Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf-fix

Dave Crocker <> Wed, 18 July 2018 16:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2C42B130EA8 for <>; Wed, 18 Jul 2018 09:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KKm4Xl8lLQQ4 for <>; Wed, 18 Jul 2018 09:33:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 97BF9130FEC for <>; Wed, 18 Jul 2018 09:33:45 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w6IGaIGD004987 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jul 2018 09:36:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1531931779; bh=u+ytarzXWZN/+XEV8mihq/8jHnEKzY6zapj4FLMbXvE=; h=Subject:To:References:From:Cc:Reply-To:Date:In-Reply-To:From; b=BEFXLZ8dgPPo6F6NvNqt0F5XqUwhY7EmEMQOkcPkdcR/R5BnFZ8OgqHZaL5lTzmhJ 7othcJaT91kWpsoASZumUUA5Twr26PQe8t5ewbYl2nIeE0ijrOM73ifc1ApdaZRnl0 zJTQDSTznCvGRlpAoo8O90iUHUXl13IDNub1cMm0=
To: "Murray S. Kucherawy" <>
References: <>
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
Message-ID: <>
Date: Wed, 18 Jul 2018 09:33:39 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-attrleaf-fix
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Jul 2018 16:33:47 -0000

On 7/18/2018 8:37 AM, Murray S. Kucherawy wrote:
> Section 3.2 replaces text in Section 4.1 of something, but I don't know 
> what; the prior paragraph refers to multiple other documents.  I 
> suggest:  (a) clarify which document's 4.1 is being replaced, and (b) 
> don't bother including the original (replaced) text.

I'll add reference to the RFC being modified, closer to the modification 
text, but I'd rather keep the old language in there, to reduce the 
likelihood that someone will replace too-much/not-enough of the existing 

> I believe Section 4 can include a note to the RFC Editor to remove it 
> prior to publication.


> Section 5, as in the other document, is too terse.  I suggest 
> summarizing the fact that the only thing going on here is creating of 
> IANA requirements on future work, and updating old documents to 
> reference those requirements.

Same reaction as for the other document.  I think it the change creates 
a 'form' of greater substance but not the substance of substance.

It doesn't allow a security reviewer to do a better (or worse) job and 
it doesn't demonstrate meaningfully greater security knowledge of the 

Side note: FWIW I am certainly concerned that this section be 
meaningful.  When it was first required by the IAB, we were given no 
guidance about what to include and had no skill at knowing/guessing.  So 
pro forma language, similar to what I've put in, was the norm.  In most 
cases, it represented conformance to form but had no substance.  However 
in the current case, I believe it exactly summarizes the issue for these 

Dave Crocker
Brandenburg InternetWorking