[secdir] Secdir last call review of draft-ietf-dnsop-zoneversion-06
Shawn Emery via Datatracker <noreply@ietf.org> Thu, 06 June 2024 06:55 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA02C1D4CF2; Wed, 5 Jun 2024 23:55:42 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.14.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171765694296.11836.1686812500783472443@ietfa.amsl.com>
Date: Wed, 05 Jun 2024 23:55:42 -0700
Message-ID-Hash: 5NXDJB7EOXTX3IKAPEZYIDSOLOZJLRHE
X-Message-ID-Hash: 5NXDJB7EOXTX3IKAPEZYIDSOLOZJLRHE
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, draft-ietf-dnsop-zoneversion.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Subject: [secdir] Secdir last call review of draft-ietf-dnsop-zoneversion-06
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/5CcCfrDwrmQOqmoWw3-uddYTB40>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Reviewer: Shawn Emery Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies an extension in DNS for providing zone version information for the associated query name. This data allows callers to better correlate the queried name to a zone version that it belongs, in order to better diagnose synchronicity issues. The security considerations section does exist and describes that this EDNS extension does not protect against an active attacker and therefore should only be used for diagnostic purposes only. The section continues, if zone version information is to protected against an active attacker then the user should use TSIG (RFC 8945) or SIG(0) (RFC 2931) to authenticate and provide integrity protection. In addition, there are no new privacy issues introduced by the new extension given that version information is already provided publicly. I agree with the aforementioned assertions. General Comments: What's an unsigned decimal integer vs. unsigned integer? Editorials Comments: s/and and/and/ s/correspond do/correspond to the/
- [secdir] Secdir last call review of draft-ietf-dn… Shawn Emery via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Wessels, Duane
- [secdir] Re: Secdir last call review of draft-iet… Shawn Emery
- [secdir] Re: [Last-Call] Secdir last call review … touch@strayalpha.com
- [secdir] Re: [Last-Call] Secdir last call review … Shawn Emery