[Int-dir] Intdir telechat review of draft-ietf-dnsop-dnssec-bootstrapping-08

Benson Muite via Datatracker <noreply@ietf.org> Sun, 12 May 2024 18:43 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: int-dir@ietf.org
Delivered-To: int-dir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 32EEFC151545; Sun, 12 May 2024 11:43:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benson Muite via Datatracker <noreply@ietf.org>
To: int-dir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171553939119.13322.12950960334297290558@ietfa.amsl.com>
Date: Sun, 12 May 2024 11:43:11 -0700
Message-ID-Hash: WPAL2HJO65V7CBJGYEXREUIVXWSYW6WR
X-Message-ID-Hash: WPAL2HJO65V7CBJGYEXREUIVXWSYW6WR
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-int-dir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, draft-ietf-dnsop-dnssec-bootstrapping.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Benson Muite <benson_muite@emailplus.org>
Subject: [Int-dir] Intdir telechat review of draft-ietf-dnsop-dnssec-bootstrapping-08
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/VCoC8tSq33n3AyIaZsswLNklNcg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Owner: <mailto:int-dir-owner@ietf.org>
List-Post: <mailto:int-dir@ietf.org>
List-Subscribe: <mailto:int-dir-join@ietf.org>
List-Unsubscribe: <mailto:int-dir-leave@ietf.org>

Reviewer: Benson Muite
Review result: Ready with Nits

I am an assigned INT directorate reviewer for
<draft-ietf-dnsop-dnssec-bootstrapping-08.txt>. These comments were written
primarily for the benefit of the Internet Area Directors. Document editors and
shepherd(s) should treat these comments just like they would treat comments
from any other IETF contributors and resolve them along with any other Last
Call comments that have been received. For more details on the INT Directorate,
see https://datatracker.ietf.org/group/intdir/about/ .

Based on my review, if I was on the IESG I would ballot this document as YES.

SUMMARY:
The draft proposes a mechanism to enable automated initial validation of child
subdomain CDS/CDNSKEY records when an out of balliwick name server is available
and when the child zone name is not too long.

SUGGESTIONS FOR IMPROVEMENT:

1. May want to minimize number of acronyms in the abstract, for example DS
(Delegation Signer), CDS (Child DS) and CDNSKEY (Child Domain Name System
public key) 2. Too long is not specified though is mentioned in section 4.4 -
could more details be given and do deprecated out of band methods need to be
used in such cases? Any estimates on how often too long names might occur? 3.
Will there be a follow on informational best practice document based on
operational experiences?

Benson