Re: [DNSOP] Review of draft-ietf-dnsop-nsec-aggressiveuse-08
fujiwara@jprs.co.jp Wed, 29 March 2017 16:30 UTC
Return-Path: <fujiwara@jprs.co.jp>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BBF3129549; Wed, 29 Mar 2017 09:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-rZlri0i5ei; Wed, 29 Mar 2017 09:30:20 -0700 (PDT)
Received: from off-send01.osa.jprs.co.jp (off-send01.osa.jprs.co.jp [IPv6:2001:218:3001:17::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D72EF1243F3; Wed, 29 Mar 2017 09:30:15 -0700 (PDT)
Received: from off-sendsmg01.osa.jprs.co.jp (off-sendsmg01.osa.jprs.co.jp [172.23.8.61]) by off-send01.osa.jprs.co.jp (8.14.4/8.14.4) with ESMTP id v2TGUCxX015312; Thu, 30 Mar 2017 01:30:12 +0900
Received: from off-sendsmg01.osa.jprs.co.jp (localhost [127.0.0.1]) by postfix.imss71 (Postfix) with ESMTP id 816AF180064; Thu, 30 Mar 2017 01:30:10 +0900 (JST)
Received: from localhost (off-cpu05.osa.jprs.co.jp [172.23.4.15]) by off-sendsmg01.osa.jprs.co.jp (Postfix) with ESMTP id 6C5F0180062; Thu, 30 Mar 2017 01:30:10 +0900 (JST)
Date: Thu, 30 Mar 2017 01:30:10 +0900
Message-Id: <20170330.013010.111206076393335798.fujiwara@jprs.co.jp>
To: jouni.nospam@gmail.com
Cc: ops-dir@ietf.org, dnsop@ietf.org, ietf@ietf.org, draft-ietf-dnsop-nsec-aggressiveuse.all@ietf.org
From: fujiwara@jprs.co.jp
In-Reply-To: <149063698126.30570.4959246116267967756@ietfa.amsl.com>
References: <149063698126.30570.4959246116267967756@ietfa.amsl.com>
X-Mailer: Mew version 6.5 on Emacs 24.4 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1690-8.1.0.1062-22972.007
X-TM-AS-Result: No--1.579-5.0-31-10
X-imss-scan-details: No--1.579-5.0-31-10
X-TMASE-MatchedRID: I5Fk1qs03HZCXIGdsOwlUu5i6weAmSDKZggZX8gYmrWObf10apLcSYu3 renu5Y0wMEy6Wuy7Ct700AgBAXs4SDJz3NGP4sGiDPhWwJzVhb60NJ9wxH7tk4KwF4K/wIz96dX KvERZ4p2t2gtuWr1Lmu47aD4Eo6Bix3+VDjLVh5QdxBAG5/hkW8nlJe2gk8vI/RM/+SKR6qcP65 UmIJNL5L4hC3jqtx/XHHX4BkBfkXmMkVxV9HfBrk1rhQ5+QlI0+KgiyLtJrSCY5NBG7YIbV66Vr pWAb3te4vM1YF6AJbZcLc3sLtjOt1ZFWWuOwo7wMM4ioayl4t151TqU12Mb2uloYgzjonrsro1U RZJFbJtjOpwWsqMi2XW10lvR22DEn+w6tI06i1IYPdI6KnbaYyT72kg3esYp8wkfUH0RC3ZL1Xd OlixYVfoyHrcxti9vnX+P461qsDhKemLhqA7Wjm4DIJPw+zue1PeR9HWWCpTMJ5bhTjeL1cOC91 ofseCc
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vqKl4_xuxWJA2KrFgtU4JvGHu7A>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-nsec-aggressiveuse-08
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 16:30:23 -0000
Thanks for the review > From: Jouni Korhonen <jouni.nospam@gmail.com> > Reviewer: Jouni Korhonen > Review result: Has Nits > > I think would be ready if it passed IDnits. I found the document good > read and found no sinkholes in it. Pointing up two implementations was > also great. > > The Proto Write-up seems not be up to date with what IDnits says e.g., > when it comes to downrefs, which is what the IDnits complain about. > > A couple of editorials: > > Lines 118-119 says: "This takes this.." I would reword to something > like: > "This document takes using NXDOMAIN information for more effective > caching further." > > Lines 396 and 397 uses "is NOT" and "IS making". I would use lower > case here. No reason to use capitalized and still non-RFC2119 > language. I will update the parts. > Line 407 is would be great to indicate since which version of Unbound > support has been in place. It is my edit mistake. Unbound does not implement "Aggressive use of DNSSEC-validated Cache" now. See: https://mailarchive.ietf.org/arch/msg/dnsop/Iv1mxko-ZtUBkNWPZnnnwT9LR-A # I implemented NSEC only version using Unbound three years ago as a patch. -- Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>