[Gen-art] Gen-ART LC review of draft-ietf-dnsop-cookies-08

"Peter Yee" <peter@akayla.com> Fri, 25 December 2015 01:27 UTC

Return-Path: <peter@akayla.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BBA71A015F; Thu, 24 Dec 2015 17:27:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.299
X-Spam-Level: **
X-Spam-Status: No, score=2.299 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, MANGLED_LIST=2.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AzyJZ0J1kYNY; Thu, 24 Dec 2015 17:27:07 -0800 (PST)
Received: from p3plsmtpa07-01.prod.phx3.secureserver.net (p3plsmtpa07-01.prod.phx3.secureserver.net [173.201.192.230]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E24F1A015D; Thu, 24 Dec 2015 17:27:07 -0800 (PST)
Received: from spectre ([173.8.184.78]) by p3plsmtpa07-01.prod.phx3.secureserver.net with id xdT61r0061huGat01dT6UL; Thu, 24 Dec 2015 18:27:07 -0700
From: "Peter Yee" <peter@akayla.com>
To: <draft-ietf-dnsop-cookies.all@ietf.org>
Date: Thu, 24 Dec 2015 17:27:14 -0800
Message-ID: <011001d13eb3$63339cd0$299ad670$@akayla.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdE+qbxJHz620XJqT7CULNcO04O+LA==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/nZctXvsYgjvYXGu0q2J4KY40Cnw>
Cc: gen-art@ietf.org, ietf@ietf.org
Subject: [Gen-art] Gen-ART LC review of draft-ietf-dnsop-cookies-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Dec 2015 01:27:08 -0000

I am the assigned Gen-ART reviewer for this draft.  The General Area Review
Team (Gen-ART) reviews all IETF documents being processed by the IESG for
the IETF Chair.  Please treat these comments just like any other last call
comment.  For background on Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>

(Actually, I'm tardy on this review.  It inexplicably dropped off my radar.
So deal with these comments when you get around to handling Telechat input
or AUTH48 or whenever it suits you!  I'm still posting this review as it
will be needed come the Telechat.)

Document: draft-ietf-dnsop-cookies-08
Reviewer: Peter Yee
Review Date: December 24, 2015
IETF LC End Date: December 14, 2015
IESG Telechat date: TBD

Summary: This draft is basically ready for publication, but has nits that
should be fixed before publication. [Ready with nits]

The draft provides a lightweight means to increase the difficulty of certain
DNS attacks by off-path attackers, but it isn't designed to be the be all
and end all of DNS security.  It can be deployed incrementally.

Major issues: None

Minor issues:

Page 14, Section 5.2.4, 1st paragraph, 1st sentence: It might be useful to
mention what the examination entails as it would help in understanding the
3rd sentence in the paragraph.  There's an implied recalculation of the
Server Cookie value based on the received Client Cookie and client IP
address as opposed to a simple lookup of the received value.

Nits:

Page 12, Section 5.2, 3rd paragraph, 1st sentence: change "the the" to just
"the".

Page 13, Section 5.2.2, 2nd paragraph: append "bytes" after "40".

Page 14, Section 5.2.4, 1st paragraph, 2nd sentence: delete the sentence.
It's redundant with the 1st sentence.

Page 15, Section 5.4, 2nd paragraph, 1st sentence: change first "a" to "an".

Page 15, Section 5.4, 4th paragraph, 1st sentence: change first "a" to "an".

Page 17, Section 6, 1st paragraph, 2nd sentence: change "indefinitely" to
"indefinite".

Page 21, Section 9, 2nd paragraph, 2nd sentence: change "WPAv2" to "WPA2"
(the Wi-Fi Alliance's term).

Page 23, Section 10: change "a" to "an".

Page 27, Section A.1, 1st sentence: change "An" to "A".

Page 29, 1st partial sentence: if you're going to drop beta earlier in the
section, you might as well give the BIND version number here as well.  It's
no longer apparent that a beta version was involved.