[secdir] secdir review of draft-ietf-dnsext-dns-tcp-requirements-03

Barry Leiba <barryleiba.mailing.lists@gmail.com> Thu, 03 June 2010 20:36 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id B0ACE28C0FB; Thu, 3 Jun 2010 13:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.358
X-Spam-Status: No, score=-1.358 tagged_above=-999 required=5 tests=[AWL=-1.359, BAYES_50=0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id KF3iedfXaU6b; Thu, 3 Jun 2010 13:36:33 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com []) by core3.amsl.com (Postfix) with ESMTP id EFC073A687B; Thu, 3 Jun 2010 13:36:31 -0700 (PDT)
Received: by fxm6 with SMTP id 6so406880fxm.31 for <multiple recipients>; Thu, 03 Jun 2010 13:36:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to:date :message-id:subject:from:to:cc:content-type; bh=nlH2k0WEr/cQCEIK/btN0JlWmF06tSeIVemiHVWTCWk=; b=aLa39Cs9WfsyEsaCozeH5ANKk9B01FJBvPeSjqkKRr4zgzDpRZKNLxpXYD7U17ffoG CpbxLZkVsEb2dOCh2UrzmGcH6EIJqyLhK3I47NGwcBjA6yDfE4/akQAxov2mJPCMlsz0 MdYj8iAfWXl1fH7ScOgNAxO5+/ssJyXYgDD9o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:date:message-id:subject:from:to:cc :content-type; b=FE58T+NfL2XwZWyR7z6QNO2EwHkqtVe3oLDEumm5KR0ZB0U0RPUERqeGSdEDJy5r9y OADpLg8KtKKWT0kOBCPelx5t3Cy14bz5C2GccVUAxr0Bm4+EWTShMk23KtJj2D1AFfBW 1iMUNkGTkbbGwJX/qliLXfT4OiONHAOWC68pc=
MIME-Version: 1.0
Received: by with SMTP id g26mr10894580fab.18.1275597375785; Thu, 03 Jun 2010 13:36:15 -0700 (PDT)
Received: by with HTTP; Thu, 3 Jun 2010 13:36:15 -0700 (PDT)
Date: Thu, 3 Jun 2010 16:36:15 -0400
Message-ID: <AANLkTim9z6L2tPiT-6gy_YUdMUr-U3AQeJe1YKWjw2sD@mail.gmail.com>
From: Barry Leiba <barryleiba.mailing.lists@gmail.com>
To: secdir@ietf.org, iesg@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: draft-ietf-dnsext-dns-tcp-requirements.all@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-dnsext-dns-tcp-requirements-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: barryleiba@computer.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2010 20:36:34 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is a good document, and I have no significant issues with it.
It's ready to go.

I have only one minor comment, in the Security Considerations section:

   At the time of writing the vast majority of TLD authority servers and
   all of the root name servers support TCP and the author knows of no
   evidence to suggest that TCP-based DoS attacks against existing DNS
   infrastructure are commonplace.

Since this is a working group document, not an individual or
independent submission, I'd rather see "and the dnsext working group
knows of no evidence", to stress that the fact was reviewed by the
working group, and the statement has working group consensus.  This
is, of course, assuming that that's truly the case -- if it is not,
then I do have an issue with that.

-- Barry Leiba