[DNSOP] Review of draft-ietf-dnsop-attrleaf
"Murray S. Kucherawy" <superuser@gmail.com> Wed, 18 July 2018 15:17 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C18A4131127 for <dnsop@ietfa.amsl.com>; Wed, 18 Jul 2018 08:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCpqFI8ZWu8L for <dnsop@ietfa.amsl.com>; Wed, 18 Jul 2018 08:17:50 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EE9212D7F8 for <dnsop@ietf.org>; Wed, 18 Jul 2018 08:17:50 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id r13-v6so4435967ljg.10 for <dnsop@ietf.org>; Wed, 18 Jul 2018 08:17:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=87iisXXKvUyWBuVAScxJMYuTxrAw8FVOfs8o6sQvFyE=; b=veDWZ5ZwAOgAvCrj+TW1FtTOxYUOdUSqHWFjxHnrJQQ4YCFV33+YWfMsHki3lUHDjx j9CJRiAdHH3nT+NGy0JrCoggzecFLkDSaJNy2bnEm2oDpDk53+6/nTv5DWaW+a5dfE69 gdlC8wFx25WCSqixQ4NiEQ1Fdkq+Fzu1WgmI4C66KFs8+l6ZJ/xZoOrOyc8mxTKRxMwE onKWFhGxsIPHsmxSgaVLtXPlT8w50pTJfY0Hy1Akw4ldiorPRyEuSzFQxRJwlYIwr+wT F4PT8F12B4530TnBNikpTJ6h4/Ocgw3Py2dWv6Qzt/PRiKa9S8dDRjIw2K+teyoEpisT wN4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=87iisXXKvUyWBuVAScxJMYuTxrAw8FVOfs8o6sQvFyE=; b=nHfZuiv5S7c/0Gtbt+2c2peQjZbHMAd9izVUqk1SxglGlw6m6T5TdPDSzUM7Nvmjki owQ7KbyZdGjnDX+Cst3+lDvFeAvKD0FwfXXZkCn+49MJHumPIvGb3VJK3Ulo/14evCpT Npb9MS6tP0fFMv15tthFIsHT+aVcTqtepMsa/5r5JrXOC6Djj5RHFOF7yWABsde3LKGz uz1WCTED8l8q1lK0Ix9mHXQUl/X5xdwUcRCE6yVbBPNtzRH1/QJAR/SUtousqDA7m/B0 LntkDBHNLMm7mXWyeMQBrzK1mQx3WvZspV+3U1ugkuDU4QYESZijK8OEgmcaIZYv2n/G AunA==
X-Gm-Message-State: AOUpUlGYhYNSAgTJtdxqAm+K634SrztfZgD1iGXKOYsKisvdNlyuJujv OK/1SZ6rfv7HJU0kl8g+1vy7sdYRg0G5mTZZdFMVOI3j
X-Google-Smtp-Source: AAOMgpdOJSaNFo8j0vTgfL9O4WoAsVc2ZE/hfp9wynLU4mW+rsjSNsz0IrHij8ilauaAVAaGcR/9MiVVDsElGH7No00=
X-Received: by 2002:a2e:7d10:: with SMTP id y16-v6mr4767980ljc.29.1531927067881; Wed, 18 Jul 2018 08:17:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:3a13:0:0:0:0:0 with HTTP; Wed, 18 Jul 2018 08:17:47 -0700 (PDT)
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Wed, 18 Jul 2018 11:17:47 -0400
Message-ID: <CAL0qLwZUxY3nK1nZW1c6CBJrQpAocy8LRT0iN3=Aan06X3k1-w@mail.gmail.com>
To: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b3f3b80571479048"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/o_fDvjyxDTU6VmS8I3gfrwNUBbY>
Subject: [DNSOP] Review of draft-ietf-dnsop-attrleaf
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 15:17:55 -0000
I've reviewed this document and I think it's in pretty good shape, and is
just about ready to be sent up for publication. I have some editorial
comments that are mostly minor in nature, as follows:
Section 1.1:
OLD:
The scoping feature is particularly useful when generalized resource
record types are used -- notably "TXT", "SRV", and "URI" [RFC1035
<https://tools.ietf.org/html/rfc1035>],
[RFC2782 <https://tools.ietf.org/html/rfc2782>], [RFC6335
<https://tools.ietf.org/html/rfc6335>], [RFC7553
<https://tools.ietf.org/html/rfc7553>].
NEW (formatting):
The scoping feature is particularly useful when generalized resource
record types are used -- notably "TXT", "SRV", and "URI" (see
[RFC1035 <https://tools.ietf.org/html/rfc1035>],
[RFC2782 <https://tools.ietf.org/html/rfc2782>], [RFC6335
<https://tools.ietf.org/html/rfc6335>], and [RFC7553
<https://tools.ietf.org/html/rfc7553>]).
OLD:
when they are the underscored name closest to the DNS root; they are
considered 'global'. Underscore-based names that are farther down
the hierarchy are handled within the scope of the global underscore
name.
NEW (consistent quoting; this is the first of several instances):
when they are the underscored name closest to the DNS root; they are
considered "global". Underscore-based names that are farther down
the hierarchy are handled within the scope of the global underscore
name.
Section 1.3:
OLD:
presentation convention described in Section 3.1
<https://tools.ietf.org/html/draft-ietf-dnsop-attrleaf-11#section-3.1>
or [RFC1034 <https://tools.ietf.org/html/rfc1034>] this is
NEW (typo, comma):
presentation convention described in Section 3.1
<https://tools.ietf.org/html/draft-ietf-dnsop-attrleaf-11#section-3.1>
of [RFC1034 <https://tools.ietf.org/html/rfc1034>], this is
Section 2:
COMMENT:
o If a public specification calls for use of an underscore-prefixed
domain node name, the 'global' underscored name -- the underscored
name that is closest to the DNS root -- MUST be entered into this
registry.
Use of "MUST" in the RFC2119 sense needs the RFC2119 boilerplate,
which isn't included in the document. This also appears in several
spots in Section 4.
I'm also not sure it applies here; there's no obvious threat to
interoperability if someone does this but doesn't register it.
(More generally, I've frequently been told that MUSTard in IANA
Considerations is a no-no.)
OLD:
An underscored name define scope of use for specific resource record
NEW:
An underscored name defines the scope of use for specific resource record
Section 4.1:
OLD:
The DNS Global Underscore Scoped Entry Registry is any DNS node name
that begin with the underscore character (_) and is the underscored
NEW (include the ASCII value):
The DNS Global Underscore Scoped Entry Registry is any DNS node name
that begin with the underscore character ("_", ASCII 0x5F) and is
the underscored
OLD:
o The required Reference for an entry MUST have a stable resolution
to the organization controlling that registry entry
NEW (missing trailing period):
o The required Reference for an entry MUST have a stable resolution
to the organization controlling that registry entry.
COMMENT:
The DNS is case-insensitive so this is a minor point, but would there
be any benefit to specifying that the registry only records the
all-lowercase version of an underscore name?
COMMENT:
The text specifically calls for a stable reference. Do we have
guidance about what constitutes such a thing? I believe IANA has its
own guidelines to that end; are they available to the Designated
Expert?
Section 6:
COMMENT:
I have doubts that SECDIR would accept this one-sentence comment. I
suggest saying something more specific, like:
"This document establishes a registry, and encourages a slight
reorganization of attributes stored in the DNS. It establishes no new
security issues."
Section 6.1:
COMMENT:
This seems to me to be content that belongs in its own section outside
of Section 6 since it doesn't seem to me to be a security issue, but
it's worth saying. Maybe give it its own section between what's now
Sections 3 and 4?
-MSK
- [DNSOP] Review of draft-ietf-dnsop-attrleaf Murray S. Kucherawy
- Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf Dave Crocker
- Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf Murray S. Kucherawy
- Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf Dave Crocker
- Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf Murray S. Kucherawy