[DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-maintain-ds-03: (with COMMENT)

"Ben Campbell" <ben@nostrum.com> Wed, 31 August 2016 01:44 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147260785474.23681.17236941629567519807.idtracker@ietfa.amsl.com>
Date: Tue, 30 Aug 2016 18:44:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UhloSn3AcHqh-U1XDUhp6sANbrI>
Cc: tjw.ietf@gmail.com, draft-ietf-dnsop-maintain-ds@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org
Subject: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-maintain-ds-03: (with COMMENT)

Ben Campbell has entered the following ballot position for
draft-ietf-dnsop-maintain-ds-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-maintain-ds/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I agree with Jari's and Terry's respective discusses. I will watch for
the outcome of those discussions.

Some other minor comments (I've skipped some that other people have
already commented on, but I'm sure there's still overlap):

- 1.2: It seems like scenarios 1 and 3 are restatements of the same
thing. That is, cannot/does-not-want-to seems to count as an operational
limitation.

-4, 3rd paragraph: "If a validator sees a DNSKEY or DS record with
   this algorithm value, it MUST treat it as unknown."
I suspect that, in the context of "Right now", this is talking about the
current state of affairs, rather than defining a new requirement. Thus
the 2119 MUST is probably not appropriate. 

-- 4th paragraph: I think this MUST is also not appropriate. It's part of
the definition of algorithm "0", and not a procedural requirement.

Editorial Comments:

-1.3, first paragaph: "When this document uses the word CDS it implies
that the same applies
   to CDNSKEY and vice verse."
I don't understand this sentence.

-2, first paragraph:
s/influence/performe

-2, operation 2: Please expand KSK on first use

-2, 5th paragraph: It’s sort of confusing to talk about options labeled
with ordinal numbers in a different order than their labels.

-3, first paragraph: First Sentence: I'm not sure what "... enable... for
the future." means.  Does that mean “for the foreseeable future”, or
perhaps “indefinitely enable”?

-- 2nd sentence is hard to parse. I suggest the following:
OLD
  Thus during the period from the time the child publishes
   the CDS until the corresponding DS is published at the parent is the
   period that DNS answers for the child could be forged.
NEW
  DNS answers could be forged during the period between when the child
  publishes the CDS until the parent publishes the corresponding DS.

-4, third paragraph: "Right now, ..."
That language will quickly become dated. I suggest "At the time of this
writing, ..."

[DNSOP] Ben Campbell's No Objection on draft-ietf… Ben Campbell