Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT)
Paul Wouters <pwouters@redhat.com> Wed, 10 April 2019 16:49 UTC
Return-Path: <pwouters@redhat.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0467C1205F5 for <dnsop@ietfa.amsl.com>; Wed, 10 Apr 2019 09:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67KgX8_VqhWL for <dnsop@ietfa.amsl.com>; Wed, 10 Apr 2019 09:49:29 -0700 (PDT)
Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7174012030F for <dnsop@ietf.org>; Wed, 10 Apr 2019 09:49:26 -0700 (PDT)
Received: by mail-lj1-f169.google.com with SMTP id v13so2787440ljk.4 for <dnsop@ietf.org>; Wed, 10 Apr 2019 09:49:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UMSCBTbR4wi7d8JsOvwKpx6XN0NGmZIJklpp6fCz1ys=; b=GWkU7mnbA/niKcnSshPl6l58syVWLNC6Y/G7d4twhrpAvXKp/JzgSBzfHqH4sX1D/u 6ZfzXi4ZcstDW7mzrKCjte7MOBtlBJ37YSStWMULsd+g+9kRbV5dl5D7Oq07OBIpQCqP XCM+4cvTEZOtDZPc0cj784NyslzZwnwHPmoqzaHAn+Et25cfaW0GXwWVbCbsCyjwkcb1 q+IXgSClgFCi6El9bVyO2hFB3dr7R5X8BwANCh6SM+qxSdimIwJv48Arn6u56zFiGFTm goOgba7GglTaD3Nr//NMZlaiCV4ZhApU/Ig8Lcu9eERmEH+LmxQ7gfJeyv03A8Yy+ZMa bQDA==
X-Gm-Message-State: APjAAAVy3ctA6O8lIwAhnAk/E27hkXK93Mt8psbhKTceAjXI0woeYMmL 6JPKFXHEGbosbx+SURs0Ha+KkMl0GcRrHITAHqa4uQ==
X-Google-Smtp-Source: APXvYqwGoRvdn9mBXFcSBnLzZx/K/QuNvizeXozlZXNRjvkjS7xW/Sxy4Ni9Vnxvok5PKAbLW4vKQl5UuYFRcp4x9Gk=
X-Received: by 2002:a2e:9649:: with SMTP id z9mr6937534ljh.92.1554914964598; Wed, 10 Apr 2019 09:49:24 -0700 (PDT)
MIME-Version: 1.0
References: <155491020552.9385.6655700279959491253.idtracker@ietfa.amsl.com>
In-Reply-To: <155491020552.9385.6655700279959491253.idtracker@ietfa.amsl.com>
From: Paul Wouters <pwouters@redhat.com>
Date: Wed, 10 Apr 2019 18:49:12 +0200
Message-ID: <CAAQVWxFXusAuUB_1KwFxLr0YYO0XmAT2=OC9_HwCc71SOJaEdA@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-algorithm-update@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs@ietf.org, dnsop@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001f0cee05862fdad3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TuH_De9jG5qpLFWeODC_I16rINg>
Subject: Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 16:49:37 -0000
Thanks for the review! On Wed, Apr 10, 2019 at 5:30 PM Roman Danyliw via Datatracker < noreply@ietf.org> wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > (1) Abstract. Nit. There is a reference, [RFC6944], in the abstract which > isn’t permitted. > Hmm, it is really just giving a clickable reference to the document we are obsoleting. It's kind of nice to have there. But I guess you are right that it is not allowed, so I've made the text without a reference. > > (2) Section 1.2, Per “This document only provides recommendations with > respect > to mandatory-to-implement algorithms or algorithms so weak that > recommendation > cannot be recommended” > > ** Editorial: > s/algorithms so weak that recommendation cannot be recommended/ > algorithms so weak that they cannot be recommended/ > Was fixed in -08 ** The first part of the sentence doesn’t appear to be consistent with the > RFC2119 words in the Section 3.1 Table which also includes RECOMMENDED/MAY > (which is neither MTI or NOT RECOMMENDED) > It is recommended in lower case, not in 2119 meaning? (3) Section 1.3, Typo, s/from from/from/ > > (4) Section 3.1, Typo, s/cryptographics/cryptographic/ > Were already fixed. > (5) Section 3.1, ED448 appears to be the only algorithm that doesn’t have > treatment in even briefly describing its designated implementation > recommendation. > It does get mentioned in the beginning of the paragraph. But there isn't much to say really. It's there but just slightly stronger than 25519, so not really worth the effort. I think it is okay to leave it as motsly uninteresting, but if someone has some text, I'm fine with that too. > (6) Section 3.1, The sentence “It is expected that ED25519 will become the > future RECOMMENDED default algorithm …” is clear on the future. However, > looking back at the table in this section, it wasn’t clear what the current > default algorithm is. > I've changed it a little bit to indicate this by adding a sentence here: RSASHA256 is in wide use and considered strong. It has been the default algorithm for a number of years and is now slowly being replaced with ECDSAP256SHA256 due to its shorter key and signature size, resulting in smaller DNS packets. > > (7) Section 3.2, The sentence “Operation recommendation for new and > existing > deployments.” Seems to stand alone or is missing some words. Should it be > something along the lines of “This section provides operational > recommendations > …” > I've removed the sentence. > (8) Section 3.2, Typo, s/is RECOMMENDED/is the RECOMMENDED/ > > (9) Section 3.4, Editorial, s/The SHA-256/SHA-256/ > Were already fixed in -08. > (10) Section 4, Typo, s/seciton/section/ > Fixed. (11) Section 5, Editorial, s/for the use of DNSSEC/for use in DNSSEC/ > Fixed. The -09 should appear shortly with these fixes. Thanks! Paul
- [DNSOP] Roman Danyliw's No Objection on draft-iet… Roman Danyliw via Datatracker
- Re: [DNSOP] Roman Danyliw's No Objection on draft… Paul Wouters
- Re: [DNSOP] Roman Danyliw's No Objection on draft… Roman Danyliw