[secdir] SECDIR review of draft-cheshire-dnsext-special-names-01.txt

Chris Lonvick <clonvick@cisco.com> Thu, 27 January 2011 02:47 UTC

Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 16CF43A6906; Wed, 26 Jan 2011 18:47:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.513
X-Spam-Level:
X-Spam-Status: No, score=-110.513 tagged_above=-999 required=5 tests=[AWL=0.086, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qf4aU9HSaRvr; Wed, 26 Jan 2011 18:47:27 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 5DB7A3A6A5F; Wed, 26 Jan 2011 18:47:27 -0800 (PST)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EAGJsQE2rR7Hu/2dsb2JhbACWXAGOIXOgW5tKhU8EhRc
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 27 Jan 2011 02:50:29 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p0R2oTAp029783; Thu, 27 Jan 2011 02:50:29 GMT
Date: Wed, 26 Jan 2011 18:50:29 -0800 (PST)
From: Chris Lonvick <clonvick@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, draft-cheshire-dnsext-special-names.all@tools.ietf.org
Message-ID: <Pine.GSO.4.63.1101261815430.3620@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: [secdir] SECDIR review of draft-cheshire-dnsext-special-names-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2011 02:47:28 -0000

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Overall, the document appears to be well written and I havn't found any 
security concerns with it.

I will bring up a couple of nits that the authors may want to address.

The use of the term "carve" may not be well understood by non-native 
English speakers.  Perhaps using the term "reserved" would be better.

in the IANA section, shouldn't the IESG perform the check that your 7 
questions are answered appropriately?

Along those lines, since you give examples of special-use domain names, 
wouldn't it be appropriate to start the IANA registry with those?

The last lines of section 2 are:
    processes, that process should be used. Reservation of a Special-Use
    Domain Names is not a mechanism for circumventing normal domain name
    registration processes.
I'd s/Names/Name/

Regards,
Chris