[openpgp] Dnsdir last call review of draft-ietf-openpgp-crypto-refresh-12
David Blacka via Datatracker <noreply@ietf.org> Thu, 16 November 2023 14:05 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: openpgp@ietf.org
Delivered-To: openpgp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 579CCC15106C; Thu, 16 Nov 2023 06:05:45 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: David Blacka via Datatracker <noreply@ietf.org>
To: dnsdir@ietf.org
Cc: draft-ietf-openpgp-crypto-refresh.all@ietf.org, last-call@ietf.org, openpgp@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.14.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170014354534.50347.1519830214066732502@ietfa.amsl.com>
Reply-To: David Blacka <davidb@verisign.com>
Date: Thu, 16 Nov 2023 06:05:45 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/VdyJ-BSTDGMbWDmyoxBdXjCYU-8>
Subject: [openpgp] Dnsdir last call review of draft-ietf-openpgp-crypto-refresh-12
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2023 14:05:45 -0000
Reviewer: David Blacka Review result: Ready As a DNS reviewer, I don't feel competent to review the cryptographic and packet format content, which is 99.99% of this Internet-Draft. I did read through that content (skimmed? this draft is pretty long) and didn't notice anything amiss. The sole mention of DNS is in 5.2.3.24 "Notation Data", where it says: > Names in the user namespace consist of a UTF-8 string tag followed by "@" followed by a DNS domain name. Note that the tag MUST NOT contain an "@" character. For example, the "sample" tag used by Example Corporation could be "sample@example.com". > > Names in a user space are owned and controlled by the owners of that domain. Obviously, it's bad form to create a new name in a DNS space that you don't own. > > Since the user namespace is in the form of an email address, implementers MAY wish to arrange for that address to reach a person who can be consulted about the use of the named tag. Note that due to UTF-8 encoding, not all valid user space name tags are valid email addresses. This is clear on the surface -- if one is using a "user namespace" identifier, it should look like an email address. This is likely to be sufficient in practice. However, as a DNS person, one wonders what is meant by "DNS domain name" *precisely*. In particular, is it supposed to be an existing DNS domain name? Is it dangerous if not? Are there limits on the length of the domain name part (or the username part)? How does "UTF-8" encoding mesh with standard DNS domain name formats? Do we expect the domain name part to be "letters-digits-hyphens"? or can it be anything, differing from standard DNS presentation format by UTF-8 encoding of non-ascii characters instead of decimal encoding? My guess is that what is meant is that the DNS domain name part of the identifier is an existing (at the time) domain name that SHOULD be controlled by the user. Saying it is existing (or did exist) brings along many restrictions that then need not be stated. These are very minor questions about a very minor part of this draft, however.
- [openpgp] Dnsdir last call review of draft-ietf-o… David Blacka via Datatracker
- Re: [openpgp] [dnsdir] Dnsdir last call review of… Jim Reid
- Re: [openpgp] Dnsdir last call review of draft-ie… Daniel Kahn Gillmor