXvYqwrgpxwlavO41fc7etoA1BgtF3jpV3OtNCr5jZ5oaQuyUf+ZMxrHlPG5Dw/lFATvrXVTXBv9z7gq7RDPxwF6BY=
X-Received: by 2002:a05:6602:21d9:: with SMTP id c25mr4502956ioc.17.1582914779422; Fri, 28 Feb 2020 10:32:59 -0800 (PST)
MIME-Version: 1.0
References: <158289497136.22402.1744188467383478436@ietfa.amsl.com> <CAHw9_iKcSiVWdkGr_RYq=OfXuRb=x7aMTFiVi4gG_Sx1oqp5Mw@mail.gmail.com>
In-Reply-To: <CAHw9_iKcSiVWdkGr_RYq=OfXuRb=x7aMTFiVi4gG_Sx1oqp5Mw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 28 Feb 2020 10:32:48 -0800
Message-ID: <CALaySJ+YT2TpL8Sn31gdoYtB9_tToJHgGpEho+Jzhg427O4wXQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: General Area Review Team <gen-art@ietf.org>, Ines Robles <mariainesrobles@googlemail.com>, dnsop <dnsop@ietf.org>, draft-ietf-dnsop-7706bis.all@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="000000000000232f61059fa71184"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JAhO6u1ckXdJcRrO3L6XkdeUPuk>
Subject: Re: [DNSOP] Genart last call review of draft-ietf-dnsop-7706bis-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 18:33:07 -0000
Thanks, Ace, and post the update whenever you’re ready. Barry On Fri, Feb 28, 2020 at 10:18 AM Warren Kumari <warren@kumari.net> wrote: > On Fri, Feb 28, 2020 at 8:02 AM Ines Robles via Datatracker > <noreply@ietf.org> wrote: > > > > Reviewer: Ines Robles > > Review result: Ready with Nits > > > > I am the assigned Gen-ART reviewer for this draft. The General Area > > Review Team (Gen-ART) reviews all IETF documents being processed > > by the IESG for the IETF Chair. Please treat these comments just > > like any other last call comments. > > > > For more information, please see the FAQ at > > > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > > > Document: draft-ietf-dnsop-7706bis-07 > > Reviewer: Ines Robles > > Review Date: 2020-02-28 > > IETF LC End Date: 2020-02-28 > > IESG Telechat date: Not scheduled for a telechat > > > > Summary: > > > > The document is well written, it supplies appendixes with examples. > > > > This document describes a method for the operator of a recursive > resolver to > > have a complete root zone locally, and to hide queries for the root zone > from > > outsiders, at the cost of adding some operational fragility for the > operator. > > > > I have some minor questions. > > > > Major issues: None > > > > Minor issues: None. > > > > Nits/editorial comments: > > > > Thank you for the review! > > > 1- Appendix B.5: it seems that the link is not valid: <https://knot- > > resolver.readthedocs.io/en/stable/modules.html#root-on-loopback-rfc- > > 7706> > > > > This link worked for me: > > https://knot-resolver.readthedocs.io/en/stable/modules-rfc7706.html. > > Thanks - not just for pointing out the issue, but also finding a > better version - as suggested, I am changing this (in a git branch > where I am collecting updates) to > https://knot-resolver.readthedocs.io/en/v5.0.1/modules-rfc7706.html - > I believe that stability is the most important attribute. AD, please > let us know if you disagree. > > > > > Questions: > > > > 1- It seems that this document replaces RFC7706, but the document states > that > > it updates RFC7706, is that correct? > > Oh, good point - once this is published, it does replace 7706 (it is a > bis, and contains all of the content from 7706), so Obsoletes is > better. > Thank you, changed. > > > > > 2- Abstract: "The cost of adding some operational fragility for the > operator", > > Does it introduce security considerations that have to be mentioned? > > > > 3- Section 1: "Research shows that the vast majority of queries going to > the > > root are for names that do not exist in the > > root zone." - Do you have some references to that research that can > be added > > to the draft? > > Hmmmm... I think that we missed this because, within the DNS community > this is sufficiently well known that we don't even think about / > question it. > There is quite a lot of research on this, but much if it is behind > paywalls - while almost 20 years old now (Gods, I feel old!), I think > that the best one to cite is still: > https://www.caida.org/publications/papers/2001/DNSMeasRoot/dmr.pdf ( > DNS Measurements at a Root Server ) -- I will add this. > > > > > 4- I would expand KSK to Key signing key (KSK). > > Thanks! Done! > > > > > 5- Should this draft add a reference to rfc8499? > > Seems like a good idea, thanks! I'm adding: > "Readers are expected to be familiar with <xref target="RFC8499"/>." > > > > > Thank you for this document, > > ... and thank you for the review. > > W > > > > > Ines. > > > > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf >
- [DNSOP] Genart last call review of draft-ietf-dns… Ines Robles via Datatracker
- Re: [DNSOP] Genart last call review of draft-ietf… Vladimír Čunát
- Re: [DNSOP] Genart last call review of draft-ietf… Barry Leiba
- Re: [DNSOP] Genart last call review of draft-ietf… Ines Robles
- Re: [DNSOP] Genart last call review of draft-ietf… Warren Kumari
- Re: [DNSOP] Genart last call review of draft-ietf… Barry Leiba
- Re: [DNSOP] Genart last call review of draft-ietf… Ines Robles
- Re: [DNSOP] [Gen-art] Genart last call review of … Alissa Cooper