Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop-maintain-ds-03
Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 08 July 2016 22:19 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7ED612D89C for <gen-art@ietfa.amsl.com>; Fri, 8 Jul 2016 15:19:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIADI2xwf6hh for <gen-art@ietfa.amsl.com>; Fri, 8 Jul 2016 15:19:09 -0700 (PDT)
Received: from resqmta-ch2-01v.sys.comcast.net (resqmta-ch2-01v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7191A12D921 for <gen-art@ietf.org>; Fri, 8 Jul 2016 15:19:01 -0700 (PDT)
Received: from resomta-ch2-05v.sys.comcast.net ([69.252.207.101]) by resqmta-ch2-01v.sys.comcast.net with SMTP id Le6ubkaie13YVLe6ubHBJ9; Fri, 08 Jul 2016 22:19:00 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1468016340; bh=STxoIJYksupMOxX3BlJMz0to77JvWjx6fl2fu1YYSa0=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=lxWmIqYmn07j3YJFNcxDDkYxUgDAXhwhQW7mXX/Jnkroot8x3535tsgknfYVYBYyd 07APOwBtTYU0ztSrWuHzBDK9NfyccouZHHfAtWgHsLeStFblGVwHKLdrgmABKV1hCn Tx+nqRFgp5KnnGgFtga4W/OYMbKI/wvTllgXAb1Nia1NCJunF9VqJ1A5aBwJvY2jWp otgcq4/8qiMnJHkgh8aiVdZGkjdjc09wJWiGkDLDY2EP442x9h3wVAxBKC9EWq26mp t2SfmiOkduXDlTD8zLxyJbY3POJz4BPtnqIYo42YoRdWF2/GXHJwlR8EoKiO4dBf1V Y3CCzmO97aVPA==
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by comcast with SMTP id Le6ubUvJfqsftLe6ubpQzV; Fri, 08 Jul 2016 22:19:00 +0000
References: <0371ee99-778c-5ded-0c31-3c6d8d6b55c7@nostrum.com>
To: Robert Sparks <rjsparks@nostrum.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <58511354-85e4-835e-f0a8-1078398195f6@alum.mit.edu>
Date: Fri, 08 Jul 2016 18:18:59 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <0371ee99-778c-5ded-0c31-3c6d8d6b55c7@nostrum.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfOTOhUpAGxbVY7PfS+JkrIvBBGLBXBl+wkQeuo1ogblopbMobB5hQh+Kz1wB4Otph5PfreAYppqNhGVsk93Bi2mZ6Ybph2AXK6yHZZb2fkt5AmT3mt9T 9vvXEyFjxzItB5EAaW2zSnohMlwt821jwxPDwqSm4/4cmNvOxM7Dt5C29t59Xmwr66NRO2P8RdzGgXuCOLZ5PWUd+VJSruW45y99J7XgdSLRa1RTp3sySM4U
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/U5oiHMIJaWGBHoR-RNCQVK_bm2U>
Cc: gen-art@ietf.org
Subject: Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop-maintain-ds-03
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 22:19:10 -0000
(Just to Gen-art) Wow. I don't understand how you arrived at that summary. Based on the rest of the review I was expecting to be at least Not Ready. Are my standards wrong? Thanks, Paul On 7/8/16 4:32 PM, Robert Sparks wrote: > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > Document: draft-ietf-dnsop-maintain-ds-03 > Reviewer: Robert Sparks > Review Date: 8 Jul 2016 > IETF LC End Date: 11 Jul 2016 > IESG Telechat date: Not yet scheduled for a telechat > > Summary: Ready, but with nits and perhaps a process problem > > Potential process problem: > > This document intends to move RFC7344 from Informational to PS in place > (without republishing RFC7344. The intent to do so is buried at the end > of the document (the abstract doesn't mention it). The Last Call for the > document does not make it clear that _this_ document is elevating RFC7344. > (It at least mentions it, which is good, but the writeup about the > elevation > can be read to say "we're considering this elevation somewhere else, > keep it > in mind while evaluating this document"). > > There is no hint from the subject line that this is a call to bring RFC7344 > onto the standards track. Unless there is some other communication effort > that I've missed on a quick search, I think it is very likely that most > of the IETF community outside the dnsop working group missed this intent. > I strongly encourge a last call focusing _specifically_ on moving RFC7344 > to the standards track without republication. > > My personal feedback on elevating RFC7344 without republishing is that it's > not the right thing to do. At the very least "Category: Informational" > appears in the document itself, and that will not change. If the IESG > decides to proceed with this as currently formulated, count me in the > deep rough. > > Nits: > > In 1.2, "that decision SHOULD be fully under the child domain's control"... > Why is that a 2119 SHOULD? I think this is commentary on that it would be > a bad idea for someone else to unilaterally decide to turn of DNSSEC for > a child domain? Why not just say that (it would be even better to expand > on _why_ it's a bad idea. If you really think this is the right way to say > what you mean, and you keep 2119, please talk about when it would be ok to > not follow that SHOULD. > > In 1.3, consider pointing to Appendix A of RFC7344 to better define RRR. > > In the Security Considerations, you have "Users SHOULD" and "all options > SHOULD be considered". These are not meaningul uses of 2119 - please use > prose to say what you really mean. If you want to keep them, please talk > about when it would be ok to not follow the SHOULD. I think you're trying > to say "Completing the rollover via an unsigned state is dangerous and > should > only be used as a last resort" or something similarly strong. > > Consider pointing back to the 5 scenarios you spell out in section 1.2 > in the > security considerations section. The asserted existance of operational and > aoftware limitations that necessitate turning off DNSSEC to facilitate a > change > of operator is certainly a major security consideration. > > Consider doing more to the DNS Security Algorithms Number registry than > the current instructions indicate. Simply adding a reference to this > document > to the row for number 0 does not convey that this "reserved" number is > actually > being _used_ in a protocol, and that when it is it's an algorithm number > that > is not a number for an algorithm. I don't know how to say that cleanly, but > the registry should say more than simply "reserved" if this document is > approved. > > Typo-nit: s/digiest/digest/ > > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art >
- Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop… Robert Sparks
- Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop… Paul Kyzivat
- [Gen-art] Gen-art LC review: draft-ietf-dnsop-mai… Robert Sparks
- Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop… joel jaeggli
- Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop… Jari Arkko
- Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop… joel jaeggli
- Re: [Gen-art] Gen-art LC review: draft-ietf-dnsop… Robert Sparks