Re: [Gen-art] Genart last call review of draft-ietf-dnsop-7706bis-07
Warren Kumari <warren@kumari.net> Fri, 28 February 2020 18:18 UTC
Return-Path: <warren@kumari.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9170D3A1C80 for <gen-art@ietfa.amsl.com>; Fri, 28 Feb 2020 10:18:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3E1Zephtpa4F for <gen-art@ietfa.amsl.com>; Fri, 28 Feb 2020 10:18:33 -0800 (PST)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D5FA3A1C7C for <gen-art@ietf.org>; Fri, 28 Feb 2020 10:18:33 -0800 (PST)
Received: by mail-qv1-xf2c.google.com with SMTP id fc12so1033178qvb.6 for <gen-art@ietf.org>; Fri, 28 Feb 2020 10:18:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xi1swMm3ouS24nGvfcG0TOuFNH08PretZgYz0hrF0Y0=; b=Bwpfo0jOYlPyQH1TDJjhN0387D2wwMXD3oC98CJGgS0neoyE2OVRAr2Sgc2xc4Vt3o XtB2rXWuTh4w2GVuP/USUGYh/peH75u7GQ8zmj5hY949meJ8xQy93mITgHPAhWh4GQEt opzEmiAi4XcVZCaHXHBdNSzdY2cZphZy7KFCfNkf4MxxXHWQPokw+iuiGz8Vs5qN3KJk RlAh+6ATuxu1Lnur7XaXQkdA+s7cJpD3AvdzaGoVokCLjYwp/OUWkLM59UempPEmYwaN D/II/nUyKZyHIqHHUkk0xNrw4Y3bNFofsfaNO0z1urOx5Czq3GngzRrrFUXTvoJTQeje RNxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xi1swMm3ouS24nGvfcG0TOuFNH08PretZgYz0hrF0Y0=; b=pBimcwn//L103TUtYLUHd6fbCBzaXUwx6FfurI8z+j5Mu7xAmIDYDgPG0snW3Zi2o0 zlus39G+6GoipzXOjd68hOMV7QGZaPZT8ML0PP+W3QjGfVBmyapGnAvvgtbov3Jrh2ZN WyTJwh1xEW/Ta3BkWxA19VeARTQ0p4gaQR/nVWMIwFldzTcV6ZHkPgdoL8ZGQJih2WND 4BwxV7Go6V+ZFsc+ZkHhnwuMGS1RIKE3cs7flfWLlROJko5EwfqrZ8cJARcSQ0XFBr16 MaixeKmrCWA3taNZEaMWiC9NDHZKQ+wTiYXvSqqe1CNL/R+l8nBY5rBttKbJlIQWwSd4 SH7w==
X-Gm-Message-State: APjAAAXRgAGyDJP/WgUxdqxCia4Av2B18SgY5f145U/vEZe4ooqUd9aL gQAKeEnsr325j56pmEY0ae/Fok1tyDYxaWTglIIiLRB9
X-Google-Smtp-Source: APXvYqxEAb1QmD0vC7d7WQL+qlP84wpgue9gDCBwdVSie23D2EuTQlWcAwTetyf04TWhsEZNHICs3fKjO1sKhgxlz2w=
X-Received: by 2002:a05:6214:1784:: with SMTP id ct4mr4981523qvb.62.1582913911637; Fri, 28 Feb 2020 10:18:31 -0800 (PST)
MIME-Version: 1.0
References: <158289497136.22402.1744188467383478436@ietfa.amsl.com>
In-Reply-To: <158289497136.22402.1744188467383478436@ietfa.amsl.com>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 28 Feb 2020 13:17:55 -0500
Message-ID: <CAHw9_iKcSiVWdkGr_RYq=OfXuRb=x7aMTFiVi4gG_Sx1oqp5Mw@mail.gmail.com>
To: Ines Robles <mariainesrobles@googlemail.com>
Cc: General Area Review Team <gen-art@ietf.org>, last-call@ietf.org, dnsop <dnsop@ietf.org>, draft-ietf-dnsop-7706bis.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/XkR07dBQPpO2Z4FDnVsOb2tQGXM>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-dnsop-7706bis-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 18:18:39 -0000
On Fri, Feb 28, 2020 at 8:02 AM Ines Robles via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Ines Robles > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-dnsop-7706bis-07 > Reviewer: Ines Robles > Review Date: 2020-02-28 > IETF LC End Date: 2020-02-28 > IESG Telechat date: Not scheduled for a telechat > > Summary: > > The document is well written, it supplies appendixes with examples. > > This document describes a method for the operator of a recursive resolver to > have a complete root zone locally, and to hide queries for the root zone from > outsiders, at the cost of adding some operational fragility for the operator. > > I have some minor questions. > > Major issues: None > > Minor issues: None. > > Nits/editorial comments: > Thank you for the review! > 1- Appendix B.5: it seems that the link is not valid: <https://knot- > resolver.readthedocs.io/en/stable/modules.html#root-on-loopback-rfc- > 7706> > > This link worked for me: > https://knot-resolver.readthedocs.io/en/stable/modules-rfc7706.html. Thanks - not just for pointing out the issue, but also finding a better version - as suggested, I am changing this (in a git branch where I am collecting updates) to https://knot-resolver.readthedocs.io/en/v5.0.1/modules-rfc7706.html - I believe that stability is the most important attribute. AD, please let us know if you disagree. > > Questions: > > 1- It seems that this document replaces RFC7706, but the document states that > it updates RFC7706, is that correct? Oh, good point - once this is published, it does replace 7706 (it is a bis, and contains all of the content from 7706), so Obsoletes is better. Thank you, changed. > > 2- Abstract: "The cost of adding some operational fragility for the operator", > Does it introduce security considerations that have to be mentioned? > > 3- Section 1: "Research shows that the vast majority of queries going to the > root are for names that do not exist in the > root zone." - Do you have some references to that research that can be added > to the draft? Hmmmm... I think that we missed this because, within the DNS community this is sufficiently well known that we don't even think about / question it. There is quite a lot of research on this, but much if it is behind paywalls - while almost 20 years old now (Gods, I feel old!), I think that the best one to cite is still: https://www.caida.org/publications/papers/2001/DNSMeasRoot/dmr.pdf ( DNS Measurements at a Root Server ) -- I will add this. > > 4- I would expand KSK to Key signing key (KSK). Thanks! Done! > > 5- Should this draft add a reference to rfc8499? Seems like a good idea, thanks! I'm adding: "Readers are expected to be familiar with <xref target="RFC8499"/>." > > Thank you for this document, ... and thank you for the review. W > > Ines. > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [Gen-art] Genart last call review of draft-ietf-d… Ines Robles via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Barry Leiba
- Re: [Gen-art] Genart last call review of draft-ie… Warren Kumari
- Re: [Gen-art] Genart last call review of draft-ie… Barry Leiba
- Re: [Gen-art] Genart last call review of draft-ie… Ines Robles
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper