[DNSOP] Benjamin Kaduk's No Objection on draft-ietf-dnsop-isp-ip6rdns-07: (with COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 27 September 2018 12:46 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E01D6130E63; Thu, 27 Sep 2018 05:46:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk <kaduk@mit.edu>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-dnsop-isp-ip6rdns@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, Benno Overeinder <benno@NLnetLabs.nl>, Suzanne Woolf <suzworldwide@gmail.com>, dnsop-chairs@ietf.org, tjw.ietf@gmail.com, dnsop@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.84.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153805241190.26380.8621302005867369892.idtracker@ietfa.amsl.com>
Date: Thu, 27 Sep 2018 05:46:51 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/_1T5AjMAwj02eX-bSZlijAnGdKc>
Subject: [DNSOP] Benjamin Kaduk's No Objection on draft-ietf-dnsop-isp-ip6rdns-07: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 12:46:52 -0000

Benjamin Kaduk has entered the following ballot position for
draft-ietf-dnsop-isp-ip6rdns-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-isp-ip6rdns/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for the well-written document!  I wrote down some thoughts
I had while reading, but they should be treated as very weak suggestions
and no pressure to apply them is implied.

Section 2.1

                                            DNS administrators should
   consider the uses for reverse DNS records and the number of services
   affecting the number of users when evaluating this option.

nit: maybe this could be qualified as "number of services relying on PTR
records", as otherwise it can be read as a bit of a non sequitur.

Section 2.3

   Administrators may want to consider user creativity if they provide
   host names, as described in Section 5.4 "User Creativity."

Perhaps "the risks of user creativity"?

Section 2.3.1

                                    This option may be scalable,
   although registration following an outage may cause significant load,
   and hosts using privacy extensions [RFC4941] may update records
   daily.  [...]

I think I've heard of deployments that update more often than daily, though
it's unclear that there's a need for this document to mention such
possibilities.

Section 4

   There are six common uses for PTR lookups:

I'm a little uncomfortable asserting this as a complete and exhaustive
listing in an Informational document, but I also can't dispute its
veracity.  I'll trust that the authors and WG have done sufficient research
and not request any change here.

                                                 For residential users,
   if these four use cases are important to the ISP, the administrator
   will then need to consider how to provide PTR records.

... but I do have to wonder which four of the six the ISPs are supposed to
be considering.

                        A valid negative response (such as NXDOMAIN) is
   a valid response, if the four cases above are not essential;
   delegation where no name server exists should be avoided.

... and similarly here.

Section 5.1

   Providing location information in PTR records is useful for
   troubleshooting, law enforcement, and geolocation services, but for
   the same reasons can be considered sensitive information.

It may be worth clarifying that the sensitive nature is an argument for not
publishing, since there aren't really well-established schemes for
filtering access to the relevant DNS records.

Section 5.3

Maybe say something about "for use in other protocols" if we're not trying
to limit to DNSKEY and friends?