[homenet] Robert Wilton's No Objection on draft-ietf-homenet-front-end-naming-delegation-19: (with COMMENT)

[Robert Wilton via Datatracker <noreply@ietf.org>]

Robert Wilton has entered the following ballot position for
draft-ietf-homenet-front-end-naming-delegation-19: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-homenet-front-end-naming-delegation/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Like other ADs, I found this document hard to read.

Rather than defining a JSON schema file in Appendix B, it would be much better
if this was defined in YANG, which is the IETF standard data modelling language
for network configuration.  A JSON encoding for YANG defined data also exists
so it would still work for what is proposed here.

I also ran a grammar tool over the XML for -19, and it flagged up these
warnings that you might want to consider checking/fixing in the next revision
(they are not necessarily all valid):

Spellings:
Sometimes you use HomeNet, in other places, Homenet, and also homenet.
Pre-requisite,
SIgning,

Grammar Warnings:
Section: abstract, draft text:
Home network owners may have devices or services hosted on this home network
that they wish to access from the Internet (i.e., from a network outside of the
home network). Warning:  This phrase is redundant. Consider using outside.
Suggested change:  "outside"

Section: 1, draft text:
The appendices discuss several management (see [sec-reverse]) provisioning (see
[sec-reverse]), configurations (see [info-model]) and deployment (see
[sec-deployment] and [sec-ex-manu]) aspects. Warning:  Possible agreement
error. The noun management seems to be uncountable; consider using: some
management. Suggested change:  "some management"

Section: 3, draft text:
The IPv6 ULA and the private IPv4 addresses may be useful to publish, if the
home network environment features a VPN that would allow the home owner to
reach the network. Warning:  This noun normally spelled as one word. Suggested
change:  "homeowner"

Section: 3, draft text:
Since communications are established with names which remain a global
identifier, the communication can be protected by TLS the same way it is
protected on the global Internet - using certificates. Warning:  Possible typo:
you repeated a whitespace Suggested change:  " "

Section: 4, draft text:
While the IETF has defined a DNS based mechanism Dynamic Update [RFC2136], in
many – as far as the co-authors know in all cases – case commercial “Dynamic
Update” solutions are primarily implemented via a HTTPS RESTful API. Warning: 
Use an instead of 'a' if the following word starts with a vowel sound, e.g. 'an
article', 'an hour' Suggested change:  "an"

Section: 4, draft text:
Any host can do this regardless of whether or not the home network
administrator wants the name published or not. Warning:  Consider shortening
this phrase to just whether. It is correct though if you mean 'regardless of
whether'. Suggested change:  "whether"

Section: 4, draft text:
The DNS zone are then synchronized using an alternative mechanism as the one
designed for zone synchronisation inherited from the primary used case where
the synchronization is performed at the node level. Warning:  Do not mix
variants of the same word ('synchronisation' and 'synchronization') within a
single text. Suggested change:  "synchronization"

Section: 4, draft text:
Our proposal use the standard mechanism defined by DNS for zone synchronisation.
Warning:  Possible agreement error - use third-person verb forms for singular
and mass nouns: uses. Suggested change:  "uses"

Section: 4, draft text:
Our proposal use the standard mechanism defined by DNS for zone synchronisation.
Warning:  Do not mix variants of the same word ('synchronisation' and
'synchronization') within a single text. Suggested change:  "synchronization"

Section: 5.1, draft text:
Such a domain name does not need to be human readable.
Warning:  This word is normally spelled with hyphen.
Suggested change:  "human-readable"

Section: 5.1, draft text:
Instead these keys are solely used by the HNA for the authentication to the DM.
Warning:  Did you forget a comma after a conjunctive/linking adverb?
Suggested change:  "Instead,"

Section: 5.1.1, draft text:
One potential mechanism to provide the parameters would be to provide the user
with a JSON object which they can copy paste into the CPE - such as described
in [info-model]. Warning:  Did you mean copy and paste? Suggested change: 
"copy and paste"

Section: 6.1, draft text:
The “.local” as well as “.home.arpa” are explicitly not considered as Public
Homenet zones and represented as Homenet Zone in [fig-naming-arch]. Warning: 
The singular proper name 'Homenet' must be used with a third-person or a past
tense verb: zones, zoned. Suggested change:  "Zones"

Section: 3.1, draft text:
In some cases, the HNA and Homenet Authoritative Servers may be combined
together which would result in a common instantiation of an authoritative
server on the WAN and inner homenet interface. Warning:  'combined together' is
redundant. Use combined Suggested change:  "combined"

Section: 6.2, draft text:
The Control Channel and the Synchronization Channel are the interfaces used
between the HNA and the DOI. Warning:  The singular proper name 'Channel' must
be used with a third-person or a past tense verb: is, was, were. Suggested
change:  "is"

Section: 4.1, draft text:
In term of RRset information this includes:
Warning:  Did you mean the commonly used phrase In terms of?
Suggested change:  "In terms of"

Section: 4.2, draft text:
Though the HNA may also later directly update the values of the DS via the
Control Channel, it is RECOMMENDED to use other mechanisms such as CDS and
CDNSKEY [RFC7344] for transparent updates during key roll overs. Warning:  This
expression is normally spelled as one or with hyphen. Suggested change: 
"roll-overs"

Section: 4.5.2, draft text:
A SERVFAIL error is returned when a internal error is encountered.
Warning:  Use an instead of 'a' if the following word starts with a vowel
sound, e.g. 'an article', 'an hour' Suggested change:  "an"

Section: 4.5.4, draft text:
As indicated by [RFC2136] Section 2.5.2 the delete instruction is set by
setting the TTL to 0, the Class to ANY, the RDLENGTH to 0 and the RDATA MUST be
empty. Warning:  After 'the', do not use a verb. Make sure that the spelling of
'delete' is correct. If 'delete' is the first word in a compound adjective, use
a hyphen between the two words. Note: This error message can occur if you use a
verb as a noun, and the word is not a noun in standard English.

Section: 7.6, draft text:
TLS [RFC8446]) MUST be used to secure the transactions between the DM and the
HNA and the DM and HNA MUST be mutually authenticated. Warning:  Unpaired
symbol: '(' seems to be missing

Section: 4.7, draft text:
This results in a limited number of possible exchanges (AXFR/IXFR) with a small
number of IP addresses and an implementation SHOULD enable filtering policies
as described in [sec-cpe-sec-policies]. Warning:  Specify a number, remove
phrase, use a few, or use some Suggested change:  "a few"

Section: 8, draft text:
Note that the Control Channel and the Synchronization Channel are by
construction different channels even though there they may use the same IP
address. Warning:  The singular proper name 'Channel' must be used with a
third-person or a past tense verb: is, was, were. Suggested change:  "is"

Section: 8, draft text:
On the other hand, the Synchronization Channel is set between the DM working as
a client using port ZZZZ ( another high range port) toward a service provided
by the HNA at port XX. Warning:  Don't put a space after the opening
parenthesis. Suggested change:  "("

Section: 8.1, draft text:
The AXFR request from the DM to the HNA MUST be secured with TLS [RFC8446])
following DNS Zone Transfer over TLS [RFC9103]. Warning:  Unpaired symbol: '('
seems to be missing

Section: 7, draft text:
The HNA SHOULD drop any packets arriving on the WAN interface that are not
issued from the DM – as opposed to server as an Homenet Authoritative Server
exposed on the Internet. Warning:  The usual proposition after "arriving" is
"at" not "on". Did you mean arriving at? Suggested change:  "arriving at"

Section: 7, draft text:
The HNA SHOULD drop any packets arriving on the WAN interface that are not
issued from the DM – as opposed to server as an Homenet Authoritative Server
exposed on the Internet. Warning:  Use a instead of 'an' if the following word
doesn't start with a vowel sound, e.g. 'a sentence', 'a university' Suggested
change:  "a"

Section: 10, draft text:
Only TLS packet or potentially some DNS packets ( see XoT) packets SHOULD be
allowed. Warning:  Don't put a space after the opening parenthesis. Suggested
change:  "("

Section: 7, draft text:
The HNA SHOULD reject any incoming messages other than DNS NOTIFY response, SOA
  query, IXFR query or AXFR query. Warning:  Possible typo: you repeated a
whitespace Suggested change:  " "

Section: 8, draft text:
More specifically, a common case is that the upstream ISP provides the IPv6
prefix to the Homenet with a IA_PD [RFC8415] option and manages the DOI of the
associated reverse zone. Warning:  Use an instead of 'a' if the following word
starts with a vowel sound, e.g. 'an article', 'an hour' Suggested change:  "an"

Section: 11, draft text:
Such constraints does not raise major concerns either for hot standby or load
sharing configuration. Warning:  You should probably use do. Suggested change: 
"do"

Section: 11, draft text:
Outsourcing the DNS Authoritative service from the HNA to a third party raises
a few privacy related concerns. Warning:  Possible agreement error. The noun
privacy seems to be uncountable; consider using: little privacy. Suggested
change:  "little privacy"

Section: 11, draft text:
A well designed User Interface would combine a policy for making a service
public by a name with a policy on who may access it. Warning:  This word is
normally spelled with hyphen. Suggested change:  "well-designed"

Section: 12.1, draft text:
This MAY involved a mix of exchanges protected by TLS and exchanges not
protected by TLS. Warning:  The modal verb 'MAY' requires the verb's base form.
Suggested change:  "involve"

Section: 12.1, draft text:
This MAY be handled by a off-line agreement between the DM and HNA as well as
with the use of RCODES defined in Section 7.8 of [RFC9103]. Warning:  Use an
instead of 'a' if the following word starts with a vowel sound, e.g. 'an
article', 'an hour' Suggested change:  "an"

Section: 12.3, draft text:
In addition IPv6 enables temporary addresses that makes them even more volatile
[RFC8981]. Warning:  Did you forget a comma after a conjunctive/linking adverb?
Suggested change:  "addition,"

Section: 12.4, draft text:
To provide resilience against CPE breaks, it is RECOMMENDED to backup these
keys to avoid an emergency key roll over when the CPE breaks. Warning:  Did you
mean to back up? Suggested change:  "to back up"

Section: 17, draft text:
The authors wish to thank Philippe Lemordant for his contributions on the early
versions of the draft; Ole Troan for pointing out issues with the IPv6 routed
home concept and placing the scope of this document in a wider picture; Mark
Townsley for encouragement and injecting a healthy debate on the merits of the
idea; Ulrik de Bie for providing alternative solutions; Paul Mockapetris,
Christian Jacquenet, Francis Dupont and Ludovic Eschard for their remarks on
HNA and low power devices; Olafur Gudmundsson for clarifying DNSSEC
capabilities of small devices; Simon Kelley for its feedback as dnsmasq
implementer; Andrew Sullivan, Mark Andrew, Ted Lemon, Mikael Abrahamson, and
Ray Bellis for their feedback on handling different views as well as clarifying
the impact of outsourcing the zone signing operation outside the HNA; Mark
Andrew and Peter Koch for clarifying the renumbering. Warning:  The usual
preposition for "contribution" is "to". Did you mean contributions to?
Suggested change:  "contributions to"

Section: A.1, draft text:
This section details what needs to be provisioned into the HNA and serves as a
requirements statement for mechanisms. Warning:  Apostrophe might be missing.
Suggested change:  "requirements'"

Section: A.1, draft text:
— the Registered Domain (e.g., myhome.example ) — the contact info for the
Distribution Manager (DM), including the DNS name (FQDN), possibly including
the IP literal, and a certificate (or anchor) to be used to authenticate the
service — the DM transport protocol and port (the default is DNS over TLS, on
port 853) — the HNA credentials used by the DM for its authentication. Warning:
 Don't put a space before the closing parenthesis. Suggested change:  ")"

Section: A.1, draft text:
The above parameters MUST be be provisioned for ISP-specific reverse zones.
Warning:  Did you mean been?
Suggested change:  "been"

Section: A.1, draft text:
Once the registrar has been selected, the HNA redirects the end user to that
registrar in order to receive a access token. Warning:  Use an instead of 'a'
if the following word starts with a vowel sound, e.g. 'an article', 'an hour'
Suggested change:  "an"

Section: Appendix B, draft text:
Note that HNA does not defines ports for the Synchronization Channel.
Warning:  Did you mean define? As 'do' is already inflected, the verb cannot
also be inflected. Suggested change:  "define"

Section: Appendix B, draft text:
Currently the Configuration Channel does not provide this, and limits its
agility to a dedicated IP address. Warning:  Did you forget a comma after a
conjunctive/linking adverb? Suggested change:  "Currently,"

Section: Appendix B, draft text:
The device would need to be provisioned with a device-unique credential, and it
is likely that the Registered Homenet Domain would be derived from a public
attribute of the device, such as a serial number (see [sec-ex-manu] or
[I-D.richardson-homerouter-provisioning] for more details ). Warning:  Don't
put a space before the closing parenthesis. Suggested change:  ")"

Section: Appendix C, draft text:
In addition to having a assymmetric credential known to the manufacturer, the
device also has been provisioned with an agreed upon name. Warning:  Use an
instead of 'a' if the following word starts with a vowel sound, e.g. 'an
article', 'an hour' Suggested change:  "an"