Gen-ART review of draft-hardie-privsec-metadata-insertion

Stewart Bryant <> Sat, 28 January 2017 10:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 73103129471; Sat, 28 Jan 2017 02:20:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FMeN1mwWX_b3; Sat, 28 Jan 2017 02:20:20 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 023DA128874; Sat, 28 Jan 2017 02:20:20 -0800 (PST)
Received: by with SMTP id c85so149316443wmi.1; Sat, 28 Jan 2017 02:20:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=OAgc01XibkdBRmJbzwzut6mB7WWc6XdIr6nGCONVfE4=; b=nX+z1/8fJeWINshZsMThEbRVXoUMu+PNR6pwl03j8NC6jaDl50ZIyyHEq6euWdM2JL VwBIdPyQj3HiqBK1BQlvLDV0dEyVeOmqaZsYuAR7cjPHeCtZ71TAy1HKTg3c3GMz/SCV NlI9jVIEeaFBWSZ3e5JY+wsY7WnHpme/uFZO1YkyNyM3s7vpM3guuir8KheioxZJgsjJ p2xz0F1I7a86jPAn0nbJePK0Bxo7NXuf3lx4c1WDlSRggki+0FXW6b5arPs72Hzvy8LY kVDvmKwQNKgeZz8JesOYPgRydI2HulCdk8d0cqfHcjbWwNBpt9PrJ9reeum83tyX4mMF JQdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=OAgc01XibkdBRmJbzwzut6mB7WWc6XdIr6nGCONVfE4=; b=nYA5Qf4EbwV9V8l7tRG74vrUyeZ03A0+BS7Zo8xILmUED2wotLy0UpiemHBTGibffw hYxWZkaPWwRVz458th6zjuiBi41eQuJCJ44+APQu8PSwDaJC0eybjHWA9si3x33oJmSL ZTi0mDam3XZQWhaEdMb6ErxYRABxdgLJkJji5wAklKWOvaVi0ekheTekqYHzXkc++Id2 5BYTWq55WT0yhnHg8Ua+rYyVjY2OlDrj8VHjE8i+634VcUy5ZKhAm2+XjpcqZ0VaM8ct JquO59pv+vlEC6n2QsV6d++xIJhZhDDVdO2F/V6aRvb+b5LMki6XxIIuRRfn+HAJyb4R kjDA==
X-Gm-Message-State: AIkVDXLokIgTx/p7H432viuZyKzVrbceDUgVJuNg0DsdgKyeDAk5B4sus6ySanlvuYb/Hw==
X-Received: by with SMTP id 2mr7134377wmp.66.1485598818200; Sat, 28 Jan 2017 02:20:18 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id c9sm8176661wmi.16.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 28 Jan 2017 02:20:17 -0800 (PST)
To: General Area Review Team <>,, IETF Discussion <>
From: Stewart Bryant <>
Subject: Gen-ART review of draft-hardie-privsec-metadata-insertion
Message-ID: <>
Date: Sat, 28 Jan 2017 10:20:16 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Jan 2017 10:20:21 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-hardie-privsec-metadata-insertion-??
Reviewer: Stewart Bryant
Review Date: 2017-01-28
IETF LC End Date: 2017-02-21
IESG Telechat date: Not scheduled for a telechat

Summary: This is a well written document with a couple of nits. It would 
be helpful to the reader interested in the concept, but unfamiliar with 
DNS if there was some minor additional clarification regarding  EDNS0.

Major issues: None

Minor issues:

RFC4301 is an unused reference. Is it missing from the text?


    By negotiating an EDNS0
    option which allowed them to self-populate this data,.....

SB> Calling up EDNS0 (which really needs expanding) comes out of the
SB> blue and could use a reference and sentence of explanation
SB> at least for those not familiar with the detail of DNS.

Nits/editorial comments:

[RFC7624] in the Abstract should be changed to RFC7624


1.  Introduction
    exploited in the attacks document in [RFC7258] and the threats