Re: [DNSOP] DNSOP Call for Adoption: draft-kristoff-dnsop-dns-tcp-requirements

John Kristoff <> Thu, 25 May 2017 17:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 70B03129B43 for <>; Thu, 25 May 2017 10:00:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pIZMZbFUYE65 for <>; Thu, 25 May 2017 10:00:50 -0700 (PDT)
Received: from ( [IPv6:2620:0:2250:2115:c0a7:18f5:bca1:ba92]) by (Postfix) with ESMTP id 1238F129B53 for <>; Thu, 25 May 2017 10:00:50 -0700 (PDT)
Received: from p50.localdomain (localhost []) by (Postfix) with ESMTP id 182D618FB; Thu, 25 May 2017 17:00:49 +0000 (UTC)
Date: Thu, 25 May 2017 12:00:48 -0500
From: John Kristoff <>
To: Sara Dickinson <>
Message-ID: <20170525120048.1477cea5@p50.localdomain>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [DNSOP] DNSOP Call for Adoption: draft-kristoff-dnsop-dns-tcp-requirements
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 May 2017 17:00:52 -0000

On Tue, 23 May 2017 12:22:34 +0000
Sara Dickinson <> wrote:

> I’ve reviewed this draft and as stated previously support adoption as
> a companion document to RFC7766.

Thank you for your review.

> Section 2.2: I think the argument around DNSSEC can be bolstered by
> the fact that recent root ZSK and upcoming KSK rollovers involved
> large responses.

Thank you, we can note that in a future revision.

> Section 2: I think it might be useful to include a section in section
> 2 describing the fact that the lack of, or very limited
> implementation of TCP also fed the perception that it was a security
> risk.

The references

  Cheswick, W. and S. Bellovin book

in section 2.4 I think may largely sums up the general concern.
Maybe the section 2.4 is not correctly titled or incompletely detailed
to highlight your point.  Any specific text or additional references are
welcome of course.

> Section 6.3  s/[RFC7766] is might be/[RFC7766] might be/

Thank you.

> Should there be a section in Section 6 about RFC7858 (DNS-over-TLS)?

Yes, thanks for pointing that out.  That section is still work in

> And since it is stated as TCP related development should RFC2136 be
> there (even though it is discussed earlier)?

Probably should be there.  Need I worry about section 6's length at
all?  It could take up a significant portion of the document given the
way this section is going.  Note, this section was added based on some
earlier feedback that having this sort of list might be helpful.
> How about including a reference to
> ?

Looks potentially worth including this sort of work in section 4.

Thanks again,