IETF Logo Mail Archive

Re: [DNSOP] DNSOP Call for Adoption: draft-kristoff-dnsop-dns-tcp-requirements

Sara Dickinson <sara@sinodun.com> Tue, 23 May 2017 12:22 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D92A129B14 for <dnsop@ietfa.amsl.com>; Tue, 23 May 2017 05:22:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TY6bt2PawcI0 for <dnsop@ietfa.amsl.com>; Tue, 23 May 2017 05:22:38 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC7271294AC for <dnsop@ietf.org>; Tue, 23 May 2017 05:22:37 -0700 (PDT)
Received: from [62.232.251.194] (port=26661 helo=[192.168.12.23]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <sara@sinodun.com>) id 1dD8pg-0002jL-4r for dnsop@ietf.org; Tue, 23 May 2017 13:22:36 +0100
From: Sara Dickinson <sara@sinodun.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_33CF0CBA-B1C0-4158-A652-BDD6DD5D9C12"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 23 May 2017 13:22:34 +0100
References: <CADyWQ+GBgW9-BkNM9U9Y+9tDD29zh7ghngqhSJ5xH2awD52R=Q@mail.gmail.com>
To: IETF DNSOP WG <dnsop@ietf.org>
In-Reply-To: <CADyWQ+GBgW9-BkNM9U9Y+9tDD29zh7ghngqhSJ5xH2awD52R=Q@mail.gmail.com>
Message-Id: <87BAB987-605C-412B-ABE9-947FDDA17B40@sinodun.com>
X-Mailer: Apple Mail (2.3273)
X-BlackCat-Spam-Score: -28
X-Mythic-Debug: State = no_sa; Score =
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zikTayf-9Ps4BRz3qERNxb0DlfA>
Subject: Re: [DNSOP] DNSOP Call for Adoption: draft-kristoff-dnsop-dns-tcp-requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 12:22:40 -0000

> On 11 May 2017, at 11:57, tjw ietf <tjw.ietf@gmail.com> wrote:

> This starts a Call for Adoption for: draft-kristoff-dnsop-dns-tcp-requirements
> 
> The draft is available here: https://datatracker.ietf.org/doc/draft-kristoff-dnsop-dns-tcp-requirements/ <https://datatracker.ietf.org/doc/draft-kristoff-dnsop-dns-tcp-requirements/>
Hi, 

I’ve reviewed this draft and as stated previously support adoption as a companion document to RFC7766. 

Minor comments:

Section 2.2: I think the argument around DNSSEC can be bolstered by the fact that recent root ZSK and upcoming KSK rollovers involved large responses. 

Section 2: I think it might be useful to include a section in section 2 describing the fact that the lack of, or very limited implementation of TCP also fed the perception that it was a security risk. 

Section 6.3  s/[RFC7766] is might be/[RFC7766] might be/

Should there be a section in Section 6 about RFC7858 (DNS-over-TLS)? And since it is stated as TCP related development should RFC2136 be there (even though it is discussed earlier)?

How about including a reference to https://datatracker.ietf.org/doc/draft-stenberg-httpbis-tcp/ <https://datatracker.ietf.org/doc/draft-stenberg-httpbis-tcp/> ?

Regards

Sara.

v2.23.0 | Report a Bug | By Email