[DNSOP] Lars Eggert's No Objection on draft-ietf-dnsop-nsec3-guidance-08: (with COMMENT)

Lars Eggert via Datatracker <noreply@ietf.org> Wed, 11 May 2022 10:27 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B80E8C15E3EB; Wed, 11 May 2022 03:27:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lars Eggert via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-nsec3-guidance@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, tjw.ietf@gmail.com, tjw.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 8.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Lars Eggert <lars@eggert.org>
Message-ID: <165226482674.16269.10057802528259757612@ietfa.amsl.com>
Date: Wed, 11 May 2022 03:27:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mHSIv4hj2mGUg1yHPD6-6tj5u7I>
Subject: [DNSOP] Lars Eggert's No Objection on draft-ietf-dnsop-nsec3-guidance-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.34
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 10:27:06 -0000

Lars Eggert has entered the following ballot position for
draft-ietf-dnsop-nsec3-guidance-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


# GEN AD review of draft-ietf-dnsop-nsec3-guidance-08

CC @larseggert

Thanks to Meral Shirazipour for the General Area Review Team (Gen-ART) review

## Comments

### Section 3.2, paragraph 4
     Validating resolvers returning an insecure or SERVFAIL answer to
     their client after receiving and validating an unsupported NSEC3
     parameter from the authoritative server(s) SHOULD return an Extended
     DNS Error (EDE) {RFC8914} EDNS0 option of value (RFC EDITOR: TBD).
     Validating resolvers that choose to ignore a response with an
     unsupported iteration count (and do not validate the signature) MUST
     NOT return this EDE option.
{RFC8914} looks like a Markdown citation bug.

### Missing references

No reference entries found for: `[RFC8914]` and

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Stray characters

The text version of this document contains these HTML entities, which might
indicate issues with its XML source: `&#269;`, `&#352;`, and `&#268;`

### Grammar/style

#### "Table of Contents", paragraph 1
. . . . . . . . . . 10 Appendix D. Github Version of This Document . . . . .
The official name of this software platform is spelled with a capital "H".

#### Section 1.1, paragraph 1
lag [RFC5155], which specifies whether or not that NSEC3 record provides pro
Consider shortening this phrase to just "whether". It is correct though if you
mean "regardless of whether".

#### Section 2.3, paragraph 1
w, ftp, mail, imap, login, database, etc) can be used to quickly reveal a lar
A period is needed after the abbreviation "etc.".

#### Section 5, paragraph 1
y Covering NSEC Records and DNSSEC On-line Signing", RFC 4470, DOI 10.17487/R
Do not mix variants of the same word ("on-line" and "online") within a single

#### Section 7.1, paragraph 2
NSSEC zone enumeration algorithm", n.d.. Appendix A. Deployment measurements
Two consecutive dots.

#### "Appendix A.", paragraph 2
 Vixie * Tim Wicinski Appendix D. Github Version of This Document While this
The official name of this software platform is spelled with a capital "H".

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT].

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments
[IRT]: https://github.com/larseggert/ietf-reviewtool